From a8dddc57e71bc8888e3e6f9be6976b1fd8fe560f Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 27 May 2020 13:52:47 -0700
Subject: [PATCH 001/331] Create migrate-symantec-to-microsoft-defender-atp.md

---
 ...rate-symantec-to-microsoft-defender-atp.md | 28 +++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md

diff --git a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
new file mode 100644
index 0000000000..0e566232ba
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
@@ -0,0 +1,28 @@
+---
+title: Migrate from Symantec to Microsoft Defender ATP
+description: Make the switch from Symantec to Microsoft Defender ATP
+keywords: migration, windows defender advanced threat protection, atp, edr
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: deniseb
+author: denisebmsft
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: article
+---
+
+# Migrate from Symantec to Microsoft Defender Advanced Threat Protection
+
+If you are thinking about switching from your current endpoint protection and antivirus solution offered by Symantec to Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP), you're in the right place. Use this article as a guide to plan your migration from Symantec to Microsoft Defender ATP. In addition to step-by-step guidance, you'll get some best practices and tips to help ensure a successful, efficient migration. 
+
+
+
+This document provides good practices, tips and what to watch out for when migrating from Symantec Endpoint Protection (SEP) to Microsoft Defender Antivirus (MDAV formerly known as Windows Defender Antivirus (WDAV)) (AV, EPP)* and/or System Center Endpoint Protection (SCEP) (AV, EPP)
+
+? Migrating from Symantec Endpoint Protection AV and EDR to MDAV (AV/EPP) MDATP (EDR).
\ No newline at end of file

From 04fdee07ef2c8241d32906519567a589945db608 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 27 May 2020 14:32:54 -0700
Subject: [PATCH 002/331] Update migrate-symantec-to-microsoft-defender-atp.md

---
 ...rate-symantec-to-microsoft-defender-atp.md | 32 +++++++++++++++++--
 1 file changed, 29 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
index 0e566232ba..39ced8f501 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
@@ -19,10 +19,36 @@ ms.topic: article
 
 # Migrate from Symantec to Microsoft Defender Advanced Threat Protection
 
-If you are thinking about switching from your current endpoint protection and antivirus solution offered by Symantec to Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP), you're in the right place. Use this article as a guide to plan your migration from Symantec to Microsoft Defender ATP. In addition to step-by-step guidance, you'll get some best practices and tips to help ensure a successful, efficient migration. 
+If you are thinking about switching from Symantec Endpoint Protection to endpoint protection with Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP), you're in the right place. Use this article as a guide to plan your migration. In addition to step-by-step guidance, you'll get some best practices and tips to help ensure a successful, efficient migration. 
+
+## Requirements
 
 
+|Requirements  |Details  |
+|---------|---------|
+|Row1     |         |
+|Row2     |         |
 
-This document provides good practices, tips and what to watch out for when migrating from Symantec Endpoint Protection (SEP) to Microsoft Defender Antivirus (MDAV formerly known as Windows Defender Antivirus (WDAV)) (AV, EPP)* and/or System Center Endpoint Protection (SCEP) (AV, EPP)
 
-? Migrating from Symantec Endpoint Protection AV and EDR to MDAV (AV/EPP) MDATP (EDR).
\ No newline at end of file
+## The process at a high level
+
+1. Get Microsoft Defender ATP. Purchase licenses, or start a trial.
+2. Grant access to the Microsoft Defender Security Center. 
+3. Configure machine proxy and internet connectivity settings.
+4. Set Microsoft Defender ATP to passive mode.
+5. Re-enable Microsoft Defender Antivirus in Group Policy.
+6. Add Microsoft Defender ATP EDR to the exclusion list for Symantec (or any other security products).
+7. Add Symantec and your other security solutions to the Microsoft Defender ATP EDR exclusion list.
+8. Set up your device groups, device collections, and OUs.
+9. Install Microsoft Defender ATP and uninstall Symantec.
+10. Onboard devices to Microsoft Defender ATP.
+
+## Get Microsoft Defender ATP
+
+## Grant access to the Microsoft Defender Security Center
+
+## Configure device proxy and internet connectivity settings
+
+## Set Microsoft Defender ATP to passive mode
+
+## 
\ No newline at end of file

From 3fe84f0081aa4905865b0cdbc2059adc5e6a0edd Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 27 May 2020 14:41:20 -0700
Subject: [PATCH 003/331] Update migrate-symantec-to-microsoft-defender-atp.md

---
 ...rate-symantec-to-microsoft-defender-atp.md | 31 ++++++++++++++-----
 1 file changed, 24 insertions(+), 7 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
index 39ced8f501..4c53f47a9a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
@@ -32,23 +32,40 @@ If you are thinking about switching from Symantec Endpoint Protection to endpoin
 
 ## The process at a high level
 
-1. Get Microsoft Defender ATP. Purchase licenses, or start a trial.
+1. Get Microsoft Defender ATP. 
 2. Grant access to the Microsoft Defender Security Center. 
 3. Configure machine proxy and internet connectivity settings.
 4. Set Microsoft Defender ATP to passive mode.
-5. Re-enable Microsoft Defender Antivirus in Group Policy.
+5. Re-enable Microsoft Defender Antivirus.
 6. Add Microsoft Defender ATP EDR to the exclusion list for Symantec (or any other security products).
 7. Add Symantec and your other security solutions to the Microsoft Defender ATP EDR exclusion list.
 8. Set up your device groups, device collections, and OUs.
 9. Install Microsoft Defender ATP and uninstall Symantec.
 10. Onboard devices to Microsoft Defender ATP.
 
-## Get Microsoft Defender ATP
+## Step 1: Get Microsoft Defender ATP
 
-## Grant access to the Microsoft Defender Security Center
+Purchase licenses, or start a trial.
 
-## Configure device proxy and internet connectivity settings
+## Step 2: Grant access to the Microsoft Defender Security Center
 
-## Set Microsoft Defender ATP to passive mode
+## Step 3: Configure device proxy and internet connectivity settings
+
+## Step 4: Set Microsoft Defender ATP to passive mode
+
+## Step 5: Re-enable Microsoft Defender Antivirus
+
+## Step 6: Add Microsoft Defender ATP EDR to the exclusion list for Symantec
+
+Add Microsoft Defender ATP EDR to the exclusion list for Symantec (or any other security products).
+
+## Step 7: Add Symantec to your Microsoft Defender ATP EDR exclusion list
+
+Add Symantec and your other security solutions to the Microsoft Defender ATP EDR exclusion list.
+
+## Step 8: Set up your device groups, device collections, and OUs
+
+## Step 9: Install Microsoft Defender ATP and uninstall Symantec
+
+## Step 10: Onboard devices to Microsoft Defender ATP
 
-## 
\ No newline at end of file

From dce40467e6e4a9a388044459264336b8f2ee8f35 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 27 May 2020 16:08:55 -0700
Subject: [PATCH 004/331] Update migrate-symantec-to-microsoft-defender-atp.md

---
 ...grate-symantec-to-microsoft-defender-atp.md | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
index 4c53f47a9a..23d6538065 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
@@ -69,3 +69,21 @@ Add Symantec and your other security solutions to the Microsoft Defender ATP EDR
 
 ## Step 10: Onboard devices to Microsoft Defender ATP
 
+You can choose from several methods to onboard devices to Microsoft Defender ATP. 
+
+## Post-setup management of Microsoft Defender ATP
+
+After you have set up Microsoft Defender ATP, you can choose from several methods to manage your threat protection features, as listed in the following table:
+
+|Method | Task |
+|---|---|
+|Intune |[Configure and manage Microsoft Defender Antivirus](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus) | 
+| |Enforce compliance for Microsoft Defender ATP with Conditional Access in Intune |
+| |Manage device restrictions for Microsoft Defender Antivirus |
+| |Manage Microsoft Defender Antivirus exclusions |
+
+## Related articles
+
+[Microsoft Defender ATP deployment guide](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/deployment-phases)
+
+

From 03b92c03571131f6b7286640763f5909cf2cdcf8 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 27 May 2020 16:58:28 -0700
Subject: [PATCH 005/331] Update migrate-symantec-to-microsoft-defender-atp.md

---
 ...rate-symantec-to-microsoft-defender-atp.md | 30 ++++++++++---------
 1 file changed, 16 insertions(+), 14 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
index 23d6538065..0d6bdcefc9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
@@ -19,19 +19,21 @@ ms.topic: article
 
 # Migrate from Symantec to Microsoft Defender Advanced Threat Protection
 
-If you are thinking about switching from Symantec Endpoint Protection to endpoint protection with Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP), you're in the right place. Use this article as a guide to plan your migration. In addition to step-by-step guidance, you'll get some best practices and tips to help ensure a successful, efficient migration. 
-
-## Requirements
-
-
-|Requirements  |Details  |
-|---------|---------|
-|Row1     |         |
-|Row2     |         |
+If you are thinking about switching from Symantec Endpoint Protection to [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection) (Microsoft Defender ATP), you're in the right place. Use this article as a guide to plan and execute your migration.  
 
+Microsoft Defender ATP includes the following capabilities:
+- [Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
+- [Tools to surgically reduce the attack surface](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction)
+- [Next-generation protection to block threats and malware](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10)
+- [Endpoint detection and response to detect advanced attacks](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response)
+- [Automated investigation and remediation of threats](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations)
+- [Behavioral blocking and containment of suspicious behaviors and process trees](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment)
+- [Advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview)
 
 ## The process at a high level
 
+Use the following process to make the switch from Symantec to Microsoft Defender ATP:
+
 1. Get Microsoft Defender ATP. 
 2. Grant access to the Microsoft Defender Security Center. 
 3. Configure machine proxy and internet connectivity settings.
@@ -39,13 +41,13 @@ If you are thinking about switching from Symantec Endpoint Protection to endpoin
 5. Re-enable Microsoft Defender Antivirus.
 6. Add Microsoft Defender ATP EDR to the exclusion list for Symantec (or any other security products).
 7. Add Symantec and your other security solutions to the Microsoft Defender ATP EDR exclusion list.
-8. Set up your device groups, device collections, and OUs.
+8. Set up your device groups, device collections, and organizational units.
 9. Install Microsoft Defender ATP and uninstall Symantec.
 10. Onboard devices to Microsoft Defender ATP.
 
 ## Step 1: Get Microsoft Defender ATP
 
-Purchase licenses, or start a trial.
+To get started, you must have Microsoft Defender ATP. [Start a trial today!](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?rtc=1)
 
 ## Step 2: Grant access to the Microsoft Defender Security Center
 
@@ -63,7 +65,7 @@ Add Microsoft Defender ATP EDR to the exclusion list for Symantec (or any other
 
 Add Symantec and your other security solutions to the Microsoft Defender ATP EDR exclusion list.
 
-## Step 8: Set up your device groups, device collections, and OUs
+## Step 8: Set up your device groups, device collections, and organizational units
 
 ## Step 9: Install Microsoft Defender ATP and uninstall Symantec
 
@@ -77,13 +79,13 @@ After you have set up Microsoft Defender ATP, you can choose from several method
 
 |Method | Task |
 |---|---|
-|Intune |[Configure and manage Microsoft Defender Antivirus](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus) | 
+|Intune |[Configure and manage Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus) | 
 | |Enforce compliance for Microsoft Defender ATP with Conditional Access in Intune |
 | |Manage device restrictions for Microsoft Defender Antivirus |
 | |Manage Microsoft Defender Antivirus exclusions |
 
 ## Related articles
 
-[Microsoft Defender ATP deployment guide](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/deployment-phases)
+[Microsoft Defender ATP deployment guide](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/deployment-phases)
 
 

From 135701b6f498ad79be00b7b56e41a08457a11770 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 27 May 2020 16:59:23 -0700
Subject: [PATCH 006/331] Update migrate-symantec-to-microsoft-defender-atp.md

---
 .../migrate-symantec-to-microsoft-defender-atp.md               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
index 0d6bdcefc9..e04498a594 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
@@ -47,7 +47,7 @@ Use the following process to make the switch from Symantec to Microsoft Defender
 
 ## Step 1: Get Microsoft Defender ATP
 
-To get started, you must have Microsoft Defender ATP. [Start a trial today!](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?rtc=1)
+To get started, you must have Microsoft Defender ATP. [Learn more, and start a trial](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp). 
 
 ## Step 2: Grant access to the Microsoft Defender Security Center
 

From 995d57c18dec4f4f6d999e20d005aea5b236aaad Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 27 May 2020 17:18:11 -0700
Subject: [PATCH 007/331] Update migrate-symantec-to-microsoft-defender-atp.md

---
 ...rate-symantec-to-microsoft-defender-atp.md | 30 ++++++++++++-------
 1 file changed, 19 insertions(+), 11 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
index e04498a594..23b8d21811 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
@@ -21,16 +21,7 @@ ms.topic: article
 
 If you are thinking about switching from Symantec Endpoint Protection to [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection) (Microsoft Defender ATP), you're in the right place. Use this article as a guide to plan and execute your migration.  
 
-Microsoft Defender ATP includes the following capabilities:
-- [Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
-- [Tools to surgically reduce the attack surface](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction)
-- [Next-generation protection to block threats and malware](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10)
-- [Endpoint detection and response to detect advanced attacks](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response)
-- [Automated investigation and remediation of threats](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations)
-- [Behavioral blocking and containment of suspicious behaviors and process trees](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment)
-- [Advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview)
-
-## The process at a high level
+## The migration process at a high level
 
 Use the following process to make the switch from Symantec to Microsoft Defender ATP:
 
@@ -47,10 +38,27 @@ Use the following process to make the switch from Symantec to Microsoft Defender
 
 ## Step 1: Get Microsoft Defender ATP
 
-To get started, you must have Microsoft Defender ATP. [Learn more, and start a trial](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp). 
+To get started, you must have Microsoft Defender ATP. If you don't already have Microsoft Defender ATP, you can [start a trial](https://aka.ms/mdatp) and see how it works.  
+
+Microsoft Defender ATP is a unified platform for preventative protection, post-breach detection, automated investigation, and response, and includes the following features and capabilities:
+- [Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
+- [Tools to surgically reduce the attack surface](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction)
+- [Next-generation protection to block threats and malware](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10)
+- [Endpoint detection and response to detect advanced attacks](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response)
+- [Automated investigation and remediation of threats](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations)
+- [Behavioral blocking and containment of suspicious behaviors and process trees](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment)
+- [Advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview)
 
 ## Step 2: Grant access to the Microsoft Defender Security Center
 
+The Microsoft Defender Security Center ([https://securitycenter.windows.com/](https://securitycenter.windows.com/)), also referred to as the Microsoft Defender ATP portal, is where you can access the features and capabilities of Microsoft Defender ATP. Permissions to the Microsoft Defender Security Center can be granted using basic permissions, or through role-based access control (RBAC). We recommend using RBAC so that you have more granular control over permissions.
+
+Use the following resources to plan your roles and permissions:
+
+- [Role-based access control](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment#role-based-access-control)
+
+[Manage portal access using role-based access control](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/rbac)
+
 ## Step 3: Configure device proxy and internet connectivity settings
 
 ## Step 4: Set Microsoft Defender ATP to passive mode

From 224845bcaebe9e5c89aeb9224ee75dfbd87640d2 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 27 May 2020 17:18:43 -0700
Subject: [PATCH 008/331] Update migrate-symantec-to-microsoft-defender-atp.md

---
 .../migrate-symantec-to-microsoft-defender-atp.md               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
index 23b8d21811..244cc5f851 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
@@ -57,7 +57,7 @@ Use the following resources to plan your roles and permissions:
 
 - [Role-based access control](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment#role-based-access-control)
 
-[Manage portal access using role-based access control](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/rbac)
+- [Manage portal access using RBAC](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/rbac)
 
 ## Step 3: Configure device proxy and internet connectivity settings
 

From aca2d210f4489e4b35b1cf1a3a452e116d5621ad Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 27 May 2020 17:21:59 -0700
Subject: [PATCH 009/331] Update migrate-symantec-to-microsoft-defender-atp.md

---
 .../migrate-symantec-to-microsoft-defender-atp.md               | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
index 244cc5f851..2afc382226 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
@@ -61,6 +61,8 @@ Use the following resources to plan your roles and permissions:
 
 ## Step 3: Configure device proxy and internet connectivity settings
 
+
+
 ## Step 4: Set Microsoft Defender ATP to passive mode
 
 ## Step 5: Re-enable Microsoft Defender Antivirus

From 04f9be35e8ab25d54bc80e9d717beb21452500f0 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 27 May 2020 17:54:07 -0700
Subject: [PATCH 010/331] Update migrate-symantec-to-microsoft-defender-atp.md

---
 .../migrate-symantec-to-microsoft-defender-atp.md             | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
index 2afc382226..52316ed0a9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
@@ -59,6 +59,10 @@ Use the following resources to plan your roles and permissions:
 
 - [Manage portal access using RBAC](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/rbac)
 
+> [!TIP]
+> - If your organization is using Windows 10, macOS, iOS, or Android devices, consider [setting up RBAC using Intune](https://docs.microsoft.com/mem/intune/fundamentals/role-based-access-control).  
+> - If your organization's devices are running older versions of Windows, consider [setting up RBAC using Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/servers/deploy/configure/configure-role-based-administration).  
+
 ## Step 3: Configure device proxy and internet connectivity settings
 
 

From 7fd4fcab8c0816d9892e1372e08f06c910ff8dc1 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 27 May 2020 17:54:51 -0700
Subject: [PATCH 011/331] Update migrate-symantec-to-microsoft-defender-atp.md

---
 .../migrate-symantec-to-microsoft-defender-atp.md               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
index 52316ed0a9..029fe43cb4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
@@ -61,7 +61,7 @@ Use the following resources to plan your roles and permissions:
 
 > [!TIP]
 > - If your organization is using Windows 10, macOS, iOS, or Android devices, consider [setting up RBAC using Intune](https://docs.microsoft.com/mem/intune/fundamentals/role-based-access-control).  
-> - If your organization's devices are running older versions of Windows, consider [setting up RBAC using Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/servers/deploy/configure/configure-role-based-administration).  
+> - If your organization's devices are running other versions of Windows, such as for Windows 7 SP1, Windows 8.0, Windows 8.1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019 management, consider [setting up RBAC using Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/servers/deploy/configure/configure-role-based-administration).  
 
 ## Step 3: Configure device proxy and internet connectivity settings
 

From 7c0d2681b5fc75808003d42ac7cf6e6364945c11 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 27 May 2020 18:00:47 -0700
Subject: [PATCH 012/331] Update migrate-symantec-to-microsoft-defender-atp.md

---
 ...migrate-symantec-to-microsoft-defender-atp.md | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
index 029fe43cb4..693aa499ed 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
@@ -41,12 +41,19 @@ Use the following process to make the switch from Symantec to Microsoft Defender
 To get started, you must have Microsoft Defender ATP. If you don't already have Microsoft Defender ATP, you can [start a trial](https://aka.ms/mdatp) and see how it works.  
 
 Microsoft Defender ATP is a unified platform for preventative protection, post-breach detection, automated investigation, and response, and includes the following features and capabilities:
+
 - [Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
+
 - [Tools to surgically reduce the attack surface](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction)
+
 - [Next-generation protection to block threats and malware](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10)
+
 - [Endpoint detection and response to detect advanced attacks](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response)
+
 - [Automated investigation and remediation of threats](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations)
+
 - [Behavioral blocking and containment of suspicious behaviors and process trees](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment)
+
 - [Advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview)
 
 ## Step 2: Grant access to the Microsoft Defender Security Center
@@ -59,9 +66,12 @@ Use the following resources to plan your roles and permissions:
 
 - [Manage portal access using RBAC](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/rbac)
 
-> [!TIP]
-> - If your organization is using Windows 10, macOS, iOS, or Android devices, consider [setting up RBAC using Intune](https://docs.microsoft.com/mem/intune/fundamentals/role-based-access-control).  
-> - If your organization's devices are running other versions of Windows, such as for Windows 7 SP1, Windows 8.0, Windows 8.1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019 management, consider [setting up RBAC using Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/servers/deploy/configure/configure-role-based-administration).  
+### Several options to set up RBAC
+
+RBAC can be set up and configured using Intune, Configuration Manager, Group Policy Objects, or the Windows Admin Center.  
+- If your organization is using Windows 10, macOS, iOS, or Android devices, consider [setting up RBAC using Intune](https://docs.microsoft.com/mem/intune/fundamentals/role-based-access-control).  
+- If your organization's devices are running other versions of Windows, such as for Windows 7 SP1, Windows 8.0, Windows 8.1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019 management, consider [setting up RBAC using Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/servers/deploy/configure/configure-role-based-administration).  
+- 
 
 ## Step 3: Configure device proxy and internet connectivity settings
 

From 953133922c8bd83f152bb233de2a3191fd99fe35 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 27 May 2020 18:12:20 -0700
Subject: [PATCH 013/331] Update migrate-symantec-to-microsoft-defender-atp.md

---
 .../migrate-symantec-to-microsoft-defender-atp.md         | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
index 693aa499ed..b5879e880a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
@@ -68,10 +68,10 @@ Use the following resources to plan your roles and permissions:
 
 ### Several options to set up RBAC
 
-RBAC can be set up and configured using Intune, Configuration Manager, Group Policy Objects, or the Windows Admin Center.  
-- If your organization is using Windows 10, macOS, iOS, or Android devices, consider [setting up RBAC using Intune](https://docs.microsoft.com/mem/intune/fundamentals/role-based-access-control).  
-- If your organization's devices are running other versions of Windows, such as for Windows 7 SP1, Windows 8.0, Windows 8.1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019 management, consider [setting up RBAC using Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/servers/deploy/configure/configure-role-based-administration).  
-- 
+RBAC can be set up and configured using one of several different methods. These include [Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune), [Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/servers/deploy/configure/configure-role-based-administration), [Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm), or the [Windows Admin Center](https://docs.microsoft.com/windows-server/manage/windows-admin-center/overview). 
+
+We recommend [setting up RBAC using Intune](https://docs.microsoft.com/mem/intune/fundamentals/role-based-access-control), because this method can support Windows 10, macOS, iOS, and Android devices.    
+
 
 ## Step 3: Configure device proxy and internet connectivity settings
 

From f4a828f14ee29aaf6d9b9a64ed95f7c13ece2803 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 28 May 2020 09:57:31 -0700
Subject: [PATCH 014/331] Update migrate-symantec-to-microsoft-defender-atp.md

---
 .../migrate-symantec-to-microsoft-defender-atp.md   | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
index b5879e880a..f6892242a3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
@@ -38,9 +38,11 @@ Use the following process to make the switch from Symantec to Microsoft Defender
 
 ## Step 1: Get Microsoft Defender ATP
 
-To get started, you must have Microsoft Defender ATP. If you don't already have Microsoft Defender ATP, you can [start a trial](https://aka.ms/mdatp) and see how it works.  
+To get started, you must have Microsoft Defender ATP. If you don't already have Microsoft Defender ATP, you can [start a trial](https://aka.ms/mdatp). 
 
-Microsoft Defender ATP is a unified platform for preventative protection, post-breach detection, automated investigation, and response, and includes the following features and capabilities:
+### Wait, what is Microsoft Defender ATP?
+
+Microsoft Defender ATP is a unified platform for preventative protection, post-breach detection, automated investigation, and response. Microsoft Defender ATP includes the following features and capabilities:
 
 - [Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
 
@@ -66,12 +68,11 @@ Use the following resources to plan your roles and permissions:
 
 - [Manage portal access using RBAC](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/rbac)
 
-### Several options to set up RBAC
+### Set up RBAC
 
-RBAC can be set up and configured using one of several different methods. These include [Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune), [Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/servers/deploy/configure/configure-role-based-administration), [Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm), or the [Windows Admin Center](https://docs.microsoft.com/windows-server/manage/windows-admin-center/overview). 
-
-We recommend [setting up RBAC using Intune](https://docs.microsoft.com/mem/intune/fundamentals/role-based-access-control), because this method can support Windows 10, macOS, iOS, and Android devices.    
+RBAC can be set up and configured using one of several different methods. These include [Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune), [Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/servers/deploy/configure/configure-role-based-administration), [Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm), and the [Windows Admin Center](https://docs.microsoft.com/windows-server/manage/windows-admin-center/overview). 
 
+We recommend [setting up RBAC using Intune](https://docs.microsoft.com/mem/intune/fundamentals/role-based-access-control), especially if your organization is using Windows 10, macOS, iOS, and Android devices.    
 
 ## Step 3: Configure device proxy and internet connectivity settings
 

From abd3e499add56d447a26a54298d2224332f90caa Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 28 May 2020 10:33:20 -0700
Subject: [PATCH 015/331] Update migrate-symantec-to-microsoft-defender-atp.md

---
 ...rate-symantec-to-microsoft-defender-atp.md | 22 +++++++++----------
 1 file changed, 10 insertions(+), 12 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
index f6892242a3..2d50661b78 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
@@ -42,7 +42,7 @@ To get started, you must have Microsoft Defender ATP. If you don't already have
 
 ### Wait, what is Microsoft Defender ATP?
 
-Microsoft Defender ATP is a unified platform for preventative protection, post-breach detection, automated investigation, and response. Microsoft Defender ATP includes the following features and capabilities:
+Microsoft Defender ATP is a unified platform for preventative protection, post-breach detection, automated investigation, and response. Microsoft Defender ATP includes all the following features and capabilities:
 
 - [Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
 
@@ -52,27 +52,25 @@ Microsoft Defender ATP is a unified platform for preventative protection, post-b
 
 - [Endpoint detection and response to detect advanced attacks](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response)
 
-- [Automated investigation and remediation of threats](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations)
-
 - [Behavioral blocking and containment of suspicious behaviors and process trees](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment)
 
-- [Advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview)
+- [Automated investigation and remediation of threats](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations)
+
+- [Threat hunting service (Microsoft Threat Experts)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts)
 
 ## Step 2: Grant access to the Microsoft Defender Security Center
 
-The Microsoft Defender Security Center ([https://securitycenter.windows.com/](https://securitycenter.windows.com/)), also referred to as the Microsoft Defender ATP portal, is where you can access the features and capabilities of Microsoft Defender ATP. Permissions to the Microsoft Defender Security Center can be granted using basic permissions, or through role-based access control (RBAC). We recommend using RBAC so that you have more granular control over permissions.
+The Microsoft Defender Security Center ([https://securitycenter.windows.com/](https://securitycenter.windows.com/)), also referred to as the Microsoft Defender ATP portal, is where you can access the features and capabilities of Microsoft Defender ATP. [Get an overview of the Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use).
 
-Use the following resources to plan your roles and permissions:
+Permissions to the Microsoft Defender Security Center can be granted using either basic permissions or role-based access control (RBAC). We recommend using RBAC so that you have more granular control over permissions.
 
-- [Role-based access control](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment#role-based-access-control)
+1. Plan roles and permissions. See [Role-based access control](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment#role-based-access-control).
 
-- [Manage portal access using RBAC](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/rbac)
+2. RBAC can be set up and configured using one of several different methods. These include [Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune), [Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/servers/deploy/configure/configure-role-based-administration), [Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm), and the [Windows Admin Center](https://docs.microsoft.com/windows-server/manage/windows-admin-center/overview). 
 
-### Set up RBAC
+   We recommend using Intune, especially if your organization is using Windows 10, macOS, iOS, and Android devices. See [setting up RBAC using Intune](https://docs.microsoft.com/mem/intune/fundamentals/role-based-access-control).
 
-RBAC can be set up and configured using one of several different methods. These include [Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune), [Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/servers/deploy/configure/configure-role-based-administration), [Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm), and the [Windows Admin Center](https://docs.microsoft.com/windows-server/manage/windows-admin-center/overview). 
-
-We recommend [setting up RBAC using Intune](https://docs.microsoft.com/mem/intune/fundamentals/role-based-access-control), especially if your organization is using Windows 10, macOS, iOS, and Android devices.    
+3. After your roles are defined and RBAC is set up, grant access to the Microsoft Defender Security Center. See [Manage portal access using RBAC](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/rbac).
 
 ## Step 3: Configure device proxy and internet connectivity settings
 

From 1bffdafd569629a881091cf21fdba33f4b84525b Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 28 May 2020 10:37:58 -0700
Subject: [PATCH 016/331] Update TOC.md

---
 windows/security/threat-protection/TOC.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 50032d076f..1e67afb5f8 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -593,6 +593,9 @@
 
 #### [Configure managed security service provider (MSSP) integration](microsoft-defender-atp/configure-mssp-support.md)
 
+### [Migration guides]
+#### [Migrate from Symantec to Microsoft Defender ATP](microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md)
+
 ### [Partner integration scenarios]()
 #### [Technical partner opportunities](microsoft-defender-atp/partner-integration.md)
 #### [Managed security service provider opportunity](microsoft-defender-atp/mssp-support.md)

From 41046d8a68cd53869ba1d8c173e3749f02dee2a5 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 29 May 2020 11:29:51 -0700
Subject: [PATCH 017/331] Update migrate-symantec-to-microsoft-defender-atp.md

---
 ...rate-symantec-to-microsoft-defender-atp.md | 55 +++++++++++--------
 1 file changed, 32 insertions(+), 23 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
index 2d50661b78..696212457c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
@@ -21,26 +21,7 @@ ms.topic: article
 
 If you are thinking about switching from Symantec Endpoint Protection to [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection) (Microsoft Defender ATP), you're in the right place. Use this article as a guide to plan and execute your migration.  
 
-## The migration process at a high level
-
-Use the following process to make the switch from Symantec to Microsoft Defender ATP:
-
-1. Get Microsoft Defender ATP. 
-2. Grant access to the Microsoft Defender Security Center. 
-3. Configure machine proxy and internet connectivity settings.
-4. Set Microsoft Defender ATP to passive mode.
-5. Re-enable Microsoft Defender Antivirus.
-6. Add Microsoft Defender ATP EDR to the exclusion list for Symantec (or any other security products).
-7. Add Symantec and your other security solutions to the Microsoft Defender ATP EDR exclusion list.
-8. Set up your device groups, device collections, and organizational units.
-9. Install Microsoft Defender ATP and uninstall Symantec.
-10. Onboard devices to Microsoft Defender ATP.
-
-## Step 1: Get Microsoft Defender ATP
-
-To get started, you must have Microsoft Defender ATP. If you don't already have Microsoft Defender ATP, you can [start a trial](https://aka.ms/mdatp). 
-
-### Wait, what is Microsoft Defender ATP?
+## What is Microsoft Defender ATP?
 
 Microsoft Defender ATP is a unified platform for preventative protection, post-breach detection, automated investigation, and response. Microsoft Defender ATP includes all the following features and capabilities:
 
@@ -58,6 +39,34 @@ Microsoft Defender ATP is a unified platform for preventative protection, post-b
 
 - [Threat hunting service (Microsoft Threat Experts)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts)
 
+## The migration process at a high level
+
+Use the following process to make the switch from Symantec to Microsoft Defender ATP:
+
+1. Get Microsoft Defender ATP. 
+2. Grant access to the Microsoft Defender Security Center. 
+3. Configure machine proxy and internet connectivity settings.
+4. Set Microsoft Defender ATP to passive mode.
+5. Re-enable Microsoft Defender Antivirus.
+6. Add Microsoft Defender ATP EDR to the exclusion list for Symantec (or any other security products).
+7. Add Symantec and your other security solutions to the Microsoft Defender ATP EDR exclusion list.
+8. Set up your device groups, device collections, and organizational units.
+9. Deploy Microsoft Defender ATP and uninstall Symantec.
+10. Onboard devices to Microsoft Defender ATP.
+
+## Step 1: Get Microsoft Defender ATP
+
+To get started, you must have Microsoft Defender ATP with licenses assigned and provisioned per the following steps:
+
+1. Buy or try Microsoft Defender ATP today. [Visit Microsoft Defender ATP to start a trial or request a quote](https://aka.ms/mdatp). 
+
+2. Verify that your licenses are properly provisioned. See [Check license state](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/production-deployment#check-license-state).
+
+3. 
+
+
+
+
 ## Step 2: Grant access to the Microsoft Defender Security Center
 
 The Microsoft Defender Security Center ([https://securitycenter.windows.com/](https://securitycenter.windows.com/)), also referred to as the Microsoft Defender ATP portal, is where you can access the features and capabilities of Microsoft Defender ATP. [Get an overview of the Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use).
@@ -66,9 +75,9 @@ Permissions to the Microsoft Defender Security Center can be granted using eithe
 
 1. Plan roles and permissions. See [Role-based access control](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment#role-based-access-control).
 
-2. RBAC can be set up and configured using one of several different methods. These include [Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune), [Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/servers/deploy/configure/configure-role-based-administration), [Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm), and the [Windows Admin Center](https://docs.microsoft.com/windows-server/manage/windows-admin-center/overview). 
+2. RBAC can be set up and configured using one of several different methods. We recommend using [Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune), especially if your organization is using Windows 10, macOS, iOS, and Android devices. See [setting up RBAC using Intune](https://docs.microsoft.com/mem/intune/fundamentals/role-based-access-control).
 
-   We recommend using Intune, especially if your organization is using Windows 10, macOS, iOS, and Android devices. See [setting up RBAC using Intune](https://docs.microsoft.com/mem/intune/fundamentals/role-based-access-control).
+    Depending on your organization's needs, you can another method, such as [Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/servers/deploy/configure/configure-role-based-administration), [Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm), or the [Windows Admin Center](https://docs.microsoft.com/windows-server/manage/windows-admin-center/overview). 
 
 3. After your roles are defined and RBAC is set up, grant access to the Microsoft Defender Security Center. See [Manage portal access using RBAC](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/rbac).
 
@@ -90,7 +99,7 @@ Add Symantec and your other security solutions to the Microsoft Defender ATP EDR
 
 ## Step 8: Set up your device groups, device collections, and organizational units
 
-## Step 9: Install Microsoft Defender ATP and uninstall Symantec
+## Step 9: Deploy Microsoft Defender ATP and uninstall Symantec
 
 ## Step 10: Onboard devices to Microsoft Defender ATP
 

From 2c3a6e2c449f08fcdd3ba6d1242e0021fa7b6a2e Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 29 May 2020 15:01:53 -0700
Subject: [PATCH 018/331] Update migrate-symantec-to-microsoft-defender-atp.md

---
 ...grate-symantec-to-microsoft-defender-atp.md | 18 ++++++------------
 1 file changed, 6 insertions(+), 12 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
index 696212457c..cdc2b2c797 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
@@ -21,13 +21,13 @@ ms.topic: article
 
 If you are thinking about switching from Symantec Endpoint Protection to [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection) (Microsoft Defender ATP), you're in the right place. Use this article as a guide to plan and execute your migration.  
 
-## What is Microsoft Defender ATP?
+## What all is included in Microsoft Defender ATP?
 
 Microsoft Defender ATP is a unified platform for preventative protection, post-breach detection, automated investigation, and response. Microsoft Defender ATP includes all the following features and capabilities:
 
 - [Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
 
-- [Tools to surgically reduce the attack surface](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction)
+- [Tools to reduce the attack surface](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction)
 
 - [Next-generation protection to block threats and malware](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10)
 
@@ -43,16 +43,10 @@ Microsoft Defender ATP is a unified platform for preventative protection, post-b
 
 Use the following process to make the switch from Symantec to Microsoft Defender ATP:
 
-1. Get Microsoft Defender ATP. 
-2. Grant access to the Microsoft Defender Security Center. 
-3. Configure machine proxy and internet connectivity settings.
-4. Set Microsoft Defender ATP to passive mode.
-5. Re-enable Microsoft Defender Antivirus.
-6. Add Microsoft Defender ATP EDR to the exclusion list for Symantec (or any other security products).
-7. Add Symantec and your other security solutions to the Microsoft Defender ATP EDR exclusion list.
-8. Set up your device groups, device collections, and organizational units.
-9. Deploy Microsoft Defender ATP and uninstall Symantec.
-10. Onboard devices to Microsoft Defender ATP.
+| Part 1: Get Microsoft Defender ATP | Part 2: Configure settings and exclusions | Part 3: Make the switch |
+|---|---|---|
+|[Step 1: Get Microsoft Defender ATP](#step-1-get-microsoft-defender-atp)<br/>[Step 2: Grant access to the Microsoft Defender Security Center](#step-2-grant-access-to-the-microsoft-defender-security-center)<br/>[Step 3: Configure device proxy and internet connectivity settings](#step-3-configure-device-proxy-and-internet-connectivity-settings) |[Step 4: Set Microsoft Defender ATP to passive mode](#step-4-set-microsoft-defender-atp-to-passive-mode)<br/>[Step 5: Re-enable Microsoft Defender Antivirus](#step-5-re-enable-microsoft-defender-antivirus)<br/>[Step 6: Add Microsoft Defender ATP EDR to the exclusion list for Symantec](#step-6-add-microsoft-defender-atp-edr-to-the-exclusion-list-for-symantec)<br/>[Step 7: Add Symantec to your Microsoft Defender ATP EDR exclusion list](#step-7-add-symantec-to-your-microsoft-defender-atp-edr-exclusion-list) |[Step 8: Set up your device groups, device collections, and organizational units](#step-8-set-up-your-device-groups-device-collections-and-organizational-units)<br/>[Step 9: Deploy Microsoft Defender ATP and uninstall Symantec](#step-9-deploy-microsoft-defender-atp-and-uninstall-symantec)<br/>[Step 10: Onboard devices to Microsoft Defender ATP](#step-10-onboard-devices-to-microsoft-defender-atp) |
+
 
 ## Step 1: Get Microsoft Defender ATP
 

From eae8092dbaeafed75bc5eae6c462be1e97a0c825 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 29 May 2020 15:38:53 -0700
Subject: [PATCH 019/331] Update migrate-symantec-to-microsoft-defender-atp.md

---
 ...rate-symantec-to-microsoft-defender-atp.md | 40 ++++++++++++++-----
 1 file changed, 31 insertions(+), 9 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
index cdc2b2c797..385a8dda1f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
@@ -43,9 +43,31 @@ Microsoft Defender ATP is a unified platform for preventative protection, post-b
 
 Use the following process to make the switch from Symantec to Microsoft Defender ATP:
 
-| Part 1: Get Microsoft Defender ATP | Part 2: Configure settings and exclusions | Part 3: Make the switch |
-|---|---|---|
-|[Step 1: Get Microsoft Defender ATP](#step-1-get-microsoft-defender-atp)<br/>[Step 2: Grant access to the Microsoft Defender Security Center](#step-2-grant-access-to-the-microsoft-defender-security-center)<br/>[Step 3: Configure device proxy and internet connectivity settings](#step-3-configure-device-proxy-and-internet-connectivity-settings) |[Step 4: Set Microsoft Defender ATP to passive mode](#step-4-set-microsoft-defender-atp-to-passive-mode)<br/>[Step 5: Re-enable Microsoft Defender Antivirus](#step-5-re-enable-microsoft-defender-antivirus)<br/>[Step 6: Add Microsoft Defender ATP EDR to the exclusion list for Symantec](#step-6-add-microsoft-defender-atp-edr-to-the-exclusion-list-for-symantec)<br/>[Step 7: Add Symantec to your Microsoft Defender ATP EDR exclusion list](#step-7-add-symantec-to-your-microsoft-defender-atp-edr-exclusion-list) |[Step 8: Set up your device groups, device collections, and organizational units](#step-8-set-up-your-device-groups-device-collections-and-organizational-units)<br/>[Step 9: Deploy Microsoft Defender ATP and uninstall Symantec](#step-9-deploy-microsoft-defender-atp-and-uninstall-symantec)<br/>[Step 10: Onboard devices to Microsoft Defender ATP](#step-10-onboard-devices-to-microsoft-defender-atp) |
+### Part 1: Get Microsoft Defender ATP started 
+
+[Step 1: Get Microsoft Defender ATP](#step-1-get-microsoft-defender-atp)
+
+[Step 2: Grant access to the Microsoft Defender Security Center](#step-2-grant-access-to-the-microsoft-defender-security-center)
+
+[Step 3: Configure device proxy and internet connectivity settings](#step-3-configure-device-proxy-and-internet-connectivity-settings)
+
+### Part 2: Configure settings and exclusions 
+
+[Step 4: Set Microsoft Defender ATP to passive mode](#step-4-set-microsoft-defender-atp-to-passive-mode)
+
+[Step 5: Re-enable Microsoft Defender Antivirus](#step-5-re-enable-microsoft-defender-antivirus)
+
+[Step 6: Add Microsoft Defender ATP EDR to the exclusion list for Symantec](#step-6-add-microsoft-defender-atp-edr-to-the-exclusion-list-for-symantec)
+
+[Step 7: Add Symantec to your Microsoft Defender ATP EDR exclusion list](#step-7-add-symantec-to-your-microsoft-defender-atp-edr-exclusion-list)
+
+### Part 3: Finish making the switch to Microsoft Defender ATP
+
+[Step 8: Set up your device groups, device collections, and organizational units](#step-8-set-up-your-device-groups-device-collections-and-organizational-units)
+
+[Step 9: Deploy Microsoft Defender ATP and uninstall Symantec](#step-9-deploy-microsoft-defender-atp-and-uninstall-symantec)
+
+[Step 10: Onboard devices to Microsoft Defender ATP](#step-10-onboard-devices-to-microsoft-defender-atp) |
 
 
 ## Step 1: Get Microsoft Defender ATP
@@ -54,7 +76,7 @@ To get started, you must have Microsoft Defender ATP with licenses assigned and
 
 1. Buy or try Microsoft Defender ATP today. [Visit Microsoft Defender ATP to start a trial or request a quote](https://aka.ms/mdatp). 
 
-2. Verify that your licenses are properly provisioned. See [Check license state](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/production-deployment#check-license-state).
+2. Verify that your licenses are properly provisioned. See [Check license state](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#check-license-state).
 
 3. 
 
@@ -99,14 +121,14 @@ Add Symantec and your other security solutions to the Microsoft Defender ATP EDR
 
 You can choose from several methods to onboard devices to Microsoft Defender ATP. 
 
-## Post-setup management of Microsoft Defender ATP
+## Managing Microsoft Defender ATP
 
-After you have set up Microsoft Defender ATP, you can choose from several methods to manage your threat protection features, as listed in the following table:
+After you have moved to Microsoft Defender ATP, you can choose from several methods to manage your threat protection features. We recommend using Intune. The following table lists various resources to manage features and capabilities of Microsoft Defender ATP with [Intune](https://docs.microsoft.com/intune/fundamentals/what-is-intune).
 
-|Method | Task |
+|Task | Resources to learn more |
 |---|---|
-|Intune |[Configure and manage Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus) | 
-| |Enforce compliance for Microsoft Defender ATP with Conditional Access in Intune |
+|Enforce compliance for Microsoft Defender ATP with Conditional Access in Intune |[Enforce compliance for Microsoft Defender ATP with Conditional Access in Intune](https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection) | 
+|Specify device restrictions for Microsoft Defender Antivirus |[Device restrictions: Microsoft Defender Antivirus](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus) |
 | |Manage device restrictions for Microsoft Defender Antivirus |
 | |Manage Microsoft Defender Antivirus exclusions |
 

From 6a6e96d100566b14dfc2c8648d6e3191027ea388 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 29 May 2020 15:42:56 -0700
Subject: [PATCH 020/331] Update migrate-symantec-to-microsoft-defender-atp.md

---
 .../migrate-symantec-to-microsoft-defender-atp.md              | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
index 385a8dda1f..27e4fb4a75 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
@@ -129,7 +129,8 @@ After you have moved to Microsoft Defender ATP, you can choose from several meth
 |---|---|
 |Enforce compliance for Microsoft Defender ATP with Conditional Access in Intune |[Enforce compliance for Microsoft Defender ATP with Conditional Access in Intune](https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection) | 
 |Specify device restrictions for Microsoft Defender Antivirus |[Device restrictions: Microsoft Defender Antivirus](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus) |
-| |Manage device restrictions for Microsoft Defender Antivirus |
+|Specify exclusions |[Device restrictions: Microsoft Defender Antivirus Exclusions](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions)<br/>[Configure Windows Defender Antivirus exclusions on Windows Server](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus)<br/>[Microsoft Antivirus Exclusion List (Windows Server)
+](https://social.technet.microsoft.com/wiki/contents/articles/953.microsoft-anti-virus-exclusion-list.aspx) |
 | |Manage Microsoft Defender Antivirus exclusions |
 
 ## Related articles

From 8c8ff108115c5ca8982db61fd9e59f436f6b1127 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 29 May 2020 17:27:06 -0700
Subject: [PATCH 021/331] Update migrate-symantec-to-microsoft-defender-atp.md

---
 ...rate-symantec-to-microsoft-defender-atp.md | 44 +++++--------------
 1 file changed, 11 insertions(+), 33 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
index 27e4fb4a75..c8b1b3ced1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
@@ -41,34 +41,15 @@ Microsoft Defender ATP is a unified platform for preventative protection, post-b
 
 ## The migration process at a high level
 
-Use the following process to make the switch from Symantec to Microsoft Defender ATP:
+The process of switching from Symantec to Microsoft Defender ATP can be divided into three phases or parts, as listed below:
 
-### Part 1: Get Microsoft Defender ATP started 
-
-[Step 1: Get Microsoft Defender ATP](#step-1-get-microsoft-defender-atp)
-
-[Step 2: Grant access to the Microsoft Defender Security Center](#step-2-grant-access-to-the-microsoft-defender-security-center)
-
-[Step 3: Configure device proxy and internet connectivity settings](#step-3-configure-device-proxy-and-internet-connectivity-settings)
-
-### Part 2: Configure settings and exclusions 
-
-[Step 4: Set Microsoft Defender ATP to passive mode](#step-4-set-microsoft-defender-atp-to-passive-mode)
-
-[Step 5: Re-enable Microsoft Defender Antivirus](#step-5-re-enable-microsoft-defender-antivirus)
-
-[Step 6: Add Microsoft Defender ATP EDR to the exclusion list for Symantec](#step-6-add-microsoft-defender-atp-edr-to-the-exclusion-list-for-symantec)
-
-[Step 7: Add Symantec to your Microsoft Defender ATP EDR exclusion list](#step-7-add-symantec-to-your-microsoft-defender-atp-edr-exclusion-list)
-
-### Part 3: Finish making the switch to Microsoft Defender ATP
-
-[Step 8: Set up your device groups, device collections, and organizational units](#step-8-set-up-your-device-groups-device-collections-and-organizational-units)
-
-[Step 9: Deploy Microsoft Defender ATP and uninstall Symantec](#step-9-deploy-microsoft-defender-atp-and-uninstall-symantec)
-
-[Step 10: Onboard devices to Microsoft Defender ATP](#step-10-onboard-devices-to-microsoft-defender-atp) |
+|Phase |Steps |
+|--|--|
+|Part 1: Get Microsoft Defender ATP started |[Step 1: Get Microsoft Defender ATP](#step-1-get-microsoft-defender-atp)<br/><br/>[Step 2: Grant access to the Microsoft Defender Security Center](#step-2-grant-access-to-the-microsoft-defender-security-center)<br/><br/>[Step 3: Configure device proxy and internet connectivity settings](#step-3-configure-device-proxy-and-internet-connectivity-settings) |
+| Part 2: Configure settings and exclusions for Microsoft Defender ATP and Symantec Endpoint Protection |[Step 4: Set Microsoft Defender ATP to passive mode](#step-4-set-microsoft-defender-atp-to-passive-mode)<br/><br/>[Step 5: Re-enable Microsoft Defender Antivirus](#step-5-re-enable-microsoft-defender-antivirus) <br/><br/>[Step 6: Add Microsoft Defender ATP EDR to the exclusion list for Symantec](#step-6-add-microsoft-defender-atp-edr-to-the-exclusion-list-for-symantec)<br/><br/>[Step 7: Add Symantec to your Microsoft Defender ATP EDR exclusion list](#step-7-add-symantec-to-your-microsoft-defender-atp-edr-exclusion-list) |
+| Part 3: Finish making the switch to Microsoft Defender ATP | [Step 8: Set up your device groups, device collections, and organizational units](#step-8-set-up-your-device-groups-device-collections-and-organizational-units) <br/><br/>[Step 9: Deploy Microsoft Defender ATP and uninstall Symantec](#step-9-deploy-microsoft-defender-atp-and-uninstall-symantec) <br/><br/>[Step 10: Onboard devices to Microsoft Defender ATP](#step-10-onboard-devices-to-microsoft-defender-atp) |
 
+After you have Microsoft Defender ATP all set up and in place, you can manage the various features and capabilities.
 
 ## Step 1: Get Microsoft Defender ATP
 
@@ -80,9 +61,6 @@ To get started, you must have Microsoft Defender ATP with licenses assigned and
 
 3. 
 
-
-
-
 ## Step 2: Grant access to the Microsoft Defender Security Center
 
 The Microsoft Defender Security Center ([https://securitycenter.windows.com/](https://securitycenter.windows.com/)), also referred to as the Microsoft Defender ATP portal, is where you can access the features and capabilities of Microsoft Defender ATP. [Get an overview of the Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use).
@@ -123,15 +101,15 @@ You can choose from several methods to onboard devices to Microsoft Defender ATP
 
 ## Managing Microsoft Defender ATP
 
-After you have moved to Microsoft Defender ATP, you can choose from several methods to manage your threat protection features. We recommend using Intune. The following table lists various resources to manage features and capabilities of Microsoft Defender ATP with [Intune](https://docs.microsoft.com/intune/fundamentals/what-is-intune).
+After you have moved to Microsoft Defender ATP, you can choose from several methods to manage your threat protection features. We recommend using Intune. The following table lists various tasks and resources to manage features and capabilities of Microsoft Defender ATP with [Intune](https://docs.microsoft.com/intune/fundamentals/what-is-intune).
 
 |Task | Resources to learn more |
 |---|---|
 |Enforce compliance for Microsoft Defender ATP with Conditional Access in Intune |[Enforce compliance for Microsoft Defender ATP with Conditional Access in Intune](https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection) | 
 |Specify device restrictions for Microsoft Defender Antivirus |[Device restrictions: Microsoft Defender Antivirus](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus) |
-|Specify exclusions |[Device restrictions: Microsoft Defender Antivirus Exclusions](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions)<br/>[Configure Windows Defender Antivirus exclusions on Windows Server](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus)<br/>[Microsoft Antivirus Exclusion List (Windows Server)
-](https://social.technet.microsoft.com/wiki/contents/articles/953.microsoft-anti-virus-exclusion-list.aspx) |
-| |Manage Microsoft Defender Antivirus exclusions |
+|Specify exclusions for Microsoft Defender Antivirus|[Device restrictions: Microsoft Defender Antivirus Exclusions](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions)<br/><br/>[Configure Windows Defender Antivirus exclusions on Windows Server](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus)<br/><br/>[Microsoft Antivirus Exclusion List (Windows Server)](https://social.technet.microsoft.com/wiki/contents/articles/953.microsoft-anti-virus-exclusion-list.aspx) |
+|Manage attack surface reduction rules <br/><br/>(A sample Power BI dashboard is available to review your attack surface reduction rules. [Get the template here](https://github.com/microsoft/MDATP-PowerBI-Templates/tree/master/Attack%20Surface%20Reduction%20rules).)|[Endpoint protection: Attack surface reduction rules](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10?toc=%2Fintune%2Fconfiguration%2Ftoc.json&bc=%2Fintune%2Fconfiguration%2Fbreadcrumb%2Ftoc.json#attack-surface-reduction-rules)<br/><br/>|
+|Manage network protection   |[]()<br/><br/>[]()<br/><br/>    |
 
 ## Related articles
 

From 32a6a20169df9a3f2d277e7da42e69e3ab1068d0 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 29 May 2020 17:48:16 -0700
Subject: [PATCH 022/331] Update migrate-symantec-to-microsoft-defender-atp.md

---
 ...rate-symantec-to-microsoft-defender-atp.md | 20 +++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
index c8b1b3ced1..54f93be2a1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
@@ -25,19 +25,23 @@ If you are thinking about switching from Symantec Endpoint Protection to [Micros
 
 Microsoft Defender ATP is a unified platform for preventative protection, post-breach detection, automated investigation, and response. Microsoft Defender ATP includes all the following features and capabilities:
 
-- [Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
+- [Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt), which helps identify, assess, adn remediate endpoint weaknesses.
 
-- [Tools to reduce the attack surface](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction)
+- [Attack surface reduction](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction) rules that help protect your organization's devices and applications from cyberthreats and attacks.
 
-- [Next-generation protection to block threats and malware](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10)
+- [Next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10)  to block threats and malware.
 
-- [Endpoint detection and response to detect advanced attacks](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response)
+- [Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) to detect, investigate, and respond to intrusion attempts and active breaches.  
 
-- [Behavioral blocking and containment of suspicious behaviors and process trees](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment)
+- [Advanced hunting](advanced-hunting-overview.md) to locate indicators and entities of known or potential threats.
 
-- [Automated investigation and remediation of threats](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations)
+- [Behavioral blocking and containment](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment) to help identify and stop threats, based on their behaviors and process trees even when the threat has started execution.
 
-- [Threat hunting service (Microsoft Threat Experts)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts)
+- [Automated investigation and remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations) to examine alerts and take immediate remediation action to resolve breaches.
+
+- [Threat hunting service (Microsoft Threat Experts)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts) to provide security operations teams with expert level monitoring and analysis, and to help ensure that critical threats aren't missed.
+
+To learn more about Microsoft Defender ATP, see [threat protection](https://docs.microsoft.com/windows/security/threat-protection).
 
 ## The migration process at a high level
 
@@ -99,7 +103,7 @@ Add Symantec and your other security solutions to the Microsoft Defender ATP EDR
 
 You can choose from several methods to onboard devices to Microsoft Defender ATP. 
 
-## Managing Microsoft Defender ATP
+## Manage Microsoft Defender ATP
 
 After you have moved to Microsoft Defender ATP, you can choose from several methods to manage your threat protection features. We recommend using Intune. The following table lists various tasks and resources to manage features and capabilities of Microsoft Defender ATP with [Intune](https://docs.microsoft.com/intune/fundamentals/what-is-intune).
 

From fd2f947df6ac2141dd0cd5e8ec63d8f76bdffeb9 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 29 May 2020 18:24:16 -0700
Subject: [PATCH 023/331] Update migrate-symantec-to-microsoft-defender-atp.md

---
 .../migrate-symantec-to-microsoft-defender-atp.md  | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
index 54f93be2a1..08bf969737 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
@@ -23,7 +23,7 @@ If you are thinking about switching from Symantec Endpoint Protection to [Micros
 
 ## What all is included in Microsoft Defender ATP?
 
-Microsoft Defender ATP is a unified platform for preventative protection, post-breach detection, automated investigation, and response. Microsoft Defender ATP includes all the following features and capabilities:
+If you are new to Microsoft Defender ATP, you might be wondering what all is included. Microsoft Defender ATP is a unified platform for preventative protection, post-breach detection, automated investigation, and response. Microsoft Defender ATP includes all the following features and capabilities:
 
 - [Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt), which helps identify, assess, adn remediate endpoint weaknesses.
 
@@ -41,11 +41,11 @@ Microsoft Defender ATP is a unified platform for preventative protection, post-b
 
 - [Threat hunting service (Microsoft Threat Experts)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts) to provide security operations teams with expert level monitoring and analysis, and to help ensure that critical threats aren't missed.
 
-To learn more about Microsoft Defender ATP, see [threat protection](https://docs.microsoft.com/windows/security/threat-protection).
+[Learn more about Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection).
 
 ## The migration process at a high level
 
-The process of switching from Symantec to Microsoft Defender ATP can be divided into three phases or parts, as listed below:
+The process of switching from Symantec to Microsoft Defender ATP can be divided into three phases or parts, as listed in the following table. 
 
 |Phase |Steps |
 |--|--|
@@ -53,17 +53,19 @@ The process of switching from Symantec to Microsoft Defender ATP can be divided
 | Part 2: Configure settings and exclusions for Microsoft Defender ATP and Symantec Endpoint Protection |[Step 4: Set Microsoft Defender ATP to passive mode](#step-4-set-microsoft-defender-atp-to-passive-mode)<br/><br/>[Step 5: Re-enable Microsoft Defender Antivirus](#step-5-re-enable-microsoft-defender-antivirus) <br/><br/>[Step 6: Add Microsoft Defender ATP EDR to the exclusion list for Symantec](#step-6-add-microsoft-defender-atp-edr-to-the-exclusion-list-for-symantec)<br/><br/>[Step 7: Add Symantec to your Microsoft Defender ATP EDR exclusion list](#step-7-add-symantec-to-your-microsoft-defender-atp-edr-exclusion-list) |
 | Part 3: Finish making the switch to Microsoft Defender ATP | [Step 8: Set up your device groups, device collections, and organizational units](#step-8-set-up-your-device-groups-device-collections-and-organizational-units) <br/><br/>[Step 9: Deploy Microsoft Defender ATP and uninstall Symantec](#step-9-deploy-microsoft-defender-atp-and-uninstall-symantec) <br/><br/>[Step 10: Onboard devices to Microsoft Defender ATP](#step-10-onboard-devices-to-microsoft-defender-atp) |
 
-After you have Microsoft Defender ATP all set up and in place, you can manage the various features and capabilities.
+After you have Microsoft Defender ATP set up and deployed, you can manage the various features and capabilities.
 
 ## Step 1: Get Microsoft Defender ATP
 
 To get started, you must have Microsoft Defender ATP with licenses assigned and provisioned per the following steps:
 
-1. Buy or try Microsoft Defender ATP today. [Visit Microsoft Defender ATP to start a trial or request a quote](https://aka.ms/mdatp). 
+1. Buy or try Microsoft Defender ATP today. [Visit Microsoft Defender ATP to start a free trial or request a quote](https://aka.ms/mdatp). 
 
 2. Verify that your licenses are properly provisioned. See [Check license state](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#check-license-state).
 
-3. 
+3. As a global administrator or security administrator, set up your dedicated cloud instance of Microsoft Defender ATP. See [Microsoft Defender ATP setup: Tenant configuration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#tenant-configuration).
+
+4. If endpoints in your organization use a proxy to access the internet, see [Microsoft Defender ATP setup: Network configuration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#network-configuration).
 
 ## Step 2: Grant access to the Microsoft Defender Security Center
 

From 5b854741c0757cc142d583e191f76fe99e51ee6f Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 29 May 2020 18:30:24 -0700
Subject: [PATCH 024/331] Update migrate-symantec-to-microsoft-defender-atp.md

---
 ...rate-symantec-to-microsoft-defender-atp.md | 65 +++++++++++++++++--
 1 file changed, 60 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
index 08bf969737..108e48ad19 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
@@ -69,20 +69,75 @@ To get started, you must have Microsoft Defender ATP with licenses assigned and
 
 ## Step 2: Grant access to the Microsoft Defender Security Center
 
-The Microsoft Defender Security Center ([https://securitycenter.windows.com/](https://securitycenter.windows.com/)), also referred to as the Microsoft Defender ATP portal, is where you can access the features and capabilities of Microsoft Defender ATP. [Get an overview of the Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use).
+The Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)), also referred to as the Microsoft Defender ATP portal, is where you can access the features and capabilities of Microsoft Defender ATP. [Get an overview of the Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use).
 
-Permissions to the Microsoft Defender Security Center can be granted using either basic permissions or role-based access control (RBAC). We recommend using RBAC so that you have more granular control over permissions.
+Permissions to the Microsoft Defender Security Center can be granted by using either basic permissions or role-based access control (RBAC). We recommend using RBAC so that you have more granular control over permissions.
 
-1. Plan roles and permissions. See [Role-based access control](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment#role-based-access-control).
+1. Plan the roles and permissions for your security administrators and security operators. See [Role-based access control](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment#role-based-access-control).
 
-2. RBAC can be set up and configured using one of several different methods. We recommend using [Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune), especially if your organization is using Windows 10, macOS, iOS, and Android devices. See [setting up RBAC using Intune](https://docs.microsoft.com/mem/intune/fundamentals/role-based-access-control).
+2. Set up and configure RBAC. You can choose from one of several different methods. We recommend using [Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune), especially if your organization is using Windows 10, macOS, iOS, and Android devices. See [setting up RBAC using Intune](https://docs.microsoft.com/mem/intune/fundamentals/role-based-access-control).
 
-    Depending on your organization's needs, you can another method, such as [Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/servers/deploy/configure/configure-role-based-administration), [Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm), or the [Windows Admin Center](https://docs.microsoft.com/windows-server/manage/windows-admin-center/overview). 
+    Depending on your organization's needs, you can use a different method, such as one of the following:
+    
+    - [Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/servers/deploy/configure/configure-role-based-administration)
+    
+    - [Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm)
+    
+    - [Windows Admin Center](https://docs.microsoft.com/windows-server/manage/windows-admin-center/overview)
 
 3. After your roles are defined and RBAC is set up, grant access to the Microsoft Defender Security Center. See [Manage portal access using RBAC](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/rbac).
 
 ## Step 3: Configure device proxy and internet connectivity settings
 
+|
+For MDATP (EDR):
+Windows:
+Windows 10, Windows Server 1803 and Windows Server 2019:
+Configure machine proxy and Internet connectivity settings
+https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet
+
+Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 R2, and Windows Server 2016:
+Configure proxy and Internet connectivity settings 
+https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#configure-proxy-and-internet-connectivity-settings 
+Enable access to Microsoft Defender ATP service URLs in the proxy server
+https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server 
+
+macOS:
+Network connections -- Microsoft Defender Advanced Threat Protection for Mac
+https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections
+
+	Linux:
+EDR Endpoints:
+https://winatp-gw-cus.microsoft.com/
+https://winatp-gw-eus.microsoft.com/
+https://winatp-gw-weu.microsoft.com/
+https://winatp-gw-neu.microsoft.com/
+https://winatp-gw-ukw.microsoft.com/
+https://winatp-gw-uks.microsoft.com/
+https://us4-v20.events.data.microsoft.com/
+https://us5-v20.events.data.microsoft.com/
+https://eu-v20.events.data.microsoft.com/
+https://us-v20.events.data.microsoft.com/
+https://au-v20.events.data.microsoft.com/
+https://uk-v20.events.data.microsoft.com/
+https://de-v20.events.data.microsoft.com/
+https://v20.events.data.microsoft.com/
+For MDAV/SCEP:
+Windows:
+Allow connections to the Windows Defender Antivirus cloud service (Proxy and/or Firewall)
+https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus#allow-connections-to-the-windows-defender-antivirus-cloud-service  
+Important changes to Microsoft Active Protection Service (MAPS) endpoint 
+https://techcommunity.microsoft.com/t5/configuration-manager-archive/important-changes-to-microsoft-active-protection-service-maps/ba-p/274006 
+macOS:
+Network connections -- Microsoft Defender Advanced Threat Protection for Mac
+https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections
+
+Linux:
+AV Endpoints
+https://cdn.x.cp.wd.microsoft.com/
+https://eu-cdn.x.cp.wd.microsoft.com/
+https://wu-cdn.x.cp.wd.microsoft.com/
+https://x.cp.wd.microsoft.com/api/
 
 
 ## Step 4: Set Microsoft Defender ATP to passive mode

From 7f4cc54a54b1f72771e582d5f5f1802424862317 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 29 May 2020 18:34:03 -0700
Subject: [PATCH 025/331] Update migrate-symantec-to-microsoft-defender-atp.md

---
 .../migrate-symantec-to-microsoft-defender-atp.md                | 1 -
 1 file changed, 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
index 108e48ad19..e7aa3cf723 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
@@ -89,7 +89,6 @@ Permissions to the Microsoft Defender Security Center can be granted by using ei
 
 ## Step 3: Configure device proxy and internet connectivity settings
 
-|
 For MDATP (EDR):
 Windows:
 Windows 10, Windows Server 1803 and Windows Server 2019:

From 2cbb947c2cae47063384bedb27166477e2891240 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 10 Jun 2020 10:25:25 -0700
Subject: [PATCH 026/331] Update migrate-symantec-to-microsoft-defender-atp.md

---
 ...rate-symantec-to-microsoft-defender-atp.md | 29 ++++++++-----------
 1 file changed, 12 insertions(+), 17 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
index e7aa3cf723..3aada3baca 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
@@ -23,25 +23,20 @@ If you are thinking about switching from Symantec Endpoint Protection to [Micros
 
 ## What all is included in Microsoft Defender ATP?
 
-If you are new to Microsoft Defender ATP, you might be wondering what all is included. Microsoft Defender ATP is a unified platform for preventative protection, post-breach detection, automated investigation, and response. Microsoft Defender ATP includes all the following features and capabilities:
+If you are new to Microsoft Defender ATP, you might be wondering what all is included. Microsoft Defender ATP is a unified platform for preventative protection, post-breach detection, automated investigation, and response. Microsoft Defender ATP includes the features and capabilities listed in the following table:
 
-- [Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt), which helps identify, assess, adn remediate endpoint weaknesses.
+| Feature/Capability | Description |
+|---|---|
+| [Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) | Threat & Vulnerability Management capabilities helps identify, assess, and remediate weaknesses across your endpoints (such as devices). |
+| [Attack surface reduction](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction) | Attack surface reduction rules help protect your organization's devices and applications from cyberthreats and attacks. |
+| [Next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) | Next-generation protection includes Microsoft Defender Antivirus to help block threats and malware. |
+| [Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) | Endpoint detection and response capabilities detect, investigate, and respond to intrusion attempts and active breaches.  |
+| [Advanced hunting](advanced-hunting-overview.md) | Advanced hunting capabilities enable your security operations team to locate indicators and entities of known or potential threats. |
+| [Behavioral blocking and containment](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment) | Behavioral blocking and containment capabilities help identify and stop threats, based on their behaviors and process trees even when the threat has started execution. |
+| [Automated investigation and remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations) | Automated investigation and response capabilities examine alerts and take immediate remediation action to resolve breaches. |
+| [Threat hunting service](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts) (Microsoft Threat Experts) | Threat hunting services provide security operations teams with expert level monitoring and analysis, and to help ensure that critical threats aren't missed. |
 
-- [Attack surface reduction](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction) rules that help protect your organization's devices and applications from cyberthreats and attacks.
-
-- [Next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10)  to block threats and malware.
-
-- [Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) to detect, investigate, and respond to intrusion attempts and active breaches.  
-
-- [Advanced hunting](advanced-hunting-overview.md) to locate indicators and entities of known or potential threats.
-
-- [Behavioral blocking and containment](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment) to help identify and stop threats, based on their behaviors and process trees even when the threat has started execution.
-
-- [Automated investigation and remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations) to examine alerts and take immediate remediation action to resolve breaches.
-
-- [Threat hunting service (Microsoft Threat Experts)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts) to provide security operations teams with expert level monitoring and analysis, and to help ensure that critical threats aren't missed.
-
-[Learn more about Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection).
+**[Learn more about Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection)**.
 
 ## The migration process at a high level
 

From a4c54927713741caef6f2342c312948b36a3b134 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 10 Jun 2020 10:30:05 -0700
Subject: [PATCH 027/331] breaking huge article into several

---
 ...ec-to-microsoft-defender-atp-migration.md} |   0
 ...ymantec-to-microsoft-defender-atp-part1.md | 173 ++++++++++++++++++
 ...ymantec-to-microsoft-defender-atp-part2.md | 173 ++++++++++++++++++
 ...ymantec-to-microsoft-defender-atp-part3.md | 173 ++++++++++++++++++
 4 files changed, 519 insertions(+)
 rename windows/security/threat-protection/microsoft-defender-atp/{migrate-symantec-to-microsoft-defender-atp.md => symantec-to-microsoft-defender-atp-migration.md} (100%)
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md

diff --git a/windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
similarity index 100%
rename from windows/security/threat-protection/microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md
rename to windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md
new file mode 100644
index 0000000000..3aada3baca
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md
@@ -0,0 +1,173 @@
+---
+title: Migrate from Symantec to Microsoft Defender ATP
+description: Make the switch from Symantec to Microsoft Defender ATP
+keywords: migration, windows defender advanced threat protection, atp, edr
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: deniseb
+author: denisebmsft
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: article
+---
+
+# Migrate from Symantec to Microsoft Defender Advanced Threat Protection
+
+If you are thinking about switching from Symantec Endpoint Protection to [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection) (Microsoft Defender ATP), you're in the right place. Use this article as a guide to plan and execute your migration.  
+
+## What all is included in Microsoft Defender ATP?
+
+If you are new to Microsoft Defender ATP, you might be wondering what all is included. Microsoft Defender ATP is a unified platform for preventative protection, post-breach detection, automated investigation, and response. Microsoft Defender ATP includes the features and capabilities listed in the following table:
+
+| Feature/Capability | Description |
+|---|---|
+| [Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) | Threat & Vulnerability Management capabilities helps identify, assess, and remediate weaknesses across your endpoints (such as devices). |
+| [Attack surface reduction](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction) | Attack surface reduction rules help protect your organization's devices and applications from cyberthreats and attacks. |
+| [Next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) | Next-generation protection includes Microsoft Defender Antivirus to help block threats and malware. |
+| [Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) | Endpoint detection and response capabilities detect, investigate, and respond to intrusion attempts and active breaches.  |
+| [Advanced hunting](advanced-hunting-overview.md) | Advanced hunting capabilities enable your security operations team to locate indicators and entities of known or potential threats. |
+| [Behavioral blocking and containment](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment) | Behavioral blocking and containment capabilities help identify and stop threats, based on their behaviors and process trees even when the threat has started execution. |
+| [Automated investigation and remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations) | Automated investigation and response capabilities examine alerts and take immediate remediation action to resolve breaches. |
+| [Threat hunting service](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts) (Microsoft Threat Experts) | Threat hunting services provide security operations teams with expert level monitoring and analysis, and to help ensure that critical threats aren't missed. |
+
+**[Learn more about Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection)**.
+
+## The migration process at a high level
+
+The process of switching from Symantec to Microsoft Defender ATP can be divided into three phases or parts, as listed in the following table. 
+
+|Phase |Steps |
+|--|--|
+|Part 1: Get Microsoft Defender ATP started |[Step 1: Get Microsoft Defender ATP](#step-1-get-microsoft-defender-atp)<br/><br/>[Step 2: Grant access to the Microsoft Defender Security Center](#step-2-grant-access-to-the-microsoft-defender-security-center)<br/><br/>[Step 3: Configure device proxy and internet connectivity settings](#step-3-configure-device-proxy-and-internet-connectivity-settings) |
+| Part 2: Configure settings and exclusions for Microsoft Defender ATP and Symantec Endpoint Protection |[Step 4: Set Microsoft Defender ATP to passive mode](#step-4-set-microsoft-defender-atp-to-passive-mode)<br/><br/>[Step 5: Re-enable Microsoft Defender Antivirus](#step-5-re-enable-microsoft-defender-antivirus) <br/><br/>[Step 6: Add Microsoft Defender ATP EDR to the exclusion list for Symantec](#step-6-add-microsoft-defender-atp-edr-to-the-exclusion-list-for-symantec)<br/><br/>[Step 7: Add Symantec to your Microsoft Defender ATP EDR exclusion list](#step-7-add-symantec-to-your-microsoft-defender-atp-edr-exclusion-list) |
+| Part 3: Finish making the switch to Microsoft Defender ATP | [Step 8: Set up your device groups, device collections, and organizational units](#step-8-set-up-your-device-groups-device-collections-and-organizational-units) <br/><br/>[Step 9: Deploy Microsoft Defender ATP and uninstall Symantec](#step-9-deploy-microsoft-defender-atp-and-uninstall-symantec) <br/><br/>[Step 10: Onboard devices to Microsoft Defender ATP](#step-10-onboard-devices-to-microsoft-defender-atp) |
+
+After you have Microsoft Defender ATP set up and deployed, you can manage the various features and capabilities.
+
+## Step 1: Get Microsoft Defender ATP
+
+To get started, you must have Microsoft Defender ATP with licenses assigned and provisioned per the following steps:
+
+1. Buy or try Microsoft Defender ATP today. [Visit Microsoft Defender ATP to start a free trial or request a quote](https://aka.ms/mdatp). 
+
+2. Verify that your licenses are properly provisioned. See [Check license state](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#check-license-state).
+
+3. As a global administrator or security administrator, set up your dedicated cloud instance of Microsoft Defender ATP. See [Microsoft Defender ATP setup: Tenant configuration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#tenant-configuration).
+
+4. If endpoints in your organization use a proxy to access the internet, see [Microsoft Defender ATP setup: Network configuration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#network-configuration).
+
+## Step 2: Grant access to the Microsoft Defender Security Center
+
+The Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)), also referred to as the Microsoft Defender ATP portal, is where you can access the features and capabilities of Microsoft Defender ATP. [Get an overview of the Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use).
+
+Permissions to the Microsoft Defender Security Center can be granted by using either basic permissions or role-based access control (RBAC). We recommend using RBAC so that you have more granular control over permissions.
+
+1. Plan the roles and permissions for your security administrators and security operators. See [Role-based access control](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment#role-based-access-control).
+
+2. Set up and configure RBAC. You can choose from one of several different methods. We recommend using [Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune), especially if your organization is using Windows 10, macOS, iOS, and Android devices. See [setting up RBAC using Intune](https://docs.microsoft.com/mem/intune/fundamentals/role-based-access-control).
+
+    Depending on your organization's needs, you can use a different method, such as one of the following:
+    
+    - [Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/servers/deploy/configure/configure-role-based-administration)
+    
+    - [Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm)
+    
+    - [Windows Admin Center](https://docs.microsoft.com/windows-server/manage/windows-admin-center/overview)
+
+3. After your roles are defined and RBAC is set up, grant access to the Microsoft Defender Security Center. See [Manage portal access using RBAC](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/rbac).
+
+## Step 3: Configure device proxy and internet connectivity settings
+
+For MDATP (EDR):
+Windows:
+Windows 10, Windows Server 1803 and Windows Server 2019:
+Configure machine proxy and Internet connectivity settings
+https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet
+
+Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 R2, and Windows Server 2016:
+Configure proxy and Internet connectivity settings 
+https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#configure-proxy-and-internet-connectivity-settings 
+Enable access to Microsoft Defender ATP service URLs in the proxy server
+https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server 
+
+macOS:
+Network connections -- Microsoft Defender Advanced Threat Protection for Mac
+https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections
+
+	Linux:
+EDR Endpoints:
+https://winatp-gw-cus.microsoft.com/
+https://winatp-gw-eus.microsoft.com/
+https://winatp-gw-weu.microsoft.com/
+https://winatp-gw-neu.microsoft.com/
+https://winatp-gw-ukw.microsoft.com/
+https://winatp-gw-uks.microsoft.com/
+https://us4-v20.events.data.microsoft.com/
+https://us5-v20.events.data.microsoft.com/
+https://eu-v20.events.data.microsoft.com/
+https://us-v20.events.data.microsoft.com/
+https://au-v20.events.data.microsoft.com/
+https://uk-v20.events.data.microsoft.com/
+https://de-v20.events.data.microsoft.com/
+https://v20.events.data.microsoft.com/
+For MDAV/SCEP:
+Windows:
+Allow connections to the Windows Defender Antivirus cloud service (Proxy and/or Firewall)
+https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus#allow-connections-to-the-windows-defender-antivirus-cloud-service  
+Important changes to Microsoft Active Protection Service (MAPS) endpoint 
+https://techcommunity.microsoft.com/t5/configuration-manager-archive/important-changes-to-microsoft-active-protection-service-maps/ba-p/274006 
+macOS:
+Network connections -- Microsoft Defender Advanced Threat Protection for Mac
+https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections
+
+Linux:
+AV Endpoints
+https://cdn.x.cp.wd.microsoft.com/
+https://eu-cdn.x.cp.wd.microsoft.com/
+https://wu-cdn.x.cp.wd.microsoft.com/
+https://x.cp.wd.microsoft.com/api/
+
+
+## Step 4: Set Microsoft Defender ATP to passive mode
+
+## Step 5: Re-enable Microsoft Defender Antivirus
+
+## Step 6: Add Microsoft Defender ATP EDR to the exclusion list for Symantec
+
+Add Microsoft Defender ATP EDR to the exclusion list for Symantec (or any other security products).
+
+## Step 7: Add Symantec to your Microsoft Defender ATP EDR exclusion list
+
+Add Symantec and your other security solutions to the Microsoft Defender ATP EDR exclusion list.
+
+## Step 8: Set up your device groups, device collections, and organizational units
+
+## Step 9: Deploy Microsoft Defender ATP and uninstall Symantec
+
+## Step 10: Onboard devices to Microsoft Defender ATP
+
+You can choose from several methods to onboard devices to Microsoft Defender ATP. 
+
+## Manage Microsoft Defender ATP
+
+After you have moved to Microsoft Defender ATP, you can choose from several methods to manage your threat protection features. We recommend using Intune. The following table lists various tasks and resources to manage features and capabilities of Microsoft Defender ATP with [Intune](https://docs.microsoft.com/intune/fundamentals/what-is-intune).
+
+|Task | Resources to learn more |
+|---|---|
+|Enforce compliance for Microsoft Defender ATP with Conditional Access in Intune |[Enforce compliance for Microsoft Defender ATP with Conditional Access in Intune](https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection) | 
+|Specify device restrictions for Microsoft Defender Antivirus |[Device restrictions: Microsoft Defender Antivirus](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus) |
+|Specify exclusions for Microsoft Defender Antivirus|[Device restrictions: Microsoft Defender Antivirus Exclusions](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions)<br/><br/>[Configure Windows Defender Antivirus exclusions on Windows Server](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus)<br/><br/>[Microsoft Antivirus Exclusion List (Windows Server)](https://social.technet.microsoft.com/wiki/contents/articles/953.microsoft-anti-virus-exclusion-list.aspx) |
+|Manage attack surface reduction rules <br/><br/>(A sample Power BI dashboard is available to review your attack surface reduction rules. [Get the template here](https://github.com/microsoft/MDATP-PowerBI-Templates/tree/master/Attack%20Surface%20Reduction%20rules).)|[Endpoint protection: Attack surface reduction rules](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10?toc=%2Fintune%2Fconfiguration%2Ftoc.json&bc=%2Fintune%2Fconfiguration%2Fbreadcrumb%2Ftoc.json#attack-surface-reduction-rules)<br/><br/>|
+|Manage network protection   |[]()<br/><br/>[]()<br/><br/>    |
+
+## Related articles
+
+[Microsoft Defender ATP deployment guide](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/deployment-phases)
+
+
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
new file mode 100644
index 0000000000..3aada3baca
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
@@ -0,0 +1,173 @@
+---
+title: Migrate from Symantec to Microsoft Defender ATP
+description: Make the switch from Symantec to Microsoft Defender ATP
+keywords: migration, windows defender advanced threat protection, atp, edr
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: deniseb
+author: denisebmsft
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: article
+---
+
+# Migrate from Symantec to Microsoft Defender Advanced Threat Protection
+
+If you are thinking about switching from Symantec Endpoint Protection to [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection) (Microsoft Defender ATP), you're in the right place. Use this article as a guide to plan and execute your migration.  
+
+## What all is included in Microsoft Defender ATP?
+
+If you are new to Microsoft Defender ATP, you might be wondering what all is included. Microsoft Defender ATP is a unified platform for preventative protection, post-breach detection, automated investigation, and response. Microsoft Defender ATP includes the features and capabilities listed in the following table:
+
+| Feature/Capability | Description |
+|---|---|
+| [Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) | Threat & Vulnerability Management capabilities helps identify, assess, and remediate weaknesses across your endpoints (such as devices). |
+| [Attack surface reduction](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction) | Attack surface reduction rules help protect your organization's devices and applications from cyberthreats and attacks. |
+| [Next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) | Next-generation protection includes Microsoft Defender Antivirus to help block threats and malware. |
+| [Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) | Endpoint detection and response capabilities detect, investigate, and respond to intrusion attempts and active breaches.  |
+| [Advanced hunting](advanced-hunting-overview.md) | Advanced hunting capabilities enable your security operations team to locate indicators and entities of known or potential threats. |
+| [Behavioral blocking and containment](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment) | Behavioral blocking and containment capabilities help identify and stop threats, based on their behaviors and process trees even when the threat has started execution. |
+| [Automated investigation and remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations) | Automated investigation and response capabilities examine alerts and take immediate remediation action to resolve breaches. |
+| [Threat hunting service](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts) (Microsoft Threat Experts) | Threat hunting services provide security operations teams with expert level monitoring and analysis, and to help ensure that critical threats aren't missed. |
+
+**[Learn more about Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection)**.
+
+## The migration process at a high level
+
+The process of switching from Symantec to Microsoft Defender ATP can be divided into three phases or parts, as listed in the following table. 
+
+|Phase |Steps |
+|--|--|
+|Part 1: Get Microsoft Defender ATP started |[Step 1: Get Microsoft Defender ATP](#step-1-get-microsoft-defender-atp)<br/><br/>[Step 2: Grant access to the Microsoft Defender Security Center](#step-2-grant-access-to-the-microsoft-defender-security-center)<br/><br/>[Step 3: Configure device proxy and internet connectivity settings](#step-3-configure-device-proxy-and-internet-connectivity-settings) |
+| Part 2: Configure settings and exclusions for Microsoft Defender ATP and Symantec Endpoint Protection |[Step 4: Set Microsoft Defender ATP to passive mode](#step-4-set-microsoft-defender-atp-to-passive-mode)<br/><br/>[Step 5: Re-enable Microsoft Defender Antivirus](#step-5-re-enable-microsoft-defender-antivirus) <br/><br/>[Step 6: Add Microsoft Defender ATP EDR to the exclusion list for Symantec](#step-6-add-microsoft-defender-atp-edr-to-the-exclusion-list-for-symantec)<br/><br/>[Step 7: Add Symantec to your Microsoft Defender ATP EDR exclusion list](#step-7-add-symantec-to-your-microsoft-defender-atp-edr-exclusion-list) |
+| Part 3: Finish making the switch to Microsoft Defender ATP | [Step 8: Set up your device groups, device collections, and organizational units](#step-8-set-up-your-device-groups-device-collections-and-organizational-units) <br/><br/>[Step 9: Deploy Microsoft Defender ATP and uninstall Symantec](#step-9-deploy-microsoft-defender-atp-and-uninstall-symantec) <br/><br/>[Step 10: Onboard devices to Microsoft Defender ATP](#step-10-onboard-devices-to-microsoft-defender-atp) |
+
+After you have Microsoft Defender ATP set up and deployed, you can manage the various features and capabilities.
+
+## Step 1: Get Microsoft Defender ATP
+
+To get started, you must have Microsoft Defender ATP with licenses assigned and provisioned per the following steps:
+
+1. Buy or try Microsoft Defender ATP today. [Visit Microsoft Defender ATP to start a free trial or request a quote](https://aka.ms/mdatp). 
+
+2. Verify that your licenses are properly provisioned. See [Check license state](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#check-license-state).
+
+3. As a global administrator or security administrator, set up your dedicated cloud instance of Microsoft Defender ATP. See [Microsoft Defender ATP setup: Tenant configuration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#tenant-configuration).
+
+4. If endpoints in your organization use a proxy to access the internet, see [Microsoft Defender ATP setup: Network configuration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#network-configuration).
+
+## Step 2: Grant access to the Microsoft Defender Security Center
+
+The Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)), also referred to as the Microsoft Defender ATP portal, is where you can access the features and capabilities of Microsoft Defender ATP. [Get an overview of the Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use).
+
+Permissions to the Microsoft Defender Security Center can be granted by using either basic permissions or role-based access control (RBAC). We recommend using RBAC so that you have more granular control over permissions.
+
+1. Plan the roles and permissions for your security administrators and security operators. See [Role-based access control](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment#role-based-access-control).
+
+2. Set up and configure RBAC. You can choose from one of several different methods. We recommend using [Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune), especially if your organization is using Windows 10, macOS, iOS, and Android devices. See [setting up RBAC using Intune](https://docs.microsoft.com/mem/intune/fundamentals/role-based-access-control).
+
+    Depending on your organization's needs, you can use a different method, such as one of the following:
+    
+    - [Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/servers/deploy/configure/configure-role-based-administration)
+    
+    - [Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm)
+    
+    - [Windows Admin Center](https://docs.microsoft.com/windows-server/manage/windows-admin-center/overview)
+
+3. After your roles are defined and RBAC is set up, grant access to the Microsoft Defender Security Center. See [Manage portal access using RBAC](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/rbac).
+
+## Step 3: Configure device proxy and internet connectivity settings
+
+For MDATP (EDR):
+Windows:
+Windows 10, Windows Server 1803 and Windows Server 2019:
+Configure machine proxy and Internet connectivity settings
+https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet
+
+Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 R2, and Windows Server 2016:
+Configure proxy and Internet connectivity settings 
+https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#configure-proxy-and-internet-connectivity-settings 
+Enable access to Microsoft Defender ATP service URLs in the proxy server
+https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server 
+
+macOS:
+Network connections -- Microsoft Defender Advanced Threat Protection for Mac
+https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections
+
+	Linux:
+EDR Endpoints:
+https://winatp-gw-cus.microsoft.com/
+https://winatp-gw-eus.microsoft.com/
+https://winatp-gw-weu.microsoft.com/
+https://winatp-gw-neu.microsoft.com/
+https://winatp-gw-ukw.microsoft.com/
+https://winatp-gw-uks.microsoft.com/
+https://us4-v20.events.data.microsoft.com/
+https://us5-v20.events.data.microsoft.com/
+https://eu-v20.events.data.microsoft.com/
+https://us-v20.events.data.microsoft.com/
+https://au-v20.events.data.microsoft.com/
+https://uk-v20.events.data.microsoft.com/
+https://de-v20.events.data.microsoft.com/
+https://v20.events.data.microsoft.com/
+For MDAV/SCEP:
+Windows:
+Allow connections to the Windows Defender Antivirus cloud service (Proxy and/or Firewall)
+https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus#allow-connections-to-the-windows-defender-antivirus-cloud-service  
+Important changes to Microsoft Active Protection Service (MAPS) endpoint 
+https://techcommunity.microsoft.com/t5/configuration-manager-archive/important-changes-to-microsoft-active-protection-service-maps/ba-p/274006 
+macOS:
+Network connections -- Microsoft Defender Advanced Threat Protection for Mac
+https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections
+
+Linux:
+AV Endpoints
+https://cdn.x.cp.wd.microsoft.com/
+https://eu-cdn.x.cp.wd.microsoft.com/
+https://wu-cdn.x.cp.wd.microsoft.com/
+https://x.cp.wd.microsoft.com/api/
+
+
+## Step 4: Set Microsoft Defender ATP to passive mode
+
+## Step 5: Re-enable Microsoft Defender Antivirus
+
+## Step 6: Add Microsoft Defender ATP EDR to the exclusion list for Symantec
+
+Add Microsoft Defender ATP EDR to the exclusion list for Symantec (or any other security products).
+
+## Step 7: Add Symantec to your Microsoft Defender ATP EDR exclusion list
+
+Add Symantec and your other security solutions to the Microsoft Defender ATP EDR exclusion list.
+
+## Step 8: Set up your device groups, device collections, and organizational units
+
+## Step 9: Deploy Microsoft Defender ATP and uninstall Symantec
+
+## Step 10: Onboard devices to Microsoft Defender ATP
+
+You can choose from several methods to onboard devices to Microsoft Defender ATP. 
+
+## Manage Microsoft Defender ATP
+
+After you have moved to Microsoft Defender ATP, you can choose from several methods to manage your threat protection features. We recommend using Intune. The following table lists various tasks and resources to manage features and capabilities of Microsoft Defender ATP with [Intune](https://docs.microsoft.com/intune/fundamentals/what-is-intune).
+
+|Task | Resources to learn more |
+|---|---|
+|Enforce compliance for Microsoft Defender ATP with Conditional Access in Intune |[Enforce compliance for Microsoft Defender ATP with Conditional Access in Intune](https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection) | 
+|Specify device restrictions for Microsoft Defender Antivirus |[Device restrictions: Microsoft Defender Antivirus](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus) |
+|Specify exclusions for Microsoft Defender Antivirus|[Device restrictions: Microsoft Defender Antivirus Exclusions](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions)<br/><br/>[Configure Windows Defender Antivirus exclusions on Windows Server](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus)<br/><br/>[Microsoft Antivirus Exclusion List (Windows Server)](https://social.technet.microsoft.com/wiki/contents/articles/953.microsoft-anti-virus-exclusion-list.aspx) |
+|Manage attack surface reduction rules <br/><br/>(A sample Power BI dashboard is available to review your attack surface reduction rules. [Get the template here](https://github.com/microsoft/MDATP-PowerBI-Templates/tree/master/Attack%20Surface%20Reduction%20rules).)|[Endpoint protection: Attack surface reduction rules](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10?toc=%2Fintune%2Fconfiguration%2Ftoc.json&bc=%2Fintune%2Fconfiguration%2Fbreadcrumb%2Ftoc.json#attack-surface-reduction-rules)<br/><br/>|
+|Manage network protection   |[]()<br/><br/>[]()<br/><br/>    |
+
+## Related articles
+
+[Microsoft Defender ATP deployment guide](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/deployment-phases)
+
+
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md
new file mode 100644
index 0000000000..3aada3baca
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md
@@ -0,0 +1,173 @@
+---
+title: Migrate from Symantec to Microsoft Defender ATP
+description: Make the switch from Symantec to Microsoft Defender ATP
+keywords: migration, windows defender advanced threat protection, atp, edr
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: deniseb
+author: denisebmsft
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: article
+---
+
+# Migrate from Symantec to Microsoft Defender Advanced Threat Protection
+
+If you are thinking about switching from Symantec Endpoint Protection to [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection) (Microsoft Defender ATP), you're in the right place. Use this article as a guide to plan and execute your migration.  
+
+## What all is included in Microsoft Defender ATP?
+
+If you are new to Microsoft Defender ATP, you might be wondering what all is included. Microsoft Defender ATP is a unified platform for preventative protection, post-breach detection, automated investigation, and response. Microsoft Defender ATP includes the features and capabilities listed in the following table:
+
+| Feature/Capability | Description |
+|---|---|
+| [Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) | Threat & Vulnerability Management capabilities helps identify, assess, and remediate weaknesses across your endpoints (such as devices). |
+| [Attack surface reduction](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction) | Attack surface reduction rules help protect your organization's devices and applications from cyberthreats and attacks. |
+| [Next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) | Next-generation protection includes Microsoft Defender Antivirus to help block threats and malware. |
+| [Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) | Endpoint detection and response capabilities detect, investigate, and respond to intrusion attempts and active breaches.  |
+| [Advanced hunting](advanced-hunting-overview.md) | Advanced hunting capabilities enable your security operations team to locate indicators and entities of known or potential threats. |
+| [Behavioral blocking and containment](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment) | Behavioral blocking and containment capabilities help identify and stop threats, based on their behaviors and process trees even when the threat has started execution. |
+| [Automated investigation and remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations) | Automated investigation and response capabilities examine alerts and take immediate remediation action to resolve breaches. |
+| [Threat hunting service](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts) (Microsoft Threat Experts) | Threat hunting services provide security operations teams with expert level monitoring and analysis, and to help ensure that critical threats aren't missed. |
+
+**[Learn more about Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection)**.
+
+## The migration process at a high level
+
+The process of switching from Symantec to Microsoft Defender ATP can be divided into three phases or parts, as listed in the following table. 
+
+|Phase |Steps |
+|--|--|
+|Part 1: Get Microsoft Defender ATP started |[Step 1: Get Microsoft Defender ATP](#step-1-get-microsoft-defender-atp)<br/><br/>[Step 2: Grant access to the Microsoft Defender Security Center](#step-2-grant-access-to-the-microsoft-defender-security-center)<br/><br/>[Step 3: Configure device proxy and internet connectivity settings](#step-3-configure-device-proxy-and-internet-connectivity-settings) |
+| Part 2: Configure settings and exclusions for Microsoft Defender ATP and Symantec Endpoint Protection |[Step 4: Set Microsoft Defender ATP to passive mode](#step-4-set-microsoft-defender-atp-to-passive-mode)<br/><br/>[Step 5: Re-enable Microsoft Defender Antivirus](#step-5-re-enable-microsoft-defender-antivirus) <br/><br/>[Step 6: Add Microsoft Defender ATP EDR to the exclusion list for Symantec](#step-6-add-microsoft-defender-atp-edr-to-the-exclusion-list-for-symantec)<br/><br/>[Step 7: Add Symantec to your Microsoft Defender ATP EDR exclusion list](#step-7-add-symantec-to-your-microsoft-defender-atp-edr-exclusion-list) |
+| Part 3: Finish making the switch to Microsoft Defender ATP | [Step 8: Set up your device groups, device collections, and organizational units](#step-8-set-up-your-device-groups-device-collections-and-organizational-units) <br/><br/>[Step 9: Deploy Microsoft Defender ATP and uninstall Symantec](#step-9-deploy-microsoft-defender-atp-and-uninstall-symantec) <br/><br/>[Step 10: Onboard devices to Microsoft Defender ATP](#step-10-onboard-devices-to-microsoft-defender-atp) |
+
+After you have Microsoft Defender ATP set up and deployed, you can manage the various features and capabilities.
+
+## Step 1: Get Microsoft Defender ATP
+
+To get started, you must have Microsoft Defender ATP with licenses assigned and provisioned per the following steps:
+
+1. Buy or try Microsoft Defender ATP today. [Visit Microsoft Defender ATP to start a free trial or request a quote](https://aka.ms/mdatp). 
+
+2. Verify that your licenses are properly provisioned. See [Check license state](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#check-license-state).
+
+3. As a global administrator or security administrator, set up your dedicated cloud instance of Microsoft Defender ATP. See [Microsoft Defender ATP setup: Tenant configuration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#tenant-configuration).
+
+4. If endpoints in your organization use a proxy to access the internet, see [Microsoft Defender ATP setup: Network configuration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#network-configuration).
+
+## Step 2: Grant access to the Microsoft Defender Security Center
+
+The Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)), also referred to as the Microsoft Defender ATP portal, is where you can access the features and capabilities of Microsoft Defender ATP. [Get an overview of the Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use).
+
+Permissions to the Microsoft Defender Security Center can be granted by using either basic permissions or role-based access control (RBAC). We recommend using RBAC so that you have more granular control over permissions.
+
+1. Plan the roles and permissions for your security administrators and security operators. See [Role-based access control](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment#role-based-access-control).
+
+2. Set up and configure RBAC. You can choose from one of several different methods. We recommend using [Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune), especially if your organization is using Windows 10, macOS, iOS, and Android devices. See [setting up RBAC using Intune](https://docs.microsoft.com/mem/intune/fundamentals/role-based-access-control).
+
+    Depending on your organization's needs, you can use a different method, such as one of the following:
+    
+    - [Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/servers/deploy/configure/configure-role-based-administration)
+    
+    - [Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm)
+    
+    - [Windows Admin Center](https://docs.microsoft.com/windows-server/manage/windows-admin-center/overview)
+
+3. After your roles are defined and RBAC is set up, grant access to the Microsoft Defender Security Center. See [Manage portal access using RBAC](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/rbac).
+
+## Step 3: Configure device proxy and internet connectivity settings
+
+For MDATP (EDR):
+Windows:
+Windows 10, Windows Server 1803 and Windows Server 2019:
+Configure machine proxy and Internet connectivity settings
+https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet
+
+Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 R2, and Windows Server 2016:
+Configure proxy and Internet connectivity settings 
+https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#configure-proxy-and-internet-connectivity-settings 
+Enable access to Microsoft Defender ATP service URLs in the proxy server
+https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server 
+
+macOS:
+Network connections -- Microsoft Defender Advanced Threat Protection for Mac
+https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections
+
+	Linux:
+EDR Endpoints:
+https://winatp-gw-cus.microsoft.com/
+https://winatp-gw-eus.microsoft.com/
+https://winatp-gw-weu.microsoft.com/
+https://winatp-gw-neu.microsoft.com/
+https://winatp-gw-ukw.microsoft.com/
+https://winatp-gw-uks.microsoft.com/
+https://us4-v20.events.data.microsoft.com/
+https://us5-v20.events.data.microsoft.com/
+https://eu-v20.events.data.microsoft.com/
+https://us-v20.events.data.microsoft.com/
+https://au-v20.events.data.microsoft.com/
+https://uk-v20.events.data.microsoft.com/
+https://de-v20.events.data.microsoft.com/
+https://v20.events.data.microsoft.com/
+For MDAV/SCEP:
+Windows:
+Allow connections to the Windows Defender Antivirus cloud service (Proxy and/or Firewall)
+https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus#allow-connections-to-the-windows-defender-antivirus-cloud-service  
+Important changes to Microsoft Active Protection Service (MAPS) endpoint 
+https://techcommunity.microsoft.com/t5/configuration-manager-archive/important-changes-to-microsoft-active-protection-service-maps/ba-p/274006 
+macOS:
+Network connections -- Microsoft Defender Advanced Threat Protection for Mac
+https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections
+
+Linux:
+AV Endpoints
+https://cdn.x.cp.wd.microsoft.com/
+https://eu-cdn.x.cp.wd.microsoft.com/
+https://wu-cdn.x.cp.wd.microsoft.com/
+https://x.cp.wd.microsoft.com/api/
+
+
+## Step 4: Set Microsoft Defender ATP to passive mode
+
+## Step 5: Re-enable Microsoft Defender Antivirus
+
+## Step 6: Add Microsoft Defender ATP EDR to the exclusion list for Symantec
+
+Add Microsoft Defender ATP EDR to the exclusion list for Symantec (or any other security products).
+
+## Step 7: Add Symantec to your Microsoft Defender ATP EDR exclusion list
+
+Add Symantec and your other security solutions to the Microsoft Defender ATP EDR exclusion list.
+
+## Step 8: Set up your device groups, device collections, and organizational units
+
+## Step 9: Deploy Microsoft Defender ATP and uninstall Symantec
+
+## Step 10: Onboard devices to Microsoft Defender ATP
+
+You can choose from several methods to onboard devices to Microsoft Defender ATP. 
+
+## Manage Microsoft Defender ATP
+
+After you have moved to Microsoft Defender ATP, you can choose from several methods to manage your threat protection features. We recommend using Intune. The following table lists various tasks and resources to manage features and capabilities of Microsoft Defender ATP with [Intune](https://docs.microsoft.com/intune/fundamentals/what-is-intune).
+
+|Task | Resources to learn more |
+|---|---|
+|Enforce compliance for Microsoft Defender ATP with Conditional Access in Intune |[Enforce compliance for Microsoft Defender ATP with Conditional Access in Intune](https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection) | 
+|Specify device restrictions for Microsoft Defender Antivirus |[Device restrictions: Microsoft Defender Antivirus](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus) |
+|Specify exclusions for Microsoft Defender Antivirus|[Device restrictions: Microsoft Defender Antivirus Exclusions](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions)<br/><br/>[Configure Windows Defender Antivirus exclusions on Windows Server](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus)<br/><br/>[Microsoft Antivirus Exclusion List (Windows Server)](https://social.technet.microsoft.com/wiki/contents/articles/953.microsoft-anti-virus-exclusion-list.aspx) |
+|Manage attack surface reduction rules <br/><br/>(A sample Power BI dashboard is available to review your attack surface reduction rules. [Get the template here](https://github.com/microsoft/MDATP-PowerBI-Templates/tree/master/Attack%20Surface%20Reduction%20rules).)|[Endpoint protection: Attack surface reduction rules](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10?toc=%2Fintune%2Fconfiguration%2Ftoc.json&bc=%2Fintune%2Fconfiguration%2Fbreadcrumb%2Ftoc.json#attack-surface-reduction-rules)<br/><br/>|
+|Manage network protection   |[]()<br/><br/>[]()<br/><br/>    |
+
+## Related articles
+
+[Microsoft Defender ATP deployment guide](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/deployment-phases)
+
+

From 202cbf6ca4d817d920e0720d8f5656cf3edbb73b Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 10 Jun 2020 10:30:45 -0700
Subject: [PATCH 028/331] Create
 symantec-to-microsoft-defender-atp-manage-post-migration.md

---
 ...soft-defender-atp-manage-post-migration.md | 173 ++++++++++++++++++
 1 file changed, 173 insertions(+)
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-manage-post-migration.md

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-manage-post-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-manage-post-migration.md
new file mode 100644
index 0000000000..3aada3baca
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-manage-post-migration.md
@@ -0,0 +1,173 @@
+---
+title: Migrate from Symantec to Microsoft Defender ATP
+description: Make the switch from Symantec to Microsoft Defender ATP
+keywords: migration, windows defender advanced threat protection, atp, edr
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: deniseb
+author: denisebmsft
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: article
+---
+
+# Migrate from Symantec to Microsoft Defender Advanced Threat Protection
+
+If you are thinking about switching from Symantec Endpoint Protection to [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection) (Microsoft Defender ATP), you're in the right place. Use this article as a guide to plan and execute your migration.  
+
+## What all is included in Microsoft Defender ATP?
+
+If you are new to Microsoft Defender ATP, you might be wondering what all is included. Microsoft Defender ATP is a unified platform for preventative protection, post-breach detection, automated investigation, and response. Microsoft Defender ATP includes the features and capabilities listed in the following table:
+
+| Feature/Capability | Description |
+|---|---|
+| [Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) | Threat & Vulnerability Management capabilities helps identify, assess, and remediate weaknesses across your endpoints (such as devices). |
+| [Attack surface reduction](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction) | Attack surface reduction rules help protect your organization's devices and applications from cyberthreats and attacks. |
+| [Next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) | Next-generation protection includes Microsoft Defender Antivirus to help block threats and malware. |
+| [Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) | Endpoint detection and response capabilities detect, investigate, and respond to intrusion attempts and active breaches.  |
+| [Advanced hunting](advanced-hunting-overview.md) | Advanced hunting capabilities enable your security operations team to locate indicators and entities of known or potential threats. |
+| [Behavioral blocking and containment](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment) | Behavioral blocking and containment capabilities help identify and stop threats, based on their behaviors and process trees even when the threat has started execution. |
+| [Automated investigation and remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations) | Automated investigation and response capabilities examine alerts and take immediate remediation action to resolve breaches. |
+| [Threat hunting service](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts) (Microsoft Threat Experts) | Threat hunting services provide security operations teams with expert level monitoring and analysis, and to help ensure that critical threats aren't missed. |
+
+**[Learn more about Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection)**.
+
+## The migration process at a high level
+
+The process of switching from Symantec to Microsoft Defender ATP can be divided into three phases or parts, as listed in the following table. 
+
+|Phase |Steps |
+|--|--|
+|Part 1: Get Microsoft Defender ATP started |[Step 1: Get Microsoft Defender ATP](#step-1-get-microsoft-defender-atp)<br/><br/>[Step 2: Grant access to the Microsoft Defender Security Center](#step-2-grant-access-to-the-microsoft-defender-security-center)<br/><br/>[Step 3: Configure device proxy and internet connectivity settings](#step-3-configure-device-proxy-and-internet-connectivity-settings) |
+| Part 2: Configure settings and exclusions for Microsoft Defender ATP and Symantec Endpoint Protection |[Step 4: Set Microsoft Defender ATP to passive mode](#step-4-set-microsoft-defender-atp-to-passive-mode)<br/><br/>[Step 5: Re-enable Microsoft Defender Antivirus](#step-5-re-enable-microsoft-defender-antivirus) <br/><br/>[Step 6: Add Microsoft Defender ATP EDR to the exclusion list for Symantec](#step-6-add-microsoft-defender-atp-edr-to-the-exclusion-list-for-symantec)<br/><br/>[Step 7: Add Symantec to your Microsoft Defender ATP EDR exclusion list](#step-7-add-symantec-to-your-microsoft-defender-atp-edr-exclusion-list) |
+| Part 3: Finish making the switch to Microsoft Defender ATP | [Step 8: Set up your device groups, device collections, and organizational units](#step-8-set-up-your-device-groups-device-collections-and-organizational-units) <br/><br/>[Step 9: Deploy Microsoft Defender ATP and uninstall Symantec](#step-9-deploy-microsoft-defender-atp-and-uninstall-symantec) <br/><br/>[Step 10: Onboard devices to Microsoft Defender ATP](#step-10-onboard-devices-to-microsoft-defender-atp) |
+
+After you have Microsoft Defender ATP set up and deployed, you can manage the various features and capabilities.
+
+## Step 1: Get Microsoft Defender ATP
+
+To get started, you must have Microsoft Defender ATP with licenses assigned and provisioned per the following steps:
+
+1. Buy or try Microsoft Defender ATP today. [Visit Microsoft Defender ATP to start a free trial or request a quote](https://aka.ms/mdatp). 
+
+2. Verify that your licenses are properly provisioned. See [Check license state](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#check-license-state).
+
+3. As a global administrator or security administrator, set up your dedicated cloud instance of Microsoft Defender ATP. See [Microsoft Defender ATP setup: Tenant configuration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#tenant-configuration).
+
+4. If endpoints in your organization use a proxy to access the internet, see [Microsoft Defender ATP setup: Network configuration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#network-configuration).
+
+## Step 2: Grant access to the Microsoft Defender Security Center
+
+The Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)), also referred to as the Microsoft Defender ATP portal, is where you can access the features and capabilities of Microsoft Defender ATP. [Get an overview of the Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use).
+
+Permissions to the Microsoft Defender Security Center can be granted by using either basic permissions or role-based access control (RBAC). We recommend using RBAC so that you have more granular control over permissions.
+
+1. Plan the roles and permissions for your security administrators and security operators. See [Role-based access control](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment#role-based-access-control).
+
+2. Set up and configure RBAC. You can choose from one of several different methods. We recommend using [Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune), especially if your organization is using Windows 10, macOS, iOS, and Android devices. See [setting up RBAC using Intune](https://docs.microsoft.com/mem/intune/fundamentals/role-based-access-control).
+
+    Depending on your organization's needs, you can use a different method, such as one of the following:
+    
+    - [Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/servers/deploy/configure/configure-role-based-administration)
+    
+    - [Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm)
+    
+    - [Windows Admin Center](https://docs.microsoft.com/windows-server/manage/windows-admin-center/overview)
+
+3. After your roles are defined and RBAC is set up, grant access to the Microsoft Defender Security Center. See [Manage portal access using RBAC](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/rbac).
+
+## Step 3: Configure device proxy and internet connectivity settings
+
+For MDATP (EDR):
+Windows:
+Windows 10, Windows Server 1803 and Windows Server 2019:
+Configure machine proxy and Internet connectivity settings
+https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet
+
+Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 R2, and Windows Server 2016:
+Configure proxy and Internet connectivity settings 
+https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#configure-proxy-and-internet-connectivity-settings 
+Enable access to Microsoft Defender ATP service URLs in the proxy server
+https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server 
+
+macOS:
+Network connections -- Microsoft Defender Advanced Threat Protection for Mac
+https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections
+
+	Linux:
+EDR Endpoints:
+https://winatp-gw-cus.microsoft.com/
+https://winatp-gw-eus.microsoft.com/
+https://winatp-gw-weu.microsoft.com/
+https://winatp-gw-neu.microsoft.com/
+https://winatp-gw-ukw.microsoft.com/
+https://winatp-gw-uks.microsoft.com/
+https://us4-v20.events.data.microsoft.com/
+https://us5-v20.events.data.microsoft.com/
+https://eu-v20.events.data.microsoft.com/
+https://us-v20.events.data.microsoft.com/
+https://au-v20.events.data.microsoft.com/
+https://uk-v20.events.data.microsoft.com/
+https://de-v20.events.data.microsoft.com/
+https://v20.events.data.microsoft.com/
+For MDAV/SCEP:
+Windows:
+Allow connections to the Windows Defender Antivirus cloud service (Proxy and/or Firewall)
+https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus#allow-connections-to-the-windows-defender-antivirus-cloud-service  
+Important changes to Microsoft Active Protection Service (MAPS) endpoint 
+https://techcommunity.microsoft.com/t5/configuration-manager-archive/important-changes-to-microsoft-active-protection-service-maps/ba-p/274006 
+macOS:
+Network connections -- Microsoft Defender Advanced Threat Protection for Mac
+https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections
+
+Linux:
+AV Endpoints
+https://cdn.x.cp.wd.microsoft.com/
+https://eu-cdn.x.cp.wd.microsoft.com/
+https://wu-cdn.x.cp.wd.microsoft.com/
+https://x.cp.wd.microsoft.com/api/
+
+
+## Step 4: Set Microsoft Defender ATP to passive mode
+
+## Step 5: Re-enable Microsoft Defender Antivirus
+
+## Step 6: Add Microsoft Defender ATP EDR to the exclusion list for Symantec
+
+Add Microsoft Defender ATP EDR to the exclusion list for Symantec (or any other security products).
+
+## Step 7: Add Symantec to your Microsoft Defender ATP EDR exclusion list
+
+Add Symantec and your other security solutions to the Microsoft Defender ATP EDR exclusion list.
+
+## Step 8: Set up your device groups, device collections, and organizational units
+
+## Step 9: Deploy Microsoft Defender ATP and uninstall Symantec
+
+## Step 10: Onboard devices to Microsoft Defender ATP
+
+You can choose from several methods to onboard devices to Microsoft Defender ATP. 
+
+## Manage Microsoft Defender ATP
+
+After you have moved to Microsoft Defender ATP, you can choose from several methods to manage your threat protection features. We recommend using Intune. The following table lists various tasks and resources to manage features and capabilities of Microsoft Defender ATP with [Intune](https://docs.microsoft.com/intune/fundamentals/what-is-intune).
+
+|Task | Resources to learn more |
+|---|---|
+|Enforce compliance for Microsoft Defender ATP with Conditional Access in Intune |[Enforce compliance for Microsoft Defender ATP with Conditional Access in Intune](https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection) | 
+|Specify device restrictions for Microsoft Defender Antivirus |[Device restrictions: Microsoft Defender Antivirus](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus) |
+|Specify exclusions for Microsoft Defender Antivirus|[Device restrictions: Microsoft Defender Antivirus Exclusions](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions)<br/><br/>[Configure Windows Defender Antivirus exclusions on Windows Server](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus)<br/><br/>[Microsoft Antivirus Exclusion List (Windows Server)](https://social.technet.microsoft.com/wiki/contents/articles/953.microsoft-anti-virus-exclusion-list.aspx) |
+|Manage attack surface reduction rules <br/><br/>(A sample Power BI dashboard is available to review your attack surface reduction rules. [Get the template here](https://github.com/microsoft/MDATP-PowerBI-Templates/tree/master/Attack%20Surface%20Reduction%20rules).)|[Endpoint protection: Attack surface reduction rules](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10?toc=%2Fintune%2Fconfiguration%2Ftoc.json&bc=%2Fintune%2Fconfiguration%2Fbreadcrumb%2Ftoc.json#attack-surface-reduction-rules)<br/><br/>|
+|Manage network protection   |[]()<br/><br/>[]()<br/><br/>    |
+
+## Related articles
+
+[Microsoft Defender ATP deployment guide](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/deployment-phases)
+
+

From 5eb4aeabf117ea298fd8256706a617174fed3492 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 10 Jun 2020 10:34:24 -0700
Subject: [PATCH 029/331] making the post-migration article generic

---
 ...ion.md => microsoft-defender-atp-post-migration-management.md} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename windows/security/threat-protection/microsoft-defender-atp/{symantec-to-microsoft-defender-atp-manage-post-migration.md => microsoft-defender-atp-post-migration-management.md} (100%)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-manage-post-migration.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-post-migration-management.md
similarity index 100%
rename from windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-manage-post-migration.md
rename to windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-post-migration-management.md

From eb89ceaa24a92e227b33d78dc4f6a1215de7bba1 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 10 Jun 2020 10:35:11 -0700
Subject: [PATCH 030/331] Update TOC.md

---
 windows/security/threat-protection/TOC.md | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index fc8f80a3ee..1a992ed3ea 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -593,8 +593,12 @@
 
 #### [Configure managed security service provider (MSSP) integration](microsoft-defender-atp/configure-mssp-support.md)
 
-### [Migration guides]
-#### [Migrate from Symantec to Microsoft Defender ATP](microsoft-defender-atp/migrate-symantec-to-microsoft-defender-atp.md)
+### [Migration guides]()
+#### [Migrate from Symantec to Microsoft Defender Advanced Threat Protection](microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md)
+##### [Migrate from Symantec - Part 1](microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md)
+##### [Migrate from Symantec - Part 2](microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md)
+##### [Migrate from Symantec - Part 3](microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md)
+#### [Managing Microsoft Defender ATP after migration](microsoft-defender-atp/microsoft-defender-atp-post-migration-management.md)
 
 ### [Partner integration scenarios]()
 #### [Technical partner opportunities](microsoft-defender-atp/partner-integration.md)

From ae32dbc16078ca9ea82882f16b1592acf908d1a2 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 10 Jun 2020 12:12:37 -0700
Subject: [PATCH 031/331] Update
 symantec-to-microsoft-defender-atp-migration.md

---
 ...tec-to-microsoft-defender-atp-migration.md | 130 ++----------------
 1 file changed, 10 insertions(+), 120 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index 3aada3baca..f8bc968a8b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -19,6 +19,11 @@ ms.topic: article
 
 # Migrate from Symantec to Microsoft Defender Advanced Threat Protection
 
+| Overview <br/>You are here! | Part 1 | Part 2 | Part 3 | Post migration |
+|--|--|--|--|--|
+
+## Overview
+
 If you are thinking about switching from Symantec Endpoint Protection to [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection) (Microsoft Defender ATP), you're in the right place. Use this article as a guide to plan and execute your migration.  
 
 ## What all is included in Microsoft Defender ATP?
@@ -36,7 +41,7 @@ If you are new to Microsoft Defender ATP, you might be wondering what all is inc
 | [Automated investigation and remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations) | Automated investigation and response capabilities examine alerts and take immediate remediation action to resolve breaches. |
 | [Threat hunting service](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts) (Microsoft Threat Experts) | Threat hunting services provide security operations teams with expert level monitoring and analysis, and to help ensure that critical threats aren't missed. |
 
-**[Learn more about Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection)**.
+[Learn more about Microsoft Defender ATP here](https://docs.microsoft.com/windows/security/threat-protection).
 
 ## The migration process at a high level
 
@@ -44,127 +49,12 @@ The process of switching from Symantec to Microsoft Defender ATP can be divided
 
 |Phase |Steps |
 |--|--|
-|Part 1: Get Microsoft Defender ATP started |[Step 1: Get Microsoft Defender ATP](#step-1-get-microsoft-defender-atp)<br/><br/>[Step 2: Grant access to the Microsoft Defender Security Center](#step-2-grant-access-to-the-microsoft-defender-security-center)<br/><br/>[Step 3: Configure device proxy and internet connectivity settings](#step-3-configure-device-proxy-and-internet-connectivity-settings) |
-| Part 2: Configure settings and exclusions for Microsoft Defender ATP and Symantec Endpoint Protection |[Step 4: Set Microsoft Defender ATP to passive mode](#step-4-set-microsoft-defender-atp-to-passive-mode)<br/><br/>[Step 5: Re-enable Microsoft Defender Antivirus](#step-5-re-enable-microsoft-defender-antivirus) <br/><br/>[Step 6: Add Microsoft Defender ATP EDR to the exclusion list for Symantec](#step-6-add-microsoft-defender-atp-edr-to-the-exclusion-list-for-symantec)<br/><br/>[Step 7: Add Symantec to your Microsoft Defender ATP EDR exclusion list](#step-7-add-symantec-to-your-microsoft-defender-atp-edr-exclusion-list) |
-| Part 3: Finish making the switch to Microsoft Defender ATP | [Step 8: Set up your device groups, device collections, and organizational units](#step-8-set-up-your-device-groups-device-collections-and-organizational-units) <br/><br/>[Step 9: Deploy Microsoft Defender ATP and uninstall Symantec](#step-9-deploy-microsoft-defender-atp-and-uninstall-symantec) <br/><br/>[Step 10: Onboard devices to Microsoft Defender ATP](#step-10-onboard-devices-to-microsoft-defender-atp) |
+|[Part 1: Get Microsoft Defender ATP started](symantec-to-microsoft-defender-atp-part1.md) |Step 1: Get Microsoft Defender ATP<br/><br/>Step 2: Grant access to the Microsoft Defender Security Center<br/><br/>Step 3: Configure device proxy and internet connectivity settings |
+| [Part 2: Configure settings and exclusions for Microsoft Defender ATP and Symantec Endpoint Protection](symantec-to-microsoft-defender-atp-part2.md) |Step 4: Set Microsoft Defender ATP to passive mode<br/><br/>Step 5: Re-enable Microsoft Defender Antivirus <br/><br/>Step 6: Add Microsoft Defender ATP EDR to the exclusion list for Symantec<br/><br/>Step 7: Add Symantec to your Microsoft Defender ATP EDR exclusion list |
+| [Part 3: Finish making the switch to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-part3.md) | Step 8: Set up your device groups, device collections, and organizational units<br/><br/>Step 9: Deploy Microsoft Defender ATP and uninstall Symantec<br/><br/>Step 10: Onboard devices to Microsoft Defender ATP |
 
-After you have Microsoft Defender ATP set up and deployed, you can manage the various features and capabilities.
+After you have Microsoft Defender ATP set up and deployed, you can [manage the various features and capabilities](microsoft-defender-atp-post-migration-management.md).
 
-## Step 1: Get Microsoft Defender ATP
-
-To get started, you must have Microsoft Defender ATP with licenses assigned and provisioned per the following steps:
-
-1. Buy or try Microsoft Defender ATP today. [Visit Microsoft Defender ATP to start a free trial or request a quote](https://aka.ms/mdatp). 
-
-2. Verify that your licenses are properly provisioned. See [Check license state](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#check-license-state).
-
-3. As a global administrator or security administrator, set up your dedicated cloud instance of Microsoft Defender ATP. See [Microsoft Defender ATP setup: Tenant configuration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#tenant-configuration).
-
-4. If endpoints in your organization use a proxy to access the internet, see [Microsoft Defender ATP setup: Network configuration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#network-configuration).
-
-## Step 2: Grant access to the Microsoft Defender Security Center
-
-The Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)), also referred to as the Microsoft Defender ATP portal, is where you can access the features and capabilities of Microsoft Defender ATP. [Get an overview of the Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use).
-
-Permissions to the Microsoft Defender Security Center can be granted by using either basic permissions or role-based access control (RBAC). We recommend using RBAC so that you have more granular control over permissions.
-
-1. Plan the roles and permissions for your security administrators and security operators. See [Role-based access control](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment#role-based-access-control).
-
-2. Set up and configure RBAC. You can choose from one of several different methods. We recommend using [Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune), especially if your organization is using Windows 10, macOS, iOS, and Android devices. See [setting up RBAC using Intune](https://docs.microsoft.com/mem/intune/fundamentals/role-based-access-control).
-
-    Depending on your organization's needs, you can use a different method, such as one of the following:
-    
-    - [Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/servers/deploy/configure/configure-role-based-administration)
-    
-    - [Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm)
-    
-    - [Windows Admin Center](https://docs.microsoft.com/windows-server/manage/windows-admin-center/overview)
-
-3. After your roles are defined and RBAC is set up, grant access to the Microsoft Defender Security Center. See [Manage portal access using RBAC](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/rbac).
-
-## Step 3: Configure device proxy and internet connectivity settings
-
-For MDATP (EDR):
-Windows:
-Windows 10, Windows Server 1803 and Windows Server 2019:
-Configure machine proxy and Internet connectivity settings
-https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet
-
-Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 R2, and Windows Server 2016:
-Configure proxy and Internet connectivity settings 
-https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#configure-proxy-and-internet-connectivity-settings 
-Enable access to Microsoft Defender ATP service URLs in the proxy server
-https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server 
-
-macOS:
-Network connections -- Microsoft Defender Advanced Threat Protection for Mac
-https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections
-
-	Linux:
-EDR Endpoints:
-https://winatp-gw-cus.microsoft.com/
-https://winatp-gw-eus.microsoft.com/
-https://winatp-gw-weu.microsoft.com/
-https://winatp-gw-neu.microsoft.com/
-https://winatp-gw-ukw.microsoft.com/
-https://winatp-gw-uks.microsoft.com/
-https://us4-v20.events.data.microsoft.com/
-https://us5-v20.events.data.microsoft.com/
-https://eu-v20.events.data.microsoft.com/
-https://us-v20.events.data.microsoft.com/
-https://au-v20.events.data.microsoft.com/
-https://uk-v20.events.data.microsoft.com/
-https://de-v20.events.data.microsoft.com/
-https://v20.events.data.microsoft.com/
-For MDAV/SCEP:
-Windows:
-Allow connections to the Windows Defender Antivirus cloud service (Proxy and/or Firewall)
-https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus#allow-connections-to-the-windows-defender-antivirus-cloud-service  
-Important changes to Microsoft Active Protection Service (MAPS) endpoint 
-https://techcommunity.microsoft.com/t5/configuration-manager-archive/important-changes-to-microsoft-active-protection-service-maps/ba-p/274006 
-macOS:
-Network connections -- Microsoft Defender Advanced Threat Protection for Mac
-https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections
-
-Linux:
-AV Endpoints
-https://cdn.x.cp.wd.microsoft.com/
-https://eu-cdn.x.cp.wd.microsoft.com/
-https://wu-cdn.x.cp.wd.microsoft.com/
-https://x.cp.wd.microsoft.com/api/
-
-
-## Step 4: Set Microsoft Defender ATP to passive mode
-
-## Step 5: Re-enable Microsoft Defender Antivirus
-
-## Step 6: Add Microsoft Defender ATP EDR to the exclusion list for Symantec
-
-Add Microsoft Defender ATP EDR to the exclusion list for Symantec (or any other security products).
-
-## Step 7: Add Symantec to your Microsoft Defender ATP EDR exclusion list
-
-Add Symantec and your other security solutions to the Microsoft Defender ATP EDR exclusion list.
-
-## Step 8: Set up your device groups, device collections, and organizational units
-
-## Step 9: Deploy Microsoft Defender ATP and uninstall Symantec
-
-## Step 10: Onboard devices to Microsoft Defender ATP
-
-You can choose from several methods to onboard devices to Microsoft Defender ATP. 
-
-## Manage Microsoft Defender ATP
-
-After you have moved to Microsoft Defender ATP, you can choose from several methods to manage your threat protection features. We recommend using Intune. The following table lists various tasks and resources to manage features and capabilities of Microsoft Defender ATP with [Intune](https://docs.microsoft.com/intune/fundamentals/what-is-intune).
-
-|Task | Resources to learn more |
-|---|---|
-|Enforce compliance for Microsoft Defender ATP with Conditional Access in Intune |[Enforce compliance for Microsoft Defender ATP with Conditional Access in Intune](https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection) | 
-|Specify device restrictions for Microsoft Defender Antivirus |[Device restrictions: Microsoft Defender Antivirus](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus) |
-|Specify exclusions for Microsoft Defender Antivirus|[Device restrictions: Microsoft Defender Antivirus Exclusions](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions)<br/><br/>[Configure Windows Defender Antivirus exclusions on Windows Server](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus)<br/><br/>[Microsoft Antivirus Exclusion List (Windows Server)](https://social.technet.microsoft.com/wiki/contents/articles/953.microsoft-anti-virus-exclusion-list.aspx) |
-|Manage attack surface reduction rules <br/><br/>(A sample Power BI dashboard is available to review your attack surface reduction rules. [Get the template here](https://github.com/microsoft/MDATP-PowerBI-Templates/tree/master/Attack%20Surface%20Reduction%20rules).)|[Endpoint protection: Attack surface reduction rules](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10?toc=%2Fintune%2Fconfiguration%2Ftoc.json&bc=%2Fintune%2Fconfiguration%2Fbreadcrumb%2Ftoc.json#attack-surface-reduction-rules)<br/><br/>|
-|Manage network protection   |[]()<br/><br/>[]()<br/><br/>    |
 
 ## Related articles
 

From 5267ee198e5f47ddee222179c95941dc92bae31b Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 10 Jun 2020 12:24:46 -0700
Subject: [PATCH 032/331] continuing migration guide article setup

---
 ...tec-to-microsoft-defender-atp-migration.md |  4 +-
 ...ymantec-to-microsoft-defender-atp-part1.md | 59 +------------------
 2 files changed, 4 insertions(+), 59 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index f8bc968a8b..d9696a39e3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -24,7 +24,7 @@ ms.topic: article
 
 ## Overview
 
-If you are thinking about switching from Symantec Endpoint Protection to [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection) (Microsoft Defender ATP), you're in the right place. Use this article as a guide to plan and execute your migration.  
+If you are planning to switch from Symantec Endpoint Protection to [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection) (Microsoft Defender ATP), you're in the right place. Use this article as a guide to plan your migration.  
 
 ## What all is included in Microsoft Defender ATP?
 
@@ -41,7 +41,7 @@ If you are new to Microsoft Defender ATP, you might be wondering what all is inc
 | [Automated investigation and remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations) | Automated investigation and response capabilities examine alerts and take immediate remediation action to resolve breaches. |
 | [Threat hunting service](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts) (Microsoft Threat Experts) | Threat hunting services provide security operations teams with expert level monitoring and analysis, and to help ensure that critical threats aren't missed. |
 
-[Learn more about Microsoft Defender ATP here](https://docs.microsoft.com/windows/security/threat-protection).
+As you can see, Microsoft Defender ATP includes a wide range of threat protection capabilities. [Learn more about Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection).
 
 ## The migration process at a high level
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md
index 3aada3baca..41740af072 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md
@@ -1,5 +1,5 @@
 ---
-title: Migrate from Symantec to Microsoft Defender ATP
+title: Part 1 - Migrating from Symantec to Microsoft Defender ATP
 description: Make the switch from Symantec to Microsoft Defender ATP
 keywords: migration, windows defender advanced threat protection, atp, edr
 search.product: eADQiWindows 10XVcnh
@@ -17,30 +17,8 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Migrate from Symantec to Microsoft Defender Advanced Threat Protection
+# Migrate from Symantec to Microsoft Defender Advanced Threat Protection - Part 1
 
-If you are thinking about switching from Symantec Endpoint Protection to [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection) (Microsoft Defender ATP), you're in the right place. Use this article as a guide to plan and execute your migration.  
-
-## What all is included in Microsoft Defender ATP?
-
-If you are new to Microsoft Defender ATP, you might be wondering what all is included. Microsoft Defender ATP is a unified platform for preventative protection, post-breach detection, automated investigation, and response. Microsoft Defender ATP includes the features and capabilities listed in the following table:
-
-| Feature/Capability | Description |
-|---|---|
-| [Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) | Threat & Vulnerability Management capabilities helps identify, assess, and remediate weaknesses across your endpoints (such as devices). |
-| [Attack surface reduction](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction) | Attack surface reduction rules help protect your organization's devices and applications from cyberthreats and attacks. |
-| [Next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) | Next-generation protection includes Microsoft Defender Antivirus to help block threats and malware. |
-| [Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) | Endpoint detection and response capabilities detect, investigate, and respond to intrusion attempts and active breaches.  |
-| [Advanced hunting](advanced-hunting-overview.md) | Advanced hunting capabilities enable your security operations team to locate indicators and entities of known or potential threats. |
-| [Behavioral blocking and containment](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment) | Behavioral blocking and containment capabilities help identify and stop threats, based on their behaviors and process trees even when the threat has started execution. |
-| [Automated investigation and remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations) | Automated investigation and response capabilities examine alerts and take immediate remediation action to resolve breaches. |
-| [Threat hunting service](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts) (Microsoft Threat Experts) | Threat hunting services provide security operations teams with expert level monitoring and analysis, and to help ensure that critical threats aren't missed. |
-
-**[Learn more about Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection)**.
-
-## The migration process at a high level
-
-The process of switching from Symantec to Microsoft Defender ATP can be divided into three phases or parts, as listed in the following table. 
 
 |Phase |Steps |
 |--|--|
@@ -48,7 +26,6 @@ The process of switching from Symantec to Microsoft Defender ATP can be divided
 | Part 2: Configure settings and exclusions for Microsoft Defender ATP and Symantec Endpoint Protection |[Step 4: Set Microsoft Defender ATP to passive mode](#step-4-set-microsoft-defender-atp-to-passive-mode)<br/><br/>[Step 5: Re-enable Microsoft Defender Antivirus](#step-5-re-enable-microsoft-defender-antivirus) <br/><br/>[Step 6: Add Microsoft Defender ATP EDR to the exclusion list for Symantec](#step-6-add-microsoft-defender-atp-edr-to-the-exclusion-list-for-symantec)<br/><br/>[Step 7: Add Symantec to your Microsoft Defender ATP EDR exclusion list](#step-7-add-symantec-to-your-microsoft-defender-atp-edr-exclusion-list) |
 | Part 3: Finish making the switch to Microsoft Defender ATP | [Step 8: Set up your device groups, device collections, and organizational units](#step-8-set-up-your-device-groups-device-collections-and-organizational-units) <br/><br/>[Step 9: Deploy Microsoft Defender ATP and uninstall Symantec](#step-9-deploy-microsoft-defender-atp-and-uninstall-symantec) <br/><br/>[Step 10: Onboard devices to Microsoft Defender ATP](#step-10-onboard-devices-to-microsoft-defender-atp) |
 
-After you have Microsoft Defender ATP set up and deployed, you can manage the various features and capabilities.
 
 ## Step 1: Get Microsoft Defender ATP
 
@@ -134,38 +111,6 @@ https://wu-cdn.x.cp.wd.microsoft.com/
 https://x.cp.wd.microsoft.com/api/
 
 
-## Step 4: Set Microsoft Defender ATP to passive mode
-
-## Step 5: Re-enable Microsoft Defender Antivirus
-
-## Step 6: Add Microsoft Defender ATP EDR to the exclusion list for Symantec
-
-Add Microsoft Defender ATP EDR to the exclusion list for Symantec (or any other security products).
-
-## Step 7: Add Symantec to your Microsoft Defender ATP EDR exclusion list
-
-Add Symantec and your other security solutions to the Microsoft Defender ATP EDR exclusion list.
-
-## Step 8: Set up your device groups, device collections, and organizational units
-
-## Step 9: Deploy Microsoft Defender ATP and uninstall Symantec
-
-## Step 10: Onboard devices to Microsoft Defender ATP
-
-You can choose from several methods to onboard devices to Microsoft Defender ATP. 
-
-## Manage Microsoft Defender ATP
-
-After you have moved to Microsoft Defender ATP, you can choose from several methods to manage your threat protection features. We recommend using Intune. The following table lists various tasks and resources to manage features and capabilities of Microsoft Defender ATP with [Intune](https://docs.microsoft.com/intune/fundamentals/what-is-intune).
-
-|Task | Resources to learn more |
-|---|---|
-|Enforce compliance for Microsoft Defender ATP with Conditional Access in Intune |[Enforce compliance for Microsoft Defender ATP with Conditional Access in Intune](https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection) | 
-|Specify device restrictions for Microsoft Defender Antivirus |[Device restrictions: Microsoft Defender Antivirus](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus) |
-|Specify exclusions for Microsoft Defender Antivirus|[Device restrictions: Microsoft Defender Antivirus Exclusions](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions)<br/><br/>[Configure Windows Defender Antivirus exclusions on Windows Server](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus)<br/><br/>[Microsoft Antivirus Exclusion List (Windows Server)](https://social.technet.microsoft.com/wiki/contents/articles/953.microsoft-anti-virus-exclusion-list.aspx) |
-|Manage attack surface reduction rules <br/><br/>(A sample Power BI dashboard is available to review your attack surface reduction rules. [Get the template here](https://github.com/microsoft/MDATP-PowerBI-Templates/tree/master/Attack%20Surface%20Reduction%20rules).)|[Endpoint protection: Attack surface reduction rules](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10?toc=%2Fintune%2Fconfiguration%2Ftoc.json&bc=%2Fintune%2Fconfiguration%2Fbreadcrumb%2Ftoc.json#attack-surface-reduction-rules)<br/><br/>|
-|Manage network protection   |[]()<br/><br/>[]()<br/><br/>    |
-
 ## Related articles
 
 [Microsoft Defender ATP deployment guide](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/deployment-phases)

From 8727593b101686350cdd254fc68a2d83b6fc67d0 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 10 Jun 2020 12:36:31 -0700
Subject: [PATCH 033/331] Update symantec-to-microsoft-defender-atp-part1.md

---
 .../symantec-to-microsoft-defender-atp-part1.md  | 16 ++++++----------
 1 file changed, 6 insertions(+), 10 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md
index 41740af072..5f93b29def 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md
@@ -19,15 +19,10 @@ ms.topic: article
 
 # Migrate from Symantec to Microsoft Defender Advanced Threat Protection - Part 1
 
+| [Overview](symantec-to-microsoft-defender-atp-migration.md)  | Part 1 <br/>*You are here!* | [Part 2](symantec-to-microsoft-defender-atp-part2.md) | [Part 3](symantec-to-microsoft-defender-atp-part3.md) | [Post migration <br/>management](microsoft-defender-atp-post-migration-management.md) |
+|--|--|--|--|--|
 
-|Phase |Steps |
-|--|--|
-|Part 1: Get Microsoft Defender ATP started |[Step 1: Get Microsoft Defender ATP](#step-1-get-microsoft-defender-atp)<br/><br/>[Step 2: Grant access to the Microsoft Defender Security Center](#step-2-grant-access-to-the-microsoft-defender-security-center)<br/><br/>[Step 3: Configure device proxy and internet connectivity settings](#step-3-configure-device-proxy-and-internet-connectivity-settings) |
-| Part 2: Configure settings and exclusions for Microsoft Defender ATP and Symantec Endpoint Protection |[Step 4: Set Microsoft Defender ATP to passive mode](#step-4-set-microsoft-defender-atp-to-passive-mode)<br/><br/>[Step 5: Re-enable Microsoft Defender Antivirus](#step-5-re-enable-microsoft-defender-antivirus) <br/><br/>[Step 6: Add Microsoft Defender ATP EDR to the exclusion list for Symantec](#step-6-add-microsoft-defender-atp-edr-to-the-exclusion-list-for-symantec)<br/><br/>[Step 7: Add Symantec to your Microsoft Defender ATP EDR exclusion list](#step-7-add-symantec-to-your-microsoft-defender-atp-edr-exclusion-list) |
-| Part 3: Finish making the switch to Microsoft Defender ATP | [Step 8: Set up your device groups, device collections, and organizational units](#step-8-set-up-your-device-groups-device-collections-and-organizational-units) <br/><br/>[Step 9: Deploy Microsoft Defender ATP and uninstall Symantec](#step-9-deploy-microsoft-defender-atp-and-uninstall-symantec) <br/><br/>[Step 10: Onboard devices to Microsoft Defender ATP](#step-10-onboard-devices-to-microsoft-defender-atp) |
-
-
-## Step 1: Get Microsoft Defender ATP
+## Get Microsoft Defender ATP
 
 To get started, you must have Microsoft Defender ATP with licenses assigned and provisioned per the following steps:
 
@@ -39,7 +34,7 @@ To get started, you must have Microsoft Defender ATP with licenses assigned and
 
 4. If endpoints in your organization use a proxy to access the internet, see [Microsoft Defender ATP setup: Network configuration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#network-configuration).
 
-## Step 2: Grant access to the Microsoft Defender Security Center
+## Grant access to the Microsoft Defender Security Center
 
 The Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)), also referred to as the Microsoft Defender ATP portal, is where you can access the features and capabilities of Microsoft Defender ATP. [Get an overview of the Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use).
 
@@ -59,7 +54,7 @@ Permissions to the Microsoft Defender Security Center can be granted by using ei
 
 3. After your roles are defined and RBAC is set up, grant access to the Microsoft Defender Security Center. See [Manage portal access using RBAC](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/rbac).
 
-## Step 3: Configure device proxy and internet connectivity settings
+## Configure device proxy and internet connectivity settings
 
 For MDATP (EDR):
 Windows:
@@ -93,6 +88,7 @@ https://au-v20.events.data.microsoft.com/
 https://uk-v20.events.data.microsoft.com/
 https://de-v20.events.data.microsoft.com/
 https://v20.events.data.microsoft.com/
+
 For MDAV/SCEP:
 Windows:
 Allow connections to the Windows Defender Antivirus cloud service (Proxy and/or Firewall)

From ff97c68f7ccb12650af0016bfcc39ae96d337d95 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 10 Jun 2020 12:39:32 -0700
Subject: [PATCH 034/331] Update symantec-to-microsoft-defender-atp-part2.md

---
 ...ymantec-to-microsoft-defender-atp-part2.md | 118 +-----------------
 1 file changed, 4 insertions(+), 114 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
index 3aada3baca..2f72df6656 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
@@ -1,6 +1,6 @@
 ---
 title: Migrate from Symantec to Microsoft Defender ATP
-description: Make the switch from Symantec to Microsoft Defender ATP
+description: Part 2 - Make the switch from Symantec to Microsoft Defender ATP
 keywords: migration, windows defender advanced threat protection, atp, edr
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -17,121 +17,11 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Migrate from Symantec to Microsoft Defender Advanced Threat Protection
+# Migrate from Symantec to Microsoft Defender Advanced Threat Protection - Part 2
 
-If you are thinking about switching from Symantec Endpoint Protection to [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection) (Microsoft Defender ATP), you're in the right place. Use this article as a guide to plan and execute your migration.  
+| [Overview](symantec-to-microsoft-defender-atp-migration.md)  | [Part 1](symantec-to-microsoft-defender-atp-part1.md)  | Part 2<br/>*You are here!* | [Part 3](symantec-to-microsoft-defender-atp-part3.md) | [Post migration <br/>management](microsoft-defender-atp-post-migration-management.md) |
+|--|--|--|--|--|
 
-## What all is included in Microsoft Defender ATP?
-
-If you are new to Microsoft Defender ATP, you might be wondering what all is included. Microsoft Defender ATP is a unified platform for preventative protection, post-breach detection, automated investigation, and response. Microsoft Defender ATP includes the features and capabilities listed in the following table:
-
-| Feature/Capability | Description |
-|---|---|
-| [Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) | Threat & Vulnerability Management capabilities helps identify, assess, and remediate weaknesses across your endpoints (such as devices). |
-| [Attack surface reduction](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction) | Attack surface reduction rules help protect your organization's devices and applications from cyberthreats and attacks. |
-| [Next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) | Next-generation protection includes Microsoft Defender Antivirus to help block threats and malware. |
-| [Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) | Endpoint detection and response capabilities detect, investigate, and respond to intrusion attempts and active breaches.  |
-| [Advanced hunting](advanced-hunting-overview.md) | Advanced hunting capabilities enable your security operations team to locate indicators and entities of known or potential threats. |
-| [Behavioral blocking and containment](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment) | Behavioral blocking and containment capabilities help identify and stop threats, based on their behaviors and process trees even when the threat has started execution. |
-| [Automated investigation and remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations) | Automated investigation and response capabilities examine alerts and take immediate remediation action to resolve breaches. |
-| [Threat hunting service](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts) (Microsoft Threat Experts) | Threat hunting services provide security operations teams with expert level monitoring and analysis, and to help ensure that critical threats aren't missed. |
-
-**[Learn more about Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection)**.
-
-## The migration process at a high level
-
-The process of switching from Symantec to Microsoft Defender ATP can be divided into three phases or parts, as listed in the following table. 
-
-|Phase |Steps |
-|--|--|
-|Part 1: Get Microsoft Defender ATP started |[Step 1: Get Microsoft Defender ATP](#step-1-get-microsoft-defender-atp)<br/><br/>[Step 2: Grant access to the Microsoft Defender Security Center](#step-2-grant-access-to-the-microsoft-defender-security-center)<br/><br/>[Step 3: Configure device proxy and internet connectivity settings](#step-3-configure-device-proxy-and-internet-connectivity-settings) |
-| Part 2: Configure settings and exclusions for Microsoft Defender ATP and Symantec Endpoint Protection |[Step 4: Set Microsoft Defender ATP to passive mode](#step-4-set-microsoft-defender-atp-to-passive-mode)<br/><br/>[Step 5: Re-enable Microsoft Defender Antivirus](#step-5-re-enable-microsoft-defender-antivirus) <br/><br/>[Step 6: Add Microsoft Defender ATP EDR to the exclusion list for Symantec](#step-6-add-microsoft-defender-atp-edr-to-the-exclusion-list-for-symantec)<br/><br/>[Step 7: Add Symantec to your Microsoft Defender ATP EDR exclusion list](#step-7-add-symantec-to-your-microsoft-defender-atp-edr-exclusion-list) |
-| Part 3: Finish making the switch to Microsoft Defender ATP | [Step 8: Set up your device groups, device collections, and organizational units](#step-8-set-up-your-device-groups-device-collections-and-organizational-units) <br/><br/>[Step 9: Deploy Microsoft Defender ATP and uninstall Symantec](#step-9-deploy-microsoft-defender-atp-and-uninstall-symantec) <br/><br/>[Step 10: Onboard devices to Microsoft Defender ATP](#step-10-onboard-devices-to-microsoft-defender-atp) |
-
-After you have Microsoft Defender ATP set up and deployed, you can manage the various features and capabilities.
-
-## Step 1: Get Microsoft Defender ATP
-
-To get started, you must have Microsoft Defender ATP with licenses assigned and provisioned per the following steps:
-
-1. Buy or try Microsoft Defender ATP today. [Visit Microsoft Defender ATP to start a free trial or request a quote](https://aka.ms/mdatp). 
-
-2. Verify that your licenses are properly provisioned. See [Check license state](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#check-license-state).
-
-3. As a global administrator or security administrator, set up your dedicated cloud instance of Microsoft Defender ATP. See [Microsoft Defender ATP setup: Tenant configuration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#tenant-configuration).
-
-4. If endpoints in your organization use a proxy to access the internet, see [Microsoft Defender ATP setup: Network configuration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#network-configuration).
-
-## Step 2: Grant access to the Microsoft Defender Security Center
-
-The Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)), also referred to as the Microsoft Defender ATP portal, is where you can access the features and capabilities of Microsoft Defender ATP. [Get an overview of the Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use).
-
-Permissions to the Microsoft Defender Security Center can be granted by using either basic permissions or role-based access control (RBAC). We recommend using RBAC so that you have more granular control over permissions.
-
-1. Plan the roles and permissions for your security administrators and security operators. See [Role-based access control](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment#role-based-access-control).
-
-2. Set up and configure RBAC. You can choose from one of several different methods. We recommend using [Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune), especially if your organization is using Windows 10, macOS, iOS, and Android devices. See [setting up RBAC using Intune](https://docs.microsoft.com/mem/intune/fundamentals/role-based-access-control).
-
-    Depending on your organization's needs, you can use a different method, such as one of the following:
-    
-    - [Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/servers/deploy/configure/configure-role-based-administration)
-    
-    - [Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm)
-    
-    - [Windows Admin Center](https://docs.microsoft.com/windows-server/manage/windows-admin-center/overview)
-
-3. After your roles are defined and RBAC is set up, grant access to the Microsoft Defender Security Center. See [Manage portal access using RBAC](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/rbac).
-
-## Step 3: Configure device proxy and internet connectivity settings
-
-For MDATP (EDR):
-Windows:
-Windows 10, Windows Server 1803 and Windows Server 2019:
-Configure machine proxy and Internet connectivity settings
-https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet
-
-Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 R2, and Windows Server 2016:
-Configure proxy and Internet connectivity settings 
-https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#configure-proxy-and-internet-connectivity-settings 
-Enable access to Microsoft Defender ATP service URLs in the proxy server
-https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server 
-
-macOS:
-Network connections -- Microsoft Defender Advanced Threat Protection for Mac
-https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections
-
-	Linux:
-EDR Endpoints:
-https://winatp-gw-cus.microsoft.com/
-https://winatp-gw-eus.microsoft.com/
-https://winatp-gw-weu.microsoft.com/
-https://winatp-gw-neu.microsoft.com/
-https://winatp-gw-ukw.microsoft.com/
-https://winatp-gw-uks.microsoft.com/
-https://us4-v20.events.data.microsoft.com/
-https://us5-v20.events.data.microsoft.com/
-https://eu-v20.events.data.microsoft.com/
-https://us-v20.events.data.microsoft.com/
-https://au-v20.events.data.microsoft.com/
-https://uk-v20.events.data.microsoft.com/
-https://de-v20.events.data.microsoft.com/
-https://v20.events.data.microsoft.com/
-For MDAV/SCEP:
-Windows:
-Allow connections to the Windows Defender Antivirus cloud service (Proxy and/or Firewall)
-https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus#allow-connections-to-the-windows-defender-antivirus-cloud-service  
-Important changes to Microsoft Active Protection Service (MAPS) endpoint 
-https://techcommunity.microsoft.com/t5/configuration-manager-archive/important-changes-to-microsoft-active-protection-service-maps/ba-p/274006 
-macOS:
-Network connections -- Microsoft Defender Advanced Threat Protection for Mac
-https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections
-
-Linux:
-AV Endpoints
-https://cdn.x.cp.wd.microsoft.com/
-https://eu-cdn.x.cp.wd.microsoft.com/
-https://wu-cdn.x.cp.wd.microsoft.com/
-https://x.cp.wd.microsoft.com/api/
 
 
 ## Step 4: Set Microsoft Defender ATP to passive mode

From 97dda692982766e1a94b1fe850fbe3108712d84d Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 10 Jun 2020 12:40:05 -0700
Subject: [PATCH 035/331] Update symantec-to-microsoft-defender-atp-part2.md

---
 ...ymantec-to-microsoft-defender-atp-part2.md | 19 -------------------
 1 file changed, 19 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
index 2f72df6656..6095fbea80 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
@@ -36,25 +36,6 @@ Add Microsoft Defender ATP EDR to the exclusion list for Symantec (or any other
 
 Add Symantec and your other security solutions to the Microsoft Defender ATP EDR exclusion list.
 
-## Step 8: Set up your device groups, device collections, and organizational units
-
-## Step 9: Deploy Microsoft Defender ATP and uninstall Symantec
-
-## Step 10: Onboard devices to Microsoft Defender ATP
-
-You can choose from several methods to onboard devices to Microsoft Defender ATP. 
-
-## Manage Microsoft Defender ATP
-
-After you have moved to Microsoft Defender ATP, you can choose from several methods to manage your threat protection features. We recommend using Intune. The following table lists various tasks and resources to manage features and capabilities of Microsoft Defender ATP with [Intune](https://docs.microsoft.com/intune/fundamentals/what-is-intune).
-
-|Task | Resources to learn more |
-|---|---|
-|Enforce compliance for Microsoft Defender ATP with Conditional Access in Intune |[Enforce compliance for Microsoft Defender ATP with Conditional Access in Intune](https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection) | 
-|Specify device restrictions for Microsoft Defender Antivirus |[Device restrictions: Microsoft Defender Antivirus](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus) |
-|Specify exclusions for Microsoft Defender Antivirus|[Device restrictions: Microsoft Defender Antivirus Exclusions](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions)<br/><br/>[Configure Windows Defender Antivirus exclusions on Windows Server](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus)<br/><br/>[Microsoft Antivirus Exclusion List (Windows Server)](https://social.technet.microsoft.com/wiki/contents/articles/953.microsoft-anti-virus-exclusion-list.aspx) |
-|Manage attack surface reduction rules <br/><br/>(A sample Power BI dashboard is available to review your attack surface reduction rules. [Get the template here](https://github.com/microsoft/MDATP-PowerBI-Templates/tree/master/Attack%20Surface%20Reduction%20rules).)|[Endpoint protection: Attack surface reduction rules](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10?toc=%2Fintune%2Fconfiguration%2Ftoc.json&bc=%2Fintune%2Fconfiguration%2Fbreadcrumb%2Ftoc.json#attack-surface-reduction-rules)<br/><br/>|
-|Manage network protection   |[]()<br/><br/>[]()<br/><br/>    |
 
 ## Related articles
 

From 3b1f226c34df28a98749987b36e88e65728ccb34 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 10 Jun 2020 12:43:06 -0700
Subject: [PATCH 036/331] Update symantec-to-microsoft-defender-atp-part2.md

---
 .../symantec-to-microsoft-defender-atp-part2.md           | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
index 6095fbea80..9494964609 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
@@ -24,15 +24,15 @@ ms.topic: article
 
 
 
-## Step 4: Set Microsoft Defender ATP to passive mode
+## Set Microsoft Defender ATP to passive mode
 
-## Step 5: Re-enable Microsoft Defender Antivirus
+## Re-enable Microsoft Defender Antivirus
 
-## Step 6: Add Microsoft Defender ATP EDR to the exclusion list for Symantec
+## Add Microsoft Defender ATP EDR to the exclusion list for Symantec
 
 Add Microsoft Defender ATP EDR to the exclusion list for Symantec (or any other security products).
 
-## Step 7: Add Symantec to your Microsoft Defender ATP EDR exclusion list
+## Add Symantec to your Microsoft Defender ATP EDR exclusion list
 
 Add Symantec and your other security solutions to the Microsoft Defender ATP EDR exclusion list.
 

From 8bc081545a0c393d13211935c93d9c7ae5b10c84 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 10 Jun 2020 12:47:36 -0700
Subject: [PATCH 037/331] Update symantec-to-microsoft-defender-atp-part1.md

---
 .../symantec-to-microsoft-defender-atp-part1.md    | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md
index 5f93b29def..eba7340bef 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md
@@ -1,6 +1,6 @@
 ---
-title: Part 1 - Migrating from Symantec to Microsoft Defender ATP
-description: Make the switch from Symantec to Microsoft Defender ATP
+title: Part 1 - Get Microsoft Defender ATP started
+description: Part 1 of "Make the switch from Symantec to Microsoft Defender ATP"
 keywords: migration, windows defender advanced threat protection, atp, edr
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -17,11 +17,16 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Migrate from Symantec to Microsoft Defender Advanced Threat Protection - Part 1
+# Migrate from Symantec - Part 1 - Get Microsoft Defender ATP started
 
 | [Overview](symantec-to-microsoft-defender-atp-migration.md)  | Part 1 <br/>*You are here!* | [Part 2](symantec-to-microsoft-defender-atp-part2.md) | [Part 3](symantec-to-microsoft-defender-atp-part3.md) | [Post migration <br/>management](microsoft-defender-atp-post-migration-management.md) |
 |--|--|--|--|--|
 
+Part 1 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#the-migration-process-at-a-high-level) includes the following steps:
+1. [Get Microsoft Defender ATP](#get-microsoft-defender-atp).
+2. [Grant access to the Microsoft Defender Security Center](#grant-access-to-the-microsoft-defender-security-center).
+3. [Configure device proxy and internet connectivity settings](#configure-device-proxy-and-internet-connectivity-settings) 
+
 ## Get Microsoft Defender ATP
 
 To get started, you must have Microsoft Defender ATP with licenses assigned and provisioned per the following steps:
@@ -45,11 +50,8 @@ Permissions to the Microsoft Defender Security Center can be granted by using ei
 2. Set up and configure RBAC. You can choose from one of several different methods. We recommend using [Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune), especially if your organization is using Windows 10, macOS, iOS, and Android devices. See [setting up RBAC using Intune](https://docs.microsoft.com/mem/intune/fundamentals/role-based-access-control).
 
     Depending on your organization's needs, you can use a different method, such as one of the following:
-    
     - [Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/servers/deploy/configure/configure-role-based-administration)
-    
     - [Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm)
-    
     - [Windows Admin Center](https://docs.microsoft.com/windows-server/manage/windows-admin-center/overview)
 
 3. After your roles are defined and RBAC is set up, grant access to the Microsoft Defender Security Center. See [Manage portal access using RBAC](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/rbac).

From 0498c71b1f6bd507cdc2fde19db420ce51430fe5 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 10 Jun 2020 13:02:10 -0700
Subject: [PATCH 038/331] migration guide work

---
 ...tec-to-microsoft-defender-atp-migration.md |   2 +-
 ...ymantec-to-microsoft-defender-atp-part3.md | 141 ++----------------
 2 files changed, 14 insertions(+), 129 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index d9696a39e3..a7949de303 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -17,7 +17,7 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Migrate from Symantec to Microsoft Defender Advanced Threat Protection
+# Migrate from Symantec to Microsoft Defender Advanced Threat Protection - Overview 
 
 | Overview <br/>You are here! | Part 1 | Part 2 | Part 3 | Post migration |
 |--|--|--|--|--|
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md
index 3aada3baca..967aa7369b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md
@@ -17,140 +17,22 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Migrate from Symantec to Microsoft Defender Advanced Threat Protection
+# Migrate from Symantec to Microsoft Defender Advanced Threat Protection, Part 3
 
-If you are thinking about switching from Symantec Endpoint Protection to [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection) (Microsoft Defender ATP), you're in the right place. Use this article as a guide to plan and execute your migration.  
-
-## What all is included in Microsoft Defender ATP?
-
-If you are new to Microsoft Defender ATP, you might be wondering what all is included. Microsoft Defender ATP is a unified platform for preventative protection, post-breach detection, automated investigation, and response. Microsoft Defender ATP includes the features and capabilities listed in the following table:
-
-| Feature/Capability | Description |
-|---|---|
-| [Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) | Threat & Vulnerability Management capabilities helps identify, assess, and remediate weaknesses across your endpoints (such as devices). |
-| [Attack surface reduction](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction) | Attack surface reduction rules help protect your organization's devices and applications from cyberthreats and attacks. |
-| [Next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) | Next-generation protection includes Microsoft Defender Antivirus to help block threats and malware. |
-| [Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) | Endpoint detection and response capabilities detect, investigate, and respond to intrusion attempts and active breaches.  |
-| [Advanced hunting](advanced-hunting-overview.md) | Advanced hunting capabilities enable your security operations team to locate indicators and entities of known or potential threats. |
-| [Behavioral blocking and containment](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment) | Behavioral blocking and containment capabilities help identify and stop threats, based on their behaviors and process trees even when the threat has started execution. |
-| [Automated investigation and remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations) | Automated investigation and response capabilities examine alerts and take immediate remediation action to resolve breaches. |
-| [Threat hunting service](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts) (Microsoft Threat Experts) | Threat hunting services provide security operations teams with expert level monitoring and analysis, and to help ensure that critical threats aren't missed. |
-
-**[Learn more about Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection)**.
-
-## The migration process at a high level
-
-The process of switching from Symantec to Microsoft Defender ATP can be divided into three phases or parts, as listed in the following table. 
-
-|Phase |Steps |
-|--|--|
-|Part 1: Get Microsoft Defender ATP started |[Step 1: Get Microsoft Defender ATP](#step-1-get-microsoft-defender-atp)<br/><br/>[Step 2: Grant access to the Microsoft Defender Security Center](#step-2-grant-access-to-the-microsoft-defender-security-center)<br/><br/>[Step 3: Configure device proxy and internet connectivity settings](#step-3-configure-device-proxy-and-internet-connectivity-settings) |
-| Part 2: Configure settings and exclusions for Microsoft Defender ATP and Symantec Endpoint Protection |[Step 4: Set Microsoft Defender ATP to passive mode](#step-4-set-microsoft-defender-atp-to-passive-mode)<br/><br/>[Step 5: Re-enable Microsoft Defender Antivirus](#step-5-re-enable-microsoft-defender-antivirus) <br/><br/>[Step 6: Add Microsoft Defender ATP EDR to the exclusion list for Symantec](#step-6-add-microsoft-defender-atp-edr-to-the-exclusion-list-for-symantec)<br/><br/>[Step 7: Add Symantec to your Microsoft Defender ATP EDR exclusion list](#step-7-add-symantec-to-your-microsoft-defender-atp-edr-exclusion-list) |
-| Part 3: Finish making the switch to Microsoft Defender ATP | [Step 8: Set up your device groups, device collections, and organizational units](#step-8-set-up-your-device-groups-device-collections-and-organizational-units) <br/><br/>[Step 9: Deploy Microsoft Defender ATP and uninstall Symantec](#step-9-deploy-microsoft-defender-atp-and-uninstall-symantec) <br/><br/>[Step 10: Onboard devices to Microsoft Defender ATP](#step-10-onboard-devices-to-microsoft-defender-atp) |
-
-After you have Microsoft Defender ATP set up and deployed, you can manage the various features and capabilities.
-
-## Step 1: Get Microsoft Defender ATP
-
-To get started, you must have Microsoft Defender ATP with licenses assigned and provisioned per the following steps:
-
-1. Buy or try Microsoft Defender ATP today. [Visit Microsoft Defender ATP to start a free trial or request a quote](https://aka.ms/mdatp). 
-
-2. Verify that your licenses are properly provisioned. See [Check license state](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#check-license-state).
-
-3. As a global administrator or security administrator, set up your dedicated cloud instance of Microsoft Defender ATP. See [Microsoft Defender ATP setup: Tenant configuration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#tenant-configuration).
-
-4. If endpoints in your organization use a proxy to access the internet, see [Microsoft Defender ATP setup: Network configuration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#network-configuration).
-
-## Step 2: Grant access to the Microsoft Defender Security Center
-
-The Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)), also referred to as the Microsoft Defender ATP portal, is where you can access the features and capabilities of Microsoft Defender ATP. [Get an overview of the Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use).
-
-Permissions to the Microsoft Defender Security Center can be granted by using either basic permissions or role-based access control (RBAC). We recommend using RBAC so that you have more granular control over permissions.
-
-1. Plan the roles and permissions for your security administrators and security operators. See [Role-based access control](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment#role-based-access-control).
-
-2. Set up and configure RBAC. You can choose from one of several different methods. We recommend using [Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune), especially if your organization is using Windows 10, macOS, iOS, and Android devices. See [setting up RBAC using Intune](https://docs.microsoft.com/mem/intune/fundamentals/role-based-access-control).
-
-    Depending on your organization's needs, you can use a different method, such as one of the following:
-    
-    - [Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/servers/deploy/configure/configure-role-based-administration)
-    
-    - [Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm)
-    
-    - [Windows Admin Center](https://docs.microsoft.com/windows-server/manage/windows-admin-center/overview)
-
-3. After your roles are defined and RBAC is set up, grant access to the Microsoft Defender Security Center. See [Manage portal access using RBAC](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/rbac).
-
-## Step 3: Configure device proxy and internet connectivity settings
-
-For MDATP (EDR):
-Windows:
-Windows 10, Windows Server 1803 and Windows Server 2019:
-Configure machine proxy and Internet connectivity settings
-https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet
-
-Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 R2, and Windows Server 2016:
-Configure proxy and Internet connectivity settings 
-https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#configure-proxy-and-internet-connectivity-settings 
-Enable access to Microsoft Defender ATP service URLs in the proxy server
-https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server 
-
-macOS:
-Network connections -- Microsoft Defender Advanced Threat Protection for Mac
-https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections
-
-	Linux:
-EDR Endpoints:
-https://winatp-gw-cus.microsoft.com/
-https://winatp-gw-eus.microsoft.com/
-https://winatp-gw-weu.microsoft.com/
-https://winatp-gw-neu.microsoft.com/
-https://winatp-gw-ukw.microsoft.com/
-https://winatp-gw-uks.microsoft.com/
-https://us4-v20.events.data.microsoft.com/
-https://us5-v20.events.data.microsoft.com/
-https://eu-v20.events.data.microsoft.com/
-https://us-v20.events.data.microsoft.com/
-https://au-v20.events.data.microsoft.com/
-https://uk-v20.events.data.microsoft.com/
-https://de-v20.events.data.microsoft.com/
-https://v20.events.data.microsoft.com/
-For MDAV/SCEP:
-Windows:
-Allow connections to the Windows Defender Antivirus cloud service (Proxy and/or Firewall)
-https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus#allow-connections-to-the-windows-defender-antivirus-cloud-service  
-Important changes to Microsoft Active Protection Service (MAPS) endpoint 
-https://techcommunity.microsoft.com/t5/configuration-manager-archive/important-changes-to-microsoft-active-protection-service-maps/ba-p/274006 
-macOS:
-Network connections -- Microsoft Defender Advanced Threat Protection for Mac
-https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections
-
-Linux:
-AV Endpoints
-https://cdn.x.cp.wd.microsoft.com/
-https://eu-cdn.x.cp.wd.microsoft.com/
-https://wu-cdn.x.cp.wd.microsoft.com/
-https://x.cp.wd.microsoft.com/api/
+| Overview | Part 1 | Part 2 | Part 3 <br/>You are here! | Post migration |
+|--|--|--|--|--|
 
 
-## Step 4: Set Microsoft Defender ATP to passive mode
+## Finish making the switch to Microsoft Defender ATP
+- [Step 8: Set up your device groups, device collections, and organizational units](#step-8-set-up-your-device-groups-device-collections-and-organizational-units) 
+- [Step 9: Deploy Microsoft Defender ATP and uninstall Symantec](#step-9-deploy-microsoft-defender-atp-and-uninstall-symantec)
+- [Step 10: Onboard devices to Microsoft Defender ATP](#step-10-onboard-devices-to-microsoft-defender-atp) |
 
-## Step 5: Re-enable Microsoft Defender Antivirus
+## Set up your device groups, device collections, and organizational units
 
-## Step 6: Add Microsoft Defender ATP EDR to the exclusion list for Symantec
+## Deploy Microsoft Defender ATP and uninstall Symantec
 
-Add Microsoft Defender ATP EDR to the exclusion list for Symantec (or any other security products).
-
-## Step 7: Add Symantec to your Microsoft Defender ATP EDR exclusion list
-
-Add Symantec and your other security solutions to the Microsoft Defender ATP EDR exclusion list.
-
-## Step 8: Set up your device groups, device collections, and organizational units
-
-## Step 9: Deploy Microsoft Defender ATP and uninstall Symantec
-
-## Step 10: Onboard devices to Microsoft Defender ATP
+## Onboard devices to Microsoft Defender ATP
 
 You can choose from several methods to onboard devices to Microsoft Defender ATP. 
 
@@ -166,6 +48,9 @@ After you have moved to Microsoft Defender ATP, you can choose from several meth
 |Manage attack surface reduction rules <br/><br/>(A sample Power BI dashboard is available to review your attack surface reduction rules. [Get the template here](https://github.com/microsoft/MDATP-PowerBI-Templates/tree/master/Attack%20Surface%20Reduction%20rules).)|[Endpoint protection: Attack surface reduction rules](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10?toc=%2Fintune%2Fconfiguration%2Ftoc.json&bc=%2Fintune%2Fconfiguration%2Fbreadcrumb%2Ftoc.json#attack-surface-reduction-rules)<br/><br/>|
 |Manage network protection   |[]()<br/><br/>[]()<br/><br/>    |
 
+After you have Microsoft Defender ATP set up and deployed, you can manage the various features and capabilities.
+
+
 ## Related articles
 
 [Microsoft Defender ATP deployment guide](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/deployment-phases)

From 2de694074badc6a89d96af911b2c93c219fba558 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 10 Jun 2020 13:06:44 -0700
Subject: [PATCH 039/331] migration guide

---
 .../symantec-to-microsoft-defender-atp-migration.md         | 2 +-
 .../symantec-to-microsoft-defender-atp-part1.md             | 6 +++++-
 .../symantec-to-microsoft-defender-atp-part2.md             | 6 +++---
 3 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index a7949de303..b80c6a620c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -17,7 +17,7 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Migrate from Symantec to Microsoft Defender Advanced Threat Protection - Overview 
+# Migrate from Symantec to Microsoft Defender Advanced Threat Protection - Overview and Planning
 
 | Overview <br/>You are here! | Part 1 | Part 2 | Part 3 | Post migration |
 |--|--|--|--|--|
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md
index eba7340bef..43c8a05e7b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md
@@ -17,7 +17,7 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Migrate from Symantec - Part 1 - Get Microsoft Defender ATP started
+# Migrate from Symantec - Part 1: Get Microsoft Defender ATP started
 
 | [Overview](symantec-to-microsoft-defender-atp-migration.md)  | Part 1 <br/>*You are here!* | [Part 2](symantec-to-microsoft-defender-atp-part2.md) | [Part 3](symantec-to-microsoft-defender-atp-part3.md) | [Post migration <br/>management](microsoft-defender-atp-post-migration-management.md) |
 |--|--|--|--|--|
@@ -109,6 +109,10 @@ https://wu-cdn.x.cp.wd.microsoft.com/
 https://x.cp.wd.microsoft.com/api/
 
 
+## Next step
+
+- [Migrate from Symantec - Part 2: Configure settings and exclusions](symantec-to-microsoft-defender-atp-part2.md)
+
 ## Related articles
 
 [Microsoft Defender ATP deployment guide](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/deployment-phases)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
index 9494964609..968a0ad79c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
@@ -1,5 +1,5 @@
 ---
-title: Migrate from Symantec to Microsoft Defender ATP
+title: Part 2 - Configure settings and exclusions for Microsoft Defender ATP and Symantec Endpoint Protection
 description: Part 2 - Make the switch from Symantec to Microsoft Defender ATP
 keywords: migration, windows defender advanced threat protection, atp, edr
 search.product: eADQiWindows 10XVcnh
@@ -17,9 +17,9 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Migrate from Symantec to Microsoft Defender Advanced Threat Protection - Part 2
+# Migrate from Symantec - Part 2: Configure settings and exclusions
 
-| [Overview](symantec-to-microsoft-defender-atp-migration.md)  | [Part 1](symantec-to-microsoft-defender-atp-part1.md)  | Part 2<br/>*You are here!* | [Part 3](symantec-to-microsoft-defender-atp-part3.md) | [Post migration <br/>management](microsoft-defender-atp-post-migration-management.md) |
+| [Overview](symantec-to-microsoft-defender-atp-migration.md)  | [Part 1](symantec-to-microsoft-defender-atp-part1.md)  | [Part 2](symantec-to-microsoft-defender-atp-part2.md) | Part 3 <br/>*You are here!*| [Post migration <br/>management](microsoft-defender-atp-post-migration-management.md) |
 |--|--|--|--|--|
 
 

From b06c754ce18db10dda49e9b72238f9b3479bc8bb Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 10 Jun 2020 13:11:01 -0700
Subject: [PATCH 040/331] migration guide work

---
 .../symantec-to-microsoft-defender-atp-migration.md             | 2 +-
 .../symantec-to-microsoft-defender-atp-part1.md                 | 2 +-
 .../symantec-to-microsoft-defender-atp-part2.md                 | 2 +-
 .../symantec-to-microsoft-defender-atp-part3.md                 | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index b80c6a620c..1e8cb05824 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -19,7 +19,7 @@ ms.topic: article
 
 # Migrate from Symantec to Microsoft Defender Advanced Threat Protection - Overview and Planning
 
-| Overview <br/>You are here! | Part 1 | Part 2 | Part 3 | Post migration |
+| Overview <br/>*You are here!* | [Part 1](symantec-to-microsoft-defender-atp-part1.md) | [Part 2](symantec-to-microsoft-defender-atp-part2.md) | [Part 3](symantec-to-microsoft-defender-atp-part3.md) | [Post migration <br/>management](microsoft-defender-atp-post-migration-management.md) |
 |--|--|--|--|--|
 
 ## Overview
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md
index 43c8a05e7b..9c1beefab5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md
@@ -19,7 +19,7 @@ ms.topic: article
 
 # Migrate from Symantec - Part 1: Get Microsoft Defender ATP started
 
-| [Overview](symantec-to-microsoft-defender-atp-migration.md)  | Part 1 <br/>*You are here!* | [Part 2](symantec-to-microsoft-defender-atp-part2.md) | [Part 3](symantec-to-microsoft-defender-atp-part3.md) | [Post migration <br/>management](microsoft-defender-atp-post-migration-management.md) |
+| [Overview](symantec-to-microsoft-defender-atp-migration.md)  | Part 1 <br/>*You are here!* | [Part 2](symantec-to-microsoft-defender-atp-part2.md) | [Part 3](symantec-to-microsoft-defender-atp-part3.md) | [Post migration<br/>management](microsoft-defender-atp-post-migration-management.md) |
 |--|--|--|--|--|
 
 Part 1 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#the-migration-process-at-a-high-level) includes the following steps:
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
index 968a0ad79c..971237c2b9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
@@ -19,7 +19,7 @@ ms.topic: article
 
 # Migrate from Symantec - Part 2: Configure settings and exclusions
 
-| [Overview](symantec-to-microsoft-defender-atp-migration.md)  | [Part 1](symantec-to-microsoft-defender-atp-part1.md)  | [Part 2](symantec-to-microsoft-defender-atp-part2.md) | Part 3 <br/>*You are here!*| [Post migration <br/>management](microsoft-defender-atp-post-migration-management.md) |
+| [Overview](symantec-to-microsoft-defender-atp-migration.md)  | [Part 1](symantec-to-microsoft-defender-atp-part1.md)  |Part 2 <br/>*You are here!*| [Part 3](symantec-to-microsoft-defender-atp-part2.md)| [Post migration<br/>management](microsoft-defender-atp-post-migration-management.md) |
 |--|--|--|--|--|
 
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md
index 967aa7369b..c8c93cd1f6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md
@@ -19,7 +19,7 @@ ms.topic: article
 
 # Migrate from Symantec to Microsoft Defender Advanced Threat Protection, Part 3
 
-| Overview | Part 1 | Part 2 | Part 3 <br/>You are here! | Post migration |
+| [Overview](symantec-to-microsoft-defender-atp-migration.md)  | [Part 1](symantec-to-microsoft-defender-atp-part1.md)  | [Part 2](symantec-to-microsoft-defender-atp-part2.md) | Part 3 <br/>*You are here!*| [Post migration <br/>management](microsoft-defender-atp-post-migration-management.md) |
 |--|--|--|--|--|
 
 

From 8498c67d6c8b272df63d069755d1198363baa4ac Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 10 Jun 2020 13:26:49 -0700
Subject: [PATCH 041/331] Update symantec-to-microsoft-defender-atp-part3.md

---
 .../symantec-to-microsoft-defender-atp-part3.md        | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md
index c8c93cd1f6..6b20f1bf24 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md
@@ -1,5 +1,5 @@
 ---
-title: Migrate from Symantec to Microsoft Defender ATP
+title: Part 3 - Finish making the switch to Microsoft Defender ATP
 description: Make the switch from Symantec to Microsoft Defender ATP
 keywords: migration, windows defender advanced threat protection, atp, edr
 search.product: eADQiWindows 10XVcnh
@@ -17,16 +17,16 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Migrate from Symantec to Microsoft Defender Advanced Threat Protection, Part 3
+# Migrate from Symantec - Part 3: Finish making the switch to Microsoft Defender ATP
 
 | [Overview](symantec-to-microsoft-defender-atp-migration.md)  | [Part 1](symantec-to-microsoft-defender-atp-part1.md)  | [Part 2](symantec-to-microsoft-defender-atp-part2.md) | Part 3 <br/>*You are here!*| [Post migration <br/>management](microsoft-defender-atp-post-migration-management.md) |
 |--|--|--|--|--|
 
 
 ## Finish making the switch to Microsoft Defender ATP
-- [Step 8: Set up your device groups, device collections, and organizational units](#step-8-set-up-your-device-groups-device-collections-and-organizational-units) 
-- [Step 9: Deploy Microsoft Defender ATP and uninstall Symantec](#step-9-deploy-microsoft-defender-atp-and-uninstall-symantec)
-- [Step 10: Onboard devices to Microsoft Defender ATP](#step-10-onboard-devices-to-microsoft-defender-atp) |
+- [Set up your device groups, device collections, and organizational units](#set-up-your-device-groups-device-collections-and-organizational-units) 
+- [Deploy Microsoft Defender ATP and uninstall Symantec](#deploy-microsoft-defender-atp-and-uninstall-symantec)
+- [Onboard devices to Microsoft Defender ATP](#onboard-devices-to-microsoft-defender-atp) |
 
 ## Set up your device groups, device collections, and organizational units
 

From 8bc8434d2486771a30813d9f903b530b9c267381 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 10 Jun 2020 13:29:45 -0700
Subject: [PATCH 042/331] Update TOC.md

---
 windows/security/threat-protection/TOC.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 1a992ed3ea..8b8901e706 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -594,7 +594,8 @@
 #### [Configure managed security service provider (MSSP) integration](microsoft-defender-atp/configure-mssp-support.md)
 
 ### [Migration guides]()
-#### [Migrate from Symantec to Microsoft Defender Advanced Threat Protection](microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md)
+#### [Migrate from Symantec to Microsoft Defender Advanced Threat Protection]()
+##### [Overview](microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md)
 ##### [Migrate from Symantec - Part 1](microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md)
 ##### [Migrate from Symantec - Part 2](microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md)
 ##### [Migrate from Symantec - Part 3](microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md)

From 47bd1906621bd466085597af8c1829a3dd444454 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 10 Jun 2020 13:31:39 -0700
Subject: [PATCH 043/331] Update TOC.md

---
 windows/security/threat-protection/TOC.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 8b8901e706..c80bc08b13 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -594,11 +594,11 @@
 #### [Configure managed security service provider (MSSP) integration](microsoft-defender-atp/configure-mssp-support.md)
 
 ### [Migration guides]()
-#### [Migrate from Symantec to Microsoft Defender Advanced Threat Protection]()
+#### [Migrate from Symantec to Microsoft Defender ATP]()
 ##### [Overview](microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md)
-##### [Migrate from Symantec - Part 1](microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md)
-##### [Migrate from Symantec - Part 2](microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md)
-##### [Migrate from Symantec - Part 3](microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md)
+##### [Part 1: Get Microsoft Defender ATP](microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md)
+##### [Part 2: Configure settings and exclusions](microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md)
+##### [Part 3: Finish making the switch](microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md)
 #### [Managing Microsoft Defender ATP after migration](microsoft-defender-atp/microsoft-defender-atp-post-migration-management.md)
 
 ### [Partner integration scenarios]()

From 26fa31826c5b93e5b405e57e20e207ff7e61fd0d Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 10 Jun 2020 13:32:20 -0700
Subject: [PATCH 044/331] Update TOC.md

---
 windows/security/threat-protection/TOC.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index c80bc08b13..722bfb2c88 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -599,7 +599,7 @@
 ##### [Part 1: Get Microsoft Defender ATP](microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md)
 ##### [Part 2: Configure settings and exclusions](microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md)
 ##### [Part 3: Finish making the switch](microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md)
-#### [Managing Microsoft Defender ATP after migration](microsoft-defender-atp/microsoft-defender-atp-post-migration-management.md)
+#### [Manage Microsoft Defender ATP post migration](microsoft-defender-atp/microsoft-defender-atp-post-migration-management.md)
 
 ### [Partner integration scenarios]()
 #### [Technical partner opportunities](microsoft-defender-atp/partner-integration.md)

From 2ed7f6c84a56cae1407c229ff2576bb64e01e074 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 10 Jun 2020 13:35:02 -0700
Subject: [PATCH 045/331] Update
 microsoft-defender-atp-post-migration-management.md

---
 ...-defender-atp-post-migration-management.md | 139 +-----------------
 1 file changed, 2 insertions(+), 137 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-post-migration-management.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-post-migration-management.md
index 3aada3baca..1626bddfed 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-post-migration-management.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-post-migration-management.md
@@ -17,146 +17,11 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Migrate from Symantec to Microsoft Defender Advanced Threat Protection
-
-If you are thinking about switching from Symantec Endpoint Protection to [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection) (Microsoft Defender ATP), you're in the right place. Use this article as a guide to plan and execute your migration.  
-
-## What all is included in Microsoft Defender ATP?
-
-If you are new to Microsoft Defender ATP, you might be wondering what all is included. Microsoft Defender ATP is a unified platform for preventative protection, post-breach detection, automated investigation, and response. Microsoft Defender ATP includes the features and capabilities listed in the following table:
-
-| Feature/Capability | Description |
-|---|---|
-| [Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) | Threat & Vulnerability Management capabilities helps identify, assess, and remediate weaknesses across your endpoints (such as devices). |
-| [Attack surface reduction](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction) | Attack surface reduction rules help protect your organization's devices and applications from cyberthreats and attacks. |
-| [Next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) | Next-generation protection includes Microsoft Defender Antivirus to help block threats and malware. |
-| [Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) | Endpoint detection and response capabilities detect, investigate, and respond to intrusion attempts and active breaches.  |
-| [Advanced hunting](advanced-hunting-overview.md) | Advanced hunting capabilities enable your security operations team to locate indicators and entities of known or potential threats. |
-| [Behavioral blocking and containment](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment) | Behavioral blocking and containment capabilities help identify and stop threats, based on their behaviors and process trees even when the threat has started execution. |
-| [Automated investigation and remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations) | Automated investigation and response capabilities examine alerts and take immediate remediation action to resolve breaches. |
-| [Threat hunting service](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts) (Microsoft Threat Experts) | Threat hunting services provide security operations teams with expert level monitoring and analysis, and to help ensure that critical threats aren't missed. |
-
-**[Learn more about Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection)**.
-
-## The migration process at a high level
-
-The process of switching from Symantec to Microsoft Defender ATP can be divided into three phases or parts, as listed in the following table. 
-
-|Phase |Steps |
-|--|--|
-|Part 1: Get Microsoft Defender ATP started |[Step 1: Get Microsoft Defender ATP](#step-1-get-microsoft-defender-atp)<br/><br/>[Step 2: Grant access to the Microsoft Defender Security Center](#step-2-grant-access-to-the-microsoft-defender-security-center)<br/><br/>[Step 3: Configure device proxy and internet connectivity settings](#step-3-configure-device-proxy-and-internet-connectivity-settings) |
-| Part 2: Configure settings and exclusions for Microsoft Defender ATP and Symantec Endpoint Protection |[Step 4: Set Microsoft Defender ATP to passive mode](#step-4-set-microsoft-defender-atp-to-passive-mode)<br/><br/>[Step 5: Re-enable Microsoft Defender Antivirus](#step-5-re-enable-microsoft-defender-antivirus) <br/><br/>[Step 6: Add Microsoft Defender ATP EDR to the exclusion list for Symantec](#step-6-add-microsoft-defender-atp-edr-to-the-exclusion-list-for-symantec)<br/><br/>[Step 7: Add Symantec to your Microsoft Defender ATP EDR exclusion list](#step-7-add-symantec-to-your-microsoft-defender-atp-edr-exclusion-list) |
-| Part 3: Finish making the switch to Microsoft Defender ATP | [Step 8: Set up your device groups, device collections, and organizational units](#step-8-set-up-your-device-groups-device-collections-and-organizational-units) <br/><br/>[Step 9: Deploy Microsoft Defender ATP and uninstall Symantec](#step-9-deploy-microsoft-defender-atp-and-uninstall-symantec) <br/><br/>[Step 10: Onboard devices to Microsoft Defender ATP](#step-10-onboard-devices-to-microsoft-defender-atp) |
-
-After you have Microsoft Defender ATP set up and deployed, you can manage the various features and capabilities.
-
-## Step 1: Get Microsoft Defender ATP
-
-To get started, you must have Microsoft Defender ATP with licenses assigned and provisioned per the following steps:
-
-1. Buy or try Microsoft Defender ATP today. [Visit Microsoft Defender ATP to start a free trial or request a quote](https://aka.ms/mdatp). 
-
-2. Verify that your licenses are properly provisioned. See [Check license state](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#check-license-state).
-
-3. As a global administrator or security administrator, set up your dedicated cloud instance of Microsoft Defender ATP. See [Microsoft Defender ATP setup: Tenant configuration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#tenant-configuration).
-
-4. If endpoints in your organization use a proxy to access the internet, see [Microsoft Defender ATP setup: Network configuration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#network-configuration).
-
-## Step 2: Grant access to the Microsoft Defender Security Center
-
-The Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)), also referred to as the Microsoft Defender ATP portal, is where you can access the features and capabilities of Microsoft Defender ATP. [Get an overview of the Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use).
-
-Permissions to the Microsoft Defender Security Center can be granted by using either basic permissions or role-based access control (RBAC). We recommend using RBAC so that you have more granular control over permissions.
-
-1. Plan the roles and permissions for your security administrators and security operators. See [Role-based access control](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment#role-based-access-control).
-
-2. Set up and configure RBAC. You can choose from one of several different methods. We recommend using [Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune), especially if your organization is using Windows 10, macOS, iOS, and Android devices. See [setting up RBAC using Intune](https://docs.microsoft.com/mem/intune/fundamentals/role-based-access-control).
-
-    Depending on your organization's needs, you can use a different method, such as one of the following:
-    
-    - [Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/servers/deploy/configure/configure-role-based-administration)
-    
-    - [Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm)
-    
-    - [Windows Admin Center](https://docs.microsoft.com/windows-server/manage/windows-admin-center/overview)
-
-3. After your roles are defined and RBAC is set up, grant access to the Microsoft Defender Security Center. See [Manage portal access using RBAC](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/rbac).
-
-## Step 3: Configure device proxy and internet connectivity settings
-
-For MDATP (EDR):
-Windows:
-Windows 10, Windows Server 1803 and Windows Server 2019:
-Configure machine proxy and Internet connectivity settings
-https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet
-
-Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 R2, and Windows Server 2016:
-Configure proxy and Internet connectivity settings 
-https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#configure-proxy-and-internet-connectivity-settings 
-Enable access to Microsoft Defender ATP service URLs in the proxy server
-https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server 
-
-macOS:
-Network connections -- Microsoft Defender Advanced Threat Protection for Mac
-https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections
-
-	Linux:
-EDR Endpoints:
-https://winatp-gw-cus.microsoft.com/
-https://winatp-gw-eus.microsoft.com/
-https://winatp-gw-weu.microsoft.com/
-https://winatp-gw-neu.microsoft.com/
-https://winatp-gw-ukw.microsoft.com/
-https://winatp-gw-uks.microsoft.com/
-https://us4-v20.events.data.microsoft.com/
-https://us5-v20.events.data.microsoft.com/
-https://eu-v20.events.data.microsoft.com/
-https://us-v20.events.data.microsoft.com/
-https://au-v20.events.data.microsoft.com/
-https://uk-v20.events.data.microsoft.com/
-https://de-v20.events.data.microsoft.com/
-https://v20.events.data.microsoft.com/
-For MDAV/SCEP:
-Windows:
-Allow connections to the Windows Defender Antivirus cloud service (Proxy and/or Firewall)
-https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus#allow-connections-to-the-windows-defender-antivirus-cloud-service  
-Important changes to Microsoft Active Protection Service (MAPS) endpoint 
-https://techcommunity.microsoft.com/t5/configuration-manager-archive/important-changes-to-microsoft-active-protection-service-maps/ba-p/274006 
-macOS:
-Network connections -- Microsoft Defender Advanced Threat Protection for Mac
-https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections
-
-Linux:
-AV Endpoints
-https://cdn.x.cp.wd.microsoft.com/
-https://eu-cdn.x.cp.wd.microsoft.com/
-https://wu-cdn.x.cp.wd.microsoft.com/
-https://x.cp.wd.microsoft.com/api/
-
-
-## Step 4: Set Microsoft Defender ATP to passive mode
-
-## Step 5: Re-enable Microsoft Defender Antivirus
-
-## Step 6: Add Microsoft Defender ATP EDR to the exclusion list for Symantec
-
-Add Microsoft Defender ATP EDR to the exclusion list for Symantec (or any other security products).
-
-## Step 7: Add Symantec to your Microsoft Defender ATP EDR exclusion list
-
-Add Symantec and your other security solutions to the Microsoft Defender ATP EDR exclusion list.
-
-## Step 8: Set up your device groups, device collections, and organizational units
-
-## Step 9: Deploy Microsoft Defender ATP and uninstall Symantec
-
-## Step 10: Onboard devices to Microsoft Defender ATP
-
-You can choose from several methods to onboard devices to Microsoft Defender ATP. 
+# Manage Microsoft Defender ATP, post migration
 
 ## Manage Microsoft Defender ATP
 
-After you have moved to Microsoft Defender ATP, you can choose from several methods to manage your threat protection features. We recommend using Intune. The following table lists various tasks and resources to manage features and capabilities of Microsoft Defender ATP with [Intune](https://docs.microsoft.com/intune/fundamentals/what-is-intune).
+After you have moved from a non-Microsoft threat protection solution to Microsoft Defender ATP, you can choose from several methods to manage your features and capabilities. We recommend using Intune. The following table lists various tasks and resources to manage features and capabilities of Microsoft Defender ATP with [Intune](https://docs.microsoft.com/intune/fundamentals/what-is-intune).
 
 |Task | Resources to learn more |
 |---|---|

From b1ea345b7d01f1425fea576aea9851e8e39f72a5 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 10 Jun 2020 15:46:39 -0700
Subject: [PATCH 046/331] Update
 symantec-to-microsoft-defender-atp-migration.md

---
 ...tec-to-microsoft-defender-atp-migration.md | 31 ++++++++++---------
 1 file changed, 16 insertions(+), 15 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index 1e8cb05824..d9c92ec541 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -19,12 +19,26 @@ ms.topic: article
 
 # Migrate from Symantec to Microsoft Defender Advanced Threat Protection - Overview and Planning
 
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
 | Overview <br/>*You are here!* | [Part 1](symantec-to-microsoft-defender-atp-part1.md) | [Part 2](symantec-to-microsoft-defender-atp-part2.md) | [Part 3](symantec-to-microsoft-defender-atp-part3.md) | [Post migration <br/>management](microsoft-defender-atp-post-migration-management.md) |
 |--|--|--|--|--|
 
-## Overview
+If you are planning to switch from Symantec Endpoint Protection to [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection), you're in the right place. Use this article as a guide to plan your migration.  
 
-If you are planning to switch from Symantec Endpoint Protection to [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection) (Microsoft Defender ATP), you're in the right place. Use this article as a guide to plan your migration.  
+## The migration process at a high level
+
+The process of switching from Symantec to Microsoft Defender ATP can be divided into three phases or parts, as listed in the following table. 
+
+|Phase |Steps |
+|--|--|
+|[Part 1: Get Microsoft Defender ATP started](symantec-to-microsoft-defender-atp-part1.md) |Step 1: Get Microsoft Defender ATP<br/><br/>Step 2: Grant access to the Microsoft Defender Security Center<br/><br/>Step 3: Configure device proxy and internet connectivity settings |
+| [Part 2: Configure settings and exclusions for Microsoft Defender ATP and Symantec Endpoint Protection](symantec-to-microsoft-defender-atp-part2.md) |Step 4: Set Microsoft Defender ATP to passive mode<br/><br/>Step 5: Re-enable Microsoft Defender Antivirus <br/><br/>Step 6: Add Microsoft Defender ATP EDR to the exclusion list for Symantec<br/><br/>Step 7: Add Symantec to your Microsoft Defender ATP EDR exclusion list |
+| [Part 3: Finish making the switch to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-part3.md) | Step 8: Set up your device groups, device collections, and organizational units<br/><br/>Step 9: Deploy Microsoft Defender ATP and uninstall Symantec<br/><br/>Step 10: Onboard devices to Microsoft Defender ATP |
+
+After you have Microsoft Defender ATP set up and deployed, you can [manage the various features and capabilities](microsoft-defender-atp-post-migration-management.md).
 
 ## What all is included in Microsoft Defender ATP?
 
@@ -43,19 +57,6 @@ If you are new to Microsoft Defender ATP, you might be wondering what all is inc
 
 As you can see, Microsoft Defender ATP includes a wide range of threat protection capabilities. [Learn more about Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection).
 
-## The migration process at a high level
-
-The process of switching from Symantec to Microsoft Defender ATP can be divided into three phases or parts, as listed in the following table. 
-
-|Phase |Steps |
-|--|--|
-|[Part 1: Get Microsoft Defender ATP started](symantec-to-microsoft-defender-atp-part1.md) |Step 1: Get Microsoft Defender ATP<br/><br/>Step 2: Grant access to the Microsoft Defender Security Center<br/><br/>Step 3: Configure device proxy and internet connectivity settings |
-| [Part 2: Configure settings and exclusions for Microsoft Defender ATP and Symantec Endpoint Protection](symantec-to-microsoft-defender-atp-part2.md) |Step 4: Set Microsoft Defender ATP to passive mode<br/><br/>Step 5: Re-enable Microsoft Defender Antivirus <br/><br/>Step 6: Add Microsoft Defender ATP EDR to the exclusion list for Symantec<br/><br/>Step 7: Add Symantec to your Microsoft Defender ATP EDR exclusion list |
-| [Part 3: Finish making the switch to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-part3.md) | Step 8: Set up your device groups, device collections, and organizational units<br/><br/>Step 9: Deploy Microsoft Defender ATP and uninstall Symantec<br/><br/>Step 10: Onboard devices to Microsoft Defender ATP |
-
-After you have Microsoft Defender ATP set up and deployed, you can [manage the various features and capabilities](microsoft-defender-atp-post-migration-management.md).
-
-
 ## Related articles
 
 [Microsoft Defender ATP deployment guide](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/deployment-phases)

From eae362cda87f2d07cb9d1de107f1351e3b85eb75 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 10 Jun 2020 15:51:30 -0700
Subject: [PATCH 047/331] migration guide

---
 windows/security/threat-protection/TOC.md                   | 2 +-
 .../symantec-to-microsoft-defender-atp-migration.md         | 2 +-
 .../symantec-to-microsoft-defender-atp-part1.md             | 6 ++++--
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 722bfb2c88..bd2804cf98 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -595,7 +595,7 @@
 
 ### [Migration guides]()
 #### [Migrate from Symantec to Microsoft Defender ATP]()
-##### [Overview](microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md)
+##### [Overview and planning](microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md)
 ##### [Part 1: Get Microsoft Defender ATP](microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md)
 ##### [Part 2: Configure settings and exclusions](microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md)
 ##### [Part 3: Finish making the switch](microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index d9c92ec541..a70d2b1a19 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -28,7 +28,7 @@ ms.topic: article
 
 If you are planning to switch from Symantec Endpoint Protection to [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection), you're in the right place. Use this article as a guide to plan your migration.  
 
-## The migration process at a high level
+## Planning for migration: The process at a high level
 
 The process of switching from Symantec to Microsoft Defender ATP can be divided into three phases or parts, as listed in the following table. 
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md
index 9c1beefab5..c5d466d576 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md
@@ -22,7 +22,7 @@ ms.topic: article
 | [Overview](symantec-to-microsoft-defender-atp-migration.md)  | Part 1 <br/>*You are here!* | [Part 2](symantec-to-microsoft-defender-atp-part2.md) | [Part 3](symantec-to-microsoft-defender-atp-part3.md) | [Post migration<br/>management](microsoft-defender-atp-post-migration-management.md) |
 |--|--|--|--|--|
 
-Part 1 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#the-migration-process-at-a-high-level) includes the following steps:
+Part 1 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level) includes the following steps:
 1. [Get Microsoft Defender ATP](#get-microsoft-defender-atp).
 2. [Grant access to the Microsoft Defender Security Center](#grant-access-to-the-microsoft-defender-security-center).
 3. [Configure device proxy and internet connectivity settings](#configure-device-proxy-and-internet-connectivity-settings) 
@@ -38,10 +38,12 @@ To get started, you must have Microsoft Defender ATP with licenses assigned and
 3. As a global administrator or security administrator, set up your dedicated cloud instance of Microsoft Defender ATP. See [Microsoft Defender ATP setup: Tenant configuration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#tenant-configuration).
 
 4. If endpoints in your organization use a proxy to access the internet, see [Microsoft Defender ATP setup: Network configuration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#network-configuration).
+ 
+At this point, you are ready to grant access to the Microsoft Defender Security Center, which is sometimes referred to as the Microsoft Defender ATP portal. 
 
 ## Grant access to the Microsoft Defender Security Center
 
-The Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)), also referred to as the Microsoft Defender ATP portal, is where you can access the features and capabilities of Microsoft Defender ATP. [Get an overview of the Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use).
+The Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) is where you can access the features and capabilities of Microsoft Defender ATP. [Get an overview of the Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use).
 
 Permissions to the Microsoft Defender Security Center can be granted by using either basic permissions or role-based access control (RBAC). We recommend using RBAC so that you have more granular control over permissions.
 

From aaebb75ddd48bb624d9057a5a0887c7efdaf9f5b Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 10 Jun 2020 15:53:40 -0700
Subject: [PATCH 048/331] Update symantec-to-microsoft-defender-atp-part2.md

---
 .../symantec-to-microsoft-defender-atp-part2.md             | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
index 971237c2b9..dbeb0ad75c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
@@ -22,7 +22,11 @@ ms.topic: article
 | [Overview](symantec-to-microsoft-defender-atp-migration.md)  | [Part 1](symantec-to-microsoft-defender-atp-part1.md)  |Part 2 <br/>*You are here!*| [Part 3](symantec-to-microsoft-defender-atp-part2.md)| [Post migration<br/>management](microsoft-defender-atp-post-migration-management.md) |
 |--|--|--|--|--|
 
-
+Part 2 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level) includes the following steps:
+1. [Set Microsoft Defender ATP to passive mode](#set-microsoft-defender-atp-to-passive-mode).
+2. [Re-enable Microsoft Defender Antivirus](#re-enable-microsoft-defender-antivirus).
+3. [Add Microsoft Defender ATP EDR to the exclusion list for Symantec](#add-microsoft-defender-atp-edr-to-the-exclusion-list-for-symantec).
+4. [Add Symantec to your Microsoft Defender ATP EDR exclusion list](#add-symantec-to-your-microsoft-defender-atp-edr-exclusion-list). 
 
 ## Set Microsoft Defender ATP to passive mode
 

From 80c450311fda903af9e8f0506b998c79bf2e37a8 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 11 Jun 2020 09:26:14 -0700
Subject: [PATCH 049/331] Update
 symantec-to-microsoft-defender-atp-migration.md

---
 .../symantec-to-microsoft-defender-atp-migration.md           | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index a70d2b1a19..4202eaa605 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -35,8 +35,8 @@ The process of switching from Symantec to Microsoft Defender ATP can be divided
 |Phase |Steps |
 |--|--|
 |[Part 1: Get Microsoft Defender ATP started](symantec-to-microsoft-defender-atp-part1.md) |Step 1: Get Microsoft Defender ATP<br/><br/>Step 2: Grant access to the Microsoft Defender Security Center<br/><br/>Step 3: Configure device proxy and internet connectivity settings |
-| [Part 2: Configure settings and exclusions for Microsoft Defender ATP and Symantec Endpoint Protection](symantec-to-microsoft-defender-atp-part2.md) |Step 4: Set Microsoft Defender ATP to passive mode<br/><br/>Step 5: Re-enable Microsoft Defender Antivirus <br/><br/>Step 6: Add Microsoft Defender ATP EDR to the exclusion list for Symantec<br/><br/>Step 7: Add Symantec to your Microsoft Defender ATP EDR exclusion list |
-| [Part 3: Finish making the switch to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-part3.md) | Step 8: Set up your device groups, device collections, and organizational units<br/><br/>Step 9: Deploy Microsoft Defender ATP and uninstall Symantec<br/><br/>Step 10: Onboard devices to Microsoft Defender ATP |
+|[Part 2: Configure settings and exclusions for Microsoft Defender ATP and Symantec Endpoint Protection](symantec-to-microsoft-defender-atp-part2.md) |Step 4: Set Microsoft Defender ATP to passive mode<br/><br/>Step 5: Re-enable Microsoft Defender Antivirus <br/><br/>Step 6: Add Microsoft Defender ATP EDR to the exclusion list for Symantec<br/><br/>Step 7: Add Symantec to your Microsoft Defender ATP EDR exclusion list |
+|[Part 3: Finish making the switch to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-part3.md) | Step 8: Set up your device groups, device collections, and organizational units<br/><br/>Step 9: Deploy Microsoft Defender ATP and uninstall Symantec<br/><br/>Step 10: Onboard devices to Microsoft Defender ATP |
 
 After you have Microsoft Defender ATP set up and deployed, you can [manage the various features and capabilities](microsoft-defender-atp-post-migration-management.md).
 

From c561d7ba492386c0a3c427ed33632cf017c32be3 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 11 Jun 2020 11:05:07 -0700
Subject: [PATCH 050/331] Update symantec-to-microsoft-defender-atp-part1.md

---
 ...ymantec-to-microsoft-defender-atp-part1.md | 60 +++++--------------
 1 file changed, 16 insertions(+), 44 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md
index c5d466d576..f8e7bc8e72 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md
@@ -22,28 +22,28 @@ ms.topic: article
 | [Overview](symantec-to-microsoft-defender-atp-migration.md)  | Part 1 <br/>*You are here!* | [Part 2](symantec-to-microsoft-defender-atp-part2.md) | [Part 3](symantec-to-microsoft-defender-atp-part3.md) | [Post migration<br/>management](microsoft-defender-atp-post-migration-management.md) |
 |--|--|--|--|--|
 
-Part 1 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level) includes the following steps:
+Welcome to Part 1 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level). This migration phase includes the following steps:
 1. [Get Microsoft Defender ATP](#get-microsoft-defender-atp).
 2. [Grant access to the Microsoft Defender Security Center](#grant-access-to-the-microsoft-defender-security-center).
 3. [Configure device proxy and internet connectivity settings](#configure-device-proxy-and-internet-connectivity-settings) 
 
 ## Get Microsoft Defender ATP
 
-To get started, you must have Microsoft Defender ATP with licenses assigned and provisioned per the following steps:
+To get started, you must have Microsoft Defender ATP, with licenses assigned and provisioned.
 
 1. Buy or try Microsoft Defender ATP today. [Visit Microsoft Defender ATP to start a free trial or request a quote](https://aka.ms/mdatp). 
 
-2. Verify that your licenses are properly provisioned. See [Check license state](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#check-license-state).
+2. Verify that your licenses are properly provisioned. [Check your license state](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#check-license-state).
 
 3. As a global administrator or security administrator, set up your dedicated cloud instance of Microsoft Defender ATP. See [Microsoft Defender ATP setup: Tenant configuration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#tenant-configuration).
 
-4. If endpoints in your organization use a proxy to access the internet, see [Microsoft Defender ATP setup: Network configuration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#network-configuration).
+4. If endpoints (such as devices) in your organization use a proxy to access the internet, see [Microsoft Defender ATP setup: Network configuration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#network-configuration).
  
-At this point, you are ready to grant access to the Microsoft Defender Security Center, which is sometimes referred to as the Microsoft Defender ATP portal. 
+At this point, you are ready to grant access to those who'll use the Microsoft Defender Security Center, which is sometimes referred to as the Microsoft Defender ATP portal. 
 
 ## Grant access to the Microsoft Defender Security Center
 
-The Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) is where you can access the features and capabilities of Microsoft Defender ATP. [Get an overview of the Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use).
+The Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) is where you access and configure features and capabilities of Microsoft Defender ATP. [Get an overview of the Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use).
 
 Permissions to the Microsoft Defender Security Center can be granted by using either basic permissions or role-based access control (RBAC). We recommend using RBAC so that you have more granular control over permissions.
 
@@ -51,52 +51,24 @@ Permissions to the Microsoft Defender Security Center can be granted by using ei
 
 2. Set up and configure RBAC. You can choose from one of several different methods. We recommend using [Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune), especially if your organization is using Windows 10, macOS, iOS, and Android devices. See [setting up RBAC using Intune](https://docs.microsoft.com/mem/intune/fundamentals/role-based-access-control).
 
-    Depending on your organization's needs, you can use a different method, such as one of the following:
+    Although we recommend using Intune, you can use a different method to suit your organization's needs. Other methods include the following:
     - [Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/servers/deploy/configure/configure-role-based-administration)
     - [Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm)
     - [Windows Admin Center](https://docs.microsoft.com/windows-server/manage/windows-admin-center/overview)
 
-3. After your roles are defined and RBAC is set up, grant access to the Microsoft Defender Security Center. See [Manage portal access using RBAC](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/rbac).
+3. Grant access to the Microsoft Defender Security Center. [Manage portal access using RBAC](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/rbac).
 
 ## Configure device proxy and internet connectivity settings
 
-For MDATP (EDR):
-Windows:
-Windows 10, Windows Server 1803 and Windows Server 2019:
-Configure machine proxy and Internet connectivity settings
-https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet
+To enable communication between your devices and Microsoft Defender ATP, configure proxy and internet settings. These settings should be configured for certain capabilities in Microsoft Defender ATP and for certain operating systems, as listed in the following table:
 
-Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 R2, and Windows Server 2016:
-Configure proxy and Internet connectivity settings 
-https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#configure-proxy-and-internet-connectivity-settings 
-Enable access to Microsoft Defender ATP service URLs in the proxy server
-https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server 
-
-macOS:
-Network connections -- Microsoft Defender Advanced Threat Protection for Mac
-https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections
-
-	Linux:
-EDR Endpoints:
-https://winatp-gw-cus.microsoft.com/
-https://winatp-gw-eus.microsoft.com/
-https://winatp-gw-weu.microsoft.com/
-https://winatp-gw-neu.microsoft.com/
-https://winatp-gw-ukw.microsoft.com/
-https://winatp-gw-uks.microsoft.com/
-https://us4-v20.events.data.microsoft.com/
-https://us5-v20.events.data.microsoft.com/
-https://eu-v20.events.data.microsoft.com/
-https://us-v20.events.data.microsoft.com/
-https://au-v20.events.data.microsoft.com/
-https://uk-v20.events.data.microsoft.com/
-https://de-v20.events.data.microsoft.com/
-https://v20.events.data.microsoft.com/
-
-For MDAV/SCEP:
-Windows:
-Allow connections to the Windows Defender Antivirus cloud service (Proxy and/or Firewall)
-https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus#allow-connections-to-the-windows-defender-antivirus-cloud-service  
+| Features/Capabilities  | Operating System | Resources to learn more |
+|--|--|--|
+|Endpoint detection and response (EDR) | Windows 10 <br/>Windows Server 1803 or later <br/>Windows Server 2019 |[Configure machine proxy and Internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet) |
+|EDR |Windows 7 SP1 <br/>Windows Server 2008 R2 SP1 <br/>Windows 8.1 <br/>Windows Server 2012 R2<br/>Windows Server 2016 |[Configure proxy and Internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#configure-proxy-and-internet-connectivity-settings) |
+|EDR  |mac OS 10.15 (Catalina) <br/>macOS 10.14 (Mojave) <br/>macOS 10.13 (High Sierra)  |[Microsoft Defender ATP for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
+|EDR |Linux |[Microsoft Defender ATP for Linux: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux#network-connections) |
+|Microsoft Defender Antivirus (Microsoft Defender AV) |Windows |[Configure and validate Microsoft Defender Antivirus network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus)<br/> |
 Important changes to Microsoft Active Protection Service (MAPS) endpoint 
 https://techcommunity.microsoft.com/t5/configuration-manager-archive/important-changes-to-microsoft-active-protection-service-maps/ba-p/274006 
 macOS:

From 54d52c5d31302ca990cb8f5ad1ba13b3f8804905 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 11 Jun 2020 11:30:18 -0700
Subject: [PATCH 051/331] Update symantec-to-microsoft-defender-atp-part1.md

---
 .../symantec-to-microsoft-defender-atp-part1.md  | 16 +++-------------
 1 file changed, 3 insertions(+), 13 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md
index f8e7bc8e72..54f5c67c52 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md
@@ -66,21 +66,11 @@ To enable communication between your devices and Microsoft Defender ATP, configu
 |--|--|--|
 |Endpoint detection and response (EDR) | Windows 10 <br/>Windows Server 1803 or later <br/>Windows Server 2019 |[Configure machine proxy and Internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet) |
 |EDR |Windows 7 SP1 <br/>Windows Server 2008 R2 SP1 <br/>Windows 8.1 <br/>Windows Server 2012 R2<br/>Windows Server 2016 |[Configure proxy and Internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#configure-proxy-and-internet-connectivity-settings) |
-|EDR  |mac OS 10.15 (Catalina) <br/>macOS 10.14 (Mojave) <br/>macOS 10.13 (High Sierra)  |[Microsoft Defender ATP for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
+|EDR  |macOS <br/>10.15 (Catalina) <br/>10.14 (Mojave) <br/>10.13 (High Sierra)  |[Microsoft Defender ATP for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
 |EDR |Linux |[Microsoft Defender ATP for Linux: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux#network-connections) |
 |Microsoft Defender Antivirus (Microsoft Defender AV) |Windows |[Configure and validate Microsoft Defender Antivirus network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus)<br/> |
-Important changes to Microsoft Active Protection Service (MAPS) endpoint 
-https://techcommunity.microsoft.com/t5/configuration-manager-archive/important-changes-to-microsoft-active-protection-service-maps/ba-p/274006 
-macOS:
-Network connections -- Microsoft Defender Advanced Threat Protection for Mac
-https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections
-
-Linux:
-AV Endpoints
-https://cdn.x.cp.wd.microsoft.com/
-https://eu-cdn.x.cp.wd.microsoft.com/
-https://wu-cdn.x.cp.wd.microsoft.com/
-https://x.cp.wd.microsoft.com/api/
+|Antivirus |macOS |[Microsoft Defender ATP for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
+|Antivirus |Linux |[Microsoft Defender ATP for Linux: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux#network-connections) 
 
 
 ## Next step

From aac7e7b711725c4ac8d17213d3373b017f903707 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 11 Jun 2020 12:01:36 -0700
Subject: [PATCH 052/331] Update
 symantec-to-microsoft-defender-atp-migration.md

---
 .../symantec-to-microsoft-defender-atp-migration.md            | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index 4202eaa605..ae462ba02d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -23,9 +23,6 @@ ms.topic: article
 
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-| Overview <br/>*You are here!* | [Part 1](symantec-to-microsoft-defender-atp-part1.md) | [Part 2](symantec-to-microsoft-defender-atp-part2.md) | [Part 3](symantec-to-microsoft-defender-atp-part3.md) | [Post migration <br/>management](microsoft-defender-atp-post-migration-management.md) |
-|--|--|--|--|--|
-
 If you are planning to switch from Symantec Endpoint Protection to [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection), you're in the right place. Use this article as a guide to plan your migration.  
 
 ## Planning for migration: The process at a high level

From 74d80693e8fa48946419573973a6b5c1eb6f8bcf Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 11 Jun 2020 13:00:05 -0700
Subject: [PATCH 053/331] more work on migration guide

---
 ...ymantec-to-microsoft-defender-atp-part1.md | 21 ++++++++-----------
 ...ymantec-to-microsoft-defender-atp-part2.md | 13 +++++-------
 2 files changed, 14 insertions(+), 20 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md
index 54f5c67c52..a6493b19a1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md
@@ -19,13 +19,10 @@ ms.topic: article
 
 # Migrate from Symantec - Part 1: Get Microsoft Defender ATP started
 
-| [Overview](symantec-to-microsoft-defender-atp-migration.md)  | Part 1 <br/>*You are here!* | [Part 2](symantec-to-microsoft-defender-atp-part2.md) | [Part 3](symantec-to-microsoft-defender-atp-part3.md) | [Post migration<br/>management](microsoft-defender-atp-post-migration-management.md) |
-|--|--|--|--|--|
-
 Welcome to Part 1 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level). This migration phase includes the following steps:
 1. [Get Microsoft Defender ATP](#get-microsoft-defender-atp).
 2. [Grant access to the Microsoft Defender Security Center](#grant-access-to-the-microsoft-defender-security-center).
-3. [Configure device proxy and internet connectivity settings](#configure-device-proxy-and-internet-connectivity-settings) 
+3. [Configure device proxy and internet connectivity settings](#configure-device-proxy-and-internet-connectivity-settings).
 
 ## Get Microsoft Defender ATP
 
@@ -68,17 +65,17 @@ To enable communication between your devices and Microsoft Defender ATP, configu
 |EDR |Windows 7 SP1 <br/>Windows Server 2008 R2 SP1 <br/>Windows 8.1 <br/>Windows Server 2012 R2<br/>Windows Server 2016 |[Configure proxy and Internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#configure-proxy-and-internet-connectivity-settings) |
 |EDR  |macOS <br/>10.15 (Catalina) <br/>10.14 (Mojave) <br/>10.13 (High Sierra)  |[Microsoft Defender ATP for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
 |EDR |Linux |[Microsoft Defender ATP for Linux: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux#network-connections) |
-|Microsoft Defender Antivirus (Microsoft Defender AV) |Windows |[Configure and validate Microsoft Defender Antivirus network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus)<br/> |
-|Antivirus |macOS |[Microsoft Defender ATP for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
-|Antivirus |Linux |[Microsoft Defender ATP for Linux: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux#network-connections) 
+|Antivirus (AV) |Windows |[Configure and validate Microsoft Defender Antivirus network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus)<br/> |
+|AV |macOS |[Microsoft Defender ATP for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
+|AV |Linux |[Microsoft Defender ATP for Linux: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux#network-connections) 
 
 
+Congratulations! You have completed part 1 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)!
+
 ## Next step
 
-- [Migrate from Symantec - Part 2: Configure settings and exclusions](symantec-to-microsoft-defender-atp-part2.md)
-
-## Related articles
-
-[Microsoft Defender ATP deployment guide](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/deployment-phases)
+- [Proceed to Part 2: Configure settings and exclusions](symantec-to-microsoft-defender-atp-part2.md)
+
+
 
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
index dbeb0ad75c..5a5ca261e8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
@@ -19,10 +19,7 @@ ms.topic: article
 
 # Migrate from Symantec - Part 2: Configure settings and exclusions
 
-| [Overview](symantec-to-microsoft-defender-atp-migration.md)  | [Part 1](symantec-to-microsoft-defender-atp-part1.md)  |Part 2 <br/>*You are here!*| [Part 3](symantec-to-microsoft-defender-atp-part2.md)| [Post migration<br/>management](microsoft-defender-atp-post-migration-management.md) |
-|--|--|--|--|--|
-
-Part 2 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level) includes the following steps:
+Welcome to Part 2 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level). This migration phase includes the following steps:
 1. [Set Microsoft Defender ATP to passive mode](#set-microsoft-defender-atp-to-passive-mode).
 2. [Re-enable Microsoft Defender Antivirus](#re-enable-microsoft-defender-antivirus).
 3. [Add Microsoft Defender ATP EDR to the exclusion list for Symantec](#add-microsoft-defender-atp-edr-to-the-exclusion-list-for-symantec).
@@ -40,9 +37,9 @@ Add Microsoft Defender ATP EDR to the exclusion list for Symantec (or any other
 
 Add Symantec and your other security solutions to the Microsoft Defender ATP EDR exclusion list.
 
-
-## Related articles
-
-[Microsoft Defender ATP deployment guide](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/deployment-phases)
+Congratulations! You have completed part 1 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)!
 
 
+## Next step
+
+- [Proceed to Part 3: Finish making the switch to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-part3.md)

From a2d48b58a994d705c262aafb52ce4589eaaac42b Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 11 Jun 2020 13:15:50 -0700
Subject: [PATCH 054/331] Symantec onboading guide

---
 ...tec-to-microsoft-defender-atp-migration.md | 14 +++-----
 ...ymantec-to-microsoft-defender-atp-part3.md | 32 ++++++-------------
 2 files changed, 14 insertions(+), 32 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index ae462ba02d..86305551e6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -19,10 +19,6 @@ ms.topic: article
 
 # Migrate from Symantec to Microsoft Defender Advanced Threat Protection - Overview and Planning
 
-**Applies to:**
-
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
 If you are planning to switch from Symantec Endpoint Protection to [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection), you're in the right place. Use this article as a guide to plan your migration.  
 
 ## Planning for migration: The process at a high level
@@ -37,7 +33,7 @@ The process of switching from Symantec to Microsoft Defender ATP can be divided
 
 After you have Microsoft Defender ATP set up and deployed, you can [manage the various features and capabilities](microsoft-defender-atp-post-migration-management.md).
 
-## What all is included in Microsoft Defender ATP?
+## Overview of Microsoft Defender ATP
 
 If you are new to Microsoft Defender ATP, you might be wondering what all is included. Microsoft Defender ATP is a unified platform for preventative protection, post-breach detection, automated investigation, and response. Microsoft Defender ATP includes the features and capabilities listed in the following table:
 
@@ -52,10 +48,8 @@ If you are new to Microsoft Defender ATP, you might be wondering what all is inc
 | [Automated investigation and remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations) | Automated investigation and response capabilities examine alerts and take immediate remediation action to resolve breaches. |
 | [Threat hunting service](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts) (Microsoft Threat Experts) | Threat hunting services provide security operations teams with expert level monitoring and analysis, and to help ensure that critical threats aren't missed. |
 
-As you can see, Microsoft Defender ATP includes a wide range of threat protection capabilities. [Learn more about Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection).
-
-## Related articles
-
-[Microsoft Defender ATP deployment guide](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/deployment-phases)
+As you can see, Microsoft Defender ATP includes a wide range of threat protection capabilities. Want to learn more? See [about Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection).
 
+## Next step
 
+When you are ready to begin your migration, proceed to [Migrate from Symantec - Part 1: Get Microsoft Defender ATP started](symantec-to-microsoft-defender-atp-part1.md).
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md
index 6b20f1bf24..dd4846fc58 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md
@@ -19,40 +19,28 @@ ms.topic: article
 
 # Migrate from Symantec - Part 3: Finish making the switch to Microsoft Defender ATP
 
-| [Overview](symantec-to-microsoft-defender-atp-migration.md)  | [Part 1](symantec-to-microsoft-defender-atp-part1.md)  | [Part 2](symantec-to-microsoft-defender-atp-part2.md) | Part 3 <br/>*You are here!*| [Post migration <br/>management](microsoft-defender-atp-post-migration-management.md) |
-|--|--|--|--|--|
-
-
 ## Finish making the switch to Microsoft Defender ATP
+
+**Welcome to Part 3 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)**. This migration phase includes the following steps:
 - [Set up your device groups, device collections, and organizational units](#set-up-your-device-groups-device-collections-and-organizational-units) 
 - [Deploy Microsoft Defender ATP and uninstall Symantec](#deploy-microsoft-defender-atp-and-uninstall-symantec)
-- [Onboard devices to Microsoft Defender ATP](#onboard-devices-to-microsoft-defender-atp) |
+- [Onboard devices to Microsoft Defender ATP](#onboard-devices-to-microsoft-defender-atp)
 
 ## Set up your device groups, device collections, and organizational units
 
+
+
 ## Deploy Microsoft Defender ATP and uninstall Symantec
 
+stuff
+
 ## Onboard devices to Microsoft Defender ATP
 
 You can choose from several methods to onboard devices to Microsoft Defender ATP. 
 
-## Manage Microsoft Defender ATP
+**Congratulations**! You have completed your [migration from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)!
 
-After you have moved to Microsoft Defender ATP, you can choose from several methods to manage your threat protection features. We recommend using Intune. The following table lists various tasks and resources to manage features and capabilities of Microsoft Defender ATP with [Intune](https://docs.microsoft.com/intune/fundamentals/what-is-intune).
-
-|Task | Resources to learn more |
-|---|---|
-|Enforce compliance for Microsoft Defender ATP with Conditional Access in Intune |[Enforce compliance for Microsoft Defender ATP with Conditional Access in Intune](https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection) | 
-|Specify device restrictions for Microsoft Defender Antivirus |[Device restrictions: Microsoft Defender Antivirus](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus) |
-|Specify exclusions for Microsoft Defender Antivirus|[Device restrictions: Microsoft Defender Antivirus Exclusions](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions)<br/><br/>[Configure Windows Defender Antivirus exclusions on Windows Server](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus)<br/><br/>[Microsoft Antivirus Exclusion List (Windows Server)](https://social.technet.microsoft.com/wiki/contents/articles/953.microsoft-anti-virus-exclusion-list.aspx) |
-|Manage attack surface reduction rules <br/><br/>(A sample Power BI dashboard is available to review your attack surface reduction rules. [Get the template here](https://github.com/microsoft/MDATP-PowerBI-Templates/tree/master/Attack%20Surface%20Reduction%20rules).)|[Endpoint protection: Attack surface reduction rules](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10?toc=%2Fintune%2Fconfiguration%2Ftoc.json&bc=%2Fintune%2Fconfiguration%2Fbreadcrumb%2Ftoc.json#attack-surface-reduction-rules)<br/><br/>|
-|Manage network protection   |[]()<br/><br/>[]()<br/><br/>    |
-
-After you have Microsoft Defender ATP set up and deployed, you can manage the various features and capabilities.
-
-
-## Related articles
-
-[Microsoft Defender ATP deployment guide](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/deployment-phases)
+## Next step
 
+After you have Microsoft Defender ATP set up and deployed, your security operations team can manage the various features and capabilities. See [Manage Microsoft Defender ATP, post migration](microsoft-defender-atp-post-migration-management.md).
 

From cb1350415251308fe4c11112c7e750625e846d18 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 11 Jun 2020 13:48:18 -0700
Subject: [PATCH 055/331] Update symantec-to-microsoft-defender-atp-part2.md

---
 ...ymantec-to-microsoft-defender-atp-part2.md | 78 ++++++++++++++++++-
 1 file changed, 76 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
index 5a5ca261e8..47d691bf02 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
@@ -19,7 +19,7 @@ ms.topic: article
 
 # Migrate from Symantec - Part 2: Configure settings and exclusions
 
-Welcome to Part 2 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level). This migration phase includes the following steps:
+**Welcome to Part 2 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)**. This migration phase includes the following steps:
 1. [Set Microsoft Defender ATP to passive mode](#set-microsoft-defender-atp-to-passive-mode).
 2. [Re-enable Microsoft Defender Antivirus](#re-enable-microsoft-defender-antivirus).
 3. [Add Microsoft Defender ATP EDR to the exclusion list for Symantec](#add-microsoft-defender-atp-edr-to-the-exclusion-list-for-symantec).
@@ -27,17 +27,91 @@ Welcome to Part 2 of [migrating from Symantec to Microsoft Defender ATP](symante
 
 ## Set Microsoft Defender ATP to passive mode
 
+*This is from the Word doc - needs revision and clarification*
+
+Set the registry key for Passive Mode in Windows Server 2016, Windows Server, 1803 (Core only mode) and Windows Server 2019.
+HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection
+ForceDefenderPassiveMode (dword) 1 (hex)
+Note:  You can use “Group Policy Preference” (GPP) or LGPO or a “Package” in SCCM.
+
+
 ## Re-enable Microsoft Defender Antivirus
 
+*This is from the Word doc - needs revision and clarification*
+
+Many IT Architects/IT Administrators/Security Architects/Security Administrators might have disabled the “Windows Defender” service back in the Windows 7 SP1/Windows Server 2008 R2 SP1 days, when it was just an Antispyware or if you have a 3rd party AV.
+
+Review in AGPM or GPMC to see if the following policy is set:
+Computer configuration -> Administrative templates -> Windows components > Windows Defender Antivirus 
+Turn off Windows Defender Antivirus
+Disabled.
+Recommendation:
+Enabled.
+
+Locally on a machine:
+HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender
+DisableAntiSpyware (dword) 1 (hex)
+Recommendation:
+Needs to be set to 0 (hex) which means it’s enabled in order to work.
+Requires a reboot.
+
+<Future item:  Add a CMPivot query that provides the results of the entry>
+
+
+Reference(s):
+Use Group Policy settings to configure and manage Windows Defender Antivirus
+https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus  
+Turn on Windows Defender to access company resources
+https://docs.microsoft.com/en-us/intune-user-help/turn-on-defender-windows 
+
+
 ## Add Microsoft Defender ATP EDR to the exclusion list for Symantec
 
+*This is from the Word doc - needs revision and clarification*
+
+
 Add Microsoft Defender ATP EDR to the exclusion list for Symantec (or any other security products).
 
+Adding MDATP (EDR) to the exclusion list to SEP/Trendmicro or any other security product and EDR (RSA Netwitness)
+If you’ll have a 3rd party security product(s) that intercepts MDATP and not let the data get uploaded.
+ 
+For these types of issues, please add exclusions for the following services/processes from the 3rd party security product(s):
+
+For MDATP built-in to Windows 10, Windows Server 1803, and Windows Server 2019:
+C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
+C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe
+C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe
+C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe 
+Note:  On Windows 10 1803 and newer w/o the KB hotfix for April 2019.  Available in Windows 10 1709/1703 w/ the KB hotfix for April 2019.
+ 
+For the down-level Windows OS versions (Windows 7/Windows Server 2008R2, Windows 8.1 and Windows Server 2012 R2/Windows Server 2016) that have MMA agent installed:
+ 
+"C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 6\45\MsSenseS.exe"
+Note:  Where Monitoring Host Temporary Files 6\45 can be different numbered subfolders.
+ 
+"C:\Program Files\Microsoft Monitoring Agent\Agent\AgentControlPanel.exe"
+"C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe"
+"C:\Program Files\Microsoft Monitoring Agent\Agent\HSLockdown.exe"
+"C:\Program Files\Microsoft Monitoring Agent\Agent\MOMPerfSnapshotHelper.exe"
+"C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe"
+"C:\Program Files\Microsoft Monitoring Agent\Agent\TestCloudConnection.exe"
+
+
 ## Add Symantec to your Microsoft Defender ATP EDR exclusion list
 
 Add Symantec and your other security solutions to the Microsoft Defender ATP EDR exclusion list.
 
-Congratulations! You have completed part 1 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)!
+For MDATP (AV and EDR), there are two portions to ‘exclude’ 3rd party security products.
+ 
+1.	You will need to add exclusions to Path and Process in the AV.
+Process exclusion vs Path exclusion...
+“Process exclusions” exclude everything a process touches but does not exclude the process itself from being scanned on access. Excluding the same EXE as both a “process” and “path exclusion” will exclude the file itself, as well as anything the file accesses. We discourage process exclusions that are 'name only' instead of full path, as they are less secure.
+ 
+2.	And add in EDR, go to Indicator – File Hash.
+
+
+
+**Congratulations**! You have completed part 2 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)!
 
 
 ## Next step

From e0bbdecc9ab9b8f80f34046cc4a0a4e2c7411ffa Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 11 Jun 2020 14:05:06 -0700
Subject: [PATCH 056/331] Update symantec-to-microsoft-defender-atp-part2.md

---
 ...ymantec-to-microsoft-defender-atp-part2.md | 109 +++++++++++++++++-
 1 file changed, 106 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
index 47d691bf02..eee474d629 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
@@ -55,8 +55,7 @@ Recommendation:
 Needs to be set to 0 (hex) which means it’s enabled in order to work.
 Requires a reboot.
 
-<Future item:  Add a CMPivot query that provides the results of the entry>
-
+Future item:  Add a CMPivot query that provides the results of the entry
 
 Reference(s):
 Use Group Policy settings to configure and manage Windows Defender Antivirus
@@ -69,7 +68,6 @@ https://docs.microsoft.com/en-us/intune-user-help/turn-on-defender-windows
 
 *This is from the Word doc - needs revision and clarification*
 
-
 Add Microsoft Defender ATP EDR to the exclusion list for Symantec (or any other security products).
 
 Adding MDATP (EDR) to the exclusion list to SEP/Trendmicro or any other security product and EDR (RSA Netwitness)
@@ -99,6 +97,9 @@ Note:  Where Monitoring Host Temporary Files 6\45 can be different numbered subf
 
 ## Add Symantec to your Microsoft Defender ATP EDR exclusion list
 
+*This is from the Word doc - needs revision and clarification*
+
+
 Add Symantec and your other security solutions to the Microsoft Defender ATP EDR exclusion list.
 
 For MDATP (AV and EDR), there are two portions to ‘exclude’ 3rd party security products.
@@ -109,7 +110,109 @@ Process exclusion vs Path exclusion...
  
 2.	And add in EDR, go to Indicator – File Hash.
 
+### MDAV/SCEP
 
+#### Option 1: In the Intune MDAV policies add the exclusions
+ 
+Intune portal (portal.azure.com)
+Device Configuration -> Profiles -> [Select your profile for AV] -> Properties -> Settings -> Microsoft Defender Antivirus -> Microsoft Defender Antivirus Exclusions 
+ 
+Files and folders
+       xxxxx
+ 
+Processes
+       xxxxx
+ 
+
+#### Option 2: In the SCCM MDAV/SCEP policies add the exclusions
+
+Assets and Compliance -> Endpoint Protection -> Antimalware Policies -> [Select the policy that you want to modify] -> Exclusion Settings  
+Excluded files and folders:
+xxxxx
+Excluded processes:
+xxxxx
+
+
+#### Option 3: Create a new GPO w/ the MDAV exclusions
+
+Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Exclusions
+Path Exclusions
+    xxxxx
+Process Exclusions
+    xxxxx
+
+#### Option 4: Local gpo
+
+You could setup the 3rd party security product exclusions (SEP or Tanium) on 1 machine by going to:
+              Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Exclusions
+              Path Exclusions
+                           xxxxx
+              Process Exclusions
+                           xxxxx
+
+#### Option 5: Export the following registry key:
+ 
+HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\exclusions
+ 
+And import it in as a “regedit.exe /s MDAV_Exclusion.reg”
+
+### MD ATP (EDR)
+
+Indicators – Hash
+Settings -> Indicators ->File hashes tab -> Add indicator
+In the “Indicator” tab
+File hash
+Never
+Click on Next 
+In the “Action” tab
+Response Action: Allow
+Title:
+Description:
+Click on Next
+In the “Scope” tab
+Machine groups:
+All machines in my scope
+or
+Select from list
+Click on Next
+In the “Summary” tab
+Review
+Click on “Save”
+
+*More notes in the Word document:*
+
+How can I find the file hashes of my 3rd party security products?
+There are a few methods, in this e-mail, we will talk about the MDATP “Advanced Hunting” functionality and SCCM’s CMPivot.
+ 
+MDATP “Advanced Hunting”
+ 
+Note:  Change the “Last 7 days” to “Last 30 days”
+ 
+find in (FileCreationEvents, ProcessCreationEvents, MiscEvents, RegistryEvents, NetworkCommunicationEvents, ImageLoadEvents)
+where InitiatingProcessFileName has 'notepad.exe'
+| project EventTime, ComputerName, InitiatingProcessSHA256, InitiatingProcessFolderPath, InitiatingProcessCommandLine
+| distinct InitiatingProcessSHA256
+Note:    Replace notepad.exe with the 3rd party security product process name.
+Note 2:  We added ‘distinct’ query which shows just the unique SHA256’s.
+              
+SCCM CMPivot
+ 
+Pre-req
+Install CMPivot
+C:\Program Files\Microsoft Configuration Manager\tools\CMPivot \cmpivot.msi
+ 
+Start, CMPivot (Run as admin)
+Connect to your SCCM server (SCCM_ServerName.DomainName.com)
+Click on Connect
+ 
+Click on the “Query tab”
+ 
+Select the “Device Collection” (drop down, All Systems (default)).
+Type:
+File(c:\\windows\\notepad.exe)
+| project Hash
+
+<br/><br/><br/><br/>
 
 **Congratulations**! You have completed part 2 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)!
 

From 67d71a23c5e8cb239f3f6bd01ee315b02df1c85d Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 11 Jun 2020 14:06:51 -0700
Subject: [PATCH 057/331] Update symantec-to-microsoft-defender-atp-part3.md

---
 .../symantec-to-microsoft-defender-atp-part3.md          | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md
index dd4846fc58..ff422c8628 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md
@@ -28,16 +28,23 @@ ms.topic: article
 
 ## Set up your device groups, device collections, and organizational units
 
+stuff (will draw from existing content here)
 
 
 ## Deploy Microsoft Defender ATP and uninstall Symantec
 
-stuff
+stuff (will draw from existing content here)
 
 ## Onboard devices to Microsoft Defender ATP
 
 You can choose from several methods to onboard devices to Microsoft Defender ATP. 
 
+stuff (will draw from existing content here)
+
+
+<br/><br/><br/><br/><br/>
+
+
 **Congratulations**! You have completed your [migration from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)!
 
 ## Next step

From 7948b1c30fee0127c8118a1564f9614ecbdbb368 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 11 Jun 2020 14:08:42 -0700
Subject: [PATCH 058/331] Update
 microsoft-defender-atp-post-migration-management.md

---
 .../microsoft-defender-atp-post-migration-management.md         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-post-migration-management.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-post-migration-management.md
index 1626bddfed..09294d8246 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-post-migration-management.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-post-migration-management.md
@@ -29,7 +29,7 @@ After you have moved from a non-Microsoft threat protection solution to Microsof
 |Specify device restrictions for Microsoft Defender Antivirus |[Device restrictions: Microsoft Defender Antivirus](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus) |
 |Specify exclusions for Microsoft Defender Antivirus|[Device restrictions: Microsoft Defender Antivirus Exclusions](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions)<br/><br/>[Configure Windows Defender Antivirus exclusions on Windows Server](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus)<br/><br/>[Microsoft Antivirus Exclusion List (Windows Server)](https://social.technet.microsoft.com/wiki/contents/articles/953.microsoft-anti-virus-exclusion-list.aspx) |
 |Manage attack surface reduction rules <br/><br/>(A sample Power BI dashboard is available to review your attack surface reduction rules. [Get the template here](https://github.com/microsoft/MDATP-PowerBI-Templates/tree/master/Attack%20Surface%20Reduction%20rules).)|[Endpoint protection: Attack surface reduction rules](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10?toc=%2Fintune%2Fconfiguration%2Ftoc.json&bc=%2Fintune%2Fconfiguration%2Fbreadcrumb%2Ftoc.json#attack-surface-reduction-rules)<br/><br/>|
-|Manage network protection   |[]()<br/><br/>[]()<br/><br/>    |
+|Manage network protection   |*more to come*   |
 
 ## Related articles
 

From 27f9db6dea32b5b91794eb4ba21c5d376fb1bdb3 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 11 Jun 2020 14:12:50 -0700
Subject: [PATCH 059/331] Update symantec-to-microsoft-defender-atp-part1.md

---
 .../symantec-to-microsoft-defender-atp-part1.md        | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md
index a6493b19a1..983706218e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md
@@ -19,7 +19,7 @@ ms.topic: article
 
 # Migrate from Symantec - Part 1: Get Microsoft Defender ATP started
 
-Welcome to Part 1 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level). This migration phase includes the following steps:
+**Welcome to Part 1 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)**. This migration phase includes the following steps:
 1. [Get Microsoft Defender ATP](#get-microsoft-defender-atp).
 2. [Grant access to the Microsoft Defender Security Center](#grant-access-to-the-microsoft-defender-security-center).
 3. [Configure device proxy and internet connectivity settings](#configure-device-proxy-and-internet-connectivity-settings).
@@ -46,9 +46,9 @@ Permissions to the Microsoft Defender Security Center can be granted by using ei
 
 1. Plan the roles and permissions for your security administrators and security operators. See [Role-based access control](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment#role-based-access-control).
 
-2. Set up and configure RBAC. You can choose from one of several different methods. We recommend using [Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune), especially if your organization is using Windows 10, macOS, iOS, and Android devices. See [setting up RBAC using Intune](https://docs.microsoft.com/mem/intune/fundamentals/role-based-access-control).
+2. Set up and configure RBAC. We recommend using [Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune) to do this, especially if your organization is using a combination of Windows 10, macOS, iOS, and Android devices. See [setting up RBAC using Intune](https://docs.microsoft.com/mem/intune/fundamentals/role-based-access-control).
 
-    Although we recommend using Intune, you can use a different method to suit your organization's needs. Other methods include the following:
+    If your organization requires a method other than Intune, choose one of the following options:
     - [Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/servers/deploy/configure/configure-role-based-administration)
     - [Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm)
     - [Windows Admin Center](https://docs.microsoft.com/windows-server/manage/windows-admin-center/overview)
@@ -59,7 +59,7 @@ Permissions to the Microsoft Defender Security Center can be granted by using ei
 
 To enable communication between your devices and Microsoft Defender ATP, configure proxy and internet settings. These settings should be configured for certain capabilities in Microsoft Defender ATP and for certain operating systems, as listed in the following table:
 
-| Features/Capabilities  | Operating System | Resources to learn more |
+|Capabilities  | Operating System | Resources |
 |--|--|--|
 |Endpoint detection and response (EDR) | Windows 10 <br/>Windows Server 1803 or later <br/>Windows Server 2019 |[Configure machine proxy and Internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet) |
 |EDR |Windows 7 SP1 <br/>Windows Server 2008 R2 SP1 <br/>Windows 8.1 <br/>Windows Server 2012 R2<br/>Windows Server 2016 |[Configure proxy and Internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#configure-proxy-and-internet-connectivity-settings) |
@@ -70,7 +70,7 @@ To enable communication between your devices and Microsoft Defender ATP, configu
 |AV |Linux |[Microsoft Defender ATP for Linux: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux#network-connections) 
 
 
-Congratulations! You have completed part 1 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)!
+**Congratulations**! You have completed part 1 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)!
 
 ## Next step
 

From 5002f9d8fe733af9875fe85506cd8ceaade9087a Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 11 Jun 2020 14:21:09 -0700
Subject: [PATCH 060/331] Update symantec-to-microsoft-defender-atp-part3.md

---
 .../symantec-to-microsoft-defender-atp-part3.md                 | 2 --
 1 file changed, 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md
index ff422c8628..925ef298f8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md
@@ -19,8 +19,6 @@ ms.topic: article
 
 # Migrate from Symantec - Part 3: Finish making the switch to Microsoft Defender ATP
 
-## Finish making the switch to Microsoft Defender ATP
-
 **Welcome to Part 3 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)**. This migration phase includes the following steps:
 - [Set up your device groups, device collections, and organizational units](#set-up-your-device-groups-device-collections-and-organizational-units) 
 - [Deploy Microsoft Defender ATP and uninstall Symantec](#deploy-microsoft-defender-atp-and-uninstall-symantec)

From b90d95ff509f64bad6543ae19d2ba6150780c35b Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 11 Jun 2020 15:43:17 -0700
Subject: [PATCH 061/331] Update
 microsoft-defender-atp-post-migration-management.md

---
 .../microsoft-defender-atp-post-migration-management.md  | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-post-migration-management.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-post-migration-management.md
index 09294d8246..eb672f2ff0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-post-migration-management.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-post-migration-management.md
@@ -19,9 +19,9 @@ ms.topic: article
 
 # Manage Microsoft Defender ATP, post migration
 
-## Manage Microsoft Defender ATP
+After you have moved from your previous threat protection solution to Microsoft Defender ATP, you can choose from several methods to manage your features and capabilities. 
 
-After you have moved from a non-Microsoft threat protection solution to Microsoft Defender ATP, you can choose from several methods to manage your features and capabilities. We recommend using Intune. The following table lists various tasks and resources to manage features and capabilities of Microsoft Defender ATP with [Intune](https://docs.microsoft.com/intune/fundamentals/what-is-intune).
+We recommend using [Intune](https://docs.microsoft.com/intune/fundamentals/what-is-intune). The following table lists various tasks and resources to manage features and capabilities of Microsoft Defender ATP with Intune.
 
 |Task | Resources to learn more |
 |---|---|
@@ -31,6 +31,11 @@ After you have moved from a non-Microsoft threat protection solution to Microsof
 |Manage attack surface reduction rules <br/><br/>(A sample Power BI dashboard is available to review your attack surface reduction rules. [Get the template here](https://github.com/microsoft/MDATP-PowerBI-Templates/tree/master/Attack%20Surface%20Reduction%20rules).)|[Endpoint protection: Attack surface reduction rules](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10?toc=%2Fintune%2Fconfiguration%2Ftoc.json&bc=%2Fintune%2Fconfiguration%2Fbreadcrumb%2Ftoc.json#attack-surface-reduction-rules)<br/><br/>|
 |Manage network protection   |*more to come*   |
 
+## Additional methods
+
+In addition to using Intune to manage Microsoft Defender ATP, you can choose from other options. These include the following:
+
+
 ## Related articles
 
 [Microsoft Defender ATP deployment guide](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/deployment-phases)

From aaaf39e735f0e518af42c254402b375b30d09545 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 11 Jun 2020 15:45:08 -0700
Subject: [PATCH 062/331] Update
 symantec-to-microsoft-defender-atp-migration.md

---
 .../symantec-to-microsoft-defender-atp-migration.md             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index 86305551e6..5c409a1edd 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -19,7 +19,7 @@ ms.topic: article
 
 # Migrate from Symantec to Microsoft Defender Advanced Threat Protection - Overview and Planning
 
-If you are planning to switch from Symantec Endpoint Protection to [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection), you're in the right place. Use this article as a guide to plan your migration.  
+If you are planning to switch from Symantec Endpoint Protection (Symantec) to [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection), you're in the right place. Use this article as a guide to plan your migration.  
 
 ## Planning for migration: The process at a high level
 

From 6bd918053d445dc6668959aa834db3a45d711f72 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 11 Jun 2020 15:46:52 -0700
Subject: [PATCH 063/331] Update
 symantec-to-microsoft-defender-atp-migration.md

---
 .../symantec-to-microsoft-defender-atp-migration.md             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index 5c409a1edd..388bbc4944 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -28,7 +28,7 @@ The process of switching from Symantec to Microsoft Defender ATP can be divided
 |Phase |Steps |
 |--|--|
 |[Part 1: Get Microsoft Defender ATP started](symantec-to-microsoft-defender-atp-part1.md) |Step 1: Get Microsoft Defender ATP<br/><br/>Step 2: Grant access to the Microsoft Defender Security Center<br/><br/>Step 3: Configure device proxy and internet connectivity settings |
-|[Part 2: Configure settings and exclusions for Microsoft Defender ATP and Symantec Endpoint Protection](symantec-to-microsoft-defender-atp-part2.md) |Step 4: Set Microsoft Defender ATP to passive mode<br/><br/>Step 5: Re-enable Microsoft Defender Antivirus <br/><br/>Step 6: Add Microsoft Defender ATP EDR to the exclusion list for Symantec<br/><br/>Step 7: Add Symantec to your Microsoft Defender ATP EDR exclusion list |
+|[Part 2: Configure settings and exclusions for Microsoft Defender ATP and Symantec Endpoint Protection](symantec-to-microsoft-defender-atp-part2.md) |Step 4: Set Microsoft Defender ATP to passive mode<br/><br/>Step 5: Re-enable Microsoft Defender Antivirus <br/><br/>Step 6: Add Microsoft Defender ATP endpoint detection and response (EDR) capabilities to your exclusion list for Symantec<br/><br/>Step 7: Add Symantec to your Microsoft Defender ATP EDR exclusion list |
 |[Part 3: Finish making the switch to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-part3.md) | Step 8: Set up your device groups, device collections, and organizational units<br/><br/>Step 9: Deploy Microsoft Defender ATP and uninstall Symantec<br/><br/>Step 10: Onboard devices to Microsoft Defender ATP |
 
 After you have Microsoft Defender ATP set up and deployed, you can [manage the various features and capabilities](microsoft-defender-atp-post-migration-management.md).

From e430a3eb9766c40d7456d291ccf87416c19779fb Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 11 Jun 2020 16:10:28 -0700
Subject: [PATCH 064/331] migration guide

---
 .../symantec-to-microsoft-defender-atp-part1.md           | 1 +
 .../symantec-to-microsoft-defender-atp-part2.md           | 8 +++++---
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md
index 983706218e..6c6f56e67b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md
@@ -69,6 +69,7 @@ To enable communication between your devices and Microsoft Defender ATP, configu
 |AV |macOS |[Microsoft Defender ATP for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
 |AV |Linux |[Microsoft Defender ATP for Linux: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux#network-connections) 
 
+<br/>
 
 **Congratulations**! You have completed part 1 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)!
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
index eee474d629..4cf2b85d96 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
@@ -22,7 +22,7 @@ ms.topic: article
 **Welcome to Part 2 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)**. This migration phase includes the following steps:
 1. [Set Microsoft Defender ATP to passive mode](#set-microsoft-defender-atp-to-passive-mode).
 2. [Re-enable Microsoft Defender Antivirus](#re-enable-microsoft-defender-antivirus).
-3. [Add Microsoft Defender ATP EDR to the exclusion list for Symantec](#add-microsoft-defender-atp-edr-to-the-exclusion-list-for-symantec).
+3. [Add Microsoft Defender ATP EDR to the exclusion list for Symantec](#add-microsoft-defender-atp-to-the-exclusion-list-for-symantec).
 4. [Add Symantec to your Microsoft Defender ATP EDR exclusion list](#add-symantec-to-your-microsoft-defender-atp-edr-exclusion-list). 
 
 ## Set Microsoft Defender ATP to passive mode
@@ -95,14 +95,16 @@ Note:  Where Monitoring Host Temporary Files 6\45 can be different numbered subf
 "C:\Program Files\Microsoft Monitoring Agent\Agent\TestCloudConnection.exe"
 
 
-## Add Symantec to your Microsoft Defender ATP EDR exclusion list
+## Add Symantec to your Microsoft Defender ATP exclusion list
 
 *This is from the Word doc - needs revision and clarification*
 
 
 Add Symantec and your other security solutions to the Microsoft Defender ATP EDR exclusion list.
 
-For MDATP (AV and EDR), there are two portions to ‘exclude’ 3rd party security products.
+For MDATP (AV and EDR), there are two portions to exclude third-party security products.
+
+
  
 1.	You will need to add exclusions to Path and Process in the AV.
 Process exclusion vs Path exclusion...

From 97ca3f81b356da7eb922b853a047c965e45d6645 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 11 Jun 2020 16:18:13 -0700
Subject: [PATCH 065/331] Update symantec-to-microsoft-defender-atp-part2.md

---
 .../symantec-to-microsoft-defender-atp-part2.md        | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
index 4cf2b85d96..5e9a3c08ba 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
@@ -29,7 +29,15 @@ ms.topic: article
 
 *This is from the Word doc - needs revision and clarification*
 
-Set the registry key for Passive Mode in Windows Server 2016, Windows Server, 1803 (Core only mode) and Windows Server 2019.
+*QUESTION: How/why are we changing registry keys when we haven't onboarded these devices yet? Am I missing something?*
+
+This procedure applies to devices running any of the following versions of Windows:
+- Windows Server 2016
+- Windows Server, version 1803 (core-only mode)
+- Windows Server 2019
+
+For those versions of Windows, you should set the registry key for Microsoft Defender ATP to passive mode. 
+
 HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection
 ForceDefenderPassiveMode (dword) 1 (hex)
 Note:  You can use “Group Policy Preference” (GPP) or LGPO or a “Package” in SCCM.

From b83b64fbcaa2c86bebb0bc14df83a3e694e0a6cb Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 11 Jun 2020 16:32:44 -0700
Subject: [PATCH 066/331] Update symantec-to-microsoft-defender-atp-part2.md

---
 .../symantec-to-microsoft-defender-atp-part2.md     | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
index 5e9a3c08ba..92de0cc4aa 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
@@ -38,9 +38,16 @@ This procedure applies to devices running any of the following versions of Windo
 
 For those versions of Windows, you should set the registry key for Microsoft Defender ATP to passive mode. 
 
-HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection
-ForceDefenderPassiveMode (dword) 1 (hex)
-Note:  You can use “Group Policy Preference” (GPP) or LGPO or a “Package” in SCCM.
+1. As an administrator on the device, open Registry Editor.
+
+2. Navigate to `Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Windows Advanced Threat Protection`.
+
+3. Edit (or create) a DWORD entry called **ForceDefenderPassiveMode**, and specify the following settings:
+   - Set the DWORD's value to 1.
+   - Under **Base**, select **Hexidecimal**.
+
+> [!NOTE]
+> You can use [Group Policy Preference](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn581922(v=ws.11)), [Local Group Policy Object tool](https://docs.microsoft.com/windows/security/threat-protection/security-compliance-toolkit-10#what-is-the-local-group-policy-object-lgpo-tool),  or a [package in Configuration Manager](https://docs.microsoft.com/mem/configmgr/apps/deploy-use/packages-and-programs) to perform this task.
 
 
 ## Re-enable Microsoft Defender Antivirus

From 1ffbd9156b4f7b006c677f93baccb75e6cdc770e Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 11 Jun 2020 16:39:44 -0700
Subject: [PATCH 067/331] Update symantec-to-microsoft-defender-atp-part2.md

---
 .../symantec-to-microsoft-defender-atp-part2.md        | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
index 92de0cc4aa..ef724e27d0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
@@ -27,8 +27,6 @@ ms.topic: article
 
 ## Set Microsoft Defender ATP to passive mode
 
-*This is from the Word doc - needs revision and clarification*
-
 *QUESTION: How/why are we changing registry keys when we haven't onboarded these devices yet? Am I missing something?*
 
 This procedure applies to devices running any of the following versions of Windows:
@@ -47,13 +45,18 @@ For those versions of Windows, you should set the registry key for Microsoft Def
    - Under **Base**, select **Hexidecimal**.
 
 > [!NOTE]
-> You can use [Group Policy Preference](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn581922(v=ws.11)), [Local Group Policy Object tool](https://docs.microsoft.com/windows/security/threat-protection/security-compliance-toolkit-10#what-is-the-local-group-policy-object-lgpo-tool),  or a [package in Configuration Manager](https://docs.microsoft.com/mem/configmgr/apps/deploy-use/packages-and-programs) to perform this task.
+> You can use other methods to perform this task:
+>- [Group Policy Preference](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn581922(v=ws.11))
+>- [Local Group Policy Object tool](https://docs.microsoft.com/windows/security/threat-protection/security-compliance-toolkit-10#what-is-the-local-group-policy-object-lgpo-tool)
+>- [A package in Configuration Manager](https://docs.microsoft.com/mem/configmgr/apps/deploy-use/packages-and-programs)
 
 
 ## Re-enable Microsoft Defender Antivirus
 
 *This is from the Word doc - needs revision and clarification*
 
+If your organization is using a third-party antivirus solution (such as Symantec), Microsoft Defender Antivirus (Microsoft Defender AV) is most likely disabled. Microsoft Defender AV
+
 Many IT Architects/IT Administrators/Security Architects/Security Administrators might have disabled the “Windows Defender” service back in the Windows 7 SP1/Windows Server 2008 R2 SP1 days, when it was just an Antispyware or if you have a 3rd party AV.
 
 Review in AGPM or GPMC to see if the following policy is set:
@@ -75,6 +78,7 @@ Future item:  Add a CMPivot query that provides the results of the entry
 Reference(s):
 Use Group Policy settings to configure and manage Windows Defender Antivirus
 https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus  
+
 Turn on Windows Defender to access company resources
 https://docs.microsoft.com/en-us/intune-user-help/turn-on-defender-windows 
 

From c122695739448c8c176da1b71d112e2aeea668fb Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 11 Jun 2020 17:10:27 -0700
Subject: [PATCH 068/331] Update symantec-to-microsoft-defender-atp-part2.md

---
 ...ymantec-to-microsoft-defender-atp-part2.md | 31 +++++--------------
 1 file changed, 8 insertions(+), 23 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
index ef724e27d0..97d9ec74ca 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
@@ -41,7 +41,7 @@ For those versions of Windows, you should set the registry key for Microsoft Def
 2. Navigate to `Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Windows Advanced Threat Protection`.
 
 3. Edit (or create) a DWORD entry called **ForceDefenderPassiveMode**, and specify the following settings:
-   - Set the DWORD's value to 1.
+   - Set the DWORD's value to **1**.
    - Under **Base**, select **Hexidecimal**.
 
 > [!NOTE]
@@ -55,32 +55,17 @@ For those versions of Windows, you should set the registry key for Microsoft Def
 
 *This is from the Word doc - needs revision and clarification*
 
-If your organization is using a third-party antivirus solution (such as Symantec), Microsoft Defender Antivirus (Microsoft Defender AV) is most likely disabled. Microsoft Defender AV
+Considering your organization has been using Symantec as your primary antivirus solution, Microsoft Defender Antivirus (Microsoft Defender AV) is most likely disabled on your organization's Windows devices. This step of the migration process involves enabling Microsoft Defender AV. Microsoft Defender AV can run alongside your existing antivirus solution so that protection remains in place.
 
-Many IT Architects/IT Administrators/Security Architects/Security Administrators might have disabled the “Windows Defender” service back in the Windows 7 SP1/Windows Server 2008 R2 SP1 days, when it was just an Antispyware or if you have a 3rd party AV.
+You can use one of several methods to enable Microsoft Defender AV, as listed in the following table:
 
-Review in AGPM or GPMC to see if the following policy is set:
-Computer configuration -> Administrative templates -> Windows components > Windows Defender Antivirus 
-Turn off Windows Defender Antivirus
-Disabled.
-Recommendation:
-Enabled.
 
-Locally on a machine:
-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender
-DisableAntiSpyware (dword) 1 (hex)
-Recommendation:
-Needs to be set to 0 (hex) which means it’s enabled in order to work.
-Requires a reboot.
+|Method  |What to do  |
+|---------|---------|
+|Turn on Microsoft Defender AV on your device     |[Turn on Microsoft Defender AV](https://docs.microsoft.com/mem/intune/user-help/turn-on-defender-windows)         |
+|Use either [Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm/) or the [Group Policy Management Console](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus)  |1. Go to `Computer configuration > Administrative templates > Windows components > Windows Defender Antivirus`. <br/>2. Look for a policy that was set to turn off Microsoft Defender Antivirus (or Windows Defender Antivirus). <br/>3. Disable that policy, which enables Microsoft Defender Antivirus.  |
+|Use Registry Editor on a device |1. As an administrator on the device, open Registry Editor.<br/>2. Navigate to `ComputerHKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender`.<br/>3. Look for a DWORD entry called `DisableAntiSpyware`. If the entry exists, change its value from **1** (Hexidecimal base) to **0**. <br/>4. Reboot the device. |
 
-Future item:  Add a CMPivot query that provides the results of the entry
-
-Reference(s):
-Use Group Policy settings to configure and manage Windows Defender Antivirus
-https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus  
-
-Turn on Windows Defender to access company resources
-https://docs.microsoft.com/en-us/intune-user-help/turn-on-defender-windows 
 
 
 ## Add Microsoft Defender ATP EDR to the exclusion list for Symantec

From b9663759f49ba5a2e529607dc76f0a45639bf64e Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 11 Jun 2020 17:18:58 -0700
Subject: [PATCH 069/331] Update symantec-to-microsoft-defender-atp-part2.md

---
 .../symantec-to-microsoft-defender-atp-part2.md      | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
index 97d9ec74ca..5e40fcccd6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
@@ -53,18 +53,18 @@ For those versions of Windows, you should set the registry key for Microsoft Def
 
 ## Re-enable Microsoft Defender Antivirus
 
-*This is from the Word doc - needs revision and clarification*
+Considering your organization has been using Symantec as your primary antivirus solution, Microsoft Defender Antivirus (Microsoft Defender AV) is most likely disabled on your organization's Windows devices. This step of the migration process involves enabling Microsoft Defender AV. 
 
-Considering your organization has been using Symantec as your primary antivirus solution, Microsoft Defender Antivirus (Microsoft Defender AV) is most likely disabled on your organization's Windows devices. This step of the migration process involves enabling Microsoft Defender AV. Microsoft Defender AV can run alongside your existing antivirus solution so that protection remains in place.
+Microsoft Defender AV can run alongside your existing antivirus solution so that protection remains in place.
 
-You can use one of several methods to enable Microsoft Defender AV, as listed in the following table:
+You can use one of several methods to enable Microsoft Defender AV. Select one of the following methods:
 
 
 |Method  |What to do  |
 |---------|---------|
-|Turn on Microsoft Defender AV on your device     |[Turn on Microsoft Defender AV](https://docs.microsoft.com/mem/intune/user-help/turn-on-defender-windows)         |
-|Use either [Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm/) or the [Group Policy Management Console](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus)  |1. Go to `Computer configuration > Administrative templates > Windows components > Windows Defender Antivirus`. <br/>2. Look for a policy that was set to turn off Microsoft Defender Antivirus (or Windows Defender Antivirus). <br/>3. Disable that policy, which enables Microsoft Defender Antivirus.  |
-|Use Registry Editor on a device |1. As an administrator on the device, open Registry Editor.<br/>2. Navigate to `ComputerHKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender`.<br/>3. Look for a DWORD entry called `DisableAntiSpyware`. If the entry exists, change its value from **1** (Hexidecimal base) to **0**. <br/>4. Reboot the device. |
+|Control Panel in Windows     |Follow the guidance here: [Turn on Microsoft Defender AV](https://docs.microsoft.com/mem/intune/user-help/turn-on-defender-windows)         |
+|[Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm/) <br/>or<br/>[Group Policy Management Console](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus)  |1. Go to `Computer configuration > Administrative templates > Windows components > Windows Defender Antivirus`. <br/>2. Look for a policy that was set to turn off Microsoft Defender Antivirus (or Windows Defender Antivirus). <br/>3. Disable that policy. This enables Microsoft Defender Antivirus.  |
+|Registry Editor |1. As an administrator on the device, open Registry Editor.<br/>2. Navigate to `ComputerHKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender`.<br/>3. Look for a DWORD entry called `DisableAntiSpyware`. If the entry exists, change its value from **1** (Hexidecimal base) to **0**. <br/>4. Reboot the device. |
 
 
 

From 69abb950392c9043474cc32614336780247f8fc6 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 11 Jun 2020 17:19:56 -0700
Subject: [PATCH 070/331] Update symantec-to-microsoft-defender-atp-part2.md

---
 .../symantec-to-microsoft-defender-atp-part2.md                 | 2 --
 1 file changed, 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
index 5e40fcccd6..35df9c7f36 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
@@ -66,8 +66,6 @@ You can use one of several methods to enable Microsoft Defender AV. Select one o
 |[Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm/) <br/>or<br/>[Group Policy Management Console](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus)  |1. Go to `Computer configuration > Administrative templates > Windows components > Windows Defender Antivirus`. <br/>2. Look for a policy that was set to turn off Microsoft Defender Antivirus (or Windows Defender Antivirus). <br/>3. Disable that policy. This enables Microsoft Defender Antivirus.  |
 |Registry Editor |1. As an administrator on the device, open Registry Editor.<br/>2. Navigate to `ComputerHKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender`.<br/>3. Look for a DWORD entry called `DisableAntiSpyware`. If the entry exists, change its value from **1** (Hexidecimal base) to **0**. <br/>4. Reboot the device. |
 
-
-
 ## Add Microsoft Defender ATP EDR to the exclusion list for Symantec
 
 *This is from the Word doc - needs revision and clarification*

From cb85c94ab90dd3f67b0136abdf8c2be4c4b0ff73 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 11 Jun 2020 17:25:02 -0700
Subject: [PATCH 071/331] Update symantec-to-microsoft-defender-atp-part2.md

---
 .../symantec-to-microsoft-defender-atp-part2.md               | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
index 35df9c7f36..cbce4dd2ab 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
@@ -22,8 +22,8 @@ ms.topic: article
 **Welcome to Part 2 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)**. This migration phase includes the following steps:
 1. [Set Microsoft Defender ATP to passive mode](#set-microsoft-defender-atp-to-passive-mode).
 2. [Re-enable Microsoft Defender Antivirus](#re-enable-microsoft-defender-antivirus).
-3. [Add Microsoft Defender ATP EDR to the exclusion list for Symantec](#add-microsoft-defender-atp-to-the-exclusion-list-for-symantec).
-4. [Add Symantec to your Microsoft Defender ATP EDR exclusion list](#add-symantec-to-your-microsoft-defender-atp-edr-exclusion-list). 
+3. [Add Microsoft Defender ATP EDR to the exclusion list for Symantec](#add-microsoft-defender-atp-edr-to-the-exclusion-list-for-symantec).
+4. [Add Symantec to your Microsoft Defender ATP exclusion list](#add-symantec-to-your-microsoft-defender-atp-exclusion-list). 
 
 ## Set Microsoft Defender ATP to passive mode
 

From d54abeef139f1b180741962f6d65400fdd1b11b9 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 11 Jun 2020 17:25:44 -0700
Subject: [PATCH 072/331] Update symantec-to-microsoft-defender-atp-part2.md

---
 .../symantec-to-microsoft-defender-atp-part2.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
index cbce4dd2ab..8aa7724ae5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
@@ -45,7 +45,7 @@ For those versions of Windows, you should set the registry key for Microsoft Def
    - Under **Base**, select **Hexidecimal**.
 
 > [!NOTE]
-> You can use other methods to perform this task:
+> You can use other methods to perform this task, such as the following:
 >- [Group Policy Preference](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn581922(v=ws.11))
 >- [Local Group Policy Object tool](https://docs.microsoft.com/windows/security/threat-protection/security-compliance-toolkit-10#what-is-the-local-group-policy-object-lgpo-tool)
 >- [A package in Configuration Manager](https://docs.microsoft.com/mem/configmgr/apps/deploy-use/packages-and-programs)

From 88c274474abfa0edd786a106e1893413b1cb2655 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 11 Jun 2020 17:27:53 -0700
Subject: [PATCH 073/331] Update symantec-to-microsoft-defender-atp-part2.md

---
 .../symantec-to-microsoft-defender-atp-part2.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
index 8aa7724ae5..a0cd82d39d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
@@ -57,7 +57,7 @@ Considering your organization has been using Symantec as your primary antivirus
 
 Microsoft Defender AV can run alongside your existing antivirus solution so that protection remains in place.
 
-You can use one of several methods to enable Microsoft Defender AV. Select one of the following methods:
+You can use one of several methods to enable Microsoft Defender AV as listed in the following table:
 
 
 |Method  |What to do  |

From 4c729a79ec5533512fade9f54775eb313f59e9d2 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 11 Jun 2020 17:38:41 -0700
Subject: [PATCH 074/331] Update symantec-to-microsoft-defender-atp-part3.md

---
 .../symantec-to-microsoft-defender-atp-part3.md                 | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md
index 925ef298f8..dd365f2070 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md
@@ -33,6 +33,8 @@ stuff (will draw from existing content here)
 
 stuff (will draw from existing content here)
 
+[Uninstall Symantec Endpoint Protection](https://knowledge.broadcom.com/external/article/156148/uninstall-symantec-endpoint-protection.html)
+
 ## Onboard devices to Microsoft Defender ATP
 
 You can choose from several methods to onboard devices to Microsoft Defender ATP. 

From f51efd3dc416b5d44dd2328e6b50b3dbcfa5d5fe Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 12 Jun 2020 10:21:36 -0700
Subject: [PATCH 075/331] Update symantec-to-microsoft-defender-atp-part3.md

---
 ...ymantec-to-microsoft-defender-atp-part3.md | 68 +++++++++++++++++++
 1 file changed, 68 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md
index dd365f2070..1075778465 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md
@@ -28,6 +28,8 @@ ms.topic: article
 
 stuff (will draw from existing content here)
 
+Set up Machine Groups or Device Collections or OU such as company department, administrative responsibility, or physical location or subnet.
+
 
 ## Deploy Microsoft Defender ATP and uninstall Symantec
 
@@ -41,6 +43,72 @@ You can choose from several methods to onboard devices to Microsoft Defender ATP
 
 stuff (will draw from existing content here)
 
+For Windows 10, Windows Server 2016, and Windows Server 2019:
+1.	Deploy MDATP (EDR) can run side-by-side with any 3rd party EDR and/or AV and/or other security products.
+2.	SCCM Antimalware policies can be deployed ahead of time to the “Device Collections”.
+3.	SCCM ADR for MDAV “Platform update” and SCEP “Platform update” can be deployed ahead of time to the “Device Collections”.
+4.	MDAV (for Windows 10, Windows Server 2016, and Windows Server 2019) can run in passive-mode (no real-time protection) while the SEP AV is installed.
+Note:  Set “Passive Mode” registry for Windows Server 2016 and Windows Server 2019.
+5.	Uninstall 3rd party EDR (RSA NetWitness)
+6.	Uninstall 3rd party SEP AV
+1)	Unblock password (Anti-tamper, in order to remove)
+2)	Refresh SEP policy 
+<Add the command here.>
+3)	Uninstall the Endpoint Protection client using the command prompt
+https://support.symantec.com/us/en/article.tech102470.html
+
+There is an example for both PowerShell and DOS.  This script could be automated to check for a ReturnValue to equal zero and if not then run “CleanWipe”
+
+4)	Download the CleanWipe removal tool to uninstall Endpoint Protection
+https://support.symantec.com/us/en/article.howto124983.html
+Note:  SEP 14 now forces end-user interaction.
+
+Article has the download and readme.
+ 
+ 
+ 
+Select all apps in the tool and once completed it will require a reboot and once you log back in the software will continue and show completion.  You will need to periodically check this article as they update the software versions often.  You can also verify when running if it requires an update.
+7.	Change Passive Mode registry to disabled for Windows Server 2016 and Windows Server 2019.
+8.	Restart
+
+What does this accomplish?
+You stay protected with MDATP (EDR) while your 3rd party EDR is uninstalled.
+Also protects you since after SEP is uninstalled, MDAV AV goes from “Passive Mode” to “Active Mode”. 
+
+For Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, and Windows Server 2012 R2:
+	WARNING:  Unlike MDAV, SCEP cannot run in passive-mode while any 3rd party AV (e.g. SEP AV) is installed.
+
+1.	Deploy MDATP (EDR) can run side-by-side with any 3rd party EDR and/or AV and/or other security products.
+2.	Uninstall 3rd party EDR
+3.	Uninstall 3rd party SEP AV
+1)	Unblock password (Anti-tamper, in order to remove)
+2)	Refresh SEP policy 
+%ProgramFiles(x86)\Symantec\Symantec Endpoint Protection\Smc.exe” -UpdateConfig
+
+3)	Uninstall the Endpoint Protection client using the command prompt
+https://support.symantec.com/us/en/article.tech102470.html
+TIP:  Watch out for the different versions of SEP, instead of using the uninstall GUID, use the Powershell/WMI command in the article above.
+
+There is an example for both PowerShell and DOS.  This script could be automated to check for a ReturnValue to equal zero and if not then run “CleanWipe”
+
+4)	Download the CleanWipe removal tool to uninstall Endpoint Protection
+https://support.symantec.com/us/en/article.howto124983.html
+
+Article has the download and readme.
+ 
+ 
+ 
+Select all apps in the tool and once completed it will require a reboot and once you log back in the software will continue and show completion.  You will need to periodically check this article as they update the software versions often.  You can also verify when running if it requires an update.
+4.	Install SCEP (for Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, and Windows Server 2012 R2)
+Add instructions on how to setup “Client Settings” in SCCM.
+About uninstall of SEP
+And install of SCEP.
+5.	Restart
+
+What does this accomplish?
+You stay protected with MDATP (EDR) while your 3rd party AV and/or EDR are uninstalled.
+
+
 
 <br/><br/><br/><br/><br/>
 

From b8529d9a3f841c4af792cfa256c1b56e15c82036 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 12 Jun 2020 10:26:59 -0700
Subject: [PATCH 076/331] Update symantec-to-microsoft-defender-atp-part3.md

---
 ...ymantec-to-microsoft-defender-atp-part3.md | 65 -------------------
 1 file changed, 65 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md
index 1075778465..e860323c85 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md
@@ -43,71 +43,6 @@ You can choose from several methods to onboard devices to Microsoft Defender ATP
 
 stuff (will draw from existing content here)
 
-For Windows 10, Windows Server 2016, and Windows Server 2019:
-1.	Deploy MDATP (EDR) can run side-by-side with any 3rd party EDR and/or AV and/or other security products.
-2.	SCCM Antimalware policies can be deployed ahead of time to the “Device Collections”.
-3.	SCCM ADR for MDAV “Platform update” and SCEP “Platform update” can be deployed ahead of time to the “Device Collections”.
-4.	MDAV (for Windows 10, Windows Server 2016, and Windows Server 2019) can run in passive-mode (no real-time protection) while the SEP AV is installed.
-Note:  Set “Passive Mode” registry for Windows Server 2016 and Windows Server 2019.
-5.	Uninstall 3rd party EDR (RSA NetWitness)
-6.	Uninstall 3rd party SEP AV
-1)	Unblock password (Anti-tamper, in order to remove)
-2)	Refresh SEP policy 
-<Add the command here.>
-3)	Uninstall the Endpoint Protection client using the command prompt
-https://support.symantec.com/us/en/article.tech102470.html
-
-There is an example for both PowerShell and DOS.  This script could be automated to check for a ReturnValue to equal zero and if not then run “CleanWipe”
-
-4)	Download the CleanWipe removal tool to uninstall Endpoint Protection
-https://support.symantec.com/us/en/article.howto124983.html
-Note:  SEP 14 now forces end-user interaction.
-
-Article has the download and readme.
- 
- 
- 
-Select all apps in the tool and once completed it will require a reboot and once you log back in the software will continue and show completion.  You will need to periodically check this article as they update the software versions often.  You can also verify when running if it requires an update.
-7.	Change Passive Mode registry to disabled for Windows Server 2016 and Windows Server 2019.
-8.	Restart
-
-What does this accomplish?
-You stay protected with MDATP (EDR) while your 3rd party EDR is uninstalled.
-Also protects you since after SEP is uninstalled, MDAV AV goes from “Passive Mode” to “Active Mode”. 
-
-For Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, and Windows Server 2012 R2:
-	WARNING:  Unlike MDAV, SCEP cannot run in passive-mode while any 3rd party AV (e.g. SEP AV) is installed.
-
-1.	Deploy MDATP (EDR) can run side-by-side with any 3rd party EDR and/or AV and/or other security products.
-2.	Uninstall 3rd party EDR
-3.	Uninstall 3rd party SEP AV
-1)	Unblock password (Anti-tamper, in order to remove)
-2)	Refresh SEP policy 
-%ProgramFiles(x86)\Symantec\Symantec Endpoint Protection\Smc.exe” -UpdateConfig
-
-3)	Uninstall the Endpoint Protection client using the command prompt
-https://support.symantec.com/us/en/article.tech102470.html
-TIP:  Watch out for the different versions of SEP, instead of using the uninstall GUID, use the Powershell/WMI command in the article above.
-
-There is an example for both PowerShell and DOS.  This script could be automated to check for a ReturnValue to equal zero and if not then run “CleanWipe”
-
-4)	Download the CleanWipe removal tool to uninstall Endpoint Protection
-https://support.symantec.com/us/en/article.howto124983.html
-
-Article has the download and readme.
- 
- 
- 
-Select all apps in the tool and once completed it will require a reboot and once you log back in the software will continue and show completion.  You will need to periodically check this article as they update the software versions often.  You can also verify when running if it requires an update.
-4.	Install SCEP (for Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, and Windows Server 2012 R2)
-Add instructions on how to setup “Client Settings” in SCCM.
-About uninstall of SEP
-And install of SCEP.
-5.	Restart
-
-What does this accomplish?
-You stay protected with MDATP (EDR) while your 3rd party AV and/or EDR are uninstalled.
-
 
 
 <br/><br/><br/><br/><br/>

From 2e43d7cf77d8a5c9fb2a135a3134ac52d7629078 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 12 Jun 2020 14:46:44 -0700
Subject: [PATCH 077/331] Update symantec-to-microsoft-defender-atp-part3.md

---
 .../symantec-to-microsoft-defender-atp-part3.md        | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md
index e860323c85..22401b2537 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md
@@ -26,6 +26,16 @@ ms.topic: article
 
 ## Set up your device groups, device collections, and organizational units
 
+### Device groups
+
+Device groups enable your security operations team to configure security capabilities, such as automated investigation and remediation. Device groups are also useful for assigning access to those devices so that your security operations team can take remediation actions if needed.
+
+1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)).
+
+2. In the navigation pane on the left, choose **Settings** > **Permissions** > **Device groups**.  
+
+3. Choose **+ Add device group**.
+
 stuff (will draw from existing content here)
 
 Set up Machine Groups or Device Collections or OU such as company department, administrative responsibility, or physical location or subnet.

From 5ed5e935623df71fb732d6cede9e2c1d26bccf4a Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 12 Jun 2020 15:56:49 -0700
Subject: [PATCH 078/331] Update symantec-to-microsoft-defender-atp-part3.md

---
 .../symantec-to-microsoft-defender-atp-part3.md        | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md
index 22401b2537..412cb6f79e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md
@@ -36,6 +36,16 @@ Device groups enable your security operations team to configure security capabil
 
 3. Choose **+ Add device group**.
 
+4. Specify a name and description for the device group.
+
+5. In the **Automation level** list, select an option. (We recommend **Full - remediate threats automatically**.) To learn more about the various automation levels, see [How threats are remediated](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations#how-threats-are-remediated).
+
+6. Specify conditions for a matching rule to determine which devices belong to the device group. For example, you can choose a domain, OS versions, or even use [device tags](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-tags). 
+
+7. On the **User access** tab, specify roles that should have access to the devices that are included in the device group. 
+
+8. Choose **Done**.
+
 stuff (will draw from existing content here)
 
 Set up Machine Groups or Device Collections or OU such as company department, administrative responsibility, or physical location or subnet.

From a997a5ea49bd38d6035bfd4d98726d858d4f0068 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 15 Jun 2020 07:56:33 -0700
Subject: [PATCH 079/331] Update symantec-to-microsoft-defender-atp-part3.md

---
 .../symantec-to-microsoft-defender-atp-part3.md        | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md
index 412cb6f79e..fa4f9cbb04 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md
@@ -28,7 +28,7 @@ ms.topic: article
 
 ### Device groups
 
-Device groups enable your security operations team to configure security capabilities, such as automated investigation and remediation. Device groups are also useful for assigning access to those devices so that your security operations team can take remediation actions if needed.
+[Device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) (formerly called machine groups) enable your security operations team to configure security capabilities, such as automated investigation and remediation. Device groups are also useful for assigning access to those devices so that your security operations team can take remediation actions if needed.
 
 1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)).
 
@@ -46,9 +46,13 @@ Device groups enable your security operations team to configure security capabil
 
 8. Choose **Done**.
 
-stuff (will draw from existing content here)
 
-Set up Machine Groups or Device Collections or OU such as company department, administrative responsibility, or physical location or subnet.
+### Device collections
+
+
+### Organizational units
+
+
 
 
 ## Deploy Microsoft Defender ATP and uninstall Symantec

From 9b8e461b286b34b027cde4c0f43f3c79d46a4b3b Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 15 Jun 2020 11:58:48 -0700
Subject: [PATCH 080/331] Update
 symantec-to-microsoft-defender-atp-migration.md

---
 .../symantec-to-microsoft-defender-atp-migration.md           | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index 388bbc4944..c1faaade1e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -48,7 +48,9 @@ If you are new to Microsoft Defender ATP, you might be wondering what all is inc
 | [Automated investigation and remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations) | Automated investigation and response capabilities examine alerts and take immediate remediation action to resolve breaches. |
 | [Threat hunting service](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts) (Microsoft Threat Experts) | Threat hunting services provide security operations teams with expert level monitoring and analysis, and to help ensure that critical threats aren't missed. |
 
-As you can see, Microsoft Defender ATP includes a wide range of threat protection capabilities. Want to learn more? See [about Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection).
+<br/>
+
+Want to learn more? See [about Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection).
 
 ## Next step
 

From 882c48ff249b021c10a7706cd3091ca047948ff1 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 16 Jun 2020 13:03:03 -0700
Subject: [PATCH 081/331] changes per feedback received

---
 .../symantec-to-microsoft-defender-atp-migration.md       | 8 ++++----
 .../symantec-to-microsoft-defender-atp-part2.md           | 7 +++----
 .../symantec-to-microsoft-defender-atp-part3.md           | 4 ++--
 3 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index c1faaade1e..b3fc746780 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -27,9 +27,9 @@ The process of switching from Symantec to Microsoft Defender ATP can be divided
 
 |Phase |Steps |
 |--|--|
-|[Part 1: Get Microsoft Defender ATP started](symantec-to-microsoft-defender-atp-part1.md) |Step 1: Get Microsoft Defender ATP<br/><br/>Step 2: Grant access to the Microsoft Defender Security Center<br/><br/>Step 3: Configure device proxy and internet connectivity settings |
-|[Part 2: Configure settings and exclusions for Microsoft Defender ATP and Symantec Endpoint Protection](symantec-to-microsoft-defender-atp-part2.md) |Step 4: Set Microsoft Defender ATP to passive mode<br/><br/>Step 5: Re-enable Microsoft Defender Antivirus <br/><br/>Step 6: Add Microsoft Defender ATP endpoint detection and response (EDR) capabilities to your exclusion list for Symantec<br/><br/>Step 7: Add Symantec to your Microsoft Defender ATP EDR exclusion list |
-|[Part 3: Finish making the switch to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-part3.md) | Step 8: Set up your device groups, device collections, and organizational units<br/><br/>Step 9: Deploy Microsoft Defender ATP and uninstall Symantec<br/><br/>Step 10: Onboard devices to Microsoft Defender ATP |
+|[Plan your migration](symantec-to-microsoft-defender-atp-part1.md) |During this phase, you get Microsoft Defender ATP, plan your roles and permissions, and grant access to the Microsoft Defender Security Center. |
+|[Set up Microsoft Defender ATP](symantec-to-microsoft-defender-atp-part2.md) |During this phase, you configure settings and exclusions for Microsoft Defender ATP and Symantec Endpoint Protection. |
+|[Deploy Microsoft Defender ATP](symantec-to-microsoft-defender-atp-part3.md) |During this phase, you turn on Microsoft Defender ATP and uninstall Symantec. |
 
 After you have Microsoft Defender ATP set up and deployed, you can [manage the various features and capabilities](microsoft-defender-atp-post-migration-management.md).
 
@@ -54,4 +54,4 @@ Want to learn more? See [about Microsoft Defender ATP](https://docs.microsoft.co
 
 ## Next step
 
-When you are ready to begin your migration, proceed to [Migrate from Symantec - Part 1: Get Microsoft Defender ATP started](symantec-to-microsoft-defender-atp-part1.md).
+When you are ready to begin your migration, proceed to [Migrate from Symantec - Part 1: Plan your migration](symantec-to-microsoft-defender-atp-part1.md).
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
index a0cd82d39d..5bcd3e9b27 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
@@ -1,6 +1,6 @@
 ---
-title: Part 2 - Configure settings and exclusions for Microsoft Defender ATP and Symantec Endpoint Protection
-description: Part 2 - Make the switch from Symantec to Microsoft Defender ATP
+title: Part 2 - Set up Microsoft Defender ATP
+description: Part 2 - Set up Microsoft Defender ATP
 keywords: migration, windows defender advanced threat protection, atp, edr
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -17,7 +17,7 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Migrate from Symantec - Part 2: Configure settings and exclusions
+# Migrate from Symantec - Part 2: Set up Microsoft Defender ATP
 
 **Welcome to Part 2 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)**. This migration phase includes the following steps:
 1. [Set Microsoft Defender ATP to passive mode](#set-microsoft-defender-atp-to-passive-mode).
@@ -27,7 +27,6 @@ ms.topic: article
 
 ## Set Microsoft Defender ATP to passive mode
 
-*QUESTION: How/why are we changing registry keys when we haven't onboarded these devices yet? Am I missing something?*
 
 This procedure applies to devices running any of the following versions of Windows:
 - Windows Server 2016
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md
index fa4f9cbb04..91de7b9389 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md
@@ -1,5 +1,5 @@
 ---
-title: Part 3 - Finish making the switch to Microsoft Defender ATP
+title: Part 3 - Deploy Microsoft Defender ATP
 description: Make the switch from Symantec to Microsoft Defender ATP
 keywords: migration, windows defender advanced threat protection, atp, edr
 search.product: eADQiWindows 10XVcnh
@@ -17,7 +17,7 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Migrate from Symantec - Part 3: Finish making the switch to Microsoft Defender ATP
+# Migrate from Symantec - Part 3: Deploy Microsoft Defender ATP
 
 **Welcome to Part 3 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)**. This migration phase includes the following steps:
 - [Set up your device groups, device collections, and organizational units](#set-up-your-device-groups-device-collections-and-organizational-units) 

From eadded50cbcf18a0e32b90753b26a122d630bad9 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 16 Jun 2020 13:04:38 -0700
Subject: [PATCH 082/331] Update TOC.md

---
 windows/security/threat-protection/TOC.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 19c073c740..961a252a96 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -596,9 +596,9 @@
 ### [Migration guides]()
 #### [Migrate from Symantec to Microsoft Defender ATP]()
 ##### [Overview and planning](microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md)
-##### [Part 1: Get Microsoft Defender ATP](microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md)
-##### [Part 2: Configure settings and exclusions](microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md)
-##### [Part 3: Finish making the switch](microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md)
+##### [Part 1: Plan your migration](microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md)
+##### [Part 2: Set up Microsoft Defender ATP](microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md)
+##### [Part 3: Deploy Microsoft Defender ATP](microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md)
 #### [Manage Microsoft Defender ATP post migration](microsoft-defender-atp/microsoft-defender-atp-post-migration-management.md)
 
 ### [Partner integration scenarios]()

From 58fa2a91b9fe5e98aa86113b1b8c0acb61e56774 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 16 Jun 2020 13:07:27 -0700
Subject: [PATCH 083/331] renamed file

---
 windows/security/threat-protection/TOC.md                     | 2 +-
 .../symantec-to-microsoft-defender-atp-migration.md           | 4 ++--
 ...tp-part1.md => symantec-to-microsoft-defender-atp-plan.md} | 4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)
 rename windows/security/threat-protection/microsoft-defender-atp/{symantec-to-microsoft-defender-atp-part1.md => symantec-to-microsoft-defender-atp-plan.md} (98%)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 961a252a96..0c69395e04 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -596,7 +596,7 @@
 ### [Migration guides]()
 #### [Migrate from Symantec to Microsoft Defender ATP]()
 ##### [Overview and planning](microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md)
-##### [Part 1: Plan your migration](microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md)
+##### [Part 1: Plan your migration](microsoft-defender-atp/symantec-to-microsoft-defender-atp-plan.md)
 ##### [Part 2: Set up Microsoft Defender ATP](microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md)
 ##### [Part 3: Deploy Microsoft Defender ATP](microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md)
 #### [Manage Microsoft Defender ATP post migration](microsoft-defender-atp/microsoft-defender-atp-post-migration-management.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index b3fc746780..f712cc7482 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -27,7 +27,7 @@ The process of switching from Symantec to Microsoft Defender ATP can be divided
 
 |Phase |Steps |
 |--|--|
-|[Plan your migration](symantec-to-microsoft-defender-atp-part1.md) |During this phase, you get Microsoft Defender ATP, plan your roles and permissions, and grant access to the Microsoft Defender Security Center. |
+|[Plan your migration](symantec-to-microsoft-defender-atp-plan.md) |During this phase, you get Microsoft Defender ATP, plan your roles and permissions, and grant access to the Microsoft Defender Security Center. |
 |[Set up Microsoft Defender ATP](symantec-to-microsoft-defender-atp-part2.md) |During this phase, you configure settings and exclusions for Microsoft Defender ATP and Symantec Endpoint Protection. |
 |[Deploy Microsoft Defender ATP](symantec-to-microsoft-defender-atp-part3.md) |During this phase, you turn on Microsoft Defender ATP and uninstall Symantec. |
 
@@ -54,4 +54,4 @@ Want to learn more? See [about Microsoft Defender ATP](https://docs.microsoft.co
 
 ## Next step
 
-When you are ready to begin your migration, proceed to [Migrate from Symantec - Part 1: Plan your migration](symantec-to-microsoft-defender-atp-part1.md).
+When you are ready to begin your migration, proceed to [Migrate from Symantec - Part 1: Plan your migration](symantec-to-microsoft-defender-atp-plan.md).
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-plan.md
similarity index 98%
rename from windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md
rename to windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-plan.md
index 6c6f56e67b..7bc5206ac0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part1.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-plan.md
@@ -1,5 +1,5 @@
 ---
-title: Part 1 - Get Microsoft Defender ATP started
+title: Part 1 - Plan your migration to Microsoft Defender ATP
 description: Part 1 of "Make the switch from Symantec to Microsoft Defender ATP"
 keywords: migration, windows defender advanced threat protection, atp, edr
 search.product: eADQiWindows 10XVcnh
@@ -17,7 +17,7 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Migrate from Symantec - Part 1: Get Microsoft Defender ATP started
+# Migrate from Symantec - Part 1: Plan your migration
 
 **Welcome to Part 1 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)**. This migration phase includes the following steps:
 1. [Get Microsoft Defender ATP](#get-microsoft-defender-atp).

From 362f254c17bcde8aaafff3c51eaaf9b24920ca68 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 16 Jun 2020 13:08:44 -0700
Subject: [PATCH 084/331] renamed file

---
 windows/security/threat-protection/TOC.md                       | 2 +-
 .../symantec-to-microsoft-defender-atp-migration.md             | 2 +-
 .../symantec-to-microsoft-defender-atp-plan.md                  | 2 +-
 ...atp-part2.md => symantec-to-microsoft-defender-atp-setup.md} | 0
 4 files changed, 3 insertions(+), 3 deletions(-)
 rename windows/security/threat-protection/microsoft-defender-atp/{symantec-to-microsoft-defender-atp-part2.md => symantec-to-microsoft-defender-atp-setup.md} (100%)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 0c69395e04..e730e04883 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -597,7 +597,7 @@
 #### [Migrate from Symantec to Microsoft Defender ATP]()
 ##### [Overview and planning](microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md)
 ##### [Part 1: Plan your migration](microsoft-defender-atp/symantec-to-microsoft-defender-atp-plan.md)
-##### [Part 2: Set up Microsoft Defender ATP](microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md)
+##### [Part 2: Set up Microsoft Defender ATP](microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md)
 ##### [Part 3: Deploy Microsoft Defender ATP](microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md)
 #### [Manage Microsoft Defender ATP post migration](microsoft-defender-atp/microsoft-defender-atp-post-migration-management.md)
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index f712cc7482..d3ff6a40cb 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -28,7 +28,7 @@ The process of switching from Symantec to Microsoft Defender ATP can be divided
 |Phase |Steps |
 |--|--|
 |[Plan your migration](symantec-to-microsoft-defender-atp-plan.md) |During this phase, you get Microsoft Defender ATP, plan your roles and permissions, and grant access to the Microsoft Defender Security Center. |
-|[Set up Microsoft Defender ATP](symantec-to-microsoft-defender-atp-part2.md) |During this phase, you configure settings and exclusions for Microsoft Defender ATP and Symantec Endpoint Protection. |
+|[Set up Microsoft Defender ATP](symantec-to-microsoft-defender-atp-setup.md) |During this phase, you configure settings and exclusions for Microsoft Defender ATP and Symantec Endpoint Protection. |
 |[Deploy Microsoft Defender ATP](symantec-to-microsoft-defender-atp-part3.md) |During this phase, you turn on Microsoft Defender ATP and uninstall Symantec. |
 
 After you have Microsoft Defender ATP set up and deployed, you can [manage the various features and capabilities](microsoft-defender-atp-post-migration-management.md).
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-plan.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-plan.md
index 7bc5206ac0..191b296789 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-plan.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-plan.md
@@ -75,7 +75,7 @@ To enable communication between your devices and Microsoft Defender ATP, configu
 
 ## Next step
 
-- [Proceed to Part 2: Configure settings and exclusions](symantec-to-microsoft-defender-atp-part2.md)
+- [Proceed to Part 2: Configure settings and exclusions](symantec-to-microsoft-defender-atp-setup.md)
 
 
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
similarity index 100%
rename from windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part2.md
rename to windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md

From ebc93885753fa184ea64842b9d34b705186b9fdb Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 16 Jun 2020 13:09:39 -0700
Subject: [PATCH 085/331] renamed file

---
 windows/security/threat-protection/TOC.md                       | 2 +-
 ...tp-part3.md => symantec-to-microsoft-defender-atp-deploy.md} | 0
 .../symantec-to-microsoft-defender-atp-migration.md             | 2 +-
 .../symantec-to-microsoft-defender-atp-setup.md                 | 2 +-
 4 files changed, 3 insertions(+), 3 deletions(-)
 rename windows/security/threat-protection/microsoft-defender-atp/{symantec-to-microsoft-defender-atp-part3.md => symantec-to-microsoft-defender-atp-deploy.md} (100%)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index e730e04883..cb9165510d 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -598,7 +598,7 @@
 ##### [Overview and planning](microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md)
 ##### [Part 1: Plan your migration](microsoft-defender-atp/symantec-to-microsoft-defender-atp-plan.md)
 ##### [Part 2: Set up Microsoft Defender ATP](microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md)
-##### [Part 3: Deploy Microsoft Defender ATP](microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md)
+##### [Part 3: Deploy Microsoft Defender ATP](microsoft-defender-atp/symantec-to-microsoft-defender-atp-deploy.md)
 #### [Manage Microsoft Defender ATP post migration](microsoft-defender-atp/microsoft-defender-atp-post-migration-management.md)
 
 ### [Partner integration scenarios]()
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-deploy.md
similarity index 100%
rename from windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-part3.md
rename to windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-deploy.md
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index d3ff6a40cb..af3aa29141 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -29,7 +29,7 @@ The process of switching from Symantec to Microsoft Defender ATP can be divided
 |--|--|
 |[Plan your migration](symantec-to-microsoft-defender-atp-plan.md) |During this phase, you get Microsoft Defender ATP, plan your roles and permissions, and grant access to the Microsoft Defender Security Center. |
 |[Set up Microsoft Defender ATP](symantec-to-microsoft-defender-atp-setup.md) |During this phase, you configure settings and exclusions for Microsoft Defender ATP and Symantec Endpoint Protection. |
-|[Deploy Microsoft Defender ATP](symantec-to-microsoft-defender-atp-part3.md) |During this phase, you turn on Microsoft Defender ATP and uninstall Symantec. |
+|[Deploy Microsoft Defender ATP](symantec-to-microsoft-defender-atp-deploy.md) |During this phase, you turn on Microsoft Defender ATP and uninstall Symantec. |
 
 After you have Microsoft Defender ATP set up and deployed, you can [manage the various features and capabilities](microsoft-defender-atp-post-migration-management.md).
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 5bcd3e9b27..561d520024 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -222,4 +222,4 @@ File(c:\\windows\\notepad.exe)
 
 ## Next step
 
-- [Proceed to Part 3: Finish making the switch to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-part3.md)
+- [Proceed to Part 3: Finish making the switch to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-deploy.md)

From 2f1ef230609d8bc537464e0aaa6f8431a71de131 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 16 Jun 2020 13:14:29 -0700
Subject: [PATCH 086/331] Update
 symantec-to-microsoft-defender-atp-migration.md

---
 .../symantec-to-microsoft-defender-atp-migration.md         | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index af3aa29141..febe11b718 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -27,9 +27,9 @@ The process of switching from Symantec to Microsoft Defender ATP can be divided
 
 |Phase |Steps |
 |--|--|
-|[Plan your migration](symantec-to-microsoft-defender-atp-plan.md) |During this phase, you get Microsoft Defender ATP, plan your roles and permissions, and grant access to the Microsoft Defender Security Center. |
-|[Set up Microsoft Defender ATP](symantec-to-microsoft-defender-atp-setup.md) |During this phase, you configure settings and exclusions for Microsoft Defender ATP and Symantec Endpoint Protection. |
-|[Deploy Microsoft Defender ATP](symantec-to-microsoft-defender-atp-deploy.md) |During this phase, you turn on Microsoft Defender ATP and uninstall Symantec. |
+|[![Phase 1: Plan](images/prepare.png)](symantec-to-microsoft-defender-atp-plan.md)<br/>[Plan your migration](symantec-to-microsoft-defender-atp-plan.md) |During this phase, you get Microsoft Defender ATP, plan your roles and permissions, and grant access to the Microsoft Defender Security Center. |
+|[![Phase 2: Setup](images/setup.png)](symantec-to-microsoft-defender-atp-setup.md)<br/>[Set up Microsoft Defender ATP](symantec-to-microsoft-defender-atp-setup.md) |During this phase, you configure settings and exclusions for Microsoft Defender ATP and Symantec Endpoint Protection. |
+|[![Phase 3: Onboard](images/onboard.png)](symantec-to-microsoft-defender-atp-deploy.md)<br/>[Deploy Microsoft Defender ATP](symantec-to-microsoft-defender-atp-deploy.md) |During this phase, you turn on Microsoft Defender ATP and uninstall Symantec. |
 
 After you have Microsoft Defender ATP set up and deployed, you can [manage the various features and capabilities](microsoft-defender-atp-post-migration-management.md).
 

From 945aebacc8dae930458c698f7c38afd05b467aec Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 16 Jun 2020 13:43:46 -0700
Subject: [PATCH 087/331] file renamed

---
 windows/security/threat-protection/TOC.md              |  2 +-
 .../symantec-to-microsoft-defender-atp-migration.md    | 10 +++++-----
 ...d => symantec-to-microsoft-defender-atp-prepare.md} |  0
 3 files changed, 6 insertions(+), 6 deletions(-)
 rename windows/security/threat-protection/microsoft-defender-atp/{symantec-to-microsoft-defender-atp-plan.md => symantec-to-microsoft-defender-atp-prepare.md} (100%)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index cb9165510d..51e20dd6fb 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -596,7 +596,7 @@
 ### [Migration guides]()
 #### [Migrate from Symantec to Microsoft Defender ATP]()
 ##### [Overview and planning](microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md)
-##### [Part 1: Plan your migration](microsoft-defender-atp/symantec-to-microsoft-defender-atp-plan.md)
+##### [Part 1: Plan your migration](microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md)
 ##### [Part 2: Set up Microsoft Defender ATP](microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md)
 ##### [Part 3: Deploy Microsoft Defender ATP](microsoft-defender-atp/symantec-to-microsoft-defender-atp-deploy.md)
 #### [Manage Microsoft Defender ATP post migration](microsoft-defender-atp/microsoft-defender-atp-post-migration-management.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index febe11b718..51f41e0de8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -27,15 +27,15 @@ The process of switching from Symantec to Microsoft Defender ATP can be divided
 
 |Phase |Steps |
 |--|--|
-|[![Phase 1: Plan](images/prepare.png)](symantec-to-microsoft-defender-atp-plan.md)<br/>[Plan your migration](symantec-to-microsoft-defender-atp-plan.md) |During this phase, you get Microsoft Defender ATP, plan your roles and permissions, and grant access to the Microsoft Defender Security Center. |
-|[![Phase 2: Setup](images/setup.png)](symantec-to-microsoft-defender-atp-setup.md)<br/>[Set up Microsoft Defender ATP](symantec-to-microsoft-defender-atp-setup.md) |During this phase, you configure settings and exclusions for Microsoft Defender ATP and Symantec Endpoint Protection. |
-|[![Phase 3: Onboard](images/onboard.png)](symantec-to-microsoft-defender-atp-deploy.md)<br/>[Deploy Microsoft Defender ATP](symantec-to-microsoft-defender-atp-deploy.md) |During this phase, you turn on Microsoft Defender ATP and uninstall Symantec. |
+|[![Phase 1: Prepare](images/prepare.png)](symantec-to-microsoft-defender-atp-prepare.md)<br/>[Prepare for your migration](symantec-to-microsoft-defender-atp-prepare.md) |During this phase, you get Microsoft Defender ATP, plan your roles and permissions, and grant access to the Microsoft Defender Security Center. |
+|[![Phase 2: Set up](images/setup.png)](symantec-to-microsoft-defender-atp-setup.md)<br/>[Set up Microsoft Defender ATP](symantec-to-microsoft-defender-atp-setup.md) |During this phase, you configure settings and exclusions for Microsoft Defender ATP and Symantec Endpoint Protection. |
+|[![Phase 3: Deploy](images/onboard.png)](symantec-to-microsoft-defender-atp-deploy.md)<br/>[Deploy Microsoft Defender ATP](symantec-to-microsoft-defender-atp-deploy.md) |During this phase, you turn on Microsoft Defender ATP and uninstall Symantec. |
 
 After you have Microsoft Defender ATP set up and deployed, you can [manage the various features and capabilities](microsoft-defender-atp-post-migration-management.md).
 
 ## Overview of Microsoft Defender ATP
 
-If you are new to Microsoft Defender ATP, you might be wondering what all is included. Microsoft Defender ATP is a unified platform for preventative protection, post-breach detection, automated investigation, and response. Microsoft Defender ATP includes the features and capabilities listed in the following table:
+If you are new to Microsoft Defender ATP, you might be wondering what all is included. Microsoft Defender ATP is more than endpoint protection and antivirus. Microsoft Defender ATP is a unified platform for preventative protection, post-breach detection, automated investigation, and response. The following table lists features and capabilities of Microsoft Defender ATP:
 
 | Feature/Capability | Description |
 |---|---|
@@ -54,4 +54,4 @@ Want to learn more? See [about Microsoft Defender ATP](https://docs.microsoft.co
 
 ## Next step
 
-When you are ready to begin your migration, proceed to [Migrate from Symantec - Part 1: Plan your migration](symantec-to-microsoft-defender-atp-plan.md).
+When you are ready to begin your migration, proceed to [Migrate from Symantec - Part 1: Plan your migration](symantec-to-microsoft-defender-atp-prepare.md).
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-plan.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
similarity index 100%
rename from windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-plan.md
rename to windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md

From bca57cfb796ecfb9070d94c56ab6071c514f77dd Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 16 Jun 2020 13:44:48 -0700
Subject: [PATCH 088/331] Update
 symantec-to-microsoft-defender-atp-migration.md

---
 .../symantec-to-microsoft-defender-atp-migration.md             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index 51f41e0de8..65a00499ef 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -25,7 +25,7 @@ If you are planning to switch from Symantec Endpoint Protection (Symantec) to [M
 
 The process of switching from Symantec to Microsoft Defender ATP can be divided into three phases or parts, as listed in the following table. 
 
-|Phase |Steps |
+|Phase |Description |
 |--|--|
 |[![Phase 1: Prepare](images/prepare.png)](symantec-to-microsoft-defender-atp-prepare.md)<br/>[Prepare for your migration](symantec-to-microsoft-defender-atp-prepare.md) |During this phase, you get Microsoft Defender ATP, plan your roles and permissions, and grant access to the Microsoft Defender Security Center. |
 |[![Phase 2: Set up](images/setup.png)](symantec-to-microsoft-defender-atp-setup.md)<br/>[Set up Microsoft Defender ATP](symantec-to-microsoft-defender-atp-setup.md) |During this phase, you configure settings and exclusions for Microsoft Defender ATP and Symantec Endpoint Protection. |

From 2f2fc089b2c96ed5e4bef0d829d15175a3d9ed89 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 16 Jun 2020 13:47:15 -0700
Subject: [PATCH 089/331] Symantec

---
 windows/security/threat-protection/TOC.md              |  2 +-
 .../symantec-to-microsoft-defender-atp-migration.md    | 10 +++++-----
 .../symantec-to-microsoft-defender-atp-prepare.md      |  2 +-
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 51e20dd6fb..2a4bcc822b 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -596,7 +596,7 @@
 ### [Migration guides]()
 #### [Migrate from Symantec to Microsoft Defender ATP]()
 ##### [Overview and planning](microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md)
-##### [Part 1: Plan your migration](microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md)
+##### [Part 1: Prepare for your migration](microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md)
 ##### [Part 2: Set up Microsoft Defender ATP](microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md)
 ##### [Part 3: Deploy Microsoft Defender ATP](microsoft-defender-atp/symantec-to-microsoft-defender-atp-deploy.md)
 #### [Manage Microsoft Defender ATP post migration](microsoft-defender-atp/microsoft-defender-atp-post-migration-management.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index 65a00499ef..631419d13c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -28,12 +28,12 @@ The process of switching from Symantec to Microsoft Defender ATP can be divided
 |Phase |Description |
 |--|--|
 |[![Phase 1: Prepare](images/prepare.png)](symantec-to-microsoft-defender-atp-prepare.md)<br/>[Prepare for your migration](symantec-to-microsoft-defender-atp-prepare.md) |During this phase, you get Microsoft Defender ATP, plan your roles and permissions, and grant access to the Microsoft Defender Security Center. |
-|[![Phase 2: Set up](images/setup.png)](symantec-to-microsoft-defender-atp-setup.md)<br/>[Set up Microsoft Defender ATP](symantec-to-microsoft-defender-atp-setup.md) |During this phase, you configure settings and exclusions for Microsoft Defender ATP and Symantec Endpoint Protection. |
-|[![Phase 3: Deploy](images/onboard.png)](symantec-to-microsoft-defender-atp-deploy.md)<br/>[Deploy Microsoft Defender ATP](symantec-to-microsoft-defender-atp-deploy.md) |During this phase, you turn on Microsoft Defender ATP and uninstall Symantec. |
+|[![Phase 2: Set up](images/setup.png)](symantec-to-microsoft-defender-atp-setup.md)<br/>[Set up Microsoft Defender ATP](symantec-to-microsoft-defender-atp-setup.md) |During this phase, you configure settings and exclusions for both Microsoft Defender ATP and Symantec Endpoint Protection. |
+|[![Phase 3: Deploy](images/onboard.png)](symantec-to-microsoft-defender-atp-deploy.md)<br/>[Deploy Microsoft Defender ATP](symantec-to-microsoft-defender-atp-deploy.md) |During this phase, you onboard your devices to Microsoft Defender ATP and then uninstall Symantec. |
 
 After you have Microsoft Defender ATP set up and deployed, you can [manage the various features and capabilities](microsoft-defender-atp-post-migration-management.md).
 
-## Overview of Microsoft Defender ATP
+## What's included in Microsoft Defender ATP?
 
 If you are new to Microsoft Defender ATP, you might be wondering what all is included. Microsoft Defender ATP is more than endpoint protection and antivirus. Microsoft Defender ATP is a unified platform for preventative protection, post-breach detection, automated investigation, and response. The following table lists features and capabilities of Microsoft Defender ATP:
 
@@ -50,8 +50,8 @@ If you are new to Microsoft Defender ATP, you might be wondering what all is inc
 
 <br/>
 
-Want to learn more? See [about Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection).
+**Want to learn more? See [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection).**
 
 ## Next step
 
-When you are ready to begin your migration, proceed to [Migrate from Symantec - Part 1: Plan your migration](symantec-to-microsoft-defender-atp-prepare.md).
+When you are ready to begin your migration, proceed to [Migrate from Symantec - Part 1: Prepare for your migration](symantec-to-microsoft-defender-atp-prepare.md).
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
index 191b296789..3e4cc47832 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
@@ -17,7 +17,7 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Migrate from Symantec - Part 1: Plan your migration
+# Migrate from Symantec - Part 1: Prepare for your migration
 
 **Welcome to Part 1 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)**. This migration phase includes the following steps:
 1. [Get Microsoft Defender ATP](#get-microsoft-defender-atp).

From 1958d7313b7e79b69945c436815054d1a2240891 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 16 Jun 2020 13:51:03 -0700
Subject: [PATCH 090/331] Update
 symantec-to-microsoft-defender-atp-migration.md

---
 .../symantec-to-microsoft-defender-atp-migration.md         | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index 631419d13c..59edea5462 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -35,7 +35,11 @@ After you have Microsoft Defender ATP set up and deployed, you can [manage the v
 
 ## What's included in Microsoft Defender ATP?
 
-If you are new to Microsoft Defender ATP, you might be wondering what all is included. Microsoft Defender ATP is more than endpoint protection and antivirus. Microsoft Defender ATP is a unified platform for preventative protection, post-breach detection, automated investigation, and response. The following table lists features and capabilities of Microsoft Defender ATP:
+If you are new to Microsoft Defender ATP, you might be wondering what all is included. Microsoft Defender ATP is more than endpoint protection and antivirus. Microsoft Defender ATP is a unified platform for preventative protection, post-breach detection, automated investigation, and response. 
+
+>[!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4obJq]
+
+The following table lists features and capabilities of Microsoft Defender ATP:
 
 | Feature/Capability | Description |
 |---|---|

From 97d24b8b503920cd4a3add13656d74bf7cb5ea9b Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 16 Jun 2020 13:51:18 -0700
Subject: [PATCH 091/331] Update
 symantec-to-microsoft-defender-atp-migration.md

---
 .../symantec-to-microsoft-defender-atp-migration.md             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index 59edea5462..aa69a4fe0d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -37,7 +37,7 @@ After you have Microsoft Defender ATP set up and deployed, you can [manage the v
 
 If you are new to Microsoft Defender ATP, you might be wondering what all is included. Microsoft Defender ATP is more than endpoint protection and antivirus. Microsoft Defender ATP is a unified platform for preventative protection, post-breach detection, automated investigation, and response. 
 
->[!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4obJq]
+>[!VIDEO https://www.microsoft.com/videoplayer/embed/RE4obJq]
 
 The following table lists features and capabilities of Microsoft Defender ATP:
 

From 31b43b2d83cae3abad8978d112956e7fef8bf033 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 16 Jun 2020 13:51:50 -0700
Subject: [PATCH 092/331] Update
 symantec-to-microsoft-defender-atp-migration.md

---
 .../symantec-to-microsoft-defender-atp-migration.md             | 2 --
 1 file changed, 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index aa69a4fe0d..116968cae6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -37,8 +37,6 @@ After you have Microsoft Defender ATP set up and deployed, you can [manage the v
 
 If you are new to Microsoft Defender ATP, you might be wondering what all is included. Microsoft Defender ATP is more than endpoint protection and antivirus. Microsoft Defender ATP is a unified platform for preventative protection, post-breach detection, automated investigation, and response. 
 
->[!VIDEO https://www.microsoft.com/videoplayer/embed/RE4obJq]
-
 The following table lists features and capabilities of Microsoft Defender ATP:
 
 | Feature/Capability | Description |

From 1c7dccba07dde76a6700cbf30090a1e87855a4a7 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 16 Jun 2020 14:00:24 -0700
Subject: [PATCH 093/331] symantec guide

file renaming
---
 windows/security/threat-protection/TOC.md              |  2 +-
 .../symantec-to-microsoft-defender-atp-migration.md    |  2 +-
 ...d => symantec-to-microsoft-defender-atp-onboard.md} |  0
 .../symantec-to-microsoft-defender-atp-prepare.md      | 10 +++++++++-
 .../symantec-to-microsoft-defender-atp-setup.md        |  2 +-
 5 files changed, 12 insertions(+), 4 deletions(-)
 rename windows/security/threat-protection/microsoft-defender-atp/{symantec-to-microsoft-defender-atp-deploy.md => symantec-to-microsoft-defender-atp-onboard.md} (100%)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 2a4bcc822b..c951976541 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -598,7 +598,7 @@
 ##### [Overview and planning](microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md)
 ##### [Part 1: Prepare for your migration](microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md)
 ##### [Part 2: Set up Microsoft Defender ATP](microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md)
-##### [Part 3: Deploy Microsoft Defender ATP](microsoft-defender-atp/symantec-to-microsoft-defender-atp-deploy.md)
+##### [Part 3: Deploy Microsoft Defender ATP](microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md)
 #### [Manage Microsoft Defender ATP post migration](microsoft-defender-atp/microsoft-defender-atp-post-migration-management.md)
 
 ### [Partner integration scenarios]()
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index 116968cae6..09b4435f35 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -29,7 +29,7 @@ The process of switching from Symantec to Microsoft Defender ATP can be divided
 |--|--|
 |[![Phase 1: Prepare](images/prepare.png)](symantec-to-microsoft-defender-atp-prepare.md)<br/>[Prepare for your migration](symantec-to-microsoft-defender-atp-prepare.md) |During this phase, you get Microsoft Defender ATP, plan your roles and permissions, and grant access to the Microsoft Defender Security Center. |
 |[![Phase 2: Set up](images/setup.png)](symantec-to-microsoft-defender-atp-setup.md)<br/>[Set up Microsoft Defender ATP](symantec-to-microsoft-defender-atp-setup.md) |During this phase, you configure settings and exclusions for both Microsoft Defender ATP and Symantec Endpoint Protection. |
-|[![Phase 3: Deploy](images/onboard.png)](symantec-to-microsoft-defender-atp-deploy.md)<br/>[Deploy Microsoft Defender ATP](symantec-to-microsoft-defender-atp-deploy.md) |During this phase, you onboard your devices to Microsoft Defender ATP and then uninstall Symantec. |
+|[![Phase 3: Deploy](images/onboard.png)](symantec-to-microsoft-defender-atp-onboard.md)<br/>[Deploy Microsoft Defender ATP](symantec-to-microsoft-defender-atp-onboard.md) |During this phase, you onboard your devices to Microsoft Defender ATP and then uninstall Symantec. |
 
 After you have Microsoft Defender ATP set up and deployed, you can [manage the various features and capabilities](microsoft-defender-atp-post-migration-management.md).
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-deploy.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
similarity index 100%
rename from windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-deploy.md
rename to windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
index 3e4cc47832..aea7deae80 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
@@ -19,7 +19,15 @@ ms.topic: article
 
 # Migrate from Symantec - Part 1: Prepare for your migration
 
-**Welcome to Part 1 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)**. This migration phase includes the following steps:
+|![Phase 1: Prepare](images/prepare.png)<br/>Phase 1: Prepare |[![Phase 2: Set up](images/setup.png)](symantec-to-microsoft-defender-atp-setup.md)<br/>[Phase 2: Set up](symantec-to-microsoft-defender-atp-setup.md) |![Phase 3: Onboard](images/onboard.png)<br/>Phase 3: Onboard |
+|--|--|--|
+|You are here!| | |
+
+**Welcome to the Prepare phase of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)**. 
+
+
+
+This migration phase includes the following steps:
 1. [Get Microsoft Defender ATP](#get-microsoft-defender-atp).
 2. [Grant access to the Microsoft Defender Security Center](#grant-access-to-the-microsoft-defender-security-center).
 3. [Configure device proxy and internet connectivity settings](#configure-device-proxy-and-internet-connectivity-settings).
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 561d520024..490f13a524 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -222,4 +222,4 @@ File(c:\\windows\\notepad.exe)
 
 ## Next step
 
-- [Proceed to Part 3: Finish making the switch to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-deploy.md)
+- [Proceed to Part 3: Finish making the switch to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-onboard.md)

From 02f4182bbfd0c87fd21b7689d00eca0dc5aab46b Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 16 Jun 2020 14:01:12 -0700
Subject: [PATCH 094/331] Update
 symantec-to-microsoft-defender-atp-migration.md

---
 .../symantec-to-microsoft-defender-atp-migration.md             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index 09b4435f35..a5b2f54efc 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -29,7 +29,7 @@ The process of switching from Symantec to Microsoft Defender ATP can be divided
 |--|--|
 |[![Phase 1: Prepare](images/prepare.png)](symantec-to-microsoft-defender-atp-prepare.md)<br/>[Prepare for your migration](symantec-to-microsoft-defender-atp-prepare.md) |During this phase, you get Microsoft Defender ATP, plan your roles and permissions, and grant access to the Microsoft Defender Security Center. |
 |[![Phase 2: Set up](images/setup.png)](symantec-to-microsoft-defender-atp-setup.md)<br/>[Set up Microsoft Defender ATP](symantec-to-microsoft-defender-atp-setup.md) |During this phase, you configure settings and exclusions for both Microsoft Defender ATP and Symantec Endpoint Protection. |
-|[![Phase 3: Deploy](images/onboard.png)](symantec-to-microsoft-defender-atp-onboard.md)<br/>[Deploy Microsoft Defender ATP](symantec-to-microsoft-defender-atp-onboard.md) |During this phase, you onboard your devices to Microsoft Defender ATP and then uninstall Symantec. |
+|[![Phase 3: Onboard](images/onboard.png)](symantec-to-microsoft-defender-atp-onboard.md)<br/>[Onboard to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-onboard.md) |During this phase, you onboard your devices to Microsoft Defender ATP and then uninstall Symantec. |
 
 After you have Microsoft Defender ATP set up and deployed, you can [manage the various features and capabilities](microsoft-defender-atp-post-migration-management.md).
 

From 0ff9d4cde9d5613ffd25dc1023c1c38ec800ee31 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 16 Jun 2020 14:03:19 -0700
Subject: [PATCH 095/331] Update symantec-to-microsoft-defender-atp-prepare.md

---
 .../symantec-to-microsoft-defender-atp-prepare.md               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
index aea7deae80..0cf0863bcb 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
@@ -19,7 +19,7 @@ ms.topic: article
 
 # Migrate from Symantec - Part 1: Prepare for your migration
 
-|![Phase 1: Prepare](images/prepare.png)<br/>Phase 1: Prepare |[![Phase 2: Set up](images/setup.png)](symantec-to-microsoft-defender-atp-setup.md)<br/>[Phase 2: Set up](symantec-to-microsoft-defender-atp-setup.md) |![Phase 3: Onboard](images/onboard.png)<br/>Phase 3: Onboard |
+|![Phase 1: Prepare](images/prepare.png)<br/>Phase 1: Prepare |[![Phase 2: Set up](images/setup.png)](symantec-to-microsoft-defender-atp-setup.md)<br/>[Phase 2: Set up](symantec-to-microsoft-defender-atp-setup.md) |[![Phase 3: Onboard](images/onboard.png)](symantec-to-microsoft-defender-atp-onboard.md)<br/>[Phase 3: Onboard](symantec-to-microsoft-defender-atp-onboard.md) |
 |--|--|--|
 |You are here!| | |
 

From acef2138bb830c94decf5eec61b1116f31d1cc77 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 16 Jun 2020 14:08:41 -0700
Subject: [PATCH 096/331] nav table

---
 .../symantec-to-microsoft-defender-atp-onboard.md           | 6 ++++++
 .../symantec-to-microsoft-defender-atp-prepare.md           | 4 +---
 .../symantec-to-microsoft-defender-atp-setup.md             | 5 +++++
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 91de7b9389..896f837dee 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -19,6 +19,12 @@ ms.topic: article
 
 # Migrate from Symantec - Part 3: Deploy Microsoft Defender ATP
 
+
+|[![Phase 1: Prepare](images/prepare.png)](symantec-to-microsoft-defender-atp-prepare.md)<br/>[Phase 1: Prepare](symantec-to-microsoft-defender-atp-prepare.md) |[![Phase 2: Set up](images/setup.png)](symantec-to-microsoft-defender-atp-setup.md)<br/>[Phase 2: Set up](symantec-to-microsoft-defender-atp-setup.md) |[![Phase 3: Onboard](images/onboard.png)](symantec-to-microsoft-defender-atp-onboard.md)<br/>[Phase 3: Onboard](symantec-to-microsoft-defender-atp-onboard.md) |
+|--|--|--|
+|| |You are here! |
+
+
 **Welcome to Part 3 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)**. This migration phase includes the following steps:
 - [Set up your device groups, device collections, and organizational units](#set-up-your-device-groups-device-collections-and-organizational-units) 
 - [Deploy Microsoft Defender ATP and uninstall Symantec](#deploy-microsoft-defender-atp-and-uninstall-symantec)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
index 0cf0863bcb..c0616d27d7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
@@ -25,8 +25,6 @@ ms.topic: article
 
 **Welcome to the Prepare phase of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)**. 
 
-
-
 This migration phase includes the following steps:
 1. [Get Microsoft Defender ATP](#get-microsoft-defender-atp).
 2. [Grant access to the Microsoft Defender Security Center](#grant-access-to-the-microsoft-defender-security-center).
@@ -83,7 +81,7 @@ To enable communication between your devices and Microsoft Defender ATP, configu
 
 ## Next step
 
-- [Proceed to Part 2: Configure settings and exclusions](symantec-to-microsoft-defender-atp-setup.md)
+- [Proceed to Part 2: Set up Microsoft Defender ATP](symantec-to-microsoft-defender-atp-setup.md)
 
 
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 490f13a524..ffc04b2b98 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -19,6 +19,11 @@ ms.topic: article
 
 # Migrate from Symantec - Part 2: Set up Microsoft Defender ATP
 
+
+|[![Phase 1: Prepare](images/prepare.png)](symantec-to-microsoft-defender-atp-prepare.md)<br/>[Phase 1: Prepare](symantec-to-microsoft-defender-atp-prepare.md) |![Phase 2: Set up](images/setup.png)<br/>Phase 2: Set up |[![Phase 3: Onboard](images/onboard.png)](symantec-to-microsoft-defender-atp-onboard.md)<br/>[Phase 3: Onboard](symantec-to-microsoft-defender-atp-onboard.md) |
+|--|--|--|
+||You are here! | |
+
 **Welcome to Part 2 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)**. This migration phase includes the following steps:
 1. [Set Microsoft Defender ATP to passive mode](#set-microsoft-defender-atp-to-passive-mode).
 2. [Re-enable Microsoft Defender Antivirus](#re-enable-microsoft-defender-antivirus).

From e4d20971b220e9cd3bbea4180eb02605f4261c98 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 16 Jun 2020 14:21:23 -0700
Subject: [PATCH 097/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md           | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 896f837dee..f2887e1da7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -1,5 +1,5 @@
 ---
-title: Part 3 - Deploy Microsoft Defender ATP
+title: Part 3 - Onboard to Microsoft Defender ATP
 description: Make the switch from Symantec to Microsoft Defender ATP
 keywords: migration, windows defender advanced threat protection, atp, edr
 search.product: eADQiWindows 10XVcnh
@@ -17,10 +17,10 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Migrate from Symantec - Part 3: Deploy Microsoft Defender ATP
+# Migrate from Symantec - Part 3: Onboard to Microsoft Defender ATP
 
 
-|[![Phase 1: Prepare](images/prepare.png)](symantec-to-microsoft-defender-atp-prepare.md)<br/>[Phase 1: Prepare](symantec-to-microsoft-defender-atp-prepare.md) |[![Phase 2: Set up](images/setup.png)](symantec-to-microsoft-defender-atp-setup.md)<br/>[Phase 2: Set up](symantec-to-microsoft-defender-atp-setup.md) |[![Phase 3: Onboard](images/onboard.png)](symantec-to-microsoft-defender-atp-onboard.md)<br/>[Phase 3: Onboard](symantec-to-microsoft-defender-atp-onboard.md) |
+|[![Phase 1: Prepare](images/prepare.png)](symantec-to-microsoft-defender-atp-prepare.md)<br/>[Phase 1: Prepare](symantec-to-microsoft-defender-atp-prepare.md) |[![Phase 2: Set up](images/setup.png)](symantec-to-microsoft-defender-atp-setup.md)<br/>[Phase 2: Set up](symantec-to-microsoft-defender-atp-setup.md) |![Phase 3: Onboard](images/onboard.png)<br/>Phase 3: Onboard |
 |--|--|--|
 || |You are here! |
 

From 7b6f03b0a2e32db681cb16f9ccb8da8515601482 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 16 Jun 2020 15:44:55 -0700
Subject: [PATCH 098/331] symantec

---
 .../symantec-to-microsoft-defender-atp-migration.md            | 2 +-
 .../symantec-to-microsoft-defender-atp-onboard.md              | 2 +-
 .../symantec-to-microsoft-defender-atp-prepare.md              | 2 +-
 .../symantec-to-microsoft-defender-atp-setup.md                | 3 +--
 4 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index a5b2f54efc..7e188d2dcc 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -21,7 +21,7 @@ ms.topic: article
 
 If you are planning to switch from Symantec Endpoint Protection (Symantec) to [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection), you're in the right place. Use this article as a guide to plan your migration.  
 
-## Planning for migration: The process at a high level
+## Planning your migration: The process at a high level
 
 The process of switching from Symantec to Microsoft Defender ATP can be divided into three phases or parts, as listed in the following table. 
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index f2887e1da7..24c12d1616 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -22,7 +22,7 @@ ms.topic: article
 
 |[![Phase 1: Prepare](images/prepare.png)](symantec-to-microsoft-defender-atp-prepare.md)<br/>[Phase 1: Prepare](symantec-to-microsoft-defender-atp-prepare.md) |[![Phase 2: Set up](images/setup.png)](symantec-to-microsoft-defender-atp-setup.md)<br/>[Phase 2: Set up](symantec-to-microsoft-defender-atp-setup.md) |![Phase 3: Onboard](images/onboard.png)<br/>Phase 3: Onboard |
 |--|--|--|
-|| |You are here! |
+|| |*You are here!* |
 
 
 **Welcome to Part 3 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)**. This migration phase includes the following steps:
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
index c0616d27d7..651033a4d5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
@@ -21,7 +21,7 @@ ms.topic: article
 
 |![Phase 1: Prepare](images/prepare.png)<br/>Phase 1: Prepare |[![Phase 2: Set up](images/setup.png)](symantec-to-microsoft-defender-atp-setup.md)<br/>[Phase 2: Set up](symantec-to-microsoft-defender-atp-setup.md) |[![Phase 3: Onboard](images/onboard.png)](symantec-to-microsoft-defender-atp-onboard.md)<br/>[Phase 3: Onboard](symantec-to-microsoft-defender-atp-onboard.md) |
 |--|--|--|
-|You are here!| | |
+|*You are here!*| | |
 
 **Welcome to the Prepare phase of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)**. 
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index ffc04b2b98..d0d0b77960 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -22,7 +22,7 @@ ms.topic: article
 
 |[![Phase 1: Prepare](images/prepare.png)](symantec-to-microsoft-defender-atp-prepare.md)<br/>[Phase 1: Prepare](symantec-to-microsoft-defender-atp-prepare.md) |![Phase 2: Set up](images/setup.png)<br/>Phase 2: Set up |[![Phase 3: Onboard](images/onboard.png)](symantec-to-microsoft-defender-atp-onboard.md)<br/>[Phase 3: Onboard](symantec-to-microsoft-defender-atp-onboard.md) |
 |--|--|--|
-||You are here! | |
+||*You are here!* | |
 
 **Welcome to Part 2 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)**. This migration phase includes the following steps:
 1. [Set Microsoft Defender ATP to passive mode](#set-microsoft-defender-atp-to-passive-mode).
@@ -32,7 +32,6 @@ ms.topic: article
 
 ## Set Microsoft Defender ATP to passive mode
 
-
 This procedure applies to devices running any of the following versions of Windows:
 - Windows Server 2016
 - Windows Server, version 1803 (core-only mode)

From 4b3760ba7f15c517b944dd7cf3108be9795a483d Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 17 Jun 2020 08:59:49 -0700
Subject: [PATCH 099/331] Update TOC.md

---
 windows/security/threat-protection/TOC.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index c951976541..679a09e7a6 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -598,7 +598,7 @@
 ##### [Overview and planning](microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md)
 ##### [Part 1: Prepare for your migration](microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md)
 ##### [Part 2: Set up Microsoft Defender ATP](microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md)
-##### [Part 3: Deploy Microsoft Defender ATP](microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md)
+##### [Part 3: Onboard to Microsoft Defender ATP](microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md)
 #### [Manage Microsoft Defender ATP post migration](microsoft-defender-atp/microsoft-defender-atp-post-migration-management.md)
 
 ### [Partner integration scenarios]()

From 8c27d997d2b1ce17bbc5f5c65604749b1de76a74 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 17 Jun 2020 09:32:11 -0700
Subject: [PATCH 100/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 ...ymantec-to-microsoft-defender-atp-setup.md | 46 ++++++++-----------
 1 file changed, 19 insertions(+), 27 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index d0d0b77960..0f938bb86a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -26,7 +26,7 @@ ms.topic: article
 
 **Welcome to Part 2 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)**. This migration phase includes the following steps:
 1. [Set Microsoft Defender ATP to passive mode](#set-microsoft-defender-atp-to-passive-mode).
-2. [Re-enable Microsoft Defender Antivirus](#re-enable-microsoft-defender-antivirus).
+2. [Re-enable Microsoft Defender Antivirus](#enable-microsoft-defender-antivirus).
 3. [Add Microsoft Defender ATP EDR to the exclusion list for Symantec](#add-microsoft-defender-atp-edr-to-the-exclusion-list-for-symantec).
 4. [Add Symantec to your Microsoft Defender ATP exclusion list](#add-symantec-to-your-microsoft-defender-atp-exclusion-list). 
 
@@ -53,52 +53,44 @@ For those versions of Windows, you should set the registry key for Microsoft Def
 >- [Local Group Policy Object tool](https://docs.microsoft.com/windows/security/threat-protection/security-compliance-toolkit-10#what-is-the-local-group-policy-object-lgpo-tool)
 >- [A package in Configuration Manager](https://docs.microsoft.com/mem/configmgr/apps/deploy-use/packages-and-programs)
 
+## Enable Microsoft Defender Antivirus
 
-## Re-enable Microsoft Defender Antivirus
-
-Considering your organization has been using Symantec as your primary antivirus solution, Microsoft Defender Antivirus (Microsoft Defender AV) is most likely disabled on your organization's Windows devices. This step of the migration process involves enabling Microsoft Defender AV. 
-
-Microsoft Defender AV can run alongside your existing antivirus solution so that protection remains in place.
+Because your organization has been using Symantec as your primary antivirus solution, Microsoft Defender Antivirus (Microsoft Defender AV) is most likely disabled on your organization's Windows devices. Microsoft Defender AV can run alongside your existing antivirus solution. This step of the migration process involves enabling Microsoft Defender AV. 
 
 You can use one of several methods to enable Microsoft Defender AV as listed in the following table:
 
 
 |Method  |What to do  |
 |---------|---------|
-|Control Panel in Windows     |Follow the guidance here: [Turn on Microsoft Defender AV](https://docs.microsoft.com/mem/intune/user-help/turn-on-defender-windows)         |
-|[Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm/) <br/>or<br/>[Group Policy Management Console](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus)  |1. Go to `Computer configuration > Administrative templates > Windows components > Windows Defender Antivirus`. <br/>2. Look for a policy that was set to turn off Microsoft Defender Antivirus (or Windows Defender Antivirus). <br/>3. Disable that policy. This enables Microsoft Defender Antivirus.  |
+|Control Panel in Windows     |Follow the guidance here: [Turn on Microsoft Defender AV](https://docs.microsoft.com/mem/intune/user-help/turn-on-defender-windows).         |
+|[Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm/) <br/>or<br/>[Group Policy Management Console](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus)  |1. Go to `Computer configuration > Administrative templates > Windows components > Microsoft Defender Antivirus`. <br/>2. Look for a policy called **Turn off Microsoft Defender Antivirus**. <br/>3. Choose **Edit policy setting**, and make sure that policy is disabled. This enables Microsoft Defender Antivirus.  |
 |Registry Editor |1. As an administrator on the device, open Registry Editor.<br/>2. Navigate to `ComputerHKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender`.<br/>3. Look for a DWORD entry called `DisableAntiSpyware`. If the entry exists, change its value from **1** (Hexidecimal base) to **0**. <br/>4. Reboot the device. |
 
 ## Add Microsoft Defender ATP EDR to the exclusion list for Symantec
 
-*This is from the Word doc - needs revision and clarification*
+This step of the migration process involves adding Microsoft Defender ATP to the exclusion list for Symantec and any other security products your organization is using.
 
-Add Microsoft Defender ATP EDR to the exclusion list for Symantec (or any other security products).
-
-Adding MDATP (EDR) to the exclusion list to SEP/Trendmicro or any other security product and EDR (RSA Netwitness)
-If you’ll have a 3rd party security product(s) that intercepts MDATP and not let the data get uploaded.
- 
-For these types of issues, please add exclusions for the following services/processes from the 3rd party security product(s):
+Add the following exclusions:
 
 For MDATP built-in to Windows 10, Windows Server 1803, and Windows Server 2019:
-C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
-C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe
-C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe
-C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe 
+`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`
+`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`
+`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`
+`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe` 
 Note:  On Windows 10 1803 and newer w/o the KB hotfix for April 2019.  Available in Windows 10 1709/1703 w/ the KB hotfix for April 2019.
  
 For the down-level Windows OS versions (Windows 7/Windows Server 2008R2, Windows 8.1 and Windows Server 2012 R2/Windows Server 2016) that have MMA agent installed:
  
-"C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 6\45\MsSenseS.exe"
+`C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 6\45\MsSenseS.exe`
+
 Note:  Where Monitoring Host Temporary Files 6\45 can be different numbered subfolders.
  
-"C:\Program Files\Microsoft Monitoring Agent\Agent\AgentControlPanel.exe"
-"C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe"
-"C:\Program Files\Microsoft Monitoring Agent\Agent\HSLockdown.exe"
-"C:\Program Files\Microsoft Monitoring Agent\Agent\MOMPerfSnapshotHelper.exe"
-"C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe"
-"C:\Program Files\Microsoft Monitoring Agent\Agent\TestCloudConnection.exe"
-
+`C:\Program Files\Microsoft Monitoring Agent\Agent\AgentControlPanel.exe`
+`C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe`
+`C:\Program Files\Microsoft Monitoring Agent\Agent\HSLockdown.exe`
+`C:\Program Files\Microsoft Monitoring Agent\Agent\MOMPerfSnapshotHelper.exe`
+`C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe`
+`C:\Program Files\Microsoft Monitoring Agent\Agent\TestCloudConnection.exe`
 
 ## Add Symantec to your Microsoft Defender ATP exclusion list
 

From 7b45b96403eaed6fe906465aafb0e9b2436dba80 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 17 Jun 2020 10:09:43 -0700
Subject: [PATCH 101/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 ...ymantec-to-microsoft-defender-atp-setup.md | 25 ++++---------------
 1 file changed, 5 insertions(+), 20 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 0f938bb86a..dbbe068e08 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -70,27 +70,12 @@ You can use one of several methods to enable Microsoft Defender AV as listed in
 
 This step of the migration process involves adding Microsoft Defender ATP to the exclusion list for Symantec and any other security products your organization is using.
 
-Add the following exclusions:
+Add the exclusions listed in the following table:
 
-For MDATP built-in to Windows 10, Windows Server 1803, and Windows Server 2019:
-`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`
-`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`
-`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`
-`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe` 
-Note:  On Windows 10 1803 and newer w/o the KB hotfix for April 2019.  Available in Windows 10 1709/1703 w/ the KB hotfix for April 2019.
- 
-For the down-level Windows OS versions (Windows 7/Windows Server 2008R2, Windows 8.1 and Windows Server 2012 R2/Windows Server 2016) that have MMA agent installed:
- 
-`C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 6\45\MsSenseS.exe`
-
-Note:  Where Monitoring Host Temporary Files 6\45 can be different numbered subfolders.
- 
-`C:\Program Files\Microsoft Monitoring Agent\Agent\AgentControlPanel.exe`
-`C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe`
-`C:\Program Files\Microsoft Monitoring Agent\Agent\HSLockdown.exe`
-`C:\Program Files\Microsoft Monitoring Agent\Agent\MOMPerfSnapshotHelper.exe`
-`C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe`
-`C:\Program Files\Microsoft Monitoring Agent\Agent\TestCloudConnection.exe`
+|OS |Exclusions |
+|--|--|
+|Windows 10<br/>Windows Server, version 1803<br/>Windows Server 2019 |`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`<br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`<br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`<br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe` <br/>**NOTE**:  On Windows 10 1803 and newer w/o the KB hotfix for April 2019. Available in Windows 10 1709/1703 w/ the KB hotfix for April 2019. |
+|Windows 7<br/>Windows Server 2008 R2<br/>Windows 8.1 <br/>Windows Server 2012 R2/Windows Server 2016 |`C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 6\45\MsSenseS.exe`<br/>**NOTE**: Where Monitoring Host Temporary Files 6\45 can be different numbered subfolders.<br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\AgentControlPanel.exe`<br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe`<br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HSLockdown.exe`<br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MOMPerfSnapshotHelper.exe`<br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe`<br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\TestCloudConnection.exe` |
 
 ## Add Symantec to your Microsoft Defender ATP exclusion list
 

From d9f1271ae33340395699e1fad3697e180baa37d1 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 17 Jun 2020 16:16:15 -0700
Subject: [PATCH 102/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md               | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index dbbe068e08..08615d5e59 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -27,7 +27,7 @@ ms.topic: article
 **Welcome to Part 2 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)**. This migration phase includes the following steps:
 1. [Set Microsoft Defender ATP to passive mode](#set-microsoft-defender-atp-to-passive-mode).
 2. [Re-enable Microsoft Defender Antivirus](#enable-microsoft-defender-antivirus).
-3. [Add Microsoft Defender ATP EDR to the exclusion list for Symantec](#add-microsoft-defender-atp-edr-to-the-exclusion-list-for-symantec).
+3. [Add Microsoft Defender ATP to the exclusion list for Symantec](#add-microsoft-defender-atp-to-the-exclusion-list-for-symantec).
 4. [Add Symantec to your Microsoft Defender ATP exclusion list](#add-symantec-to-your-microsoft-defender-atp-exclusion-list). 
 
 ## Set Microsoft Defender ATP to passive mode
@@ -66,7 +66,7 @@ You can use one of several methods to enable Microsoft Defender AV as listed in
 |[Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm/) <br/>or<br/>[Group Policy Management Console](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus)  |1. Go to `Computer configuration > Administrative templates > Windows components > Microsoft Defender Antivirus`. <br/>2. Look for a policy called **Turn off Microsoft Defender Antivirus**. <br/>3. Choose **Edit policy setting**, and make sure that policy is disabled. This enables Microsoft Defender Antivirus.  |
 |Registry Editor |1. As an administrator on the device, open Registry Editor.<br/>2. Navigate to `ComputerHKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender`.<br/>3. Look for a DWORD entry called `DisableAntiSpyware`. If the entry exists, change its value from **1** (Hexidecimal base) to **0**. <br/>4. Reboot the device. |
 
-## Add Microsoft Defender ATP EDR to the exclusion list for Symantec
+## Add Microsoft Defender ATP to the exclusion list for Symantec
 
 This step of the migration process involves adding Microsoft Defender ATP to the exclusion list for Symantec and any other security products your organization is using.
 

From 29b8ae44cd3f983de20915aa5c712912f93e021b Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 17 Jun 2020 16:44:39 -0700
Subject: [PATCH 103/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md  | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 08615d5e59..0a1b405d87 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -32,14 +32,12 @@ ms.topic: article
 
 ## Set Microsoft Defender ATP to passive mode
 
-This procedure applies to devices running any of the following versions of Windows:
-- Windows Server 2016
-- Windows Server, version 1803 (core-only mode)
+Set the registry key for Microsoft Defender ATP to passive mode on any endpoints or devices running the following operating systems:
+- Windows Server 2016;
+- Windows Server, version 1803 (core-only mode); or 
 - Windows Server 2019
 
-For those versions of Windows, you should set the registry key for Microsoft Defender ATP to passive mode. 
-
-1. As an administrator on the device, open Registry Editor.
+1. As an administrator on the endpoint or device, open Registry Editor.
 
 2. Navigate to `Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Windows Advanced Threat Protection`.
 
@@ -55,9 +53,9 @@ For those versions of Windows, you should set the registry key for Microsoft Def
 
 ## Enable Microsoft Defender Antivirus
 
-Because your organization has been using Symantec as your primary antivirus solution, Microsoft Defender Antivirus (Microsoft Defender AV) is most likely disabled on your organization's Windows devices. Microsoft Defender AV can run alongside your existing antivirus solution. This step of the migration process involves enabling Microsoft Defender AV. 
+Because your organization has been using Symantec as your primary antivirus solution, Microsoft Defender Antivirus (Microsoft Defender AV) is most likely disabled on your organization's Windows devices. This step of the migration process involves enabling Microsoft Defender AV, which can run alongside your existing antivirus solution. 
 
-You can use one of several methods to enable Microsoft Defender AV as listed in the following table:
+Use one the methods listed in the following table:
 
 
 |Method  |What to do  |
@@ -74,7 +72,7 @@ Add the exclusions listed in the following table:
 
 |OS |Exclusions |
 |--|--|
-|Windows 10<br/>Windows Server, version 1803<br/>Windows Server 2019 |`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`<br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`<br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`<br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe` <br/>**NOTE**:  On Windows 10 1803 and newer w/o the KB hotfix for April 2019. Available in Windows 10 1709/1703 w/ the KB hotfix for April 2019. |
+|Windows 10, [version 1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803) or later<br/><br/>Windows 10, version 1703 or [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709) with [KB4493441](https://support.microsoft.com/help/4493441) installed <br/><br/>[Windows Server, version 1803](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803)<br/><br/>[Windows Server 2019](https://docs.microsoft.com/en-us/windows/release-information/status-windows-10-1809-and-windows-server-2019) |`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe`<br/> <br/>**NOTE**:  On Windows 10 1803 and newer w/o the KB hotfix for April 2019. Available in Windows 10 1709/1703 w/ the KB hotfix for April 2019. |
 |Windows 7<br/>Windows Server 2008 R2<br/>Windows 8.1 <br/>Windows Server 2012 R2/Windows Server 2016 |`C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 6\45\MsSenseS.exe`<br/>**NOTE**: Where Monitoring Host Temporary Files 6\45 can be different numbered subfolders.<br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\AgentControlPanel.exe`<br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe`<br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HSLockdown.exe`<br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MOMPerfSnapshotHelper.exe`<br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe`<br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\TestCloudConnection.exe` |
 
 ## Add Symantec to your Microsoft Defender ATP exclusion list

From 92df591abec4ec7febc02980a3a6c80fceef8003 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 17 Jun 2020 16:49:07 -0700
Subject: [PATCH 104/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md               | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 0a1b405d87..3c13727ba5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -72,8 +72,8 @@ Add the exclusions listed in the following table:
 
 |OS |Exclusions |
 |--|--|
-|Windows 10, [version 1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803) or later<br/><br/>Windows 10, version 1703 or [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709) with [KB4493441](https://support.microsoft.com/help/4493441) installed <br/><br/>[Windows Server, version 1803](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803)<br/><br/>[Windows Server 2019](https://docs.microsoft.com/en-us/windows/release-information/status-windows-10-1809-and-windows-server-2019) |`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe`<br/> <br/>**NOTE**:  On Windows 10 1803 and newer w/o the KB hotfix for April 2019. Available in Windows 10 1709/1703 w/ the KB hotfix for April 2019. |
-|Windows 7<br/>Windows Server 2008 R2<br/>Windows 8.1 <br/>Windows Server 2012 R2/Windows Server 2016 |`C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 6\45\MsSenseS.exe`<br/>**NOTE**: Where Monitoring Host Temporary Files 6\45 can be different numbered subfolders.<br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\AgentControlPanel.exe`<br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe`<br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HSLockdown.exe`<br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MOMPerfSnapshotHelper.exe`<br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe`<br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\TestCloudConnection.exe` |
+|Windows 10, [version 1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803) or later (See [Windows 10 release information](https://docs.microsoft.com/windows/release-information/)<br/><br/>Windows 10, version 1703 or [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709) with [KB4493441](https://support.microsoft.com/help/4493441) installed <br/><br/>[Windows Server, version 1803](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803)<br/><br/>[Windows Server 2019](https://docs.microsoft.com/en-us/windows/release-information/status-windows-10-1809-and-windows-server-2019) |`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe`<br/>  |
+|[Windows 7](https://docs.microsoft.com/en-us/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/><br/>[Windows Server 2008 R2 SP1](https://docs.microsoft.com/en-us/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/><br/>Windows 8.1 <br/><br/>Windows Server 2012 R2<br/><br/>Windows Server 2016 |`C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 6\45\MsSenseS.exe`<br/><br/>**NOTE**: Where Monitoring Host Temporary Files 6\45 can be different numbered subfolders.<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\AgentControlPanel.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HSLockdown.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MOMPerfSnapshotHelper.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\TestCloudConnection.exe` |
 
 ## Add Symantec to your Microsoft Defender ATP exclusion list
 

From 51dda64e65d02417cebddcd476a2a0ef77b2ba32 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 17 Jun 2020 16:50:46 -0700
Subject: [PATCH 105/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md               | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 3c13727ba5..0f5b274b40 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -72,8 +72,8 @@ Add the exclusions listed in the following table:
 
 |OS |Exclusions |
 |--|--|
-|Windows 10, [version 1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803) or later (See [Windows 10 release information](https://docs.microsoft.com/windows/release-information/)<br/><br/>Windows 10, version 1703 or [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709) with [KB4493441](https://support.microsoft.com/help/4493441) installed <br/><br/>[Windows Server, version 1803](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803)<br/><br/>[Windows Server 2019](https://docs.microsoft.com/en-us/windows/release-information/status-windows-10-1809-and-windows-server-2019) |`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe`<br/>  |
-|[Windows 7](https://docs.microsoft.com/en-us/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/><br/>[Windows Server 2008 R2 SP1](https://docs.microsoft.com/en-us/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/><br/>Windows 8.1 <br/><br/>Windows Server 2012 R2<br/><br/>Windows Server 2016 |`C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 6\45\MsSenseS.exe`<br/><br/>**NOTE**: Where Monitoring Host Temporary Files 6\45 can be different numbered subfolders.<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\AgentControlPanel.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HSLockdown.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MOMPerfSnapshotHelper.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\TestCloudConnection.exe` |
+|Windows 10, [version 1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803) or later (See [Windows 10 release information](https://docs.microsoft.com/windows/release-information/)<br/><br/>Windows 10, version 1703 or [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709) with [KB4493441](https://support.microsoft.com/help/4493441) installed <br/><br/>[Windows Server, version 1803](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803)<br/><br/>[Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019) |`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe`<br/>  |
+|[Windows 7](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/><br/>[Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/><br/>[Windows 8.1](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2) <br/><br/>[Windows Server 2012 R2](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/><br/>[Windows Server 2016](https://docs.microsoft.com/windows/release-information/status-windows-10-1607-and-windows-server-2016) |`C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 6\45\MsSenseS.exe`<br/><br/>**NOTE**: Where Monitoring Host Temporary Files 6\45 can be different numbered subfolders.<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\AgentControlPanel.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HSLockdown.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MOMPerfSnapshotHelper.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\TestCloudConnection.exe` |
 
 ## Add Symantec to your Microsoft Defender ATP exclusion list
 

From 39d46fc1da67555734171ff9711d83ab197dd047 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 17 Jun 2020 16:52:00 -0700
Subject: [PATCH 106/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 0f5b274b40..827314f64a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -72,7 +72,7 @@ Add the exclusions listed in the following table:
 
 |OS |Exclusions |
 |--|--|
-|Windows 10, [version 1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803) or later (See [Windows 10 release information](https://docs.microsoft.com/windows/release-information/)<br/><br/>Windows 10, version 1703 or [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709) with [KB4493441](https://support.microsoft.com/help/4493441) installed <br/><br/>[Windows Server, version 1803](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803)<br/><br/>[Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019) |`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe`<br/>  |
+|Windows 10, [version 1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803) or later (See [Windows 10 release information](https://docs.microsoft.com/windows/release-information))<br/><br/>Windows 10, version 1703 or [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709) with [KB4493441](https://support.microsoft.com/help/4493441) installed <br/><br/>[Windows Server, version 1803](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803)<br/><br/>[Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019) |`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe`<br/>  |
 |[Windows 7](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/><br/>[Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/><br/>[Windows 8.1](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2) <br/><br/>[Windows Server 2012 R2](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/><br/>[Windows Server 2016](https://docs.microsoft.com/windows/release-information/status-windows-10-1607-and-windows-server-2016) |`C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 6\45\MsSenseS.exe`<br/><br/>**NOTE**: Where Monitoring Host Temporary Files 6\45 can be different numbered subfolders.<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\AgentControlPanel.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HSLockdown.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MOMPerfSnapshotHelper.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\TestCloudConnection.exe` |
 
 ## Add Symantec to your Microsoft Defender ATP exclusion list

From b87ba434a5080be66c4234152cd29ea4bf42d024 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 17 Jun 2020 17:44:10 -0700
Subject: [PATCH 107/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 ...ymantec-to-microsoft-defender-atp-setup.md | 44 +++++++------------
 1 file changed, 15 insertions(+), 29 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 827314f64a..c56529eae2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -24,9 +24,9 @@ ms.topic: article
 |--|--|--|
 ||*You are here!* | |
 
-**Welcome to Part 2 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)**. This migration phase includes the following steps:
+**Welcome to Part 2 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)**. This phase includes the following steps:
 1. [Set Microsoft Defender ATP to passive mode](#set-microsoft-defender-atp-to-passive-mode).
-2. [Re-enable Microsoft Defender Antivirus](#enable-microsoft-defender-antivirus).
+2. [Enable Microsoft Defender Antivirus](#enable-microsoft-defender-antivirus).
 3. [Add Microsoft Defender ATP to the exclusion list for Symantec](#add-microsoft-defender-atp-to-the-exclusion-list-for-symantec).
 4. [Add Symantec to your Microsoft Defender ATP exclusion list](#add-symantec-to-your-microsoft-defender-atp-exclusion-list). 
 
@@ -66,9 +66,7 @@ Use one the methods listed in the following table:
 
 ## Add Microsoft Defender ATP to the exclusion list for Symantec
 
-This step of the migration process involves adding Microsoft Defender ATP to the exclusion list for Symantec and any other security products your organization is using.
-
-Add the exclusions listed in the following table:
+This step of the setup process involves adding Microsoft Defender ATP to the exclusion list for Symantec and any other security products your organization is using. The specific exclusions to add depend on which version of Windows your endpoints or devices are running, and are listed in the following table:
 
 |OS |Exclusions |
 |--|--|
@@ -77,34 +75,22 @@ Add the exclusions listed in the following table:
 
 ## Add Symantec to your Microsoft Defender ATP exclusion list
 
-*This is from the Word doc - needs revision and clarification*
+During this step of the setup process, you add Symantec and your other security solutions to the Microsoft Defender ATP exclusion list. You specify exclusions in Microsoft Defender AV and in Microsoft Defender ATP.
 
+### Add exclusions in Microsoft Defender AV
 
-Add Symantec and your other security solutions to the Microsoft Defender ATP EDR exclusion list.
+First, you add add path and process [exclusions to Microsoft Defender AV scans](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus). Keep the following points in mind:
+- Path exclusions exclude specific files and whatever those files access.
+- Process exclusions exclude whatever a process touches, but does not exclude the process itself.
+- If you list each executable (.exe) as both a path exclusion and a process exclusion, you can help ensure that the process and whatever it touches are excluded.
+- List your process exclusions using their full path and not by their name only. (The name-only method is less secure.)
 
-For MDATP (AV and EDR), there are two portions to exclude third-party security products.
+You can choose from several methods to add your exclusions to Microsoft Defender AV, as listed in the following table:
 
-
- 
-1.	You will need to add exclusions to Path and Process in the AV.
-Process exclusion vs Path exclusion...
-“Process exclusions” exclude everything a process touches but does not exclude the process itself from being scanned on access. Excluding the same EXE as both a “process” and “path exclusion” will exclude the file itself, as well as anything the file accesses. We discourage process exclusions that are 'name only' instead of full path, as they are less secure.
- 
-2.	And add in EDR, go to Indicator – File Hash.
-
-### MDAV/SCEP
-
-#### Option 1: In the Intune MDAV policies add the exclusions
- 
-Intune portal (portal.azure.com)
-Device Configuration -> Profiles -> [Select your profile for AV] -> Properties -> Settings -> Microsoft Defender Antivirus -> Microsoft Defender Antivirus Exclusions 
- 
-Files and folders
-       xxxxx
- 
-Processes
-       xxxxx
- 
+|Method | What to do|
+|--|--|
+|[Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune) |1. Go to the Azure portal [https://portal.azure.com](https://portal.azure.com) and sign in.<br/>2. In the list of Azure services, select **Intune**.<br/>3. Go to **Device Configuration** > **Profiles**, and then select your profile for AV. <br/>4. Go to **Properties** > **Settings** > **Microsoft Defender Antivirus** > **Microsoft Defender Antivirus Exclusions**.<br/>4. Set exclusions for files and folders. <br/>5. Set exclusions for processes. |
+|
 
 #### Option 2: In the SCCM MDAV/SCEP policies add the exclusions
 

From 260b59afd7ab357b7b9aab506ee99f9768d2cf43 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 17 Jun 2020 18:14:06 -0700
Subject: [PATCH 108/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md  | 16 +++-------------
 1 file changed, 3 insertions(+), 13 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index c56529eae2..955ef0d501 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -89,19 +89,9 @@ You can choose from several methods to add your exclusions to Microsoft Defender
 
 |Method | What to do|
 |--|--|
-|[Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune) |1. Go to the Azure portal [https://portal.azure.com](https://portal.azure.com) and sign in.<br/>2. In the list of Azure services, select **Intune**.<br/>3. Go to **Device Configuration** > **Profiles**, and then select your profile for AV. <br/>4. Go to **Properties** > **Settings** > **Microsoft Defender Antivirus** > **Microsoft Defender Antivirus Exclusions**.<br/>4. Set exclusions for files and folders. <br/>5. Set exclusions for processes. |
-|
-
-#### Option 2: In the SCCM MDAV/SCEP policies add the exclusions
-
-Assets and Compliance -> Endpoint Protection -> Antimalware Policies -> [Select the policy that you want to modify] -> Exclusion Settings  
-Excluded files and folders:
-xxxxx
-Excluded processes:
-xxxxx
-
-
-#### Option 3: Create a new GPO w/ the MDAV exclusions
+|[Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune) |1. Go to the Azure portal [https://portal.azure.com](https://portal.azure.com) and sign in.<br/>2. In the list of Azure services, select **Intune**.<br/>3. Go to **Device Configuration** > **Profiles**, and then select your profile for AV. If you need to create a profile, see [Create the profile](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-configure#create-the-profile).<br/>4. Go to **Properties**, and then edit your **Configuration settings**. <br/>5. Expand **Microsoft Defender Antivirus**, and then expand **Microsoft Defender Antivirus Exclusions**.<br/>6. **Settings** > **Microsoft Defender Antivirus** > **Microsoft Defender Antivirus Exclusions**.<br/>7. Specify the files and folders, extensions, and processes to exclude from Microsoft Defender AV scans. For examples of what to enter, see [Microsoft Defender AV exclusions](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions).  |
+|[Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/mem/configmgr/) |1. Using the [Configuration Manager console](https://docs.microsoft.com/mem/configmgr/core/servers/manage/admin-console), go to **Assets and Compliance** > **Endpoint Protection** > **Antimalware Policies**, and then select the policy that you want to modify. <br/>3. Specify exclusion settings for files and folders, extensions, and processes to exclude from Microsoft Defender AV scans. |
+|Group Policy Object | w/ the MDAV exclusions
 
 Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Exclusions
 Path Exclusions

From 98bdc9d0fb0da46544d442a9f801d4546a6d1ccd Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 17 Jun 2020 18:27:39 -0700
Subject: [PATCH 109/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md           | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 955ef0d501..85995a4a67 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -61,8 +61,8 @@ Use one the methods listed in the following table:
 |Method  |What to do  |
 |---------|---------|
 |Control Panel in Windows     |Follow the guidance here: [Turn on Microsoft Defender AV](https://docs.microsoft.com/mem/intune/user-help/turn-on-defender-windows).         |
-|[Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm/) <br/>or<br/>[Group Policy Management Console](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus)  |1. Go to `Computer configuration > Administrative templates > Windows components > Microsoft Defender Antivirus`. <br/>2. Look for a policy called **Turn off Microsoft Defender Antivirus**. <br/>3. Choose **Edit policy setting**, and make sure that policy is disabled. This enables Microsoft Defender Antivirus.  |
-|Registry Editor |1. As an administrator on the device, open Registry Editor.<br/>2. Navigate to `ComputerHKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender`.<br/>3. Look for a DWORD entry called `DisableAntiSpyware`. If the entry exists, change its value from **1** (Hexidecimal base) to **0**. <br/>4. Reboot the device. |
+|[Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm/) <br/>or<br/>[Group Policy Management Console](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus)  |1. Go to `Computer configuration > Administrative templates > Windows components > Microsoft Defender Antivirus`. <br/><br/>2. Look for a policy called **Turn off Microsoft Defender Antivirus**.<br/> <br/>3. Choose **Edit policy setting**, and make sure that policy is disabled. This enables Microsoft Defender Antivirus.  |
+|Registry Editor |1. As an administrator on the device, open Registry Editor.<br/><br/>2. Navigate to `ComputerHKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender`.<br/><br/>3. Look for a DWORD entry called `DisableAntiSpyware`. If the entry exists, change its value from **1** (Hexidecimal base) to **0**. <br/><br/>4. Reboot the device. |
 
 ## Add Microsoft Defender ATP to the exclusion list for Symantec
 
@@ -89,8 +89,8 @@ You can choose from several methods to add your exclusions to Microsoft Defender
 
 |Method | What to do|
 |--|--|
-|[Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune) |1. Go to the Azure portal [https://portal.azure.com](https://portal.azure.com) and sign in.<br/>2. In the list of Azure services, select **Intune**.<br/>3. Go to **Device Configuration** > **Profiles**, and then select your profile for AV. If you need to create a profile, see [Create the profile](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-configure#create-the-profile).<br/>4. Go to **Properties**, and then edit your **Configuration settings**. <br/>5. Expand **Microsoft Defender Antivirus**, and then expand **Microsoft Defender Antivirus Exclusions**.<br/>6. **Settings** > **Microsoft Defender Antivirus** > **Microsoft Defender Antivirus Exclusions**.<br/>7. Specify the files and folders, extensions, and processes to exclude from Microsoft Defender AV scans. For examples of what to enter, see [Microsoft Defender AV exclusions](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions).  |
-|[Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/mem/configmgr/) |1. Using the [Configuration Manager console](https://docs.microsoft.com/mem/configmgr/core/servers/manage/admin-console), go to **Assets and Compliance** > **Endpoint Protection** > **Antimalware Policies**, and then select the policy that you want to modify. <br/>3. Specify exclusion settings for files and folders, extensions, and processes to exclude from Microsoft Defender AV scans. |
+|[Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune) |1. Go to the Azure portal [https://portal.azure.com](https://portal.azure.com) and sign in.<br/><br/>2. In the list of Azure services, select **Intune**.<br/><br/>3. Go to **Device Configuration** > **Profiles**, and then select your profile for AV. If you need to create a profile, see [Create the profile](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-configure#create-the-profile).<br/><br/>4. Go to **Properties**, and then edit your **Configuration settings**. <br/><br/>5. Expand **Microsoft Defender Antivirus**, and then expand **Microsoft Defender Antivirus Exclusions**.<br/><br/>6. **Settings** > **Microsoft Defender Antivirus** > **Microsoft Defender Antivirus Exclusions**.<br/><br/>7. Specify the files and folders, extensions, and processes to exclude from Microsoft Defender AV scans. For examples of what to enter, see [Microsoft Defender AV exclusions](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions).  |
+|[Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/mem/configmgr/) |1. Using the [Configuration Manager console](https://docs.microsoft.com/mem/configmgr/core/servers/manage/admin-console), go to **Assets and Compliance** > **Endpoint Protection** > **Antimalware Policies**, and then select the policy that you want to modify. <br/><br/>2. Specify exclusion settings for files and folders, extensions, and processes to exclude from Microsoft Defender AV scans. |
 |Group Policy Object | w/ the MDAV exclusions
 
 Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Exclusions

From 1fb6f1158700837710ce3712216da933a17b1311 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 17 Jun 2020 18:32:34 -0700
Subject: [PATCH 110/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 ...ymantec-to-microsoft-defender-atp-setup.md | 25 +++----------------
 1 file changed, 3 insertions(+), 22 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 85995a4a67..6842bb4dd4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -91,28 +91,9 @@ You can choose from several methods to add your exclusions to Microsoft Defender
 |--|--|
 |[Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune) |1. Go to the Azure portal [https://portal.azure.com](https://portal.azure.com) and sign in.<br/><br/>2. In the list of Azure services, select **Intune**.<br/><br/>3. Go to **Device Configuration** > **Profiles**, and then select your profile for AV. If you need to create a profile, see [Create the profile](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-configure#create-the-profile).<br/><br/>4. Go to **Properties**, and then edit your **Configuration settings**. <br/><br/>5. Expand **Microsoft Defender Antivirus**, and then expand **Microsoft Defender Antivirus Exclusions**.<br/><br/>6. **Settings** > **Microsoft Defender Antivirus** > **Microsoft Defender Antivirus Exclusions**.<br/><br/>7. Specify the files and folders, extensions, and processes to exclude from Microsoft Defender AV scans. For examples of what to enter, see [Microsoft Defender AV exclusions](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions).  |
 |[Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/mem/configmgr/) |1. Using the [Configuration Manager console](https://docs.microsoft.com/mem/configmgr/core/servers/manage/admin-console), go to **Assets and Compliance** > **Endpoint Protection** > **Antimalware Policies**, and then select the policy that you want to modify. <br/><br/>2. Specify exclusion settings for files and folders, extensions, and processes to exclude from Microsoft Defender AV scans. |
-|Group Policy Object | w/ the MDAV exclusions
-
-Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Exclusions
-Path Exclusions
-    xxxxx
-Process Exclusions
-    xxxxx
-
-#### Option 4: Local gpo
-
-You could setup the 3rd party security product exclusions (SEP or Tanium) on 1 machine by going to:
-              Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Exclusions
-              Path Exclusions
-                           xxxxx
-              Process Exclusions
-                           xxxxx
-
-#### Option 5: Export the following registry key:
- 
-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\exclusions
- 
-And import it in as a “regedit.exe /s MDAV_Exclusion.reg”
+|Group Policy Object | Go to Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Exclusions. Specify path and process exclusions. |
+|Local group policy object |You could setup the 3rd party security product exclusions (SEP or Tanium) on 1 machine by going to Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Exclusions. Specify your path and process exclusions. |
+|Registry key |Export the following registry key: `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\exclusions`. Then import it as a `regedit.exe /s MDAV_Exclusion.reg` |
 
 ### MD ATP (EDR)
 

From 156ca26ec6f94a6c74ebbcbe527588d84f35a336 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 17 Jun 2020 18:33:12 -0700
Subject: [PATCH 111/331] Update TOC.md

---
 windows/security/threat-protection/TOC.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 679a09e7a6..6bd5d92cb5 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -596,9 +596,9 @@
 ### [Migration guides]()
 #### [Migrate from Symantec to Microsoft Defender ATP]()
 ##### [Overview and planning](microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md)
-##### [Part 1: Prepare for your migration](microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md)
-##### [Part 2: Set up Microsoft Defender ATP](microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md)
-##### [Part 3: Onboard to Microsoft Defender ATP](microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md)
+##### [Prepare for your migration](microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md)
+##### [Set up Microsoft Defender ATP](microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md)
+##### [Onboard to Microsoft Defender ATP](microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md)
 #### [Manage Microsoft Defender ATP post migration](microsoft-defender-atp/microsoft-defender-atp-post-migration-management.md)
 
 ### [Partner integration scenarios]()

From edbcd60bf3d35917b415626f379e3b70edd294fc Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 17 Jun 2020 18:55:29 -0700
Subject: [PATCH 112/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md              | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 6842bb4dd4..825243a844 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -127,10 +127,13 @@ MDATP “Advanced Hunting”
  
 Note:  Change the “Last 7 days” to “Last 30 days”
  
+```
 find in (FileCreationEvents, ProcessCreationEvents, MiscEvents, RegistryEvents, NetworkCommunicationEvents, ImageLoadEvents)
 where InitiatingProcessFileName has 'notepad.exe'
 | project EventTime, ComputerName, InitiatingProcessSHA256, InitiatingProcessFolderPath, InitiatingProcessCommandLine
 | distinct InitiatingProcessSHA256
+```
+
 Note:    Replace notepad.exe with the 3rd party security product process name.
 Note 2:  We added ‘distinct’ query which shows just the unique SHA256’s.
               
@@ -151,7 +154,7 @@ Type:
 File(c:\\windows\\notepad.exe)
 | project Hash
 
-<br/><br/><br/><br/>
+<br/><br/>
 
 **Congratulations**! You have completed part 2 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)!
 

From 7b3d7a8301ae8d208f31800fb3de28b66b49631b Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 17 Jun 2020 19:02:29 -0700
Subject: [PATCH 113/331] more fixes

---
 .../symantec-to-microsoft-defender-atp-migration.md    |  2 +-
 .../symantec-to-microsoft-defender-atp-onboard.md      |  6 +++---
 .../symantec-to-microsoft-defender-atp-prepare.md      | 10 +++++-----
 .../symantec-to-microsoft-defender-atp-setup.md        |  6 +++---
 4 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index 7e188d2dcc..93c7fc0beb 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -56,4 +56,4 @@ The following table lists features and capabilities of Microsoft Defender ATP:
 
 ## Next step
 
-When you are ready to begin your migration, proceed to [Migrate from Symantec - Part 1: Prepare for your migration](symantec-to-microsoft-defender-atp-prepare.md).
+When you are ready to begin your migration, proceed to [Migrate from Symantec - Phase 1: Prepare for your migration](symantec-to-microsoft-defender-atp-prepare.md).
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 24c12d1616..fe448acc48 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -1,5 +1,5 @@
 ---
-title: Part 3 - Onboard to Microsoft Defender ATP
+title: Phase 3 - Onboard to Microsoft Defender ATP
 description: Make the switch from Symantec to Microsoft Defender ATP
 keywords: migration, windows defender advanced threat protection, atp, edr
 search.product: eADQiWindows 10XVcnh
@@ -17,7 +17,7 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Migrate from Symantec - Part 3: Onboard to Microsoft Defender ATP
+# Migrate from Symantec - Phase 3: Onboard to Microsoft Defender ATP
 
 
 |[![Phase 1: Prepare](images/prepare.png)](symantec-to-microsoft-defender-atp-prepare.md)<br/>[Phase 1: Prepare](symantec-to-microsoft-defender-atp-prepare.md) |[![Phase 2: Set up](images/setup.png)](symantec-to-microsoft-defender-atp-setup.md)<br/>[Phase 2: Set up](symantec-to-microsoft-defender-atp-setup.md) |![Phase 3: Onboard](images/onboard.png)<br/>Phase 3: Onboard |
@@ -25,7 +25,7 @@ ms.topic: article
 || |*You are here!* |
 
 
-**Welcome to Part 3 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)**. This migration phase includes the following steps:
+**Welcome to Phase 3 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)**. This migration phase includes the following steps:
 - [Set up your device groups, device collections, and organizational units](#set-up-your-device-groups-device-collections-and-organizational-units) 
 - [Deploy Microsoft Defender ATP and uninstall Symantec](#deploy-microsoft-defender-atp-and-uninstall-symantec)
 - [Onboard devices to Microsoft Defender ATP](#onboard-devices-to-microsoft-defender-atp)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
index 651033a4d5..44a73155ba 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
@@ -1,6 +1,6 @@
 ---
-title: Part 1 - Plan your migration to Microsoft Defender ATP
-description: Part 1 of "Make the switch from Symantec to Microsoft Defender ATP"
+title: Phase 1 - Plan your migration to Microsoft Defender ATP
+description: Phase 1 of "Make the switch from Symantec to Microsoft Defender ATP"
 keywords: migration, windows defender advanced threat protection, atp, edr
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -17,7 +17,7 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Migrate from Symantec - Part 1: Prepare for your migration
+# Migrate from Symantec - Phase 1: Prepare for your migration
 
 |![Phase 1: Prepare](images/prepare.png)<br/>Phase 1: Prepare |[![Phase 2: Set up](images/setup.png)](symantec-to-microsoft-defender-atp-setup.md)<br/>[Phase 2: Set up](symantec-to-microsoft-defender-atp-setup.md) |[![Phase 3: Onboard](images/onboard.png)](symantec-to-microsoft-defender-atp-onboard.md)<br/>[Phase 3: Onboard](symantec-to-microsoft-defender-atp-onboard.md) |
 |--|--|--|
@@ -77,11 +77,11 @@ To enable communication between your devices and Microsoft Defender ATP, configu
 
 <br/>
 
-**Congratulations**! You have completed part 1 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)!
+**Congratulations**! You have completed Phase 1 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)!
 
 ## Next step
 
-- [Proceed to Part 2: Set up Microsoft Defender ATP](symantec-to-microsoft-defender-atp-setup.md)
+- [Proceed to Phase 2: Set up Microsoft Defender ATP](symantec-to-microsoft-defender-atp-setup.md)
 
 
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 825243a844..35dd392d3c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -1,6 +1,6 @@
 ---
-title: Part 2 - Set up Microsoft Defender ATP
-description: Part 2 - Set up Microsoft Defender ATP
+title: Phase 2 - Set up Microsoft Defender ATP
+description: Phase 2 - Set up Microsoft Defender ATP
 keywords: migration, windows defender advanced threat protection, atp, edr
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -17,7 +17,7 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Migrate from Symantec - Part 2: Set up Microsoft Defender ATP
+# Migrate from Symantec - Phase 2: Set up Microsoft Defender ATP
 
 
 |[![Phase 1: Prepare](images/prepare.png)](symantec-to-microsoft-defender-atp-prepare.md)<br/>[Phase 1: Prepare](symantec-to-microsoft-defender-atp-prepare.md) |![Phase 2: Set up](images/setup.png)<br/>Phase 2: Set up |[![Phase 3: Onboard](images/onboard.png)](symantec-to-microsoft-defender-atp-onboard.md)<br/>[Phase 3: Onboard](symantec-to-microsoft-defender-atp-onboard.md) |

From a21d8abe2769eadf02cf0e8443637186e038f11a Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 17 Jun 2020 19:41:33 -0700
Subject: [PATCH 114/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md  | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 35dd392d3c..a994f3b80c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -28,7 +28,7 @@ ms.topic: article
 1. [Set Microsoft Defender ATP to passive mode](#set-microsoft-defender-atp-to-passive-mode).
 2. [Enable Microsoft Defender Antivirus](#enable-microsoft-defender-antivirus).
 3. [Add Microsoft Defender ATP to the exclusion list for Symantec](#add-microsoft-defender-atp-to-the-exclusion-list-for-symantec).
-4. [Add Symantec to your Microsoft Defender ATP exclusion list](#add-symantec-to-your-microsoft-defender-atp-exclusion-list). 
+4. [Add Symantec to the exclusion list for Microsoft Defender ATP](#add-symantec-to-the-exclusion-list-for-microsoft-defender-atp). 
 
 ## Set Microsoft Defender ATP to passive mode
 
@@ -73,26 +73,26 @@ This step of the setup process involves adding Microsoft Defender ATP to the exc
 |Windows 10, [version 1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803) or later (See [Windows 10 release information](https://docs.microsoft.com/windows/release-information))<br/><br/>Windows 10, version 1703 or [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709) with [KB4493441](https://support.microsoft.com/help/4493441) installed <br/><br/>[Windows Server, version 1803](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803)<br/><br/>[Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019) |`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe`<br/>  |
 |[Windows 7](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/><br/>[Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/><br/>[Windows 8.1](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2) <br/><br/>[Windows Server 2012 R2](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/><br/>[Windows Server 2016](https://docs.microsoft.com/windows/release-information/status-windows-10-1607-and-windows-server-2016) |`C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 6\45\MsSenseS.exe`<br/><br/>**NOTE**: Where Monitoring Host Temporary Files 6\45 can be different numbered subfolders.<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\AgentControlPanel.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HSLockdown.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MOMPerfSnapshotHelper.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\TestCloudConnection.exe` |
 
-## Add Symantec to your Microsoft Defender ATP exclusion list
+## Add Symantec to the exclusion list for Microsoft Defender ATP
 
-During this step of the setup process, you add Symantec and your other security solutions to the Microsoft Defender ATP exclusion list. You specify exclusions in Microsoft Defender AV and in Microsoft Defender ATP.
+During this step of the setup process, you add Symantec and your other security solutions to the Microsoft Defender ATP exclusion list. You specify exclusions in both Microsoft Defender AV and Microsoft Defender ATP.
 
 ### Add exclusions in Microsoft Defender AV
 
-First, you add add path and process [exclusions to Microsoft Defender AV scans](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus). Keep the following points in mind:
+When you add [exclusions to Microsoft Defender AV scans](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus), you should add path and process exclusions. Keep the following points in mind:
 - Path exclusions exclude specific files and whatever those files access.
 - Process exclusions exclude whatever a process touches, but does not exclude the process itself.
-- If you list each executable (.exe) as both a path exclusion and a process exclusion, you can help ensure that the process and whatever it touches are excluded.
+- If you list each executable (.exe) as both a path exclusion and a process exclusion, you can help ensure that the process and whatever it touches are all excluded.
 - List your process exclusions using their full path and not by their name only. (The name-only method is less secure.)
 
 You can choose from several methods to add your exclusions to Microsoft Defender AV, as listed in the following table:
 
 |Method | What to do|
 |--|--|
-|[Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune) |1. Go to the Azure portal [https://portal.azure.com](https://portal.azure.com) and sign in.<br/><br/>2. In the list of Azure services, select **Intune**.<br/><br/>3. Go to **Device Configuration** > **Profiles**, and then select your profile for AV. If you need to create a profile, see [Create the profile](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-configure#create-the-profile).<br/><br/>4. Go to **Properties**, and then edit your **Configuration settings**. <br/><br/>5. Expand **Microsoft Defender Antivirus**, and then expand **Microsoft Defender Antivirus Exclusions**.<br/><br/>6. **Settings** > **Microsoft Defender Antivirus** > **Microsoft Defender Antivirus Exclusions**.<br/><br/>7. Specify the files and folders, extensions, and processes to exclude from Microsoft Defender AV scans. For examples of what to enter, see [Microsoft Defender AV exclusions](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions).  |
+|[Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune) |1. Go to the Azure portal [https://portal.azure.com](https://portal.azure.com) and sign in.<br/><br/>2. In the list of Azure services, select **Intune**.<br/><br/>3. Go to **Device Configuration** > **Profiles**, and then select your profile for AV. If you need to create a profile, see [Create the profile](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-configure#create-the-profile).<br/><br/>4. Go to **Properties**, and then edit your **Configuration settings**. <br/><br/>5. Expand **Microsoft Defender Antivirus**, and then expand **Microsoft Defender Antivirus Exclusions**.<br/><br/>6. **Settings** > **Microsoft Defender Antivirus** > **Microsoft Defender Antivirus Exclusions**.<br/><br/>7. Specify the files and folders, extensions, and processes to exclude from Microsoft Defender AV scans. For reference, see [Microsoft Defender AV exclusions](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions).  |
 |[Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/mem/configmgr/) |1. Using the [Configuration Manager console](https://docs.microsoft.com/mem/configmgr/core/servers/manage/admin-console), go to **Assets and Compliance** > **Endpoint Protection** > **Antimalware Policies**, and then select the policy that you want to modify. <br/><br/>2. Specify exclusion settings for files and folders, extensions, and processes to exclude from Microsoft Defender AV scans. |
-|Group Policy Object | Go to Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Exclusions. Specify path and process exclusions. |
-|Local group policy object |You could setup the 3rd party security product exclusions (SEP or Tanium) on 1 machine by going to Computer Configuration -> Administrative Templates -> Windows Components -> Windows Defender Antivirus -> Exclusions. Specify your path and process exclusions. |
+|[Group Policy Object](https://docs.microsoft.com/previous-versions/windows/desktop/Policy/group-policy-objects) |  |
+|Local group policy object |1. On the endpoint or device, open the Local Group Policy Editor. <br/><br/>2. Go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **Exclusions**. <br/><br/>3. Specify your path and process exclusions. |
 |Registry key |Export the following registry key: `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\exclusions`. Then import it as a `regedit.exe /s MDAV_Exclusion.reg` |
 
 ### MD ATP (EDR)

From 4ab8d1a5198be5e8000e46764b416688e05f0292 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 17 Jun 2020 19:51:13 -0700
Subject: [PATCH 115/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index a994f3b80c..df7e05bdd3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -91,7 +91,7 @@ You can choose from several methods to add your exclusions to Microsoft Defender
 |--|--|
 |[Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune) |1. Go to the Azure portal [https://portal.azure.com](https://portal.azure.com) and sign in.<br/><br/>2. In the list of Azure services, select **Intune**.<br/><br/>3. Go to **Device Configuration** > **Profiles**, and then select your profile for AV. If you need to create a profile, see [Create the profile](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-configure#create-the-profile).<br/><br/>4. Go to **Properties**, and then edit your **Configuration settings**. <br/><br/>5. Expand **Microsoft Defender Antivirus**, and then expand **Microsoft Defender Antivirus Exclusions**.<br/><br/>6. **Settings** > **Microsoft Defender Antivirus** > **Microsoft Defender Antivirus Exclusions**.<br/><br/>7. Specify the files and folders, extensions, and processes to exclude from Microsoft Defender AV scans. For reference, see [Microsoft Defender AV exclusions](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions).  |
 |[Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/mem/configmgr/) |1. Using the [Configuration Manager console](https://docs.microsoft.com/mem/configmgr/core/servers/manage/admin-console), go to **Assets and Compliance** > **Endpoint Protection** > **Antimalware Policies**, and then select the policy that you want to modify. <br/><br/>2. Specify exclusion settings for files and folders, extensions, and processes to exclude from Microsoft Defender AV scans. |
-|[Group Policy Object](https://docs.microsoft.com/previous-versions/windows/desktop/Policy/group-policy-objects) |  |
+|[Group Policy Object](https://docs.microsoft.com/previous-versions/windows/desktop/Policy/group-policy-objects) | 1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.<br/><br/>2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.<br/><br/>3. Expand the tree to **Windows components > Microsoft Defender Antivirus > Exclusions**.<br/><br/>4. Double-click the **Path Exclusions** setting and add the exclusions.<br/>- Set the option to **Enabled**.<br/>- Under the **Options** section, click **Show...**.<br/>- Specify each folder on its own line under the **Value name** column.<br/>- If you are specifying a file, ensure you enter a fully qualified path to the file, including the drive letter, folder path, filename, and extension. Enter **0** in the **Value** column.<br/><br/>5. Click **OK**.<br/><br/>6. Double-click the **Extension Exclusions** setting and add the exclusions.<br/>- Set the option to **Enabled**.<br/>- Under the **Options** section, click **Show...**.<br/>- Enter each file extension on its own line under the **Value name** column.  Enter **0** in the **Value** column.<br/><br/>7. Click **OK**. |
 |Local group policy object |1. On the endpoint or device, open the Local Group Policy Editor. <br/><br/>2. Go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **Exclusions**. <br/><br/>3. Specify your path and process exclusions. |
 |Registry key |Export the following registry key: `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\exclusions`. Then import it as a `regedit.exe /s MDAV_Exclusion.reg` |
 

From c2455016df53fbe1dfe4dd2c6a1e48504274405a Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 17 Jun 2020 19:56:31 -0700
Subject: [PATCH 116/331] Update
 symantec-to-microsoft-defender-atp-migration.md

---
 .../symantec-to-microsoft-defender-atp-migration.md           | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index 93c7fc0beb..5b42b81f7c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -28,7 +28,7 @@ The process of switching from Symantec to Microsoft Defender ATP can be divided
 |Phase |Description |
 |--|--|
 |[![Phase 1: Prepare](images/prepare.png)](symantec-to-microsoft-defender-atp-prepare.md)<br/>[Prepare for your migration](symantec-to-microsoft-defender-atp-prepare.md) |During this phase, you get Microsoft Defender ATP, plan your roles and permissions, and grant access to the Microsoft Defender Security Center. |
-|[![Phase 2: Set up](images/setup.png)](symantec-to-microsoft-defender-atp-setup.md)<br/>[Set up Microsoft Defender ATP](symantec-to-microsoft-defender-atp-setup.md) |During this phase, you configure settings and exclusions for both Microsoft Defender ATP and Symantec Endpoint Protection. |
+|[![Phase 2: Set up](images/setup.png)](symantec-to-microsoft-defender-atp-setup.md)<br/>[Set up Microsoft Defender ATP](symantec-to-microsoft-defender-atp-setup.md) |During this phase, you configure settings and exclusions for both Microsoft Defender Antivirus, Microsoft Defender ATP, and Symantec Endpoint Protection. |
 |[![Phase 3: Onboard](images/onboard.png)](symantec-to-microsoft-defender-atp-onboard.md)<br/>[Onboard to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-onboard.md) |During this phase, you onboard your devices to Microsoft Defender ATP and then uninstall Symantec. |
 
 After you have Microsoft Defender ATP set up and deployed, you can [manage the various features and capabilities](microsoft-defender-atp-post-migration-management.md).
@@ -56,4 +56,4 @@ The following table lists features and capabilities of Microsoft Defender ATP:
 
 ## Next step
 
-When you are ready to begin your migration, proceed to [Migrate from Symantec - Phase 1: Prepare for your migration](symantec-to-microsoft-defender-atp-prepare.md).
+When you are ready to begin your migration, proceed to [Phase 1: Prepare for your migration](symantec-to-microsoft-defender-atp-prepare.md).

From b208533e880bf27d9f5b1e72880807ae0aeaf9c4 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 17 Jun 2020 20:29:38 -0700
Subject: [PATCH 117/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 ...ymantec-to-microsoft-defender-atp-setup.md | 72 ++++++++++---------
 1 file changed, 40 insertions(+), 32 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index df7e05bdd3..88b602c688 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -77,7 +77,7 @@ This step of the setup process involves adding Microsoft Defender ATP to the exc
 
 During this step of the setup process, you add Symantec and your other security solutions to the Microsoft Defender ATP exclusion list. You specify exclusions in both Microsoft Defender AV and Microsoft Defender ATP.
 
-### Add exclusions in Microsoft Defender AV
+### Add exclusions to Microsoft Defender AV
 
 When you add [exclusions to Microsoft Defender AV scans](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus), you should add path and process exclusions. Keep the following points in mind:
 - Path exclusions exclude specific files and whatever those files access.
@@ -95,49 +95,57 @@ You can choose from several methods to add your exclusions to Microsoft Defender
 |Local group policy object |1. On the endpoint or device, open the Local Group Policy Editor. <br/><br/>2. Go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **Exclusions**. <br/><br/>3. Specify your path and process exclusions. |
 |Registry key |Export the following registry key: `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\exclusions`. Then import it as a `regedit.exe /s MDAV_Exclusion.reg` |
 
-### MD ATP (EDR)
+### Add exclusions to Microsoft Defender ATP
 
-Indicators – Hash
-Settings -> Indicators ->File hashes tab -> Add indicator
-In the “Indicator” tab
-File hash
-Never
-Click on Next 
-In the “Action” tab
-Response Action: Allow
-Title:
-Description:
-Click on Next
-In the “Scope” tab
-Machine groups:
-All machines in my scope
-or
-Select from list
-Click on Next
-In the “Summary” tab
-Review
-Click on “Save”
+To add exclusions to Microsoft Defender ATP, you create [indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators#create-indicators-for-files).
 
-*More notes in the Word document:*
+1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in.
 
-How can I find the file hashes of my 3rd party security products?
-There are a few methods, in this e-mail, we will talk about the MDATP “Advanced Hunting” functionality and SCCM’s CMPivot.
+2. In the navigation pane, choose **Settings** > **Rules** > **Indicators**.
+
+3.  On the **File hashes** tab, choose **Add indicator**.
+
+3. On the **Indicator** tab, specify the following settings:
+   - File hash (Need help finding this? See [Find the file hashes of your security solutions](#find-the-file-hashes-of-your-security-solutions) section in this article.)
+   - Under **Expires on (UTC)**, choose **Never**.
+
+4. On the **Action** tab, specify the following settings:
+   - **Response Action**: **Allow**
+   - Title and description
+
+5. On the **Scope** tab, under **Device groups**, select either **All devices in my scope** or **Select from list**.
+
+6. On the **Summary** tab, review the settings, and then click **Save**.
+
+#### Find the file hashes of your security solutions
+
+You can find the file hashes of your third-party security products by using one of the following methods:
+- [Advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview) in Microsoft Defender ATP
+- [CMPivot](https://docs.microsoft.com/mem/configmgr/core/servers/manage/cmpivot-overview) in Configuration Manager
+
+##### Microsoft Defender ATP Advanced Hunting
  
-MDATP “Advanced Hunting”
+Advanced hunting is a query-based threat-hunting tool that lets you explore raw data for the last 30 days. You can use Kusto syntax and operators to construct queries that locate information in the schema specifically structured for advanced hunting. To learn more, see [Learn the advanced hunting query language](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language).
+
+Here's an example query that you can use to find the file hashes for your security solutions: 
  
-Note:  Change the “Last 7 days” to “Last 30 days”
- 
-```
+```kusto
 find in (FileCreationEvents, ProcessCreationEvents, MiscEvents, RegistryEvents, NetworkCommunicationEvents, ImageLoadEvents)
 where InitiatingProcessFileName has 'notepad.exe'
 | project EventTime, ComputerName, InitiatingProcessSHA256, InitiatingProcessFolderPath, InitiatingProcessCommandLine
 | distinct InitiatingProcessSHA256
 ```
 
-Note:    Replace notepad.exe with the 3rd party security product process name.
-Note 2:  We added ‘distinct’ query which shows just the unique SHA256’s.
+> [!NOTE]
+> In the query above, replace *notepad.exe* with the your third-party security product process name. 
+>
+> In our example query, we added the *distinct* query which shows just the unique SHA256’s.
               
-SCCM CMPivot
+##### CMPivot in Configuration Manager
+
+CMPivot is an in-console utility that provides access to real-time state of devices in your environment. It immediately runs a query on all currently connected devices in the target collection and returns the results. To learn more, see [CMPivot overview](https://docs.microsoft.com/mem/configmgr/core/servers/manage/cmpivot-overview).
+
+1. Review the [prerequisites](https://docs.microsoft.com/mem/configmgr/core/servers/manage/cmpivot#prerequisites).
  
 Pre-req
 Install CMPivot

From 085ea4be65ec0848317cbcaa4ec37321504c387d Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 17 Jun 2020 20:40:08 -0700
Subject: [PATCH 118/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 ...ymantec-to-microsoft-defender-atp-setup.md | 30 ++++++++++---------
 1 file changed, 16 insertions(+), 14 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 88b602c688..d3dc14b45a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -146,27 +146,29 @@ where InitiatingProcessFileName has 'notepad.exe'
 CMPivot is an in-console utility that provides access to real-time state of devices in your environment. It immediately runs a query on all currently connected devices in the target collection and returns the results. To learn more, see [CMPivot overview](https://docs.microsoft.com/mem/configmgr/core/servers/manage/cmpivot-overview).
 
 1. Review the [prerequisites](https://docs.microsoft.com/mem/configmgr/core/servers/manage/cmpivot#prerequisites).
+
+2. [Start CMPivot](https://docs.microsoft.com/mem/configmgr/core/servers/manage/cmpivot#start-cmpivot). 
+
+3. Connect to Configuration Manager (`SCCM_ServerName.DomainName.com`).
+
+4. Select the **Query** tab.
  
-Pre-req
-Install CMPivot
-C:\Program Files\Microsoft Configuration Manager\tools\CMPivot \cmpivot.msi
- 
-Start, CMPivot (Run as admin)
-Connect to your SCCM server (SCCM_ServerName.DomainName.com)
-Click on Connect
- 
-Click on the “Query tab”
- 
-Select the “Device Collection” (drop down, All Systems (default)).
-Type:
+5. Select **Device Collection** drop down, and choose **All Systems (default)**.
+
+6. In the query box, type the following query:<br/>
+
+```kusto
 File(c:\\windows\\notepad.exe)
 | project Hash
+```
+> [!NOTE]
+> In the query above, replace *notepad.exe* with the your third-party security product process name. 
 
 <br/><br/>
 
-**Congratulations**! You have completed part 2 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)!
+**Congratulations**! You have completed the Setup phase of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)!
 
 
 ## Next step
 
-- [Proceed to Part 3: Finish making the switch to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-onboard.md)
+- [Proceed to Phase 3: Onboard to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-onboard.md)

From 731d2bab4bf4af242ea51c275e96946957e1a2fe Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 17 Jun 2020 21:46:10 -0700
Subject: [PATCH 119/331] Update
 symantec-to-microsoft-defender-atp-migration.md

---
 ...ntec-to-microsoft-defender-atp-migration.md | 18 ++++--------------
 1 file changed, 4 insertions(+), 14 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index 5b42b81f7c..7c5cb169a1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -35,25 +35,15 @@ After you have Microsoft Defender ATP set up and deployed, you can [manage the v
 
 ## What's included in Microsoft Defender ATP?
 
-If you are new to Microsoft Defender ATP, you might be wondering what all is included. Microsoft Defender ATP is more than endpoint protection and antivirus. Microsoft Defender ATP is a unified platform for preventative protection, post-breach detection, automated investigation, and response. 
+Microsoft Defender ATP is more than endpoint protection and antivirus. Microsoft Defender ATP is a unified platform for preventative protection, post-breach detection, automated investigation, and response. 
 
-The following table lists features and capabilities of Microsoft Defender ATP:
+Watch the following video to get an overview:
 
-| Feature/Capability | Description |
-|---|---|
-| [Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) | Threat & Vulnerability Management capabilities helps identify, assess, and remediate weaknesses across your endpoints (such as devices). |
-| [Attack surface reduction](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction) | Attack surface reduction rules help protect your organization's devices and applications from cyberthreats and attacks. |
-| [Next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) | Next-generation protection includes Microsoft Defender Antivirus to help block threats and malware. |
-| [Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) | Endpoint detection and response capabilities detect, investigate, and respond to intrusion attempts and active breaches.  |
-| [Advanced hunting](advanced-hunting-overview.md) | Advanced hunting capabilities enable your security operations team to locate indicators and entities of known or potential threats. |
-| [Behavioral blocking and containment](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment) | Behavioral blocking and containment capabilities help identify and stop threats, based on their behaviors and process trees even when the threat has started execution. |
-| [Automated investigation and remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations) | Automated investigation and response capabilities examine alerts and take immediate remediation action to resolve breaches. |
-| [Threat hunting service](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts) (Microsoft Threat Experts) | Threat hunting services provide security operations teams with expert level monitoring and analysis, and to help ensure that critical threats aren't missed. |
+>[!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4obJq]
 
-<br/>
 
 **Want to learn more? See [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection).**
 
 ## Next step
 
-When you are ready to begin your migration, proceed to [Phase 1: Prepare for your migration](symantec-to-microsoft-defender-atp-prepare.md).
+When you are ready to begin your migration, proceed to [Prepare for your migration](symantec-to-microsoft-defender-atp-prepare.md).

From 42f084b48f82816f51d6bca82962d8914579881f Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 17 Jun 2020 21:49:38 -0700
Subject: [PATCH 120/331] Update symantec-to-microsoft-defender-atp-prepare.md

---
 .../symantec-to-microsoft-defender-atp-prepare.md      | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
index 44a73155ba..85a3c4bba1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
@@ -67,9 +67,9 @@ To enable communication between your devices and Microsoft Defender ATP, configu
 
 |Capabilities  | Operating System | Resources |
 |--|--|--|
-|Endpoint detection and response (EDR) | Windows 10 <br/>Windows Server 1803 or later <br/>Windows Server 2019 |[Configure machine proxy and Internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet) |
-|EDR |Windows 7 SP1 <br/>Windows Server 2008 R2 SP1 <br/>Windows 8.1 <br/>Windows Server 2012 R2<br/>Windows Server 2016 |[Configure proxy and Internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#configure-proxy-and-internet-connectivity-settings) |
-|EDR  |macOS <br/>10.15 (Catalina) <br/>10.14 (Mojave) <br/>10.13 (High Sierra)  |[Microsoft Defender ATP for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
+|Endpoint detection and response (EDR) | Windows 10 <br/><br/>Windows Server 1803 or later <br/><br/>Windows Server 2019 |[Configure machine proxy and Internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet) |
+|EDR |Windows 7 SP1 <br/><br/>Windows Server 2008 R2 SP1<br/> <br/>Windows 8.1<br/> <br/>Windows Server 2012 R2<br/><br/>Windows Server 2016 |[Configure proxy and Internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#configure-proxy-and-internet-connectivity-settings) |
+|EDR  |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra)  |[Microsoft Defender ATP for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
 |EDR |Linux |[Microsoft Defender ATP for Linux: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux#network-connections) |
 |Antivirus (AV) |Windows |[Configure and validate Microsoft Defender Antivirus network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus)<br/> |
 |AV |macOS |[Microsoft Defender ATP for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
@@ -77,11 +77,11 @@ To enable communication between your devices and Microsoft Defender ATP, configu
 
 <br/>
 
-**Congratulations**! You have completed Phase 1 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)!
+**Congratulations**! You have completed the Prepare phase of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)!
 
 ## Next step
 
-- [Proceed to Phase 2: Set up Microsoft Defender ATP](symantec-to-microsoft-defender-atp-setup.md)
+- [Proceed to set up Microsoft Defender ATP](symantec-to-microsoft-defender-atp-setup.md)
 
 
 

From a6ce4af0534e34e93035636962d2e0de20879a6c Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 17 Jun 2020 21:51:32 -0700
Subject: [PATCH 121/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md             | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index d3dc14b45a..89b0c1a68b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -24,11 +24,11 @@ ms.topic: article
 |--|--|--|
 ||*You are here!* | |
 
-**Welcome to Part 2 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)**. This phase includes the following steps:
+**Welcome to the Setup phase of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)**. This phase includes the following steps:
 1. [Set Microsoft Defender ATP to passive mode](#set-microsoft-defender-atp-to-passive-mode).
 2. [Enable Microsoft Defender Antivirus](#enable-microsoft-defender-antivirus).
 3. [Add Microsoft Defender ATP to the exclusion list for Symantec](#add-microsoft-defender-atp-to-the-exclusion-list-for-symantec).
-4. [Add Symantec to the exclusion list for Microsoft Defender ATP](#add-symantec-to-the-exclusion-list-for-microsoft-defender-atp). 
+4. [Add Symantec to the exclusion list for Microsoft Defender AV and Microsoft Defender ATP](#add-symantec-to-the-exclusion-list-for-microsoft-defender-av-and-microsoft-defender-atp). 
 
 ## Set Microsoft Defender ATP to passive mode
 
@@ -73,7 +73,7 @@ This step of the setup process involves adding Microsoft Defender ATP to the exc
 |Windows 10, [version 1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803) or later (See [Windows 10 release information](https://docs.microsoft.com/windows/release-information))<br/><br/>Windows 10, version 1703 or [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709) with [KB4493441](https://support.microsoft.com/help/4493441) installed <br/><br/>[Windows Server, version 1803](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803)<br/><br/>[Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019) |`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe`<br/>  |
 |[Windows 7](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/><br/>[Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/><br/>[Windows 8.1](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2) <br/><br/>[Windows Server 2012 R2](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/><br/>[Windows Server 2016](https://docs.microsoft.com/windows/release-information/status-windows-10-1607-and-windows-server-2016) |`C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 6\45\MsSenseS.exe`<br/><br/>**NOTE**: Where Monitoring Host Temporary Files 6\45 can be different numbered subfolders.<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\AgentControlPanel.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HSLockdown.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MOMPerfSnapshotHelper.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\TestCloudConnection.exe` |
 
-## Add Symantec to the exclusion list for Microsoft Defender ATP
+## Add Symantec to the exclusion list for Microsoft Defender AV and Microsoft Defender ATP
 
 During this step of the setup process, you add Symantec and your other security solutions to the Microsoft Defender ATP exclusion list. You specify exclusions in both Microsoft Defender AV and Microsoft Defender ATP.
 

From dbe19c240a6deb6a13ca7189c4a3358462f2c6c3 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 17 Jun 2020 22:01:24 -0700
Subject: [PATCH 122/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md    | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 89b0c1a68b..09bfceb913 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -25,18 +25,22 @@ ms.topic: article
 ||*You are here!* | |
 
 **Welcome to the Setup phase of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)**. This phase includes the following steps:
-1. [Set Microsoft Defender ATP to passive mode](#set-microsoft-defender-atp-to-passive-mode).
-2. [Enable Microsoft Defender Antivirus](#enable-microsoft-defender-antivirus).
+1. [Set Microsoft Defender AV to passive mode](#set-microsoft-defender-av-to-passive-mode) on certain versions of Windows.
+2. [Enable Microsoft Defender AV](#enable-microsoft-defender-antivirus).
 3. [Add Microsoft Defender ATP to the exclusion list for Symantec](#add-microsoft-defender-atp-to-the-exclusion-list-for-symantec).
 4. [Add Symantec to the exclusion list for Microsoft Defender AV and Microsoft Defender ATP](#add-symantec-to-the-exclusion-list-for-microsoft-defender-av-and-microsoft-defender-atp). 
 
-## Set Microsoft Defender ATP to passive mode
+## Set Microsoft Defender AV to passive mode
 
-Set the registry key for Microsoft Defender ATP to passive mode on any endpoints or devices running the following operating systems:
+On certain versions of Windows, Microsoft Defender Antivirus will not enter passive or disabled mode if you have also installed a third-party antivirus product, such as Symantec. However, you can enable passive mode by setting a registry key. 
+
+The following procedure applies to endpoints or devices that are running the following versions of Windows:
 - Windows Server 2016;
 - Windows Server, version 1803 (core-only mode); or 
 - Windows Server 2019
 
+If you're running Windows 10, you do not need to perform this task.
+
 1. As an administrator on the endpoint or device, open Registry Editor.
 
 2. Navigate to `Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Windows Advanced Threat Protection`.
@@ -46,7 +50,7 @@ Set the registry key for Microsoft Defender ATP to passive mode on any endpoints
    - Under **Base**, select **Hexidecimal**.
 
 > [!NOTE]
-> You can use other methods to perform this task, such as the following:
+> You can use other methods to set the registry key, such as the following:
 >- [Group Policy Preference](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn581922(v=ws.11))
 >- [Local Group Policy Object tool](https://docs.microsoft.com/windows/security/threat-protection/security-compliance-toolkit-10#what-is-the-local-group-policy-object-lgpo-tool)
 >- [A package in Configuration Manager](https://docs.microsoft.com/mem/configmgr/apps/deploy-use/packages-and-programs)

From 87d3af3927ac7853ac4962072ad97349d4760a52 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 17 Jun 2020 22:04:36 -0700
Subject: [PATCH 123/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 09bfceb913..4cc2d459d5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -32,7 +32,7 @@ ms.topic: article
 
 ## Set Microsoft Defender AV to passive mode
 
-On certain versions of Windows, Microsoft Defender Antivirus will not enter passive or disabled mode if you have also installed a third-party antivirus product, such as Symantec. However, you can enable passive mode by setting a registry key. 
+On certain versions of Windows, Microsoft Defender Antivirus will not enter passive or disabled mode if you have also installed a third-party antivirus product, such as Symantec. (See [Microsoft Defender Antivirus compatibility](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility)) However, you can enable passive mode by setting a registry key. 
 
 The following procedure applies to endpoints or devices that are running the following versions of Windows:
 - Windows Server 2016;

From cd4bcfd95e8f4ab723659ba65705051fcbc7dabc Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 17 Jun 2020 22:05:04 -0700
Subject: [PATCH 124/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md                | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 4cc2d459d5..059f1ca7a0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -39,7 +39,8 @@ The following procedure applies to endpoints or devices that are running the fol
 - Windows Server, version 1803 (core-only mode); or 
 - Windows Server 2019
 
-If you're running Windows 10, you do not need to perform this task.
+> [!TIP]
+> If you're running Windows 10, you do not need to perform this task.
 
 1. As an administrator on the endpoint or device, open Registry Editor.
 

From 39df784dc94cdc79f79888d4ac0ba6a63923a665 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 18 Jun 2020 08:41:08 -0700
Subject: [PATCH 125/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md           | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 059f1ca7a0..1ae9d4e847 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -32,6 +32,9 @@ ms.topic: article
 
 ## Set Microsoft Defender AV to passive mode
 
+> [!TIP]
+> If you're running Windows 10, you do not need to perform this task. Proceed to **[Enable Microsoft Defender Antivirus](#enable-microsoft-defender-antivirus)**.
+
 On certain versions of Windows, Microsoft Defender Antivirus will not enter passive or disabled mode if you have also installed a third-party antivirus product, such as Symantec. (See [Microsoft Defender Antivirus compatibility](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility)) However, you can enable passive mode by setting a registry key. 
 
 The following procedure applies to endpoints or devices that are running the following versions of Windows:
@@ -39,9 +42,6 @@ The following procedure applies to endpoints or devices that are running the fol
 - Windows Server, version 1803 (core-only mode); or 
 - Windows Server 2019
 
-> [!TIP]
-> If you're running Windows 10, you do not need to perform this task.
-
 1. As an administrator on the endpoint or device, open Registry Editor.
 
 2. Navigate to `Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Windows Advanced Threat Protection`.
@@ -87,7 +87,7 @@ During this step of the setup process, you add Symantec and your other security
 When you add [exclusions to Microsoft Defender AV scans](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus), you should add path and process exclusions. Keep the following points in mind:
 - Path exclusions exclude specific files and whatever those files access.
 - Process exclusions exclude whatever a process touches, but does not exclude the process itself.
-- If you list each executable (.exe) as both a path exclusion and a process exclusion, you can help ensure that the process and whatever it touches are all excluded.
+- If you list each executable (.exe) as both a path exclusion and a process exclusion, the process and whatever it touches are excluded.
 - List your process exclusions using their full path and not by their name only. (The name-only method is less secure.)
 
 You can choose from several methods to add your exclusions to Microsoft Defender AV, as listed in the following table:

From a97484916e690b5fd7cefdeaa1c63ceb9344e0ba Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 18 Jun 2020 09:21:07 -0700
Subject: [PATCH 126/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md    | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 1ae9d4e847..6dba43acc9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -78,11 +78,9 @@ This step of the setup process involves adding Microsoft Defender ATP to the exc
 |Windows 10, [version 1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803) or later (See [Windows 10 release information](https://docs.microsoft.com/windows/release-information))<br/><br/>Windows 10, version 1703 or [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709) with [KB4493441](https://support.microsoft.com/help/4493441) installed <br/><br/>[Windows Server, version 1803](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803)<br/><br/>[Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019) |`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe`<br/>  |
 |[Windows 7](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/><br/>[Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/><br/>[Windows 8.1](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2) <br/><br/>[Windows Server 2012 R2](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/><br/>[Windows Server 2016](https://docs.microsoft.com/windows/release-information/status-windows-10-1607-and-windows-server-2016) |`C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 6\45\MsSenseS.exe`<br/><br/>**NOTE**: Where Monitoring Host Temporary Files 6\45 can be different numbered subfolders.<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\AgentControlPanel.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HSLockdown.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MOMPerfSnapshotHelper.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\TestCloudConnection.exe` |
 
-## Add Symantec to the exclusion list for Microsoft Defender AV and Microsoft Defender ATP
+## Add Symantec to the exclusion list for Microsoft Defender AV
 
-During this step of the setup process, you add Symantec and your other security solutions to the Microsoft Defender ATP exclusion list. You specify exclusions in both Microsoft Defender AV and Microsoft Defender ATP.
-
-### Add exclusions to Microsoft Defender AV
+During this step of the setup process, you add Symantec and your other security solutions to the Microsoft Defender AV exclusion list. 
 
 When you add [exclusions to Microsoft Defender AV scans](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus), you should add path and process exclusions. Keep the following points in mind:
 - Path exclusions exclude specific files and whatever those files access.
@@ -100,7 +98,7 @@ You can choose from several methods to add your exclusions to Microsoft Defender
 |Local group policy object |1. On the endpoint or device, open the Local Group Policy Editor. <br/><br/>2. Go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **Exclusions**. <br/><br/>3. Specify your path and process exclusions. |
 |Registry key |Export the following registry key: `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\exclusions`. Then import it as a `regedit.exe /s MDAV_Exclusion.reg` |
 
-### Add exclusions to Microsoft Defender ATP
+## Add Symantec to the exclusion list for Microsoft Defender ATP
 
 To add exclusions to Microsoft Defender ATP, you create [indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators#create-indicators-for-files).
 
@@ -122,13 +120,13 @@ To add exclusions to Microsoft Defender ATP, you create [indicators](https://doc
 
 6. On the **Summary** tab, review the settings, and then click **Save**.
 
-#### Find the file hashes of your security solutions
+### How to find the file hashes of your security solutions
 
 You can find the file hashes of your third-party security products by using one of the following methods:
 - [Advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview) in Microsoft Defender ATP
 - [CMPivot](https://docs.microsoft.com/mem/configmgr/core/servers/manage/cmpivot-overview) in Configuration Manager
 
-##### Microsoft Defender ATP Advanced Hunting
+#### Find a file hash using Advanced Hunting
  
 Advanced hunting is a query-based threat-hunting tool that lets you explore raw data for the last 30 days. You can use Kusto syntax and operators to construct queries that locate information in the schema specifically structured for advanced hunting. To learn more, see [Learn the advanced hunting query language](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language).
 
@@ -146,7 +144,7 @@ where InitiatingProcessFileName has 'notepad.exe'
 >
 > In our example query, we added the *distinct* query which shows just the unique SHA256’s.
               
-##### CMPivot in Configuration Manager
+#### Find a file hash using CMPivot
 
 CMPivot is an in-console utility that provides access to real-time state of devices in your environment. It immediately runs a query on all currently connected devices in the target collection and returns the results. To learn more, see [CMPivot overview](https://docs.microsoft.com/mem/configmgr/core/servers/manage/cmpivot-overview).
 

From a9ec505f331ab7c95249bd2abc73a8da662cba2a Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 18 Jun 2020 09:25:25 -0700
Subject: [PATCH 127/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md             | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 6dba43acc9..ac510b36d6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -109,7 +109,7 @@ To add exclusions to Microsoft Defender ATP, you create [indicators](https://doc
 3.  On the **File hashes** tab, choose **Add indicator**.
 
 3. On the **Indicator** tab, specify the following settings:
-   - File hash (Need help finding this? See [Find the file hashes of your security solutions](#find-the-file-hashes-of-your-security-solutions) section in this article.)
+   - File hash (Need help? See [How to find the file hashes of your security solutions](#how-to-find-the-file-hashes-of-your-security-solutions) in this article.)
    - Under **Expires on (UTC)**, choose **Never**.
 
 4. On the **Action** tab, specify the following settings:
@@ -146,7 +146,9 @@ where InitiatingProcessFileName has 'notepad.exe'
               
 #### Find a file hash using CMPivot
 
-CMPivot is an in-console utility that provides access to real-time state of devices in your environment. It immediately runs a query on all currently connected devices in the target collection and returns the results. To learn more, see [CMPivot overview](https://docs.microsoft.com/mem/configmgr/core/servers/manage/cmpivot-overview).
+CMPivot is an in-console utility for Configuration Manager. CMPivot provides access to the real-time state of devices in your environment. It immediately runs a query on all currently connected devices in the target collection and returns the results. To learn more, see [CMPivot overview](https://docs.microsoft.com/mem/configmgr/core/servers/manage/cmpivot-overview).
+
+To use CMPivot to get your file hash, follow these steps:
 
 1. Review the [prerequisites](https://docs.microsoft.com/mem/configmgr/core/servers/manage/cmpivot#prerequisites).
 

From 7ff8545b68fb0723f0e859eb5f05e31d74d5a2a3 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 18 Jun 2020 09:34:19 -0700
Subject: [PATCH 128/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md            | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index ac510b36d6..5f28c69445 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -27,8 +27,9 @@ ms.topic: article
 **Welcome to the Setup phase of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)**. This phase includes the following steps:
 1. [Set Microsoft Defender AV to passive mode](#set-microsoft-defender-av-to-passive-mode) on certain versions of Windows.
 2. [Enable Microsoft Defender AV](#enable-microsoft-defender-antivirus).
-3. [Add Microsoft Defender ATP to the exclusion list for Symantec](#add-microsoft-defender-atp-to-the-exclusion-list-for-symantec).
-4. [Add Symantec to the exclusion list for Microsoft Defender AV and Microsoft Defender ATP](#add-symantec-to-the-exclusion-list-for-microsoft-defender-av-and-microsoft-defender-atp). 
+3. [Add Microsoft Defender ATP to the exclusion list for Symantec](#add-microsoft-defender-atp-to-the-exclusion-list-for-symantec)
+4. [Add Symantec to the exclusion list for Microsoft Defender AV](#add-symantec-to-the-exclusion-list-for-microsoft-defender-av). 
+5. [Add Symantec to the exclusion list for Microsoft Defender ATP](#add-symantec-to-the-exclusion-list-for-microsoft-defender-atp) 
 
 ## Set Microsoft Defender AV to passive mode
 
@@ -60,7 +61,7 @@ The following procedure applies to endpoints or devices that are running the fol
 
 Because your organization has been using Symantec as your primary antivirus solution, Microsoft Defender Antivirus (Microsoft Defender AV) is most likely disabled on your organization's Windows devices. This step of the migration process involves enabling Microsoft Defender AV, which can run alongside your existing antivirus solution. 
 
-Use one the methods listed in the following table:
+To enable Microsoft Defender AV, use one of the methods that are listed in the following table:
 
 
 |Method  |What to do  |

From aa3a4259ce8ec021f87bf5e25f41f3327a83dc14 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 18 Jun 2020 09:39:56 -0700
Subject: [PATCH 129/331] Update symantec-to-microsoft-defender-atp-prepare.md

---
 ...symantec-to-microsoft-defender-atp-prepare.md | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
index 85a3c4bba1..d162261437 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
@@ -23,7 +23,7 @@ ms.topic: article
 |--|--|--|
 |*You are here!*| | |
 
-**Welcome to the Prepare phase of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)**. 
+**Welcome to the Prepare phase of [migrating from Symantec to Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)**. 
 
 This migration phase includes the following steps:
 1. [Get Microsoft Defender ATP](#get-microsoft-defender-atp).
@@ -67,21 +67,19 @@ To enable communication between your devices and Microsoft Defender ATP, configu
 
 |Capabilities  | Operating System | Resources |
 |--|--|--|
-|Endpoint detection and response (EDR) | Windows 10 <br/><br/>Windows Server 1803 or later <br/><br/>Windows Server 2019 |[Configure machine proxy and Internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet) |
+|[Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) | Windows 10 <br/><br/>Windows Server 1803 or later <br/><br/>Windows Server 2019 |[Configure machine proxy and Internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet) |
 |EDR |Windows 7 SP1 <br/><br/>Windows Server 2008 R2 SP1<br/> <br/>Windows 8.1<br/> <br/>Windows Server 2012 R2<br/><br/>Windows Server 2016 |[Configure proxy and Internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#configure-proxy-and-internet-connectivity-settings) |
 |EDR  |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra)  |[Microsoft Defender ATP for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
 |EDR |Linux |[Microsoft Defender ATP for Linux: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux#network-connections) |
-|Antivirus (AV) |Windows |[Configure and validate Microsoft Defender Antivirus network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus)<br/> |
-|AV |macOS |[Microsoft Defender ATP for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
+|[Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) (Microsoft Defender AV) |Windows |[Configure and validate Microsoft Defender Antivirus network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus)<br/> |
+|Antivirus (AV) |macOS |[Microsoft Defender ATP for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
 |AV |Linux |[Microsoft Defender ATP for Linux: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux#network-connections) 
 
-<br/>
-
-**Congratulations**! You have completed the Prepare phase of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)!
-
 ## Next step
 
-- [Proceed to set up Microsoft Defender ATP](symantec-to-microsoft-defender-atp-setup.md)
+**Congratulations**! You have completed the Prepare phase of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)!
+
+[Proceed to set up Microsoft Defender ATP](symantec-to-microsoft-defender-atp-setup.md)
 
 
 

From 0f52096ee163b14480106b52957a446f3d39bc95 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 18 Jun 2020 09:42:54 -0700
Subject: [PATCH 130/331] Update
 symantec-to-microsoft-defender-atp-migration.md

---
 .../symantec-to-microsoft-defender-atp-migration.md           | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index 7c5cb169a1..4405e2c03a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -19,7 +19,7 @@ ms.topic: article
 
 # Migrate from Symantec to Microsoft Defender Advanced Threat Protection - Overview and Planning
 
-If you are planning to switch from Symantec Endpoint Protection (Symantec) to [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection), you're in the right place. Use this article as a guide to plan your migration.  
+If you are planning to switch from Symantec Endpoint Protection (Symantec) to [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://docs.microsoft.com/windows/security/threat-protection), you're in the right place. Use this article as a guide to plan your migration.  
 
 ## Planning your migration: The process at a high level
 
@@ -28,7 +28,7 @@ The process of switching from Symantec to Microsoft Defender ATP can be divided
 |Phase |Description |
 |--|--|
 |[![Phase 1: Prepare](images/prepare.png)](symantec-to-microsoft-defender-atp-prepare.md)<br/>[Prepare for your migration](symantec-to-microsoft-defender-atp-prepare.md) |During this phase, you get Microsoft Defender ATP, plan your roles and permissions, and grant access to the Microsoft Defender Security Center. |
-|[![Phase 2: Set up](images/setup.png)](symantec-to-microsoft-defender-atp-setup.md)<br/>[Set up Microsoft Defender ATP](symantec-to-microsoft-defender-atp-setup.md) |During this phase, you configure settings and exclusions for both Microsoft Defender Antivirus, Microsoft Defender ATP, and Symantec Endpoint Protection. |
+|[![Phase 2: Set up](images/setup.png)](symantec-to-microsoft-defender-atp-setup.md)<br/>[Set up Microsoft Defender ATP](symantec-to-microsoft-defender-atp-setup.md) |During this phase, you configure settings and exclusions for Microsoft Defender Antivirus (Microsoft Defender AV), Microsoft Defender ATP, and Symantec Endpoint Protection. |
 |[![Phase 3: Onboard](images/onboard.png)](symantec-to-microsoft-defender-atp-onboard.md)<br/>[Onboard to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-onboard.md) |During this phase, you onboard your devices to Microsoft Defender ATP and then uninstall Symantec. |
 
 After you have Microsoft Defender ATP set up and deployed, you can [manage the various features and capabilities](microsoft-defender-atp-post-migration-management.md).

From d988b5e0c382a1a1588dc53ca1710f59619fb538 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 18 Jun 2020 09:49:44 -0700
Subject: [PATCH 131/331] Update symantec-to-microsoft-defender-atp-prepare.md

---
 .../symantec-to-microsoft-defender-atp-prepare.md      | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
index d162261437..cadb3179e3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
@@ -1,6 +1,6 @@
 ---
-title: Phase 1 - Plan your migration to Microsoft Defender ATP
-description: Phase 1 of "Make the switch from Symantec to Microsoft Defender ATP"
+title: Phase 1 - Prepare for your migration to Microsoft Defender ATP
+description: Phase 1 of "Make the switch from Symantec to Microsoft Defender ATP". Prepare for your migration.
 keywords: migration, windows defender advanced threat protection, atp, edr
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -46,7 +46,7 @@ At this point, you are ready to grant access to those who'll use the Microsoft D
 
 ## Grant access to the Microsoft Defender Security Center
 
-The Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) is where you access and configure features and capabilities of Microsoft Defender ATP. [Get an overview of the Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use).
+The Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) is where you access and configure features and capabilities of Microsoft Defender ATP. [Get an overview](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use).
 
 Permissions to the Microsoft Defender Security Center can be granted by using either basic permissions or role-based access control (RBAC). We recommend using RBAC so that you have more granular control over permissions.
 
@@ -59,11 +59,11 @@ Permissions to the Microsoft Defender Security Center can be granted by using ei
     - [Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm)
     - [Windows Admin Center](https://docs.microsoft.com/windows-server/manage/windows-admin-center/overview)
 
-3. Grant access to the Microsoft Defender Security Center. [Manage portal access using RBAC](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/rbac).
+3. Grant access to the Microsoft Defender Security Center. (Need help? See [Manage portal access using RBAC](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/rbac)).
 
 ## Configure device proxy and internet connectivity settings
 
-To enable communication between your devices and Microsoft Defender ATP, configure proxy and internet settings. These settings should be configured for certain capabilities in Microsoft Defender ATP and for certain operating systems, as listed in the following table:
+To enable communication between your devices and Microsoft Defender ATP, configure proxy and internet settings. The following table includes links to resources you can use to configure your proxy and internet settings for various operating systems and capabilities:
 
 |Capabilities  | Operating System | Resources |
 |--|--|--|

From 5d254398cdad9d4b7915a98b92e92f471f38a6c3 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 18 Jun 2020 09:54:05 -0700
Subject: [PATCH 132/331] Update
 symantec-to-microsoft-defender-atp-migration.md

---
 .../symantec-to-microsoft-defender-atp-migration.md           | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index 4405e2c03a..92cccacd2c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -17,11 +17,11 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Migrate from Symantec to Microsoft Defender Advanced Threat Protection - Overview and Planning
+# Overview of migrating from Symantec to Microsoft Defender Advanced Threat Protection
 
 If you are planning to switch from Symantec Endpoint Protection (Symantec) to [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://docs.microsoft.com/windows/security/threat-protection), you're in the right place. Use this article as a guide to plan your migration.  
 
-## Planning your migration: The process at a high level
+## The migration process
 
 The process of switching from Symantec to Microsoft Defender ATP can be divided into three phases or parts, as listed in the following table. 
 

From 10c232223a3ef2192b6c296334c59a3fb70ac06a Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 18 Jun 2020 09:54:35 -0700
Subject: [PATCH 133/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md           | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index fe448acc48..4c723a1d02 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -75,12 +75,10 @@ stuff (will draw from existing content here)
 
 
 
-<br/><br/><br/><br/><br/>
-
-
-**Congratulations**! You have completed your [migration from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)!
 
 ## Next step
 
+**Congratulations**! You have completed your [migration from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)!
+
 After you have Microsoft Defender ATP set up and deployed, your security operations team can manage the various features and capabilities. See [Manage Microsoft Defender ATP, post migration](microsoft-defender-atp-post-migration-management.md).
 

From 07d47f0d6f12c0bea8aa09f3f9a93108a10ea231 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 18 Jun 2020 09:55:27 -0700
Subject: [PATCH 134/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 4c723a1d02..342ab94b5b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -25,7 +25,7 @@ ms.topic: article
 || |*You are here!* |
 
 
-**Welcome to Phase 3 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)**. This migration phase includes the following steps:
+**Welcome to Phase 3 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)**. This migration phase includes the following steps:
 - [Set up your device groups, device collections, and organizational units](#set-up-your-device-groups-device-collections-and-organizational-units) 
 - [Deploy Microsoft Defender ATP and uninstall Symantec](#deploy-microsoft-defender-atp-and-uninstall-symantec)
 - [Onboard devices to Microsoft Defender ATP](#onboard-devices-to-microsoft-defender-atp)

From 45b714ba947a3fa5fc9c4b52388b4ee03fd590e3 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 18 Jun 2020 09:56:23 -0700
Subject: [PATCH 135/331] links

---
 .../symantec-to-microsoft-defender-atp-prepare.md               | 2 +-
 .../symantec-to-microsoft-defender-atp-setup.md                 | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
index cadb3179e3..fc17d6be39 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
@@ -23,7 +23,7 @@ ms.topic: article
 |--|--|--|
 |*You are here!*| | |
 
-**Welcome to the Prepare phase of [migrating from Symantec to Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)**. 
+**Welcome to the Prepare phase of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)**. 
 
 This migration phase includes the following steps:
 1. [Get Microsoft Defender ATP](#get-microsoft-defender-atp).
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 5f28c69445..39c7442107 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -24,7 +24,7 @@ ms.topic: article
 |--|--|--|
 ||*You are here!* | |
 
-**Welcome to the Setup phase of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)**. This phase includes the following steps:
+**Welcome to the Setup phase of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)**. This phase includes the following steps:
 1. [Set Microsoft Defender AV to passive mode](#set-microsoft-defender-av-to-passive-mode) on certain versions of Windows.
 2. [Enable Microsoft Defender AV](#enable-microsoft-defender-antivirus).
 3. [Add Microsoft Defender ATP to the exclusion list for Symantec](#add-microsoft-defender-atp-to-the-exclusion-list-for-symantec)

From f74cffa80b6742a43d3c9100899880c4b9175fc1 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 18 Jun 2020 09:57:52 -0700
Subject: [PATCH 136/331] Update TOC.md

---
 windows/security/threat-protection/TOC.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 6bd5d92cb5..5d5ea8958b 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -595,7 +595,7 @@
 
 ### [Migration guides]()
 #### [Migrate from Symantec to Microsoft Defender ATP]()
-##### [Overview and planning](microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md)
+##### [Get an overview of the process](microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md)
 ##### [Prepare for your migration](microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md)
 ##### [Set up Microsoft Defender ATP](microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md)
 ##### [Onboard to Microsoft Defender ATP](microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md)

From 3199cf5a3ec6e5aa5c5b02f5dd60917fb8ee586b Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 18 Jun 2020 09:58:06 -0700
Subject: [PATCH 137/331] Update TOC.md

---
 windows/security/threat-protection/TOC.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 5d5ea8958b..c8b1f57cfd 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -595,7 +595,7 @@
 
 ### [Migration guides]()
 #### [Migrate from Symantec to Microsoft Defender ATP]()
-##### [Get an overview of the process](microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md)
+##### [Get an overview of the migration process](microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md)
 ##### [Prepare for your migration](microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md)
 ##### [Set up Microsoft Defender ATP](microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md)
 ##### [Onboard to Microsoft Defender ATP](microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md)

From 921ac675f4fc0d1d12889a787293bbf83c366725 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 18 Jun 2020 09:59:55 -0700
Subject: [PATCH 138/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md                | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 39c7442107..e23af16dbb 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -61,8 +61,7 @@ The following procedure applies to endpoints or devices that are running the fol
 
 Because your organization has been using Symantec as your primary antivirus solution, Microsoft Defender Antivirus (Microsoft Defender AV) is most likely disabled on your organization's Windows devices. This step of the migration process involves enabling Microsoft Defender AV, which can run alongside your existing antivirus solution. 
 
-To enable Microsoft Defender AV, use one of the methods that are listed in the following table:
-
+To enable Microsoft Defender AV, we recommend using Intune. However, you can use any of the methods that are listed in the following table:
 
 |Method  |What to do  |
 |---------|---------|

From 536c42c3c035e6947d92ff4cc31e22fab21e44eb Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 18 Jun 2020 10:07:07 -0700
Subject: [PATCH 139/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md            | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 342ab94b5b..daf37c9dbf 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -55,15 +55,16 @@ ms.topic: article
 
 ### Device collections
 
+*WORK IN PROGRESS*
 
 ### Organizational units
 
-
+*WORK IN PROGRESS*
 
 
 ## Deploy Microsoft Defender ATP and uninstall Symantec
 
-stuff (will draw from existing content here)
+*WORK IN PROGRESS*
 
 [Uninstall Symantec Endpoint Protection](https://knowledge.broadcom.com/external/article/156148/uninstall-symantec-endpoint-protection.html)
 

From 85c3fd6b7bd7681370ce9a52bd9be872b25a0e57 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 18 Jun 2020 10:15:25 -0700
Subject: [PATCH 140/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md           | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index daf37c9dbf..251de0e0e2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -57,6 +57,12 @@ ms.topic: article
 
 *WORK IN PROGRESS*
 
+[Device collections](https://docs.microsoft.com/mem/configmgr/core/clients/manage/collections/introduction-to-collections) enable your security operations team to manage applications, deploy compliance settings, or install software updates on the devices in your organization.
+
+
+
+
+
 ### Organizational units
 
 *WORK IN PROGRESS*

From 1f6625749cf6a02854b676b1491771d2645f08d8 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 18 Jun 2020 10:19:38 -0700
Subject: [PATCH 141/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md         | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 251de0e0e2..d3bb36dc1a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -55,12 +55,10 @@ ms.topic: article
 
 ### Device collections
 
-*WORK IN PROGRESS*
-
-[Device collections](https://docs.microsoft.com/mem/configmgr/core/clients/manage/collections/introduction-to-collections) enable your security operations team to manage applications, deploy compliance settings, or install software updates on the devices in your organization.
-
-
+[Device collections](https://docs.microsoft.com/mem/configmgr/core/clients/manage/collections/introduction-to-collections) enable your security operations team to manage applications, deploy compliance settings, or install software updates on the devices in your organization. 
 
+To create a device collection, use Configuration Manager and follow the guidance in 
+[Create a collection](https://docs.microsoft.com/en-us/mem/configmgr/core/clients/manage/collections/create-collections#bkmk_create).
 
 
 ### Organizational units

From df71df168daf254e6d74513dea0a079e0d263d1f Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 18 Jun 2020 10:28:12 -0700
Subject: [PATCH 142/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md          | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index d3bb36dc1a..5421653770 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -63,13 +63,14 @@ To create a device collection, use Configuration Manager and follow the guidance
 
 ### Organizational units
 
-*WORK IN PROGRESS*
+[Organizational units](https://docs.microsoft.com/azure/active-directory-domain-services/create-ou) enable you to logically group objects such as user accounts, service accounts, or computer accounts. You can then assign administrators to specific organizational units, and apply group policy to enforce targeted configuration settings.
 
+Organizational units are defined in Azure Active Directory Domain Services.
+
+To create an organizational unit, see [Create an Organizational Unit in an Azure Active Directory Domain Services managed domain](https://docs.microsoft.com/azure/active-directory-domain-services/create-ou).
 
 ## Deploy Microsoft Defender ATP and uninstall Symantec
 
-*WORK IN PROGRESS*
-
 [Uninstall Symantec Endpoint Protection](https://knowledge.broadcom.com/external/article/156148/uninstall-symantec-endpoint-protection.html)
 
 ## Onboard devices to Microsoft Defender ATP

From 00f87abaad9f26c049d1204b9fcd4a2b3276ae23 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 18 Jun 2020 10:31:50 -0700
Subject: [PATCH 143/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md            | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 5421653770..bc35b2fbe4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -55,10 +55,9 @@ ms.topic: article
 
 ### Device collections
 
-[Device collections](https://docs.microsoft.com/mem/configmgr/core/clients/manage/collections/introduction-to-collections) enable your security operations team to manage applications, deploy compliance settings, or install software updates on the devices in your organization. 
+[Device collections](https://docs.microsoft.com/mem/configmgr/core/clients/manage/collections/introduction-to-collections) enable your security operations team to manage applications, deploy compliance settings, or install software updates on the devices in your organization. Device collections are created by using Configuration Manager.
 
-To create a device collection, use Configuration Manager and follow the guidance in 
-[Create a collection](https://docs.microsoft.com/en-us/mem/configmgr/core/clients/manage/collections/create-collections#bkmk_create).
+See [Create a collection](https://docs.microsoft.com/en-us/mem/configmgr/core/clients/manage/collections/create-collections#bkmk_create).
 
 
 ### Organizational units

From 8bc11f946dfa86e9d0d5280edf83266a7759c754 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 18 Jun 2020 10:33:05 -0700
Subject: [PATCH 144/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md           | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index bc35b2fbe4..d0c9cdee28 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -57,14 +57,12 @@ ms.topic: article
 
 [Device collections](https://docs.microsoft.com/mem/configmgr/core/clients/manage/collections/introduction-to-collections) enable your security operations team to manage applications, deploy compliance settings, or install software updates on the devices in your organization. Device collections are created by using Configuration Manager.
 
-See [Create a collection](https://docs.microsoft.com/en-us/mem/configmgr/core/clients/manage/collections/create-collections#bkmk_create).
+See [Create a collection](https://docs.microsoft.com/mem/configmgr/core/clients/manage/collections/create-collections#bkmk_create).
 
 
 ### Organizational units
 
-[Organizational units](https://docs.microsoft.com/azure/active-directory-domain-services/create-ou) enable you to logically group objects such as user accounts, service accounts, or computer accounts. You can then assign administrators to specific organizational units, and apply group policy to enforce targeted configuration settings.
-
-Organizational units are defined in Azure Active Directory Domain Services.
+[Organizational units](https://docs.microsoft.com/azure/active-directory-domain-services/create-ou) enable you to logically group objects such as user accounts, service accounts, or computer accounts. You can then assign administrators to specific organizational units, and apply group policy to enforce targeted configuration settings. Organizational units are defined in [Azure Active Directory Domain Services](https://docs.microsoft.com/azure/active-directory-domain-services).
 
 To create an organizational unit, see [Create an Organizational Unit in an Azure Active Directory Domain Services managed domain](https://docs.microsoft.com/azure/active-directory-domain-services/create-ou).
 

From bfb175c5e024f4ce18514d37c3d1c5cc3bb80eb4 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 18 Jun 2020 10:34:24 -0700
Subject: [PATCH 145/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md           | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index d0c9cdee28..ead124eb19 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -34,7 +34,7 @@ ms.topic: article
 
 ### Device groups
 
-[Device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) (formerly called machine groups) enable your security operations team to configure security capabilities, such as automated investigation and remediation. Device groups are also useful for assigning access to those devices so that your security operations team can take remediation actions if needed.
+[Device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) (formerly called machine groups) enable your security operations team to configure security capabilities, such as automated investigation and remediation. Device groups are also useful for assigning access to those devices so that your security operations team can take remediation actions if needed. Device groups are created in the Microsoft Defender Security Center.
 
 1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)).
 
@@ -57,14 +57,14 @@ ms.topic: article
 
 [Device collections](https://docs.microsoft.com/mem/configmgr/core/clients/manage/collections/introduction-to-collections) enable your security operations team to manage applications, deploy compliance settings, or install software updates on the devices in your organization. Device collections are created by using Configuration Manager.
 
-See [Create a collection](https://docs.microsoft.com/mem/configmgr/core/clients/manage/collections/create-collections#bkmk_create).
+**[Create a collection](https://docs.microsoft.com/mem/configmgr/core/clients/manage/collections/create-collections#bkmk_create)**.
 
 
 ### Organizational units
 
 [Organizational units](https://docs.microsoft.com/azure/active-directory-domain-services/create-ou) enable you to logically group objects such as user accounts, service accounts, or computer accounts. You can then assign administrators to specific organizational units, and apply group policy to enforce targeted configuration settings. Organizational units are defined in [Azure Active Directory Domain Services](https://docs.microsoft.com/azure/active-directory-domain-services).
 
-To create an organizational unit, see [Create an Organizational Unit in an Azure Active Directory Domain Services managed domain](https://docs.microsoft.com/azure/active-directory-domain-services/create-ou).
+**[Create an Organizational Unit in an Azure Active Directory Domain Services managed domain](https://docs.microsoft.com/azure/active-directory-domain-services/create-ou)**.
 
 ## Deploy Microsoft Defender ATP and uninstall Symantec
 

From 935c3b89cf75b607f9bd846fd929fac65cda2c64 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 18 Jun 2020 10:38:02 -0700
Subject: [PATCH 146/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md     | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index ead124eb19..eb9d21263b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -66,9 +66,14 @@ ms.topic: article
 
 **[Create an Organizational Unit in an Azure Active Directory Domain Services managed domain](https://docs.microsoft.com/azure/active-directory-domain-services/create-ou)**.
 
-## Deploy Microsoft Defender ATP and uninstall Symantec
+## Deploy policies and updates to device collections
+
+*WORK IN PROGRESS*
+
+SCCM Antimalware policies can be deployed ahead of time to the “Device Collections”.
+
+SCCM ADR for MDAV “Platform update” and SCEP “Platform update” can be deployed ahead of time to the “Device Collections”.
 
-[Uninstall Symantec Endpoint Protection](https://knowledge.broadcom.com/external/article/156148/uninstall-symantec-endpoint-protection.html)
 
 ## Onboard devices to Microsoft Defender ATP
 
@@ -76,7 +81,9 @@ You can choose from several methods to onboard devices to Microsoft Defender ATP
 
 stuff (will draw from existing content here)
 
+## Uninstall Symantec
 
+[Uninstall Symantec Endpoint Protection](https://knowledge.broadcom.com/external/article/156148/uninstall-symantec-endpoint-protection.html)
 
 
 ## Next step

From 337d82a810c66f4226a7f246692bc51d499b1201 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 18 Jun 2020 10:39:35 -0700
Subject: [PATCH 147/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 ...antec-to-microsoft-defender-atp-onboard.md | 21 +++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index eb9d21263b..76460c4388 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -83,6 +83,27 @@ stuff (will draw from existing content here)
 
 ## Uninstall Symantec
 
+*WORK IN PROGRESS*
+
+Uninstall 3rd party EDR (RSA NetWitness)
+
+Uninstall 3rd party SEP AV
+1)	Unblock password (Anti-tamper, in order to remove)
+2)	Refresh SEP policy 
+<Add the command here.>
+3)	Uninstall the Endpoint Protection client using the command prompt
+https://support.symantec.com/us/en/article.tech102470.html
+
+There is an example for both PowerShell and DOS.  This script could be automated to check for a ReturnValue to equal zero and if not then run “CleanWipe”
+
+Download the CleanWipe removal tool to uninstall Endpoint Protection
+https://support.symantec.com/us/en/article.howto124983.html
+Note:  SEP 14 now forces end-user interaction.
+
+Article has the download and readme.
+ 
+Select all apps in the tool and once completed it will require a reboot and once you log back in the software will continue and show completion.  You will need to periodically check this article as they update the software versions often.  You can also verify when running if it requires an update.
+
 [Uninstall Symantec Endpoint Protection](https://knowledge.broadcom.com/external/article/156148/uninstall-symantec-endpoint-protection.html)
 
 

From 8cb7a708626b90ba62d19ff28dbcacd138fe04cc Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 18 Jun 2020 10:41:07 -0700
Subject: [PATCH 148/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md             | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 76460c4388..1a2da07760 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -66,7 +66,7 @@ ms.topic: article
 
 **[Create an Organizational Unit in an Azure Active Directory Domain Services managed domain](https://docs.microsoft.com/azure/active-directory-domain-services/create-ou)**.
 
-## Deploy policies and updates to device collections
+## Deploy policies and updates to your device collections
 
 *WORK IN PROGRESS*
 
@@ -77,6 +77,8 @@ SCCM ADR for MDAV “Platform update” and SCEP “Platform update” can be de
 
 ## Onboard devices to Microsoft Defender ATP
 
+*WORK IN PROGRESS*
+
 You can choose from several methods to onboard devices to Microsoft Defender ATP. 
 
 stuff (will draw from existing content here)

From 7509d1475fe653663da1ffb3dc4c7edfa05df237 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 18 Jun 2020 10:50:34 -0700
Subject: [PATCH 149/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md                | 1 -
 1 file changed, 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 1a2da07760..b42c8a4b78 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -52,7 +52,6 @@ ms.topic: article
 
 8. Choose **Done**.
 
-
 ### Device collections
 
 [Device collections](https://docs.microsoft.com/mem/configmgr/core/clients/manage/collections/introduction-to-collections) enable your security operations team to manage applications, deploy compliance settings, or install software updates on the devices in your organization. Device collections are created by using Configuration Manager.

From 21a20fc76cc0852474bb6ed7358f34caba94a098 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 18 Jun 2020 11:51:41 -0700
Subject: [PATCH 150/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md              | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index b42c8a4b78..d4d28fc635 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -27,8 +27,9 @@ ms.topic: article
 
 **Welcome to Phase 3 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)**. This migration phase includes the following steps:
 - [Set up your device groups, device collections, and organizational units](#set-up-your-device-groups-device-collections-and-organizational-units) 
-- [Deploy Microsoft Defender ATP and uninstall Symantec](#deploy-microsoft-defender-atp-and-uninstall-symantec)
+- [Organizational units](#organizational-units)
 - [Onboard devices to Microsoft Defender ATP](#onboard-devices-to-microsoft-defender-atp)
+- [Uninstall Symantec](#uninstall-symantec)
 
 ## Set up your device groups, device collections, and organizational units
 

From 9b50ab042d5fd7728fc800d3f3a9711af4a52565 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 18 Jun 2020 12:13:45 -0700
Subject: [PATCH 151/331] Update
 symantec-to-microsoft-defender-atp-migration.md

---
 .../symantec-to-microsoft-defender-atp-migration.md             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index 92cccacd2c..b2490434c1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -17,7 +17,7 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Overview of migrating from Symantec to Microsoft Defender Advanced Threat Protection
+# Migrate from Symantec to Microsoft Defender Advanced Threat Protection
 
 If you are planning to switch from Symantec Endpoint Protection (Symantec) to [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://docs.microsoft.com/windows/security/threat-protection), you're in the right place. Use this article as a guide to plan your migration.  
 

From e728bacbb2281193ddddee273ab6fb50ec854d3a Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 18 Jun 2020 12:22:59 -0700
Subject: [PATCH 152/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 ...ymantec-to-microsoft-defender-atp-setup.md | 38 +++++++++++++++++--
 1 file changed, 35 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index e23af16dbb..30ddbe2fa4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -30,6 +30,7 @@ ms.topic: article
 3. [Add Microsoft Defender ATP to the exclusion list for Symantec](#add-microsoft-defender-atp-to-the-exclusion-list-for-symantec)
 4. [Add Symantec to the exclusion list for Microsoft Defender AV](#add-symantec-to-the-exclusion-list-for-microsoft-defender-av). 
 5. [Add Symantec to the exclusion list for Microsoft Defender ATP](#add-symantec-to-the-exclusion-list-for-microsoft-defender-atp) 
+6. [Set up your device groups, device collections, and organizational units](#set-up-your-device-groups-device-collections-and-organizational-units) 
 
 ## Set Microsoft Defender AV to passive mode
 
@@ -169,11 +170,42 @@ File(c:\\windows\\notepad.exe)
 > [!NOTE]
 > In the query above, replace *notepad.exe* with the your third-party security product process name. 
 
-<br/><br/>
+## Set up your device groups, device collections, and organizational units
 
-**Congratulations**! You have completed the Setup phase of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)!
+### Device groups
 
+[Device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) (formerly called machine groups) enable your security operations team to configure security capabilities, such as automated investigation and remediation. Device groups are also useful for assigning access to those devices so that your security operations team can take remediation actions if needed. Device groups are created in the Microsoft Defender Security Center.
+
+1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)).
+
+2. In the navigation pane on the left, choose **Settings** > **Permissions** > **Device groups**.  
+
+3. Choose **+ Add device group**.
+
+4. Specify a name and description for the device group.
+
+5. In the **Automation level** list, select an option. (We recommend **Full - remediate threats automatically**.) To learn more about the various automation levels, see [How threats are remediated](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations#how-threats-are-remediated).
+
+6. Specify conditions for a matching rule to determine which devices belong to the device group. For example, you can choose a domain, OS versions, or even use [device tags](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-tags). 
+
+7. On the **User access** tab, specify roles that should have access to the devices that are included in the device group. 
+
+8. Choose **Done**.
+
+### Device collections
+
+[Device collections](https://docs.microsoft.com/mem/configmgr/core/clients/manage/collections/introduction-to-collections) enable your security operations team to manage applications, deploy compliance settings, or install software updates on the devices in your organization. Device collections are created by using Configuration Manager.
+
+**[Create a collection](https://docs.microsoft.com/mem/configmgr/core/clients/manage/collections/create-collections#bkmk_create)**.
+
+### Organizational units
+
+[Organizational units](https://docs.microsoft.com/azure/active-directory-domain-services/create-ou) enable you to logically group objects such as user accounts, service accounts, or computer accounts. You can then assign administrators to specific organizational units, and apply group policy to enforce targeted configuration settings. Organizational units are defined in [Azure Active Directory Domain Services](https://docs.microsoft.com/azure/active-directory-domain-services).
+
+**[Create an Organizational Unit in an Azure Active Directory Domain Services managed domain](https://docs.microsoft.com/azure/active-directory-domain-services/create-ou)**.
 
 ## Next step
 
-- [Proceed to Phase 3: Onboard to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-onboard.md)
+**Congratulations**! You have completed the Setup phase of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)!
+
+[Proceed to Phase 3: Onboard to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-onboard.md)

From 263a9b978779feae177439e27b4ad85c315f3f54 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 18 Jun 2020 12:23:48 -0700
Subject: [PATCH 153/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 ...antec-to-microsoft-defender-atp-onboard.md | 37 +------------------
 1 file changed, 1 insertion(+), 36 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index d4d28fc635..25a7628df5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -26,45 +26,10 @@ ms.topic: article
 
 
 **Welcome to Phase 3 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)**. This migration phase includes the following steps:
-- [Set up your device groups, device collections, and organizational units](#set-up-your-device-groups-device-collections-and-organizational-units) 
-- [Organizational units](#organizational-units)
+[Deploy policies and updates to your device collections](#deploy-policies-and-updates-to-your-device-collections)
 - [Onboard devices to Microsoft Defender ATP](#onboard-devices-to-microsoft-defender-atp)
 - [Uninstall Symantec](#uninstall-symantec)
 
-## Set up your device groups, device collections, and organizational units
-
-### Device groups
-
-[Device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) (formerly called machine groups) enable your security operations team to configure security capabilities, such as automated investigation and remediation. Device groups are also useful for assigning access to those devices so that your security operations team can take remediation actions if needed. Device groups are created in the Microsoft Defender Security Center.
-
-1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)).
-
-2. In the navigation pane on the left, choose **Settings** > **Permissions** > **Device groups**.  
-
-3. Choose **+ Add device group**.
-
-4. Specify a name and description for the device group.
-
-5. In the **Automation level** list, select an option. (We recommend **Full - remediate threats automatically**.) To learn more about the various automation levels, see [How threats are remediated](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations#how-threats-are-remediated).
-
-6. Specify conditions for a matching rule to determine which devices belong to the device group. For example, you can choose a domain, OS versions, or even use [device tags](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-tags). 
-
-7. On the **User access** tab, specify roles that should have access to the devices that are included in the device group. 
-
-8. Choose **Done**.
-
-### Device collections
-
-[Device collections](https://docs.microsoft.com/mem/configmgr/core/clients/manage/collections/introduction-to-collections) enable your security operations team to manage applications, deploy compliance settings, or install software updates on the devices in your organization. Device collections are created by using Configuration Manager.
-
-**[Create a collection](https://docs.microsoft.com/mem/configmgr/core/clients/manage/collections/create-collections#bkmk_create)**.
-
-
-### Organizational units
-
-[Organizational units](https://docs.microsoft.com/azure/active-directory-domain-services/create-ou) enable you to logically group objects such as user accounts, service accounts, or computer accounts. You can then assign administrators to specific organizational units, and apply group policy to enforce targeted configuration settings. Organizational units are defined in [Azure Active Directory Domain Services](https://docs.microsoft.com/azure/active-directory-domain-services).
-
-**[Create an Organizational Unit in an Azure Active Directory Domain Services managed domain](https://docs.microsoft.com/azure/active-directory-domain-services/create-ou)**.
 
 ## Deploy policies and updates to your device collections
 

From f36101138dd30a098c949e0d43639995c2a62594 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 18 Jun 2020 12:47:18 -0700
Subject: [PATCH 154/331] Update TOC.md

---
 windows/security/threat-protection/TOC.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index c8b1f57cfd..b743f3073a 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -595,7 +595,7 @@
 
 ### [Migration guides]()
 #### [Migrate from Symantec to Microsoft Defender ATP]()
-##### [Get an overview of the migration process](microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md)
+##### [Get an overview of migration](microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md)
 ##### [Prepare for your migration](microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md)
 ##### [Set up Microsoft Defender ATP](microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md)
 ##### [Onboard to Microsoft Defender ATP](microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md)

From 04f9308186b0f4d320f45c8da8e0ee49e1c3f828 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 18 Jun 2020 13:07:25 -0700
Subject: [PATCH 155/331] links

---
 .../symantec-to-microsoft-defender-atp-migration.md           | 4 ++--
 .../symantec-to-microsoft-defender-atp-onboard.md             | 3 +--
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index b2490434c1..c12cf281ed 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -28,7 +28,7 @@ The process of switching from Symantec to Microsoft Defender ATP can be divided
 |Phase |Description |
 |--|--|
 |[![Phase 1: Prepare](images/prepare.png)](symantec-to-microsoft-defender-atp-prepare.md)<br/>[Prepare for your migration](symantec-to-microsoft-defender-atp-prepare.md) |During this phase, you get Microsoft Defender ATP, plan your roles and permissions, and grant access to the Microsoft Defender Security Center. |
-|[![Phase 2: Set up](images/setup.png)](symantec-to-microsoft-defender-atp-setup.md)<br/>[Set up Microsoft Defender ATP](symantec-to-microsoft-defender-atp-setup.md) |During this phase, you configure settings and exclusions for Microsoft Defender Antivirus (Microsoft Defender AV), Microsoft Defender ATP, and Symantec Endpoint Protection. |
+|[![Phase 2: Set up](images/setup.png)](symantec-to-microsoft-defender-atp-setup.md)<br/>[Set up Microsoft Defender ATP](symantec-to-microsoft-defender-atp-setup.md) |During this phase, you configure settings and exclusions for Microsoft Defender Antivirus (Microsoft Defender AV), Microsoft Defender ATP, and Symantec Endpoint Protection. You also create device groups, collections, and organizational units. |
 |[![Phase 3: Onboard](images/onboard.png)](symantec-to-microsoft-defender-atp-onboard.md)<br/>[Onboard to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-onboard.md) |During this phase, you onboard your devices to Microsoft Defender ATP and then uninstall Symantec. |
 
 After you have Microsoft Defender ATP set up and deployed, you can [manage the various features and capabilities](microsoft-defender-atp-post-migration-management.md).
@@ -46,4 +46,4 @@ Watch the following video to get an overview:
 
 ## Next step
 
-When you are ready to begin your migration, proceed to [Prepare for your migration](symantec-to-microsoft-defender-atp-prepare.md).
+- When you are ready to begin your migration, proceed to [Prepare for your migration](symantec-to-microsoft-defender-atp-prepare.md).
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 25a7628df5..60bbe6c108 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -78,5 +78,4 @@ Select all apps in the tool and once completed it will require a reboot and once
 
 **Congratulations**! You have completed your [migration from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)!
 
-After you have Microsoft Defender ATP set up and deployed, your security operations team can manage the various features and capabilities. See [Manage Microsoft Defender ATP, post migration](microsoft-defender-atp-post-migration-management.md).
-
+- After you have Microsoft Defender ATP set up and deployed, your security operations team can manage the various features and capabilities. See [Manage Microsoft Defender ATP, post migration](microsoft-defender-atp-post-migration-management.md).
\ No newline at end of file

From 8de8d53e08d33edfec5c235f13713d9c8e84ec57 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 18 Jun 2020 13:15:36 -0700
Subject: [PATCH 156/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md         | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 60bbe6c108..b7140b8eae 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -31,12 +31,18 @@ ms.topic: article
 - [Uninstall Symantec](#uninstall-symantec)
 
 
-## Deploy policies and updates to your device collections
+## Deploy antimalware policies to your device collections
 
 *WORK IN PROGRESS*
 
+During this step of the migration 
+
 SCCM Antimalware policies can be deployed ahead of time to the “Device Collections”.
 
+## Deploy platform updates to your device collections
+
+*WORK IN PROGRESS*
+
 SCCM ADR for MDAV “Platform update” and SCEP “Platform update” can be deployed ahead of time to the “Device Collections”.
 
 

From 02e2c2b4688dba66abe39b2ddeacbaf55d2dc07b Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 18 Jun 2020 13:17:03 -0700
Subject: [PATCH 157/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md           | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index b7140b8eae..1d2abc4ed1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -26,7 +26,8 @@ ms.topic: article
 
 
 **Welcome to Phase 3 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)**. This migration phase includes the following steps:
-[Deploy policies and updates to your device collections](#deploy-policies-and-updates-to-your-device-collections)
+- [Deploy antimalware policies to your device collections](#deploy-antimalware-policies-to-your-device-collections)
+- [Deploy platform updates to your device collections](#deploy-platform-updates-to-your-device-collections)
 - [Onboard devices to Microsoft Defender ATP](#onboard-devices-to-microsoft-defender-atp)
 - [Uninstall Symantec](#uninstall-symantec)
 
@@ -52,7 +53,8 @@ SCCM ADR for MDAV “Platform update” and SCEP “Platform update” can be de
 
 You can choose from several methods to onboard devices to Microsoft Defender ATP. 
 
-stuff (will draw from existing content here)
+
+Deploy MDATP (EDR) can run side-by-side with any 3rd party EDR and/or AV and/or other security products.
 
 ## Uninstall Symantec
 

From 1bdba6d4f14e7a963f0dcc7b954cce92cd9c5d25 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 18 Jun 2020 13:47:22 -0700
Subject: [PATCH 158/331] cont'd setup and onboarding work

---
 ...antec-to-microsoft-defender-atp-onboard.md | 10 ++++-
 ...ymantec-to-microsoft-defender-atp-setup.md | 38 +++++--------------
 2 files changed, 18 insertions(+), 30 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 1d2abc4ed1..0d4ea75422 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -36,7 +36,15 @@ ms.topic: article
 
 *WORK IN PROGRESS*
 
-During this step of the migration 
+During this step of the migration process, you deploy antimalware policies. You can do this by using [Configuration Manager](https://docs.microsoft.com/mem/configmgr/). 
+
+
+
+1. [Configure Endpoint Protection in Configuration Manager](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-protection-configure). When finished, you will have a default antimalware policy.
+
+2. 
+
+**[Create and deploy antimalware policies for Endpoint Protection in Configuration Manager](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-antimalware-policies)**
 
 SCCM Antimalware policies can be deployed ahead of time to the “Device Collections”.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 30ddbe2fa4..9a6e761d29 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -172,40 +172,20 @@ File(c:\\windows\\notepad.exe)
 
 ## Set up your device groups, device collections, and organizational units
 
-### Device groups
+| Collection type | What to do |
+|--|--|
+|[Device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) (formerly called machine groups) enable your security operations team to configure security capabilities, such as automated investigation and remediation.<br/><br/> Device groups are also useful for assigning access to those devices so that your security operations team can take remediation actions if needed. <br/><br/>Device groups are created in the Microsoft Defender Security Center. |1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)).<br/><br/>2. In the navigation pane on the left, choose **Settings** > **Permissions** > **Device groups**.  <br/><br/>3. Choose **+ Add device group**.<br/><br/>4. Specify a name and description for the device group.<br/><br/>5. In the **Automation level** list, select an option. (We recommend **Full - remediate threats automatically**.) To learn more about the various automation levels, see [How threats are remediated](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations#how-threats-are-remediated).<br/><br/>6. Specify conditions for a matching rule to determine which devices belong to the device group. For example, you can choose a domain, OS versions, or even use [device tags](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-tags). <br/><br/>7. On the **User access** tab, specify roles that should have access to the devices that are included in the device group. <br/><br/>8. Choose **Done**. |
+|[Device collections](https://docs.microsoft.com/mem/configmgr/core/clients/manage/collections/introduction-to-collections) enable your security operations team to manage applications, deploy compliance settings, or install software updates on the devices in your organization. <br/><br/>Device collections are created by using [Configuration Manager](https://docs.microsoft.com/mem/configmgr/). |Follow the steps in [Create a collection](https://docs.microsoft.com/mem/configmgr/core/clients/manage/collections/create-collections#bkmk_create). |
+|[Organizational units](https://docs.microsoft.com/azure/active-directory-domain-services/create-ou) enable you to logically group objects such as user accounts, service accounts, or computer accounts. You can then assign administrators to specific organizational units, and apply group policy to enforce targeted configuration settings.<br/><br/> Organizational units are defined in [Azure Active Directory Domain Services](https://docs.microsoft.com/azure/active-directory-domain-services). | Follow the steps in [Create an Organizational Unit in an Azure Active Directory Domain Services managed domain](https://docs.microsoft.com/azure/active-directory-domain-services/create-ou). |
 
-[Device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) (formerly called machine groups) enable your security operations team to configure security capabilities, such as automated investigation and remediation. Device groups are also useful for assigning access to those devices so that your security operations team can take remediation actions if needed. Device groups are created in the Microsoft Defender Security Center.
+## Configure Endpoint Protection in Configuration Manager
 
-1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)).
+When you configure Endpoint Protection in Configuration Manager, you get an antimalware policy that you can configure for your organization.
 
-2. In the navigation pane on the left, choose **Settings** > **Permissions** > **Device groups**.  
-
-3. Choose **+ Add device group**.
-
-4. Specify a name and description for the device group.
-
-5. In the **Automation level** list, select an option. (We recommend **Full - remediate threats automatically**.) To learn more about the various automation levels, see [How threats are remediated](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations#how-threats-are-remediated).
-
-6. Specify conditions for a matching rule to determine which devices belong to the device group. For example, you can choose a domain, OS versions, or even use [device tags](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-tags). 
-
-7. On the **User access** tab, specify roles that should have access to the devices that are included in the device group. 
-
-8. Choose **Done**.
-
-### Device collections
-
-[Device collections](https://docs.microsoft.com/mem/configmgr/core/clients/manage/collections/introduction-to-collections) enable your security operations team to manage applications, deploy compliance settings, or install software updates on the devices in your organization. Device collections are created by using Configuration Manager.
-
-**[Create a collection](https://docs.microsoft.com/mem/configmgr/core/clients/manage/collections/create-collections#bkmk_create)**.
-
-### Organizational units
-
-[Organizational units](https://docs.microsoft.com/azure/active-directory-domain-services/create-ou) enable you to logically group objects such as user accounts, service accounts, or computer accounts. You can then assign administrators to specific organizational units, and apply group policy to enforce targeted configuration settings. Organizational units are defined in [Azure Active Directory Domain Services](https://docs.microsoft.com/azure/active-directory-domain-services).
-
-**[Create an Organizational Unit in an Azure Active Directory Domain Services managed domain](https://docs.microsoft.com/azure/active-directory-domain-services/create-ou)**.
+1. 
 
 ## Next step
 
 **Congratulations**! You have completed the Setup phase of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)!
 
-[Proceed to Phase 3: Onboard to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-onboard.md)
+- [Proceed to Phase 3: Onboard to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-onboard.md)

From 03f58d2a7a3539eda35c4440aec63fb3663f244d Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 18 Jun 2020 13:55:27 -0700
Subject: [PATCH 159/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md                  | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 9a6e761d29..2f6eef47de 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -31,6 +31,7 @@ ms.topic: article
 4. [Add Symantec to the exclusion list for Microsoft Defender AV](#add-symantec-to-the-exclusion-list-for-microsoft-defender-av). 
 5. [Add Symantec to the exclusion list for Microsoft Defender ATP](#add-symantec-to-the-exclusion-list-for-microsoft-defender-atp) 
 6. [Set up your device groups, device collections, and organizational units](#set-up-your-device-groups-device-collections-and-organizational-units) 
+7. [Configure Endpoint Protection in Configuration Manager](#configure-endpoint-protection-in-configuration-manager) 
 
 ## Set Microsoft Defender AV to passive mode
 

From 82a0412a688f054482f58212ef0813225c50a812 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 19 Jun 2020 09:05:48 -0700
Subject: [PATCH 160/331] more work on sections

---
 .../symantec-to-microsoft-defender-atp-onboard.md      | 10 ----------
 .../symantec-to-microsoft-defender-atp-prepare.md      |  6 +-----
 .../symantec-to-microsoft-defender-atp-setup.md        |  5 -----
 3 files changed, 1 insertion(+), 20 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 0d4ea75422..23a29ba7a0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -36,18 +36,8 @@ ms.topic: article
 
 *WORK IN PROGRESS*
 
-During this step of the migration process, you deploy antimalware policies. You can do this by using [Configuration Manager](https://docs.microsoft.com/mem/configmgr/). 
 
 
-
-1. [Configure Endpoint Protection in Configuration Manager](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-protection-configure). When finished, you will have a default antimalware policy.
-
-2. 
-
-**[Create and deploy antimalware policies for Endpoint Protection in Configuration Manager](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-antimalware-policies)**
-
-SCCM Antimalware policies can be deployed ahead of time to the “Device Collections”.
-
 ## Deploy platform updates to your device collections
 
 *WORK IN PROGRESS*
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
index fc17d6be39..0402d4e72b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
@@ -79,8 +79,4 @@ To enable communication between your devices and Microsoft Defender ATP, configu
 
 **Congratulations**! You have completed the Prepare phase of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)!
 
-[Proceed to set up Microsoft Defender ATP](symantec-to-microsoft-defender-atp-setup.md)
-
-
-
-
+- [Proceed to set up Microsoft Defender ATP](symantec-to-microsoft-defender-atp-setup.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 2f6eef47de..714bdddcee 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -179,11 +179,6 @@ File(c:\\windows\\notepad.exe)
 |[Device collections](https://docs.microsoft.com/mem/configmgr/core/clients/manage/collections/introduction-to-collections) enable your security operations team to manage applications, deploy compliance settings, or install software updates on the devices in your organization. <br/><br/>Device collections are created by using [Configuration Manager](https://docs.microsoft.com/mem/configmgr/). |Follow the steps in [Create a collection](https://docs.microsoft.com/mem/configmgr/core/clients/manage/collections/create-collections#bkmk_create). |
 |[Organizational units](https://docs.microsoft.com/azure/active-directory-domain-services/create-ou) enable you to logically group objects such as user accounts, service accounts, or computer accounts. You can then assign administrators to specific organizational units, and apply group policy to enforce targeted configuration settings.<br/><br/> Organizational units are defined in [Azure Active Directory Domain Services](https://docs.microsoft.com/azure/active-directory-domain-services). | Follow the steps in [Create an Organizational Unit in an Azure Active Directory Domain Services managed domain](https://docs.microsoft.com/azure/active-directory-domain-services/create-ou). |
 
-## Configure Endpoint Protection in Configuration Manager
-
-When you configure Endpoint Protection in Configuration Manager, you get an antimalware policy that you can configure for your organization.
-
-1. 
 
 ## Next step
 

From daa623ee7bfcdd41d7099e2176211a3aac5a8fe2 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 19 Jun 2020 09:19:05 -0700
Subject: [PATCH 161/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md          | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 714bdddcee..fccf290333 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -179,6 +179,15 @@ File(c:\\windows\\notepad.exe)
 |[Device collections](https://docs.microsoft.com/mem/configmgr/core/clients/manage/collections/introduction-to-collections) enable your security operations team to manage applications, deploy compliance settings, or install software updates on the devices in your organization. <br/><br/>Device collections are created by using [Configuration Manager](https://docs.microsoft.com/mem/configmgr/). |Follow the steps in [Create a collection](https://docs.microsoft.com/mem/configmgr/core/clients/manage/collections/create-collections#bkmk_create). |
 |[Organizational units](https://docs.microsoft.com/azure/active-directory-domain-services/create-ou) enable you to logically group objects such as user accounts, service accounts, or computer accounts. You can then assign administrators to specific organizational units, and apply group policy to enforce targeted configuration settings.<br/><br/> Organizational units are defined in [Azure Active Directory Domain Services](https://docs.microsoft.com/azure/active-directory-domain-services). | Follow the steps in [Create an Organizational Unit in an Azure Active Directory Domain Services managed domain](https://docs.microsoft.com/azure/active-directory-domain-services/create-ou). |
 
+## Configure antimalware policies
+
+Using Configuration Manager and your device collection(s), configure your antimalware policies.
+
+- See [Create and deploy antimalware policies for Endpoint Protection in Configuration Manager](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-antimalware-policies).
+
+- Make sure to review your real-time protection settings for your antimalware policies.
+
+- You can deploy the policies before your organization's devices on onboarded.
 
 ## Next step
 

From 79948dccd93c6f1a87a0602588f7ec0e5817305f Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 19 Jun 2020 09:24:19 -0700
Subject: [PATCH 162/331] Update
 symantec-to-microsoft-defender-atp-migration.md

---
 .../symantec-to-microsoft-defender-atp-migration.md             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index c12cf281ed..4a7e95079f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -39,7 +39,7 @@ Microsoft Defender ATP is more than endpoint protection and antivirus. Microsoft
 
 Watch the following video to get an overview:
 
->[!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4obJq]
+>[!VIDEO https://www.microsoft.com/videoplayer/embed/RE4obJq]
 
 
 **Want to learn more? See [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection).**

From d2b31dc35c7548d59f546777654a6a67272c2343 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 19 Jun 2020 09:47:15 -0700
Subject: [PATCH 163/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md     | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index fccf290333..d70d69777c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -25,13 +25,13 @@ ms.topic: article
 ||*You are here!* | |
 
 **Welcome to the Setup phase of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)**. This phase includes the following steps:
-1. [Set Microsoft Defender AV to passive mode](#set-microsoft-defender-av-to-passive-mode) on certain versions of Windows.
+1. [Set Microsoft Defender AV to passive mode](#set-microsoft-defender-av-to-passive-mode) on certain versions of Windows
 2. [Enable Microsoft Defender AV](#enable-microsoft-defender-antivirus).
 3. [Add Microsoft Defender ATP to the exclusion list for Symantec](#add-microsoft-defender-atp-to-the-exclusion-list-for-symantec)
-4. [Add Symantec to the exclusion list for Microsoft Defender AV](#add-symantec-to-the-exclusion-list-for-microsoft-defender-av). 
+4. [Add Symantec to the exclusion list for Microsoft Defender AV](#add-symantec-to-the-exclusion-list-for-microsoft-defender-av) 
 5. [Add Symantec to the exclusion list for Microsoft Defender ATP](#add-symantec-to-the-exclusion-list-for-microsoft-defender-atp) 
 6. [Set up your device groups, device collections, and organizational units](#set-up-your-device-groups-device-collections-and-organizational-units) 
-7. [Configure Endpoint Protection in Configuration Manager](#configure-endpoint-protection-in-configuration-manager) 
+7. [Configure antimalware policies and real-time protection](#configure-antimalware-policies-and-real-time-protection)
 
 ## Set Microsoft Defender AV to passive mode
 
@@ -179,15 +179,16 @@ File(c:\\windows\\notepad.exe)
 |[Device collections](https://docs.microsoft.com/mem/configmgr/core/clients/manage/collections/introduction-to-collections) enable your security operations team to manage applications, deploy compliance settings, or install software updates on the devices in your organization. <br/><br/>Device collections are created by using [Configuration Manager](https://docs.microsoft.com/mem/configmgr/). |Follow the steps in [Create a collection](https://docs.microsoft.com/mem/configmgr/core/clients/manage/collections/create-collections#bkmk_create). |
 |[Organizational units](https://docs.microsoft.com/azure/active-directory-domain-services/create-ou) enable you to logically group objects such as user accounts, service accounts, or computer accounts. You can then assign administrators to specific organizational units, and apply group policy to enforce targeted configuration settings.<br/><br/> Organizational units are defined in [Azure Active Directory Domain Services](https://docs.microsoft.com/azure/active-directory-domain-services). | Follow the steps in [Create an Organizational Unit in an Azure Active Directory Domain Services managed domain](https://docs.microsoft.com/azure/active-directory-domain-services/create-ou). |
 
-## Configure antimalware policies
+## Configure antimalware policies and real-time protection
 
 Using Configuration Manager and your device collection(s), configure your antimalware policies.
 
 - See [Create and deploy antimalware policies for Endpoint Protection in Configuration Manager](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-antimalware-policies).
 
-- Make sure to review your real-time protection settings for your antimalware policies.
+- While you create and configure your antimalware policies, make sure to review the [real-time protection settings](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-antimalware-policies#real-time-protection-settings).
 
-- You can deploy the policies before your organization's devices on onboarded.
+> [!TIP]
+> You can deploy the policies before your organization's devices on onboarded.
 
 ## Next step
 

From 49b3a7288e739880322f440ed1d430721319713e Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 19 Jun 2020 09:47:59 -0700
Subject: [PATCH 164/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 ...symantec-to-microsoft-defender-atp-onboard.md | 16 +---------------
 1 file changed, 1 insertion(+), 15 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 23a29ba7a0..2ec2181d2d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -26,24 +26,10 @@ ms.topic: article
 
 
 **Welcome to Phase 3 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)**. This migration phase includes the following steps:
-- [Deploy antimalware policies to your device collections](#deploy-antimalware-policies-to-your-device-collections)
-- [Deploy platform updates to your device collections](#deploy-platform-updates-to-your-device-collections)
-- [Onboard devices to Microsoft Defender ATP](#onboard-devices-to-microsoft-defender-atp)
-- [Uninstall Symantec](#uninstall-symantec)
-
-
-## Deploy antimalware policies to your device collections
-
-*WORK IN PROGRESS*
 
 
 
-## Deploy platform updates to your device collections
-
-*WORK IN PROGRESS*
-
-SCCM ADR for MDAV “Platform update” and SCEP “Platform update” can be deployed ahead of time to the “Device Collections”.
-
+#
 
 ## Onboard devices to Microsoft Defender ATP
 

From b6d0a5d7c42e8cf21f26eb463551fad34bbd967b Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 19 Jun 2020 10:00:15 -0700
Subject: [PATCH 165/331] Update
 symantec-to-microsoft-defender-atp-migration.md

---
 .../symantec-to-microsoft-defender-atp-migration.md           | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index 4a7e95079f..8bb843dba0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -27,8 +27,8 @@ The process of switching from Symantec to Microsoft Defender ATP can be divided
 
 |Phase |Description |
 |--|--|
-|[![Phase 1: Prepare](images/prepare.png)](symantec-to-microsoft-defender-atp-prepare.md)<br/>[Prepare for your migration](symantec-to-microsoft-defender-atp-prepare.md) |During this phase, you get Microsoft Defender ATP, plan your roles and permissions, and grant access to the Microsoft Defender Security Center. |
-|[![Phase 2: Set up](images/setup.png)](symantec-to-microsoft-defender-atp-setup.md)<br/>[Set up Microsoft Defender ATP](symantec-to-microsoft-defender-atp-setup.md) |During this phase, you configure settings and exclusions for Microsoft Defender Antivirus (Microsoft Defender AV), Microsoft Defender ATP, and Symantec Endpoint Protection. You also create device groups, collections, and organizational units. |
+|[![Phase 1: Prepare](images/prepare.png)](symantec-to-microsoft-defender-atp-prepare.md)<br/>[Prepare for your migration](symantec-to-microsoft-defender-atp-prepare.md) |During this phase, you get Microsoft Defender ATP, plan your roles and permissions, and grant access to the Microsoft Defender Security Center. You also configure your device proxy and internet settings to enable communication between your organization's devices and Microsoft Defender ATP. |
+|[![Phase 2: Set up](images/setup.png)](symantec-to-microsoft-defender-atp-setup.md)<br/>[Set up Microsoft Defender ATP](symantec-to-microsoft-defender-atp-setup.md) |During this phase, you configure settings and exclusions for Microsoft Defender Antivirus (Microsoft Defender AV), Microsoft Defender ATP, and Symantec Endpoint Protection. You also create device groups, collections, and organizational units. Finally, you configure your antimalware policies and real-time protection settings.|
 |[![Phase 3: Onboard](images/onboard.png)](symantec-to-microsoft-defender-atp-onboard.md)<br/>[Onboard to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-onboard.md) |During this phase, you onboard your devices to Microsoft Defender ATP and then uninstall Symantec. |
 
 After you have Microsoft Defender ATP set up and deployed, you can [manage the various features and capabilities](microsoft-defender-atp-post-migration-management.md).

From 62cef7827d592a970c8abb86fdfe8f2f867ab270 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 19 Jun 2020 10:02:30 -0700
Subject: [PATCH 166/331] Update symantec-to-microsoft-defender-atp-prepare.md

---
 .../symantec-to-microsoft-defender-atp-prepare.md             | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
index 0402d4e72b..1460b27a61 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
@@ -67,8 +67,8 @@ To enable communication between your devices and Microsoft Defender ATP, configu
 
 |Capabilities  | Operating System | Resources |
 |--|--|--|
-|[Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) | Windows 10 <br/><br/>Windows Server 1803 or later <br/><br/>Windows Server 2019 |[Configure machine proxy and Internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet) |
-|EDR |Windows 7 SP1 <br/><br/>Windows Server 2008 R2 SP1<br/> <br/>Windows 8.1<br/> <br/>Windows Server 2012 R2<br/><br/>Windows Server 2016 |[Configure proxy and Internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#configure-proxy-and-internet-connectivity-settings) |
+|[Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) | Windows 10 <br/><br/>Windows Server 2019<br/><br/>Windows Server 1803 or later  |[Configure machine proxy and Internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet) |
+|EDR |Windows Server 2016 <br/><br/>Windows Server 2012 R2<br/><br/>Windows Server 2008 R2 SP1<br/> <br/>Windows 8.1<br/><br/>Windows 7 SP1 |[Configure proxy and Internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#configure-proxy-and-internet-connectivity-settings) |
 |EDR  |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra)  |[Microsoft Defender ATP for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
 |EDR |Linux |[Microsoft Defender ATP for Linux: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux#network-connections) |
 |[Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) (Microsoft Defender AV) |Windows |[Configure and validate Microsoft Defender Antivirus network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus)<br/> |

From ca5bc910c9dbc01497fc1af62753d04bb8bae7fc Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 19 Jun 2020 10:22:50 -0700
Subject: [PATCH 167/331] Update symantec-to-microsoft-defender-atp-prepare.md

---
 .../symantec-to-microsoft-defender-atp-prepare.md               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
index 1460b27a61..665f48fda9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
@@ -67,7 +67,7 @@ To enable communication between your devices and Microsoft Defender ATP, configu
 
 |Capabilities  | Operating System | Resources |
 |--|--|--|
-|[Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) | Windows 10 <br/><br/>Windows Server 2019<br/><br/>Windows Server 1803 or later  |[Configure machine proxy and Internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet) |
+|[Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) | [Windows 10](https://docs.microsoft.com/windows/release-information) <br/><br/>[Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/><br/>[Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803)  |[Configure machine proxy and Internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet) |
 |EDR |Windows Server 2016 <br/><br/>Windows Server 2012 R2<br/><br/>Windows Server 2008 R2 SP1<br/> <br/>Windows 8.1<br/><br/>Windows 7 SP1 |[Configure proxy and Internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#configure-proxy-and-internet-connectivity-settings) |
 |EDR  |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra)  |[Microsoft Defender ATP for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
 |EDR |Linux |[Microsoft Defender ATP for Linux: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux#network-connections) |

From dee4724f9a2e99ce830e0267b49b5d9889b92b96 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 19 Jun 2020 10:28:21 -0700
Subject: [PATCH 168/331] continuing work

---
 .../symantec-to-microsoft-defender-atp-onboard.md           | 6 +++---
 .../symantec-to-microsoft-defender-atp-prepare.md           | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 2ec2181d2d..bfba1a90f1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -27,9 +27,9 @@ ms.topic: article
 
 **Welcome to Phase 3 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)**. This migration phase includes the following steps:
 
-
-
-#
+1. 
+2. 
+3.  
 
 ## Onboard devices to Microsoft Defender ATP
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
index 665f48fda9..9c010086ca 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
@@ -68,7 +68,7 @@ To enable communication between your devices and Microsoft Defender ATP, configu
 |Capabilities  | Operating System | Resources |
 |--|--|--|
 |[Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) | [Windows 10](https://docs.microsoft.com/windows/release-information) <br/><br/>[Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/><br/>[Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803)  |[Configure machine proxy and Internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet) |
-|EDR |Windows Server 2016 <br/><br/>Windows Server 2012 R2<br/><br/>Windows Server 2008 R2 SP1<br/> <br/>Windows 8.1<br/><br/>Windows 7 SP1 |[Configure proxy and Internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#configure-proxy-and-internet-connectivity-settings) |
+|EDR |[Windows Server 2016](https://docs.microsoft.com/windows/release-information/status-windows-10-1607-and-windows-server-2016) <br/><br/>[Windows Server 2012 R2](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/><br/>[Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/> <br/>[Windows 8.1](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/><br/>[Windows 7 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1) |[Configure proxy and Internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#configure-proxy-and-internet-connectivity-settings) |
 |EDR  |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra)  |[Microsoft Defender ATP for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
 |EDR |Linux |[Microsoft Defender ATP for Linux: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux#network-connections) |
 |[Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) (Microsoft Defender AV) |Windows |[Configure and validate Microsoft Defender Antivirus network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus)<br/> |

From 84b086d29dc3c6a9d115ce43253df8a1badd2179 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 19 Jun 2020 10:30:41 -0700
Subject: [PATCH 169/331] cont'd work on the guide

---
 .../symantec-to-microsoft-defender-atp-migration.md           | 2 +-
 .../symantec-to-microsoft-defender-atp-onboard.md             | 2 +-
 .../symantec-to-microsoft-defender-atp-prepare.md             | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index 8bb843dba0..89b8c4c10d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -46,4 +46,4 @@ Watch the following video to get an overview:
 
 ## Next step
 
-- When you are ready to begin your migration, proceed to [Prepare for your migration](symantec-to-microsoft-defender-atp-prepare.md).
+- When you are ready to begin your migration, **proceed to [Prepare for your migration](symantec-to-microsoft-defender-atp-prepare.md)**.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index bfba1a90f1..49747caafe 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -70,4 +70,4 @@ Select all apps in the tool and once completed it will require a reboot and once
 
 **Congratulations**! You have completed your [migration from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)!
 
-- After you have Microsoft Defender ATP set up and deployed, your security operations team can manage the various features and capabilities. See [Manage Microsoft Defender ATP, post migration](microsoft-defender-atp-post-migration-management.md).
\ No newline at end of file
+- After you have Microsoft Defender ATP set up and deployed, your security operations team can **[manage the various features and capabilities of Microsoft Defender ATP, post migration](microsoft-defender-atp-post-migration-management.md)**.
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
index 9c010086ca..3576171ee5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
@@ -77,6 +77,6 @@ To enable communication between your devices and Microsoft Defender ATP, configu
 
 ## Next step
 
-**Congratulations**! You have completed the Prepare phase of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)!
+**Congratulations**! You have completed the **Prepare** phase of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)!
 
-- [Proceed to set up Microsoft Defender ATP](symantec-to-microsoft-defender-atp-setup.md)
+- **[Proceed to set up Microsoft Defender ATP](symantec-to-microsoft-defender-atp-setup.md)**

From 71815768660bca82b025e2329dc8e04a2294e8cd Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 19 Jun 2020 10:47:04 -0700
Subject: [PATCH 170/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md         | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 49747caafe..ab9a87050a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -66,8 +66,10 @@ Select all apps in the tool and once completed it will require a reboot and once
 [Uninstall Symantec Endpoint Protection](https://knowledge.broadcom.com/external/article/156148/uninstall-symantec-endpoint-protection.html)
 
 
-## Next step
+## Next steps
 
-**Congratulations**! You have completed your [migration from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)!
+**Congratulations**! You have completed your [migration from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)! You have two next steps:
 
-- After you have Microsoft Defender ATP set up and deployed, your security operations team can **[manage the various features and capabilities of Microsoft Defender ATP, post migration](microsoft-defender-atp-post-migration-management.md)**.
\ No newline at end of file
+- After you have Microsoft Defender ATP set up and deployed, your security operations team can **[manage the various features and capabilities of Microsoft Defender ATP, post migration](microsoft-defender-atp-post-migration-management.md)**.
+
+- **[Visit your security operations dashboard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard)** in the Microsoft Defender Security Center 
\ No newline at end of file

From a113eb8b94dba4250f9a3a9776e0119306bab2b4 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 19 Jun 2020 10:55:19 -0700
Subject: [PATCH 171/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md            | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index ab9a87050a..6512845da8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -33,12 +33,11 @@ ms.topic: article
 
 ## Onboard devices to Microsoft Defender ATP
 
-*WORK IN PROGRESS*
+1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in.
 
-You can choose from several methods to onboard devices to Microsoft Defender ATP. 
+2. Choose **Settings** > **Device management** > **Onboarding**. 
 
 
-Deploy MDATP (EDR) can run side-by-side with any 3rd party EDR and/or AV and/or other security products.
 
 ## Uninstall Symantec
 

From e8e35940ee260abb47be318c605608ce15ba2e24 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 19 Jun 2020 11:14:04 -0700
Subject: [PATCH 172/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md     | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 6512845da8..3c0f899394 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -37,6 +37,17 @@ ms.topic: article
 
 2. Choose **Settings** > **Device management** > **Onboarding**. 
 
+3. In the **Select operating system to start onboarding process** list, select an operating system. 
+
+4. Under **Deployment method**, select an option.
+ 
+Deployment methods vary, depending on which operating system is selected. Refer to the resources listed in the table below to get help with onboarding.
+
+|Operating system  |Method  |
+|---------|---------|
+|Windows 10     |[Group Policy](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp)<br/><br/>[Microsoft Endpoing Configuration Manager](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm)<br/><br/>[Mobile Device Management (Intune)](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm)         |
+|Row2     |         |
+
 
 
 ## Uninstall Symantec

From cb8113ac6d48c5bd2cc1f814cd158070aa7a7e4a Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 19 Jun 2020 11:34:27 -0700
Subject: [PATCH 173/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 3c0f899394..8d32d78860 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -45,7 +45,7 @@ Deployment methods vary, depending on which operating system is selected. Refer
 
 |Operating system  |Method  |
 |---------|---------|
-|Windows 10     |[Group Policy](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp)<br/><br/>[Microsoft Endpoing Configuration Manager](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm)<br/><br/>[Mobile Device Management (Intune)](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm)         |
+|Windows 10     |[Group Policy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp)<br/><br/>[Microsoft Endpoing Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm)<br/><br/>[Mobile Device Management (Intune)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm)         |
 |Row2     |         |
 
 

From cca7b3a0933dcb8feea41db7ea1a3756c47a9336 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 19 Jun 2020 11:35:32 -0700
Subject: [PATCH 174/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 8d32d78860..9300a42cc6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -45,7 +45,7 @@ Deployment methods vary, depending on which operating system is selected. Refer
 
 |Operating system  |Method  |
 |---------|---------|
-|Windows 10     |[Group Policy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp)<br/><br/>[Microsoft Endpoing Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm)<br/><br/>[Mobile Device Management (Intune)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm)         |
+|Windows 10     |[Group Policy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp)<br/><br/>[Microsoft Endpoing Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm)<br/><br/>[Mobile Device Management (Intune)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm)<br/><br/>[Local script](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script)         |
 |Row2     |         |
 
 

From 663013587a0e239af56ca1e33d155950e64f246f Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 19 Jun 2020 11:45:36 -0700
Subject: [PATCH 175/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md             | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 9300a42cc6..923d42463f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -46,7 +46,9 @@ Deployment methods vary, depending on which operating system is selected. Refer
 |Operating system  |Method  |
 |---------|---------|
 |Windows 10     |[Group Policy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp)<br/><br/>[Microsoft Endpoing Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm)<br/><br/>[Mobile Device Management (Intune)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm)<br/><br/>[Local script](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script)         |
-|Row2     |         |
+|Windows 8.1 Enterprise <br/><br/>Windows 8.1 Pro <br/><br/>Windows 7 SP1 Enterprise <br/><br/>Windows 7 SP1 Pro     | [Microsoft Monitoring Agent](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#install-and-configure-microsoft-monitoring-agent-mma-to-report-sensor-data-to-microsoft-defender-atp)        |
+|Windows Server 2019 and later <br/><br/>Windows Server 2019 core edition <br/><br/>Windows Server version 1803 and later |   |
+|Windows Server 2016 <br/><br/>Windows Server 2012 R2 <br/><br/>Windows Server 2008 R2 SP1  |[Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints#option-1-onboard-servers-through-microsoft-defender-security-center)<br/><br/>[Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-wdatp) |
 
 
 

From 61000536737e8abe982c75e1944801d405c38f6c Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 19 Jun 2020 11:47:50 -0700
Subject: [PATCH 176/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 923d42463f..4d88b3d781 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -47,7 +47,7 @@ Deployment methods vary, depending on which operating system is selected. Refer
 |---------|---------|
 |Windows 10     |[Group Policy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp)<br/><br/>[Microsoft Endpoing Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm)<br/><br/>[Mobile Device Management (Intune)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm)<br/><br/>[Local script](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script)         |
 |Windows 8.1 Enterprise <br/><br/>Windows 8.1 Pro <br/><br/>Windows 7 SP1 Enterprise <br/><br/>Windows 7 SP1 Pro     | [Microsoft Monitoring Agent](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#install-and-configure-microsoft-monitoring-agent-mma-to-report-sensor-data-to-microsoft-defender-atp)        |
-|Windows Server 2019 and later <br/><br/>Windows Server 2019 core edition <br/><br/>Windows Server version 1803 and later |   |
+|Windows Server 2019 and later <br/><br/>Windows Server 2019 core edition <br/><br/>Windows Server version 1803 and later |[Local script](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script) <br/><br/>[Group Policy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp) <br/><br/>Microsoft Endpoint Configuration Manager <br/><br/>System Center Configuration Manager 2012 / 2012 R2 1511 / 1602 <br/><br/>VDI onboarding scripts for non-persistent machines   |
 |Windows Server 2016 <br/><br/>Windows Server 2012 R2 <br/><br/>Windows Server 2008 R2 SP1  |[Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints#option-1-onboard-servers-through-microsoft-defender-security-center)<br/><br/>[Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-wdatp) |
 
 

From 882b049c2e79a75d9f1cc8aa0c42111f7ac96f21 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 19 Jun 2020 11:49:11 -0700
Subject: [PATCH 177/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 4d88b3d781..7c77e83bff 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -47,7 +47,7 @@ Deployment methods vary, depending on which operating system is selected. Refer
 |---------|---------|
 |Windows 10     |[Group Policy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp)<br/><br/>[Microsoft Endpoing Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm)<br/><br/>[Mobile Device Management (Intune)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm)<br/><br/>[Local script](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script)         |
 |Windows 8.1 Enterprise <br/><br/>Windows 8.1 Pro <br/><br/>Windows 7 SP1 Enterprise <br/><br/>Windows 7 SP1 Pro     | [Microsoft Monitoring Agent](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#install-and-configure-microsoft-monitoring-agent-mma-to-report-sensor-data-to-microsoft-defender-atp)        |
-|Windows Server 2019 and later <br/><br/>Windows Server 2019 core edition <br/><br/>Windows Server version 1803 and later |[Local script](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script) <br/><br/>[Group Policy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp) <br/><br/>Microsoft Endpoint Configuration Manager <br/><br/>System Center Configuration Manager 2012 / 2012 R2 1511 / 1602 <br/><br/>VDI onboarding scripts for non-persistent machines   |
+|Windows Server 2019 and later <br/><br/>Windows Server 2019 core edition <br/><br/>Windows Server version 1803 and later |[Local script](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script) <br/><br/>[Group Policy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp) <br/><br/>[Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm) <br/><br/>[System Center Configuration Manager 2012 / 2012 R2 1511 / 1602](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm#onboard-windows-10-machines-using-earlier-versions-of-system-center-configuration-manager) <br/><br/>[VDI onboarding scripts for non-persistent machines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi)   |
 |Windows Server 2016 <br/><br/>Windows Server 2012 R2 <br/><br/>Windows Server 2008 R2 SP1  |[Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints#option-1-onboard-servers-through-microsoft-defender-security-center)<br/><br/>[Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-wdatp) |
 
 

From afc1bac0d89de8fc26ca237875d1e17615675e78 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 19 Jun 2020 11:52:25 -0700
Subject: [PATCH 178/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md                | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 7c77e83bff..2078c38736 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -49,6 +49,7 @@ Deployment methods vary, depending on which operating system is selected. Refer
 |Windows 8.1 Enterprise <br/><br/>Windows 8.1 Pro <br/><br/>Windows 7 SP1 Enterprise <br/><br/>Windows 7 SP1 Pro     | [Microsoft Monitoring Agent](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#install-and-configure-microsoft-monitoring-agent-mma-to-report-sensor-data-to-microsoft-defender-atp)        |
 |Windows Server 2019 and later <br/><br/>Windows Server 2019 core edition <br/><br/>Windows Server version 1803 and later |[Local script](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script) <br/><br/>[Group Policy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp) <br/><br/>[Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm) <br/><br/>[System Center Configuration Manager 2012 / 2012 R2 1511 / 1602](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm#onboard-windows-10-machines-using-earlier-versions-of-system-center-configuration-manager) <br/><br/>[VDI onboarding scripts for non-persistent machines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi)   |
 |Windows Server 2016 <br/><br/>Windows Server 2012 R2 <br/><br/>Windows Server 2008 R2 SP1  |[Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints#option-1-onboard-servers-through-microsoft-defender-security-center)<br/><br/>[Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-wdatp) |
+|macOS<br/><br/>Linux |[Onboard non-Windows machines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows)  |
 
 
 

From dc5b21d57ac4e94ae0c880c45888f2c4893472a5 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 19 Jun 2020 12:04:16 -0700
Subject: [PATCH 179/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 2078c38736..5b36ffbead 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -39,7 +39,9 @@ ms.topic: article
 
 3. In the **Select operating system to start onboarding process** list, select an operating system. 
 
-4. Under **Deployment method**, select an option.
+4. Under **Deployment method**, select an option. Follow the links and prompts to onboard your organization's devices. Need help? See [Onboarding methods](#onboarding-methods).
+
+### Onboarding methods
  
 Deployment methods vary, depending on which operating system is selected. Refer to the resources listed in the table below to get help with onboarding.
 
@@ -49,8 +51,17 @@ Deployment methods vary, depending on which operating system is selected. Refer
 |Windows 8.1 Enterprise <br/><br/>Windows 8.1 Pro <br/><br/>Windows 7 SP1 Enterprise <br/><br/>Windows 7 SP1 Pro     | [Microsoft Monitoring Agent](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#install-and-configure-microsoft-monitoring-agent-mma-to-report-sensor-data-to-microsoft-defender-atp)        |
 |Windows Server 2019 and later <br/><br/>Windows Server 2019 core edition <br/><br/>Windows Server version 1803 and later |[Local script](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script) <br/><br/>[Group Policy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp) <br/><br/>[Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm) <br/><br/>[System Center Configuration Manager 2012 / 2012 R2 1511 / 1602](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm#onboard-windows-10-machines-using-earlier-versions-of-system-center-configuration-manager) <br/><br/>[VDI onboarding scripts for non-persistent machines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi)   |
 |Windows Server 2016 <br/><br/>Windows Server 2012 R2 <br/><br/>Windows Server 2008 R2 SP1  |[Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints#option-1-onboard-servers-through-microsoft-defender-security-center)<br/><br/>[Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-wdatp) |
-|macOS<br/><br/>Linux |[Onboard non-Windows machines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows)  |
+|macOS<br/><br/>iOS<br/><br/>Linux |[Onboard non-Windows machines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows)  |
 
+## Run a detection test
+
+To verify that your onboarded devices are properly connected to Microsoft Defender ATP, you can run a detection test.
+
+
+|Operating system  |Guidance  |
+|---------|---------|
+|Windows 10 <br/><br/>Windows Server 2019 <br/><br/>Windows Server, version 1803 <br/><br/>Windows Server 2016 <br/><br/>Windows Server 2012 R2     |[Run a detection test](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/run-detection-test)         |
+|Row2     |         |
 
 
 ## Uninstall Symantec

From 3592b4de1ea8aa55274fc0da9d263c82c731bc42 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 19 Jun 2020 12:13:30 -0700
Subject: [PATCH 180/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md              | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 5b36ffbead..d0f4093d05 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -61,7 +61,8 @@ To verify that your onboarded devices are properly connected to Microsoft Defend
 |Operating system  |Guidance  |
 |---------|---------|
 |Windows 10 <br/><br/>Windows Server 2019 <br/><br/>Windows Server, version 1803 <br/><br/>Windows Server 2016 <br/><br/>Windows Server 2012 R2     |[Run a detection test](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/run-detection-test)         |
-|Row2     |         |
+|macOS<br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave)<br/>- 10.13 (High Sierra)     |Using Terminal, run the following command: <br/>`$ mdatp --connectivity-test` <br/><br/>For more information, see [Microsoft Defender Advanced Threat Protection for Mac](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac)        |
+|Linux |1. Run the following command, and look for a result of **1**: <br/>`Ensure that real-time protection is enabled (denoted by a result of 1 from running the following command):` <br/><br/>2. Open a Terminal windows, and run the following command: <br/>`curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt` <br/><br/>3. Run the following command to list any detected threats: <br/>`mdatp threat list` <br/><br/>For more information, see [Microsoft Defender ATP for Linux](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux). |
 
 
 ## Uninstall Symantec

From 795bea718d90741f7ad937c79c4e413443b56155 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 19 Jun 2020 12:14:57 -0700
Subject: [PATCH 181/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index d0f4093d05..91d7e3c37c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -60,7 +60,7 @@ To verify that your onboarded devices are properly connected to Microsoft Defend
 
 |Operating system  |Guidance  |
 |---------|---------|
-|Windows 10 <br/><br/>Windows Server 2019 <br/><br/>Windows Server, version 1803 <br/><br/>Windows Server 2016 <br/><br/>Windows Server 2012 R2     |[Run a detection test](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/run-detection-test)         |
+|Windows 10 <br/>Windows Server 2019 <br/>Windows Server, version 1803 <br/>Windows Server 2016 <br/>Windows Server 2012 R2     |[Run a detection test](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/run-detection-test)         |
 |macOS<br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave)<br/>- 10.13 (High Sierra)     |Using Terminal, run the following command: <br/>`$ mdatp --connectivity-test` <br/><br/>For more information, see [Microsoft Defender Advanced Threat Protection for Mac](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac)        |
 |Linux |1. Run the following command, and look for a result of **1**: <br/>`Ensure that real-time protection is enabled (denoted by a result of 1 from running the following command):` <br/><br/>2. Open a Terminal windows, and run the following command: <br/>`curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt` <br/><br/>3. Run the following command to list any detected threats: <br/>`mdatp threat list` <br/><br/>For more information, see [Microsoft Defender ATP for Linux](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux). |
 

From b97469b3dadc7fb221c80c1aa819b681127f018a Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 19 Jun 2020 12:15:36 -0700
Subject: [PATCH 182/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 91d7e3c37c..0841075a9b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -62,7 +62,7 @@ To verify that your onboarded devices are properly connected to Microsoft Defend
 |---------|---------|
 |Windows 10 <br/>Windows Server 2019 <br/>Windows Server, version 1803 <br/>Windows Server 2016 <br/>Windows Server 2012 R2     |[Run a detection test](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/run-detection-test)         |
 |macOS<br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave)<br/>- 10.13 (High Sierra)     |Using Terminal, run the following command: <br/>`$ mdatp --connectivity-test` <br/><br/>For more information, see [Microsoft Defender Advanced Threat Protection for Mac](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac)        |
-|Linux |1. Run the following command, and look for a result of **1**: <br/>`Ensure that real-time protection is enabled (denoted by a result of 1 from running the following command):` <br/><br/>2. Open a Terminal windows, and run the following command: <br/>`curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt` <br/><br/>3. Run the following command to list any detected threats: <br/>`mdatp threat list` <br/><br/>For more information, see [Microsoft Defender ATP for Linux](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux). |
+|Linux |1. Run the following command, and look for a result of **1**: <br/>`Ensure that real-time protection is enabled (denoted by a result of 1 from running the following command):` <br/><br/>2. Open a Terminal window, and run the following command: <br/>`curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt` <br/><br/>3. Run the following command to list any detected threats: <br/>`mdatp threat list` <br/><br/>For more information, see [Microsoft Defender ATP for Linux](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux). |
 
 
 ## Uninstall Symantec

From 5e223e6a42d41cefecb36dc8c60ce17c89474c1a Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 19 Jun 2020 12:20:52 -0700
Subject: [PATCH 183/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md      | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 0841075a9b..18927ed48d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -47,11 +47,11 @@ Deployment methods vary, depending on which operating system is selected. Refer
 
 |Operating system  |Method  |
 |---------|---------|
-|Windows 10     |[Group Policy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp)<br/><br/>[Microsoft Endpoing Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm)<br/><br/>[Mobile Device Management (Intune)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm)<br/><br/>[Local script](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script)         |
-|Windows 8.1 Enterprise <br/><br/>Windows 8.1 Pro <br/><br/>Windows 7 SP1 Enterprise <br/><br/>Windows 7 SP1 Pro     | [Microsoft Monitoring Agent](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#install-and-configure-microsoft-monitoring-agent-mma-to-report-sensor-data-to-microsoft-defender-atp)        |
-|Windows Server 2019 and later <br/><br/>Windows Server 2019 core edition <br/><br/>Windows Server version 1803 and later |[Local script](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script) <br/><br/>[Group Policy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp) <br/><br/>[Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm) <br/><br/>[System Center Configuration Manager 2012 / 2012 R2 1511 / 1602](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm#onboard-windows-10-machines-using-earlier-versions-of-system-center-configuration-manager) <br/><br/>[VDI onboarding scripts for non-persistent machines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi)   |
-|Windows Server 2016 <br/><br/>Windows Server 2012 R2 <br/><br/>Windows Server 2008 R2 SP1  |[Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints#option-1-onboard-servers-through-microsoft-defender-security-center)<br/><br/>[Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-wdatp) |
-|macOS<br/><br/>iOS<br/><br/>Linux |[Onboard non-Windows machines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows)  |
+|Windows 10     |- [Group Policy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp)<br/>- [Microsoft Endpoing Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm)<br/>- [Mobile Device Management (Intune)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm)<br/>- [Local script](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script)         |
+|Windows 8.1 Enterprise <br/>Windows 8.1 Pro <br/>Windows 7 SP1 Enterprise <br/>Windows 7 SP1 Pro     | [Microsoft Monitoring Agent](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#install-and-configure-microsoft-monitoring-agent-mma-to-report-sensor-data-to-microsoft-defender-atp)        |
+|Windows Server 2019 and later <br/>Windows Server 2019 core edition <br/>Windows Server version 1803 and later |- [Local script](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script) <br/>- [Group Policy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp) <br/>- [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm) <br/>- [System Center Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm#onboard-windows-10-machines-using-earlier-versions-of-system-center-configuration-manager) <br/>- [VDI onboarding scripts for non-persistent machines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi)   |
+|Windows Server 2016 <br/>Windows Server 2012 R2 <br/>Windows Server 2008 R2 SP1  |- [Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints#option-1-onboard-servers-through-microsoft-defender-security-center)<br/>- [Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-wdatp) |
+|macOS<br/>iOS<br/>Linux |[Onboard non-Windows machines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows)  |
 
 ## Run a detection test
 

From d246d6b48035975ac9c7314d44b1c2b0e7d7d630 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 19 Jun 2020 12:42:26 -0700
Subject: [PATCH 184/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 ...antec-to-microsoft-defender-atp-onboard.md | 26 +++----------------
 1 file changed, 3 insertions(+), 23 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 18927ed48d..4e85cd218a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -62,34 +62,14 @@ To verify that your onboarded devices are properly connected to Microsoft Defend
 |---------|---------|
 |Windows 10 <br/>Windows Server 2019 <br/>Windows Server, version 1803 <br/>Windows Server 2016 <br/>Windows Server 2012 R2     |[Run a detection test](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/run-detection-test)         |
 |macOS<br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave)<br/>- 10.13 (High Sierra)     |Using Terminal, run the following command: <br/>`$ mdatp --connectivity-test` <br/><br/>For more information, see [Microsoft Defender Advanced Threat Protection for Mac](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac)        |
-|Linux |1. Run the following command, and look for a result of **1**: <br/>`Ensure that real-time protection is enabled (denoted by a result of 1 from running the following command):` <br/><br/>2. Open a Terminal window, and run the following command: <br/>`curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt` <br/><br/>3. Run the following command to list any detected threats: <br/>`mdatp threat list` <br/><br/>For more information, see [Microsoft Defender ATP for Linux](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux). |
+|Linux |1. Run the following command, and look for a result of **1**: <br/>`mdatp health --field real_time_protection_enabled` <br/><br/>2. Open a Terminal window, and run the following command: <br/>`curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt` <br/><br/>3. Run the following command to list any detected threats: <br/>`mdatp threat list` <br/><br/>For more information, see [Microsoft Defender ATP for Linux](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux). |
 
 
 ## Uninstall Symantec
 
-*WORK IN PROGRESS*
-
-Uninstall 3rd party EDR (RSA NetWitness)
-
-Uninstall 3rd party SEP AV
-1)	Unblock password (Anti-tamper, in order to remove)
-2)	Refresh SEP policy 
-<Add the command here.>
-3)	Uninstall the Endpoint Protection client using the command prompt
-https://support.symantec.com/us/en/article.tech102470.html
-
-There is an example for both PowerShell and DOS.  This script could be automated to check for a ReturnValue to equal zero and if not then run “CleanWipe”
-
-Download the CleanWipe removal tool to uninstall Endpoint Protection
-https://support.symantec.com/us/en/article.howto124983.html
-Note:  SEP 14 now forces end-user interaction.
-
-Article has the download and readme.
- 
-Select all apps in the tool and once completed it will require a reboot and once you log back in the software will continue and show completion.  You will need to periodically check this article as they update the software versions often.  You can also verify when running if it requires an update.
-
-[Uninstall Symantec Endpoint Protection](https://knowledge.broadcom.com/external/article/156148/uninstall-symantec-endpoint-protection.html)
+Now that you have configured Microsoft Defender ATP and have onboarded your organization's devices, your next step is to uninstall Symantec.
 
+- Follow the guidance in [Uninstall Symantec Endpoint Protection](https://knowledge.broadcom.com/external/article/156148/uninstall-symantec-endpoint-protection.html)
 
 ## Next steps
 

From 1a90c320b36e9ad9b17d23324a98a36ff280f228 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 19 Jun 2020 12:43:20 -0700
Subject: [PATCH 185/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md                | 1 -
 1 file changed, 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 4e85cd218a..5ab76cba5b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -64,7 +64,6 @@ To verify that your onboarded devices are properly connected to Microsoft Defend
 |macOS<br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave)<br/>- 10.13 (High Sierra)     |Using Terminal, run the following command: <br/>`$ mdatp --connectivity-test` <br/><br/>For more information, see [Microsoft Defender Advanced Threat Protection for Mac](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac)        |
 |Linux |1. Run the following command, and look for a result of **1**: <br/>`mdatp health --field real_time_protection_enabled` <br/><br/>2. Open a Terminal window, and run the following command: <br/>`curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt` <br/><br/>3. Run the following command to list any detected threats: <br/>`mdatp threat list` <br/><br/>For more information, see [Microsoft Defender ATP for Linux](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux). |
 
-
 ## Uninstall Symantec
 
 Now that you have configured Microsoft Defender ATP and have onboarded your organization's devices, your next step is to uninstall Symantec.

From 8f9c02c2ba462a0990dd91310e2e3901fcd6043e Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 19 Jun 2020 12:44:30 -0700
Subject: [PATCH 186/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md           | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 5ab76cba5b..60043589cb 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -27,9 +27,9 @@ ms.topic: article
 
 **Welcome to Phase 3 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)**. This migration phase includes the following steps:
 
-1. 
-2. 
-3.  
+1. [Onboard devices to Microsoft Defender ATP](#onboard-devices-to-microsoft-defender-atp)
+2. [Run a detection test](#run-a-detection-test)
+3. [Uninstall Symantec](#uninstall-symantec) 
 
 ## Onboard devices to Microsoft Defender ATP
 

From 7c8b2fdadc1bb5d9bbe6ee3db176a2fef4b2e982 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 19 Jun 2020 12:51:03 -0700
Subject: [PATCH 187/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md             | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 60043589cb..5bdc620f3e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -47,9 +47,9 @@ Deployment methods vary, depending on which operating system is selected. Refer
 
 |Operating system  |Method  |
 |---------|---------|
-|Windows 10     |- [Group Policy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp)<br/>- [Microsoft Endpoing Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm)<br/>- [Mobile Device Management (Intune)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm)<br/>- [Local script](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script)         |
+|Windows 10     |- [Group Policy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp)<br/>- [Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm)<br/>- [Mobile Device Management (Intune)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm)<br/>- [Local script](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script)         |
 |Windows 8.1 Enterprise <br/>Windows 8.1 Pro <br/>Windows 7 SP1 Enterprise <br/>Windows 7 SP1 Pro     | [Microsoft Monitoring Agent](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#install-and-configure-microsoft-monitoring-agent-mma-to-report-sensor-data-to-microsoft-defender-atp)        |
-|Windows Server 2019 and later <br/>Windows Server 2019 core edition <br/>Windows Server version 1803 and later |- [Local script](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script) <br/>- [Group Policy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp) <br/>- [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm) <br/>- [System Center Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm#onboard-windows-10-machines-using-earlier-versions-of-system-center-configuration-manager) <br/>- [VDI onboarding scripts for non-persistent machines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi)   |
+|Windows Server 2019 and later <br/>Windows Server 2019 core edition <br/>Windows Server version 1803 and later |- [Local script](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script) <br/>- [Group Policy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp) <br/>- [Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm) <br/>- [System Center Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm#onboard-windows-10-machines-using-earlier-versions-of-system-center-configuration-manager) <br/>- [VDI onboarding scripts for non-persistent machines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi)   |
 |Windows Server 2016 <br/>Windows Server 2012 R2 <br/>Windows Server 2008 R2 SP1  |- [Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints#option-1-onboard-servers-through-microsoft-defender-security-center)<br/>- [Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-wdatp) |
 |macOS<br/>iOS<br/>Linux |[Onboard non-Windows machines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows)  |
 

From 03d5c9cc1b9f27e8d35b4f2db56f31d56fa0fddf Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 19 Jun 2020 12:52:58 -0700
Subject: [PATCH 188/331] Update
 symantec-to-microsoft-defender-atp-migration.md

---
 .../symantec-to-microsoft-defender-atp-migration.md             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index 89b8c4c10d..422bcb1762 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -29,7 +29,7 @@ The process of switching from Symantec to Microsoft Defender ATP can be divided
 |--|--|
 |[![Phase 1: Prepare](images/prepare.png)](symantec-to-microsoft-defender-atp-prepare.md)<br/>[Prepare for your migration](symantec-to-microsoft-defender-atp-prepare.md) |During this phase, you get Microsoft Defender ATP, plan your roles and permissions, and grant access to the Microsoft Defender Security Center. You also configure your device proxy and internet settings to enable communication between your organization's devices and Microsoft Defender ATP. |
 |[![Phase 2: Set up](images/setup.png)](symantec-to-microsoft-defender-atp-setup.md)<br/>[Set up Microsoft Defender ATP](symantec-to-microsoft-defender-atp-setup.md) |During this phase, you configure settings and exclusions for Microsoft Defender Antivirus (Microsoft Defender AV), Microsoft Defender ATP, and Symantec Endpoint Protection. You also create device groups, collections, and organizational units. Finally, you configure your antimalware policies and real-time protection settings.|
-|[![Phase 3: Onboard](images/onboard.png)](symantec-to-microsoft-defender-atp-onboard.md)<br/>[Onboard to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-onboard.md) |During this phase, you onboard your devices to Microsoft Defender ATP and then uninstall Symantec. |
+|[![Phase 3: Onboard](images/onboard.png)](symantec-to-microsoft-defender-atp-onboard.md)<br/>[Onboard to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-onboard.md) |During this phase, you onboard your devices to Microsoft Defender ATP and verify that those devices are communicating with Microsoft Defender ATP. Last, you uninstall Symantec. |
 
 After you have Microsoft Defender ATP set up and deployed, you can [manage the various features and capabilities](microsoft-defender-atp-post-migration-management.md).
 

From 75ea8bbd237487c6b74a3668b65c9f99c98ef158 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 19 Jun 2020 12:56:32 -0700
Subject: [PATCH 189/331] Update
 symantec-to-microsoft-defender-atp-migration.md

---
 .../symantec-to-microsoft-defender-atp-migration.md             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index 422bcb1762..180bfb2916 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -19,7 +19,7 @@ ms.topic: article
 
 # Migrate from Symantec to Microsoft Defender Advanced Threat Protection
 
-If you are planning to switch from Symantec Endpoint Protection (Symantec) to [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://docs.microsoft.com/windows/security/threat-protection), you're in the right place. Use this article as a guide to plan your migration.  
+If you are planning to switch from Symantec Endpoint Protection (Symantec) to [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection) (Microsoft Defender ATP), you're in the right place. Use this article as a guide to plan your migration.  
 
 ## The migration process
 

From c63876b7951246dbae2644604e06035d7e91d396 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 19 Jun 2020 13:04:14 -0700
Subject: [PATCH 190/331] Update
 microsoft-defender-atp-post-migration-management.md

---
 .../microsoft-defender-atp-post-migration-management.md      | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-post-migration-management.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-post-migration-management.md
index eb672f2ff0..b15d10605c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-post-migration-management.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-post-migration-management.md
@@ -34,7 +34,10 @@ We recommend using [Intune](https://docs.microsoft.com/intune/fundamentals/what-
 ## Additional methods
 
 In addition to using Intune to manage Microsoft Defender ATP, you can choose from other options. These include the following:
-
+- Group Policy Objects
+- PowerShell
+- Windows Management Instrumentation
+- MPCmdRun.exe
 
 ## Related articles
 

From 15884175a5435a45b746df4817ba7ce4be12b3b8 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 19 Jun 2020 13:08:54 -0700
Subject: [PATCH 191/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 5bdc620f3e..68ff89481f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -72,7 +72,7 @@ Now that you have configured Microsoft Defender ATP and have onboarded your orga
 
 ## Next steps
 
-**Congratulations**! You have completed your [migration from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)! You have two next steps:
+**Congratulations**! You have completed your [migration from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)! You have two next steps:
 
 - After you have Microsoft Defender ATP set up and deployed, your security operations team can **[manage the various features and capabilities of Microsoft Defender ATP, post migration](microsoft-defender-atp-post-migration-management.md)**.
 

From a614a8fc4b952427c339b853369e6fa881f1ff66 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 19 Jun 2020 13:09:43 -0700
Subject: [PATCH 192/331] Update symantec-to-microsoft-defender-atp-prepare.md

---
 .../symantec-to-microsoft-defender-atp-prepare.md               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
index 3576171ee5..3ec79477d0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
@@ -77,6 +77,6 @@ To enable communication between your devices and Microsoft Defender ATP, configu
 
 ## Next step
 
-**Congratulations**! You have completed the **Prepare** phase of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)!
+**Congratulations**! You have completed the **Prepare** phase of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)!
 
 - **[Proceed to set up Microsoft Defender ATP](symantec-to-microsoft-defender-atp-setup.md)**

From e95a550affca8cf17bcfa957180129876d35c364 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 19 Jun 2020 13:10:29 -0700
Subject: [PATCH 193/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index d70d69777c..54dfc7efec 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -192,6 +192,6 @@ Using Configuration Manager and your device collection(s), configure your antima
 
 ## Next step
 
-**Congratulations**! You have completed the Setup phase of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)!
+**Congratulations**! You have completed the Setup phase of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)!
 
 - [Proceed to Phase 3: Onboard to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-onboard.md)

From 8db6d49f7d6dc8e9efa4190cf21c90d49b30620b Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 19 Jun 2020 15:26:28 -0700
Subject: [PATCH 194/331] Update
 symantec-to-microsoft-defender-atp-migration.md

---
 .../symantec-to-microsoft-defender-atp-migration.md             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index 180bfb2916..cedae0ec3b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -23,7 +23,7 @@ If you are planning to switch from Symantec Endpoint Protection (Symantec) to [M
 
 ## The migration process
 
-The process of switching from Symantec to Microsoft Defender ATP can be divided into three phases or parts, as listed in the following table. 
+When you switch from Symantec to Microsoft Defender ATP, you follow a process that can be divided into three phases. The following table lists the three phases and what happens during each phase. 
 
 |Phase |Description |
 |--|--|

From 7ae43bf6fd88b8f5c2a9f1d903c4c5412bd38dfd Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 19 Jun 2020 15:27:11 -0700
Subject: [PATCH 195/331] Update
 symantec-to-microsoft-defender-atp-migration.md

---
 .../symantec-to-microsoft-defender-atp-migration.md             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index cedae0ec3b..9ea6c4f882 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -46,4 +46,4 @@ Watch the following video to get an overview:
 
 ## Next step
 
-- When you are ready to begin your migration, **proceed to [Prepare for your migration](symantec-to-microsoft-defender-atp-prepare.md)**.
+- When you are ready to begin, **proceed to [Prepare for your migration](symantec-to-microsoft-defender-atp-prepare.md)**.

From f3849218dfe074e7282c84b955eaefc5828fde3c Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 19 Jun 2020 15:41:16 -0700
Subject: [PATCH 196/331] yanking manage article

---
 ...-defender-atp-post-migration-management.md | 46 -------------------
 ...antec-to-microsoft-defender-atp-onboard.md |  4 +-
 2 files changed, 1 insertion(+), 49 deletions(-)
 delete mode 100644 windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-post-migration-management.md

diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-post-migration-management.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-post-migration-management.md
deleted file mode 100644
index b15d10605c..0000000000
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-post-migration-management.md
+++ /dev/null
@@ -1,46 +0,0 @@
----
-title: Migrate from Symantec to Microsoft Defender ATP
-description: Make the switch from Symantec to Microsoft Defender ATP
-keywords: migration, windows defender advanced threat protection, atp, edr
-search.product: eADQiWindows 10XVcnh
-search.appverid: met150
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: deniseb
-author: denisebmsft
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance 
-ms.topic: article
----
-
-# Manage Microsoft Defender ATP, post migration
-
-After you have moved from your previous threat protection solution to Microsoft Defender ATP, you can choose from several methods to manage your features and capabilities. 
-
-We recommend using [Intune](https://docs.microsoft.com/intune/fundamentals/what-is-intune). The following table lists various tasks and resources to manage features and capabilities of Microsoft Defender ATP with Intune.
-
-|Task | Resources to learn more |
-|---|---|
-|Enforce compliance for Microsoft Defender ATP with Conditional Access in Intune |[Enforce compliance for Microsoft Defender ATP with Conditional Access in Intune](https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection) | 
-|Specify device restrictions for Microsoft Defender Antivirus |[Device restrictions: Microsoft Defender Antivirus](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus) |
-|Specify exclusions for Microsoft Defender Antivirus|[Device restrictions: Microsoft Defender Antivirus Exclusions](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions)<br/><br/>[Configure Windows Defender Antivirus exclusions on Windows Server](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus)<br/><br/>[Microsoft Antivirus Exclusion List (Windows Server)](https://social.technet.microsoft.com/wiki/contents/articles/953.microsoft-anti-virus-exclusion-list.aspx) |
-|Manage attack surface reduction rules <br/><br/>(A sample Power BI dashboard is available to review your attack surface reduction rules. [Get the template here](https://github.com/microsoft/MDATP-PowerBI-Templates/tree/master/Attack%20Surface%20Reduction%20rules).)|[Endpoint protection: Attack surface reduction rules](https://docs.microsoft.com/mem/intune/protect/endpoint-protection-windows-10?toc=%2Fintune%2Fconfiguration%2Ftoc.json&bc=%2Fintune%2Fconfiguration%2Fbreadcrumb%2Ftoc.json#attack-surface-reduction-rules)<br/><br/>|
-|Manage network protection   |*more to come*   |
-
-## Additional methods
-
-In addition to using Intune to manage Microsoft Defender ATP, you can choose from other options. These include the following:
-- Group Policy Objects
-- PowerShell
-- Windows Management Instrumentation
-- MPCmdRun.exe
-
-## Related articles
-
-[Microsoft Defender ATP deployment guide](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/deployment-phases)
-
-
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 68ff89481f..6c673862fa 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -72,8 +72,6 @@ Now that you have configured Microsoft Defender ATP and have onboarded your orga
 
 ## Next steps
 
-**Congratulations**! You have completed your [migration from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)! You have two next steps:
-
-- After you have Microsoft Defender ATP set up and deployed, your security operations team can **[manage the various features and capabilities of Microsoft Defender ATP, post migration](microsoft-defender-atp-post-migration-management.md)**.
+**Congratulations**! You have completed your [migration from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)! 
 
 - **[Visit your security operations dashboard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard)** in the Microsoft Defender Security Center 
\ No newline at end of file

From 5c20ec1755a999a71a2450bc5dfd3172e0d5e94e Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 19 Jun 2020 15:41:44 -0700
Subject: [PATCH 197/331] Update TOC.md

---
 windows/security/threat-protection/TOC.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index b743f3073a..3743899296 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -599,7 +599,6 @@
 ##### [Prepare for your migration](microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md)
 ##### [Set up Microsoft Defender ATP](microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md)
 ##### [Onboard to Microsoft Defender ATP](microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md)
-#### [Manage Microsoft Defender ATP post migration](microsoft-defender-atp/microsoft-defender-atp-post-migration-management.md)
 
 ### [Partner integration scenarios]()
 #### [Technical partner opportunities](microsoft-defender-atp/partner-integration.md)

From 74fb4e13438eaacbcbe9d82e287b1bae7e3339e4 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 19 Jun 2020 15:42:07 -0700
Subject: [PATCH 198/331] Update
 symantec-to-microsoft-defender-atp-migration.md

---
 .../symantec-to-microsoft-defender-atp-migration.md             | 2 --
 1 file changed, 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index 9ea6c4f882..3ef006515e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -31,8 +31,6 @@ When you switch from Symantec to Microsoft Defender ATP, you follow a process th
 |[![Phase 2: Set up](images/setup.png)](symantec-to-microsoft-defender-atp-setup.md)<br/>[Set up Microsoft Defender ATP](symantec-to-microsoft-defender-atp-setup.md) |During this phase, you configure settings and exclusions for Microsoft Defender Antivirus (Microsoft Defender AV), Microsoft Defender ATP, and Symantec Endpoint Protection. You also create device groups, collections, and organizational units. Finally, you configure your antimalware policies and real-time protection settings.|
 |[![Phase 3: Onboard](images/onboard.png)](symantec-to-microsoft-defender-atp-onboard.md)<br/>[Onboard to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-onboard.md) |During this phase, you onboard your devices to Microsoft Defender ATP and verify that those devices are communicating with Microsoft Defender ATP. Last, you uninstall Symantec. |
 
-After you have Microsoft Defender ATP set up and deployed, you can [manage the various features and capabilities](microsoft-defender-atp-post-migration-management.md).
-
 ## What's included in Microsoft Defender ATP?
 
 Microsoft Defender ATP is more than endpoint protection and antivirus. Microsoft Defender ATP is a unified platform for preventative protection, post-breach detection, automated investigation, and response. 

From 28e8b8e83cae97436f65a05ae1eb7d28e790101a Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 19 Jun 2020 15:44:15 -0700
Subject: [PATCH 199/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md         | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 6c673862fa..96ab0e0d7d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -27,9 +27,9 @@ ms.topic: article
 
 **Welcome to Phase 3 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)**. This migration phase includes the following steps:
 
-1. [Onboard devices to Microsoft Defender ATP](#onboard-devices-to-microsoft-defender-atp)
-2. [Run a detection test](#run-a-detection-test)
-3. [Uninstall Symantec](#uninstall-symantec) 
+1. [Onboard devices to Microsoft Defender ATP](#onboard-devices-to-microsoft-defender-atp).
+2. [Run a detection test](#run-a-detection-test).
+3. [Uninstall Symantec](#uninstall-symantec).
 
 ## Onboard devices to Microsoft Defender ATP
 
@@ -66,7 +66,7 @@ To verify that your onboarded devices are properly connected to Microsoft Defend
 
 ## Uninstall Symantec
 
-Now that you have configured Microsoft Defender ATP and have onboarded your organization's devices, your next step is to uninstall Symantec.
+Now that you have onboarded your organization's devices to Microsoft Defender ATP, your next step is to uninstall Symantec.
 
 - Follow the guidance in [Uninstall Symantec Endpoint Protection](https://knowledge.broadcom.com/external/article/156148/uninstall-symantec-endpoint-protection.html)
 

From 4e9d53161995cb4ddbb7b65d820519e8bd8073e3 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 19 Jun 2020 15:46:04 -0700
Subject: [PATCH 200/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md      | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 54dfc7efec..b062ff66de 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -25,13 +25,13 @@ ms.topic: article
 ||*You are here!* | |
 
 **Welcome to the Setup phase of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)**. This phase includes the following steps:
-1. [Set Microsoft Defender AV to passive mode](#set-microsoft-defender-av-to-passive-mode) on certain versions of Windows
+1. [Set Microsoft Defender AV to passive mode](#set-microsoft-defender-av-to-passive-mode) (on certain versions of Windows).
 2. [Enable Microsoft Defender AV](#enable-microsoft-defender-antivirus).
-3. [Add Microsoft Defender ATP to the exclusion list for Symantec](#add-microsoft-defender-atp-to-the-exclusion-list-for-symantec)
-4. [Add Symantec to the exclusion list for Microsoft Defender AV](#add-symantec-to-the-exclusion-list-for-microsoft-defender-av) 
-5. [Add Symantec to the exclusion list for Microsoft Defender ATP](#add-symantec-to-the-exclusion-list-for-microsoft-defender-atp) 
-6. [Set up your device groups, device collections, and organizational units](#set-up-your-device-groups-device-collections-and-organizational-units) 
-7. [Configure antimalware policies and real-time protection](#configure-antimalware-policies-and-real-time-protection)
+3. [Add Microsoft Defender ATP to the exclusion list for Symantec](#add-microsoft-defender-atp-to-the-exclusion-list-for-symantec).
+4. [Add Symantec to the exclusion list for Microsoft Defender AV](#add-symantec-to-the-exclusion-list-for-microsoft-defender-av). 
+5. [Add Symantec to the exclusion list for Microsoft Defender ATP](#add-symantec-to-the-exclusion-list-for-microsoft-defender-atp).
+6. [Set up your device groups, device collections, and organizational units](#set-up-your-device-groups-device-collections-and-organizational-units).
+7. [Configure antimalware policies and real-time protection](#configure-antimalware-policies-and-real-time-protection).
 
 ## Set Microsoft Defender AV to passive mode
 

From a08fec3c1bbde882e8b712f1ffe762859b44c39b Mon Sep 17 00:00:00 2001
From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com>
Date: Mon, 22 Jun 2020 16:08:43 +0530
Subject: [PATCH 201/331] added

windows 2004
---
 ...rosoft-defender-smartscreen-available-settings.md | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md
index 60760b7cac..4f0891df0c 100644
--- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md
+++ b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md
@@ -33,27 +33,29 @@ SmartScreen uses registry-based Administrative Template policy settings. For mor
 <th align="left">Description</th>
 </tr>
 <tr>
+<td><strong>Windows 10, version 2004:</strong><br>Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure Windows Defender SmartScreen<p>
 <td><strong>Windows 10, version 1703:</strong><br>Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure Windows Defender SmartScreen<p><strong>Windows 10, Version 1607 and earlier:</strong><br>Administrative Templates\Windows Components\File Explorer\Configure Windows SmartScreen</td>
 <td>At least Windows Server 2012, Windows 8 or Windows RT</td>
 <td>This policy setting turns on Microsoft Defender SmartScreen.<p>If you enable this setting, it turns on Microsoft Defender SmartScreen and your employees are unable to turn it off. Additionally, when enabling this feature, you must also pick whether Microsoft Defender SmartScreen should Warn your employees or Warn and prevent bypassing the message (effectively blocking the employee from the site).<p>If you disable this setting, it turns off Microsoft Defender SmartScreen and your employees are unable to turn it on.<p>If you don't configure this setting, your employees can decide whether to use Microsoft Defender SmartScreen.</td>
 </tr>
 <tr>
-<td>Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure App Install Control</td>
-<td>Windows 10, version 1703</td>
+<td><strong>Windows 10, version 2004:</strong><br>Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure App Install Control</td>
+<td><strong>Windows 10, version 1703:</strong><br>Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure App Install Control</td>
+<td><strong>Windows 10, version 1703</td>
 <td>This policy setting is intended to prevent malicious content from affecting your user's devices when downloading executable content from the internet.</br></br>This setting does not protect against malicious content from USB devices, network shares or other non-internet sources.</p><p><strong>Important:</strong> Using a trustworthy browser helps ensure that these protections work as expected.</p></td>
 </tr>
 <tr>
-<td><strong>Windows 10, version 1703:</strong><br>Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Configure Windows Defender SmartScreen<p><strong>Windows 10, Version 1607 and earlier:</strong><br>Administrative Templates\Windows Components\Microsoft Edge\Configure Windows SmartScreen</td>
+<td><strong>Windows 10, version 2004:</strong><br>Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Configure Windows Defender SmartScreen<p><strong>Windows 10, version 1703:</strong><br>Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Configure Windows Defender SmartScreen<p><strong>Windows 10, Version 1607 and earlier:</strong><br>Administrative Templates\Windows Components\Microsoft Edge\Configure Windows SmartScreen</td>
 <td>Microsoft Edge on Windows 10 or later</td>
 <td>This policy setting turns on Microsoft Defender SmartScreen.<p>If you enable this setting, it turns on Microsoft Defender SmartScreen and your employees are unable to turn it off.<p>If you disable this setting, it turns off Microsoft Defender SmartScreen and your employees are unable to turn it on.<p>If you don't configure this setting, your employees can decide whether to use Microsoft Defender SmartScreen.</td>
 </tr>
 <tr>
-<td><strong>Windows 10, version 1703:</strong><br>Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for files<p><strong>Windows 10, Version 1511 and 1607:</strong><br>Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows SmartScreen prompts for files</td>
+<td><strong>Windows 10, version 2004:</strong><br>Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for files<p><strong>Windows 10, version 1703:</strong><br>Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for files<p><strong>Windows 10, Version 1511 and 1607:</strong><br>Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows SmartScreen prompts for files</td>
 <td>Microsoft Edge on Windows 10, version 1511 or later</td>
 <td>This policy setting stops employees from bypassing the Microsoft Defender SmartScreen warnings about potentially malicious files.<p>If you enable this setting, it stops employees from bypassing the warning, stopping the file download.<p>If you disable or don't configure this setting, your employees can bypass the warnings and continue to download potentially malicious files.</td>
 </tr>
 <tr>
-<td><strong>Windows 10, version 1703:</strong><br>Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites<p><strong>Windows 10, Version 1511 and 1607:</strong><br>Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows SmartScreen prompts for sites</td>
+<td><strong>Windows 10, version 2004:</strong><br>Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites<p><strong>Windows 10, version 1703:</strong><br>Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites<p><strong>Windows 10, Version 1511 and 1607:</strong><br>Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows SmartScreen prompts for sites</td>
 <td>Microsoft Edge on Windows 10, version 1511 or later</td>
 <td>This policy setting stops employees from bypassing the Microsoft Defender SmartScreen warnings about potentially malicious sites.<p>If you enable this setting, it stops employees from bypassing the warning, stopping them from going to the site.<p>If you disable or don't configure this setting, your employees can bypass the warnings and continue to visit a potentially malicious site.</td>
 </tr>

From 585598032f2facabd0acaf143c1caa9eeda55442 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 22 Jun 2020 13:55:54 -0700
Subject: [PATCH 202/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 ...ymantec-to-microsoft-defender-atp-onboard.md | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 96ab0e0d7d..f5325ba6c8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -68,7 +68,22 @@ To verify that your onboarded devices are properly connected to Microsoft Defend
 
 Now that you have onboarded your organization's devices to Microsoft Defender ATP, your next step is to uninstall Symantec.
 
-- Follow the guidance in [Uninstall Symantec Endpoint Protection](https://knowledge.broadcom.com/external/article/156148/uninstall-symantec-endpoint-protection.html)
+1. [Disable Tamper Protection](https://knowledge.broadcom.com/external/article?legacyId=tech192023) in Symantec.
+
+2. Delete the uninstall password for Symantec:
+   a. On your Windows devices, open Registry Editor as an administrator.
+   b. Go to `HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC`.
+   c. Look for an entry named **SmcInstData**. Right-click the item, and then choose **Delete**. 
+
+3. Remove Symantec from your devices. You can use SEP Manager to perform this task. See [Configuring client packages to uninstall existing security software](https://techdocs.broadcom.com/content/broadcom/techdocs/symantec-security-software/endpoint-security-and-management/endpoint-protection/all/Managing-a-custom-installation/preparing-for-client-installation-v16742985-d21e7/configuring-client-packages-to-uninstall-existing-v73569396-d21e2634.html)
+  
+
+> [!TIP]
+> Need help? See the following Broadcom resources: 
+> - [Uninstall Symantec Endpoint Protection](https://knowledge.broadcom.com/external/article/156148/uninstall-symantec-endpoint-protection.html)
+> -  Windows devices: [Manually uninstall Endpoint Protection 14 clients on Windows](https://knowledge.broadcom.com/external/article?articleId=170040)
+> - macOS: [Remove Symantec software for Mac using RemoveSymantecMacFiles](https://knowledge.broadcom.com/external/article?articleId=151387)
+> - Linux [Frequently Asked Questions for Endpoint Protection for Linux](https://knowledge.broadcom.com/external/article?articleId=162054) 
 
 ## Next steps
 

From 875ed105473f943853a9ad6a98bc6448a576ad42 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 22 Jun 2020 14:07:32 -0700
Subject: [PATCH 203/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md    | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index f5325ba6c8..696636e3df 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -71,19 +71,19 @@ Now that you have onboarded your organization's devices to Microsoft Defender AT
 1. [Disable Tamper Protection](https://knowledge.broadcom.com/external/article?legacyId=tech192023) in Symantec.
 
 2. Delete the uninstall password for Symantec:
-   a. On your Windows devices, open Registry Editor as an administrator.
-   b. Go to `HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC`.
-   c. Look for an entry named **SmcInstData**. Right-click the item, and then choose **Delete**. 
+   1. On your Windows devices, open Registry Editor as an administrator.
+   2. Go to `HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC`.
+   3. Look for an entry named **SmcInstData**. Right-click the item, and then choose **Delete**. 
 
-3. Remove Symantec from your devices. You can use SEP Manager to perform this task. See [Configuring client packages to uninstall existing security software](https://techdocs.broadcom.com/content/broadcom/techdocs/symantec-security-software/endpoint-security-and-management/endpoint-protection/all/Managing-a-custom-installation/preparing-for-client-installation-v16742985-d21e7/configuring-client-packages-to-uninstall-existing-v73569396-d21e2634.html)
+3. Remove Symantec from your devices. You can use SEP Manager to perform this task. See [Configuring client packages to uninstall existing security software](https://techdocs.broadcom.com/content/broadcom/techdocs/symantec-security-software/endpoint-security-and-management/endpoint-protection/all/Managing-a-custom-installation/preparing-for-client-installation-v16742985-d21e7/configuring-client-packages-to-uninstall-existing-v73569396-d21e2634.html).
   
 
 > [!TIP]
 > Need help? See the following Broadcom resources: 
 > - [Uninstall Symantec Endpoint Protection](https://knowledge.broadcom.com/external/article/156148/uninstall-symantec-endpoint-protection.html)
 > -  Windows devices: [Manually uninstall Endpoint Protection 14 clients on Windows](https://knowledge.broadcom.com/external/article?articleId=170040)
-> - macOS: [Remove Symantec software for Mac using RemoveSymantecMacFiles](https://knowledge.broadcom.com/external/article?articleId=151387)
-> - Linux [Frequently Asked Questions for Endpoint Protection for Linux](https://knowledge.broadcom.com/external/article?articleId=162054) 
+> - macOS computers: [Remove Symantec software for Mac using RemoveSymantecMacFiles](https://knowledge.broadcom.com/external/article?articleId=151387)
+> - Linux devices: [Frequently Asked Questions for Endpoint Protection for Linux](https://knowledge.broadcom.com/external/article?articleId=162054) 
 
 ## Next steps
 

From 716f4dba3c4015a332f247db5380930d240cbdae Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 22 Jun 2020 14:08:05 -0700
Subject: [PATCH 204/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 696636e3df..5bbebe58c3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -89,4 +89,4 @@ Now that you have onboarded your organization's devices to Microsoft Defender AT
 
 **Congratulations**! You have completed your [migration from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)! 
 
-- **[Visit your security operations dashboard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard)** in the Microsoft Defender Security Center 
\ No newline at end of file
+- **[Visit your security operations dashboard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard)** in the Microsoft Defender Security Center. 
\ No newline at end of file

From f5e4aee8ebada30183c4814568149f2c1d9f4cd9 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 22 Jun 2020 15:17:46 -0700
Subject: [PATCH 205/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 ...ymantec-to-microsoft-defender-atp-setup.md | 20 +++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index b062ff66de..3afee11b00 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -71,6 +71,26 @@ To enable Microsoft Defender AV, we recommend using Intune. However, you can use
 |[Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm/) <br/>or<br/>[Group Policy Management Console](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus)  |1. Go to `Computer configuration > Administrative templates > Windows components > Microsoft Defender Antivirus`. <br/><br/>2. Look for a policy called **Turn off Microsoft Defender Antivirus**.<br/> <br/>3. Choose **Edit policy setting**, and make sure that policy is disabled. This enables Microsoft Defender Antivirus.  |
 |Registry Editor |1. As an administrator on the device, open Registry Editor.<br/><br/>2. Navigate to `ComputerHKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender`.<br/><br/>3. Look for a DWORD entry called `DisableAntiSpyware`. If the entry exists, change its value from **1** (Hexidecimal base) to **0**. <br/><br/>4. Reboot the device. |
 
+### Verify that Microsoft Defender AV is in passive mode
+
+You can use either Command Prompt or PowerShell to perform this task.
+
+#### Use Command Prompt
+
+1. On a Windows device, open Command Prompt as an administrator.
+
+2. Type `sc query windefend`, and then press Enter.
+
+3. Review the results to confirm that Microsoft Defender AV is running in passive mode.
+
+#### Use PowerShell
+
+1. On a Windows device, open Windows PowerShell as an administrator.
+
+2. Run the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/Get-MpComputerStatus?view=win10-ps) cmdlet. 
+
+3. In the list of results, look for **AntivirusEnabled: True**. 
+
 ## Add Microsoft Defender ATP to the exclusion list for Symantec
 
 This step of the setup process involves adding Microsoft Defender ATP to the exclusion list for Symantec and any other security products your organization is using. The specific exclusions to add depend on which version of Windows your endpoints or devices are running, and are listed in the following table:

From eb8e6b8555f75fdd51daa84f1bcaeeb2f503a150 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 22 Jun 2020 15:18:36 -0700
Subject: [PATCH 206/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md         | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 5bbebe58c3..77fe605c3f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -80,10 +80,10 @@ Now that you have onboarded your organization's devices to Microsoft Defender AT
 
 > [!TIP]
 > Need help? See the following Broadcom resources: 
-> - [Uninstall Symantec Endpoint Protection](https://knowledge.broadcom.com/external/article/156148/uninstall-symantec-endpoint-protection.html)
-> -  Windows devices: [Manually uninstall Endpoint Protection 14 clients on Windows](https://knowledge.broadcom.com/external/article?articleId=170040)
-> - macOS computers: [Remove Symantec software for Mac using RemoveSymantecMacFiles](https://knowledge.broadcom.com/external/article?articleId=151387)
-> - Linux devices: [Frequently Asked Questions for Endpoint Protection for Linux](https://knowledge.broadcom.com/external/article?articleId=162054) 
+> - [Uninstall Symantec Endpoint Protection](https://knowledge.broadcom.com/external/article/156148/uninstall-symantec-endpoint-protection.html).
+> -  Windows devices: [Manually uninstall Endpoint Protection 14 clients on Windows](https://knowledge.broadcom.com/external/article?articleId=170040).
+> - macOS computers: [Remove Symantec software for Mac using RemoveSymantecMacFiles](https://knowledge.broadcom.com/external/article?articleId=151387).
+> - Linux devices: [Frequently Asked Questions for Endpoint Protection for Linux](https://knowledge.broadcom.com/external/article?articleId=162054). 
 
 ## Next steps
 

From a07989fd5da07d251d377bba7091eca2e386236a Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 22 Jun 2020 15:23:55 -0700
Subject: [PATCH 207/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md               | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 3afee11b00..563d7e93ff 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -63,13 +63,13 @@ The following procedure applies to endpoints or devices that are running the fol
 
 Because your organization has been using Symantec as your primary antivirus solution, Microsoft Defender Antivirus (Microsoft Defender AV) is most likely disabled on your organization's Windows devices. This step of the migration process involves enabling Microsoft Defender AV, which can run alongside your existing antivirus solution. 
 
-To enable Microsoft Defender AV, we recommend using Intune. However, you can use any of the methods that are listed in the following table:
+To enable Microsoft Defender AV, we recommend using Intune. However, you can also use one of the methods that are listed in the following table:
 
 |Method  |What to do  |
 |---------|---------|
 |Control Panel in Windows     |Follow the guidance here: [Turn on Microsoft Defender AV](https://docs.microsoft.com/mem/intune/user-help/turn-on-defender-windows).         |
 |[Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm/) <br/>or<br/>[Group Policy Management Console](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus)  |1. Go to `Computer configuration > Administrative templates > Windows components > Microsoft Defender Antivirus`. <br/><br/>2. Look for a policy called **Turn off Microsoft Defender Antivirus**.<br/> <br/>3. Choose **Edit policy setting**, and make sure that policy is disabled. This enables Microsoft Defender Antivirus.  |
-|Registry Editor |1. As an administrator on the device, open Registry Editor.<br/><br/>2. Navigate to `ComputerHKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender`.<br/><br/>3. Look for a DWORD entry called `DisableAntiSpyware`. If the entry exists, change its value from **1** (Hexidecimal base) to **0**. <br/><br/>4. Reboot the device. |
+
 
 ### Verify that Microsoft Defender AV is in passive mode
 

From e37436f80e4a937d8dd1fd28bec1c8ae6958bb0f Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 22 Jun 2020 15:58:30 -0700
Subject: [PATCH 208/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md               | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 563d7e93ff..397a2757a0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -73,7 +73,7 @@ To enable Microsoft Defender AV, we recommend using Intune. However, you can als
 
 ### Verify that Microsoft Defender AV is in passive mode
 
-You can use either Command Prompt or PowerShell to perform this task.
+You can use either [Command Prompt](#use-command-prompt) or [PowerShell](#use-powershell) to perform this task.
 
 #### Use Command Prompt
 
@@ -98,7 +98,7 @@ This step of the setup process involves adding Microsoft Defender ATP to the exc
 |OS |Exclusions |
 |--|--|
 |Windows 10, [version 1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803) or later (See [Windows 10 release information](https://docs.microsoft.com/windows/release-information))<br/><br/>Windows 10, version 1703 or [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709) with [KB4493441](https://support.microsoft.com/help/4493441) installed <br/><br/>[Windows Server, version 1803](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803)<br/><br/>[Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019) |`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe`<br/>  |
-|[Windows 7](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/><br/>[Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/><br/>[Windows 8.1](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2) <br/><br/>[Windows Server 2012 R2](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/><br/>[Windows Server 2016](https://docs.microsoft.com/windows/release-information/status-windows-10-1607-and-windows-server-2016) |`C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 6\45\MsSenseS.exe`<br/><br/>**NOTE**: Where Monitoring Host Temporary Files 6\45 can be different numbered subfolders.<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\AgentControlPanel.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HSLockdown.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MOMPerfSnapshotHelper.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\TestCloudConnection.exe` |
+|[Windows Server 2016](https://docs.microsoft.com/windows/release-information/status-windows-10-1607-and-windows-server-2016)<br/><br/>[Windows Server 2012 R2](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/><br/>[Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/><br/>[Windows 8.1](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2) <br/><br/>[Windows 7](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1) |`C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 6\45\MsSenseS.exe`<br/><br/>**NOTE**: Where Monitoring Host Temporary Files 6\45 can be different numbered subfolders.<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\AgentControlPanel.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HSLockdown.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MOMPerfSnapshotHelper.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\TestCloudConnection.exe` |
 
 ## Add Symantec to the exclusion list for Microsoft Defender AV
 

From 9437c8e54b535dee9a4f4872d20eb2bf3f283abb Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 22 Jun 2020 15:59:54 -0700
Subject: [PATCH 209/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md               | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 397a2757a0..db996fa1ff 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -97,8 +97,8 @@ This step of the setup process involves adding Microsoft Defender ATP to the exc
 
 |OS |Exclusions |
 |--|--|
-|Windows 10, [version 1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803) or later (See [Windows 10 release information](https://docs.microsoft.com/windows/release-information))<br/><br/>Windows 10, version 1703 or [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709) with [KB4493441](https://support.microsoft.com/help/4493441) installed <br/><br/>[Windows Server, version 1803](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803)<br/><br/>[Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019) |`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe`<br/>  |
-|[Windows Server 2016](https://docs.microsoft.com/windows/release-information/status-windows-10-1607-and-windows-server-2016)<br/><br/>[Windows Server 2012 R2](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/><br/>[Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/><br/>[Windows 8.1](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2) <br/><br/>[Windows 7](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1) |`C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 6\45\MsSenseS.exe`<br/><br/>**NOTE**: Where Monitoring Host Temporary Files 6\45 can be different numbered subfolders.<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\AgentControlPanel.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HSLockdown.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MOMPerfSnapshotHelper.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\TestCloudConnection.exe` |
+|Windows 10, [version 1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803) or later (See [Windows 10 release information](https://docs.microsoft.com/windows/release-information))<br/><br/>Windows 10, version 1703 or [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709) with [KB4493441](https://support.microsoft.com/help/4493441) installed <br/><br/>[Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/><br/>[Windows Server, version 1803](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) |`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe`<br/>  |
+|[Windows 8.1](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2) <br/><br/>[Windows 7](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/><br/>[Windows Server 2016](https://docs.microsoft.com/windows/release-information/status-windows-10-1607-and-windows-server-2016)<br/><br/>[Windows Server 2012 R2](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/><br/>[Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/><br/> |`C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 6\45\MsSenseS.exe`<br/><br/>**NOTE**: Where Monitoring Host Temporary Files 6\45 can be different numbered subfolders.<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\AgentControlPanel.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HSLockdown.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MOMPerfSnapshotHelper.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\TestCloudConnection.exe` |
 
 ## Add Symantec to the exclusion list for Microsoft Defender AV
 

From 9c106e4366a49b0f337e22e18309681d3a57b3f3 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 22 Jun 2020 16:00:23 -0700
Subject: [PATCH 210/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index db996fa1ff..8400db9cdd 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -98,7 +98,7 @@ This step of the setup process involves adding Microsoft Defender ATP to the exc
 |OS |Exclusions |
 |--|--|
 |Windows 10, [version 1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803) or later (See [Windows 10 release information](https://docs.microsoft.com/windows/release-information))<br/><br/>Windows 10, version 1703 or [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709) with [KB4493441](https://support.microsoft.com/help/4493441) installed <br/><br/>[Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/><br/>[Windows Server, version 1803](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) |`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe`<br/>  |
-|[Windows 8.1](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2) <br/><br/>[Windows 7](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/><br/>[Windows Server 2016](https://docs.microsoft.com/windows/release-information/status-windows-10-1607-and-windows-server-2016)<br/><br/>[Windows Server 2012 R2](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/><br/>[Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/><br/> |`C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 6\45\MsSenseS.exe`<br/><br/>**NOTE**: Where Monitoring Host Temporary Files 6\45 can be different numbered subfolders.<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\AgentControlPanel.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HSLockdown.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MOMPerfSnapshotHelper.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\TestCloudConnection.exe` |
+|[Windows 8.1](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2) <br/><br/>[Windows 7](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/><br/>[Windows Server 2016](https://docs.microsoft.com/windows/release-information/status-windows-10-1607-and-windows-server-2016)<br/><br/>[Windows Server 2012 R2](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/><br/>[Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1) |`C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 6\45\MsSenseS.exe`<br/><br/>**NOTE**: Where Monitoring Host Temporary Files 6\45 can be different numbered subfolders.<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\AgentControlPanel.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HSLockdown.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MOMPerfSnapshotHelper.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\TestCloudConnection.exe` |
 
 ## Add Symantec to the exclusion list for Microsoft Defender AV
 

From cc47f719e5fb02a66f8850536a66a70f34e382f0 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 22 Jun 2020 16:02:30 -0700
Subject: [PATCH 211/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 8400db9cdd..955ff89865 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -118,7 +118,7 @@ You can choose from several methods to add your exclusions to Microsoft Defender
 |[Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/mem/configmgr/) |1. Using the [Configuration Manager console](https://docs.microsoft.com/mem/configmgr/core/servers/manage/admin-console), go to **Assets and Compliance** > **Endpoint Protection** > **Antimalware Policies**, and then select the policy that you want to modify. <br/><br/>2. Specify exclusion settings for files and folders, extensions, and processes to exclude from Microsoft Defender AV scans. |
 |[Group Policy Object](https://docs.microsoft.com/previous-versions/windows/desktop/Policy/group-policy-objects) | 1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.<br/><br/>2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.<br/><br/>3. Expand the tree to **Windows components > Microsoft Defender Antivirus > Exclusions**.<br/><br/>4. Double-click the **Path Exclusions** setting and add the exclusions.<br/>- Set the option to **Enabled**.<br/>- Under the **Options** section, click **Show...**.<br/>- Specify each folder on its own line under the **Value name** column.<br/>- If you are specifying a file, ensure you enter a fully qualified path to the file, including the drive letter, folder path, filename, and extension. Enter **0** in the **Value** column.<br/><br/>5. Click **OK**.<br/><br/>6. Double-click the **Extension Exclusions** setting and add the exclusions.<br/>- Set the option to **Enabled**.<br/>- Under the **Options** section, click **Show...**.<br/>- Enter each file extension on its own line under the **Value name** column.  Enter **0** in the **Value** column.<br/><br/>7. Click **OK**. |
 |Local group policy object |1. On the endpoint or device, open the Local Group Policy Editor. <br/><br/>2. Go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **Exclusions**. <br/><br/>3. Specify your path and process exclusions. |
-|Registry key |Export the following registry key: `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\exclusions`. Then import it as a `regedit.exe /s MDAV_Exclusion.reg` |
+
 
 ## Add Symantec to the exclusion list for Microsoft Defender ATP
 

From d89477bf62dfb082afe1d40fbc1f0651cb225740 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 22 Jun 2020 16:05:58 -0700
Subject: [PATCH 212/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 955ff89865..c2bddb47ef 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -118,7 +118,7 @@ You can choose from several methods to add your exclusions to Microsoft Defender
 |[Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/mem/configmgr/) |1. Using the [Configuration Manager console](https://docs.microsoft.com/mem/configmgr/core/servers/manage/admin-console), go to **Assets and Compliance** > **Endpoint Protection** > **Antimalware Policies**, and then select the policy that you want to modify. <br/><br/>2. Specify exclusion settings for files and folders, extensions, and processes to exclude from Microsoft Defender AV scans. |
 |[Group Policy Object](https://docs.microsoft.com/previous-versions/windows/desktop/Policy/group-policy-objects) | 1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.<br/><br/>2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.<br/><br/>3. Expand the tree to **Windows components > Microsoft Defender Antivirus > Exclusions**.<br/><br/>4. Double-click the **Path Exclusions** setting and add the exclusions.<br/>- Set the option to **Enabled**.<br/>- Under the **Options** section, click **Show...**.<br/>- Specify each folder on its own line under the **Value name** column.<br/>- If you are specifying a file, ensure you enter a fully qualified path to the file, including the drive letter, folder path, filename, and extension. Enter **0** in the **Value** column.<br/><br/>5. Click **OK**.<br/><br/>6. Double-click the **Extension Exclusions** setting and add the exclusions.<br/>- Set the option to **Enabled**.<br/>- Under the **Options** section, click **Show...**.<br/>- Enter each file extension on its own line under the **Value name** column.  Enter **0** in the **Value** column.<br/><br/>7. Click **OK**. |
 |Local group policy object |1. On the endpoint or device, open the Local Group Policy Editor. <br/><br/>2. Go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **Exclusions**. <br/><br/>3. Specify your path and process exclusions. |
-
+|Registry key |1. Export the following registry key: `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\exclusions`.<br/><br/>2. Import the registry key as a `regedit.exe /s MDAV_Exclusion.reg` |
 
 ## Add Symantec to the exclusion list for Microsoft Defender ATP
 

From e76245ce7b7d8881353f85f59524dd42cf1494e3 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 22 Jun 2020 16:11:20 -0700
Subject: [PATCH 213/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index c2bddb47ef..f3c4c3f5aa 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -118,7 +118,7 @@ You can choose from several methods to add your exclusions to Microsoft Defender
 |[Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/mem/configmgr/) |1. Using the [Configuration Manager console](https://docs.microsoft.com/mem/configmgr/core/servers/manage/admin-console), go to **Assets and Compliance** > **Endpoint Protection** > **Antimalware Policies**, and then select the policy that you want to modify. <br/><br/>2. Specify exclusion settings for files and folders, extensions, and processes to exclude from Microsoft Defender AV scans. |
 |[Group Policy Object](https://docs.microsoft.com/previous-versions/windows/desktop/Policy/group-policy-objects) | 1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.<br/><br/>2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.<br/><br/>3. Expand the tree to **Windows components > Microsoft Defender Antivirus > Exclusions**.<br/><br/>4. Double-click the **Path Exclusions** setting and add the exclusions.<br/>- Set the option to **Enabled**.<br/>- Under the **Options** section, click **Show...**.<br/>- Specify each folder on its own line under the **Value name** column.<br/>- If you are specifying a file, ensure you enter a fully qualified path to the file, including the drive letter, folder path, filename, and extension. Enter **0** in the **Value** column.<br/><br/>5. Click **OK**.<br/><br/>6. Double-click the **Extension Exclusions** setting and add the exclusions.<br/>- Set the option to **Enabled**.<br/>- Under the **Options** section, click **Show...**.<br/>- Enter each file extension on its own line under the **Value name** column.  Enter **0** in the **Value** column.<br/><br/>7. Click **OK**. |
 |Local group policy object |1. On the endpoint or device, open the Local Group Policy Editor. <br/><br/>2. Go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **Exclusions**. <br/><br/>3. Specify your path and process exclusions. |
-|Registry key |1. Export the following registry key: `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\exclusions`.<br/><br/>2. Import the registry key as a `regedit.exe /s MDAV_Exclusion.reg` |
+|Registry key |1. Export the following registry key: `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\exclusions`.<br/><br/>2. Import the registry key. Here are two examples:<br/>- Local path: `regedit.exe /s c:\temp\ MDAV_Exclusion.reg` <br/>- Network share: `regedit.exe /s \\FileServer\ShareName\MDAV_Exclusion.reg` |
 
 ## Add Symantec to the exclusion list for Microsoft Defender ATP
 

From 09b096a628e3a5219e15ab4c3699e94026cb4b9d Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 22 Jun 2020 16:14:06 -0700
Subject: [PATCH 214/331] Update symantec-to-microsoft-defender-atp-prepare.md

---
 .../symantec-to-microsoft-defender-atp-prepare.md               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
index 3ec79477d0..23939476dd 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
@@ -79,4 +79,4 @@ To enable communication between your devices and Microsoft Defender ATP, configu
 
 **Congratulations**! You have completed the **Prepare** phase of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)!
 
-- **[Proceed to set up Microsoft Defender ATP](symantec-to-microsoft-defender-atp-setup.md)**
+- [Proceed to set up Microsoft Defender ATP](symantec-to-microsoft-defender-atp-setup.md).

From a24240eef0d9427f4846561ec46411fb33fa1e0d Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 22 Jun 2020 16:38:51 -0700
Subject: [PATCH 215/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 77fe605c3f..aeddba3eaa 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -89,4 +89,4 @@ Now that you have onboarded your organization's devices to Microsoft Defender AT
 
 **Congratulations**! You have completed your [migration from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)! 
 
-- **[Visit your security operations dashboard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard)** in the Microsoft Defender Security Center. 
\ No newline at end of file
+- [Visit your security operations dashboard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard) in the Microsoft Defender Security Center. 
\ No newline at end of file

From 99133459b5168338cc220be8bb2aabba7e31219a Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 22 Jun 2020 16:39:18 -0700
Subject: [PATCH 216/331] Update
 symantec-to-microsoft-defender-atp-migration.md

---
 .../symantec-to-microsoft-defender-atp-migration.md             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index 3ef006515e..64e0b79360 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -44,4 +44,4 @@ Watch the following video to get an overview:
 
 ## Next step
 
-- When you are ready to begin, **proceed to [Prepare for your migration](symantec-to-microsoft-defender-atp-prepare.md)**.
+- When you are ready to begin, proceed to [Prepare for your migration](symantec-to-microsoft-defender-atp-prepare.md).

From ab633eaf5804865e58ed567956c4dcb0cf2e849f Mon Sep 17 00:00:00 2001
From: arcarley <52137849+arcarley@users.noreply.github.com>
Date: Tue, 23 Jun 2020 11:19:09 -0700
Subject: [PATCH 217/331] Update waas-wu-settings.md

Updating the chart to add the MDM corresponding to the WU UX GP. Additionally removing false information.
---
 windows/deployment/update/waas-wu-settings.md | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/windows/deployment/update/waas-wu-settings.md b/windows/deployment/update/waas-wu-settings.md
index 8fa731dc2a..badac422e6 100644
--- a/windows/deployment/update/waas-wu-settings.md
+++ b/windows/deployment/update/waas-wu-settings.md
@@ -26,16 +26,13 @@ ms.topic: article
 
 You can use Group Policy settings or mobile device management (MDM) to configure the behavior of Windows Update (WU) on your Windows 10 devices. You can configure the update detection frequency, select when updates are received, specify the update service location and more.
 
->[!IMPORTANT]
->In Windows 10, any Group Policy user configuration settings for Windows Update are no longer supported on this platform.
-
 ## Summary of Windows Update settings
 
 | Group Policy setting | MDM setting | Supported from version |
 | --- | --- | --- |
 | [Specify Intranet Microsoft update service location](#specify-intranet-microsoft-update-service-location) | [UpdateServiceUrl](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-updateserviceurl) and [UpdateServiceUrlAlternate](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-updateserviceurlalternate) | All |
 | [Automatic Updates Detection Frequency](#automatic-updates-detection-frequency) | [DetectionFrequency](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-detectionfrequency) | 1703 |
-| [Remove access to use all Windows Update features](#remove-access-to-use-all-windows-update-features) | | All |
+| [Remove access to use all Windows Update features](#remove-access-to-use-all-windows-update-features) | [Update/SetDisableUXWUAccess](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-update#update-setdisableuxwuaccess)| All |
 | [Do not connect to any Windows Update Internet locations](#do-not-connect-to-any-windows-update-internet-locations) | | All |
 | [Enable client-side targeting](#enable-client-side-targeting) | | All |
 | [Allow signed updates from an intranet Microsoft update service location](#allow-signed-updates-from-an-intranet-microsoft-update-service-location) | [AllowNonMicrosoftSignedUpdate](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-allownonmicrosoftsignedupdate) | All |

From a0fdcac5c16cd3d1add557261f9bf677b74334cb Mon Sep 17 00:00:00 2001
From: Kurt Sarens <56369685+kurtsarens@users.noreply.github.com>
Date: Tue, 23 Jun 2020 15:59:05 -0700
Subject: [PATCH 218/331] Update collect-diagnostic-data.md

adding ref to KB for identifying Defender client version
---
 .../windows-defender-antivirus/collect-diagnostic-data.md       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data.md b/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data.md
index 195c50060b..d02d11ab90 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data.md
@@ -38,7 +38,7 @@ On at least two devices that are experiencing the same issue, obtain the .cab di
 2. Navigate to the Microsoft Defender directory. By default, this is `C:\Program Files\Windows Defender`.
 
 > [!NOTE]
-> If you're running an updated Microsoft Defender Platform version, please run `MpCmdRun` from the following location: `C:\ProgramData\Microsoft\Windows Defender\Platform\<version>`.
+> If you're running an [updated Microsoft Defender Platform version](https://support.microsoft.com/help/4052623/update-for-microsoft-defender-antimalware-platform), please run `MpCmdRun` from the following location: `C:\ProgramData\Microsoft\Windows Defender\Platform\<version>`.
 
 3. Type the following command, and then press **Enter**  
 

From d0fe2add6bcfbe2b7c9d492409e4b96efcd3ade5 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 24 Jun 2020 11:05:36 -0700
Subject: [PATCH 219/331] fixed AV

---
 ...antec-to-microsoft-defender-atp-prepare.md |  2 +-
 ...ymantec-to-microsoft-defender-atp-setup.md | 30 +++++++++----------
 2 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
index 23939476dd..b8c607f65a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
@@ -71,7 +71,7 @@ To enable communication between your devices and Microsoft Defender ATP, configu
 |EDR |[Windows Server 2016](https://docs.microsoft.com/windows/release-information/status-windows-10-1607-and-windows-server-2016) <br/><br/>[Windows Server 2012 R2](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/><br/>[Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/> <br/>[Windows 8.1](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/><br/>[Windows 7 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1) |[Configure proxy and Internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#configure-proxy-and-internet-connectivity-settings) |
 |EDR  |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra)  |[Microsoft Defender ATP for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
 |EDR |Linux |[Microsoft Defender ATP for Linux: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux#network-connections) |
-|[Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) (Microsoft Defender AV) |Windows |[Configure and validate Microsoft Defender Antivirus network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus)<br/> |
+|[Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) |Windows |[Configure and validate Microsoft Defender Antivirus network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus)<br/> |
 |Antivirus (AV) |macOS |[Microsoft Defender ATP for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
 |AV |Linux |[Microsoft Defender ATP for Linux: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux#network-connections) 
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index f3c4c3f5aa..b967d63f98 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -25,15 +25,15 @@ ms.topic: article
 ||*You are here!* | |
 
 **Welcome to the Setup phase of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)**. This phase includes the following steps:
-1. [Set Microsoft Defender AV to passive mode](#set-microsoft-defender-av-to-passive-mode) (on certain versions of Windows).
-2. [Enable Microsoft Defender AV](#enable-microsoft-defender-antivirus).
+1. [Set Microsoft Defender Antivirus to passive mode](#set-microsoft-defender-av-to-passive-mode) (on certain versions of Windows).
+2. [Enable Microsoft Defender Antivirus](#enable-microsoft-defender-antivirus).
 3. [Add Microsoft Defender ATP to the exclusion list for Symantec](#add-microsoft-defender-atp-to-the-exclusion-list-for-symantec).
-4. [Add Symantec to the exclusion list for Microsoft Defender AV](#add-symantec-to-the-exclusion-list-for-microsoft-defender-av). 
+4. [Add Symantec to the exclusion list for Microsoft Defender Antivirus](#add-symantec-to-the-exclusion-list-for-microsoft-defender-av). 
 5. [Add Symantec to the exclusion list for Microsoft Defender ATP](#add-symantec-to-the-exclusion-list-for-microsoft-defender-atp).
 6. [Set up your device groups, device collections, and organizational units](#set-up-your-device-groups-device-collections-and-organizational-units).
 7. [Configure antimalware policies and real-time protection](#configure-antimalware-policies-and-real-time-protection).
 
-## Set Microsoft Defender AV to passive mode
+## Set Microsoft Defender Antivirus to passive mode
 
 > [!TIP]
 > If you're running Windows 10, you do not need to perform this task. Proceed to **[Enable Microsoft Defender Antivirus](#enable-microsoft-defender-antivirus)**.
@@ -61,17 +61,17 @@ The following procedure applies to endpoints or devices that are running the fol
 
 ## Enable Microsoft Defender Antivirus
 
-Because your organization has been using Symantec as your primary antivirus solution, Microsoft Defender Antivirus (Microsoft Defender AV) is most likely disabled on your organization's Windows devices. This step of the migration process involves enabling Microsoft Defender AV, which can run alongside your existing antivirus solution. 
+Because your organization has been using Symantec as your primary antivirus solution, Microsoft Defender Antivirus is most likely disabled on your organization's Windows devices. This step of the migration process involves enabling Microsoft Defender Antivirus, which can run alongside your existing antivirus solution. 
 
-To enable Microsoft Defender AV, we recommend using Intune. However, you can also use one of the methods that are listed in the following table:
+To enable Microsoft Defender Antivirus, we recommend using Intune. However, you can also use one of the methods that are listed in the following table:
 
 |Method  |What to do  |
 |---------|---------|
-|Control Panel in Windows     |Follow the guidance here: [Turn on Microsoft Defender AV](https://docs.microsoft.com/mem/intune/user-help/turn-on-defender-windows).         |
+|Control Panel in Windows     |Follow the guidance here: [Turn on Microsoft Defender Antivirus](https://docs.microsoft.com/mem/intune/user-help/turn-on-defender-windows).         |
 |[Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm/) <br/>or<br/>[Group Policy Management Console](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus)  |1. Go to `Computer configuration > Administrative templates > Windows components > Microsoft Defender Antivirus`. <br/><br/>2. Look for a policy called **Turn off Microsoft Defender Antivirus**.<br/> <br/>3. Choose **Edit policy setting**, and make sure that policy is disabled. This enables Microsoft Defender Antivirus.  |
 
 
-### Verify that Microsoft Defender AV is in passive mode
+### Verify that Microsoft Defender Antivirus is in passive mode
 
 You can use either [Command Prompt](#use-command-prompt) or [PowerShell](#use-powershell) to perform this task.
 
@@ -81,7 +81,7 @@ You can use either [Command Prompt](#use-command-prompt) or [PowerShell](#use-po
 
 2. Type `sc query windefend`, and then press Enter.
 
-3. Review the results to confirm that Microsoft Defender AV is running in passive mode.
+3. Review the results to confirm that Microsoft Defender Antivirus is running in passive mode.
 
 #### Use PowerShell
 
@@ -100,22 +100,22 @@ This step of the setup process involves adding Microsoft Defender ATP to the exc
 |Windows 10, [version 1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803) or later (See [Windows 10 release information](https://docs.microsoft.com/windows/release-information))<br/><br/>Windows 10, version 1703 or [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709) with [KB4493441](https://support.microsoft.com/help/4493441) installed <br/><br/>[Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/><br/>[Windows Server, version 1803](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) |`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe`<br/>  |
 |[Windows 8.1](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2) <br/><br/>[Windows 7](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/><br/>[Windows Server 2016](https://docs.microsoft.com/windows/release-information/status-windows-10-1607-and-windows-server-2016)<br/><br/>[Windows Server 2012 R2](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/><br/>[Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1) |`C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 6\45\MsSenseS.exe`<br/><br/>**NOTE**: Where Monitoring Host Temporary Files 6\45 can be different numbered subfolders.<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\AgentControlPanel.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HSLockdown.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MOMPerfSnapshotHelper.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\TestCloudConnection.exe` |
 
-## Add Symantec to the exclusion list for Microsoft Defender AV
+## Add Symantec to the exclusion list for Microsoft Defender Antivirus
 
-During this step of the setup process, you add Symantec and your other security solutions to the Microsoft Defender AV exclusion list. 
+During this step of the setup process, you add Symantec and your other security solutions to the Microsoft Defender Antivirus exclusion list. 
 
-When you add [exclusions to Microsoft Defender AV scans](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus), you should add path and process exclusions. Keep the following points in mind:
+When you add [exclusions to Microsoft Defender Antivirus scans](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus), you should add path and process exclusions. Keep the following points in mind:
 - Path exclusions exclude specific files and whatever those files access.
 - Process exclusions exclude whatever a process touches, but does not exclude the process itself.
 - If you list each executable (.exe) as both a path exclusion and a process exclusion, the process and whatever it touches are excluded.
 - List your process exclusions using their full path and not by their name only. (The name-only method is less secure.)
 
-You can choose from several methods to add your exclusions to Microsoft Defender AV, as listed in the following table:
+You can choose from several methods to add your exclusions to Microsoft Defender Antivirus, as listed in the following table:
 
 |Method | What to do|
 |--|--|
-|[Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune) |1. Go to the Azure portal [https://portal.azure.com](https://portal.azure.com) and sign in.<br/><br/>2. In the list of Azure services, select **Intune**.<br/><br/>3. Go to **Device Configuration** > **Profiles**, and then select your profile for AV. If you need to create a profile, see [Create the profile](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-configure#create-the-profile).<br/><br/>4. Go to **Properties**, and then edit your **Configuration settings**. <br/><br/>5. Expand **Microsoft Defender Antivirus**, and then expand **Microsoft Defender Antivirus Exclusions**.<br/><br/>6. **Settings** > **Microsoft Defender Antivirus** > **Microsoft Defender Antivirus Exclusions**.<br/><br/>7. Specify the files and folders, extensions, and processes to exclude from Microsoft Defender AV scans. For reference, see [Microsoft Defender AV exclusions](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions).  |
-|[Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/mem/configmgr/) |1. Using the [Configuration Manager console](https://docs.microsoft.com/mem/configmgr/core/servers/manage/admin-console), go to **Assets and Compliance** > **Endpoint Protection** > **Antimalware Policies**, and then select the policy that you want to modify. <br/><br/>2. Specify exclusion settings for files and folders, extensions, and processes to exclude from Microsoft Defender AV scans. |
+|[Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune) |1. Go to the Azure portal [https://portal.azure.com](https://portal.azure.com) and sign in.<br/><br/>2. In the list of Azure services, select **Intune**.<br/><br/>3. Go to **Device Configuration** > **Profiles**, and then select your profile for AV. If you need to create a profile, see [Create the profile](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-configure#create-the-profile).<br/><br/>4. Go to **Properties**, and then edit your **Configuration settings**. <br/><br/>5. Expand **Microsoft Defender Antivirus**, and then expand **Microsoft Defender Antivirus Exclusions**.<br/><br/>6. **Settings** > **Microsoft Defender Antivirus** > **Microsoft Defender Antivirus Exclusions**.<br/><br/>7. Specify the files and folders, extensions, and processes to exclude from Microsoft Defender Antivirus scans. For reference, see [Microsoft Defender Antivirus exclusions](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions).  |
+|[Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/mem/configmgr/) |1. Using the [Configuration Manager console](https://docs.microsoft.com/mem/configmgr/core/servers/manage/admin-console), go to **Assets and Compliance** > **Endpoint Protection** > **Antimalware Policies**, and then select the policy that you want to modify. <br/><br/>2. Specify exclusion settings for files and folders, extensions, and processes to exclude from Microsoft Defender Antivirus scans. |
 |[Group Policy Object](https://docs.microsoft.com/previous-versions/windows/desktop/Policy/group-policy-objects) | 1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.<br/><br/>2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.<br/><br/>3. Expand the tree to **Windows components > Microsoft Defender Antivirus > Exclusions**.<br/><br/>4. Double-click the **Path Exclusions** setting and add the exclusions.<br/>- Set the option to **Enabled**.<br/>- Under the **Options** section, click **Show...**.<br/>- Specify each folder on its own line under the **Value name** column.<br/>- If you are specifying a file, ensure you enter a fully qualified path to the file, including the drive letter, folder path, filename, and extension. Enter **0** in the **Value** column.<br/><br/>5. Click **OK**.<br/><br/>6. Double-click the **Extension Exclusions** setting and add the exclusions.<br/>- Set the option to **Enabled**.<br/>- Under the **Options** section, click **Show...**.<br/>- Enter each file extension on its own line under the **Value name** column.  Enter **0** in the **Value** column.<br/><br/>7. Click **OK**. |
 |Local group policy object |1. On the endpoint or device, open the Local Group Policy Editor. <br/><br/>2. Go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **Exclusions**. <br/><br/>3. Specify your path and process exclusions. |
 |Registry key |1. Export the following registry key: `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\exclusions`.<br/><br/>2. Import the registry key. Here are two examples:<br/>- Local path: `regedit.exe /s c:\temp\ MDAV_Exclusion.reg` <br/>- Network share: `regedit.exe /s \\FileServer\ShareName\MDAV_Exclusion.reg` |

From d98007381308fe368a7588022dfc3d2c1ef43f04 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 24 Jun 2020 11:58:40 -0700
Subject: [PATCH 220/331] Update
 symantec-to-microsoft-defender-atp-migration.md

---
 ...tec-to-microsoft-defender-atp-migration.md | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index 64e0b79360..ed8a1574e4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -28,12 +28,27 @@ When you switch from Symantec to Microsoft Defender ATP, you follow a process th
 |Phase |Description |
 |--|--|
 |[![Phase 1: Prepare](images/prepare.png)](symantec-to-microsoft-defender-atp-prepare.md)<br/>[Prepare for your migration](symantec-to-microsoft-defender-atp-prepare.md) |During this phase, you get Microsoft Defender ATP, plan your roles and permissions, and grant access to the Microsoft Defender Security Center. You also configure your device proxy and internet settings to enable communication between your organization's devices and Microsoft Defender ATP. |
-|[![Phase 2: Set up](images/setup.png)](symantec-to-microsoft-defender-atp-setup.md)<br/>[Set up Microsoft Defender ATP](symantec-to-microsoft-defender-atp-setup.md) |During this phase, you configure settings and exclusions for Microsoft Defender Antivirus (Microsoft Defender AV), Microsoft Defender ATP, and Symantec Endpoint Protection. You also create device groups, collections, and organizational units. Finally, you configure your antimalware policies and real-time protection settings.|
+|[![Phase 2: Set up](images/setup.png)](symantec-to-microsoft-defender-atp-setup.md)<br/>[Set up Microsoft Defender ATP](symantec-to-microsoft-defender-atp-setup.md) |During this phase, you configure settings and exclusions for Microsoft Defender Antivirus, Microsoft Defender ATP, and Symantec Endpoint Protection. You also create device groups, collections, and organizational units. Finally, you configure your antimalware policies and real-time protection settings.|
 |[![Phase 3: Onboard](images/onboard.png)](symantec-to-microsoft-defender-atp-onboard.md)<br/>[Onboard to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-onboard.md) |During this phase, you onboard your devices to Microsoft Defender ATP and verify that those devices are communicating with Microsoft Defender ATP. Last, you uninstall Symantec. |
 
 ## What's included in Microsoft Defender ATP?
 
-Microsoft Defender ATP is more than endpoint protection and antivirus. Microsoft Defender ATP is a unified platform for preventative protection, post-breach detection, automated investigation, and response. 
+In this migration guide, we focus on endpoint protection and antivirus as a starting point. However, Microsoft Defender ATP is more than those capabilities. Microsoft Defender ATP is a unified platform for preventative protection, post-breach detection, automated investigation, and response. 
+
+The following table lists features and capabilities of Microsoft Defender ATP:
+
+| Feature/Capability | Description |
+|---|---|
+| [Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) | Threat & Vulnerability Management capabilities helps identify, assess, and remediate weaknesses across your endpoints (such as devices). |
+| [Attack surface reduction](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction) | Attack surface reduction rules help protect your organization's devices and applications from cyberthreats and attacks. |
+| [Next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) | Next-generation protection includes Microsoft Defender Antivirus to help block threats and malware. |
+| [Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) | Endpoint detection and response capabilities detect, investigate, and respond to intrusion attempts and active breaches.  |
+| [Advanced hunting](advanced-hunting-overview.md) | Advanced hunting capabilities enable your security operations team to locate indicators and entities of known or potential threats. |
+| [Behavioral blocking and containment](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment) | Behavioral blocking and containment capabilities help identify and stop threats, based on their behaviors and process trees even when the threat has started execution. |
+| [Automated investigation and remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations) | Automated investigation and response capabilities examine alerts and take immediate remediation action to resolve breaches. |
+| [Threat hunting service](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts) (Microsoft Threat Experts) | Threat hunting services provide security operations teams with expert level monitoring and analysis, and to help ensure that critical threats aren't missed. |
+
+<br/>
 
 Watch the following video to get an overview:
 

From 8e79afbb1f10035b9a9293db2ecb9bfaba46dc10 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 24 Jun 2020 12:05:14 -0700
Subject: [PATCH 221/331] fixes per Louie

---
 ...tec-to-microsoft-defender-atp-migration.md | 13 ++-------
 ...ymantec-to-microsoft-defender-atp-setup.md | 28 ++-----------------
 2 files changed, 5 insertions(+), 36 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index ed8a1574e4..0a22a45825 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -27,9 +27,9 @@ When you switch from Symantec to Microsoft Defender ATP, you follow a process th
 
 |Phase |Description |
 |--|--|
-|[![Phase 1: Prepare](images/prepare.png)](symantec-to-microsoft-defender-atp-prepare.md)<br/>[Prepare for your migration](symantec-to-microsoft-defender-atp-prepare.md) |During this phase, you get Microsoft Defender ATP, plan your roles and permissions, and grant access to the Microsoft Defender Security Center. You also configure your device proxy and internet settings to enable communication between your organization's devices and Microsoft Defender ATP. |
-|[![Phase 2: Set up](images/setup.png)](symantec-to-microsoft-defender-atp-setup.md)<br/>[Set up Microsoft Defender ATP](symantec-to-microsoft-defender-atp-setup.md) |During this phase, you configure settings and exclusions for Microsoft Defender Antivirus, Microsoft Defender ATP, and Symantec Endpoint Protection. You also create device groups, collections, and organizational units. Finally, you configure your antimalware policies and real-time protection settings.|
-|[![Phase 3: Onboard](images/onboard.png)](symantec-to-microsoft-defender-atp-onboard.md)<br/>[Onboard to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-onboard.md) |During this phase, you onboard your devices to Microsoft Defender ATP and verify that those devices are communicating with Microsoft Defender ATP. Last, you uninstall Symantec. |
+|[![Phase 1: Prepare](images/prepare.png)](symantec-to-microsoft-defender-atp-prepare.md)<br/>[Prepare for your migration](symantec-to-microsoft-defender-atp-prepare.md) |During the **Prepare** phase, you get Microsoft Defender ATP, plan your roles and permissions, and grant access to the Microsoft Defender Security Center. You also configure your device proxy and internet settings to enable communication between your organization's devices and Microsoft Defender ATP. |
+|[![Phase 2: Set up](images/setup.png)](symantec-to-microsoft-defender-atp-setup.md)<br/>[Set up Microsoft Defender ATP](symantec-to-microsoft-defender-atp-setup.md) |During the **Setup** phase, you configure settings and exclusions for Microsoft Defender Antivirus, Microsoft Defender ATP, and Symantec Endpoint Protection. You also create device groups, collections, and organizational units. Finally, you configure your antimalware policies and real-time protection settings.|
+|[![Phase 3: Onboard](images/onboard.png)](symantec-to-microsoft-defender-atp-onboard.md)<br/>[Onboard to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-onboard.md) |During the **Onboard** phase, you onboard your devices to Microsoft Defender ATP and verify that those devices are communicating with Microsoft Defender ATP. Last, you uninstall Symantec. |
 
 ## What's included in Microsoft Defender ATP?
 
@@ -48,13 +48,6 @@ The following table lists features and capabilities of Microsoft Defender ATP:
 | [Automated investigation and remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations) | Automated investigation and response capabilities examine alerts and take immediate remediation action to resolve breaches. |
 | [Threat hunting service](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts) (Microsoft Threat Experts) | Threat hunting services provide security operations teams with expert level monitoring and analysis, and to help ensure that critical threats aren't missed. |
 
-<br/>
-
-Watch the following video to get an overview:
-
->[!VIDEO https://www.microsoft.com/videoplayer/embed/RE4obJq]
-
-
 **Want to learn more? See [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection).**
 
 ## Next step
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index b967d63f98..77d092120d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -131,7 +131,7 @@ To add exclusions to Microsoft Defender ATP, you create [indicators](https://doc
 3.  On the **File hashes** tab, choose **Add indicator**.
 
 3. On the **Indicator** tab, specify the following settings:
-   - File hash (Need help? See [How to find the file hashes of your security solutions](#how-to-find-the-file-hashes-of-your-security-solutions) in this article.)
+   - File hash (Need help? See [Find a file hash using CMPivot](#find-a-file-hash-using-cmpivot) in this article.)
    - Under **Expires on (UTC)**, choose **Never**.
 
 4. On the **Action** tab, specify the following settings:
@@ -142,31 +142,7 @@ To add exclusions to Microsoft Defender ATP, you create [indicators](https://doc
 
 6. On the **Summary** tab, review the settings, and then click **Save**.
 
-### How to find the file hashes of your security solutions
-
-You can find the file hashes of your third-party security products by using one of the following methods:
-- [Advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview) in Microsoft Defender ATP
-- [CMPivot](https://docs.microsoft.com/mem/configmgr/core/servers/manage/cmpivot-overview) in Configuration Manager
-
-#### Find a file hash using Advanced Hunting
- 
-Advanced hunting is a query-based threat-hunting tool that lets you explore raw data for the last 30 days. You can use Kusto syntax and operators to construct queries that locate information in the schema specifically structured for advanced hunting. To learn more, see [Learn the advanced hunting query language](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language).
-
-Here's an example query that you can use to find the file hashes for your security solutions: 
- 
-```kusto
-find in (FileCreationEvents, ProcessCreationEvents, MiscEvents, RegistryEvents, NetworkCommunicationEvents, ImageLoadEvents)
-where InitiatingProcessFileName has 'notepad.exe'
-| project EventTime, ComputerName, InitiatingProcessSHA256, InitiatingProcessFolderPath, InitiatingProcessCommandLine
-| distinct InitiatingProcessSHA256
-```
-
-> [!NOTE]
-> In the query above, replace *notepad.exe* with the your third-party security product process name. 
->
-> In our example query, we added the *distinct* query which shows just the unique SHA256’s.
-              
-#### Find a file hash using CMPivot
+### Find a file hash using CMPivot
 
 CMPivot is an in-console utility for Configuration Manager. CMPivot provides access to the real-time state of devices in your environment. It immediately runs a query on all currently connected devices in the target collection and returns the results. To learn more, see [CMPivot overview](https://docs.microsoft.com/mem/configmgr/core/servers/manage/cmpivot-overview).
 

From 54e669a5ad6a4ffe0c73b3ca3ef57271cc92e58a Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 24 Jun 2020 12:18:52 -0700
Subject: [PATCH 222/331] Update symantec-to-microsoft-defender-atp-prepare.md

---
 .../symantec-to-microsoft-defender-atp-prepare.md               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
index b8c607f65a..b713627ba2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
@@ -46,7 +46,7 @@ At this point, you are ready to grant access to those who'll use the Microsoft D
 
 ## Grant access to the Microsoft Defender Security Center
 
-The Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) is where you access and configure features and capabilities of Microsoft Defender ATP. [Get an overview](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use).
+The Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) is where you access and configure features and capabilities of Microsoft Defender ATP. To learn more, see [Overview of Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use).
 
 Permissions to the Microsoft Defender Security Center can be granted by using either basic permissions or role-based access control (RBAC). We recommend using RBAC so that you have more granular control over permissions.
 

From 80ec260b2c9167172d1fc92e1b2cb5ace8e04d10 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 24 Jun 2020 12:19:59 -0700
Subject: [PATCH 223/331] Update symantec-to-microsoft-defender-atp-prepare.md

---
 .../symantec-to-microsoft-defender-atp-prepare.md             | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
index b713627ba2..8f242e8103 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
@@ -72,8 +72,8 @@ To enable communication between your devices and Microsoft Defender ATP, configu
 |EDR  |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra)  |[Microsoft Defender ATP for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
 |EDR |Linux |[Microsoft Defender ATP for Linux: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux#network-connections) |
 |[Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) |Windows |[Configure and validate Microsoft Defender Antivirus network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus)<br/> |
-|Antivirus (AV) |macOS |[Microsoft Defender ATP for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
-|AV |Linux |[Microsoft Defender ATP for Linux: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux#network-connections) 
+|Antivirus |macOS |[Microsoft Defender ATP for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
+|Antivirus |Linux |[Microsoft Defender ATP for Linux: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux#network-connections) 
 
 ## Next step
 

From fabdade20c2739d13aa8de17721d00c4cd8d1470 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 24 Jun 2020 12:24:54 -0700
Subject: [PATCH 224/331] Update
 symantec-to-microsoft-defender-atp-migration.md

---
 .../symantec-to-microsoft-defender-atp-migration.md           | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index 0a22a45825..38b002fc86 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -33,9 +33,7 @@ When you switch from Symantec to Microsoft Defender ATP, you follow a process th
 
 ## What's included in Microsoft Defender ATP?
 
-In this migration guide, we focus on endpoint protection and antivirus as a starting point. However, Microsoft Defender ATP is more than those capabilities. Microsoft Defender ATP is a unified platform for preventative protection, post-breach detection, automated investigation, and response. 
-
-The following table lists features and capabilities of Microsoft Defender ATP:
+In this migration guide, we focus on [next-generation protection](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) and [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) capabilities as a starting point for moving to Microsoft Defender ATP. However, Microsoft Defender ATP includes much more than antivirus and endpoint protection. Microsoft Defender ATP is a unified platform for preventative protection, post-breach detection, automated investigation, and response, as summarized in the following table: 
 
 | Feature/Capability | Description |
 |---|---|

From 08e29067f334efea483152827076e062a5f9565c Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 24 Jun 2020 14:47:31 -0700
Subject: [PATCH 225/331] Update symantec-to-microsoft-defender-atp-prepare.md

---
 .../symantec-to-microsoft-defender-atp-prepare.md                | 1 -
 1 file changed, 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
index 8f242e8103..9aacbd4089 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
@@ -70,7 +70,6 @@ To enable communication between your devices and Microsoft Defender ATP, configu
 |[Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) | [Windows 10](https://docs.microsoft.com/windows/release-information) <br/><br/>[Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/><br/>[Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803)  |[Configure machine proxy and Internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet) |
 |EDR |[Windows Server 2016](https://docs.microsoft.com/windows/release-information/status-windows-10-1607-and-windows-server-2016) <br/><br/>[Windows Server 2012 R2](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/><br/>[Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/> <br/>[Windows 8.1](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/><br/>[Windows 7 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1) |[Configure proxy and Internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#configure-proxy-and-internet-connectivity-settings) |
 |EDR  |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra)  |[Microsoft Defender ATP for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
-|EDR |Linux |[Microsoft Defender ATP for Linux: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux#network-connections) |
 |[Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) |Windows |[Configure and validate Microsoft Defender Antivirus network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus)<br/> |
 |Antivirus |macOS |[Microsoft Defender ATP for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
 |Antivirus |Linux |[Microsoft Defender ATP for Linux: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux#network-connections) 

From 77dd6b157296ce65b831e3c8ef032cdf3abb392c Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 24 Jun 2020 14:52:53 -0700
Subject: [PATCH 226/331] Update symantec-to-microsoft-defender-atp-prepare.md

---
 .../symantec-to-microsoft-defender-atp-prepare.md               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
index 9aacbd4089..629fe91354 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
@@ -72,7 +72,7 @@ To enable communication between your devices and Microsoft Defender ATP, configu
 |EDR  |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra)  |[Microsoft Defender ATP for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
 |[Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) |Windows |[Configure and validate Microsoft Defender Antivirus network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus)<br/> |
 |Antivirus |macOS |[Microsoft Defender ATP for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
-|Antivirus |Linux |[Microsoft Defender ATP for Linux: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux#network-connections) 
+|Antivirus |Linux: <br/>- RHEL 7.2+<br/>- CentOS Linux 7.2+<br/>- Ubuntu 16 LTS, or higher LTS<br/>- SLES 12+<br/>- Debian 9+<br/>- Oracle Linux 7.2 |[Microsoft Defender ATP for Linux: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux#network-connections) 
 
 ## Next step
 

From c83f94243c5fbfe79b15742ec4bc52dfc5979914 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 24 Jun 2020 16:43:53 -0700
Subject: [PATCH 227/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md               | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 77d092120d..3c9d256510 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -41,9 +41,9 @@ ms.topic: article
 On certain versions of Windows, Microsoft Defender Antivirus will not enter passive or disabled mode if you have also installed a third-party antivirus product, such as Symantec. (See [Microsoft Defender Antivirus compatibility](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility)) However, you can enable passive mode by setting a registry key. 
 
 The following procedure applies to endpoints or devices that are running the following versions of Windows:
-- Windows Server 2016;
-- Windows Server, version 1803 (core-only mode); or 
 - Windows Server 2019
+- Windows Server, version 1803 (core-only mode)
+- Windows Server 2016;
 
 1. As an administrator on the endpoint or device, open Registry Editor.
 

From c3bb171184c89c8a312d437b8fb91813e09c3ec4 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 24 Jun 2020 16:53:54 -0700
Subject: [PATCH 228/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md             | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 3c9d256510..23d11b3e5d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -25,7 +25,7 @@ ms.topic: article
 ||*You are here!* | |
 
 **Welcome to the Setup phase of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)**. This phase includes the following steps:
-1. [Set Microsoft Defender Antivirus to passive mode](#set-microsoft-defender-av-to-passive-mode) (on certain versions of Windows).
+1. [Enable Microsoft Defender Antivirus on certain versions of Windows](#set-microsoft-defender-av-to-passive-mode) (on certain versions of Windows).
 2. [Enable Microsoft Defender Antivirus](#enable-microsoft-defender-antivirus).
 3. [Add Microsoft Defender ATP to the exclusion list for Symantec](#add-microsoft-defender-atp-to-the-exclusion-list-for-symantec).
 4. [Add Symantec to the exclusion list for Microsoft Defender Antivirus](#add-symantec-to-the-exclusion-list-for-microsoft-defender-av). 
@@ -33,12 +33,12 @@ ms.topic: article
 6. [Set up your device groups, device collections, and organizational units](#set-up-your-device-groups-device-collections-and-organizational-units).
 7. [Configure antimalware policies and real-time protection](#configure-antimalware-policies-and-real-time-protection).
 
-## Set Microsoft Defender Antivirus to passive mode
+## Enable or reinstall Microsoft Defender Antivirus (applies only to certain versions of Windows)
 
 > [!TIP]
 > If you're running Windows 10, you do not need to perform this task. Proceed to **[Enable Microsoft Defender Antivirus](#enable-microsoft-defender-antivirus)**.
 
-On certain versions of Windows, Microsoft Defender Antivirus will not enter passive or disabled mode if you have also installed a third-party antivirus product, such as Symantec. (See [Microsoft Defender Antivirus compatibility](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility)) However, you can enable passive mode by setting a registry key. 
+On certain versions of Windows, Microsoft Defender Antivirus might have been uninstalled or disabled. Microsoft Defender Antivirus does not enter passive or disabled mode when you install a third-party antivirus product, such as Symantec. (See [Microsoft Defender Antivirus compatibility](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility)). This procedure involves enabling or reinstalling Microsoft Defender Antivirus and setting it to passive mode. 
 
 The following procedure applies to endpoints or devices that are running the following versions of Windows:
 - Windows Server 2019

From 02af8abe602b9ff75c90a6e8782f8b3d5e9616e4 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 24 Jun 2020 17:10:45 -0700
Subject: [PATCH 229/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 ...ymantec-to-microsoft-defender-atp-setup.md | 23 ++++++++++++-------
 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 23d11b3e5d..f490640150 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -38,18 +38,25 @@ ms.topic: article
 > [!TIP]
 > If you're running Windows 10, you do not need to perform this task. Proceed to **[Enable Microsoft Defender Antivirus](#enable-microsoft-defender-antivirus)**.
 
-On certain versions of Windows, Microsoft Defender Antivirus might have been uninstalled or disabled. Microsoft Defender Antivirus does not enter passive or disabled mode when you install a third-party antivirus product, such as Symantec. (See [Microsoft Defender Antivirus compatibility](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility)). This procedure involves enabling or reinstalling Microsoft Defender Antivirus and setting it to passive mode. 
+On certain versions of Windows, Microsoft Defender Antivirus might have been uninstalled or disabled. This is because Microsoft Defender Antivirus does not enter passive or disabled mode when you install a third-party antivirus product, such as Symantec. To learn more, see [Microsoft Defender Antivirus compatibility](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility)). 
 
-The following procedure applies to endpoints or devices that are running the following versions of Windows:
-- Windows Server 2019
-- Windows Server, version 1803 (core-only mode)
-- Windows Server 2016;
+Now that you're moving from Symantec to Microsoft Defender ATP, you'll need to enable or reinstall Microsoft Defender Antivirus, and then set it to passive mode. 
 
-1. As an administrator on the endpoint or device, open Registry Editor.
+> [!NOTE]
+> The following procedure applies only to endpoints or devices that are running the following versions of Windows:
+> - Windows Server 2019
+> - Windows Server, version 1803 (core-only mode)
+> - Windows Server 2016
 
-2. Navigate to `Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Windows Advanced Threat Protection`.
+1. As a local administrator on the endpoint or device, open Windows PowerShell.
+ 
+2. Run the following PowerShell cmdlet: <br/>
+   `Get-Service -Name windefend`
 
-3. Edit (or create) a DWORD entry called **ForceDefenderPassiveMode**, and specify the following settings:
+3. Open Registry Editor, and then navigate to <br/>
+   `Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Windows Advanced Threat Protection`.
+
+4. Edit (or create) a DWORD entry called **ForceDefenderPassiveMode**, and specify the following settings:
    - Set the DWORD's value to **1**.
    - Under **Base**, select **Hexidecimal**.
 

From b793933efa83639915a0113196965f6e03ba542a Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 24 Jun 2020 17:19:50 -0700
Subject: [PATCH 230/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md  | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index f490640150..c295836715 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -42,6 +42,8 @@ On certain versions of Windows, Microsoft Defender Antivirus might have been uni
 
 Now that you're moving from Symantec to Microsoft Defender ATP, you'll need to enable or reinstall Microsoft Defender Antivirus, and then set it to passive mode. 
 
+### Reinstall Microsoft Defender Antivirus on Windows Server
+
 > [!NOTE]
 > The following procedure applies only to endpoints or devices that are running the following versions of Windows:
 > - Windows Server 2019
@@ -49,14 +51,22 @@ Now that you're moving from Symantec to Microsoft Defender ATP, you'll need to e
 > - Windows Server 2016
 
 1. As a local administrator on the endpoint or device, open Windows PowerShell.
- 
+
 2. Run the following PowerShell cmdlet: <br/>
    `Get-Service -Name windefend`
 
-3. Open Registry Editor, and then navigate to <br/>
+3. To verify Microsoft Defender Antivirus is running, run the following PowerShell cmdlet: <br/>
+   `Get-Service -Name windefend`
+
+> [!TIP]
+> Need help? See [Microsoft Defender Antivirus on Windows Server 2016 and 2019](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016).
+
+### 
+
+2. Open Registry Editor, and then navigate to <br/>
    `Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Windows Advanced Threat Protection`.
 
-4. Edit (or create) a DWORD entry called **ForceDefenderPassiveMode**, and specify the following settings:
+3. Edit (or create) a DWORD entry called **ForceDefenderPassiveMode**, and specify the following settings:
    - Set the DWORD's value to **1**.
    - Under **Base**, select **Hexidecimal**.
 

From da29b0304bd8c7266f820eef15a878a72971c50e Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 24 Jun 2020 17:41:37 -0700
Subject: [PATCH 231/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md        | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index c295836715..b84b7747ff 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -49,24 +49,26 @@ Now that you're moving from Symantec to Microsoft Defender ATP, you'll need to e
 > - Windows Server 2019
 > - Windows Server, version 1803 (core-only mode)
 > - Windows Server 2016
+> 
+> Microsoft Defender Antivirus is built into Windows 10, but it might be disabled. In this case, proceed to [Enable Microsoft Defender Antivirus](#enable-microsoft-defender-antivirus).
 
 1. As a local administrator on the endpoint or device, open Windows PowerShell.
 
 2. Run the following PowerShell cmdlet: <br/>
    `Get-Service -Name windefend`
 
-3. To verify Microsoft Defender Antivirus is running, run the following PowerShell cmdlet: <br/>
+3. To verify Microsoft Defender Antivirus is running, use the following PowerShell cmdlet: <br/>
    `Get-Service -Name windefend`
 
 > [!TIP]
 > Need help? See [Microsoft Defender Antivirus on Windows Server 2016 and 2019](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016).
 
-### 
+### Set Microsoft Defender Antivirus to passive mode on Windows Server
 
-2. Open Registry Editor, and then navigate to <br/>
+1. Open Registry Editor, and then navigate to <br/>
    `Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Windows Advanced Threat Protection`.
 
-3. Edit (or create) a DWORD entry called **ForceDefenderPassiveMode**, and specify the following settings:
+2. Edit (or create) a DWORD entry called **ForceDefenderPassiveMode**, and specify the following settings:
    - Set the DWORD's value to **1**.
    - Under **Base**, select **Hexidecimal**.
 

From 5f8cf35020a63a683d9db1dc2e05f389e323ce7b Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 24 Jun 2020 17:43:11 -0700
Subject: [PATCH 232/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md               | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index b84b7747ff..cc985417b5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -25,7 +25,7 @@ ms.topic: article
 ||*You are here!* | |
 
 **Welcome to the Setup phase of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)**. This phase includes the following steps:
-1. [Enable Microsoft Defender Antivirus on certain versions of Windows](#set-microsoft-defender-av-to-passive-mode) (on certain versions of Windows).
+1. [Enable or reinstall Microsoft Defender Antivirus (for certain versions of Windows)](#enable-or-reinstall-microsoft-defender-antivirus-for-certain-versions-of-windows).
 2. [Enable Microsoft Defender Antivirus](#enable-microsoft-defender-antivirus).
 3. [Add Microsoft Defender ATP to the exclusion list for Symantec](#add-microsoft-defender-atp-to-the-exclusion-list-for-symantec).
 4. [Add Symantec to the exclusion list for Microsoft Defender Antivirus](#add-symantec-to-the-exclusion-list-for-microsoft-defender-av). 
@@ -33,7 +33,7 @@ ms.topic: article
 6. [Set up your device groups, device collections, and organizational units](#set-up-your-device-groups-device-collections-and-organizational-units).
 7. [Configure antimalware policies and real-time protection](#configure-antimalware-policies-and-real-time-protection).
 
-## Enable or reinstall Microsoft Defender Antivirus (applies only to certain versions of Windows)
+## Enable or reinstall Microsoft Defender Antivirus (for certain versions of Windows)
 
 > [!TIP]
 > If you're running Windows 10, you do not need to perform this task. Proceed to **[Enable Microsoft Defender Antivirus](#enable-microsoft-defender-antivirus)**.

From da77aa30e5f0af55e2c42ca53248324422115cc0 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 24 Jun 2020 17:45:54 -0700
Subject: [PATCH 233/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index cc985417b5..1e577367d7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -38,7 +38,7 @@ ms.topic: article
 > [!TIP]
 > If you're running Windows 10, you do not need to perform this task. Proceed to **[Enable Microsoft Defender Antivirus](#enable-microsoft-defender-antivirus)**.
 
-On certain versions of Windows, Microsoft Defender Antivirus might have been uninstalled or disabled. This is because Microsoft Defender Antivirus does not enter passive or disabled mode when you install a third-party antivirus product, such as Symantec. To learn more, see [Microsoft Defender Antivirus compatibility](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility)). 
+On certain versions of Windows, Microsoft Defender Antivirus might have been uninstalled or disabled. This is because Microsoft Defender Antivirus does not enter passive or disabled mode when you install a third-party antivirus product, such as Symantec. To learn more, see [Microsoft Defender Antivirus compatibility](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility). 
 
 Now that you're moving from Symantec to Microsoft Defender ATP, you'll need to enable or reinstall Microsoft Defender Antivirus, and then set it to passive mode. 
 

From 1447e472a5ae5197b273b3050ed81f2d5e8e29be Mon Sep 17 00:00:00 2001
From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com>
Date: Thu, 25 Jun 2020 08:58:02 +0530
Subject: [PATCH 234/331] added link for Security Monitoring Recommendations

as per the user report #7028 , so i added the following link

**https://docs.microsoft.com/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events**
---
 .../auditing/audit-kerberos-service-ticket-operations.md        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md b/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md
index 27a1d4a933..c4423ca961 100644
--- a/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md
+++ b/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md
@@ -31,7 +31,7 @@ This subcategory contains events about issued TGSs and failed TGS requests.
 
 | Computer Type     | General Success | General Failure | Stronger Success | Stronger Failure | Comments                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |
 |-------------------|-----------------|-----------------|------------------|------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Domain Controller | IF              | Yes             | Yes              | Yes              | Expected volume is very high on domain controllers.<br><br>IF - We recommend Success auditing, because you will see all Kerberos Service Ticket requests (TGS requests), which are part of service use and access requests by specific accounts. Also, you can see the IP address from which this account requested TGS, when TGS was requested, which encryption type was used, and so on. For recommendations for using and analyzing the collected information, see the ***Security Monitoring Recommendations*** sections.<br>We recommend Failure auditing, because you will see all failed requests and be able to investigate the reason for failure. You will also be able to detect Kerberos issues or possible attack attempts. |
+| Domain Controller | IF              | Yes             | Yes              | Yes              | Expected volume is very high on domain controllers.<br><br>IF - We recommend Success auditing, because you will see all Kerberos Service Ticket requests (TGS requests), which are part of service use and access requests by specific accounts. Also, you can see the IP address from which this account requested TGS, when TGS was requested, which encryption type was used, and so on. For recommendations for using and analyzing the collected information, see the [***Security Monitoring Recommendations***](https://docs.microsoft.com/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events) sections.<br>We recommend Failure auditing, because you will see all failed requests and be able to investigate the reason for failure. You will also be able to detect Kerberos issues or possible attack attempts. |
 | Member Server     | No              | No              | No               | No               | This subcategory makes sense only on domain controllers.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |
 | Workstation       | No              | No              | No               | No               | This subcategory makes sense only on domain controllers.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |
 

From 9ca4592f20d51189cd61407d2ae80b08ffd9d785 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Thu, 25 Jun 2020 12:40:10 +0500
Subject: [PATCH 235/331] note addition

As the mentioned policy is not available in Windows 10 version 1809, 1903 and 1909 so I have added a generic note to download windows 10 ADMX files.

Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/3558
---
 .../interactive-logon-require-smart-card.md                    | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md
index 6660f7a19e..dcfbae0669 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md
@@ -24,6 +24,9 @@ ms.date: 04/19/2017
 
 Describes the best practices, location, values, policy management and security considerations for the **Interactive logon: Require smart card** security policy setting.
 
+[Note]
+> You may need to download the ADMX templete for your version of Windows for this policy to be applied. 
+
 ## Reference
 
 The **Interactive logon: Require smart card** policy setting requires users to log on to a device by using a smart card.

From 610fa02887667dd40677eb721f07313a4ec0608b Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 25 Jun 2020 13:28:24 -0700
Subject: [PATCH 236/331] Update
 symantec-to-microsoft-defender-atp-migration.md

---
 .../symantec-to-microsoft-defender-atp-migration.md           | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index 38b002fc86..5d04eef2ea 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -33,7 +33,7 @@ When you switch from Symantec to Microsoft Defender ATP, you follow a process th
 
 ## What's included in Microsoft Defender ATP?
 
-In this migration guide, we focus on [next-generation protection](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) and [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) capabilities as a starting point for moving to Microsoft Defender ATP. However, Microsoft Defender ATP includes much more than antivirus and endpoint protection. Microsoft Defender ATP is a unified platform for preventative protection, post-breach detection, automated investigation, and response, as summarized in the following table: 
+In this migration guide, we focus on [next-generation protection](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) and [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) capabilities as a starting point for moving to Microsoft Defender ATP. However, Microsoft Defender ATP includes much more than antivirus and endpoint protection. Microsoft Defender ATP is a unified platform for preventative protection, post-breach detection, automated investigation, and response. The following table summarizes features and capabilities in Microsoft Defender ATP. 
 
 | Feature/Capability | Description |
 |---|---|
@@ -50,4 +50,4 @@ In this migration guide, we focus on [next-generation protection](https://docs.m
 
 ## Next step
 
-- When you are ready to begin, proceed to [Prepare for your migration](symantec-to-microsoft-defender-atp-prepare.md).
+- Proceed to [Prepare for your migration](symantec-to-microsoft-defender-atp-prepare.md).

From 2aa3962da674702c3fc8f9e97ef0df8736c55528 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 25 Jun 2020 13:37:02 -0700
Subject: [PATCH 237/331] Update
 symantec-to-microsoft-defender-atp-migration.md

---
 .../symantec-to-microsoft-defender-atp-migration.md             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index 5d04eef2ea..63378cb2e4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -29,7 +29,7 @@ When you switch from Symantec to Microsoft Defender ATP, you follow a process th
 |--|--|
 |[![Phase 1: Prepare](images/prepare.png)](symantec-to-microsoft-defender-atp-prepare.md)<br/>[Prepare for your migration](symantec-to-microsoft-defender-atp-prepare.md) |During the **Prepare** phase, you get Microsoft Defender ATP, plan your roles and permissions, and grant access to the Microsoft Defender Security Center. You also configure your device proxy and internet settings to enable communication between your organization's devices and Microsoft Defender ATP. |
 |[![Phase 2: Set up](images/setup.png)](symantec-to-microsoft-defender-atp-setup.md)<br/>[Set up Microsoft Defender ATP](symantec-to-microsoft-defender-atp-setup.md) |During the **Setup** phase, you configure settings and exclusions for Microsoft Defender Antivirus, Microsoft Defender ATP, and Symantec Endpoint Protection. You also create device groups, collections, and organizational units. Finally, you configure your antimalware policies and real-time protection settings.|
-|[![Phase 3: Onboard](images/onboard.png)](symantec-to-microsoft-defender-atp-onboard.md)<br/>[Onboard to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-onboard.md) |During the **Onboard** phase, you onboard your devices to Microsoft Defender ATP and verify that those devices are communicating with Microsoft Defender ATP. Last, you uninstall Symantec. |
+|[![Phase 3: Onboard](images/onboard.png)](symantec-to-microsoft-defender-atp-onboard.md)<br/>[Onboard to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-onboard.md) |During the **Onboard** phase, you onboard your devices to Microsoft Defender ATP and verify that those devices are communicating with Microsoft Defender ATP. Last, you uninstall Symantec and make sure protection through Microsoft Defender ATP is in place. |
 
 ## What's included in Microsoft Defender ATP?
 

From cc1b2a558a7fb3c1cbbe8e56a4f1a6fd3af4749a Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 25 Jun 2020 14:05:44 -0700
Subject: [PATCH 238/331] Update symantec-to-microsoft-defender-atp-prepare.md

---
 .../symantec-to-microsoft-defender-atp-prepare.md             | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
index 629fe91354..612cfae732 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
@@ -67,8 +67,8 @@ To enable communication between your devices and Microsoft Defender ATP, configu
 
 |Capabilities  | Operating System | Resources |
 |--|--|--|
-|[Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) | [Windows 10](https://docs.microsoft.com/windows/release-information) <br/><br/>[Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/><br/>[Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803)  |[Configure machine proxy and Internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet) |
-|EDR |[Windows Server 2016](https://docs.microsoft.com/windows/release-information/status-windows-10-1607-and-windows-server-2016) <br/><br/>[Windows Server 2012 R2](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/><br/>[Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/> <br/>[Windows 8.1](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/><br/>[Windows 7 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1) |[Configure proxy and Internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#configure-proxy-and-internet-connectivity-settings) |
+|[Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) | [Windows 10](https://docs.microsoft.com/windows/release-information) <br/><br/>[Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/><br/>[Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803)  |[Configure machine proxy and internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet) |
+|EDR |[Windows Server 2016](https://docs.microsoft.com/windows/release-information/status-windows-10-1607-and-windows-server-2016) <br/><br/>[Windows Server 2012 R2](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/><br/>[Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/> <br/>[Windows 8.1](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/><br/>[Windows 7 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1) |[Configure proxy and internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#configure-proxy-and-internet-connectivity-settings) |
 |EDR  |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra)  |[Microsoft Defender ATP for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
 |[Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) |Windows |[Configure and validate Microsoft Defender Antivirus network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus)<br/> |
 |Antivirus |macOS |[Microsoft Defender ATP for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |

From a86eb737974c20347c013ef888484e29e00ecf87 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 25 Jun 2020 14:59:20 -0700
Subject: [PATCH 239/331] Update TOC.md

---
 windows/security/threat-protection/TOC.md | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 8780a1b14b..d38784fcdc 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -20,6 +20,13 @@
 ### [Phase 2: Set up](microsoft-defender-atp/production-deployment.md)
 ### [Phase 3: Onboard](microsoft-defender-atp/onboarding.md)
 
+### [Migration guides]()
+#### [Migrate from Symantec to Microsoft Defender ATP]()
+##### [Get an overview of migration](microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md)
+##### [Prepare for your migration](microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md)
+##### [Set up Microsoft Defender ATP](microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md)
+##### [Onboard to Microsoft Defender ATP](microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md)
+
 ## [Security administration]()
 ### [Threat & Vulnerability Management]()
 #### [Overview of Threat & Vulnerability Management](microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md)
@@ -575,7 +582,6 @@
 ###### [Advanced Hunting using PowerShell](microsoft-defender-atp/run-advanced-query-sample-powershell.md)
 ###### [Using OData Queries](microsoft-defender-atp/exposed-apis-odata-samples.md)
 
-
 #### [Raw data streaming API]()
 ##### [Raw data streaming](microsoft-defender-atp/raw-data-export.md)
 ##### [Stream advanced hunting events to Azure Events hub](microsoft-defender-atp/raw-data-export-event-hub.md)
@@ -589,7 +595,6 @@
 ##### [Microsoft Defender ATP detection fields](microsoft-defender-atp/api-portal-mapping.md)
 ##### [Pull detections using SIEM REST API](microsoft-defender-atp/pull-alerts-using-rest-api.md)
 ##### [Troubleshoot SIEM tool integration issues](microsoft-defender-atp/troubleshoot-siem.md)
- 
 
 #### [Partners & APIs]()
 ##### [Partner applications](microsoft-defender-atp/partner-applications.md)
@@ -605,13 +610,6 @@
 
 #### [Configure managed security service provider (MSSP) integration](microsoft-defender-atp/configure-mssp-support.md)
 
-### [Migration guides]()
-#### [Migrate from Symantec to Microsoft Defender ATP]()
-##### [Get an overview of migration](microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md)
-##### [Prepare for your migration](microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md)
-##### [Set up Microsoft Defender ATP](microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md)
-##### [Onboard to Microsoft Defender ATP](microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md)
-
 ### [Partner integration scenarios]()
 #### [Technical partner opportunities](microsoft-defender-atp/partner-integration.md)
 #### [Managed security service provider opportunity](microsoft-defender-atp/mssp-support.md)

From ab7db74a2218376cc0275282c031fb1c1a93bc1e Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 25 Jun 2020 15:03:27 -0700
Subject: [PATCH 240/331] Migration guide images

---
 .../SymantecMigration-DefenderATP-overview.png  | Bin 0 -> 33280 bytes
 .../SymantecMigration-DefenderATP-phase1.png    | Bin 0 -> 12351 bytes
 .../SymantecMigration-DefenderATP-phase2.png    | Bin 0 -> 12311 bytes
 .../SymantecMigration-DefenderATP-phase3.png    | Bin 0 -> 12688 bytes
 ...antec-to-microsoft-defender-atp-migration.md |   8 ++------
 5 files changed, 2 insertions(+), 6 deletions(-)
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/SymantecMigration-DefenderATP-overview.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/SymantecMigration-DefenderATP-phase1.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/SymantecMigration-DefenderATP-phase2.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/SymantecMigration-DefenderATP-phase3.png

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/SymantecMigration-DefenderATP-overview.png b/windows/security/threat-protection/microsoft-defender-atp/images/SymantecMigration-DefenderATP-overview.png
new file mode 100644
index 0000000000000000000000000000000000000000..5bff5f007a100c9f4413cffb2bae9bd1f1dc3cc6
GIT binary patch
literal 33280
zcmeFYbx@pLvo9K6LJ}Y_I0PBoH9-S2xVyUqf?IGIEa>18ELia1?j9H{xVt-p2lq31
zzrE}Hd+)7Xb#I-zPtDX*Yid=mU-#<n)v_i`Sy2iDjTr64ix(I&(&DNwULeC>y!glY
z4Km^vQiAtAh!>Kxs+8!9@)6Q~#Nefch=RzA7gaIn55_2naf-6Mx&-3=_i^gQ!otGF
z#wHIOrl6pprl#iL;Naro0w+uf3kyq0NhvEUYayPT`A?rdSy@@xSFAcXI6xqfuV23g
zG;fB5g~i0g#KU$I6BECG|DKtdnL7k8C@83?sHmDcuB)qST{!LN=zzgseQSS4M@PrT
z#>RIp7Y?qMmzP&pS2s^@cXoCT5zoc_$;rv(?c?+Fa}fXO4gwgGi>jj93*ntPbHo7E
zL0ZT8#S230zh9&Qx^tlyFTQTdh>NIu7#_7@bil<Y+8$$iMerOQlrQEHT!epEDfE5@
zTu&A2F7I=pj$s_OeJm)?{6Y3-g}H7bqoMryI&70~G}3F%@dwFu<tB*t*tpNrehC(R
zzSIaM+ih|L2#h#y0^QPgd%=f%qf!4)Cm!#wv-=7?J>o)F(E)P>UwrTHJwSh?@bhhM
zBzM}a0=L|ChGCdv`H9ai1){BJs}G(J=K`1=UIXArF-Oo-mr<s-afjoDFYMPW&z-Bt
z18I!kpIQ3MhoTO@<m~&CNkH@Qx@GMn*3-jdA3NW1g0l@#-W06k(^JPS^*TPdv?cv?
zI0IbDjMDMU#pVL$>%)9=BUp6lz_J!|br1I7v%j~wzr_MT*S1Cl$6;&9aclf7AtGqt
zhm`Us58W8=P#}TtTBE=p6%Rhie)20^sS{4Ch9}F<=r?zLtG=6SZ&n{J?t}Yt-Jb?C
zpX)MD9hL<%km!Sj_DAB$4m@veu1}k&4PdT#knfk?woDQ~W?-2<*Q-M9>y_Ee82YxC
zKiGuiBYP_HS$&58ISF6_Y_dqKW-~@*PG|dvhRpXinOugFr?94f%x8=W9;v9u(K(5u
z51u4D@IsKbAYDaP8&G5p2F}z=6-f5gK(rS%3V=yvKG|kRY&jwCw0&a-t8Une{+wop
z8b&Bt$v#JwjKar$WeZiL4LMj{YNHarbQA5RgjGO2zpsDoe2Nb4@;(bRh|AOr{)a9h
zV{;G`ISD79i;w3qUp03(x7-#1I0QoL9s+^&3i{33#E1o4+%rR)>$w!Q2`D%4!T6fc
zUbE$LZLns*GRLU2+T9714D)bU0w8ywaKd~hKKpu;eBXE}`-Yv3UXe|u(rfxP97l{<
zDW)qBR7!|Rxa9({5C#N=Nxm7mg=nEe+@$tvGP@W3p7MCLvdEsEf+~}6cif+Y)%_O8
z$mNyQ`3(+FRwwSnwzV!oeX`M?&*a>MIdEExhoy>;{m`M*Vd<m34`fG2t7bZBcay6#
zKOfh5x!V1n<3eg~pSJ8TeD@a;GONiryEOf0x@S1XEM)v12x%2(zA_5!;nbTgY7E`G
zH<DfT_?fZ#&DHbm5WYL7AB-6nnZdM+wLE|SL&P^0cWJf5Co1ak;<x*EQ-P4HghQ#5
z*h;K9&W{27AvnLI;V~<MrpzawOFoo(to|PId&()P3tOk4A^uI^TYF@dLoY=p<Z5$4
zKl?-v`+yN|duw~rQn)7H-1j^BI`{J$McYSL;LK}T2E52zp{#;Lr5obc!opmxzz{Y(
zl7}edZe!d-lAwgA(9UGfMgh`C&Ej%m5(!Hx?_rWZ)W?(bLP2$d;Vw*czfWhIlYbqH
z1ZOmSzA?~--#`!58y*LNGid)zYSZe4#dAyZ1uHy<u^!N@#N6p^Zra%ETfjn3@xC^k
za0u%NTwn&zPmYLs&(M5U`7qD&ROqW4!rtsNA!ZW1M&<WOoKD7%{7>Sw^yOGt(DcTO
zg4fvvD#Qff@pzMs0(*t)5aZxK-GSv<-ygSY+LUqvkekCBH$7eU1|YBZkBZJKe;j1j
zKRmL+i?-uCGJBi?*NmeAyJ3(%XdsjJZg?L4Tn*X@FEbd|hV(O2Zw@0FKy<Fap+++n
z-?;dAR4LONTVVi(x1m8e%O4@V<|^Pf4}(~XiEw=L&M04xA8l56o{!K#LO~_qsT?sS
zP&d4h(-B}mmKS*!D1<jq*x=7W(Xv>k@uiFQ-sW}FVoYJ7zfZr`3iWiZ7KkN<G^kxt
zM*EX)!&)rVRR;L3RDlO-f+8Na@@IafK&2DOKw|DJes3=^hcNJqR6bP2EexxBAE2Vd
zYIMUq%puT+0$^VC{<F!x`g{L?WKMrkdD*xZ`{u;LZD-OM7?<hRIK|W9Ls>@oHV=ST
z`R$7~k}<fWdpg8tBJk`Qkm>WMN2yu|e7Z(Y*8SUvS-;55g}VB<!Y_e3kL`Yw#LB_g
zw)CDzj%bQ3!X+4+L&sORSf~k&8^8B}SUGZ4hjgBCS!4b?kCZajajKm@x<B>@`YU|S
zJ&)Lz4Fe4K6&B=W3<0*9`TdwS0widkgYdutG)&P$6=^-dMJFTgKl1=8nR);{^GO`s
zxaWQ$92(b5b~+g*>G!}ud-ql@>wA4%ZKTS5#ihBt_0;O?t~@=##d}|Mnii6fQ{JfP
z$-oQD!i!47{e}6Hn!oD%L>11Zd&%<p=#=mT<c+OI4nn1AHkK!q4ixcS_(F>775O#T
z#VTNRbuKsySb4Hx4HH~nTB`Hmz(2c~pXDo@*_lFSr3?|GG^~Bmj5m`DWl4$b^quPM
zdLf@gt}I6QOPDAIn^>vvhJ%6=UTzYQ+9$c_smM%li;k3o^MPLS+Kf989!=HnVwH%o
zI35_XT}A(a@%Sq?CMsHX?mA$;V(U()|7zW3o3RL3<&n*`EW$V4|BF4{2GZC4>$`C4
zz^&fZx0XCkV{`_U2Jiao$3khhWHI`2N2k~o<V4`i<~_1FK@`WUF3VdFE`>9WppG-j
z6?dV>ki|C%%<!c8uaH+gU#7{RQ#s;o`C_j$sWe(2?$M*8yB)MyuVo&|43Vmec7{zA
z>LFm;KA}T`SJAa(>SSc$Ccy`8EI8=YmUi?Q<_}>MRA+=X(u@0Z+m$5*>_&4g5B1o8
zv<{lTe#i3rW05;&rU8(WX1AzHIHGd{h+)aP;hHt<d^(Bk7X1V@z2xI?Gk9C=!)M?r
zTP)S#@rMxih$7wkq9^A0ak>6wK0iRxB{kb!$>j)M@6WNHL_T-V#`JA@drZb9oiy)S
zxD2Y&yn1o0LO95hnWV^y1;h9A^sdt|Db!ct1?TxYtReXxbP-ijzw4s-YSvK&LAi{1
zX|8QIM(Sr`Fkz=&;QX10aS?SF$7%+u@*-DMg-DTTOMRj&nI2AVr$xO_>@rK`=`ojq
ze6GmA_9SjP_%N9pPe{>!IvWlQ&!x{Bo!Xv@J4CSJ06lF%cZrOclQ8xByI+qRzgO)|
z%Ev7hM0qL$@n|FpP}i{~^jj3F<Ba8&{}6@dc~!W0byJom-j8lv%8joUG~~>{_*|c&
zI1;7%h)BUn><oRLDvA$vn-O7t&o{$_HzjcKWe%)t2eiK&?UARyNJ?bnE8Ezjg3^}q
zSVjwFY&hm3OQ9+W;GHQE(SDL=K+_5mQKVglc*5Z5i__B0ua@hi8%iia%?9W_J(;1l
zDSoPu#1_q&-@v{N;lh(o?o%7uUJz*$%0{uUH~;iX457>q;NpO*|FV)39p;^@=6gT#
zWU|e_T#xhXyNiwEk(DPbsd@W7mdv%`{#B^hGUeF&>P}zAyZZ~xDMSQdJChI%srJ_8
z=L&7s<bF!sSYHB^6!EL@%2y>BghVz3w@BhB0{1acfVQRT=3NPu3t1mYr@zQ8R>|nf
zeV1UT5V}1k<X&@^(c@ov-DL#if4lJXviWkM&GX$1ikBT*<S%07&|2Db=xbj+O0g1R
zFS8>F<lK9KEU)yh5K_M~{W<y!^0X%un_!w-%CO)yOk>Dw(#RE3jVZIz-bH@|y<baM
zisVfZuEVb?3uNEUe|Zu!o?y*90{a@yC-s)9jy+Jcy)Fh1;R?R&GzujcAoN8T4`=i^
zWo->M5tG)G0!jm&2RTa)`hk_0lyUad$qnn`x-0(AAcWKGx@xZLi`sE#6{YYo_s{B6
z?lT5A+eNNt!?F^Yux9QrW3*SyyE{*Y@#!qLoHQr^F>JDx3(9X6?fx<`)=`bORf~&W
z!aQ~Relc^-(9)&=N;5J_*5$u{#kmOePo(cI5=B@HZ_3>48|N+^l`O@uH@$g!5jNy#
z@%D(b`(7pP5F4tPn`;#QB-n;O4b)sdTH9p5c)K0=fzM*UbJl62f-ySZ_g0>q<hwq^
z2J5`g&~FXCmG-=llCk#k`E`JTSp)z>^^xME??KWf8a-)rrBXAC;6e0gk_W?kqD)|a
z<CjAbbkL2#m9322S0sD>W9^sBa$_hi7H4q>ghF$4XL_?=?bbR&z<vA}0NaNz^Qa|y
zW&uA`eR1`CuQCi@ZCDWZrw3|zSR<VU9N)7~6wgwdpWCq1K!yP_cu;{ns)xr-iz{2k
zMQC=SI}N`@PkhJk?siG-f}kM5L)H9?AyamD6b`y&U44PsRrLSjdc4PEiT6Pvck_ax
z4H*tDMcXG+ek(kxEQs;r%|KX(!RgD37sbW=r4b};+Lc(njTbYn6E8m$RgoE_)C<8x
zLQ|bt14<cCGgs8S8<Syw<S-!+Ppc!Dw`XIn0tCMx0=9(lydPQmIkIf_c(_S{VHE%T
zq&YYlBpwS7hC!lZ(HNKgIfOK3ndpRQRMIQO(ska%haJMk1_W?2Y7n+$YGRaY_)w@i
zQ(R??EHqixQ-@ygSLYb#BEo41VC~!Ej*!?Dq)Xt;=?ulM7c`;U=&uc)bJA~Y!p}1@
zg|ceMgu#n&hXNmVf<o%vsG;m{p9S2yFg{m~9MAQdnT^wUHxr_sm40}i)TT$c+9U8}
ze)-~+=iWCmYMCIH)l4^%O0v$c3J01ii_=6v%B~CcpWZWeFDB0#*ztQUZ~c?BWwDLs
z57~6Ah*?#ArE~a}&)(jLjn50dEp4TqZZZPhrYRoUbUXE(q86yCDRhpy*ep8|DE{ZP
zHB_gmBD!Xci1rV>xSI0PUi?J-k_Z`<pX?IlYW0xYDFN4yad-Bvxv_rf@P+RcuIU6K
zC-V>WdkVQS>mr0i$Rs~+bbP07B_{XZDyE0y*~x|k#*!{pxE}efX<Tx7(}-6!tgE4W
z8MI%c1U($D#3hrTjnN92f70BJF`CQL@EwCzbUbV2QW(H2?&@o7ZMX1Z*k3+9Z69D=
zcJbc5f1wpK{(EM=I!X^SYF|lkQi<MoYI*a)8n+n{YkZgM*{{79y*^j^n3L525Mz$%
z)<FI1$X!f+Vz>Lm4KfW8@yuf|-=x^HejMqN`A#!<eJvP;*tB?`1Bt#d5s32uSpVyf
zC%!|z5iyTE=;f{KU2ozhpZhK)@M%-Z3ft$3jO9Twl_dJS^A8pP))JJA9lZ$(?Sl}-
z%#ikZ(g4m*V>&jkR(?O4^*J7oQlD6Tj6V1HpHGGVH^p1O=uN)=iyy}4UA_^{|A9>W
ze=q-kFSqA}uje`=p>4}1iZ1Insut=+do>dOpEVrG06iQC2|d@|UStZL?@A#BGpWEU
zPK2JxUw1yYKl~6Q$DbMo>!Z02HpM`nFRea%4`P!e<G~^Mz9I5Pe_r3n;@xXm!()))
zJ3zMJ=Ix~(*lL=8rxxiYws3a2I=muNh&T8NhTXU6XWO0pymJzR0@uVb@q2uD>}Y>@
zP+KQAdOTl@DQ-#@UUoWOU(Xa{ecO!nIF_xf#dtZ}@SG($T;Lb%$W?dhsL?xh1jo8R
z5Hk9S{i^+LZp7;^DkyZECh{SWTF9GW3SZWWnja^XY4uOTpZ6%Vt}P$BeUHLs&#;Yx
zOqXCV-5&4T1HYj`@~B!oc(tm5kBzok<tzkS5O8_^8sOT()cwS}@#%ClX1HgHbr%!(
zgb#T_#x683Z_?J`9!?4zMGkH*RkxMIwJUzOr1e7)oc64+Sma{H6nr;z6pla^8Q9su
zw|Y608X^YBx8|%d@6E<8)Ke^ib_i`}sto%X?=eR!j!STIe3_Kjdi}2a&#C=WeQ$ws
zvY3jQj6d+VkML${i+@i1*oew8G2qLt-Q?cH7gX04mZb_$^qrtlzwOf9N*&e-rlI^C
zh1rM1Y6JOH^J=28a|5rr3qA?(QcIT{f;?YQN_g!yaHUP&Y<~Cjw4*Ew_4$_ji;U5=
z_6UeYT3o}!<99yq!=t2fLqu1GHP<ivYvqpxlDff7jThg9sG%PV(iQJKK&|}1`W#qJ
zFO2HjDJk$t?)nmEc4>?-W9y<W31V!txjt{&CNwaC`{YYqxJbL+-qG7NQ}|Jd*b09q
zwV&||J$LVq4&>_M--B)~3Av6Y8!`Q`fKavV_1k9e?0eB{Hm@5G4Gu$RIXSR5$Ue(J
z0US9)W4#F?H6nz&i8RJXM7?L@`7|M2!jT+K_syb{uJ0fG7WriSUH=<LPwfnCv%cLk
z2j6?^(9w@4I(x?B_L_c5as=LL%jLMo*66&$`F&1Sc^WBleE4N{x^<Q66AGLS+5Pv|
zrwvGL8J8bJYH4pcL%2RYhfzu#P#AFKs<{>XvEOp3|H=eSWEdN9=Vzd%=O<qf#mxY6
z04mt=AB>d?nL*x8YBn#xsD?S`r~2SlTorRHc;gS5c>AA(%@BZjNbyx=YET?1y8`tG
zHm1=R?q8cT@Q+t#x$~mXlPRt8I`wm8OFmzr2N4Dy%jcom*tH%m$XIrTK2)KwM(Fa%
zzHMkWoqMZQle9X#gemTxR~b~>{a$f~W3}Taw55PTXmeNSHqi2yTQNKkAM-k^T2+~K
z_@8rbwRhCp8Pe|;+v-*6a9L9<=LRYq;K;GUyS}-)!J-E1#_j5!Nj7Xy71Iao_l8*F
z93^PMsAV_!?j@!spL2xUi-x|XxaKeo>R+8-X4~%u-Pd(@DL6kJyAWIDL`o39W$+WH
z>UR{Jh=#hB9AKpcekbq=d20hUwds{L<#a<<Nn3PMRo;Stz^We@&VL(MZqrTfUT`qs
z+*0Sq6)r`%s1^;KVF|<3t>50Z`Hk1C=!WPf`uB?}sRE3g)eefU@$>o#lyQuy!fN#}
zogO4Ir$ud0YxgfQH+6&3tX^&>cT~S%@^?1?WP(5)ziyL}C#7*GYZo^)@e)vRK^!<>
zw_R!sz3<kvsZ%fnGR#4tYV-8B>X1jugZjOsSV@;boZoTZ&iLFyFK-PCgfgKRhrF_k
zemuH#0!SNqG`XHU>1lb)i9h<M3ODqGvwIWn9wsZ=ckkK!49YdS^rkwVc8xM)q-dh~
zEopOT<|vktj;yWe+=9z(H-DR@zDh?y>qL&5l%lLacNN%NA17h{oZg1B4q{6FjxIti
z8#bxVjqTtnIN@Tvl%Xh-s|4L9PsgDN*#_`ZtFR=tW@yB`eoP}})Ddmqu6d1eZ*f@(
z7AT-#DtNhST|WEv&7>Qnt~->{K%@9CILQQ)``eN)eu7WaUfJG3qtAB-yI*eYpZ64q
z8LP)O)G-|?l71X22eX)4=2+bf&4l8mz1#CfQ@mQP;0<Vw^14Bk^Q;`o-+gx0&I{we
zfh`WDP0LG$QteVJm?zBN(JAICg<LxZp$!dxqM5Oa7@00vj)Nyv*1$>X^PkT~fz}HL
z70^V(TSr$8Y+N~i9tIZsg-?;$=gh|04FRH242d_Iw2l1*25ZqPxsuW^1E80RZ`cC#
zf<n^YWRoAy_YY0U=MqYjlt&4zyoK`|8@FjdQv8BOKL$I0Y08h2bPn^FIkx-xL6R;r
zit7{MAej?^^s&`EI70=XmkuA7i&p=Fx{h&Th2a<o&5wP<NnlBh%}D6CKjdFIrYDje
zl2}|Qi_>e3AN9{Sh<2*6$JOBPdqPxfJMs;!F5`(>-T7A5DZ43{mi6`R^Ta6csCu{6
zX&%s!3-=`!eP$R}EQ!2sFD_5Vc8<hCx7Azda6jF`2&}qoB@WI?xm6H`Tc|g3kFb0>
zDx50eg~JrgRy{ld2s6V}rD~6s3%GhPJ`@P~2D$0!h4xpOrx>K<ON+N5qZ?hEx-M8%
zNM?lf(cn%<%YkjLQv;(ds4&ur<fDU^uS8wh2zkL$1Lh8Gxyiqrf(tnZVkAzagK6pN
zW#;1mJuoN!C96Q?94zX~r0nHpf#b>RLA&g0PoukvgN4!0-M;^P$m=JCdueZZs^nw6
zb4pD{bB~@I3prm9Rlve-2$#O~J&`kVe674zkox`~A+n0lNdyR%m8!*_66d&j-QS)7
z_d1Eet@c`QwC-X{Qlr&(FAu~r+cA-P0}P8}?S6TUK@SF`4iyi9XO;cT{bu1S$@OV^
zZgFn|ssmU}KeVCXSt}QvD+LKX_U#ga1pnYv;-!fB00tQiEhT6y`8r*Hgi>jB$cDaE
zBj^wK!!FgqKV`?#UGA9*WJw1}0sX%4N7YWja(=#mW<+qM4Z>C59c#MAy1s*~8vWd-
z;ztLS##bg7x+8x?&y!+e>D<?~%lI2??5uB&QoGRim;lI+%m{;a2$+Tsf4?y_vubJK
z3}C$wJXq%(<?VQwS&_b3y|(a9mrkdW*il}E=_(Dm^Ut?KCwb0&DX}@HTjsKM*RS;u
z?uhVt5EnhOsU%TS7jE1t!>zNw#Ti!*&AMu`r~neo+-Yn~NM4#~YeIjT-k7LpS@qF;
zR5eDmavkX5cH2?_d8eoVgur;#(u_w0#<8Q5@Qu|?wqxQC<iIIAn(lHd*~zZQ7+k4x
zAwi1&iYB@9ruGa{DyoG^%A7}*ay%i0i_)P{hMBGp&i!2)Wc?t*Db_x)K1MLHvUM%f
zN1qJKsUwRYi6DW$1ljy5FW74wo^-mQs|_C!(a>+$^Zl*U{r2aJQ*9zljq=ajXRk@)
z{+-&sCW4;nf_=K~Zl}2HWPe)OPK)al^T7R8@rDQtn!rf7BJt?zN6cU9V|OJ%t$N5y
zI)K#=S+SFA`S?FhDL14;0Ovm_$jvapSY!7U<hf8kvT}W>Q6SJa;m<aAMjM#%?>Zkw
zpAIT~dq`P^GEpUxJ(N&g2aB#9Le*?2nxS5AFHyKPmENj%XZrfxQf+%?+iQ6eVeHnT
z2RowsWvL{IE<3@&q&ZW*O;Aon_JiJX2c?#_hd;>e*|f?H*y|7rp&DEF%@|_LRn%H5
za*iq1f(6)Fi`(@nN5{_P!T0y)z<&gvV>2<3;cih-&e1>Xcm2cOX*Wn>2)YOBSUE|N
zlVESznYGP1HHgZ6(6FUjoFn(t5i#I3Zb?GspOCJ(44bsO`mEQSm@DM)B(;-uhYz*7
zxl1s9bgxxES%#@b=zUJ)s^#%=ui&ao?iJyj{D#(B?oSwJQ6lX$t%q$ry1l@P7ptSN
zc?BQC7ZC}y4sJ0exjTyOECfPo3%>!3z4km6fZw!kL9lCR^Y)b2_X08Nhx6nD%gwU@
zXiv|mwF#PQFRV?At&iO2!mwQMzFy@feElbfKlEt$)8mpN*!xUlnUiJARULK8PQ39!
z!&&g^@m8&bMUqwj(iU|vc=Y|c(3yjGL{mVUum1%H!eL<m1)uISjh@ao(CsZiOPB4>
z3Ce|>z~eR^B6R^;{X_-}_K-8XXSWuE-4L%7!l}TT5b{zqs*YxN0t16+Ul+>V<n2>v
zL&4u2m}nUbHz*}L!r7GXkjy>tuq9Z?oW@ec=)3vsY%&@0<$kbAiE+gKi~zANE3iGh
z21xJ|VCw}UK;wq5vskSr0tJ)3#6?XTg#@fU$xb<#$%}Z|+%{aW?e&Fvn$X}pR7?99
z%&A1_2dR;)U1}cR-u(kK-*va~X4R(H#1aYQ)N4h7C!OyA+w=GT)GHUh&;K^^BeLp#
z;#Nv=v+1F0H-sJ!;=yCKeLgYt1<)Yi<*_y*%XK!tf+D5IVF6}gwQRxX_+p4i2K3jB
z2hTr&SKKoW<)~v;HPB>^UwfxoJzlPr4DCl1uf7N-*0iQ@KGsI@x@+&!j-r}2pBRD7
zb~2%|IRrZ}<y8_(Ie_g+^sf6u<UNeHIjwjI>|22|U(5>h3~a%j#I8f#INbB<25QNT
zUrC;y4@Wh!<(4HyZ3{V%$I=BY)~lTJx(UA0B?WV}S;w9^AAHoTt+Us_jvzAjG`yB+
z&5v;Z&BY%q&dniL?_u<>G@ovbj2;i_4~!|dJcU`ZL~sS>37br%g%c^&QtpugZ<GY|
zzlVBj1rJkaDF@0vE`1?q{(P<f>JI&ll8RH_ge5G>ducVmGF9wNqz6$aoy&EGS%5gR
z?-z-Cgy$6;Ygf0O-lKSxMb2jHVC|#4{(-nZd%gE$cfGShSiR+(02trkj0gFJ^xHuF
zT}M^R1#?yPhy<WU0H8tmd`SpZ{h(<sj|UM2EMkZX{<=>DPyW<zW@ioF%9ThU-sM#h
zF&X5aPgYSocr;9aI|&J^wE>zZe(@jO98G5_Bg;m$vV)iANFYqJTy!g_p)7;=dEnA)
zA)+N2ILceUmw=jzpKRA}=vZq1==5*9Zmef8uxT9Vp8wjz(3}sQ8VEH^0nJMO(%gxK
z^<d^WP`KnocV{wZ*?*>VyIV;;y*09;PZEo4dnHAyj$Wjh;^qIzBPW|)0Y?py5J@D_
zjTq+xXFLvAf$>%scpKG@5!WGqjgyZH>5G>j>0mjbr4{`>6<L?!0-qczUF6IPaduI2
zeVq`e4O$x#p0#jM+$WOOSMTKHKB$)2=5J?ncgh{URT(k0(hec-gb^z^-9?mH$&U?4
zZ2)AtIgk~IBiSPM7ihU0Zv!?1KgJcHUf>YURr3R$^pRXi(5u#mcrr6vuV;4UGd)}q
zG6GNI-K$<&)`{zk)4bmvf>!Biq%8ka*5J|FG^Z9i*vq;?@~^L=C|aJVxO8A2Meaj-
zoAyy5=KDQTs!46oJI_#kE#d4}3B;u`L0hkEwzgEz-j!*_lB*8Ue85sUPKO@dv8IU8
zXZ_Jxgk)tF&n;gj^)zDElueD<kmmhHPtEu+t@tLXacu?I{(y3ZWzi1&nJaqM?RJJw
zn4o4Imcb))k=$d#LX}kSbV-mLmn5HCFjnJv<5!&iDZ2d3fzUkz+M;*`bD2iAliu;&
z1A*#v#Mat){t9lK)T)5D<dx7b>|RI#3RSPJsb$$sQhL_phX>_laaw$y3^DrBZeO*a
zj9?Nl>CQeVGA!W9aD4*6dS0nobF>U56)Oqi<Tck0S8i>*4~R~a$)1|kl$BRROigD&
z?58Q3V-??3JL34V2K4dONv^hmmZH#i!7hm`3L;apObWZ}9yBYj&=BXarNX!A?oD>G
zi~}XP@OC&<rdaPLo3p=EH&fc+^JP^Qu4zzhK|Wp8W#kO39y^8Pj@&^&ck)xpg|z-J
zvy=Vx)bJa9dLWAgmP|mA7GN+`GmYko+2f`bc+5ItO6(K-V+eNUX6>W5z=f23h)}3j
z8eDFpyzy5GTX%9#%9CSWPm72UHi5W8Mo{U5FB2qsOjN4rW={5=ynLfs`p}9|h$1qK
z7Jh~qXi$%Y&Qa9o`t4DbJp69?va+1RR-9nB*Hm7}5h;1v^K=)jaIq08wfH{Q8*+U6
zh73O-!s-=1Ye53czI=~8N`ld(aTo{W-OOh{dVxP-7Ho0Gv02+p9>aAkI=@XyC@`Pg
zleb)-wjmi&t1o&CEi8KI8ipT<O*JC~RhW<j`99iF*TUZ6>$M|zFqX(!S~o}PW@9yR
z?6A>?F%Cn!v`M~~8e8m<eorwF`c4JuOS2vq<u7sTGHV>bAVcZIvD`uDd|yksiDnzY
zkIm@lmux3;pYgyfoIS-)peeg0SS~NB<U1cJ^r54dbOnMd+95_5%=E;)V@iHHECUQf
zw%7TtGb<aRAcddfY7D*a8$7-s>MU*0Bjoupiy@;!QbCDjgDqnX+<x{V=+StZbck~I
zC3_C7C9&7&tkD;QZ&$ZIEGM|_OGen)KNFvCZYzINP`oh~#R`Z;v#vx{YYStS`z|k&
zL#v6iaethA8w)=;Hx}SCrf$TIW_Ea&fNHf7P|2dmMB4oFZ_ZaGaR2%3wK~C=Xumyl
zZ9+20c)K>w;=!znD16Sdv7zxLy?N|Awcv?n1_lqMe~)CzjwF}UcLShwmuhyTD%{7?
zz(=-gv4VZ1Rcl4tJ4B)vlE|-yZPYnOR(44$Va`O+Ix#b(Ol^6@5ysY&VH1wRX-}7v
z!E^H#qJ7eR1@>O*XF7vxT~u;~ZHZf-(6z0N?X~ED<dYgHSW5PVDw;c_mq$Ds59?><
zlWHqX1~fGyX*skNL8O=+qAWR$9-ldS^_m;o(-P?>E9s;oH!FMY5wV#4pHuEg$PJFx
zkEvBmH11M$N1MvNn|rii7jthZ<pyUUu$6~od&q){9Pht_RL$atdijCBb3kQKDe`6v
zhbxmCu>eG@zO~-L#+xss37{X9`u6g9S9*v4Ix8=7_ww|TH6^CE3vhZ`(Rg->UlQ5z
z<Q}egqYbuQefGQCZV-BQU6(N0JnwkA8*T75bgw7>O7&w7_8Gjo?F}Mm?|?pA;J?N&
zc(UEcQ954V6cT)dFB%=KOmP=Ico3oswto(XT3nrK%p!tLmf5ba|2lT>v`wFGK>U(!
z`_2Ym%A>s&>;w<)HV!LTzW;IBdA+$9`0unS)~i9VcZdyBLIk;qAD?mqb5M(e$^+wM
zfe*`nJW6v9*gMXq{7^85htjpB7uIJq+A8o!xtm8EgrG1B%g*>*fzk{eb*O(vb?WdM
zKLNts5}{HC5BpNPYp*@{xSUJ>aRg*irXP<O=d5&T>=V?VMKv}AHXH04uiv+31}Sws
zJQ?z0l*<nN(pp?0{_E(CXV_Zno)5GN3Wtu@<D;3OO>_)eJO{QPPbD8+_X)~RIsTBX
zp(qZK%sVX}k*(O}+s}Gw-;6dG`4qW-5`26p`BEWmkeMT}BENGt?%RtK&j%X82PWYb
zwpoU|4}`IpBD)Wm|K0x6)3f^u!DqO)HFhW1`)**o;Q98pcG+nd<vo}seFwLRZMh2{
z*xT}WSAG%;4NhA{{%J1(Y)3h6NdG#am7fS+Vc9)>$L6K2iPxbJDGoS~57o=I|JdMh
z!?Xk|NQQZk-E9fZauarY6c}o6uzE#@>(8#VbiwRkf&-XyGqoujqezQM{KVvfbgN40
zBFl#3Fmy(Lw}P~^8?=wV%<PQDhV$#A-Ktr=p^Sc8ys47zgMV=^!KRf92eZE$VJ;>+
z-OkylYmlSfd|>;+V|2~ax1F^t?V5PQ6~f+7MuxTY%GFB(un4TkryD7TQS70xd3h|f
z21Q>7E1KEsMJGSCV!)F&f#o5h25);hoEjE#*9<?<t?L7H{fV6RAYCC;*MCk$Mc<z^
zy$-TleR?8w^>PK|zR}@Dx&Bkhm4CfJQsTH_JU_yH`G|t>P*Kpq^)7M(Jb1YBgVIU6
zwMS>eZ1>Zjdz<4)7s`g(ETaBPEGc7B`xf1wZ^?u_ja~K|W;ttFunm$-U}MLdy9R1L
zzhK$Psk()W2VU9(KZ8+GMaAEKb$o9T8aX*cRGbx+dBP~lj{4g^HJxj`<EY%G7~nZK
z<Bt1Z=Gn}I=XYet7k+7XO>j9q$}a$ri+5w4HFR=CyQXUbHmeX>_$X0Ce!o)BQU005
zDwv4<K}0ib-mWZwiw|%^&-K$8Fqp^Ovh*&vxvd>KPfx%v|BI33%z-r6G3lLH+VaoU
zZk)kvR<<r<(S#Uz2eoFoY>$og?<q%g|CQ~!+A;W!(z&`nr;uGeY!)+VBMx+UK*mIm
zJ|MKlCBehF8S05Ggd<^cM>zkZndDlgPKZ~>Y%~F`Q&cG$L+S${pQ)}tOsyt@U%dhn
zNGQj$iG<>znafFb&gMYBYdzu5j<C*#Ht8iv$H$5f)#T9U{|0$a$KNAD!H>u5)(lgZ
z**Bake6n6GFy1huB+%gyD1969b$&txrz(`Qt~hecLKG)WRjVddB7J~qvy4cD?Qm_c
zJaBvpHn5MJs#>_H=gFslB?_R=6=&Ep_HnNU$YD!}@6l6+Vc=JeP3C0~d@ZGc%w>f(
zh%7tFf*)d-8c(4p!Axj9CthJP&)546X6$d>fJwwuJXt7VL=o{W36d<xvPo0?q8lup
zQ_P*i44BdqQELf8t-gbxrGu0boWHF8kTw>_q(Z5gD9AO{-kouR?u6Foe~iHDj@G7c
z`vYx2a{}n`#HS&QD<9}ag$L(O{1&?zJ5{h(UY2}-WSkg10E%3{3FNeTl{5u&Qjyjc
zxL%xa_y4<#`GN+b{s=K93X;*nilBBfPYBs5<4Y(OA_>5X24vlz8j=4?eIU31IU8-o
z+i@cbk46&iE#tBdH340`*QY;d*A>14e#4w}ihbPNQ0fsdUx6d<S}gk7p=NDJEp=-^
zUmS)hJr5%A?%+G43KwJo&HchD*oJ}OpWiXZU98uYEcSMmR`QFkC$G1R8U5AU-16m0
zFZK(6K<Uqp10ME{u}y(VJ@X;<xAG(42O8x<t*cYFmgOv|&)=07LJZ1ZqnEg-BPup{
zUFt?3=IvF<XK|W*0GyVtV1gO)Am~{+?Onu7Ly|<`cZ#5VCCN(=OMD!);#Ly5Tl`%=
z4UIZV(0OjT)M(c6I=#PWTQxK)ELge`ODvtE^qWc%^kaM7F3ekdh{LQARaFFPA&YYc
z!95H-<<PMXn|Mjd;`5<+*EpKcM)YO+3xAgJbBEaC$<cpd&R(CI0`<CN%Ar`A%Ls0`
z?_u73S#?`48~c{dE5#YVNaemS)4Tly0_lZBMAC>zGx+c#XjwJZdW=RbTz!lE6hx(v
zbhAT@yVeNJeEEM?^YQ<@cIy9I9F3fNd4R3xyf8bM@ZfQ>WvOJ)=*692v6wXti9CA%
zR=Ikf&LGmay+`1`E@EXgmG$*#m62lF&x|(GoBIT_$$eJX!RA>$ldSu&X`Kh|Hse&N
z>g=1kFOlO;70s@;Y4}ha9tF-_iV(tB>S%^FR|MI>E`xVQX`YK*lNvz7K&lMm8HcYl
z5R2NB#nqRHIAw1=O4>cR_n<zdOfy1;ZeOnYP#!cQ=3wd4%MYkXje2Nd26<e66~$n7
zO;pya!X$DXr3F-My~Nu2u9&J*1~t+Whx5=ZC7#t;F7#M`wECG6wz>cVXvQ{gCwO{H
z4<&0^wp!_;58C;ysORW#N^PSXrfT@i6E=@b1iAwlrm|FLQR{*aMjYp1&g$*LUAq$t
zy`BcxMT=h@w0dX5cMP^@ebb>8o1JK?4e1{MN=D_3JK1DSrF&i;lk#>BADXfcXRaV+
zr*heda*6@{6d9;Bl}D41HPxr>KiDV`*zoln;#tOI<xby2wDVeWz8@&_65UHMD`bi_
z-sQq^c$`UAxY%{wS|}aYmio+TS)GcCsysMnqwKe+yu!2j>`O`#Bn1ks!vEHr)ZzTu
zI0(tWs_lMSP5>L6stRyEk(Jb^WPKt4LKE>^fyi2*A?Db?+H6<5g(TlqD%A$0_423+
zT4?PfPukHgo`m><e5xDjk+@`&zTRF&bDe&Z!jxgnynVoFH&u<nu5qEz{9LctFQA79
zNAmJxIQ;W+y(n4FqQ8m=SYC~X^W?SbAY)sBYg8|KTQl0>f?HE+?ufx~Y7f&A6btZW
z=-~WH7%(WL3T4+sf6F~-UZp>{L6q&^*txx_PUpILMKxnmrz2MaA2QqioTdC(HWA{n
zz?Q5)Jzi-;Cl`knuNf6eKTd0G3=gGKJ>^*vO(GKH!hO508R)6~<hhGr$9TOw)-KG6
zfoaWlLXqYd1*~2qn+^ihi%2%(Du)}U?#uSdX1_nTt>X&*X-5KPfqW*L^B}C`EHk~*
z&S)m%WYwGB(v|2gG7VF~J$6!7#>DNtDybGg+${jE8{4G(mN6Wa;cVma^*`RP{%#cz
zzi1e~;OS9>-)Xq>Igw)$x!%Tf1|=<OpU+-C*~g4wN&z_IrOUTDPrHKNWl~`wY)8GQ
z&03h`&=UY%69(6g38zWFkpgr$V;AYwLG8Zydunfg&)vWRL=e5^ssgZXD!y&(853b&
zHiv(~$9#STSe$p6G#NJdr5jw4jSl!y8dVeLdT@E8KhlV62q0E>$oI-?anwR&h?}5?
z>WO0EyhSwPj3y{IO|q&gYs(X7n1y7E?#g+NCtJ+{e~=3)@0IR)vS_ybpUQy#$|kV`
zg)waX*KlOk^;-WVy(IEUtq&sqNR~_C{0njM5fs^p;r4@8JB&EHGefiPF6Kv<2ca=B
z9b4IcD2cVqFQBgaF`}Yj+;UDYjf_*1)mBsx{iZ>vs;*;6PYF?XeFNxo%9f5)i<)xL
zA$`+^J}Jv$HGi4O7HVfXD2CKRZax9}W^T%_I14i~dWYs35B+TQu_2nTmBpOXZpM*C
zba09?lqqZacOE!&3x~Uz<7r>hM(jjh9Ikn^eypo7YP7S?7Bn<^)%aE|zw&<Cn@5dz
zafmAKX}yBtt33!qyKzPr{GD?oN(wSCs8U`|zpRI~B&ZbA?0${Nwm@AlcH>nQnj$WT
zkp+8+0T&$&g_nlZA<f7RY!6#&ET=sEuaAwJlr>CW_R#@(Sj9*bz$_ouAVJ~lnf7%&
z7bD_%_R~O21=Kgx!!d(E!?djLC&U1EBy_@@3`=J^;0(m01^*m4<D~kwFL3es1*jFk
zo2im_5hm4KT1<!WgYgHh%j+zgyE&(pxvd(F<Ar*mW7zp=s|dJ=n$L~Nv5@wV_;(0I
zTes&*Sz|WDZ>1@8s%!x!&=OUkm7X(I1a+KbCL&|Es2$b~kl)P(jMnCR#q8ygMG0Wk
zryII`bu}uiGx&_Y<V&(J0pZ;6{Wk$^Sbw+tqQtzoGiR1zfg!<IMSwLSSYZ*~R4niU
zJwxJ4-}i)i50GtN5ox?jdRf8oW!_?zG9jo{PK@gF91QZ?ZR{)Rb!}djy3}XWf^#%C
z8}pStSH0bJcQz_lfs=LTGc)(9XlU?V?XL04<U$0#E6M`h)a10G($|YhMj8y9M|@j`
z%Q{;Ss`h*C@-h?_3r;c~<7FvH&L0Qw)W<O6GmMWB9U#W@QwV-0Aj5~=etwPaUjHO~
z;4+xyeb2t{Y%R0bC&DgC^`J!oz{yb<^zHkHQ{q$W>^^h4gY@-E+RaAb$4l1ab*BBq
zzh!M#QJJ%k#|fw9`3V$fr?S0l^pJ?DAAEI%H0l|F?J)j^N}M4W4uqcya+47uz5FVu
z<wHBB8pu~~fs<z88)Xpm3vS&N&S;W31gD!bI~XjT1J%fuS*)`;<&rk<m5l$2-vHkf
zWV48gyukY1yiF8l>I|w2&q)cWb^`@XFeiH<^2-4bsOA6-?_|kS)#Vona(r--9aM|p
z@bRD4%3nRD27S7+Mkkf-AU6*PW-c^d@4C>i``hVp4Em86Xn|a458y9~!8DEPS`Nfq
z1xcse^h6Tq4$QOh5>;8}msjx$b&+u7bh7lmBH;lMG*>>Iw<C^P<SqjeBPij}M_#hS
zOZ1R2Ov;}<0_6n^j57gRhIH)ALxk<>3%}8J?mzk&6SUs`$>FC#V)imcgFD^9BNgZR
zH<&7Yy~Z=H3qSpl9R?#}fF3(5df{ySBGtk)bS=a^Do22p*#Gy2o(2H+Mb0k(=5>@+
z`mds3@gjh1Au0R{6XdP4^UHprc30@NXD}%?;<^?k@W)!)<>`z^mmH^_0m3(>mXjO+
z*jh<rPEe9=ILCb{jPTK1168kv1KR~wciplH9zY(Ur5)!7%|ad2Q)PyHXKImUMZVg2
z?U8Jo>gETmYh3<8p|$!yp5HQhbA1f)QE-i14&uUS|AJ$_JBoq&@0tV_`^nIAc{De3
zmuU2C#+7My*O_XhM_IeNM8~@#?HdX>qPxM%V73aB#an>#kny6s#_sV&!JB-nuP=a-
zYt9azeN<*V=S&rAVoJNGZwlX6IEz)#TQsg2pOwQ~lc}RC<WK~j(2wdbm=LEzASlxB
zdco5|b_Jv7#jcq1sy2C^EY`4~ZxkxP5aX}It*h006z1DD&z>>(C-kK+=zd1IK@Swk
zMw{qq<MUnJ_(Q=?4WPPbrt02^`k?7^C_2#4#ZzIUvu3knlYSr>p&0<g&7Hufk&IhX
zK?gxDqtp!79<)0krq5t25K$rnY<idaQS+j6e<>5_6(o;_@|FUxCSH|XSN;aA8Q(4n
zA%~n<G**%y>E9ReK!8c`-GLb{*Fn!b=y-hC1Ib-?!^(?oeZ0Hz<ab(nP4!iBI`6Cr
z4%6{7znl+VA5Ao;D%0Uwfr1CxPS!sk9-h@@DZ8Im>Q80A$(~Xv%v!=1ElY)!3gBkN
zfZVXBX=5vGz$#WVy^0R&){m_jsFZU>U!y0YUzXeLBnmIvpE)$X(B=`qKyJy-^D2##
zeBW%3$#RZD5Vk3Aex>po3*8WG`KGUwm_MSlQm!U$XPamMo09lLZjgUDxtK1QPG-^Q
z=IF668=`#-gc~pS&Cx$;Zi%wr7zo|<y=qI7ughEfX~0IG+M={TwxH1drdGm&>wU=%
zW^mM{+$wDMZqVZ`9vldq84JtD6m^|{$%bBM{WJdf>Fr(an$>Faxrj5yKB*?NigHwm
z%3?mpC($>(9Fj+u9AHs(xLZ6l<sdslhiFeo**w_tjR{Q=a7=3SpSa1W+@Y##a;yWr
z(w~FHl;=a@O*F%j^vpYC{n*$aWU(%Ys-q3J9b+ylQT|9EbOr`azX%&Wli7G(W{0_u
zU(bKWAyrhWG>XiRw{&Gc%u<Cj!w#|!@Z@V+@StUwY6GPwECj)s-9-vDPJXQ5F;`8t
zzf60mG6W+2pODEC>~AZ)$$WOozvt~<xTpZE=ftya7=g{8%xJP${Ka^ceVO#rk0ZrS
zXX3olb-UzIZt-R%l%a&I2P73#Dl(egi!`YH6ZO}oy_}l?z9FJA3|fN8WZv)yDm;8L
z>oh=3Qd;yF+(B`scy)h`90!+N43ph8{ura%c2TTc=;g`BScf{TcKl5_TfnSmV$FJV
zS^f9INEoyR?^U+kRyS;-(jOc6!nNf$tUAKUTI@M}9A;2ZjYq9;Ii^_3wwLeMxVBDH
z5)yS16<UqC8yd?^^Jl*8Bv^CtpX;e(xy&PjYD5g|Sqa@$)u!6@BqJw}{cSZc@DEs&
zZ&S(pX7DYoe^jl`%c~W+cOUP$xYP^*Xs+adj=X%HY{-BC4iknrDm}<mubBO#NU|)5
z<t*VR$J#5?<2_@Yh;;GOgB9h5MNp(bkAQ~+y5&HSwsDHra(BZ_;wSb;m=55?v^tv}
zEpqn@3AS0CTUNBp=QI-%HIQARB##YEaam2nnd%u8!tZom*TyQ<AK+#JkMG7Cs<rpa
zwCTb%*`<Y75O<Tdu^l*aB1K?YP|;-=%o2s}zoCU@bEpIvmN^EnB|;iAyS|ddHVFX8
z-Q^A*@BafUBxuG)S6FQ)5*l-#jGEe^1-W^VNvFdd0FB31nfU>2nNtL}Zl1j<GcP8K
zc}_&cA5su)f!~UmrTaIv<US<g`;&AgLkiQ^m36OM@LwKfuEHP^34gVT(OssH;?-FB
zEs6mW{T`Ys;989+sL&*}0?Y4pOLr^h)DaIrZhf|SQdjt4a(UV`Wl|mRf(&-u8|9_l
zlBD!w;$Iy)kd6+Wf~~)E<NK6;^yqbyWe`{3v$1%SNAANM2+s}!#x>$s732a`mwy7I
z8!ls;#osIlwL#q>79amxX{;zhr1nx%`A~VR`uAQ&lpCT2`l`z?8~PdlbU#=(_?%H`
zgCt;f_#-Llqr&BjSkh|Vk?<6A@@y#YU9{9U4Os8B<R0B2!`u<~A_`d)LLQ_)@;Nr$
zjE)Zedd@!_#Lu>&u09)ToK0wB$<z`K2waratjT2|Kk<xKMR2WD0h7%tE(14Hz$B;g
ztzu1f%w|=!LiHv&QIz*D&G8A>=4s}{8~0_S!z8qXg8l7Yi16tRb3J!jH|uA39W*1F
z2f0u)t?75VzX~Juoi{?N!^ZO=bBY8d`GR<|6G9GPt1E1;StsiX8X6t$Ay^xBMybcK
zdnz^6nM0+$EspZh^`Y_OjxmmXXt&^*7;3Zc#nDv@I7^D~b}%rcvKwFoYB+o)$-+UR
zur58_#_T142Y;1+m<DB3&GXlWQ>Yg#No0SkFmFBw>h`8*F$;e{z8%zm-G=vyRPcD$
zBMeE2legNsUBk(uP_NB_4zT#BE6gOuokR3~8U}25zSxeWc@&HN_*>BAq;u$dRPA7K
zr*$q#+#n>CI)Et<t0+{1%!DDCt}zE8%(K%zq+q9f*=&0@ea8PPK>q*3|9NTbem-+J
z<azK_E_}_TQ9mhDuq6Q!PCZv{;6<y_Vn2RFRL;$SE9`W$myaDrRC2<5?9XIlu62IA
z|EaLx-`|qYw^U~+;yxsBG$%^Yj%EFgR^J&VNtx;p>Tk!LYKDm`B8W%;R~n9-@);@E
zzuH!mB$CFm=}o*jANVEE`NurdWIoMk9;Stce}1IDzm8qScXtc+w)3_UtgzW|2xXQ)
ziOh)LcW9^NI(lsT53Lc2I#|%HU*Ej;2&2xYT3i2xUjmfF<w;#)Jj8{U%7v8q<#@$Y
zFlrOWi)HWwL*ZhP!)$NzHh-Ey`j=P)!C59}^Y-sFhd_iI3qM%j&R@73GxYoCnFDOA
zk2e4YbxX{f==RH<V>sm(uIZYM3|*H34g1uiK24LF_y25?kmPHdiF-d-pJF{?fOXvC
z;!Nu9Oj8i=4-44Dobad~a^;bI#WhSeJt;>+Q!sh^bN#Jd3d(i@)rSh(w0~4r9Zz2|
zOf7?2?c7vzG}+H7#!Pc_0jZ0X^fNq#$Qye)xt<u87xP7C-L$$29RfWaOqr!x4P93`
zhFJ&IUh=;h+xnL+={oFcd{SIU%0rr$;p?=Rytp{<$JY6wY95o9p#yQ^>a6%1#kky&
z*z&D3Zg>2oY15jR3BzgK+SO=LtI4^ffNYkg^>>K2R4}w4>DoJ8;!B7IXGZCcQyag?
ziq^}rNULNy(~ji`-4guCcsgfWR+&QrjXRUzsbMJNE3Uv&jO-pkowA>xl>?OWU+$^;
zUUli+HKC<uRTC~rPG$Lv-B0^0gtCs<Xx!yf64_3GTvJ@|78T5T#ZnUP$!R2WY9~-N
zqw7Fddm=fSsu?u11q;)aZRkeVtoRMnA}R<Aslumo?8Ri&0Nxhix<OuY88jSanH{&I
zz<KDFB<81JP{QF?BLmvZlk+raS>oH$RB%kKm2>ljBEr5oZ@H$}Ba?y(n2O8yuyoHz
z*OD>x``g1tjkqruwQmq9>Gf$nuGPzk*B@=HdKh|srC3$artlOC980!ZV$rdtm|`k)
zMMfS&%E8BR1jHLh;tf7;R#0{#D_PrA&9+mS(xZ-Q)9jrGb=dGXaqz6wiv~rvfxQMV
zmtE5;$8Yp<6Vk*>#Y%XccPR5AW6D%APZ=<z3|-mgAkuX3jBh23>U<mcBdB#f{Zq-e
z_@75>$2+YXe{b{+R);~6Qqiho!k_|33F04P!}%vkc-R^Al-Z-__jE3@J`^)FVOIOR
zOF|C5L>`$fGa<XCBwcSol(@pdEG^{%-mfB{$%&d-s=t(hB62nof|h4E0Fv*8B0sZ!
zDE}NLpzvKl&C8*rzTgNp^R@E7qgzZk|3@>QK0@zr#m<0I{n+?Nu%RiTMvYlRh<K?&
z&95i-vWz|Bhn7xVoH|?mhVJ%^p|x#SqwH?j_)9kiTQX_iVY2icXel0?hh+&LfqyJu
z3|D;>Mx>5}W5Pn41Kc8(AA3`s|LuK5BeKk49=}84@_5zlH;u#8cY)0IkAF?j1W>|0
ziW?{l;17=N9W~*ZMDBhsqfP9H`6>d7wo<LauxYIme<aK)WjO?qJRl`3z;$CuUn3oe
z$$IoCq9FRc@AJ#CtjA!XBK!kxke1ZpLmXJQuH*HQta4V!mDFt4yV?mXh+IFw78($Q
zKrYa<GyVGhd*yZ*4!3|i2iR0Y`QPHBLOA`ic8>>qoy`MhTbK%-1j*{fkc;~$^};&g
z;8)?+6kkHQdier@%2><44ZhaU9im;@p<JixLML!`KOkDBOLc!|4^u2bSd#g4`6+nx
z6)(EoG=u&Q6Tk-SecLpP!tlS^`^u;&zpif!kQ@XA5g0^T8l;C7q)Vi0C~1Z+MaiL+
z?hZw|8-*byrMp3L=#cWg@UQm+_p{zF&sxv@;a#uaMrO`+&OZC>v-fZR_P%~2>(n1D
zNcvvz$$W4hMFvqBbS!yozBPTWh`<dliB@4stMu_98V@9(!lDKX0+5qaq&VALxxniX
z%VlUTajz?n63#v(@8z;;!SKAYt*n~hf6Z>cDgx6slIkC^ih}g0cLY^zpU?*J*(knR
z`!hfPVkV*?QvVQh!$xV-k&@5FR?wRvmeU0URmDaLI$En-bc5=ScD{;jic03S0A45^
zN!8t;!_f$PtU7{0Gst=;L$-TRI_5)Z0;;`Jd74!-^WyM!HCbSvU-Qcv=5W#yzE2Y$
zU~1p8-BY>c)Ul>MKD+VZ2^yYKZ4gk1!|tbi_a7}td<gH4!a$q)a#2MB_)o@Qd8!IH
z0U|FxCtjUJPJNKLX+QM@7EH+EibfNMu$JmT@2;zv`SuPRm&6>vIgl|h3vH-0-Rls4
zX=*gk-N7}Iy-qPWTdw#Cb4bcr@Zr1CF$B-_fVuI=kmzpVM%l|7!)si{hi+o3(tdAm
zaLS7EykO9nXEg)4Pxkb`H6n?WSm(Hx!tZ_;94+P<<xif@4_=vL06M|seU4+bd-Ld*
z30OYrcEBgbAzMl%(SsT`E^?$<R&m4%Y#!PZlSjZ<Jg?q1c^gQ5EY3L&6cB`|WjzoZ
zw<sMl?>X(~qePal(7L_&V5kxhV^TA3E3-U0JBBw|SIK|E;8Rhsvs9JDs44^DitF$v
zPT&!pV2mMQe1~?sIDqMMWo}DDWjC?)F^lHG8TRGfhL^VZB!Cj_gZ%-4Zy&?$ogxCK
zbm}GqCNUF#zQV|INJHuKVpYZGkxdV8Jg23Y%rSP5NsW$4DG8xg`Fc(tB{42vVl|d`
zm$!|K5*?aU)ac`ztP4iYSuAu?39Q7K-OAFmaxnr{`+`r&R)vtRJ~D8P+HhkhlQFtg
zJ{=JN=hdqW9CD!FOJ8o?V?y?B0w?$}=*uXIA6Haw60LYxOQsnO=2P7!=f`+Nn|9vh
zq=p~)>!RQ3iE_j1-@X&e0d<O#$0-f_yKA^lMl^Z9j?-!CBfQU5Qsy5I3FKB~GEa0!
zc+589fe%pWbDn)FJz$-YEY=B|MKpZgderG~>XqboYhaV{z6B-TCpy&U6V5VPoYpEq
zKGap*4?mASHDNQ`$VW*WU4ER}K-`F4a<0m4lDq6=4U}VHI9t6gwi^g~?4EBJ%9eBE
zk&?XBvnVsG0rS{9N&{?Ax{xG!IIcLKX7SIOmycfmEP>x8Km1_=+>)yTOthkD$ZVB7
zVL^va32^m)d8MEj(J4qX;Hm!R7(}{P5v(m!sQyLOkSlYwIz06@*M9OJ@N0kQxF54t
zZVeUcb6aVimsv(G9t@ufr&%kmt<g5c$Q+@LY9a0`av#BfbpY^Lv_FDm;hV~7nv5VD
zqy99b>P{_{aav(BEz2HS-@?@DXe5#&f?wn^*N~W2qmb0btH)OtGSh|BuIWrXk6j@B
zQzz=`55K2OI_c9xYyq*H(fLTWV*&CCik_i$_OT}H0V)Z>vc#|khjH{3c86_^W_7#Z
zTo~vJ7cd7AaA*>9&qTp`k@6^;=t=$OgO7GaHXQi!Clx$P^=?(Yv%1MFIwM=p*tqM{
zH^ClOzY#G~w>wiZ^%`Ub8(wpRh~o(x%@VCFdq^?7H-`C8O(oR*I0x_;LA$VHS@*Gx
zr%yKhlw&l$Dhru5`3890B#+>BSjhV&wI0Ft+6fG)`+g(vd~F?4(!^XZ5+ftp`b}|V
z=8H^NU*2$~qqBUP^+D0pXg}FZTjb3oQm;_VtWpBP(lO>kZz0T(og7XNMMZ`SOJ{9`
zJhdFEA0jbX!m70G{Zg9#vC!LC%+$4vhD5`aFzmmQiiDT<66H{uJXD@biPaE(Aw)_9
zL`un~qPu=ZlbUGGCC_A0?g<3TQJt?9_Hq7_iJwmGr1tbR_;n!_c!!Fq3P!R4xy0l;
zg(xb$2%fz_ea0)S#@CfOoFu17T+y*YEzwO<;~2iAGUw|e|Ls#f2{kXMh7m=|E;uzo
zSNnMsT1>xdbVPvraXFy6?{~L#Qy_UQ9p4dVCO65(HHDN{4(VxZBwIVSO|>)y5*>zZ
z^1G?(MOX@Nt7e>^enbaZBPo4Fr&<u_lNd>)5_Du(4t*E5UafkQnJIh<%CA(dziHA^
ziA))O5Vi=BEFoB_U~?Xnb6*v)@%gr`?1o!&u@{(Tjhq7tt9vpajA)wkH|pgjKp*2!
z%3NDzQO4U|NKStUt(~1KEA<H4rK<OI^>ih3h^nfLrh&BE1l<=)L(b3XTBA_3L)BON
z2?)p0Oc#s7qbu`-w=P(=-{-dyC_Jp^GZGqL&gY*hxp*03N&lV9dpg>~@e&q;1RsyZ
z)l;c&gAgxf74JUNUiV$ZUacwxTN|^7J?ThK{9=31C8v+A-Rk5id0(5%>n4UH5$MQ{
z;jRddcUEacsMFgN^IJH|OOFFmR;K19yz~7Chr*qBL3y)$&tpA>Uy$7+)(nJa=?ecT
zjfQj~&;qhh)(o%-&kSu*cp^_YscfqH5$zUHhq>esOG*RrOxxi-Sj=`R-yNXDni-5-
zQoX?zgHp8t&6gSaGQ3xjPqR~0Pnuy|;k8cs9g!`)fhx#a73qGQf2rYnMWk=ngLS-7
zekCrl8Qu=BuQd#anXcjhCwC5Mj3Y7g<xZ(#__5SxG9N*jxniusX~+dA#j@%niWqS^
zo%p8tLB!`^f|tDs+5ji|=?~BQ+COHolB~~@9pEv$75iF%zXSdOU?lIYpQ>*wL~Gm-
z$yK@`^yHIhzwJKkB$P;?Zje>_WT=u(p`QeXuP)aA<!$`qwBJjy1`khSbZBX@#fTR=
zL^nO&*>=Jh0GA1w@E&N49I2l5Ak2DhGgS2e1%7EYEm$P_M)XN&&K+#ox7H3Tz{BBM
zJ1M9@`jH3JnKlfkbQ?WL@i4gw4ZL?!M0Kg4Y%WxJhEMJW=+s$sn3(i)ei3&KpMICn
z$2psG_w-0XnMwt&|L#&z*($xVuvQio^Bl}Df|?QRn&dZD17P2%?EW={ZfFM^-jsnK
zHfssNvPQ-GZCH5FFH(w|(vWi$4EBtbX=ibl4CkKCOM&kcNp)0|HcUgeTqI*@;!vn0
zSVi?T{X0m)ZPTLflI`5C7q<Apr(xo+vsZeub}5t^{c)gq-{ZMudsg2X0HGW?QRvFo
zr@zg|OAyU01r1x)9L?zC($pm3Y7Fe%O2^HSx)e)y<KlyVY)GPpc@8hd=Tz&DO=c&r
zc}4bq(5XI;bUEJV+;4!}xcng960XDhZOt!uQWdwPbC_SP^ZNmpUS(2ewHPzuzLArk
z66igirU%&@(9Cv^Yh^eb0Jnb=CY`eg$P2&Ne42=bIW56LPu-9GoO`Aa3Ru2w3et0)
z)2Hy75On9Ckios}im?XShwd#}ENmtmof&@js#s<8#Pl4u-X1|nXLx_`H>q=|)$v-t
zlFQB2TM+HyBB+GEpMhz35}p6_x^Rp+Xi=;rJ%Vu(tO?L(p{L9UT*f_9KZD~R?XgZD
z%3B|F(`*`Xj>O>Xj`R&2eQ^heZY8$yAGoN7sv##(8RGP1s;bS!I=CuM?!Qwf+Dc|Q
z;1jk%+134}^Y;d3c!}Xif{QE)AKj`q;gej3){z*xo^&JJ6omDjw(E**)&H8>gT4N7
z_Q|FUtf|qbS~tvpe)5EGnrwbx$B0BbU@Cw|ws}}4fAHu)ZPf73biYMC@vXtWTPapM
z2$oKy+$&ObaWNr=1ka39b?Aw4^PM_f&UBsQ9p^>y{XMzII`!c;-VFB^=3iFkB;E>F
z3qfLDNwiHA!Qdg~s=aKBb3K~NK-Iw)zvM5!l3dg)^0pE!LUPF~Y+JbA7dU*0?=^8d
zWf+r4^xQbHsHeROg&8(&{tR|cgb``1H`;@H^u&5+e)UXd7v2nbdk|9n0whzaIoCUh
z&;;2SV~=TGvOE5j=bQKhON%En&bEn9J%1810~Bh7kMt=_U;f-?_uCS?pgZ|CY+}~!
z#E66o;l)`G>-7FydQ}jBQuU!hSlmWdCZ|@*>n&;rXw70EiFJM+yBE&eu#=vj#Yv-D
zFk0~N`S|*fbq%&VZ!pUVdGq;Uap25=+bz1t%U$BXZ#^cvT~gsBAF7}tp`kCao<#+;
z%R-D<tk7<~MFSm8^XhROmP`b|zf<?83si$!Z!`SlM{s1L=n6-br&&<yoD}>^o9G-z
zd>*XUj)FXaZ8~DNh#v+ICcl-=BcmM;eoa5AyXF6DbY+8cKjP@iCbZ~7gMCBW8+wX5
ztAf3+WiF0}yCvT$Y$rS97YZAM(rw}`zIatQI|F5=kY>b*-G$2is=z&g_Ae_tHE%l?
zRp|z?r905IgxatWyB}ve6MSlEnv3|BJrygDH0A1MVy1vQh7yt|7d;fb8OfjsdcR1@
zv(n~or#!obkIF$=hkA*u_9ZCNm6cH{HS>YiqvG2?2@#x1mOi0qZ9_sgzpv;3xn}U(
zTmd2!&*f*Bp-r=Y$;sA@`nID&^h@he>e6HL>R`IsMl|^S6k<GKq4pmVgd@2fw!2F%
zQ<puY5<aH%!No#ni_9q+wgx@hOgUqIOR!(;Ue)kE?egRU!@sP1sjs(xgnxH?egsLc
zUV!pigLw~~rNf!>+vAYN*vzz3Rcep$@co-%G$JmKfEXXNM|QeU#<?}x9j+$pALg;-
zoi^43dEMsofOl{+$?cfzpK;%ixN#CoKl-}TKWb2bqLS6c`{6Zrx_ZizL`){dPgUyI
z;r-NaR;d4sDRc9?9iscj9_xi`x6gwPH9<FWLvxS<G7gs#UQ-R1xpYvrS#@7<5`n03
zS6oM}XDsYvU)mf^`G?n)Mo^haet8Mi;*&b*lkwW-p&JYV509+3e881J-R{k$X_jpG
ziat<;c?3*XY-$pb1%xYb7xj4sZN{5yk;18ZAVbBb>^<1!Xf8Zb{a;-V4Dt40@%w2h
zcjkb$4<rJ43hetj=__+;a{f@v)r7X=WeM8DG90v3kG~GI2-uH^I&gniMiT!n5SkZ{
z{2ne{p!lIwIBHMs&MUBdgkWaznegT02szT%t#$&DTo=$z(b+yqe1lQZCv?3r6`0R@
zvLKR2-hY-1+S|6JhXPZa^@7joomxK&NK!B?h|PqyBXs)VPov52`qm5~j$KIgLMN;f
zJXgN3?zj6qsOZaqZ^d2_+#YMXF`eg)6v(Pg=!Pqg2Y34ROS=z{amWF%Mv9OnG=M>L
zP~>k!JuuZOR2YwoAXFBKsMy!RH(30;ynEnb=V8u3KfJr91Z;cM2r)5E3DaZi=DT`6
zlmwgiHR}U1C^;`if7*rr9q@2lW?&7)8(5?3kk5kv_@;XT%I5{(l(hf#`6z)xum%KS
zReb=O#QB|D?nbX-)uV6t!F@k3k*+k5usJa$+c9oPVe;)tg!>I54y6Kvn>c9dPtT3O
zgd+PJ_XUEFn3W<|ph_wd5E=@JdFc7HNxwPuo8C)J{HJM+s}DRMO);MXn78Feml@&G
zJ4I`oOQgcG&IbW`2K2c_HeiErzkRLy9^rNy;ewe%$G6jfe0@tcS|PJTr3Te!lO|y$
z;+<GPsEtU>#Gf7ohRCautpyh>^YTd@D(3msRKqUy%6Vn(=yXbw9Aha>9mCOn?lLOe
z>O*WD)rJWYd=o1MLc=DYosivh3VdeAneq)?B;0_0u-lgbFf?@tw_}Y|#R8ST|4{|c
zP5WQ`sE|pZ$MM$UYG7KUl+$sXkhNnWOL?ksQ|RdNq}|5S?HN+}omcTa2RE*LRgT`a
z@2i?>{Lp$M7)NWm@XqTt|7Jb8QcWgW=U>V>Ajdu2%T@heL?wN>Y526?W02ca*^jyD
zXas6Ge=@>IKL&aC`qzefj&7GvTewtJE+xa?kKbNiNVNtV0FwR3W1z|Evwu)qyoSfD
z-Xppbb5@wtI-g+97N;4iLDX+aJYMVNMEOV^4QmCICF4iYu2?HAkZ7p^P&y~#PVXsl
zgNpxladM1MUg7XgGIK^Js&I3C!bR|kOf=dx?s-US9;Vb*DoGdFmKa6GK}pM?RSedG
zKPU5eA2+dN1>@oYjC<zxwK)-H;f$}wIyNO!Y2S@*B45Xx#$)~jUp?+Y1gR%@ae7$x
zJ&+HFw#VJ5zc0scldVMv@FLdd;2w=~S5SjNCTR_%5tX?o16%85KKuLm{`UgyZiGo~
zGeS(Qup*OhxSwl<(K6QCq4O3u9auMw@U1E52Dso~5~icRpTVjIrzVp{m03**P)Un_
z(&1sJJU@rXGmFt_sn+Q>;RyZ+FV<b}W)Hr(8jVu$5)#Z{J9q~2sd4qc)XCp|AW7tS
zj<HYdGW08=-G*x@$l$y~Dgd74q4U(-PM^D(^&%1Ou0>d-stXc&a24jTRx~%0AeiZx
zVFStVyA{TKJB)|`cBHAt`b}eE1WY8!<v5dRYN7;pcmeFu3!Icnp#9N!*@0X|o8V~`
z-X%9@9Hq9%^Z5(VK-e;)+2O7To=3lxSp}9pCucNVt9;<N84=BEFru?^Si$IXPz9gi
z02%;vA#@7PF)f#+Kucm}n|9SE@TH~ZzHX_3D9A&Mm*jzs!plIWz(ttqZGP-}-~3Pt
zqgyzWA(vLZ$y}4_-n(8Bh`c-`FOHH>u8w7DrUdtnBj^i|y_64wAGOm81%RkpHPo{~
zT!W}ZYx9&xu=ZvHrUl5H*ID_p-)O&4Ny31om%|wQhb>PVySx0n?(&r!#Bal~7L1AZ
zkv1B4z5Hl?iv6*7z>t;pIbI<A&MIfWsH~qNer5Oi>)h@G6?U9yir~O3MQ)-30suX<
z73fMxT##(BT_y7jTIYH1ejN8F?f0<>ak$(^JiKErGdllG-QI?JYiqaIul#VkrjQjx
zKC()dIA-~Z_k4KnKu;|GL$}vdJ6x)+BXC`)_SE|@)B5>dpqU?=F_%y~N_~SSBY)}O
zQSAJMhTq~F{)LwGhV<7sSIrjCLTc6B{fD|=Co?pJVWGM@%l)l0r-ex_kz>*sM`Nx?
zX9!k~#lC?Rm)R?ZY7^b|U^^(8Y+ck46D@ucoBTY(3Fb~Ab5NWS=ETBH5^d9L1#vwo
zT~kf*u{fvd(X7)pm1KTh0w)&y_rhrq0^o}Oo#+L26dt9nkGEca@A%>-PZ_Lj2ZdQ?
zdd3*QAo2=t4Ri;<yJJqW)3m+dvi>#Z?wR4T@hc<<$(T=_=IJ^zYN7lKwWEwhYT?x!
zd@pL=y5y)A4&<k?t=IcOZusshGWz~8)a;=3b%E%;L#zO}7!IPs(`r`h&0Fq+ZCM-p
zghFLdu6L&N48|NKZ$oCG)v8gr+sk!1#@foEy9229l2M&AhsVqQ7YrM%E;heH6HE%s
zUX;rT?Q7Uvv->Sps|cENFRKsYuXhw6#`*e-?3wT($$B^Svm6`T1A$<XpJIwyt-Slm
zs_araxd*(_OHQmL=pflD<wS8FVDdH60;j3Em1>c_B3C6epFHgG3GGv4%&1F!E8_Uf
zF=r&t8$A5YsWTAZO<9NMU8EkEAfX8e`5U%b8Q|nygy1oE-SJbLtLw)A>AjA7E(>O+
zMmXD6$vvH)8*}J!Z*zK8^<!>ZkVR^uf0fGYd4?W_R&?$?nz7JvY0ybh{ibZq+mh{|
zsltfv?fXmiigciszZ63H-EFUOf?x+EazDMX^N~TMz-Aujo<BTdT|UV*BT2CjVX?PB
zQD#AFszSbhAK?%li*v5r_lpl7X~tw3RIBe)`>|ZwiDpX3<*k)FhYc*^^w!l2GZ0c|
zNptcDHF-8`;gJD*ods`{M)YAK+Ll#_i+Z7j*13rzMYnm~&;-CGmsib2(WO`6DycEf
z1taA&pQ_q?hO<R%EEBRMbZv)Ox=22?*dGfopKyHDf1Z#oATZE+K;seVjCxi5jjdLR
z*b?iDY%9Rg#7q7C4X$5<9z@(<mYbO==gxBMD$!^P-0p#naSe21einA`RO@4&c5pT3
zxHqtB(Nr(>T7?SSO1?>jgO3v=HPAKRoulDR6!v5EEmF4R?Qp>0G#E!AeXH%-$+s7H
zt>&akK{M413017tYem{7!9`u^fW9cd+Yk06xQ|XF^qG$J3l6sh1(gMFU)@mdqix-X
zl~pDJ6HmY3tGUP0M(<tS9#?x1dF7sJfn?#T`mD*k_#t)nNTSj;_oE)3Liiu4FzU&5
zKVExPwgtvGXiak|t_?dvbF{xi(d~3+5IZ_KYOC+hJQY8QWEIHzd&+Yrj2)xttLf|M
z<7~%IEyalZap9d8p&sWj&S=r2%~VA(X`MJ+G5%TYR)PzOG%V!Ydo%zs@&osvr|jzn
zc`%&${pJM7`ZqqKe}iHC;9&a{umryYi{FKTRm#KP8;Q%fyGf6VIBo$HFn{<Cv9}I(
zkI8AD*6=;C%j${x+M#Y%k+<NJ)i<)6Mdmmh4xhf~F^WBi#!!oQPdaCs2qG}o&Iv+i
zGtp7F%|<Cs>-{y;?z76C*Z%!+Pfw-j-N&_}&zmscSs%zPW>%tdA#7_cCpNfNqEIp%
zbz)8>s_y=g0uYvw)ojF>!OTp2tNr{<h7v1urZTLNChC+n2x+g6GQiWb*_FJ^o@8W?
zPxRoZ#oKF}eIq2yE%1In0v8Q=;>b(UDj{o{yuq&gjQECy-Aie4+)7`^=&ZUG2aZS6
zvi$t$k25H#?h)7H6??<-#>4Gpi!|%oQ)be}KmI{vDIs+uYtK&|D|J_vO(dHaKCcrD
zKqkAtN*INIfwuTtZSxjt>l*lWbv~k;w%0nT@p;fzuHv^gPemy{9*uNWe<j6_7BR1v
zwEOrwwmK41hee#QbRL9144ewDbb<cy72A5UzsM-kP2Es3qnU3UT7W9Im)eJTU_`X@
zu&DkFn~+m;#FT%hPnJ!oHu6m`xPh4hwT_udo8Blq%wQ1l<Q9XbM*rF%!wcQa8qfSE
zx!qQQU4CDjHYWCpkd4yAbP@Y^r?LJ@6>x<*fz&eAyonO_9o4T~s8rx#;s?x97k;zK
zLC?;{?H)e<Dd4VN^_T*chq2EWUB+0$s3uEZple;P%jEWPgd|t^?&BfsjlnM2gba4S
zedVe=-h-lKqnLivD){2xkfR;Q5ipB9QgP*3wt28yG)${yMEmv!INBmm2AvISza_ya
z)4u^9IKf$wL^;+N1$M8@7uSIbekLs|@0lwa;981BD8uMhz?9FysvUlY-IzsKa6Ggm
zww~Q^pI|LmIR?+*0ZcYL?D2`bzJg}}JdTvu1UcRxb190O)m|n~Rvu+chYO=HUHq`O
zU_{hw?24Y~6O96essBX4&t23NR?)D1n$t1sNlJODKl+L!dD1sWoM8hm($F7KBH@+V
zZtP6BY)K)FXW$TLC_gH%#PHbob9=g~hy=#BRCQyEqnn$_!;F(rc+{{`;C&KA0oGr^
z5PE{R^;pAm&2#vKv716J_L~FdDTK`>t<ndsX6L6TA0EkI{#_uMNp8HLwL{>wWx|s3
z6L03Xh<EU%CTq{<kMN{wvvqd9cO?LA5H6qHj$^-wp59KnI?%#tcKKx4ZAiyc3)ap&
zcRm&1RDH)DJ=h_5|HixhMV?`LCz5UNnHm$gwP;!_kvYs)EPLkoA?;rsuv3r;b*-J8
z6`oL&j#g>3V^pWUxk2{c2z3!A3~4#TPOB)2r>`sP<J#0lSPwZV$jsaTT3)Ec;4a7l
zdqj!t8%5nAdC%y^;jLiv;V#BDUpd@w%DPlF=(QaVSqk3#VFyh3)6$h{=0)bbwW1~h
zkdh}2)nXHBqW{7jju+mE)<-M9>OooR+B}FrE;m0I7X236yaxkXt%?CGihl~u1+w4=
z-Mn=*X<vF+7w5V|xF25)zTBiiEU?Cgy7`-jAK<Tc;_Gm(`r^6()H&x)i&OP3n!)md
zly(`uF*@aR87%;PZT^>o%72SqD;bQpf@jdy1-FvlhxfiH-TJe}y-<O~H)QrNH2t41
zMqaYKw?|3d-`7)Ht6{F|kMfvuVaPc3K>cGN>Yjr*JP{w@g}s}7nxwr<t&@nrfO)XT
zW#-6zA9kGX_>Loj{XrWin-ev`nkTqmwhq2^(o+t61)xCxQ<Qnxp7sxrw8JV$JF<wQ
zgM9bWUcDl^0m^FQtuNDZ2j`gQjrmM<Q%x!1xy(vt&H)xac1R{lzLV~~T{1?8)}NZc
zB>6RM>NBNiw?%3ng-B1C%Q*v(7-3fbAW^%gKe!<8w0c2gy#BD!GYW^V`OX80uDK7d
z8&X`V5)v#@>DYB9`Vnms{MaigbhTw<tHG}0p#X98pA4871R^$mQ`?=o`nGC!nGQ3F
z<Ba~aU)5kBI;p<Wz6IlKhW#^4+8sVNk3efFJfqZ3=XV$HR1@m&9GO#dSbU<EqOD-p
zNVl!#Wp)g+us9;P45-Z3g36`JpZ(H|^%G1#KnNvColdOb>C>^nZ}SZ`-B}rPtxDj}
z^Gt7E6>BreFg#$ylk9h*;>bSLy<&$#l7E2ON&A;@J|I{S!%{ylXB8Q*_BExxMynLh
z)M1>8q;|-0RRM?UCyr=o*ny9$I;{m-==kkYO(W%VHo)N)p<j1Xt*zrPi!^6h_L5=C
z<gXgU9|r3fIA+~ugChd*xB1<8;`j?F{0#=s-gkTH4AM}U@rM&fykYs*o^8W6o^W=P
z=_5;#VN8)Fb=W#+xdCu$nifk*a-;7ZQf{4^ZBLj=(}79&0gkm*?)a+>9*ZJ{VT?<p
zmU`;IIv&M|EHLNvaFm<BLmmAj3%>?w!Xy-=j){Vpj1BLaIv8#g-+r|?+ANF9%csC@
zSh58~WdCHx?}4*zSoP=pmKml#DrNp!d9bdh6zeSGt8vi#&@*6Pgexgx*#9Y6Zl2b<
zJadOLZc~)SkPug1Yph}KV0Wz)himZ^qmSrRDgguAMvRK7pGr`~VJZ{;#7n|VJw6fI
zC*w~V@9s22-wUF$Z{zf#NDy?f#NjYYTX3UIlbHzXirsJr5TV~)m;o=Y?d-PBQ<&<x
zJ?=-%Uvhj&5wkO8Y9G%#@8s7#o$<7y%zOE3w5U~(`7~ORgHB6bX4LOt{T&QP7Jz?L
zHx+2m9{03G+!i@k;Ls!vYO7v&*z`e;T#&1+yUDF2^tafj5QU)M#@f*B^r^G(Ls~+{
z2N8?pE8+9@s;87p%P8XmgiMK4OycO}x{jXAD+905wAl=0FQ0m0`EW}S)1sb$1xO61
zs`P`04pGCL_H_$Q9Mu+dGRho8M^>#Ya=-Jx(Ug#tT1F!IZSS2C^K&&7{F0Cjub_<k
zKGFZ@;oW%f5G+#_R%c-%S}x5tho5Nk%7nqt0J+jK=15LHM1l;S8yA<CId8Y~SDwXA
z-D>!0cKIFgEC8;JlvdW;2;-IOo0lV5-`8*+G8wmVzf?7EY9OxzQw{>lFNa#(O{W@A
z2*vJ`5T=p>gzOStvEcS8;gY;@S?DN(HDByUx<cjr6^LNYZrjq+z-ICAxi+8j8Ct{5
z`e!HP2`wMc{=`}CeodWr-Y=_`77z!-A%qjviL9D&`R=+eZUKs)^YowvLm@Ewu*!03
z<u>cY%Otb!Yw~UVp0Nm#W!$BwdOlG~2b;^tVPPeQlkMWTZdHcvtl|0(ahaQvCbCEM
zxPLt)AO#_R(+-1*g`73%orIq+JY;nj)SMOj)l)_iwgCF_0lk`RSW3Q8fYc1zke7sY
z=4Oesq?{)aiIK%&D4aQ+MV>K%`j&PbLxRFg0v(VHO;?FOF`z`?cM8~>mWP+>l&kSN
zh^p~XFT=jNvv(1t8D};m5kj#E#6N<_NrDHDBt&(^MOxXcp1a`=ykYqlK)tigp#NUT
zV$5v)g*p5A3v}NTVKJq>4?=$}HzXJS)1?%zJNms}g}Y1e>VmR{(w{>mB@p~vp1UZ<
z<WWD?_?t|iyCR%8a3Y~6?8je|7~ytYp<3ia$Lvjem?O?au!g{DajkpUAoTYz3|H*)
zzZ0!i{tKP_?$q+X_fa52`SsS%kZa(dV^q!Hms7{2xxLd2+X5{)>Z^BnJwAw|uth-N
z^&907_G{NSt+ZnbhHj%ch+(ArCC*g{^zt^iLN2Ni&v`0>u>6>0?to6`H^87D=%{?;
zwX~D;CHOr(X<mx=90ATMhBtryW_}X3Wx{4>GvAG`<^~NR%t5V5*Jg^E<%a%{CLb#(
zO!QXZ+&+fpOo7@;gQO+A!O;k5)owwND>B1_peJ=>zyeoX6qOC6Sb4uD)`<~hFI=AR
z*LaFVxjId5x*>(WRPNlGI|PW;`=SZ1GwEXEoKJ@2_`u5~QgeM;bE)v};#;Av_KV~R
z3?|>JNUjP7unj^Y-Z;+abXW&rarE6`6s67zE~g8I<g~P_oRLPpsXw4U(P(1c;(^*2
zA3A$q2PpYgC&{8ds*kzxJdiCEF7%6hGBIRn(rs8nkW0LNac<<>lmmBst_*_z`%h2Z
zs$_)O5_KCd#wv#=qNcvp^dmkpH2ZXdae(!qUSFSMc&f-n^Y7(tkQ*`Hcj~^AzdVVc
zq$ibEqf^K6-vbloJwN6bxeDT9OD9p8;+D2B%mD&EQLvO+*IP%AXEB9x{`0eyF@0{b
zeVF8Dip-9DYrlV6mQ>$6AupQL2l9ofzsgqTJjyE|(|ZznrA8QNI^8e~_`rRPb)evE
z0t(VnzT97c3V#I}C(PQtgKc&zFl-;=xQ*GeC0cTpb*hIonV!^vlX8_)UiI#Nc_<lS
zc^+N`>I8}0=P;x1RruF7<z-GSRjSL@HJDs23mN`yzFzF=Ds`f2WNrl>T~phmmup~j
zx@rEa1OD%w#Q*n37EsTbDl_AJ)4z_8U)Z`PT0?2Fac1X!9+nplhQ#b2vHB`Hm-sqf
zJAewb$s#HzfhhXF$cC+vnq~3itBh#f!BqCUNA%Hzo4R0+Vu%cK?gx+_{_Xn%J;`qZ
zeXg=yyF=S{2&UF+Pd;@<IbkE`oKgP}1SBHk<ro#_cq`g>-y}!5kD~ucznH7%IF?p#
z%=sFtu~+P6n-NLgtFfwx4^c$rY@B=6nz~aPX7LIN9&d_HgH;SLX2q`;$tbv}cXYj|
zCmznLc%iX(GeG}qXfB84+FF&~(~#_#QI@8_S*Q%8&L%t7`8(;;dnl@Y_)XAk+BC<>
zLC33_$oXjy`uL)LWzH-{R0aPg<@fMl0D3bi?k{W3)!@*o|CF$pf*yXKg*(lzLbfr&
zsX}x9n;QkuFq<4}|GmzxPfo^G9JXc0+QSv<`OR=Cl-!B%Qepna3ZrKe-vXb`;hRjX
zS2=p0EwnkgO>#z1ztZL$=rG55)rlkf!RkQzs!4vRB8`8hyAK<f>f|ef6%G~|1m^R(
zesoM3dnw0l)11mTxK}iFUf~nKud5fdK3g3!jcdWW%Ib+Z2H+wOUS#>Tdhxwi{Vt=f
z{3^kKGKkn?%gE8ad~Hybt5Kq&W(8`uQ}XC4p>*(r@+qOM&iq{YIQD8|M$4c;0Q}W>
zvaj(e*e}dznW>1&=GoC#Cqwj88t`<%9kxulq?P0qNT9XiFIP`@T9y~|eKM9@D{iW)
z2h0gXmKs)X$gZAJY<kX-$qXU^h)B12AFe^io9!aaGN6B@G-s^~K;kdMd?m7X<h^Om
zRmxSkiE0J#yqYHM1dDPi2ovgbdrV$fid5D-Uz*s6R_^Xm8UpJAgh(olG1*FnJKlQN
zGD|nJGKqsV<qPz>V-34%-8I!*Trx%wRr6%~MZ<^*{Y>AV=937|NrW9Vznzq8!of|u
zlD$qSJ*UXR%5Dvs53f8~cyetY_F=+>FQ029cz%^Jm5~wW`wd}}w6b(y?H6(SQP!Gx
z*^BzZ_2T0!MSm2HsdjsKp19SE139>8H@sEViXtJDYYJ8nIc_-eb3YQjyDWP7GuIbA
zn73&&VhSCayB;}QbS490v5X@-H!5@<dtGsRjYlw&?+4TZcg4i2LZ>vjU3rf;et<n=
zV;P$45=)ydW~r=wZS|PoX&UYV`47?b)8)^oYnn^5G&t@D1-q!TKqhz@xy(#*HF6zU
z1YVmO51NC)XWx2Jl2w4hE6z>xdnD`9$T_A%!*K(g9<I2wTOMW~d6;HzL3zK!RriY+
zbGL$$ZR|3yuEntt@oIf;0m_R$1DTZz=)j0#(`)Qg<H=hdWa~7^*-{M(I2!+)yv`4<
z3v&FLOI)f>j5G>ebwV}tg)5l)7A|Ib{y>z~=)bUHT9dAmVxKX@>8a=^F}8b?8m%MO
zyhxG<yjnoXrA_SUjPL4}xG`lpsWPmEtp2!mw~Z)&o1VXWRGLhD)mG`s<kUa4wQb2g
zYDj)~?GJMFudN=9^eEUsk6=t!2~YotQox!o%B$;L-1yTU1$%Y4UD2=3?2<2YCi_8q
zEcf)rS;6Y9)fibLu%KDhwQKJU3~a)F_h`EoXd?OB;DUCy>*<bQ$IQpjtDCfR2}xYf
zymHlcmzl+!5R1kC5WzBbj>Ez1{QOmqEyg<}=4MuBJ!^u-(TxW|X=4R@+h!8}%*4-r
z%*A4f3hn4|!i|H#6~p-JX$-xzO1H0hGOnZHjHwJEy2)q<MQ0g0YpJ=6r$bA2MHE_{
zY#qRuW%wFFPLG3(KU&4S*m+9%ECwrm4<?J6HdMT9r{0d9t}z<yDj4wa>OKSXqoNJy
zV@_S6Ua{?M<=hzox9V^`9cDC#lgY3}-J)lK_WL7-0=61$uHXKd=sYw|WTL+j!Tvs0
z-ATT-xOY!#Q244-AqQ6dk=L9<>k8ga8C}S`khbG3i-;J`bL-LU8P@~hvzS)gHD;u|
z^8}Xn_Pt>7QsVa`RzD`swVNC`KO*R^d59ANSe;4x_X>YCU+ixXg>mg`GAkSYa+X4(
z?6LkBHtRSj!nUOz|E?p8>PcNe>b?fmN!bixexiM_+<y0}WvtJJm*Wg-<DA9>aM_E5
zyU#rVwUs+`JgTDoh5~BK%1yiKemQ|ymLBd=^?G06+eoe!GR7bt*Bt?}kc2?`qKAd1
zG{cQ>C-Il^;H7Uqd0pN11W4XdnP!f=!Y*V*$YcPfz|gs*zgq80btF0u)l&Ve8GLge
zRvAr2d`IW=c2W@(^y*acnk!!ETGd!etxn&&m-=htU`&}LnW;q^XQIPvbwD`Wonohm
znZMWw7ein&Upz%ngZ*v|&<4UE3UZbix#rc$fpsZ%yna#uZP9HUfft%RE6tr%>sl&$
zJ{^q|$K=IkJ@R^!)og5>{ZltWgzh6TMU4?|#T{Ve*KM~+=2TpG{$24ZU1NX0KI*?P
z&ENRjf4Qu{+siPnYbsAQ#<|N?ul6_R@;9^QH~-^5_Hm6V>hl)g1=F=Hwv}d^Yr^Gs
zml+T^Qv&GFzxfhv^v2{{IJ<*3nlG-<OaA-WmfnNxm$1qLft#axWdsF{JFbxvmB|MU
zA0m&Z_lS7GKy{|7>0X1@za2B3WH>XX_n8tm+y}E(l|wl7`K$dJ%02QC%zgjT(ls89
zMLLGWe4{M&)7opsBmqLY2O%{iL_O}6C}t8cMD;(|c_(NW`aH*W3{c0_$JqU>?X$H7
z{yA5J%?`xcvqe{2Q0|uL7a|T?$ZON=l|JI65zPja4{kg<&uZ)VnA=z~XKr6TCR0eL
zTz-=-ZQLE>+z_+!^lZHwdx~u9?LCOq$IEjZ+=%IGUl*9ZB&1euFss^v-Uk0A_Beqk
z0aF4adDz-t$Hjo`juB4ilwO;2xOcP-$NJ-zTJOTT_HZGVt^_#v!Sh<`@mO-^7F6DM
zkII~!&}0P?ndiY5AO3KF2d%)vuVmWygh5+j&!J=NorN^oA28=z%sE@Eeo!YfnW1J?
zXfSgx|F<W^{Gc#`e#Io~o`jg96NT2gPLy$B*w~wf`*vrVg|VS`(ggXSskl5mu)d}n
zTp;_EjH~AwF!%sy_kY#>H5$-*)^^*qnDgJD^Z)<x4=?UNmazzS8?{aR_*Gzor#HlX
z)Ha#qsAvJgjfA$jTK`YqA^1OdePP$H^O;{DE8CuwGlbul8^Av)artKjqWWI{2ceAU
AB>(^b

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/SymantecMigration-DefenderATP-phase1.png b/windows/security/threat-protection/microsoft-defender-atp/images/SymantecMigration-DefenderATP-phase1.png
new file mode 100644
index 0000000000000000000000000000000000000000..1e9bb592660bb9575c5e2cbfc06d93df8523dbf4
GIT binary patch
literal 12351
zcmdVAWmsEH_b&`B#ZpM|wm_grv7p6CNbyn}3dNn`R@^BT+^uMFhu{<~q(F<iTcEgm
z@ss<0p7Y`T_I`NZ|GCcZN@izr&0e$Cnl-b3Gi!$_E6Nbyzr@GDz#x!)C#i~o@feBz
zeT@4UUCtaQ!O#~>Csi47jLIRZZFB|8Tuea>1EV?yaBK7gUH_ph|3M0U{Rf|Wo;`a;
zL_|b`M&KYVEiFAgJr@@jFE1|?jl_w!Z{Nzu$S5l-e?%j9*3i(<($dlnjjCk_2M142
zPk(>^05qD{!otF0Vqy}|KyD@_C8egOW@l&Tp)s&iR8&+|RaK3~#6f+1eJdJsM;#p<
zNF=fsjg^z(;o*^ykx?`@&ganBy<A*eTwY#YL*wXbV`F0vjkBA>!^3kluI?Tl9xxRN
zl+pTQI;$$GVZ7a#`Gl_EIlR+y!oZ*)`sa(;_xcp=3XU6DNwE*^`umvxorzx;=MU_^
zFakr7g2JoEF49!cK4yJoVD8;r$7IX&Qdy;JbHa%3qnpd45n0BPe2t6u>a2|qEo*{9
ziH<;#p}PN{3#|gUo9M7#`|6Pk>QTcssyF-eDuX`nc^XpU>y0iOLpEbNU|y`B$FDwD
zTo)hMG28(|9o3sR!K>LePTi<lYE9N=ylA+Oe#CQ9{2cba&ops6@SZ*%=Bc~3^(^#g
zl*zM&AKjfsP#5xPB}%YKKyL|8AO5`SVf54#5L!cpL(9Jg3|BP=gMiW1?2q)7dOQWm
zkAkBNaDcroFvKX}*a25DI$07J=tkXH&jr`O_H>u1%@){=OW!g=y%^W{RdM7H8EelU
z-q!ePe~Kbm*dK>e)c21e4$#0ypV;GUh%&mpTE*Rcfu9`%C-~6W+ysda9QJFV5jml{
z<{m+oZ<?sF@Mr<;As(muuiylOyokEVdENHR=Mlhs_C@nA)}742HD;;h9G0lj(VQ=#
zA+ycfanMznPXHN3%l9TZ-Luh>Cz+?;Mivlb$kS{}dCnh+M)0IBps5BKReEl9pmj^>
zwvpC+bTVJ2Wc_%JH(S5Su{KX1a+#=&JbNthKCE^aEmyBYQ{bzS*2OO@f=42>CMiaH
zU628XABNwJa=1i>_aa-h$naCS_MXEAkb>pD$YkER)Pg|`d7TY0paUV$`br0CQ>N)!
zGl7<WwV@d5XlqG@0E_=*^JJ!?e%bG`8wcg-{FG{*&vJL#<%-krsRUkdUU>H&GLl4l
zM+c1rg$oE~T4dxJo=P7Uo7I_R9R>qV5LtrYxN)d1CiL0sm#+jjtgFb+<h?A{lH6}@
z*!Fe5xc>DCMkGJpNDzqKX*vIE7?3-*Z485LoWuL7wm|cv!5wX7uDHb2FQ&W`g^x^T
zsI~sswEm5}xG>k6Dr~>Dw4F1j8U1^I8xT@^)$a5roO@8gL)|u&XbQjXbwkJ(eYxuk
zY{sF_KN8KGgDPhE$xiQ|E*gp0Go;uza1^#CBp!lc@qy)dwy_qc+#s>6-<SuRy*Qe)
zWg<#kzxki;v&=>try!oq@XQ9LiHDg=xa7}-u$~h4_aRoHabG(+#%*kkXYjsC*Mv|s
zw7);IsWSO6E$zp1dHA#+B44^*R-vTQ`PDh1mVh%a&x}b=Xbn<Mk*Li4Tt?<wQIe9o
zKQ%3FT0A@l(2WhN4ivNrfJ(mGe)qJ!4{7O^Sn*--C7YB5o%bLm4{_u6P;G3BX}%h_
zYzWPk#-rUpd`kP9BUw$Wdj)>h3cv60`hXw28oxDG!8mwDh@C^tT18{O38knQ9Nq6j
zAwdpg{)=wUzm?<d=Wuz=sf13aF_1APOs>kDkMr#1+m7iO2d~gA$12OJ+DT-3h*iQX
z8BHUoGY*5q^B`dS(OP5U57UJ@NQAh@s^UlGfzMY~yS2qD{-1~hTB8XE%V%Ui4hsTz
zt3g)%hrPu`$x6Ng#^1$`5ItfWM*GL8Z}`c&arKV?Wrz+f7Ws0=$dY$bYQhIW2!)(l
zjo3&o^~TM~%uEZ_gTiN3%}rBUl8-oTZ$ATfa|oV@(RsvfI+)W}Tze6fJ;Emj+t3c%
zkbltsTTqVIhoPq2vjPm}u@ZQOZR(^}Ifs{GTebhEj#@?K@w~FRe(bIaDNyc{NX`T^
z03a_1Xz<WX`I9APS0hZyM*E($|D#T}%o7~m2m~r>i}}6E&y`8;F(h+~B<|{&)`VI=
zg>S)&PrXemM(e0dio>j5sNGjKmA1uo>D4$(HZyTbF&>iAwr(Z1q6hD+aUWkjd187J
zOZM!<gQAvTK3`;Qvo=aZq{_6ud99O;`e&yBn{J7#Gh_T^AVm#)!fYAzJ`hk+eP9AM
zQWgNm<I@|~M7}LO91vFsb{@p+{yVVxOM1JoudhxhAi!bVW?dVX;aA3t#=y62T7X@W
zN`pa+sJ05$Z29{*f+<&iQt1HFwmC-D=z*%TZu0rhB5wRyVGNV}ygZ!0&e6e&Sbe23
z{aBxm_xeKoeccyEWqBQ0{hs2x$NQ1LqprU*%8#8)PNk^C+1fqtvIkKQW;zo*-!_7d
z*XJ!ukBs**b%fGIX+ZnLL~d8J;F&YmD`K?c1T2oUK<pRwj(a36k^aHXmI23bSGr=6
zJ=p<%8<Ob3lKsGv(4r`unUblE32OFNA=%G3wK4SYueLb)Uz;Ez=QN-D|K@qb=ZyI@
z$eF<clCz5RA1F=_$Fl;-HLPW5fKLFJxx_q7@p4*&-<or9dGxf+ke<#(Mjkd{^5K+*
zL3#n=7Cg7F=94mE0JN!ZhJT-jb^{7zMRH2wzHn1nhx-`QGCmvr?AxdDIl=jLIVR(K
z^pG1!OEr9_vXYcBVba5q_SC#Qd=m<O`RYlR#Z{Al!ZBCSvOCe?@3NRJ>2JC!jjc~U
zJSSZ%6>%+*3iFhMKQ*OOZ@u+{x6yM`)vWWEbRgMj`6pYyuA9#8+NJx|ay;F$oG(eE
z3O5dxqa+UtCaP;lz<%RP7y9m&4&Is>tw5M=bzEaI&TWTxQs$!fRz5WQdXAZ2YZ3_>
z8`lDxrH2h7p9RGaO3qdYY3{{q;@ZTT#!#DVc7K}-`LrSQ9b|U=hl0eGiI;EA<9MUC
z0`EN|P}(^yr;RDCrMcptVPx0I&ZV2zCFIM^t4^qVYyyoO^O;!6Bkc!gCo8f)Ly~nY
zbj-1Gf2b@@KNx#EbBwXp%!O^E6vBmTI1AUP`gR}p<LNB+;4#T=e4T3MP|_=vDUxW$
zv2vg+hHMV=Q>Le%S!J(I-rjZb^Tls|OD8WuB0UKQL~@$`hW$#rQj7ib1efPldsM>l
z%)c&&qc`M33j=uoWzaF{*1L!qS<|l`ij^{2kShfe>nQ%ZU>n27EbpQfNxB%rQ(F{j
zej*C%AlP(QQ*4$If<e09@4)(6;h)nh!>d6(Ij2lrALyuAX1u@#%F(B}8Gq~VBEnz>
zkcG~wQW6*B+n_F%=hMO5$_E)3$w@4N<*O@nEsUm=yuC`QkjgqUPLvg#?jBF}k*c^#
zDiO9&Qoi@BQN2m}%im5T3K97V1gJQEc2Wu$k=7f(&*6P~Y`ZoQCXTcdBs0|Yf}e-o
zWWiVh%p_uOwSVd=n`OmqtB@)Aj!P<pK_*yevS&DXrneiCF;q|LyBAJRLih^Sxu5-R
z)R)!ynNtVgmD12m&Rr-hGcJeM4}MbEE@tX4Dv$_dt}i{d4u_k-$_sZS7rDB%UCH9@
z07cTogdh+2BR77Yq_156SOCxKYpB~#FRu^MI>R~{N^rCK!K9@leDN5S(n1*60R56!
zbw1dS;Lxo59_vq~9NNmL3&-iHh|N)ts;Ifh{qpDYW9NuB$}wxxeZjV4SJgXizsTYz
z{xdM!CG2{(k3W_048QZ7=uTMXtscY86UG#w(wSPN$p2#<@x3uvR=a)9GxEYl&P0R7
zq75BYdC-B!qF9}rl7Mx<TC)G=9#U#?5y~$)pQRQ*I9Lay7!v7e0x8pif<Jed=uRO|
zS>^F&Lu|XQRSz5sT&kpS^9cZ0i}17%Z|B8#s7mCwB-UpqK1YxG=ObsXx^;~Lq&aFI
zxwz*ui#6mtYna83?<Zg$20szn``Kj`A`JU<6MY`s;My*?db>coms*!O$zNxhMO1{3
zo*V+{npQzVsB&gyRl0ygZ(Hum1}@qE&Uz^-D`}bk#M3B9W6^eVjlwhJMC=7st@Ea}
z5PBp`O57+tXMg+|s}vi^^YlT^{zeM8nlcIg@RLB4*c|7IRnjo@HdSg3J9Hi3&gb{9
zRv)<AhP4m}9`Ag~ht>huk5&?P=Hinv9_zX+AaHs5N1iyF9LMesz0qOp;ln9^Ou@e=
ztnmhdILWRd(rE0%g64aZ>exX>$KOV7d>IgO4=Eyl#<|tdk)Y9bz@2Vj@^#X>O)gh(
zftC!l89~s}@WEC>XCq90v()`0T>;D|o<&UTSuK||MxU^_K=$^1dqb+oDQ6c0yMe9G
z3o;h+wFZ<xO!S6gGj`-9f;Aud?YVzej`vFlQ6fnPi~FPI$Li|TQ{7Q?<lvyVWH&u?
z1=@s{yQ2ejcQ0JUCo;a{#;cHvcB^|gr674;i$Gy*br%dFO}k?uPh#!6__<pWkO5C0
zr%7n5d%2qi;HJi}8}z*#2@ghkM#kc^Ec<i8)Tdbsml#zt5MmixxCvo4{}1I^S7nlF
zG@=M7pASxxJ5i(=#V1#hf^+F2x)HW6&b)48e1@%XzE(b5E(|>5t1iW91GLtKf`?aE
z*qOFCJEI!#gbOLKvP{0qKu){~)b$4e%da>4^G)U8v|y#?xM$O>Z%k&}T#ofyuVl(_
zxPIxS*gpSF#{l(9(=enAz)Vl(;pFEFkqPCx>rRZSdnDg$&qAhJcl%ZjToBr5Q>dnq
zCLQtNFrHa)F55^XPS;jKZX-;0vj**XB`}}ycay(C5+x;thP(zkbHn2F|2{w|RN}gg
z7aCZFwOz+1-z*{Lu*YfN;xoJx-XYkd+2{X^HX!lz%MwQ=yTJSx$|~9f!o$|U&}CSz
z&)4caJ^AL_A<6+FyQrAApC?IN!uc7IioY)Q9}nJ9+NlpCWyDE!C_(jz`Sl1UT2sg(
zJtw{6v>D|mLyh%$5q^s#bI;@RQ_83S2%Mm8UQ1)jF|?QD5o{TXtHKGHfMcdY<7?|{
z%_yg-UXHu*pN)o5G<#$i*orrPY{7CW5tMDAUK~2CkrAsVu>C4ytRaqGqX(HZUZQ3x
zgetlsjgl-iJ1yE9Y+!&WuHVU=jiNE(VDeg9w%j~hG_OTMAsEnG#~H^A0E!M;KK=1T
zq>`#vONe3>WzU%}Rd<X<-u`-!p!a*VZYUh3*ENpY>&Ouran8k2Ar$QthyK&RTl!Kz
z&u`W-W6~+kM>~2=7jj_K`<4Iy>*8TkFnaC(?Pq8Z<rlps|Kbv{CQtc4U!*Gnhcg(J
ziysCv(HxP&j(MV@2MT$Kzn&vVy0g(m5ZpZ31ecM>fsn$*7j>I*lp9}O9$7Fa!dI1x
z(*XjcI~r>s5JB*XG8Mjy6DmY}(P{yim!k{{m&mc>SWqt3iSlyiCGC@NWS$rdro?wC
za|FhOh<h*-1~-3qK)2yLK#eLh1G{tnM>^MvgE!uL`tieVc0n@sPyVBqZLEX2efGVh
zy|u#M^?Uo6WuEh7u|+G5HB^zgZokRv1#IR-FL$(KIvmV74=Ys8e%y5k?(_fCWEBN#
zB1ADJ*kO|PK_R3&Qy-fy{U)&a@Benaup^kL_(TS3r?4_|$PN>r!Cwb~@LhJ97E%at
z0+;Q+MwI9bvO;d-%aq%>jyEK7u-*UeZEJvB3=W{{Bl`i(=R^lKUjoIZ9<@GEZcI~m
z*IYZ<pYl09;gqNDf}LI+Qe_a5mNvqd=|G2$Sl@p0w2Qg(rc*mO7%Mk|y4sd`N?K+;
zhqb(FMA99%#9!2>EzWYlg}>SHu^k<e*E|HQ74(=aw_6T~Wc%H1Rz8h6Ia-33@refS
zY@%u#pY~2z7)^J!VYa=&Y5sY=6!$dd_-J&gc`Kx#ig>3%x2Z9L%_z^}NrUmJEloz>
z5w25-#XOv<UubSQW03z+=d5)Kbe|X2v!W(HQHYXzy}6Z3mP+AGMgqJ%T3R+Rn=L^b
z>u8f%9y}CS`=R%&GI9_ZAUS~xgsqNM3HeGXHx_h3_f3qX7wH6-ZFJ-zUAns0L^AY6
zUKwK<&TY_vg_p%}8mIg(9NOI34{us-Zs1q9%iN&*{3}HyaxOG_!Q9I6MdfAz@$r$j
zuQ&5~*YD@RLpxB`fZ4V}v;ooUc~ul|{`JTUS1j>NP}tgq%vWnQLXY10*jCA!Id5O*
zvv(KL$e)eBkO3cx@*uY;*he2?g`8y1Cefl=O41$IRgI<Z%fX)RqJB}uRBFIHzOcC_
z!ruPiW_F^=#$fYWMx3|!jQmt)9ApX%RcQk?oXXYx&cB=N6qh-GWh64Qj;x?ckt<)Z
zRjox^MBypN7Z5qrt@qOMcfdz4Y57HRz~#q|kh<!>8L8r7?lNlwjJ#4h*%f8M1@Xyh
zB9!3^!ob54>W9RaR|d`wi+3_F`(UCgHfsm4c=yuNoJpV3@y8pehXI)5ZB34{9CTre
z;0K;=UNWA-UN8gtPI!z|{-Q}f)xrA&yN^oF^}tUQ>igTBpWY3)i>AvS?Z-eKm1FEQ
zC^ub7fFbGZdzp$LQ4Oas*4?zvHJs{O8=~dzp8jGAQf2eRZwTv;Kex8ONaLdOvk|i<
zh>`fYyFc5^@j?S>LulsRU@k(p&jNnM?wBu2=*5(>gX+b!{n^?ZyENwrl$iT)3y=us
zCvq9Z_x$U8FR}lZb0gg^iPZ6E8|ZjkRomilRFZZEi>Eb#@sOm$%?{W~qgW<Xfe+nR
zB%I3vUb-on6D(&4tO+M9q5<Lb3OUW+K`zH^o@J)1^5W7~1iU8=X32f!>9w|3oKCY_
z>k^CPc+(bzV6l0AJ!Q=5#58Mz6o1Th8HNC=SSu$rD8qF{zh<#%(m2v(P{NeZxXYjF
z=Mne4*3d6W4HN3nxdp;ZgU_N_hb%9G8XX}|(&tmQP;UrNt<1^t<`hy7rp7ov5>gby
zFY{fKXsXw44`-{4Rap*jbnS?T@1Zw3y?%E(R;a667|+>bYQrxj6G+)gDR74*-7oz{
z|9D&y;P8c#lGy_+1@A^%?wdl<!v<Vc<j@LhvZ$j5gZ0a<9uU}m=sP+HvV!nx{gIKc
z_2q>TKQZfi&G9@8)N7F*YRHtE|BJPRY1c~d@s+(bW7;ILhV3(urbH;_%<$XTZs;HO
z-9#3gqEnKubaJL%@5ibS9VTW(Mz_aL5tx8*Y893TytSe7(mPfXhOg%bIByPN#dYXN
zDhm{6KR;^ySc_0fNj`8va1b$ehUodSV$wdi)Xb1+*G4fFS-x~2XU3wCOiK~xpx9}6
zE7&$~_#D77>=>;q*5#R-D5#)Lf(fK8mt{^0NxOWjV7Jw^l{pm0_!89f3RQpaz&F;H
z{C+9A^i=I`@FEeMvpZK0c*3N1e)O?KKact_E$Q<9>PYtGc((G*{og8nNt;jp+$KDr
zgK>@tO0#4-FFnoP94gRM+Jv?t)9|I+sO0$3EL1XoW`K6GNpPm9nk}H2{n>$l-Ctr~
zJb@uxz%_{tc8i?EL?^K2s{zg4`v7J-<4V|A^po@#hTtRZPizY1?TkF$#3UaKE3w0V
z&66*xRTV;$k`Z}3lJjE>Gb-Z_pS)RLC*xl${aj^o<W_x}Y49}?u4C_5vgNkMDNgqc
zQVxA3h^H@O5vnZMBAy*J&}waQ_Q(=h(HqAW*z5wBu6?<59ly*xu1B;9XHS#+S?hXe
zqoZniVm*Vu7^u3Y%9jZ<X6nZi!Z-ENR<-0jL44P{)Nd#XXAJ7!8!v_2u2(&pJfQ+5
zzcHE^%-(}sDmk9Tv~&-A`R(2`e45&(2xrHCcVJ{0f|}!G%7&yo8@+hd!=or*zN<Z}
z%RW(|)8uQ8yuN+Mb8O#W1L&luy*#?NApx!anf|<|17rU*R6_8YeNBPCV?AGL?q@K4
zApEj>aTHn8ZmdKmhkI_6i|JCP^#wjJ2#3RpJr1p)PyaAnxe19Rk0*!!b{E{9RB&UD
zPnhSqJaUo)#+eNAh`i~K3vI?G*WW?a>Q8dnhkNvo&T1D0eP?$9>KHhUsFY37t5n``
zG=y}T8fZ3BlsXB0FM&p$QbV64|C)SZX4)~MW)!BNQ(*H;;TZ9u)vLDU<Y9bIiNR{K
z?!yp`Z|0!yoq$sXyR+U+LF3c`Y@N--^QUQ3#PwZ2tbtsYY5N4hJCd~<Y#<pzwNcQu
zC}CrPyc!W#NFBV0CJn2yUf^8Zg%Z~}xKe8=t<G(oAl!SKBY+!KMz8lX8WdNrWWD22
zD{rH{wkFBhYke(Ss9Y>AwR6W27e^Pzx01dL`*94j;fj6GZpJ@u52QZp0zJqMYixtj
z<Yd#`g_;D@k)tENHqimW)`!3Qx8ShR!KvBV`Cjie`OAtxJy5blD}tj!%%Uyq6cR=#
zbfYeA`ioeSJn=!k-MLt&2!6BGeX01TF~Ir4N`;y65>d?Z!|3^h4yP$`Gs)XCu3krm
zL{#Er$saR|jt+S?Xn6u6G0W|-5dI%8R&eKbysH`na&x+S+uPxWLM<PgB8xg)k{?zG
zW0dA16e?Yy8Qn%5IHl97ysnoj{ra2A+eQ^k7tt;?P+*bmMuJaRs_lL^b}+ok9=cG(
zq5w!~>_f1R(+cPx7%j-wdwffXS?Sel!G@<7PN~6G@UZH8p%I>%f)ho=G+L_rMrZ6H
zOyqoW^Gvf@_;LeEX0YuL-C(%+rSLn)`EAs1i5zVS$DdDzB8T3zq+`15o;W~|`x}k?
zfK#J*%BL=6LPhWtClRQ3`=ytwTlErdu}%s+1%^0-Yc=_TbEo%9)k6NuQ|H8wZ3X~g
z#K%xf0g|1mbyR_X`$$*RN31hX8`Hl3veyqf%p3<=dN*d)VZ9<Pn)X-|75zw;6pacp
zd$?u$dfsxI9SK@sMnAHHSATKwkA|mv=VH<&Xx{0wK^Di6V--A%3Gk1W1^qPUX5Cca
zfzinHinO<jRzoP17jDnx2P%Wn;!(WDQRJbJOhQF#$X(fd_nqB*8k$9B!$%#4>^1fq
z5KlH0(7i-na&gw2zJELaJ#-1%jS{*ro9EIYJi6aX?3w3P|Bs~+4VhZ}czwQQuEDl*
zgJ?z`dFfEhx)+CY>5zN+$o#Z3M6t2V2F=B%`jJWIvyt1egRhr#i**LwfpFIDo&{uB
zWdyx#lJ!Rg?}VxZ<wkuFp?Gnjb!%Wn+2&l~zb!3*y@Xho4hr6hg?~~?U)efmkZ^i`
zAK(kD`n5&ykEM(>l$@M-!DXVAKV3$i+H<X~?4Zf}+AeBju6Euk#7om0<pz3<7i<->
zdUMfNf5*Rd(XTvbFw?b-X@|cMsl*+LDfCkW+auv9&)FVjsOSJV!iVa*?Yya5s+^tG
zDGKh@)rl`yHF@95L)R_1w7B*rnBF~Tf92@kZlF}!UgQW9sLirRDg$XLJL!D8@(7s`
zJK3@JZI+XidpJth=n-%}v-7$s)6;#sq8TvLTb38{cCi_<;BNNlu+N;v${c2B{geYU
zBDj|u1v_?Vjqt!?y2cs{M)UX{uhesVrTc?6+uYIbKakrZz=R<2dbn|I&6Y5-LO+mh
z0ick9?cVUPwY7!dUpQ^UJYPA81eW8E;cHwTNPh&vm3nDlR(?kfc>nmS7Rl;W_i0qZ
zaF9b{?YzBxxRjtI<cbu*FS~-8-bKycqh|6*0n_dv^biT5XXSoXqaVA^#|d#Dz+k>e
z5d(jcC>+)0k>8&xHuyv1vfc<U?&5Nmz^cCsS?-;`q<KwTRN%0F&8*1zPju)EapZ<k
zi1yAhQUQ5ve;~cD7GGtNQ_-4GiUmHgh5#ojHXxvbZXO`Km#_#Ycn80`*(<F?A>7r?
z{LRatUINOeXGaJ8Y}uQ&ZKv@0Qs@G?evVMvudYm)-@%|{@;a9%dxKdmaP%}ax*0<H
z`588x38C5c_@bZR5gTx}k;ZhTvaJdyhSYEJ_s2)UJ7*4BInHir<adb0;Rk@K?WcVR
zgu1nziHudzA=rVu_uYhG!0xE6O_dD4X_u3RXnO55xgCUN%G|6m#<?1)@TZt1{UYae
zdZ|zWkiud8Vc6F*n8Rh4v~sX`E*&w`MNLh(%7&q^$CiJk6_|fGn{Fbd<0Hqu@sV*~
zq>71oWjl);Yyk0*r)Oa({jz8iRfe80y5HeQH_%ZNENd$!+v%BKU#$PB+1EaMnBg<O
zYpWPFm4i}!OvD1Rn>}SQv#@*n*Q&W;!I<Xs@D~2oa=@1}O7U+<BrgA}bCG_mFpWr>
zup}qoT4qE*d+B6N55O2>2^magH!o7`0DhvHZr~43hhlY2Y26d|^9u`8#pfMiQyFFp
zt1;ZwpO4XmCb@8UrdFLQyBvSyAS_@||1?0FmJ2_G`dpo5Y$CheKz+kP@5ZJL&gX$+
zQ;N&J{&2r<=Xb-m@Sw5m3-W<7e{mPDCim2~n~>YppB}%X#zMh28nNw01c!lQN~%O$
zRCu6`mb9@(87?COwrn4vwjqc&_?Sg~H^&!8T13-~QI(C})9fUR|53ClA>P;->XD8H
z$?^E(ohcSwFY4;aEhFY_U#2WFqTqO|q-A~D=Svg!5X<<~&l^T8HN1|BzzO8sp*|P{
zD^y`7y``CIvidiUZ3aaz=<JRM>xBBR3kW9iR*m*EhhUqA^~ZbDSGOHkjWjDpF8jcn
zE8YkHY&NtJ!K+%wlc;u({>2O`j(4H%wL8clgjwAblx)P{u9+vh6E&08gH_?paDPO^
zJ@7UGJFnk3ttF_?)mPTWSkb!(kCcW3VfJww)m|0Kx!qnPDKpEBn|H-TMVRkMZzh%S
zGw}^g<vdS-yXHJs_iD9MwX(%$5Fzx+HJaxd1mvR|f~&p!f%rPE&r98LhXJIY)z8GK
zEag_n5f<mZ!TK_)t}p=<vSq&wS@yoyE`@O?1d+!TYyB}2@$26h!7KJAWTy#Azvepk
z>^B}j+OYARy?W$)DwLMVGf9YhfeM)P`U{Zb4?U=TCd^8zWJ6)^C?>Qn|5r1eLHLts
zq}0zbjY?xj*}51@QhbFW<g3>eo1Y@#YHlA+9Ii7YQY%3{*6dgN@IR<3{<06_=!s=T
z&|ON5tw&~adazTun}KOLMEyRs{L~9eZpVnA)SEEVf%alvdWH-{c*+2LL+)~mQRHj!
z6)r#6P<DBg8t&dn00K)f>o0hVjk^{o?^v@jLa8=nK||y*G~>mjtH#_e_2_ekQBd?<
z`No#IhhTvvrM6(wwcx{r#0i4qvx{<ZgL2)x&iiKJdTmeAuC_bsVq`cM-f@A0q<O4X
zy=YwXYuDZ#EZNwLx(SA4C3C0^Tio~2EQpj_op0O1BPtq>m7211uHh+cM8mf?u?4tv
zzdfW>fO1{U{IWJ+_a-eMMZ~Ge%K~wdQwK;#ZNrKcB*Sk=OdK1wI@u9n4;w+cRo!B9
z;!i&9j=m|FZz-EQOu4V9U-z+@B05EZIi!puIi*@69BWt|8LEpv1~4|A)e&g=%R(y?
zY~+2KsH=3J0O3i$R&~GTC;mqlhbpBHWMHe75fv1G@OI!^?t0?q@?Gxty%TU%N$5I7
z06aZn?IKn6m7YdwD17azmvw&ZYLm*e+V61aqCMA|?dC$_h-+*_>rQ0B2YrV2iFwMr
zE5H6@*{;cKMg7I7&BOWjaSpF#jN^(7d}|wXXZmcPMyw^`I1Dq4o|~R^Wx6EdHP-XW
z=x?RJAz;~GW7h?fNT%v(^?}mOF0ZZ8xF1pfC@QR0zC(fDx_UIpAvxx<@#wu=F%l$b
zM3PY-k$qty+-GtiY2r@}zLuHwnh;<4JY{CjRBK&6^yyP8d^Qzy2a4ebZlYJcINvQq
zU2er=xsJPMQ19tVP@}o;i+{9k&|fB<TPj{wN7d=?1<{jXy^_Zjf2MtgOKj8Cuq4SM
z7djraCm~nP@bl7gz`J;sws!^9M0^&s_EZ<!O#B`dfB+M+QfXtm=xm{k7PTX^$G|~0
z{1N6+xX3<B8t7W;6&ESDN0X*EIjk^_jTA~X)nxoHJDGRe6u;bkX+W5rcL3Tz?Ku&u
zZXbjhz_x<U_TgKo*+oAGuDb1ym}pjEyg92|+c|yS>>u4Y4mv<((fZ<V;ks$>?Xc4n
zQ}gG^jXJgYm2L#RFt9&~=neu+WzC@9bD553w7UxjO{I6b+mAW@cGWu^j3?+s_%zXi
z%d#JyGED$->;TXO$LP_{c)(|zThlVu9^&U<CJsV)^@;?ko6`fYhoFJ(;b0%E&`2Q`
zVWYcdg{D25M~DyIm&pPi!qC>pvKEU868uTx@XW<hb%ljH=DpITqND-$sBd-=&;<{7
zYa=b0dxbCm(n+7DDA0i&uH8CxC`#^ESa+lDg?Sg~V7bag2fPQ;7y5_VP%Mx&ookYP
z?eJ^;MlkNW0SRaEYPt#j!r0i;g+A-9Usu>hKZ`5%+37ZEqjcWllN->0e&j<Jb~D^<
ze}6wx2tfB#qy!Ln(r%hmdm%@X>A(hUEv7r@+-Yy*wFL?o<c}D3Qj*w#{tXZh+2|0E
zudU^Ya`BWhm3NG|*tE5m9qvR09G-&ry=S;+k@!DE^6|G0`u1S=W^Q~DllJO=NMu%r
zfy1Hm^gPU-^<Pm)q7gLLWMnz10p4=brI#u6r(?P7ZlV+^suuZis+N%V(eC(@pzw>^
zhq<<1`{CqP->w;95wEM%OTDEtHOS7?G*Wy`oy7VwYw4)xJtbPGH<XH(>L&UxdV?S=
zew<Q&6SG{~|4l|=K!d;=a^du(O|;R0^njsRym%f12;ihyZlrveYB=cs5?8WWG!1{@
zZauFq@ejWfJloc(3iN8Ci{Kfz=APXHu%<pv_dxG-sL$_28%L1Hze|{QD?eM~=qtT^
z4sYQYJNyI4&9?&H4d07^`yU})41{juNaSaXdP)UHC80QUQdy)GYu_8aVjhD&CB!uT
zv~9D=rNFi;gTJ}f-Pm(8A%}u_JDA1}od8fsq}R>4{xUxhu-OhwZPu%S2cO?+SgvEa
zB|Eue_Cq6?M7wIk;<k)Li5>O-%L&)kZ&CoB1O%53RX0)BizWVEJHawd{aLbczWZ$;
zkbd_5iI0}%^o0#2tVpwQV$}VJ+soIObYh<v+RDi|GQB<Z`rs9gX63$9>xQb1Om7Vb
z1kM8Ei7p&v0VV$eCBGy<@2X<pUMSGPy{fx(N4v#&oIlgr&L^ji7NKOEee04+p6s5Z
z_2%;@Set>(dbx1h2w=hM%2Fil7ICtdyVnJz)!pD7tJ7jlhw~ZQ5C5hGCQg+1oW?aS
ztvQ{Hf1xHx_(`>r;FpY~y8@T~h=ZeIlzZ`ff!A}XVtq9PD^O1D`VZ}Xd<fhO>a%mh
z_`hY0DVH1Q&PMOlMUsAw0W)j2pFc~84Y8Y6h%n5z7d3az%oTB^V3(6jsT*`5cL*n0
zYMc0Af9&8cH>g=WzwV{kR~XzmK0F`)+8850m?3{Vh5Lh;+_Fdxt_8_joU!S5uhvXz
z-eceSHS}$#h;=s(w9B6ZfpEYwn0aDM*#?5!a&cl?n_f1J=ZHQrumr9z$PFo?miBaj
zEO?d|2Y5k5FfUdWX0;LW<z%d{v|7fl{pzvUn=JRiJ<j_^UnfqJL^72d`!Bhc!-6SZ
zuRKfk5Pbb=ust$o&~Ds*Toep%Xu^f#sfgBuDQ=(Pb%(&$Qf7yq{5LhiPSD-6&1DC-
zJ99c0ex(SKcIiwR>$Zo|4xKO@Z(QIFMEs3oCLV{S@RhWTDwQ5OC4d2HrRD`)`1XI8
zq28X%-_<u019R*?t{ACcJ?V@H+oNR;4w$WB_^W;P?6l9%aepbSU2tH5T`r^e2T#H~
zO77wCti-|-hbp#9C^|jxPd=u&AV)Ksa2`qLVpT=5+J~HM1Q|9!Wa-Eq3pJ9k+FmnM
zv$*h;Y5goQebHi!B~%@lhm@m|1F{VQcqO=JD+iDlgmN#EogR4#$`R*$gSWLL93n_n
zB!i$N@0Gly-~(N`tb_@!ni%o2X9zK(VVwVMI-t9DuELe2>F@J|kzEhuAET02#*ejQ
zL#qXUC-54-P_D_JA|f`QEzrlalXiT|YK2vFdvsfI;&A+_GETV>o!BTOmHtDk%EjiB
z#efuUOcvplsbe413ZixWsXxXB+hZ+;wkp_Xlk8}`nLrvycLv*&lUjK&w}THZ2&yuf
z(`GKoeOv`!z3P2cqIBHcu&M*ZErXPtaD}YlnvZcJ{(zDb#JlFc+sIX6?YLfnlCRH*
zNM{<lB48C~9`R2%K@E&THI{F-xzttu_`gKZXOx!bul3@iohkv{lVtvot?Zo*3XD3p
zZH{PuAQ2pu8GD&5;d@4b3sRJ|1x;OxH0DV;Vq9twyLK%w0Q)UV+H2pC&AiWMs`q?;
z?q<|GhK#rW(M-O8B>5tK{<OQuMz!ePydANb;;W7z_I7TC>ZH)OXKiDH%TMwbkgIxG
zC%@kbJC;Gg5jvFGFUMV%yaFL$#@N#7A?L6pQ6*ML>kBUmQ-*V*51{1k*%19rKB3Da
z$#2SS636TZa)ZmRaC7kk0#7WQS8mQ{FYS3l@Cs~G+s_S+l9<*(JqoXGCsO1a6nCz2
zB<;41uq!r9jC|<PYaRP>yG5I|7Vi&wTp4Bxxok!<Q1b7;(iy+l>8E6&u+H5!01&>G
zw~;5K{BL&>;>VW9Mq`}TF*u?<9NcC$+Mz)t+&}S<ta5$OfissD(SeBWr)nYTv}Ddr
zg$zVhnT7&g$Ukw(%)SNUAzIhqk|VD1?zCr^IB#j?NI`_EjCcRKNKcy?e*-nxHbXpw
zUP8K9(Rxf(!S<-%SnRK1ZJBUDz$$$Q7QBTn?C68KmY6Qtkfr>F5}-=RSW$i#a?C-i
z*T-%`qr<KmpcOFlHVu3{#OI6A3xyCdPndcB{q*+#{&eX7(Om5I8DdQ^;Rke2aJ=V#
gvQXRbd$@TBbM{jGkdPDo&zt_TQi_t5;)VhL3t=>EfdBvi

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/SymantecMigration-DefenderATP-phase2.png b/windows/security/threat-protection/microsoft-defender-atp/images/SymantecMigration-DefenderATP-phase2.png
new file mode 100644
index 0000000000000000000000000000000000000000..03e534bb18a093382b131dbde4ef5b26b8bfdbb2
GIT binary patch
literal 12311
zcmc(FbyQo=_HUs=(G+NLLeb(5MG~MC_u>vgO7Y<Cl2Y7*6iQp5xVsgC6nD1<mjb~Z
zUi!WFuJ_+tZ>_iP`+Zh2XU@vbnVG%!Y?~9IrXq`vLxJ<)!2^7GIVtrA4;~`W{lljZ
z(e2D(vN-yJ;i4`p`Ji-&Y8!p?$m)&qn+FdnVsUREkJ0xnYD${Y=<8oNcRzdfjF6C!
z291!xmoHz^)6;WvbMy1_gV9KukdTm&m6cUfQ`14?>#V7%skODW0~%$^P$<;f+dD8Y
zFc^)-)rg3Q*x1-aG!UC`I6ON$`x_bqJNfzfWo2a*XiV(a)YLSiF^6hvYeOIqJ!t$s
z8Xg`V85tQxW8-uVjotIb#l_|2<yACLmm3=!f6zF&J~%iyMdR}J{{Frw%;pPv@))k_
zDjE+YHfG+VZ?K_qdM*zhkP`m=V)QW`qxrx&B`@_x)6;nGbA<MSNL834P585fXGAZF
zU-kBa2wxIkVvii$>v|j%Ca@RS*V&5%=CpQwwVzE{-<wNeSG_-vT@^C#2LBOS{qHsJ
z<AF<;e7DB~;bk};0ZPM5^Qd6YLvxYOcjfVKP6i=ZRjT$EAnpumN@Jm8Uhz5`(%#*w
z?N}^9-}UVS$bQlGNm2Bzi%!pWBHvAx_0HpOmOt3WUlXvqI{GFz?|ys76u-P|T&zFG
zZZAABHjM}nx_?b6Z+i6D>jErGO!5cvE;Q56XOaEH6v(|xfl<cv7EIN0rQcH)4BPFi
zh5`(rLx<c#KFiMxOVIxxM+`IEZ~xgz^Bx4@4Uw2Ymhb?oZ@*pE#f)(QMpE`^=tK_!
zpvd>y*?w2xR|Xt!jncG7Q~XN`B7?9B9c^M~gSWjOw(Tlsu8qWJ0jIqEuR3Jd;35iu
zWxvDISbWw3SiY49M@>8dEd$8&R{8Taru}w9gYk<eUb<h^dS>j_KQ!SRz?;gch&O#a
z<1KC81j_<$1Rk3!NZS8m5_Zkahc)b()&e0rWMK9^R!VIt!eV<_g6Tts!XQpsshJN3
zx*Et8vNfc56j6!%%L8)NwkOw*`)j$V+;u47=I95~R%j@<!#irkJj=w=OK_^F8pj;t
zN#U2osqg|h_zZ0l>|Ltxc!#kN47MI<icpyFPnH}O4Jw+|s9~>e2ynu)RXh&NJ&aiW
zlId*R2qV?YBOwx<d>+NpIMt;7<|YN1$p9-oF$kT%iz><%hM5XdOL~#HrSa_@c<ZWC
zF_fgGgSGmjkGLsck7=4$Y3YkBXe2-KX!{DhxuxsOvblJWpGW3(7IA!g*{3hb^t3YH
zvO?TMqoznO?fbs3CG_q>Q<Ept*d)*5e0lOk0HTuD?L||z{oLfVIF$STm_svNWZ98T
zMzH&hWj-^!<6WfQ9_4g+kg;L{!2|=$>{D+~l6a2jpZ!-m7h+pa-CJ{t+uW}C^yrI}
zjB?Qirt*rS@b;2b!~HH^L|^;a9DJJ-d!@ODuFYI@rR%kzo&VN5T8_7AUNIJyh(@o>
z%Q_}&OnvqQ+rme4JPV9g%Q&N!>0dI2Xy@Cnj{n4lOOP;GKDEqM{VKVM@ey*T+ip2N
zEZJK<GON<)8t$cwnUwKUEuPS!+=0duBl&4q6wtrBQ)-m&k=#Cn2YA`3lw^lhtZ>TO
zxkUt5H({FZl8{V&Nq^UD<;26jPE-wGeQtaXsqxQpbt1GZh1CTA<}XQTr=j9Wp!&qZ
zntdu;a0`4ca)&^~NF4I&vCSmi<(=ViR!#mIjsY4;i8~;&%~H2yd@H40RY6~Zu+JTg
z!+DRX@*achz1r;G3kN0dtvB+>mP)-KF$`cNPgQ3HD9X(Ua=(yf?_ikMklr5uQI63Y
zEUu2i$}yd~1ve#fW<!7}Stg$XmmQr#EU!_NlB#clnK_-}SiNi0ed^N_sxhmmpPfEx
z#KmKpNR?07WQQ!v%iP2t{Rze8!Bl1^<b)p9M`B=>;pATe^HS?+oxAgH^pstg^B58z
zyta_(aV3$`WVH?J{pp&_Q?JBB-X%@-E3}7mH2NcoTP-=n=QS5XX@gt|*V`h4G)7PT
z>O7Z7OP9OH=FQ;8UsQ$}?AUz0g50m4^KcL){W{Y$zG7#!dwGmnv>^Q$QC0HG40S}d
z1p&_}{%re5Ik1Q8Lk?@udI7+m6nn#Qc}l(_c}2|F31@9e^E%{x#+Fj;MCOsYk5_HF
zHUl?O`yG14+sk|LqUg>)JkX*DPTvvJ{osZn`T^Bh!vnUE&#KIk#gv1^O_gO{+Y0LS
zebuIfd7<#+UNYoYadun>r{uRh(j5=k5);bh$y_JSu!-u!0*Z^_Z=8u3M5SZipfF;^
zyunPr^6&|s!y`2y)_0QKW~tmSj%}m69vyaGH{BPv1|CQ94p?N-65Hzv0tVe?DVP*6
zy-Zjuj`tp){WQ|fpP=3E{Pd+I^V~{CdN)&C53cD`$m|Dvp-%S%ss){Y+~`&8kvp=j
z(uj$7Ql8}+VOTW#<Sk|d-M$aF52+J^Z}ogqOc24?l*ZQ+#6VU^{S#3<L1PBe3u)Ke
z>3{Aner`2+2BBNs-Zx5lJD-_J96y*Xj=cE!^#@_SJ$qS_jCw+_G@Ne!fyI#zn7_h%
z^}$1i4K<Z`Po$9f>+yH`4=-{byu<EiN!7yd3sx{s7k~}0t1EVz8TXPU*6&eNO3pB5
zvi53{8_-9FDIQpozvmq`)gPgE0D3$=CKbK$M-A_UsAIoP5Ps%v7Us~{4v*6tQtP8;
zQ3o<jX0a+{%St~r4a6WZOiGy3t_*y?uF{BuUZ-6LE^83=ujl(Li4tdd0~8%v{?gh<
ze{Nr&>B1jT#VxYSPDq%I)IXF`izf1Bdl9Fx({IsaaznkUmRI<?D3jfX=X64(zCK^z
z2_tzMB(cL3Sfez0IjIC^w|PVs&jWK-h<Yg;HL=A^N$B;Z_nmf#G|4G5kLoK+7LNC1
zU)7kI>Wu36<{592qfLY2z_BlRMk0A9EV4SPzsS~lQJDq<#jN<RHrubu#OoPZC7NLC
znMUv9qYJPT>+^RMOr)i?I@M6+(?Ma94T+_gZ^7(X_Q2g7N{#w_yX$(l#^Ja1GWbD)
zjgLlyA68~CvOIGKeZ++=NIVS*R4HIf-1FB<fvJX>H{ztsYIjQ&_rx$ddyryPFU;o2
zDQK1B<b{46XXZ|S{xbLk{#KX~7Z7#)YW$r)ov7R6k)78aFB2PF$AvpDS)Mz0XT`DR
z&iq|QIp(44b*;p^@bm!<ILXN`!Ptj95SfTVdX{$z8+e^&p^DEZ*?Hx|SJD|GENwYk
z)RI3EtD)jBe)E5~Fo;jx9wXa<06T_sCnYfRpsKTHT9m-GD2komv%8<0Zj#f4<lXtO
z=pa2I_0V7V40AXlxur@>Zk6mvcxi__K7?+H*oTv_?xvuR`n9xrVXzi=mvdqPD(?A9
zA|_~zvjRDAQf7|sh`8V!I){zrX*O)~`4{aF*Xc0p-jIGK-}k0aVoUmBi3lk^%OAa<
zFl)%D-LcR!Vg<(U_&3&@LF~Z%{!9!#$HrQll<#s7WvBg(F<h+(A&kcW@&_8U^PifP
zQoGdvy9HnQ4OX)%_g1ImLzruy5O?W`I(^g%`p_<4nbELXZJA0;szM<@AU)K9r_!#f
zoTg+`kabjBUCeK-*w5~a*>EMfqeg{OjPcm>!!P}gS?$O0ugA6~oZ$_oQyZUzlQjBJ
z@X>b)WGa(ylrg?{Vha)U8a5hHC0sW6aeeSmP~RuI*^<!>5(3xeqP58~>nH!@w;2#Y
zXQ(=Mj5EtDQi=Nw(R;y`^js#Tl?CbT$RBbFo!HEnj1@0j0=`;n?|(1)X$qJZ#xv?M
zv2mE!+3tTdl)*eiTWic*_M!dJ>>y9>7k&7lo}2b}|4sIb0v3(9bVbbuSV3*7MVa#u
znOvoZ$H|wM*b7N&*0ZIGwX8p%Z!{gtvk#;cu4@vyFy|*B->uWQTIA{5<>Wn>O=JAc
z6WCUnw8nPqQd{;*t2Vk|n-f_-;Q07!ZsFu}%iq;>$Du+mEHZk6;A*Vx*sdwXaBL>I
zj)A;aRRiJj0v_+YV{8aR3#AMn9QPhdU@BKiWd2)~{y=8^7cXyexgpm=>vpgB72@NV
zhpbI>PAd~X&>DsC$JcLD#%vc2SBloGJ-AQajSpLqewg=2D5$N<5=VU(C*G&I_Is21
znM-qRX!UfqdwKKo?oyK;TSfNd@4ph{+v$|#;|5LTJ|9}IV3jde7NQ+5ACgu?Owlzd
z==|C4KJF0w7e$<Kv0SAz3bUnm$(Fp#{h`jQ{DyT-WZ6ga$3ziBaY2R#tbJ;!UXRB$
zH_iT~Z17i-l8&`V3t?Wy#Y}+=AU|%%zpQnOgUd%8VZt}RG1Ktd*v*@3lU|7EAuah9
z5Ogs955ms`;q&>|e1V}-PP3cgA82QP9T_hCG7A#b9Zx8Ysm7kr&U@+R%!SFj65FM%
z?^4mljQf<`*xQ>0BimDmMOT6tuZdVLMa?3l=%0nWdlB~X&4Ps~f4sm?@(%fMO}cWa
zN{TPX89N~Np+7`-pM-KGoF$04wROVfjNwX~zW<ti<pt7WmWWdOy&(95%zFgGe!<rh
zFU?SVX~GLcu+_PzT1nbx*T-c05Nv;J4FYJ$>X}}s+&$5z^7A?$fB$hR-m-$wb)AOh
zgs$KQJnKoSW+M1chP$B@76l`Y$fyfqGqxpz0>G)v>elDf<Onza+2`a6xFjQw7{vng
zOC$t^dTFzHDS>&bn*M3e9KDl9(<G)|PQ1m6^M2aa9+D6}#1%QG=g^=iL`O-9`@Fxm
zq8ZOEO^2IfE7Kl`Wrq1HiQB3R72)$HJS<IFl|z8?U*1Dn8Y=$jCk>0Iz`djJ-f%4)
z%ZMfK0>XJ9RmckGb^RPm^Q)UbMJKM#OPYsR%R}7q`VJxoi)90HkLKe=cLM?j@jtEA
z-w<Sf`dHU3D`fQKeP5E?t<u4~EL+i>w8g0aE)ZBVGQU3l>ZK6yARdsx!0=c@i1p@z
z!N*W9*`R9Jzc~doMpeo3uC;JrxIDP343Hpg{L9U7P%K$1{z%Hc^Wnr12IJkC(kH89
z#Se3WBu$|jQklA60`?Vz@3;7#>XF;<#r}Jdg@4}Ub+Vox)!9{b8Hp&N<up5N%A}M4
zPEHkz#z~QssSIxW%|~QK3#=@W!*NYJIfnwwEO&*5mRB6Tbt$a%bV65!A~zg8JvZlZ
zt3U4d39C%`{Sg}KxMTxv6a*iUE(vc5sq`(MmV-w3goaGk(3Gc%uD63HT%s{mo_FuF
zQ&xonXwJ)5qbUCyO~$<oRgcsE-ADd1`@f$8|DTiVyitUP6#>)4J(G&K(rZ9PE8Kx`
zAK4C9+ef0iKr=s{MTG@K2v5!e0^J35UYRu}*Tb;PB^zMZW{qASPrF>%oB)9CP-nn-
zm+SGf-N<e26(BGQdmXqRxxGO<MLJ&62?mi7_kkBk#|PgQbLAOC_;_+NCHd5I<z>Kh
zO_b`0&QYdH%;!*(|JDR7-T;>ZJbkPyPf%6SOHcnbR-G}e`_bjH?70J1kij{PSi?If
zZAfD>dp9CB#qJzb5t<SBuSHCOJ5|J%0T?9p_u0x#@@NL(9-`Wq*y|nTUqATQx=L(6
z-hL908v14;h=^`?Wz!3Voohs&a~xj%n^A7K6^T!<5;Hc;#!D;+fvt`SICbp*`&XQb
z`*dohyP8>tCwT_FbRgeIo2BcUv)W(YW(Ctg;zAfK6}T6v-CZ&qYq#|t(&+ZIBC*)}
z$Lg7K;V0#~gvXwq+4@Ug-54ccC*%%FOoIG$N<W5xt>;|)S9bJk9K4sW1>Cr5^T#~|
zg?N?fE@{siLWC4=SN4MG?0IL)bAU=rO@b4F+uG<7hNG32Bnyr6S4}nmhp;pW$M5FE
z-m86{a4eQ<$gOj<qomt0Y7D%~{KJN1_wM>;q+1lFk|G3N=teyQIMQUP<X4_pnl%od
zqB7lGO&tI=LxMtMt#+K|+ph&vj%4ycch=vqb><L-J?ybU?-mSU?E0pOOuKQlZIvd#
zGKd~!1C`PbPN1<jQHJj;TJF@srM98u3U4wH%^EVc_C$lSjX|l-3wT$T5w@8z^PZB-
z8gkepNFl6S$I@SQ*UAH2`V0)1%~YxlXP(bI2!luto|p4~rFY~IXiB=PHLyfiRG2b`
z-=!^)uOJV4h7Xj=Pb#8Ki1OyC03O9*^7f)-E57l9M%Q2bISS{^C)z0;TYYCFF}P)i
z@Q=6yh2AC^EnV@Ndayqywkd`67ulaPoEndwry6~+l>~v(K)HUf2?X0wwrpU3r>pHb
z^c5I$kCcCy)LKKZJ)edtk&Bn)jfxOcV90uJ<v=2|3e>FV^kmkF9mwgU62Rk>$F?E0
z@j1kcZ2s2IGn<5@d4UhDFq4Q^-tph)6-!9p4pCeGR@_F0^yP8AN=y|btG@#Jlf|*F
z3&Pei*EnEOH`i1|LV`UAtgnCe=PdNp{T+}W8*01W&L47OF`nXwPgU7ZELI3OBJL@e
zCJX_?h6s!4Y^q~*N#dsDJ_Kw9Irz4oJi4=Y?b3t4ysbZC|M=j~*~-Z077e`KlTe*;
zmYvm>Albmjrj0e;p8L|dnLf3;97c3|n^P1kigTS+@lTfI46aPQII4fd8+>@PI`Jr`
zCR0E^-nqHPj-H~s-vCP_iahnTa8%H$GN<<d5m-iWT_0DeE`b(kTnTAXr!yLRF(z#E
zIY-VT8sADc;+?mBDpYJ+=qEtXt1`y^Tc@qF9Kr(6Qug&HCYRl<FmuVlQ)mvLKA_1?
zzOEXgK7bg`AJ;kI_DMtPR7de3lX9LCA3#uY8}r{w;&mq)d&cQ+WE*3QL3sulFj4AJ
z^*NOYQ7MW!MB=GsS{c(=UXP<IMHHo7-e|s^g|G_&`*3DW!>tC^E8;UhNUcDz9eEEX
z-jQkt)o)!&UdNxVYz-Cwnh)(2Ed3^VCQ!2=Y}*CRUrs+|aAI`CN7ZIOvztGC#VAku
zlBDCl$ONF{Tr*m*LI@}W$?i2u0#whnwM}Pr;N@8Kh$>j3GP%hc#wKTxMa2DqG${#*
zsheN!E;4aRXK-GBoSM$wr84~OZ_<fkf%xv5nolY_kZ3XK@I%Mj{7fqPFvXka$6p^4
zMAGw>67SBeF>+4qJhkD7OnMLj7voAo+lc;?@{WhV+HlHaT~Pm3s8d}(A}dNMzn^ux
z`w=aLoK`cQ(vJq<zWb(rJ|~r@u22{*5_uq}4{7qI`>ge+#H`Xt#5;FGT5>Gi_|5M1
zH+&P4JcCG>sDOg!H-p?cJKI-gF4fX=PuR?Jn8qw1XDa#MM_(Z>WCQ4}Zhn3qpz;#m
zNUO@^Tuq{AqZrv`$4iNG)7vDA0;>RaYg~vsMefD^IK0H53@tJC$14#wWl*Lv*c#)`
z+3>0F|19NPHE%e9$S-!?RxXf_?d<a~-t)8aEI<3a9}zhlrCr#4LS0?SRdR<9cNhf5
zOpnYroZ4Qo4K+;oj^_@IP+0%qm@*y<u89vP=P__t;lC1OvgLUr+Sai`c@ZrzTIqRe
z>fsWSnmfkGU@Hu-MteB+pNP8q{y6{A{Y`{q<E^uMdCYUAyPuT8f&@YkzqfLw)%mQ(
zPnafr0UixJ;$FU0k40%nf?;jr2%)!GS!10a-i<f)Ko32>Ggkm*Y_Crm@J)bu234>o
zEkrqrpU3I=+pZCvJ!x&aU5>N?skKy-C9B%<6Ags#kLvNvioO8^FFU=Rkm{7_$^ZhC
zwYFZ2_Og0`uw8Uvw2sMkfgxi+ajU<_iBH2WM-dU4et_g0*7Vqg*&m^(`Qt`2YkM<j
z-jO;MHSlT2<mbybT~%@~rh^x@?JiQZn=3HJ7xqS2#$uLD$7C#j5b>B|zQ-%sOC4hx
zq9O-13(gjUn!~-x@ZZ;BG1S>bY@ckN9+sayFdJd2nhl}<Y^<tU5ypv6Y|{$M_*V2)
zV@A;XB02Bdla1I+hPI-HRPzG`UC&aOsGGvFI_|6KcuL2HKWGW)>*Wv0P_XPmHW*4=
z+|6@XK8q5$l|(m3-I|km@g>{JH}@1BaW}ISg-#baPoYI%2nLi@M8<)=o5lekG5O7E
z_eJHl?;<;rIyENV_iKCfE%dfS)K4Xa9ya^kFZ(rMea~V7^mj3dc!|tf80d-QzZ0fG
zDtWF`GqLzCy$P%<gSNS*=ACfVpvu-}re}&KX~)(KJrj-k_~L7ue7>~Iahr{Caio3|
z6x(V^`BTLL0?l3t-&Qgi8SLhmP_%Y0V2zvKlz|48Q;9Z@C1=q)-y7JCeEJ*C490iA
za!ehm%yi8G?a}e%?11g|HtSUPl~Y)G(q~Qd8_(CO(pxT<wwVA`^pSo>@TfKV&Ow&+
zDUdu<dokSN<>Pyf%MPAJ3h+XXva{_}$Kc>+g7{h<z3%5juZgWiQm2yjw7h-}QP7co
ztjw%XFn;u;IB46wBT^fV2PMk#oXI=hqFs$f$0eJ`D6S@Q+welR+B(?Yds3ARj?qN?
zZTMyhdt#09yZ(`|(huOw3vGlw@RgS3;)3kr8WP)aMr2`aO|<!NRqh~aNoMEdTC@eF
z>3Oj;g`jTSa-7ulJj<JsfXVq_Z*n@?oI?q%ow24XWAabAH+%~YBi=Ioa+W#5AYvyS
zJgOKt$EZ1)a@v3ttWS%Z_V%NoSQKE8x6%)NKtCJdlkprn3cfr8jgPlhRRS80$lZH0
z;J?Ge!YRb2kL<w>Gf?0!K`;Ijdw$)Et2T|vf5(@F$IyO!ETb*YScERmV!EW=l4UIu
zZk_lAl$!hBA?glj!I(btW-fd6ut96|$6u;q&mCxiXSVFOu<NdMGIT6EghVC=94w~a
zH{MciBU75##KlL+S|-n&*Hi$+u_WUqES=6SoGr@xU6_L;?ts)8Gsa}?vn91A*1CWI
zl6Tik-WRolJpKOq2r)Z%r{Nx}p0Mqy=Vp2}Y@{1R#C5tC>EU|8+uG>t45`p;EM3r4
zC$kjiOblL_`F2_>G-}`M>|5efqg1B?oN_njcPa{7L_Dt5#m-d+V3D6L41*0vJx!+m
zgy2UzlmW(egSMx75p`OMd`?aOAtVCyXb8Gh`_!9lfJJ4D*5@>dJ$!@Rli&`YL78bY
zVml)ikaK7dhqh$FM9o)<kwo!xs5HWWq^dMc4k7H+uRN|3lP`O_RB6>H5T-lIWnb4X
z(c(qYij#e{LairQ?}>KCNMJ4HRml|k1T3v<sa0G->4zR*xwOo1*D<8D4ezw!>Dtde
zQ7;kCVHvD;s+EVzzUw5*`|rT!3mN(BC`>RFCfhS5U&oj*EJK=&#r{JcMln~ErHG$~
znD7FuhaHB`g_gQSJ**_JJh3eY7#`VUV@6z<r)qm7C*Av@5x+i<&f&)R)w1)enTwZO
zNE9>iEfxUgQ-<XP0<&g0WrqCaI3H<G6{SuF$HJLN){`wr>z%@H1OW=#9O?DIHwwiS
zUiFU<G%mxlsj2c`Wm^$$8-NU3`~s5TYHq+%A9&3+o`>L3y7-Im3(vZimfL2}`haz6
z8s0yB=i59qi7(c2KK8B+9a?99;_ta>yX3JD0sK{t_eCL{og5?%zJV7A?IV&}JWtQT
zEX)ntvXeI-<;NF}N3novxsG?qSWaj@x_FWW`#T7oDt<WS{yC~D(*wiSIzZ0G+6X>2
z(Hx&~Y!!^!sXX&@mpj;o_$UKuc=BMwZ*{${l(a<uZi2~$-$cp_?~&c2wtYHK&5y9b
zN&{cj5_C}(ZiKthp!yOY;mRhQ3TxsXM$G(i!ST?8tKkE)wzFy{^eWvw=B*AWGn)Ot
zH@6=hOCFcy!H%|8ymaefyD{#_%=*EOXvpjiB(r^IHME~N^H~#Yck4IA>$<h|u+_U)
zY;AFJlT}#fNXB0*y<y05y<i~v#y*5J0()``+1ymv@J-mZzuI3Ee{#dglZ?z9$wpB7
zgV9_wigV-p?xo#fd`nr1X-Cm^0Ul5_yL(p1-wJ^9&4@tUApm3<li*w&OTVkR5!x+k
zBK)&&K|6*@E`JrR>s!dirmn8e5)y|-d1?$9G7VqLDXDBC?U}PM58;dVm8Bd=sMtVS
zs#8{K=ljZfrDO`jEUpw-NChZf$1=D}M;V<wHGq71+gQNU2;|=NO`=ZnjN%#X)3$va
z&(>fXcVQIc&x=^sOvUj%URQaz+8}Vqp~23-5^Rf^^0^Z2Ffvhc0jDppjMUxnSwO`!
zA-|_p@Rf8&5AAh@Ps>{_R;j@Q#XRjIqZdHVQq)!w-w}QtCT~TKw0C`JKoXNf9dtbR
ztPkOR7w7(Sq$c)sQin1zwE%|L1trWVk;-OrniIT#*Ye#w6u8tD`+gZw%&7ae3075i
zpmA`K;D^)U5w<gbSoHd+>d~&<t({z~yB&@Zh)J^wR%J^)7|UbvYRJVQX$ireZ#H_u
zM!>B$mcj`FEgIy!xO4`F5uaU{dEMN@y~!qVY-cyiwjkS$-3l`XX9@#e%+Z1Ne!CnC
zwrT12q%$d{wn~W3G1#2au|a<^2R`4y&UMw-rmeYbBCQKYM^!BVA7_9{fMf!zU{Tj;
z%|Xw{g;mRmWoM&LyFWn*b&pP0(3UjZXU0K~`z@fYw$mP_GA0Udwx9|AbmX`OZiTYl
zMeyr}mWD-{8T&-sF`7yWczLp1??80`!#;nY846VGBHKDt`e1e~dYhS<^o`K`W+^<F
zLmp5pN(M%=9!kEEJcqTKnYe6?`P8mKFf12U)XzDA2ysxi_1_Ej^7Nv!H>p?gkEnP5
zEWqaTjTk`R7>rvqQ%us6IYpQHS`f3Iw9Wh&D&#V5OCNG@$UWZ29@ia5dRr*06?-A$
z9|ikXc&M|s6No+e8|ky|C8NQiF1A*^4E2!>^pI{>vfE{y-vdr5wx`HhbnuL2+lq}M
zw8~!JFq1!-r}NI{JG^*N_Q+hKg;P1G?KhG(*0{FW{SBDPudX24imucTQPm)zl*AJ)
zEtRTC`Q_7~jg!B)uc8b>*4Wfr>SzW;Wv1Q}?pZ%Kq>zu6`itk#)|2R)WSH9&zA%m<
zCX;3fEK&i^uT@^<p)-8F@sMI-7*e*wMo<ErV#$Rq=TL~RT-t3QxmDL8N({W))T%L~
zys-|-DMmkFFwIWo*99S45PW8-m>W#_5ZYzmFJ*2qzabfn5rY;^ttb_-_UG5ljDoTo
zNEh*AwFAf`wy7?GtI#{I2tMS_-)UUBMEo_81Rky5`Q2<L4JSd?d!MzZrF??40g9AY
zDsHwZDiWA;<3Ci0X{II-jYI>3V&yOV=PrEKr&ilE0bCbNurL^*(h)Ady=`Sfmt)$F
zE(&D_&gAe%k-71-$(I6U;4$Suf@vO@*s<CwBoo;s_Vxo4B5wVq4}F`LP&4@ch&$&!
zcmW-;`FUvFzKFlK3GvkUjB~th;=~LdaM8>BQz*RNN%91DvGBdp#40b#A?jVT^9vA_
zcCeEHxp>LP)A3QmPeuj-?T8xWgu=Wi$D|c)z1m*hn<vA_dtOl;S0yvT(HD(+pU^6k
zx}P?Z|B1Wn04<muoIOR|kFeQeD&tDP8<th9%R=cRnY-T*<D{<<%bnEDqj0q<Am?ys
z^juYQZg@tdjqTpv_R@Ir;O2)hhdvH%RGM!WMt;%JVt{lOT_e2!6Mi?&MFH8I8sJ!j
zsA#JbA!n8{$Hf6`CBDvucnFh<ttGF28{ryssQC>UcwThnu2d%oIQNT}-(4jT@~&8p
z;0l>$CYmO6<B*gevLOcWMex0yeU`Dkf)xeY&b%YP&LxMnBl?eoSJ4M)$$01Ge%l+Z
zf@We|gJa8xUbN}^5reWJuEx-;ID&fmw8j`=GEEf2GWJ`_u32R?Zr}OH$jRaqKN&9*
zlKc6KJ#d)kXS6dhW6FqaLoY0)IH;IF3Cylj8fZvE0_aIDf0b$Vo2)YmIf~oM?@5N0
z{Md+w=~jPy?|{$`p;xRCrn&d}n49WX^#p>p5$)2ec!iM8#-~XGL7+xrP*mfuaFS2|
zc;)f!Zw88WR@V+V-d;jpy<!$~w}FlBiW#hj(Kn-r@oa+;FQa@DbbeI~3lZZRaMu<%
z?c{I%e0E7ox9+KWo9x>aw9Hn6D;@}*_F)^%RE^z>><agSlfn?XD5Qo(uR+^a*!uhO
z?Rd@dvbeqNoJ`}gW^>^`=0vrB9_<#ieQrY6W=^5UR)IF~bAil7OWUgU@O}el4mlpc
z@d}ixN*ClmFh_n!V$P>`^U6_Ne;V-m1DQ>~s3)98Q(tka>LuE@AA8mlM+37Sg6%?d
zp8t(riViKarA;{nhU$NuTT6!+F)G!$1I~GzzC}&r{U^xnMhtQ#&8YfhT5;0qR4+Tv
zekSy(U$vTSzZ5Ivq5F3w^almtwSNolAMsJXmU-25>V+cO**-XU;a%89_dv~GmmdoY
zXt}Lhx7_NEK0#%^R=BxpUS5hG@%O98`gVpoap`w~2dS8Zw=n(92~em2O(D69-8MZ2
z702(edDayI_I)44)idZ-^8J&Y{k(=+G#LVH$3eY2br9g^c>-6f0g5eK@s}M(TBE&k
zJK|X7ldXew%g{e`R0Q#Fv%Sc`f9;fy8~MN&tAS~B+?)u@Z_^)Q(-(PM#)x*qrhx2g
z|Lsw8$w_aahJ|?F-)+$rrAx0VV$i(EfJL_6e9DEr9%$c3cA-gpbRF+RFK^be7Rv--
zx4F63s>LvregHQ*pEm;I-EoxFa4a_Im3%;F!Q@LR1o&dn+UL;rvcx)72is-Mc|HM*
z-L9{(F#naD@lBFO@if#q_oBBaS+k$>eU|H2&c$#!Tt3uc%0iqtjBTvV=I=&<LQCA0
znqasIrIwRLpDoUy&|(Y%hGlVW4{_Nw!EI^J3$1!b7X$4)JJplihdtXy84r0Due>g(
zw)Ce3mw&ay3pZnXql;Dq2Tx~4CJDU~!|*igK4fG46WE^SoH6bOEe7yMp6D)X0$%Yq
zLwUZ<N9%1spdVDRwOy|lB(VT|V~qJC04r5hyiV69Q$UENn_fr84mm<_!v`KKwnglU
zw!z~=5!>3%1n5dp_Cf&vx#2K6i8uZ!TsF%4`=>oBewbEQ{ri0K?@Qp46u3;4uoP+}
zJ5GOBJcA(AH3oW!0P^M^dwcHor*a*=pB?LLS~PQMg}r`7c{Z8)uy~h|0RJLh$H+hJ
z?j~@~pHQFzJroe&(E(n#$wh@a_>Hy)u?d}WP(>=ZIJ~78I7jttBYQgY&yqB#E@te(
z_HYN%Er{F89R)ECIFU*2_>dvsE!T{|m1c1Up6L-CFkax_dD-70PKnf_@k3JTdS@F)
zuUPg0M9=u<FE&BABEWpk>)?iWk#hl2>=v1F{1tTbzB0Udtt<8W2{+{oufG_2ue|}@
zO+Gw_Uas_cOXYiM5>)TR4L_qfKrYNU%O}R2`B@(D`=aAVSvy=827h|YsmxNUC)vUI
zAab!1;G@z*XwS48zgeSEGps};istF4jw00NbnuxNW>oD#rGH!8c7JR|=31Oz=-OcV
zWfJPP_JagWzqK22c>HM-UE)JmitlDRrg8sPe66yM#Tx<~Ycq<*v7Oc-e)*Hf+b2n?
z8)cfn(u6qoP+Ez)c}ihZizv<Ik6&PyuhJ60S=I+y(c5DPA9-r<v+=zZFkVqfd#dXS
zFYz~65kp?DfzZU>pW1N4^oKNm@+Z5}K}|8hyIwwfKaMOlZ?Z%)YCnSi7={L5mN50k
z-U#2V;b)bPYyibXl6%uN(QVtTafY=|S7aODq}S_I_Nv+!wba%T=9Oq(JW**g_$2@9
ziR?#|!sP<OLoK-P0IkWK?TE4O%Hq$=>=ziYfyQ@q8{nr09;=(Wor~+Ta&)>+@2B^S
z#`%Env$apIh5wUaZ+O>(sHXrHNd@TPaRD@a87%RiT+o45dZ>3OLiVOT!MWvWP!HQr
zUW`c8F8+~w=>w`*eXA~G7&Z}rt!J}U!miOM0agVF{Q(<in2E0`Xce3+#cqkGI*N_!
zJfA1JeNYG_k=ubVCjB-<8=HR)qK-kJ<5t0z=Z38j730U@$uMNiMFsyeu-$4P!c1I`
z*|#F-ASK$}0!WsE-JLUMU~Izj94JPRZ6}JAH_zzliH{Glm3a8Q5IrJZ<gE}MR$mvh
z936eQ;hC~>0gcxPsS!>t>@v6>UDHlJIYpJc`IoF6z@Ucg78Y8Na;iXuc%7en{nsOI
ziY^egSgj+N0WEE3K+y~P?^iNX`w%bTT(cUNr4-|*dGlR9Wcj(V)?+&lX-5$}1*r1$
zVVSYmxbMIz;tyz|9c0&x4w|1=-ZSVh>lh45TPV$X6?1CuMta)2*$~@EIg0quh-A>Q
zFOmZ2$h!f<&s{_}fd09RbZ6Z=yK9h4MyiqTA~IiLZqFyY$d**`@NodEzQSL)s$2oF
zkBAE+VL?k?>1X2exIX@FMZsaek%Qm1SyU9)m8Q7?`SJxYq)}E+X{IxSZ)?yRP^MJ`
zO4b_b9u30t5hJi_4EGjNRsiE2^j&g~xfj?rLwL`jH_VSH#&t2E|2+O1%<0L1)u-|E
z=0mZ`;UjJp9n+q@y}f+jO}>oAKhELg2dJ>|4J1FyDK`_%;%ICDOvUC_Mrs41RNl(I
z_APqb771Chy-b*nok`8~e<=mdWXc6@Skxag_C*oyeJ7xyl?O#(Po>tpkG4KX$#Lh1
z_>h76#FV^u*W{;Vsxd@ad%T4|rhbxJ|2sx`?r|`W%x^UeMGK(JWBchOZSFEWLtFsm
zmHPR~L)r}_1IuxF?s&_HAs2~D!~o*Q7lc4=&lL6s5QxpBNdw3xJw+Wtnkh~)>s)*{
zKcJuqNnV~uG1)%4JpJ0sAAf<O^z1%HTU$GtPy!r5wSBy|5+A*U<oiG%@K2VLE37KJ
zJ3^u%28Lm=93GB6`+p|PIfj^i_&;^h`9FTt`u{uu3iJ!%L(EWs=uo}W|Mv!dxqN>|
aWAzZAD3PA@6#d%!19@o`sZvSP;Qs}1C|rgB

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/SymantecMigration-DefenderATP-phase3.png b/windows/security/threat-protection/microsoft-defender-atp/images/SymantecMigration-DefenderATP-phase3.png
new file mode 100644
index 0000000000000000000000000000000000000000..ec1325ab1da4a06d3ed7d38e4035eb78cc6311df
GIT binary patch
literal 12688
zcmdseWl)?=*CqiHf=&o-0|X5g+@0VWg1f`u1REqkATYQEcXxLuFi3EB%i!*=JJ0jJ
z`+xs@yH$JDOyAR0eRm(}(|vWHnh+HwX-qU?Gz0_$Oj()Fst5>3Q26h&w@C1E{w!Vu
z{&?lADlLvsF-p1zuOM5BDT*N=R7asd8o!3u+f@|QB;n70@U8FNyLZ^w*yL~oj8ITe
zP*G8_va)h=atgr_H!UhEDlILoqN1V+N6vzgkr4<4vWKH`&C$`()6>(>&(9x@mW_~*
zkf^ArUvNNol9G}#Gc$AH7~U@|EUc`otcGLyxW2x=4UWar&dyFK6xt8R-}AAtvGMWo
z2{^W|7U4L!Sy@?GTU*<J<MeKOd;1WM%ZHPblPfsxo?c#FN&~I4;KILhQC0eiAi6zo
z0k5Ds%4j<yAP`{x^L;f)djYottFr88F*UHkQ97#bbjQtgW{l)#$w$=Vp}Fr}ud&ZW
z5HFq$XPu9okC_ygk{d80doP+<k~mjl1)5ViSDx3n`kng1z2=?zBL2sU5q6=+eedfH
z7N{@!L#JgYIY%3H#!J$Og$OU(&k^@dGxQVQnIG;1%ajX=Bg2FS!t=MnP(>r3D8b5v
z&T59n$t9=`wngnuTHEz<LH_0O`i(&D3scI^1p+1gR`aPMww-e?`)c|1F#FaC)oH2Q
zv;3#u)u<?j1rX+kO5XU}UqGo?=Y&I8)7_e(iK5;I#<D>q!hKj$*9rF%517~UDqhhr
z6r$~g57xR}(P$nIM^D^=MYTK`rpf6^0?<3TiJAqUF#%)r%d~V~Jje2pz76HH*52K2
zRH|JnE_*(2@dVhhVrL)K1}WJL>+i{rt$8aus@&QqSJITN!^#X*#15o82bZUyoz;+q
zG7a2~tJ4+DwbIBE+YX;PhCP+QxF>fJrjUS=^Af^M<7rd3nLNgb;<C&8Y%b5^!Nnr>
z<shc))tZl&G;GavxjsSnzenTtQ5gl7(-71;GlT+sfEu!aI+mVwKq<q@6yKG$$I!W-
zk}G>G>TmTl@|(@xcn}_u0(?GHHh4-1m0ejM4`w%QQ_4R|z0!K1mvoD4*qs!#?egq4
zvA90UYhJ}gd%`Hb)P4OR<=!%T{wNC|2}aM4hIpxxe-2-?$-uwzY*nN5>wU%py!aW`
z`Q$K`TlO&CRMA4Q{(MuJ;4B}7zMp=xo*Ptp$&okdfX7UF*iNc7GU<bAwBfr7^<1x#
zNrg*hRPEabtqOLVVPz;6!ixj?DEdF0sK#`hKw2z`g`Xpkwzn@nErxeWq!x4FGC%1W
z=6&|@9k4+}@k35uo{RVOW+LVtmS(^73%@S~iR;v?H@f-`XqR{#9Rm)g>^r*I_HJ&*
zsamhF8J|qp8NPnxdXVgn8-{WljE#osM|cL3QqBIxXdiSL6{0#%?|Vd(U3mHM@!^bj
zH<*zAVdy+_C<V+E(^>aG6h+Y}99q%2Isq;5?~};C7_p9F#nHiClaNjNydz@EKNMMY
zC#UiJB#9!`eg3LPU9c@A?y<@VJuKP)DUu71refuL;Y00{DIZO3i8+~-PWM==v&PU#
zO{z0(HGQ%5zII1v=h~z<W30*ZTgjuUCnJ(h#fnZpW1!UQ8EXplE%&nK+nMmC-$hIx
zd?%nSCI!0=A6rTwGhhmvj`ekVKSeu(c$Fc{9;+!N?P{X*A~2Z4K4j*y8W)qhq%#!L
zaq(k9mbUE2p1109BjSLiKkpG6DUd`XiEzy#xn{coheSW3^k#AYy0#W=a7}}^NbknX
z6^&vv8N_!L*0$_jmX=F^$k8YR8pCMst&+jL>ce(;vJ49`)K03t_#T8P6j}L@-vWoa
zvn34KvMO0f0r9r908>egQu5&Vl@-j7Y3WoU@v#i5<fZ$zB1dZ6U74Oo<4;w%_)+;!
zL_r=}fEHEE(+4?@OfOzFq1WA|>qS$zOVJ^l@3ch}&7f@Yh{5JmY6{_R)5Emxo`6$1
zDMJoL)`$mhg@P;?{Y+GE7`24(tE1<xv4FGw386JaHeH7|7A4V?L~nFd-(Z5v3QQY(
zZTS+px^o8jr@Fe|B>Jgj?<wf^2Gyty%vS%1!-~mEN!Qb)+!XTTtw)5uI(nhV3am0@
zh*2EGCn_=fS{v!d!k{D#bTK`tSQ$J=$JwD#&&wcq5UYg@Eyg5@E<~4w8w0ny4CLqd
zDd~kCgH)gEeUB0vQr-!-e5LL1UM66^{1eH5uh}qRwm=){eb;2i#DXphkcz6^@o?86
z5HrbpV<a$UN-640EjDtie|@V}pz74yV{c6-%7EnNZ+iJGEgQyit52G39w8-bS~VnS
z{3DJ?%yI}><EcyW@BB}2X+)7Tc{15T?xXZ|S$RB7ZY1#!^=RmtLg}X34T7!nn*=eW
z9}$ba%rX>54O{O}rJ8>;6lJl3>SZ`_YTD|x-e+g<`gV96%?ik>$B-!o#D&yrQl7j@
zPY$%KOlnurk9$%Lc{&-ZUW*>p3P!c=1PLJ*qfO|Zi2E?hE^2%OWy`edTqedH=nH9f
z$I&Ea>%eEROvLzG#pQjXU1Nbg@kpQilrY1ACSXH8#w0kv8qA`a&t4F$T`wJu7A&g6
z%7|dARGKdrR*%#Y%*~kE(pK+2PaI~rqm80Io-X%2_R`Aa%F*v?bN)x>8tm3DPb&&{
zNi1fsg!mT?Q#3o(uB}tnW1_Q?Km#&cow&&y8wDu-g*#$d-R1L4AL-kyRB1o2qCx97
zft*EVp7hiB+P#w-NslJbBs@GGE$S51&yXP>EoLCw&>;nlPW%j(hd9D|H}IVlZ5{o)
zkhKK@w&`+J)SL%#zrdtyZ9o>En!{6zm)%9hwx+Jk2r6<ojd}sF+d{~M$)eR#CXAwz
ztc839(WRmQWR7uJh3O+6qFKDXuE`$B-nbmNUqT!d*}r|^E~4fX&#3Mtbcn(ppn>LB
zk37RnFpmGDZ0t*Eo+{;=CCf7#%z(?#<7wjJIvRU}FuOiVjA<1{wTJ{meRWgS?hhY1
z5LKyaUB_Nc`%}o}XJ*i8Pcapj?iJOGd~0N2oY2c!EkT-a9!K77OLD`_pvGyQLeu#e
z8;6Q)c0r#6zGbYzY1t4*qj_g}kGCL!fbHhT6dyg^`EZUjP<vVPj)U_c2n%!fLqf8O
zsyKazma1YgL<;#=f?kkyJr&LCB@84iMvEfIRaS)QQ@PsiZG1RYs>XJimn`%hH-%<>
z-)99`nhMfVqeaKx+gX<#xyN$FAKs8;Z);JKIZi3L3cL5o0OiNa0bj)DJ!0Ozk!{fD
z2nBNwRZ^U>9qAk)z7HT*M4Qr^`ocrL;2<N)%~JH2H!z>+fbEFBEo%RpqD;c)1>Zqr
zs#6?B&xSH1^rdR-?C2YW^&)#NueW*0`R_q0gOl=N?BeX*^Ue)#Eu3Igbo#{DN5z_~
zppPc>wtj4}?M<0YBQqS+P~M#Hi3L*D(o8Oo8tlN$;q$P+l{*iqx4q&s#5mcG6cuG*
z)@sXeJ^ogCM#?eu`V-pzOwrVo5wN4r=e=fp?uue2a5JFx7mKx<+YW_X@^llW;2!dS
zV7r~jV;$ilbG?YM0BCx0%(#i<lLg+$A4PIwpqoj?vj6b=+ylyb2;clhflELYoZB*U
zNEvN`FSlDf+5gnq@;S*t`|Wg12EOcFgjcA1W1&G;UVd<P)vG?4>vbRNk6L6BLg7Ax
z%~oVeSt_2l=6&@NxLyI;KIV8r>3(0bluFp>n{rHxdg5z4IPZ%a&;!DZa${MB#V{I_
zN9sL7rI+ib${O?1m4%*`y(^xKw1r*zCil!W4zE;)8*KEyp_=x}Wulkv0jqHi#!0lq
z-1|7^T&8h@aK2_|6BkPnP5PL8%o99Om#`tL^{1AM$y1=9z}Diu&JR1>?WQFbPq;x|
zSLpokk2?b2&!bpaS-cYyW4G2;4m0}>$|GGVZgPpa2X~15<B%c)fps6^9z(nUp<!pj
zV%6&LGe)90xd6HB{;y1_=V9g()k_%1GF)$7gFMw`8BNKUtydh6-C4S)$cDQ<{iDy@
zGVss3uZ(BB*4RUuiEE7k{!&H)^NkfHY?%3k4Xt;Cj5=;j`N$em-uuRsK+PKB9!}G)
zlE~YLWGgw*t6|k>Q_(@D2Ad&MwoSoJ`cJWSf{5>b_=oH<)k4jak_0m;Mn|ABZxBHi
z*~s{QweQOJ@+pYw%L*l@?{xS$>FAf5T$1l8n7Z`ju_dk+v2Ug*o=XT1jpHTIMezB3
zXg2tF=9mrAe%E~L<UhgtBp}8j<n1eVS8UL9Plfg8z@PYQf0GNx*`lh(gX`F>WU|(V
zzoD&&Rpc6xy+i0+f-U)e6!=PX7Hm$S!&(nQ@3WEDk}!1{VKRm<(pA*m#7*qZN5_mp
z2$Tdm=yf%)?jZesIj&$3H`$2=zcs_EEUmpzznKJA_vqo~TpJ2=H1wh$Mk;1$JT;H*
zW`HmIo-XQl81ChwY7Cja{HUyY$1)IYom1X}P(X@egemSfcmDIdE7fp6<xX48k<P3H
z9|vJ2Gf0o2_`_8Tk>H`jTmnVip_XV{Ub%+A<bVBG_N|B&?#3{0>*hD1g9TgSbqKB;
zEyA0W9v*?m*~s<mIB{TP?AsaZk|$;4ZzHuNWarj{=QKr6DH^X!w~kV->0H&38BnSC
zIl2XY)cn!9CH~`<FN@j9Hj+$%pRFGH$E=-rA}R<7$z!o>#kS2Tw$~5Ok%{FEXH}19
zT@sBg(H<Sbq)@7jgTyc+*Ceac9D+qzb)Da<eYMsGq@c!o2~Nip=Y>vNx))LG4Hr@W
z5UF2`x&BJvYmRYKrQslhi%!=02i*3A6=t-+)X5b2DVriduEwW@q(+BemkKqX#!;OU
z>C5d*1V{w!m92=iPa;Z~R;)4knUuH}6R!qcYa>gt)>oTSYkFnE0qbBbgE@jpEEAYb
z)-w1u0))k%v5}=^hUitUNmc$+$L{sf`d>eM!J<y?v2P&DW=S}`dN+>T>ta&!2Wze&
zLUT}2G|iq8;4BiKj7O8?K$cN=se`PJRA1Kr4L??HGVF`0EMBoP7n*G00}blqKw=}L
zZ^LJQy)qmI>|-+oD8fBaN;F3@@7p;Qqr{ZDb5mV(x@2Eajkr8#p)2o8-dHl`6Ms_e
zQ6X8>^?f-sbER5o-J8DR;$6T|Va<xS{moHW?^mwZsg+eK;OXv+@IRS;zd1A6|CZpF
zQ7cR&|9$K){Y!29^#l#eNetJK@el*l7s?<jS1YV^%C=8$MQb4<obzqA6ni_c!ew8<
z(2FVi;*)!Ao$gQ%r$!icNPu7bguXCK4x?Hv)rDE*8u`KGm#_Z3OX4v?$mek1abNui
zV`@)5shj62gRh93NMlZ>Zr=XlGH@<tP&c8tgoM!;O+bw%ue(@MPjytt@;tbE1QQl*
z(vpkZ(0h}(XMAK)&9lKfy5&d&^tsxqzEn82cAz?V;f-`g)eC~mv;|>e@I^X<^eP}%
zA@==FEHOi;r~2&*U0q+{mG~jjsc)n^=S~2D(Wd{A;?6g6gZKaN!}qeoJDT)ABF6t|
zr=W||VQu92Z^ifGE3`_=^m-v)U{<xk{C#v+(_R;T37Fh6G$31*McuH7gt1_X2u*Vx
z2*mhLdo8x~QI)3mH>XBLaq=?+`+cE%E<xS#O%N1`e7%wm6&?+RLJr)D9w9+OhAq{r
zz?Nzg{`71|nqyd(%E!c#Pty^2Q+pVJj7|VRkX*Cc_iX#JBqhuL2@%ZrfWqHBP3_p5
zFQR|FyipqzTK-4eg^2p4n@pd3PliYDi#6y{_)~wDBaQso=^V-Oz*S}V9YL1rF$}KA
zY%*5aijVW4E0V)=zsJja+zK-y;PXd2$G<om&##K&yqe(3a9L2!WhT7g&M??Pe8GS>
zK?MqrcyZ4W-2p`Nm!bct$A+$D<HUM9r>6juOZW@pSq?ZOH?0)@uRLfRnJ@JMgv&c7
zFK_;ReU{@_J;Whn-{+Y1dS4>nQ^xiFvQPO<*VvLW(S2i<y^j8N?R8LT-T9TFb?8UE
zf%k%C3_0A-kl!hi*QV?X##WzIibqwyw{&tRFK;6^QGHt(Q(Ot7`!(<?fGVIRyJ2|8
z4aJGU@>^K)NF-s4!nH+hBgVB6Ob)jquMo1vnMI|e@}TB^NuKL$yM>0*a%#52MH>VL
z-+O+q?<-VY5%j(fF};yR&j?sPcDk<4wXt0hNH~25=uE&YJ6J6J*#a`yuFfJS)8Z6o
z4nmY3V`cjd9g8$Of(j{Z2?_|NjwlH)Z<?)FUbFIO6hfC7E>F$ADbsp-f$yJJ?@LG=
z7-o8*g#gn;2WGY5DMzsiX;WJuKDiIcCd{s)-2~?=kGz7wO{+FIJ7f>Ga9FEwdE=<{
zgk4D0N|)wbAPq_L?T4b&ZrrGr=g}P7Nedu`_dpjzB7eRLfTU?0yV!)gM{glHoy<}I
zl-*X93u}N_sf<5c*beMmYy)2@$t_|_94XohzwZy3djr0;a%cB&;ZFU=UqxwmI#Js$
zok{a5zw?C#ARkboba(<QN9i{`bF_BAZ2kHC@uuD}S3X`HFlGVBT0sD$x;Hu@Ytc+c
z5IJQ30{&24N82|(OIvL0gz#LxKy;20fZW7xpr|nm%LbLrwR6@M2$CR1-#YBurrM|M
zxgZn%h}V<QoRwcNQ=OU*5{&*WY#SqGS1lVSb-WZBSrB9X&9<Ans`G}jl~$1aC(GJI
zjM&aK=u23hY<g)nZsBg;XnCw)TZLQNAnNg~S9)zLSF){$*y%0MKR8`DW;}8fkOVoA
zbv3|Lv(ARt%(1csIS{O~^XvbT2l`|K`-=ax7xyS+8r4~AD*fVfq*2F^GeN+(aCW0x
zs_DM=lpGd8bv5lv)dqhl9;B<7{d|6!><QkebqTM(X?3SxOe=D-_mO&6P2xb~qIMlA
zVq<u(&5syd3}vql>`!ndIXyk5<Ox=klYTy|jeFDmjfqd-v({|1v-N_Io5!^n_r;Fj
zaFvPzgQtv{mX!|jICPRKVV_p2{tUlZlik!m1f_PN(G|4<n)fv%My0oM+gN*&_J#K!
zRjy)n19=RGGA_*~_dKvYZ&%IEF@Xt&Vx%Ff!wG)^CKy8W2<oZN>jP&?Y4Lj{b-rlx
z)T0%p(sl%{x)Tla(G)-&MlB%GTRlNJJ^JjXK_P%e@{IJf;!J8Oadm+e+<p@h6A>X&
zt>|p9%ijcZ)P<UPBBQ2*g5IT{WjyiPmOQSQE7)!ygLkC&j5(>#slsf@#|(-x0dCad
zf{Y^<$7b^TYd;9RENhr4`2fQ~YW<T~OEis=F4o{_X#cvwUChfQF?pEZ<o&TQwntCx
zCyTXH<wbM#+j^#U1F~-anh)!1D_E6R9oE8yJa)joq=d&mIdnV|4|pOcWU@aAWiY_J
zse>PnG6)~6+&)n9Jw<4S8(k%Hr+EnIT~+-w&mJSG`DwpEdwr;&&BSuN)dSPLqm!3C
zS(^0c_Mweo_x%avHWK5;x7M@aT7@pH>!pkKs$Ez=VU$(Td?}h12c&)o+vWU;Q^9N(
zLcDG)Lnq!<%kQO&i>(hD)#o_D2`0Xy%`i;%fX@ztl-=8R2V+aJ^_~uNSwLjR;5xtc
z>=0stS8P0O%%d|QA)FtqR}XRLX8U(tlmZ~GoA<~fHK8f`4Nq@Vr|o3(9v79A%WlZ7
z^8-vx4xK!~n#!RdX^`dC%jH!7SutqcxVS*~laWCkpVaJbWFJ)jn7XCQe8&{HDxQn3
zn3X<FXmx%xa2#pCmO1$1wXdqL(G}-ZC9JLgK$2yzpoerueDCdJkf|3XpV6@DA`4j3
zC+1AV<ZuvtaQx|W2pqL9{A5gz8ojJcGPe1Xi+fmZ2C9m-T!ZB^z+&h6C>Kt2qtM>+
zaD6J10=H}hCHevAf?*8uQaV}sNzqEWIKl0`;ExdVYn-1aifpF+<4Y~!6X2$yh`XES
zLvOHf**Nq=0GQCSPuIjG`3Y01f0x1pLmw#P;3ePRu7Tz{<;^o$PK1xH%#Nd3(YO;V
zJ>4O9%$bHfW(04JZ@l+B7*3Vzxe=76sEJ7{{feYY^<ppCtrfz>q>)JD$mhX8TLGS*
zY!nCZblr)w5rM8wXU(Kj3`R3dqFwtf;==o&GbpVod)!z{+s0?KSoUd8M?XmKv0S9^
z_-MMSx=XU{hdq$eM}ua%wNVOO=d)*^QwuS5<!S9dbQz*zVRCW-1J)*blA{$<D^z%Z
zunWTiMWuYQ1gzQ!+ZiD}0flM!rs|sx$<Lq^o>n<98j>}fMfmlP0kSk2#nQL|C)RB)
zxqP|;^H*Mc4bN!kpDrB>#Xvf|t&z)aL*}WFEkV4q_nWpZRa+PhiwM73x_ZtV@;G;R
zaaaV)3Y*xgNq9cSjL||`rlnS~h6<qFnmtgrYT3~xvxW@x6B7jsn;I;f&QXY#U4Eyl
z-hJO<dZBmmz_P%*aK|^dS0hg(&IY;T+s5tlobfLLwGQL5D24e>t9Y-XPF|-=p3|WW
zURDAVk0;{`0xK>1I~u-}a|6QMS${I6@3x0zpp%<q$t!uonk?M_368f4+s10TJ~d9D
zqY!eT8ZTy#dV+~AXl)|DOhnT!Ru*QB#C&%;l5;}~M@&*o18W-}bwQ>p+})#}0>4}p
zLS(O~wPn<K%cx_x@A|V<M^vj{ymw%Q3ww`C9uXvkg_*!r?%KvRft77z?632Ewy5?F
z3%s5B!b<!@#G43VTRP8Qib$qZ3neo1y1L6((zyXp0sp!V!bD+c99Tv<_H}Kdk$fPF
zV?*)Ecp=|ZllM@KeCxK?8+VAJ3F2`=vWFr6a6b)gx_w}GyxuUhji3~32fdd#Mgy=B
zRDN{B|Ipi@)~9dxDe^3B(rv4nPj~N=9fV^|$5ppS$GU8(zi3G?{NV85rXcBi8+ta-
z>d6!HX_D3G7}nWDcFg*D%?x(0Se`cnb<>R>_4$|}ATTXflG-G&vFS`2xC%uI`kFer
zWUT!{^Z1<_lZ9UJ@j9k%cR6(Rp6e-VNH)yp+9P)z7P2xK7;oExiKh9D4d9;jLTvg&
zj!Q1SleS7^MJZAmPFpQ(%rHgKNANrDKW+b)Z5B%v>wI!?F>zuBa!p4hmsg*@mSo01
z=6n{h{x97ukuA9<!Q!7d1463BSCSTp!&qwTwZX>$08PaIa$f6LYoD+xx2HbDD8nQ7
ztuH*=^-^ckFwmKBlm@zc8{79Dm8Mv9@a@zQi97z9L0qL%eU_@C>PU0z`L#r8uE<V1
zsmFNOYiT6-dT66I;^9fxN+565Smo8^R};5ez+_eE4KpvjIhmdyYKaS~AXY08E2&J`
zqqW~;KJ-0eIlj9+Y|649wvLdiEhX4y#~G_;Jy^tp6K;%a$EKXo#B%O-Oi9bUarFQ>
zE}0qr9M?kL3A^@h-ucq?MI^O4xj8W_-gt_FbKS=<2DSXpJo(vLPYOymjyYEyW%tR_
zrAw)ddozA5Y=vA5z-Mcn$({@5Lturtx}3{b;?O72gX?ApPW{bcbU|NzIZel4=8t^)
zVNis%Aq@|k$o{y6@r@&1iE2*jqzY#_=0p<&M^Wc(e0H*oAif6CRO8Mqd%~y+&vu;@
z8_UR&`R8^?{O96YO*H$bL5D3J7C7Clf<P77+7cF)pl)HGIxkq|iq!N=Dn}x0F6_of
z60_|I@c10P0S?mhqpKE^<O`zSS$nApf88$A!50p`t5jX`myUOLOGfL;=uCot?@x8L
zhk(NGvCPGNgmIOzZV=sNqxzvR?l+NHSXZZmhFZd;3^UX-Q$ZZ-4NHC`#Ot#st{vNm
z1fF`YNZx)z1XCEFIX2yRzS9L0=#UqYOip}0S_g0S&A6eDd5|fSoH~Nhz(}dlYhg*_
ztG`@9aL;!E8@{~U8n;wt?(c@%MxfoRNZgJ>>Hi7i8FC9d0ciPL+pKaRnKJD`B>)S{
z0Jpz=@7EC!KhA;|$a}_12u#-MA3{ON(T%oSUYZ%`RpA-3O~2oOCWq{3HC?@0PlVWw
zy>IIc`*Z7pl<_2CC)DDHdG!NDaKkY+qeklk+=5Mz-d=}}hB^YGcrNza<w=*ovETad
z7-l}GALXXl#aFg*z@#4PjX^9V<lH$4WIrHxDQ$CL^eTQwUgMoR4)qK8Lhld}M531y
zvZLK}HJWn0^P|Uk%4p#ukf83b(WO(~x@<9xI82UZ9i~)Q9uwNJcKr-2QcG3aI^{Gy
zP`h8b5cXPI+&Vfi-V@W^v2;IQKe=$6nqW!88LM?Xu+woCdK5G4W=lRC9i0y~@bjI8
zPSVPlKH8DQfBZiB>IzTD?!is${yL!SX7dVvwwJ2+v93!lOSK$Wfu&gw;M5FyzwIM{
z>9Ae(F4)lNZwX~ecL`r912Ma)d(Ki!M{`F#9gr03^z`hwT1iB!AD=78)QY%oXms2o
z(f&!uHclXs>r$FP55cvTi`c3~SMQ%#u;VGdAo5{Te{Oy)p~on0)w8pJa=|(VafKDv
zO|X-7^hIklHhWr)?}RCjCk@^EiHIftYk}#+<MH^4ikPkv{LTxCnGI9}BcSjOMSS<F
z#E%n~!EV?R;C)Z45Z2`k5MKvdtz-onugkKOX<O;?YDjE>A*V}&Q23q11tXST{8>Ka
zSLkPpw#FM*k>ta^-YP7^$Lvq9gX%ci8VtL<npm@Ft7|9>6e?wO2z3e|Bx{8<v>n25
z(GwSQA&i;2tbZ4AzNgOgE!gthu&$L;im?^_T+`6#Pb4b%s;{D)8;J9rj+QV6qI^|*
z%{(Xiet{UTtmJGmhbhN2bzz58<>Th*r+AqbtA$2#BTG)<uTMT*E|#w3XSu3JzzV$s
zE8p<!Z|j0DQXtZeZq4Fpv1>etk#7E_qiT#%UqXkiue?$v2Vg^hWGyd39dLkH!wiZ)
z%VE*B`tINNP)~}HcS8Np*IJTKVMgS7e11PUB7q_TEx%)~>#Ps|zBjmokI{5Zw3<Wn
zqU;h1T>WiR&rRz^UU$4dM|eKd+cZhK7T2fQG6LbbdaXSVA^o)ZVs$?W!<o0`4Kmaf
ze;rM(#ru*Lphi_rtm<2E*GO(A<a&hu5HnDgdMll+YNxu##xgMh4Fd{zQ?>)h)JHql
zDL&MB@fORxyF%C}n+Jt6(;oE9nV9G_+LI53&<RdrBHs52iCt57o*TMXe+B?rWXqrG
z(YHVGA?)qO6Ncw%ZNo6_wAqN$J+u^v_2^TB0vSt(Vg<40r46QG_vE^S5s(10vQ!Bn
zy}MB)td}64l&>Qob@uNMl<LW%B^|!_@PM2tRE=rS$n*ZQ*Y{X4a#`P`HQbXQn1zjs
z)0LJS`o`kV$6+3}275ZNRsw47DnB#wk{tSXj9zyG=p_3b*4u2HDq8@+<MP|64Z$#U
z!u`7WwWR)ohg-0_p0%OY`ZV-xi8+l$gWy-j_i-H4r}Y$y0)oP*VJN}(?QGSPSje5Z
z|J>UHCViHNYl#x}1HEepTS%A`VI5c1Rck4MU|a;&Rkch)$GXY{y8^Pa#)luH^D#K@
zkFL}NNfRbOKXjIuT#D%q7NkZR*p&%%av%`S9(Wv~Pe8c`x=gd2)|*nv{~m-wHrNNC
z{GeJOj3P*xwK`L2DRLNkR>gCg3~AFC5buKWqf(clJj_|K)i{V;R<b9)j<=2tZG5d^
zMKW#ORMO1t?y^XVfB2d~Cn&^dH1ER%QRP;gMyCt`z6}UsM_0qI^exiRmQrflx(s({
zs}4H!bev7yux{*a|3hop<@#GFpi)h6c^vD&OpEL!K7nK7FU-=^7GgT1Ya)>5J1WKy
z8sx-~;QK(SMnrb2^HHsYMSbXLas;YAqWSrGPAg<hH}Yy_=}wcBL1z&8CrA1>JS2Y8
z7Gdo<ZDTf&<yD^Y1c>sGI)Ze4Dl|LERykWVVGs7aMxJq_B!8j3<&54Fe&=RkX#Gd<
z@rPzwx69Q2`&!FPKHSS%km-eEk(b2UE0tpR%PP|OjUCcF;_@NH^IS^@)z-r$K=z;v
zsXc3&@B}PgT{M4Rl?z14nX#4Lu&g&dZ!MzjOMxg#WJkQANxDf$uuK;!^XUQXmc?u#
z+3OcL!6t=6hW{&{8ZCF6n}vDGQ)R2E4i~+nfp;b4Peuc@i8GB1?eo5Oe=YI81(BWc
z^R0J8bCf`^gcC!mul<iCn=Lb~F>4Nhd>l*J#^gS1a6iiE3t1XIm9rl4XaPhr$C2P#
z70#;Q>75{6@00Co9kTRnc~FsDE~IvhPll_TB0)c;?iG`ruXwx|jfU#hBUGihMa}MJ
z^}<mzyZp&YkP253w|yQR2eF7gNby6Mg8wkLGc8_-EN#bJ_D)rjtyHBR>HyS<PD?Ek
zQ%lt1r^%$tPsEAyT{XgKMV<+%&ehAuo8Zu{an|ijU5Y~r^2KrIZR5*`AIJfaiy3oS
zAKz(i7AurgV8aCgCNmzICi^n9wy=@T#vNZSy)tHM7k223RV1anDO0(&IMVU-PN?kW
zqoSM3Gkl|QE!J_kF9m4SNAz%Zrn}uEt`V;K80qgHGGg5td=zP95sWz=#+iuQ4rh3e
z790jOW&q=p&;BkqoPg5Se7D}nApO{Ixysa<Za*YUi;e#II=8(j5WbItNEA`pxbeL)
zQOY;f&SQM-yRsloPP|GJwXL_y(3mtD6u?gDNr<+kv|ETZV2o*z?n4g5o#vf#Q6fqp
zW3wNmb;1{uN<Fs|k70&FeF=%vyjRdp-%<Ny>Yh<O4^9b5gcOz;Ht+)ed-+P7XYHHa
z6XD&{?1sw6_L4Ak96k>v6Deh>TU&AJg`dX$xq&UFE#6McSOHrVk{gmY2sCL*e`7Jd
zc9h0j6yVUrg463)fJ`6H`?d8Lh<Ai=_#za2mEP&;I)X2eBk*nx;>BtWP_}mm7Zgk-
z8dtvkmwp@x2eJCxZ+G(ZQ|aas<X)e)1vMcJJ*-YP38ndNbp{r+f-0E)L-k7W!05&&
z2ha@&oV~kNk6B^0?Dz_*@L0GBUnqx?*n`>!|K(JXmXxy=O%O)C!zq#Wiik+Se%~<5
z-}|(SP`&_v&G&Hk&O@sKrYmGOj`5u1vETpt0vA-<9XLserX!m5Wz3mGobJ~|w*Sgs
zp8mE3_5tFp69(;{bz7fKr$FFIPZk~}<u$?0?}<Vu9HeB^BkW5d4_oyOQ_3$IpBCYU
z3J~(1umtqOUyIqlUrdL1YfiLTS|gJ7`bR;0)?eKyvCWU}li$FvKVYL!o=l3#y**8A
z5a`XS5QZ{v1Xhz_yo(;lNOTBuOyol$TZX<~82^^|Ys2=8&l2jkc6&b>79`zp$qfox
z+WQM5fOU+}weV0KdZFKR8NAysSb9JTM(P@{Y$dPhR$NAI#{~=p**-MzY}w7<ND7n1
zh{5FEcqPq=LTTCxZw_`b^yMTpF&SoP)pNE2!|+;GlFWq>+bjj01SjUgnR5alX9$7B
z^#f4vahSLYkNwGHcGS;bmvu;Yf&vHQ-EOC>88KD;v38nrmySv9V)S|gj)1Wa;kNI-
zXCrU#h&9m}>gVA%E3frViJ5CS7KC|u!BK@FxAvtnTST#L_+Gb5W;LcKL;MNf2P{rt
z5S#U`{>$Za(V|rI$8&7*_T{A|uaDAA9D*5fzuGHJvB(6yd24yB2fDj0wZ)o1Hmlw)
zu|l=pui)dp7F>>awh4dzp8=`&x$((JgCQ?y{h`f-DMKazk)*?Yk_#Ez^X39!1W&di
z5@(;i&nTg_a{X?*GU#DKZItrUtIQORipeWmTGem=dw$b7gt0WfclE;5bIIb2+AH=o
z2LV@8+7in9v7Gl{w?#0=e><W^0p>S4N1J=xF4!{YMgg7^fsp_j0}S|7>w$_qWZ5_#
zmA;PG*@d0=#*etPR8sLdE`9Fh=(&9i<V82K4_0mb{)>OeL6E}dhL`ut`V|SbYR+TN
zn~Ayp%EAiI0LZ8NZQOke*$(emB=Tf)2Or_obh1!HFq&3$Gn?GXwcDTruhrwFxs~D>
z0vqsSko1jknt4M{*tTIG!7R7OJpUpAJj^l99DSRvXZ+=uFCCBgUg~)=_n~^}O2NM%
z`SM<6l?(HW{;t0urnu{;PVpff1L+Q%^W6_sm+2&rQa|J9MasmEjaBXq_7xI=2}gP^
zDq$@k|7U~&=w$vAQ_f$Qk8Gd8xnrn!T6+o-?RKjGmMfO<u~DYCpLBJToqAJ<80e0G
ze<~khKFe+}`oB{|=<ur^vc9A7dZ!8{x*m96u6>NotTMKhMN@Add+2X<QWV(I9~<W!
zU{s9T_S(=6Y)bU4Oh85jw6?|v+-p7q?XO9V{@JC%GjdH%;i0t;!|oXTAhlYRI8P}~
zTSI@gJ)oFGfJxVJZIo&H#XVC-;NjKD5q4Ao!3g^H!mr!o$Zja%6q;-kd@cGn<y1co
z-P${KZ70?2bK|FE5wvwEh|}WZDS*_{J24mp&|Ind+*%Bp)*C%Xyj^hh>D6pw=||9&
z9uTy()xSk#bKSURN$-Y!nrRD;uc-Cljd~9-J=G~^z+S8|N%HtWd{D&Qd7;v*#W`c4
zG56&gfJ9%Zl>mM?`Zr$|CaC9Sn5vJ)veq-d=K<X`2I)(n=tOH>I09*m>oY5GS)@RQ
zDPeElLKGQVx35-iS(dt?@jT9$KU?;$|Ko}8B>dz4Jt>e2dQ{Ud`m$w3mQDBgI>{6c
z*rQA8)jVx1BDQJr0CJXGJc9&CB_P1Ykhy5O+YNkOaQ?h-%Bi0p_T6jM5`r@T)%~`}
zK)ceQEEFt~3o%uL8P|TGo8<XW0!(n@|2?;44jd(DdpjNR(CiWm$%NHiS-H8H^|<jy
zF$jh`ru`KklLIWFa*kiO`3SdB)9cA90|ZbRW+Y20_dM3;R|{H;=J0)mVn36&|CX&t
z;?ysR07ia^0Im+wiOxW4RuC%n^(g@xra`Q>ZpGYSUP&$wt+q^BQJ68wohobH5fF%}
zR+6ixypXT7G3ISNc4e<v_1^o^hb*^$LEGlk5vYE4ns60EqeOe|@L5f$EEDotm7sje
z+f}g5si={&uvVi>Fim<3h<~zwSJiXW3lQ=vftW{LWp7nk8mc%0qL3M8v`du11-!mv
zBpEo(<$w*B-s5_2<~Qh-A^m%MuZDZs%9%>mjg!ASlw=M@qmtw`zy}fxPpx344%4!{
zmje^t==i+TW_?FP*Gsov8qs)~4xbH!LTye#OT}lN*1QvMis{D8sMG;N-ay2HLxom|
zG-CWd)y&i&MAo-L=x{NF_AD92TU<$J#ZE~s2{@X=0JLb+B2|hb&%Znk04vJw=LogA
z&<NV5Y1<4a^X{rt|2x3&Ek~;`sqiI*jhbK^r8L5ue6cx5;xd%#huo8F@i27BN(Ap=
z)!zr2{BM`D%I3DP1HgXIWkhf&q;axvCa-*MqX%xkg^3|Yf_R@~*e)~e9_$}w+iSd<
z<cHP^$`=MKLC%ao{9I>V&kyOK_U%m|5cU7N{O|vR6m*@(yi=OfU!Yr>)5ibxg6+ch
d<>uv;ayphQs|I8h{(l1mSxKeO72-zz{|jNj3q}9{

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index 63378cb2e4..615a65aaf0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -23,13 +23,9 @@ If you are planning to switch from Symantec Endpoint Protection (Symantec) to [M
 
 ## The migration process
 
-When you switch from Symantec to Microsoft Defender ATP, you follow a process that can be divided into three phases. The following table lists the three phases and what happens during each phase. 
+When you switch from Symantec to Microsoft Defender ATP, you follow a process that can be divided into three phases, as depicted in the following image:
+
 
-|Phase |Description |
-|--|--|
-|[![Phase 1: Prepare](images/prepare.png)](symantec-to-microsoft-defender-atp-prepare.md)<br/>[Prepare for your migration](symantec-to-microsoft-defender-atp-prepare.md) |During the **Prepare** phase, you get Microsoft Defender ATP, plan your roles and permissions, and grant access to the Microsoft Defender Security Center. You also configure your device proxy and internet settings to enable communication between your organization's devices and Microsoft Defender ATP. |
-|[![Phase 2: Set up](images/setup.png)](symantec-to-microsoft-defender-atp-setup.md)<br/>[Set up Microsoft Defender ATP](symantec-to-microsoft-defender-atp-setup.md) |During the **Setup** phase, you configure settings and exclusions for Microsoft Defender Antivirus, Microsoft Defender ATP, and Symantec Endpoint Protection. You also create device groups, collections, and organizational units. Finally, you configure your antimalware policies and real-time protection settings.|
-|[![Phase 3: Onboard](images/onboard.png)](symantec-to-microsoft-defender-atp-onboard.md)<br/>[Onboard to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-onboard.md) |During the **Onboard** phase, you onboard your devices to Microsoft Defender ATP and verify that those devices are communicating with Microsoft Defender ATP. Last, you uninstall Symantec and make sure protection through Microsoft Defender ATP is in place. |
 
 ## What's included in Microsoft Defender ATP?
 

From 6cc535a8726262dd34e4c805629e4eecd77f2f89 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 25 Jun 2020 15:06:35 -0700
Subject: [PATCH 241/331] Update
 symantec-to-microsoft-defender-atp-migration.md

---
 .../symantec-to-microsoft-defender-atp-migration.md             | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index 615a65aaf0..6caabb88c5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -25,6 +25,8 @@ If you are planning to switch from Symantec Endpoint Protection (Symantec) to [M
 
 When you switch from Symantec to Microsoft Defender ATP, you follow a process that can be divided into three phases, as depicted in the following image:
 
+:::image type="content" source="images/SymantecMigration-DefenderATP-overview.png" alt-text="Phase 1 - Prepare. Phase 2 - Setup. Phase 3 - Onboard":::
+
 
 
 ## What's included in Microsoft Defender ATP?

From 8cdb12afd6aad836e67c9a017d8fcb130f78a1f3 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 25 Jun 2020 15:07:47 -0700
Subject: [PATCH 242/331] Update
 symantec-to-microsoft-defender-atp-migration.md

---
 .../symantec-to-microsoft-defender-atp-migration.md           | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index 6caabb88c5..3ef3e726d2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -27,7 +27,11 @@ When you switch from Symantec to Microsoft Defender ATP, you follow a process th
 
 :::image type="content" source="images/SymantecMigration-DefenderATP-overview.png" alt-text="Phase 1 - Prepare. Phase 2 - Setup. Phase 3 - Onboard":::
 
+- During the **Prepare** phase, you get Microsoft Defender ATP, plan your roles and permissions, and grant access to the Microsoft Defender Security Center. You also configure your device proxy and internet settings to enable communication between your organization's devices and Microsoft Defender ATP.
 
+- During the **Setup** phase, you configure settings and exclusions for Microsoft Defender Antivirus, Microsoft Defender ATP, and Symantec Endpoint Protection. You also create device groups, collections, and organizational units. Finally, you configure your antimalware policies and real-time protection settings.
+
+- During the **Onboard** phase, you onboard your devices to Microsoft Defender ATP and verify that those devices are communicating with Microsoft Defender ATP. Last, you uninstall Symantec and make sure protection through Microsoft Defender ATP is in place.
 
 ## What's included in Microsoft Defender ATP?
 

From 50a08708ba2aaf00d9f025a0351d67c951763e92 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 25 Jun 2020 15:09:46 -0700
Subject: [PATCH 243/331] Update symantec-to-microsoft-defender-atp-prepare.md

---
 .../symantec-to-microsoft-defender-atp-prepare.md             | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
index 612cfae732..e2e4f7ae9a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
@@ -19,9 +19,7 @@ ms.topic: article
 
 # Migrate from Symantec - Phase 1: Prepare for your migration
 
-|![Phase 1: Prepare](images/prepare.png)<br/>Phase 1: Prepare |[![Phase 2: Set up](images/setup.png)](symantec-to-microsoft-defender-atp-setup.md)<br/>[Phase 2: Set up](symantec-to-microsoft-defender-atp-setup.md) |[![Phase 3: Onboard](images/onboard.png)](symantec-to-microsoft-defender-atp-onboard.md)<br/>[Phase 3: Onboard](symantec-to-microsoft-defender-atp-onboard.md) |
-|--|--|--|
-|*You are here!*| | |
+:::image type="content" source="images/SymantecMigration-DefenderATP-phase1.png" alt-text="Prepare to migrate":::
 
 **Welcome to the Prepare phase of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)**. 
 

From b9a73ac673389d59f61fb811f445895028e32727 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 25 Jun 2020 15:11:24 -0700
Subject: [PATCH 244/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md              | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 1e577367d7..dbcfcb96cf 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -19,10 +19,7 @@ ms.topic: article
 
 # Migrate from Symantec - Phase 2: Set up Microsoft Defender ATP
 
-
-|[![Phase 1: Prepare](images/prepare.png)](symantec-to-microsoft-defender-atp-prepare.md)<br/>[Phase 1: Prepare](symantec-to-microsoft-defender-atp-prepare.md) |![Phase 2: Set up](images/setup.png)<br/>Phase 2: Set up |[![Phase 3: Onboard](images/onboard.png)](symantec-to-microsoft-defender-atp-onboard.md)<br/>[Phase 3: Onboard](symantec-to-microsoft-defender-atp-onboard.md) |
-|--|--|--|
-||*You are here!* | |
+:::image type="content" source="images/SymantecMigration-DefenderATP-phase2.png" alt-text="Phase 2 - Setup":::
 
 **Welcome to the Setup phase of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)**. This phase includes the following steps:
 1. [Enable or reinstall Microsoft Defender Antivirus (for certain versions of Windows)](#enable-or-reinstall-microsoft-defender-antivirus-for-certain-versions-of-windows).

From 2e90133d514c5f4b855617379223d6863c26a813 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 25 Jun 2020 15:12:39 -0700
Subject: [PATCH 245/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md           | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index aeddba3eaa..29d85003b8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -19,11 +19,7 @@ ms.topic: article
 
 # Migrate from Symantec - Phase 3: Onboard to Microsoft Defender ATP
 
-
-|[![Phase 1: Prepare](images/prepare.png)](symantec-to-microsoft-defender-atp-prepare.md)<br/>[Phase 1: Prepare](symantec-to-microsoft-defender-atp-prepare.md) |[![Phase 2: Set up](images/setup.png)](symantec-to-microsoft-defender-atp-setup.md)<br/>[Phase 2: Set up](symantec-to-microsoft-defender-atp-setup.md) |![Phase 3: Onboard](images/onboard.png)<br/>Phase 3: Onboard |
-|--|--|--|
-|| |*You are here!* |
-
+:::image type="content" source="images/SymantecMigration-DefenderATP-phase3.png" alt-text="Phase 3: Onboard":::
 
 **Welcome to Phase 3 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)**. This migration phase includes the following steps:
 

From cc8b751d9c6352ee473c713e5d95d0b36071bcfc Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 25 Jun 2020 15:17:05 -0700
Subject: [PATCH 246/331] Update
 symantec-to-microsoft-defender-atp-migration.md

---
 .../symantec-to-microsoft-defender-atp-migration.md         | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index 3ef3e726d2..ce3ad17fdf 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -27,11 +27,11 @@ When you switch from Symantec to Microsoft Defender ATP, you follow a process th
 
 :::image type="content" source="images/SymantecMigration-DefenderATP-overview.png" alt-text="Phase 1 - Prepare. Phase 2 - Setup. Phase 3 - Onboard":::
 
-- During the **Prepare** phase, you get Microsoft Defender ATP, plan your roles and permissions, and grant access to the Microsoft Defender Security Center. You also configure your device proxy and internet settings to enable communication between your organization's devices and Microsoft Defender ATP.
+- During the [**Prepare** phase](symantec-to-microsoft-defender-atp-prepare.md), you get Microsoft Defender ATP, plan your roles and permissions, and grant access to the Microsoft Defender Security Center. You also configure your device proxy and internet settings to enable communication between your organization's devices and Microsoft Defender ATP.
 
-- During the **Setup** phase, you configure settings and exclusions for Microsoft Defender Antivirus, Microsoft Defender ATP, and Symantec Endpoint Protection. You also create device groups, collections, and organizational units. Finally, you configure your antimalware policies and real-time protection settings.
+- During the [**Setup** phase](symantec-to-microsoft-defender-atp-setup.md), you configure settings and exclusions for Microsoft Defender Antivirus, Microsoft Defender ATP, and Symantec Endpoint Protection. You also create device groups, collections, and organizational units. Finally, you configure your antimalware policies and real-time protection settings.
 
-- During the **Onboard** phase, you onboard your devices to Microsoft Defender ATP and verify that those devices are communicating with Microsoft Defender ATP. Last, you uninstall Symantec and make sure protection through Microsoft Defender ATP is in place.
+- During the [**Onboard** phase](symantec-to-microsoft-defender-atp-onboard.md), you onboard your devices to Microsoft Defender ATP and verify that those devices are communicating with Microsoft Defender ATP. Last, you uninstall Symantec and make sure protection through Microsoft Defender ATP is in place.
 
 ## What's included in Microsoft Defender ATP?
 

From 1e21488953de20dece5c103bc9e54d7e59ab3186 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 25 Jun 2020 15:23:56 -0700
Subject: [PATCH 247/331] Update symantec-to-microsoft-defender-atp-prepare.md

---
 .../symantec-to-microsoft-defender-atp-prepare.md             | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
index e2e4f7ae9a..b270e396fe 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
@@ -68,8 +68,8 @@ To enable communication between your devices and Microsoft Defender ATP, configu
 |[Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) | [Windows 10](https://docs.microsoft.com/windows/release-information) <br/><br/>[Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/><br/>[Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803)  |[Configure machine proxy and internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet) |
 |EDR |[Windows Server 2016](https://docs.microsoft.com/windows/release-information/status-windows-10-1607-and-windows-server-2016) <br/><br/>[Windows Server 2012 R2](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/><br/>[Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/> <br/>[Windows 8.1](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/><br/>[Windows 7 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1) |[Configure proxy and internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#configure-proxy-and-internet-connectivity-settings) |
 |EDR  |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra)  |[Microsoft Defender ATP for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
-|[Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) |Windows |[Configure and validate Microsoft Defender Antivirus network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus)<br/> |
-|Antivirus |macOS |[Microsoft Defender ATP for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
+|[Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) | [Windows 10](https://docs.microsoft.com/windows/release-information) <br/><br/>[Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/><br/>[Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) <br/><br/>[Windows Server 2016](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-2016) |[Configure and validate Microsoft Defender Antivirus network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus)<br/> |
+|Antivirus |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra) |[Microsoft Defender ATP for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
 |Antivirus |Linux: <br/>- RHEL 7.2+<br/>- CentOS Linux 7.2+<br/>- Ubuntu 16 LTS, or higher LTS<br/>- SLES 12+<br/>- Debian 9+<br/>- Oracle Linux 7.2 |[Microsoft Defender ATP for Linux: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux#network-connections) 
 
 ## Next step

From f97849ed28bfee15a751429febe6dc9ead6cc6e9 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 25 Jun 2020 15:25:49 -0700
Subject: [PATCH 248/331] Update TOC.md

---
 windows/security/threat-protection/TOC.md | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index d38784fcdc..fb08490413 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -20,12 +20,12 @@
 ### [Phase 2: Set up](microsoft-defender-atp/production-deployment.md)
 ### [Phase 3: Onboard](microsoft-defender-atp/onboarding.md)
 
-### [Migration guides]()
-#### [Migrate from Symantec to Microsoft Defender ATP]()
-##### [Get an overview of migration](microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md)
-##### [Prepare for your migration](microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md)
-##### [Set up Microsoft Defender ATP](microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md)
-##### [Onboard to Microsoft Defender ATP](microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md)
+## [Migration guides]()
+### [Migrate from Symantec to Microsoft Defender ATP]()
+#### [Get an overview of migration](microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md)
+#### [Prepare for your migration](microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md)
+#### [Set up Microsoft Defender ATP](microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md)
+#### [Onboard to Microsoft Defender ATP](microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md)
 
 ## [Security administration]()
 ### [Threat & Vulnerability Management]()

From d026c4c7f8f8ecdeaf8f7cedae65946dfce68f04 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 25 Jun 2020 15:32:04 -0700
Subject: [PATCH 249/331] Update symantec-to-microsoft-defender-atp-prepare.md

---
 .../symantec-to-microsoft-defender-atp-prepare.md            | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
index b270e396fe..7360e0b7b2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
@@ -40,7 +40,10 @@ To get started, you must have Microsoft Defender ATP, with licenses assigned and
 
 4. If endpoints (such as devices) in your organization use a proxy to access the internet, see [Microsoft Defender ATP setup: Network configuration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#network-configuration).
  
-At this point, you are ready to grant access to those who'll use the Microsoft Defender Security Center, which is sometimes referred to as the Microsoft Defender ATP portal. 
+At this point, you are ready to grant access to your security administrators and security operators who'll use the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)). 
+
+> [!NOTE]
+> The Microsoft Defender Security Center is sometimes referred to as the Microsoft Defender ATP portal. 
 
 ## Grant access to the Microsoft Defender Security Center
 

From a56a549d5f7f01f6c5c5cd1e9e18405e06c9b3fd Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 25 Jun 2020 15:33:21 -0700
Subject: [PATCH 250/331] Update symantec-to-microsoft-defender-atp-prepare.md

---
 .../symantec-to-microsoft-defender-atp-prepare.md             | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
index 7360e0b7b2..b20e51e808 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
@@ -40,7 +40,7 @@ To get started, you must have Microsoft Defender ATP, with licenses assigned and
 
 4. If endpoints (such as devices) in your organization use a proxy to access the internet, see [Microsoft Defender ATP setup: Network configuration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#network-configuration).
  
-At this point, you are ready to grant access to your security administrators and security operators who'll use the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)). 
+At this point, you are ready to grant access to your security administrators and security operators who will use the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)). 
 
 > [!NOTE]
 > The Microsoft Defender Security Center is sometimes referred to as the Microsoft Defender ATP portal. 
@@ -53,7 +53,7 @@ Permissions to the Microsoft Defender Security Center can be granted by using ei
 
 1. Plan the roles and permissions for your security administrators and security operators. See [Role-based access control](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment#role-based-access-control).
 
-2. Set up and configure RBAC. We recommend using [Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune) to do this, especially if your organization is using a combination of Windows 10, macOS, iOS, and Android devices. See [setting up RBAC using Intune](https://docs.microsoft.com/mem/intune/fundamentals/role-based-access-control).
+2. Set up and configure RBAC. We recommend using [Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune) to configure RBAC, especially if your organization is using a combination of Windows 10, macOS, iOS, and Android devices. See [setting up RBAC using Intune](https://docs.microsoft.com/mem/intune/fundamentals/role-based-access-control).
 
     If your organization requires a method other than Intune, choose one of the following options:
     - [Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/servers/deploy/configure/configure-role-based-administration)

From e0d109299e7707baaaee16c193564843a2460813 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 25 Jun 2020 15:35:29 -0700
Subject: [PATCH 251/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md               | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index dbcfcb96cf..e2385648ff 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -67,7 +67,7 @@ Now that you're moving from Symantec to Microsoft Defender ATP, you'll need to e
 
 2. Edit (or create) a DWORD entry called **ForceDefenderPassiveMode**, and specify the following settings:
    - Set the DWORD's value to **1**.
-   - Under **Base**, select **Hexidecimal**.
+   - Under **Base**, select **Hexadecimal**.
 
 > [!NOTE]
 > You can use other methods to set the registry key, such as the following:
@@ -109,7 +109,7 @@ You can use either [Command Prompt](#use-command-prompt) or [PowerShell](#use-po
 
 ## Add Microsoft Defender ATP to the exclusion list for Symantec
 
-This step of the setup process involves adding Microsoft Defender ATP to the exclusion list for Symantec and any other security products your organization is using. The specific exclusions to add depend on which version of Windows your endpoints or devices are running, and are listed in the following table:
+This step of the setup process involves adding Microsoft Defender ATP to the exclusion list for Symantec and any other security products your organization is using. The specific exclusions to configure depend on which version of Windows your endpoints or devices are running, and are listed in the following table:
 
 |OS |Exclusions |
 |--|--|

From 819f19395417582e24bc3eb80a9a112f49ccbb12 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 25 Jun 2020 15:37:08 -0700
Subject: [PATCH 252/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index e2385648ff..fa3a871bfd 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -132,7 +132,7 @@ You can choose from several methods to add your exclusions to Microsoft Defender
 |--|--|
 |[Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune) |1. Go to the Azure portal [https://portal.azure.com](https://portal.azure.com) and sign in.<br/><br/>2. In the list of Azure services, select **Intune**.<br/><br/>3. Go to **Device Configuration** > **Profiles**, and then select your profile for AV. If you need to create a profile, see [Create the profile](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-configure#create-the-profile).<br/><br/>4. Go to **Properties**, and then edit your **Configuration settings**. <br/><br/>5. Expand **Microsoft Defender Antivirus**, and then expand **Microsoft Defender Antivirus Exclusions**.<br/><br/>6. **Settings** > **Microsoft Defender Antivirus** > **Microsoft Defender Antivirus Exclusions**.<br/><br/>7. Specify the files and folders, extensions, and processes to exclude from Microsoft Defender Antivirus scans. For reference, see [Microsoft Defender Antivirus exclusions](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions).  |
 |[Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/mem/configmgr/) |1. Using the [Configuration Manager console](https://docs.microsoft.com/mem/configmgr/core/servers/manage/admin-console), go to **Assets and Compliance** > **Endpoint Protection** > **Antimalware Policies**, and then select the policy that you want to modify. <br/><br/>2. Specify exclusion settings for files and folders, extensions, and processes to exclude from Microsoft Defender Antivirus scans. |
-|[Group Policy Object](https://docs.microsoft.com/previous-versions/windows/desktop/Policy/group-policy-objects) | 1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.<br/><br/>2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.<br/><br/>3. Expand the tree to **Windows components > Microsoft Defender Antivirus > Exclusions**.<br/><br/>4. Double-click the **Path Exclusions** setting and add the exclusions.<br/>- Set the option to **Enabled**.<br/>- Under the **Options** section, click **Show...**.<br/>- Specify each folder on its own line under the **Value name** column.<br/>- If you are specifying a file, ensure you enter a fully qualified path to the file, including the drive letter, folder path, filename, and extension. Enter **0** in the **Value** column.<br/><br/>5. Click **OK**.<br/><br/>6. Double-click the **Extension Exclusions** setting and add the exclusions.<br/>- Set the option to **Enabled**.<br/>- Under the **Options** section, click **Show...**.<br/>- Enter each file extension on its own line under the **Value name** column.  Enter **0** in the **Value** column.<br/><br/>7. Click **OK**. |
+|[Group Policy Object](https://docs.microsoft.com/previous-versions/windows/desktop/Policy/group-policy-objects) | 1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.<br/><br/>2. In the **Group Policy Management Editor**, go to **Computer configuration** and click **Administrative templates**.<br/><br/>3. Expand the tree to **Windows components > Microsoft Defender Antivirus > Exclusions**.<br/><br/>4. Double-click the **Path Exclusions** setting and add the exclusions.<br/>- Set the option to **Enabled**.<br/>- Under the **Options** section, click **Show...**.<br/>- Specify each folder on its own line under the **Value name** column.<br/>- If you specify a file, make sure to enter a fully qualified path to the file, including the drive letter, folder path, filename, and extension. Enter **0** in the **Value** column.<br/><br/>5. Click **OK**.<br/><br/>6. Double-click the **Extension Exclusions** setting and add the exclusions.<br/>- Set the option to **Enabled**.<br/>- Under the **Options** section, click **Show...**.<br/>- Enter each file extension on its own line under the **Value name** column.  Enter **0** in the **Value** column.<br/><br/>7. Click **OK**. |
 |Local group policy object |1. On the endpoint or device, open the Local Group Policy Editor. <br/><br/>2. Go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **Exclusions**. <br/><br/>3. Specify your path and process exclusions. |
 |Registry key |1. Export the following registry key: `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\exclusions`.<br/><br/>2. Import the registry key. Here are two examples:<br/>- Local path: `regedit.exe /s c:\temp\ MDAV_Exclusion.reg` <br/>- Network share: `regedit.exe /s \\FileServer\ShareName\MDAV_Exclusion.reg` |
 

From e818445cceea43ecf5654ebcb4d92796c1d9d391 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 25 Jun 2020 15:38:01 -0700
Subject: [PATCH 253/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index fa3a871bfd..d588760545 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -172,7 +172,7 @@ To use CMPivot to get your file hash, follow these steps:
 
 4. Select the **Query** tab.
  
-5. Select **Device Collection** drop down, and choose **All Systems (default)**.
+5. In the **Device Collection** list, and choose **All Systems (default)**.
 
 6. In the query box, type the following query:<br/>
 

From d5d42b710f82b69fe446477bb70f7b58182f9300 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 25 Jun 2020 15:56:37 -0700
Subject: [PATCH 254/331] Update symantec-to-microsoft-defender-atp-prepare.md

---
 .../symantec-to-microsoft-defender-atp-prepare.md           | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
index b20e51e808..c4d142b50b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
@@ -68,10 +68,10 @@ To enable communication between your devices and Microsoft Defender ATP, configu
 
 |Capabilities  | Operating System | Resources |
 |--|--|--|
-|[Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) | [Windows 10](https://docs.microsoft.com/windows/release-information) <br/><br/>[Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/><br/>[Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803)  |[Configure machine proxy and internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet) |
-|EDR |[Windows Server 2016](https://docs.microsoft.com/windows/release-information/status-windows-10-1607-and-windows-server-2016) <br/><br/>[Windows Server 2012 R2](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/><br/>[Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/> <br/>[Windows 8.1](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/><br/>[Windows 7 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1) |[Configure proxy and internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#configure-proxy-and-internet-connectivity-settings) |
+|[Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) |- [Windows 10](https://docs.microsoft.com/windows/release-information) <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803)  |[Configure machine proxy and internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet) |
+|EDR |- [Windows Server 2016](https://docs.microsoft.com/windows/release-information/status-windows-10-1607-and-windows-server-2016) <br/>- [Windows Server 2012 R2](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/>- [Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/>- [Windows 8.1](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/>- [Windows 7 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1) |[Configure proxy and internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#configure-proxy-and-internet-connectivity-settings) |
 |EDR  |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra)  |[Microsoft Defender ATP for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
-|[Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) | [Windows 10](https://docs.microsoft.com/windows/release-information) <br/><br/>[Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/><br/>[Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) <br/><br/>[Windows Server 2016](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-2016) |[Configure and validate Microsoft Defender Antivirus network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus)<br/> |
+|[Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) |- [Windows 10](https://docs.microsoft.com/windows/release-information) <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) <br/>- [Windows Server 2016](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-2016) |[Configure and validate Microsoft Defender Antivirus network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus)<br/> |
 |Antivirus |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra) |[Microsoft Defender ATP for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
 |Antivirus |Linux: <br/>- RHEL 7.2+<br/>- CentOS Linux 7.2+<br/>- Ubuntu 16 LTS, or higher LTS<br/>- SLES 12+<br/>- Debian 9+<br/>- Oracle Linux 7.2 |[Microsoft Defender ATP for Linux: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux#network-connections) 
 

From f989ae104e561b74b2b14442c781f12bd9cf60f6 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 25 Jun 2020 16:03:25 -0700
Subject: [PATCH 255/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index d588760545..124cbc101a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -37,7 +37,7 @@ ms.topic: article
 
 On certain versions of Windows, Microsoft Defender Antivirus might have been uninstalled or disabled. This is because Microsoft Defender Antivirus does not enter passive or disabled mode when you install a third-party antivirus product, such as Symantec. To learn more, see [Microsoft Defender Antivirus compatibility](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility). 
 
-Now that you're moving from Symantec to Microsoft Defender ATP, you'll need to enable or reinstall Microsoft Defender Antivirus, and then set it to passive mode. 
+Now that you're moving from Symantec to Microsoft Defender ATP, you'll need to enable or reinstall Microsoft Defender Antivirus, and set it to passive mode. 
 
 ### Reinstall Microsoft Defender Antivirus on Windows Server
 

From f96a34c07a6ee117d4fdeb67e0f7d63df75e9d8e Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 25 Jun 2020 16:05:40 -0700
Subject: [PATCH 256/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md                 | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 124cbc101a..966659047d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -62,6 +62,8 @@ Now that you're moving from Symantec to Microsoft Defender ATP, you'll need to e
 
 ### Set Microsoft Defender Antivirus to passive mode on Windows Server
 
+Because your organization is still using Symantec, you must set Microsoft Defender Antivirus to passive mode. That way, Symantec and Microsoft Defender Antivirus can run side by side until you have finished onboarding to Microsoft Defender ATP.
+
 1. Open Registry Editor, and then navigate to <br/>
    `Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Windows Advanced Threat Protection`.
 

From 55a21ea0e7226fc3637d56883fd4fa05424b1bcd Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 25 Jun 2020 16:08:18 -0700
Subject: [PATCH 257/331] Update symantec-to-microsoft-defender-atp-prepare.md

---
 .../symantec-to-microsoft-defender-atp-prepare.md               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
index c4d142b50b..448a09e4bd 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
@@ -47,7 +47,7 @@ At this point, you are ready to grant access to your security administrators and
 
 ## Grant access to the Microsoft Defender Security Center
 
-The Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) is where you access and configure features and capabilities of Microsoft Defender ATP. To learn more, see [Overview of Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use).
+The Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) is where you access and configure features and capabilities of Microsoft Defender ATP. To learn more, see [Overview of the Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use).
 
 Permissions to the Microsoft Defender Security Center can be granted by using either basic permissions or role-based access control (RBAC). We recommend using RBAC so that you have more granular control over permissions.
 

From 94bc8f74d234e342593a341d692fe8cd3d367bb0 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 25 Jun 2020 16:12:26 -0700
Subject: [PATCH 258/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 ...ymantec-to-microsoft-defender-atp-setup.md | 21 +++++--------------
 1 file changed, 5 insertions(+), 16 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 966659047d..98be5dd93e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -91,23 +91,12 @@ To enable Microsoft Defender Antivirus, we recommend using Intune. However, you
 
 ### Verify that Microsoft Defender Antivirus is in passive mode
 
-You can use either [Command Prompt](#use-command-prompt) or [PowerShell](#use-powershell) to perform this task.
+You can use either Command Prompt or PowerShell to perform this task, as described in the following table:
 
-#### Use Command Prompt
-
-1. On a Windows device, open Command Prompt as an administrator.
-
-2. Type `sc query windefend`, and then press Enter.
-
-3. Review the results to confirm that Microsoft Defender Antivirus is running in passive mode.
-
-#### Use PowerShell
-
-1. On a Windows device, open Windows PowerShell as an administrator.
-
-2. Run the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/Get-MpComputerStatus?view=win10-ps) cmdlet. 
-
-3. In the list of results, look for **AntivirusEnabled: True**. 
+|Method  |Procedure  |
+|---------|---------|
+|Command Prompt     |1. On a Windows device, open Command Prompt as an administrator. <br/><br/>2. Type `sc query windefend`, and then press Enter.<br/><br/>3. Review the results to confirm that Microsoft Defender Antivirus is running in passive mode.         |
+|PowerShell     |1. On a Windows device, open Windows PowerShell as an administrator.<br/><br/>2. Run the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/Get-MpComputerStatus?view=win10-ps) cmdlet. <br/><br/>3. In the list of results, look for **AntivirusEnabled: True**.          |
 
 ## Add Microsoft Defender ATP to the exclusion list for Symantec
 

From 771132b12cf86d08d187d384a99ab91c6d15cf52 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 25 Jun 2020 16:16:00 -0700
Subject: [PATCH 259/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md               | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 98be5dd93e..5128d2f987 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -104,8 +104,8 @@ This step of the setup process involves adding Microsoft Defender ATP to the exc
 
 |OS |Exclusions |
 |--|--|
-|Windows 10, [version 1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803) or later (See [Windows 10 release information](https://docs.microsoft.com/windows/release-information))<br/><br/>Windows 10, version 1703 or [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709) with [KB4493441](https://support.microsoft.com/help/4493441) installed <br/><br/>[Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/><br/>[Windows Server, version 1803](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) |`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe`<br/>  |
-|[Windows 8.1](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2) <br/><br/>[Windows 7](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/><br/>[Windows Server 2016](https://docs.microsoft.com/windows/release-information/status-windows-10-1607-and-windows-server-2016)<br/><br/>[Windows Server 2012 R2](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/><br/>[Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1) |`C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 6\45\MsSenseS.exe`<br/><br/>**NOTE**: Where Monitoring Host Temporary Files 6\45 can be different numbered subfolders.<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\AgentControlPanel.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HSLockdown.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MOMPerfSnapshotHelper.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\TestCloudConnection.exe` |
+|- Windows 10, [version 1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803) or later (See [Windows 10 release information](https://docs.microsoft.com/windows/release-information))<br/>- Windows 10, version 1703 or [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709) with [KB4493441](https://support.microsoft.com/help/4493441) installed <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server, version 1803](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) |`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe`<br/>  |
+|- [Windows 8.1](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2) <br/>- [Windows 7](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/>- [Windows Server 2016](https://docs.microsoft.com/windows/release-information/status-windows-10-1607-and-windows-server-2016)<br/>- [Windows Server 2012 R2](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/>- [Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1) |`C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 6\45\MsSenseS.exe`<br/><br/>**NOTE**: Where Monitoring Host Temporary Files 6\45 can be different numbered subfolders.<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\AgentControlPanel.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HSLockdown.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MOMPerfSnapshotHelper.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\TestCloudConnection.exe` |
 
 ## Add Symantec to the exclusion list for Microsoft Defender Antivirus
 

From 09f39ee78af7d9326183e09b0245d39ec1e61e2f Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 25 Jun 2020 16:18:21 -0700
Subject: [PATCH 260/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 5128d2f987..6491046d27 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -93,7 +93,7 @@ To enable Microsoft Defender Antivirus, we recommend using Intune. However, you
 
 You can use either Command Prompt or PowerShell to perform this task, as described in the following table:
 
-|Method  |Procedure  |
+|Method  |What to do  |
 |---------|---------|
 |Command Prompt     |1. On a Windows device, open Command Prompt as an administrator. <br/><br/>2. Type `sc query windefend`, and then press Enter.<br/><br/>3. Review the results to confirm that Microsoft Defender Antivirus is running in passive mode.         |
 |PowerShell     |1. On a Windows device, open Windows PowerShell as an administrator.<br/><br/>2. Run the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/Get-MpComputerStatus?view=win10-ps) cmdlet. <br/><br/>3. In the list of results, look for **AntivirusEnabled: True**.          |

From 2da8fe125961dd357732a66cd5c2260b529f28a4 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 25 Jun 2020 16:27:43 -0700
Subject: [PATCH 261/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md              | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 6491046d27..0fef643e67 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -79,7 +79,7 @@ Because your organization is still using Symantec, you must set Microsoft Defend
 
 ## Enable Microsoft Defender Antivirus
 
-Because your organization has been using Symantec as your primary antivirus solution, Microsoft Defender Antivirus is most likely disabled on your organization's Windows devices. This step of the migration process involves enabling Microsoft Defender Antivirus, which can run alongside your existing antivirus solution. 
+Because your organization has been using Symantec as your primary antivirus solution, Microsoft Defender Antivirus is most likely disabled on your organization's Windows devices. This step of the migration process involves enabling Microsoft Defender Antivirus. 
 
 To enable Microsoft Defender Antivirus, we recommend using Intune. However, you can also use one of the methods that are listed in the following table:
 
@@ -88,10 +88,9 @@ To enable Microsoft Defender Antivirus, we recommend using Intune. However, you
 |Control Panel in Windows     |Follow the guidance here: [Turn on Microsoft Defender Antivirus](https://docs.microsoft.com/mem/intune/user-help/turn-on-defender-windows).         |
 |[Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm/) <br/>or<br/>[Group Policy Management Console](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus)  |1. Go to `Computer configuration > Administrative templates > Windows components > Microsoft Defender Antivirus`. <br/><br/>2. Look for a policy called **Turn off Microsoft Defender Antivirus**.<br/> <br/>3. Choose **Edit policy setting**, and make sure that policy is disabled. This enables Microsoft Defender Antivirus.  |
 
-
 ### Verify that Microsoft Defender Antivirus is in passive mode
 
-You can use either Command Prompt or PowerShell to perform this task, as described in the following table:
+Microsoft Defender Antivirus can run alongside Symantec if you set Microsoft Defender Antivirus to passive mode. You can use either Command Prompt or PowerShell to perform this task, as described in the following table:
 
 |Method  |What to do  |
 |---------|---------|

From 8c3db485bed0c0a1181e371ae2660fe5272e0bb2 Mon Sep 17 00:00:00 2001
From: Rick Munck <33725928+jmunck@users.noreply.github.com>
Date: Fri, 26 Jun 2020 09:23:42 -0500
Subject: [PATCH 262/331] Update microsoft-defender-antivirus-compatibility.md

---
 .../microsoft-defender-antivirus-compatibility.md               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
index 07b211d997..1c06747e7f 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
@@ -84,7 +84,7 @@ If you are enrolled in Microsoft Defender ATP and you are using a third party an
 
 When Microsoft Defender Antivirus is automatic disabled, it can automatically re-enable if the protection offered by a third-party antivirus product expires or otherwise stops providing real-time protection from viruses, malware or other threats. This is to ensure antivirus protection is maintained on the endpoint. It also allows you to enable [limited periodic scanning](limited-periodic-scanning-microsoft-defender-antivirus.md), which uses the Microsoft Defender Antivirus engine to periodically check for threats in addition to your main antivirus app.
 
-In passive and automatic disabled mode, you can still [manage updates for Microsoft Defender Antivirus](manage-updates-baselines-microsoft-defender-antivirus.md); however, you can't move Microsoft Defender Antivirus into the normal active mode if your endpoints have an up-to-date third-party product providing real-time protection from malware.
+In passive mode, you can still [manage updates for Microsoft Defender Antivirus](manage-updates-baselines-microsoft-defender-antivirus.md); however, you can't move Microsoft Defender Antivirus into the normal active mode if your endpoints have an up-to-date third-party product providing real-time protection from malware.
 
 If you uninstall the other product, and choose to use Microsoft Defender Antivirus to provide protection to your endpoints, Microsoft Defender Antivirus will automatically return to its normal active mode.
 

From 79b5149e5bdc04414e36a44b479838bd3c21fa23 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 26 Jun 2020 13:04:30 -0700
Subject: [PATCH 263/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md               | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 0fef643e67..7f13595af1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -81,10 +81,12 @@ Because your organization is still using Symantec, you must set Microsoft Defend
 
 Because your organization has been using Symantec as your primary antivirus solution, Microsoft Defender Antivirus is most likely disabled on your organization's Windows devices. This step of the migration process involves enabling Microsoft Defender Antivirus. 
 
-To enable Microsoft Defender Antivirus, we recommend using Intune. However, you can also use one of the methods that are listed in the following table:
+To enable Microsoft Defender Antivirus, we recommend using Microsoft Endpoint Manager (ths is replacing Intune soon). However, you can also use one of the methods that are listed in the following table:
 
 |Method  |What to do  |
 |---------|---------|
+|[Intune](https://docs.microsoft.com/mem/intune) |1. Go to [https://portal.azure.com](https://portal.azure.com) and sign in.<br/><br/>2. Under **Azure services**, select **Intune**.<br/><br/>3. Select **Device configuration > Profiles**, and then select the **Device restrictions** profile type you want to configure. If you haven't yet created a **Device restrictions** profile type, or if you want to create a new one, see [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure).<br/><br/>4. Select **Properties**, select **Settings: Configure**, and then select **Microsoft Defender Antivirus**.<br/><br/>5. On the **Cloud-delivered protection** switch, select **Enable**.<br/><br/>6. In the **Prompt users before sample submission** dropdown, select **Send all data without prompting**.<br/><br/>7. In the **Submit samples consent** dropdown, select one of the following:<br/>- **Send safe samples automatically**<br/>- **Send all samples automatically**<br/><br/>**NOTE**: The **Send safe samples automatically** option means that most samples will be sent automatically. Files that are likely to contain personal information will still prompt and require additional confirmation.<br/><br/>**WARNING**: Setting to **Always Prompt** will lower the protection state of the device. Setting to **Never send** means the [Block at First Sight](configure-block-at-first-sight-microsoft-defender-antivirus.md) feature of Microsoft Defender ATP won't work.<br/><br/>8. Click **OK** to exit the **Microsoft Defender Antivirus** settings pane, click **OK** to exit the **Device restrictions** pane, and then click **Save** to save the changes to your **Device restrictions** profile.<br/><br/>For more information about Intune device profiles, including how to create and configure their settings, see [What are Microsoft Intune device profiles?](https://docs.microsoft.com/intune/device-profiles)
+  |
 |Control Panel in Windows     |Follow the guidance here: [Turn on Microsoft Defender Antivirus](https://docs.microsoft.com/mem/intune/user-help/turn-on-defender-windows).         |
 |[Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm/) <br/>or<br/>[Group Policy Management Console](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus)  |1. Go to `Computer configuration > Administrative templates > Windows components > Microsoft Defender Antivirus`. <br/><br/>2. Look for a policy called **Turn off Microsoft Defender Antivirus**.<br/> <br/>3. Choose **Edit policy setting**, and make sure that policy is disabled. This enables Microsoft Defender Antivirus.  |
 

From 30c7ad77000d002c4110912c27753ed493704ffe Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 26 Jun 2020 13:06:31 -0700
Subject: [PATCH 264/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 7f13595af1..8dc2944024 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -81,7 +81,7 @@ Because your organization is still using Symantec, you must set Microsoft Defend
 
 Because your organization has been using Symantec as your primary antivirus solution, Microsoft Defender Antivirus is most likely disabled on your organization's Windows devices. This step of the migration process involves enabling Microsoft Defender Antivirus. 
 
-To enable Microsoft Defender Antivirus, we recommend using Microsoft Endpoint Manager (ths is replacing Intune soon). However, you can also use one of the methods that are listed in the following table:
+To enable Microsoft Defender Antivirus, we recommend using Intune. However, you can any of the methods that are listed in the following table:
 
 |Method  |What to do  |
 |---------|---------|

From 6cd3d76a9e881d467ed10ee1939f813bc05c8d73 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 26 Jun 2020 15:11:35 -0700
Subject: [PATCH 265/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md                | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 8dc2944024..a4186d89ca 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -85,8 +85,7 @@ To enable Microsoft Defender Antivirus, we recommend using Intune. However, you
 
 |Method  |What to do  |
 |---------|---------|
-|[Intune](https://docs.microsoft.com/mem/intune) |1. Go to [https://portal.azure.com](https://portal.azure.com) and sign in.<br/><br/>2. Under **Azure services**, select **Intune**.<br/><br/>3. Select **Device configuration > Profiles**, and then select the **Device restrictions** profile type you want to configure. If you haven't yet created a **Device restrictions** profile type, or if you want to create a new one, see [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure).<br/><br/>4. Select **Properties**, select **Settings: Configure**, and then select **Microsoft Defender Antivirus**.<br/><br/>5. On the **Cloud-delivered protection** switch, select **Enable**.<br/><br/>6. In the **Prompt users before sample submission** dropdown, select **Send all data without prompting**.<br/><br/>7. In the **Submit samples consent** dropdown, select one of the following:<br/>- **Send safe samples automatically**<br/>- **Send all samples automatically**<br/><br/>**NOTE**: The **Send safe samples automatically** option means that most samples will be sent automatically. Files that are likely to contain personal information will still prompt and require additional confirmation.<br/><br/>**WARNING**: Setting to **Always Prompt** will lower the protection state of the device. Setting to **Never send** means the [Block at First Sight](configure-block-at-first-sight-microsoft-defender-antivirus.md) feature of Microsoft Defender ATP won't work.<br/><br/>8. Click **OK** to exit the **Microsoft Defender Antivirus** settings pane, click **OK** to exit the **Device restrictions** pane, and then click **Save** to save the changes to your **Device restrictions** profile.<br/><br/>For more information about Intune device profiles, including how to create and configure their settings, see [What are Microsoft Intune device profiles?](https://docs.microsoft.com/intune/device-profiles)
-  |
+|[Intune](https://docs.microsoft.com/mem/intune) |1. Go to [https://portal.azure.com](https://portal.azure.com) and sign in.<br/><br/>2. Under **Azure services**, select **Intune**.<br/><br/>3. Select **Device configuration > Profiles**, and then select the **Device restrictions** profile type you want to configure. If you haven't yet created a **Device restrictions** profile type, or if you want to create a new one, see [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure).<br/><br/>4. Select **Properties**, select **Settings: Configure**, and then select **Microsoft Defender Antivirus**.<br/><br/>5. On the **Cloud-delivered protection** switch, select **Enable**.<br/><br/>6. In the **Prompt users before sample submission** dropdown, select **Send all data without prompting**.<br/><br/>7. In the **Submit samples consent** dropdown, select one of the following:<br/>- **Send safe samples automatically**<br/>- **Send all samples automatically**<br/><br/>**NOTE**: The **Send safe samples automatically** option means that most samples will be sent automatically. Files that are likely to contain personal information will still prompt and require additional confirmation.<br/><br/>**WARNING**: Setting to **Always Prompt** will lower the protection state of the device. Setting to **Never send** means the [Block at First Sight](configure-block-at-first-sight-microsoft-defender-antivirus.md) feature of Microsoft Defender ATP won't work.<br/><br/>8. Click **OK** to exit the **Microsoft Defender Antivirus** settings pane, click **OK** to exit the **Device restrictions** pane, and then click **Save** to save the changes to your **Device restrictions** profile.<br/><br/>For more information about Intune device profiles, including how to create and configure their settings, see [What are Microsoft Intune device profiles?](https://docs.microsoft.com/intune/device-profiles)|
 |Control Panel in Windows     |Follow the guidance here: [Turn on Microsoft Defender Antivirus](https://docs.microsoft.com/mem/intune/user-help/turn-on-defender-windows).         |
 |[Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm/) <br/>or<br/>[Group Policy Management Console](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus)  |1. Go to `Computer configuration > Administrative templates > Windows components > Microsoft Defender Antivirus`. <br/><br/>2. Look for a policy called **Turn off Microsoft Defender Antivirus**.<br/> <br/>3. Choose **Edit policy setting**, and make sure that policy is disabled. This enables Microsoft Defender Antivirus.  |
 

From 46a86854483a2bafc2ed47bc33ec432271abf0d1 Mon Sep 17 00:00:00 2001
From: Tudor Dobrila <tudor.dobrila@microsoft.com>
Date: Fri, 26 Jun 2020 15:25:53 -0700
Subject: [PATCH 266/331] Add more info on command-line tool and a known issue

---
 .../microsoft-defender-atp/linux-resources.md | 59 +++++++++++++------
 1 file changed, 40 insertions(+), 19 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md b/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md
index a892d04701..22e71176b4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md
@@ -69,26 +69,46 @@ There are several ways to uninstall Microsoft Defender ATP for Linux. If you are
 
 ## Configure from the command line
 
-Important tasks, such as controlling product settings and triggering on-demand scans, can be done from the command line:
+Important tasks, such as controlling product settings and triggering on-demand scans, can be done from the command line.
 
-|Group        |Scenario                                   |Command                                                                |
-|-------------|-------------------------------------------|-----------------------------------------------------------------------|
-|Configuration|Turn on/off real-time protection           |`mdatp config real_time_protection --value [enabled|disabled]`         |
-|Configuration|Turn on/off cloud protection               |`mdatp config cloud --value [enabled|disabled]`                        |
-|Configuration|Turn on/off product diagnostics            |`mdatp config cloud-diagnostic --value [enabled|disabled]`             |
-|Configuration|Turn on/off automatic sample submission    |`mdatp config cloud-automatic-sample-submission [enabled|disabled]`    |
-|Configuration|Turn on/off AV passive mode                |`mdatp config passive-mode [enabled|disabled]`                         |
-|Configuration|Turn on PUA protection                     |`mdatp threat policy set --type potentially_unwanted_application --action block` |
-|Configuration|Turn off PUA protection                    |`mdatp threat policy set --type potentially_unwanted_application --action off` |
-|Configuration|Turn on audit mode for PUA protection      |`mdatp threat policy set --type potentially_unwanted_application --action audit` |
-|Diagnostics  |Change the log level                       |`mdatp log level set --level verbose [error|warning|info|verbose]`     |
-|Diagnostics  |Generate diagnostic logs                   |`mdatp diagnostic create`                                              |
-|Health       |Check the product's health                 |`mdatp health`                                                         |
-|Protection   |Scan a path                                |`mdatp scan custom --path [path]`                                      |
-|Protection   |Do a quick scan                            |`mdatp scan quick`                                                     |
-|Protection   |Do a full scan                             |`mdatp scan full`                                                      |
-|Protection   |Cancel an ongoing on-demand scan           |`mdatp scan cancel`                                                    |
-|Protection   |Request a security intelligence update     |`mdatp definitions update`                                             |
+### Global options
+
+By default, the command-line tool outputs the result in human-readable format. In addition to this, the tool also supports outputting the result as JSON, which is useful for automation scenarios. To change the output to JSON, pass `--output json` to any of the below commands.
+
+### Supported commands
+
+The following table lists commands for some of the most common scenarios. Run `mdatp help` from the Terminal to view the full list of supported commands.
+
+|Group                 |Scenario                                                |Command                                                                |
+|----------------------|--------------------------------------------------------|-----------------------------------------------------------------------|
+|Configuration         |Turn on/off real-time protection                        |`mdatp config real-time-protection --value [enabled|disabled]`         |
+|Configuration         |Turn on/off cloud protection                            |`mdatp config cloud --value [enabled|disabled]`                        |
+|Configuration         |Turn on/off product diagnostics                         |`mdatp config cloud-diagnostic --value [enabled|disabled]`             |
+|Configuration         |Turn on/off automatic sample submission                 |`mdatp config cloud-automatic-sample-submission [enabled|disabled]`    |
+|Configuration         |Turn on/off AV passive mode                             |`mdatp config passive-mode [enabled|disabled]`                         |
+|Configuration         |Add/remove an antivirus exclusion for a file extension  |`mdatp exclusion extension [add|remove] --name <extension>`            |
+|Configuration         |Add/remove an antivirus exclusion for a file            |`mdatp exclusion file [add|remove] --path <path-to-file>`              |
+|Configuration         |Add/remove an antivirus exclusion for a directory       |`mdatp exclusion folder [add|remove] --path <path-to-directory>`       |
+|Configuration         |Add/remove an antivirus exclusion for a process         |`mdatp exclusion process [add|remove] --path <path-to-process>`<br/>`mdatp exclusion process [add|remove] --name <process-name>`   |
+|Configuration         |List all antivirus exclusions                           |`mdatp exclusion list`                                                 |
+|Configuration         |Turn on PUA protection                                  |`mdatp threat policy set --type potentially_unwanted_application --action block` |
+|Configuration         |Turn off PUA protection                                 |`mdatp threat policy set --type potentially_unwanted_application --action off` |
+|Configuration         |Turn on audit mode for PUA protection                   |`mdatp threat policy set --type potentially_unwanted_application --action audit` |
+|Diagnostics           |Change the log level                                    |`mdatp log level set --level verbose [error|warning|info|verbose]`     |
+|Diagnostics           |Generate diagnostic logs                                |`mdatp diagnostic create`                                              |
+|Health                |Check the product's health                              |`mdatp health`                                                         |
+|Protection            |Scan a path                                             |`mdatp scan custom --path [path]`                                      |
+|Protection            |Do a quick scan                                         |`mdatp scan quick`                                                     |
+|Protection            |Do a full scan                                          |`mdatp scan full`                                                      |
+|Protection            |Cancel an ongoing on-demand scan                        |`mdatp scan cancel`                                                    |
+|Protection            |Request a security intelligence update                  |`mdatp definitions update`                                             |
+|Protection history    |Print the full protection history                       |`mdatp threat list`                                                    |
+|Protection history    |Get threat details                                      |`mdatp threat get --id <threat-id>`                                    |
+|Quarantine management |List all quarantined files                              |`mdatp threat quarantine list`                                         |
+|Quarantine management |Remove all files from the quarantine                    |`mdatp threat quarantine remove-all`                                   |
+|Quarantine management |Add a file detected as a threat to the quarantine       |`mdatp threat quarantine add --id <threat-id>`                         |
+|Quarantine management |Remove a file detected as a threat from the quarantine  |`mdatp threat quarantine add --id <threat-id>`                         |
+|Quarantine management |Restore a file from the quarantine                      |`mdatp threat quarantine add --id <threat-id>`                         |
 
 ## Microsoft Defender ATP portal information
 
@@ -113,6 +133,7 @@ In the Microsoft Defender ATP portal, you'll see two categories of information:
 
 ### Known issues
 
+- You might see "No sensor data, impaired communications" in the machine information page of the Microsoft Defender Security Center portal, even though the product is working as expected. We are working on addressing this issue.
 - Logged on users do not appear in the Microsoft Defender Security Center portal.
 - In SUSE distributions, if the installation of *libatomic1* fails, you should validate that your OS is registered:
 

From fe3c03f09f9da1300334d2fc5711f52a360c59aa Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Fri, 26 Jun 2020 15:51:19 -0700
Subject: [PATCH 267/331] Update
 detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md

---
 ...k-potentially-unwanted-apps-microsoft-defender-antivirus.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
index 3345190e01..9a71bf89f4 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
@@ -25,6 +25,9 @@ manager: dansimp
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 - [Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/microsoft-edge)
 
+> [!NOTE]
+> Potentially unwanted applications (PUA) are a category of software that can cause your machine to run slowly, display unexpected ads, or at worst, install other software which might not be be unexpected or unwanted. By default in Windows 10 (version 2004 and later), Microsoft Defender Antivirus blocks apps that are considered PUA, for Enterprise (E5) devices.
+
 Potentially unwanted applications (PUA) are not considered viruses, malware, or other types of threats, but they might perform actions on endpoints which adversely affect endpoint performance or use. _PUA_ can also refer to an application that has a poor reputation, as assessed by Microsoft Defender ATP, due to certain kinds of undesirable behavior.
 
 For example:

From 09175712b4e2e8dc102f68ebf60503954755c7da Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 26 Jun 2020 16:48:05 -0700
Subject: [PATCH 268/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index a4186d89ca..f54283829c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -188,7 +188,7 @@ Using Configuration Manager and your device collection(s), configure your antima
 
 - See [Create and deploy antimalware policies for Endpoint Protection in Configuration Manager](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-antimalware-policies).
 
-- While you create and configure your antimalware policies, make sure to review the [real-time protection settings](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-antimalware-policies#real-time-protection-settings).
+- While you create and configure your antimalware policies, make sure to review the [real-time protection settings](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-antimalware-policies#real-time-protection-settings) and [enable block at first sight](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus).
 
 > [!TIP]
 > You can deploy the policies before your organization's devices on onboarded.

From 89cdc813c6b5ad6d8d28cc0b7f0d5e91d1eba36e Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 26 Jun 2020 16:54:49 -0700
Subject: [PATCH 269/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 29d85003b8..006e28807e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -85,4 +85,4 @@ Now that you have onboarded your organization's devices to Microsoft Defender AT
 
 **Congratulations**! You have completed your [migration from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)! 
 
-- [Visit your security operations dashboard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard) in the Microsoft Defender Security Center. 
\ No newline at end of file
+- [Visit your security operations dashboard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard) in the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)). 
\ No newline at end of file

From 50eb0ebb0260f7729ab4b8eab9194e3d065c4d7f Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Sun, 28 Jun 2020 19:29:53 +0500
Subject: [PATCH 270/331] Update
 windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../interactive-logon-require-smart-card.md                     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md
index dcfbae0669..9b05db25f2 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md
@@ -22,7 +22,7 @@ ms.date: 04/19/2017
 **Applies to**
 -   Windows 10
 
-Describes the best practices, location, values, policy management and security considerations for the **Interactive logon: Require smart card** security policy setting.
+Describes the best practices, location, values, policy management, and security considerations for the **Interactive logon: Require smart card** security policy setting.
 
 [Note]
 > You may need to download the ADMX templete for your version of Windows for this policy to be applied. 

From 81966a68e4423ff62d93a0e48a9a9e5e0fc2dac9 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Sun, 28 Jun 2020 19:30:05 +0500
Subject: [PATCH 271/331] Update
 windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../interactive-logon-require-smart-card.md                     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md
index 9b05db25f2..f901dc7511 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md
@@ -24,7 +24,7 @@ ms.date: 04/19/2017
 
 Describes the best practices, location, values, policy management, and security considerations for the **Interactive logon: Require smart card** security policy setting.
 
-[Note]
+> [!NOTE]
 > You may need to download the ADMX templete for your version of Windows for this policy to be applied. 
 
 ## Reference

From 663833d6594411959ad611bd04b12ac43ca54720 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Sun, 28 Jun 2020 19:30:21 +0500
Subject: [PATCH 272/331] Update
 windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../interactive-logon-require-smart-card.md                     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md
index f901dc7511..d58e9bcde6 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md
@@ -25,7 +25,7 @@ ms.date: 04/19/2017
 Describes the best practices, location, values, policy management, and security considerations for the **Interactive logon: Require smart card** security policy setting.
 
 > [!NOTE]
-> You may need to download the ADMX templete for your version of Windows for this policy to be applied. 
+> You may need to download the ADMX template for your version of Windows to enable this policy to be applied. 
 
 ## Reference
 

From 6f1dd28ef6781e78be26527fd079c0d9363b6edc Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 29 Jun 2020 10:22:24 -0700
Subject: [PATCH 273/331] link fix

replacing https://securitycenter.windows.com with https://aka.ms/mdatpportal
---
 .../symantec-to-microsoft-defender-atp-onboard.md             | 4 ++--
 .../symantec-to-microsoft-defender-atp-prepare.md             | 4 ++--
 .../symantec-to-microsoft-defender-atp-setup.md               | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 006e28807e..41deadab21 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -29,7 +29,7 @@ ms.topic: article
 
 ## Onboard devices to Microsoft Defender ATP
 
-1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in.
+1. Go to the Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)) and sign in.
 
 2. Choose **Settings** > **Device management** > **Onboarding**. 
 
@@ -85,4 +85,4 @@ Now that you have onboarded your organization's devices to Microsoft Defender AT
 
 **Congratulations**! You have completed your [migration from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)! 
 
-- [Visit your security operations dashboard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard) in the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)). 
\ No newline at end of file
+- [Visit your security operations dashboard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard) in the Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)). 
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
index 448a09e4bd..9e3dbfb67e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
@@ -40,14 +40,14 @@ To get started, you must have Microsoft Defender ATP, with licenses assigned and
 
 4. If endpoints (such as devices) in your organization use a proxy to access the internet, see [Microsoft Defender ATP setup: Network configuration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#network-configuration).
  
-At this point, you are ready to grant access to your security administrators and security operators who will use the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)). 
+At this point, you are ready to grant access to your security administrators and security operators who will use the Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)). 
 
 > [!NOTE]
 > The Microsoft Defender Security Center is sometimes referred to as the Microsoft Defender ATP portal. 
 
 ## Grant access to the Microsoft Defender Security Center
 
-The Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) is where you access and configure features and capabilities of Microsoft Defender ATP. To learn more, see [Overview of the Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use).
+The Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)) is where you access and configure features and capabilities of Microsoft Defender ATP. To learn more, see [Overview of the Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use).
 
 Permissions to the Microsoft Defender Security Center can be granted by using either basic permissions or role-based access control (RBAC). We recommend using RBAC so that you have more granular control over permissions.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index f54283829c..f7929cacfb 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -131,7 +131,7 @@ You can choose from several methods to add your exclusions to Microsoft Defender
 
 To add exclusions to Microsoft Defender ATP, you create [indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators#create-indicators-for-files).
 
-1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in.
+1. Go to the Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)) and sign in.
 
 2. In the navigation pane, choose **Settings** > **Rules** > **Indicators**.
 
@@ -178,7 +178,7 @@ File(c:\\windows\\notepad.exe)
 
 | Collection type | What to do |
 |--|--|
-|[Device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) (formerly called machine groups) enable your security operations team to configure security capabilities, such as automated investigation and remediation.<br/><br/> Device groups are also useful for assigning access to those devices so that your security operations team can take remediation actions if needed. <br/><br/>Device groups are created in the Microsoft Defender Security Center. |1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)).<br/><br/>2. In the navigation pane on the left, choose **Settings** > **Permissions** > **Device groups**.  <br/><br/>3. Choose **+ Add device group**.<br/><br/>4. Specify a name and description for the device group.<br/><br/>5. In the **Automation level** list, select an option. (We recommend **Full - remediate threats automatically**.) To learn more about the various automation levels, see [How threats are remediated](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations#how-threats-are-remediated).<br/><br/>6. Specify conditions for a matching rule to determine which devices belong to the device group. For example, you can choose a domain, OS versions, or even use [device tags](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-tags). <br/><br/>7. On the **User access** tab, specify roles that should have access to the devices that are included in the device group. <br/><br/>8. Choose **Done**. |
+|[Device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) (formerly called machine groups) enable your security operations team to configure security capabilities, such as automated investigation and remediation.<br/><br/> Device groups are also useful for assigning access to those devices so that your security operations team can take remediation actions if needed. <br/><br/>Device groups are created in the Microsoft Defender Security Center. |1. Go to the Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)).<br/><br/>2. In the navigation pane on the left, choose **Settings** > **Permissions** > **Device groups**.  <br/><br/>3. Choose **+ Add device group**.<br/><br/>4. Specify a name and description for the device group.<br/><br/>5. In the **Automation level** list, select an option. (We recommend **Full - remediate threats automatically**.) To learn more about the various automation levels, see [How threats are remediated](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations#how-threats-are-remediated).<br/><br/>6. Specify conditions for a matching rule to determine which devices belong to the device group. For example, you can choose a domain, OS versions, or even use [device tags](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-tags). <br/><br/>7. On the **User access** tab, specify roles that should have access to the devices that are included in the device group. <br/><br/>8. Choose **Done**. |
 |[Device collections](https://docs.microsoft.com/mem/configmgr/core/clients/manage/collections/introduction-to-collections) enable your security operations team to manage applications, deploy compliance settings, or install software updates on the devices in your organization. <br/><br/>Device collections are created by using [Configuration Manager](https://docs.microsoft.com/mem/configmgr/). |Follow the steps in [Create a collection](https://docs.microsoft.com/mem/configmgr/core/clients/manage/collections/create-collections#bkmk_create). |
 |[Organizational units](https://docs.microsoft.com/azure/active-directory-domain-services/create-ou) enable you to logically group objects such as user accounts, service accounts, or computer accounts. You can then assign administrators to specific organizational units, and apply group policy to enforce targeted configuration settings.<br/><br/> Organizational units are defined in [Azure Active Directory Domain Services](https://docs.microsoft.com/azure/active-directory-domain-services). | Follow the steps in [Create an Organizational Unit in an Azure Active Directory Domain Services managed domain](https://docs.microsoft.com/azure/active-directory-domain-services/create-ou). |
 

From 4c5c6e04c382e4056f447b7ba4e9405bb302dbd9 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 29 Jun 2020 10:43:58 -0700
Subject: [PATCH 274/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md              | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index f7929cacfb..5d10c680f1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -51,8 +51,9 @@ Now that you're moving from Symantec to Microsoft Defender ATP, you'll need to e
 
 1. As a local administrator on the endpoint or device, open Windows PowerShell.
 
-2. Run the following PowerShell cmdlet: <br/>
-   `Get-Service -Name windefend`
+2. Run the following PowerShell cmdlets: <br/>
+   `Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender-Features` <br/>
+   `Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender` <br/>
 
 3. To verify Microsoft Defender Antivirus is running, use the following PowerShell cmdlet: <br/>
    `Get-Service -Name windefend`

From dcf524da76a9c22891db14952f6b7417ffe2cd0b Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Mon, 29 Jun 2020 11:25:03 -0700
Subject: [PATCH 275/331] Update
 detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md

---
 ...ck-potentially-unwanted-apps-microsoft-defender-antivirus.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
index 9a71bf89f4..40994831c4 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
@@ -13,7 +13,7 @@ author: denisebmsft
 ms.author: deniseb
 ms.custom: nextgen
 audience: ITPro
-ms.date: 02/12/2020
+ms.date:
 ms.reviewer: 
 manager: dansimp
 ---

From b8dd02c2522b892b93e5f691e851016483c00065 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 29 Jun 2020 11:28:24 -0700
Subject: [PATCH 276/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 5d10c680f1..6639add709 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -86,7 +86,7 @@ To enable Microsoft Defender Antivirus, we recommend using Intune. However, you
 
 |Method  |What to do  |
 |---------|---------|
-|[Intune](https://docs.microsoft.com/mem/intune) |1. Go to [https://portal.azure.com](https://portal.azure.com) and sign in.<br/><br/>2. Under **Azure services**, select **Intune**.<br/><br/>3. Select **Device configuration > Profiles**, and then select the **Device restrictions** profile type you want to configure. If you haven't yet created a **Device restrictions** profile type, or if you want to create a new one, see [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure).<br/><br/>4. Select **Properties**, select **Settings: Configure**, and then select **Microsoft Defender Antivirus**.<br/><br/>5. On the **Cloud-delivered protection** switch, select **Enable**.<br/><br/>6. In the **Prompt users before sample submission** dropdown, select **Send all data without prompting**.<br/><br/>7. In the **Submit samples consent** dropdown, select one of the following:<br/>- **Send safe samples automatically**<br/>- **Send all samples automatically**<br/><br/>**NOTE**: The **Send safe samples automatically** option means that most samples will be sent automatically. Files that are likely to contain personal information will still prompt and require additional confirmation.<br/><br/>**WARNING**: Setting to **Always Prompt** will lower the protection state of the device. Setting to **Never send** means the [Block at First Sight](configure-block-at-first-sight-microsoft-defender-antivirus.md) feature of Microsoft Defender ATP won't work.<br/><br/>8. Click **OK** to exit the **Microsoft Defender Antivirus** settings pane, click **OK** to exit the **Device restrictions** pane, and then click **Save** to save the changes to your **Device restrictions** profile.<br/><br/>For more information about Intune device profiles, including how to create and configure their settings, see [What are Microsoft Intune device profiles?](https://docs.microsoft.com/intune/device-profiles)|
+|[Intune](https://docs.microsoft.com/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager) <br/><br/>**NOTE**: Intune is now Microsoft Endpoint Manager. |1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and sign in.<br/><br/>2. Select **Devices** > **Configuration profiles**, and then select the profile type you want to configure. If you haven't yet created a **Device restrictions** profile type, or if you want to create a new one, see [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure).<br/><br/>3. Select **Properties**, and then select **Configuration settings: Edit**.<br/><br/>4. Expand **Microsoft Defender Antivirus**. <br/><br/>5. Enable **Cloud-delivered protection**.<br/><br/>6. In the **Prompt users before sample submission** dropdown, select **Send all samples automatically**.<br/><br/>7. In the **Detect potentially unwanted applications** dropdown, select **Enable** or **Audit**.<br/><br/>8. Select **Review + save**, and then choose **Save**.<br/><br/>For more information about Intune device profiles, including how to create and configure their settings, see [What are Microsoft Intune device profiles?](https://docs.microsoft.com/intune/device-profiles)|
 |Control Panel in Windows     |Follow the guidance here: [Turn on Microsoft Defender Antivirus](https://docs.microsoft.com/mem/intune/user-help/turn-on-defender-windows).         |
 |[Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm/) <br/>or<br/>[Group Policy Management Console](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus)  |1. Go to `Computer configuration > Administrative templates > Windows components > Microsoft Defender Antivirus`. <br/><br/>2. Look for a policy called **Turn off Microsoft Defender Antivirus**.<br/> <br/>3. Choose **Edit policy setting**, and make sure that policy is disabled. This enables Microsoft Defender Antivirus.  |
 

From f15c100fd02d79a7e30a3040fb36c484ad0a5954 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 29 Jun 2020 12:01:43 -0700
Subject: [PATCH 277/331] Update
 symantec-to-microsoft-defender-atp-migration.md

---
 .../symantec-to-microsoft-defender-atp-migration.md             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index ce3ad17fdf..d9d91b4835 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -35,7 +35,7 @@ When you switch from Symantec to Microsoft Defender ATP, you follow a process th
 
 ## What's included in Microsoft Defender ATP?
 
-In this migration guide, we focus on [next-generation protection](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) and [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) capabilities as a starting point for moving to Microsoft Defender ATP. However, Microsoft Defender ATP includes much more than antivirus and endpoint protection. Microsoft Defender ATP is a unified platform for preventative protection, post-breach detection, automated investigation, and response. The following table summarizes features and capabilities in Microsoft Defender ATP. 
+In this migration guide, we focus on [next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) and [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) capabilities as a starting point for moving to Microsoft Defender ATP. However, Microsoft Defender ATP includes much more than antivirus and endpoint protection. Microsoft Defender ATP is a unified platform for preventative protection, post-breach detection, automated investigation, and response. The following table summarizes features and capabilities in Microsoft Defender ATP. 
 
 | Feature/Capability | Description |
 |---|---|

From 052febc6b41d0f8adbd5579356cdfe78dfe6102f Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 29 Jun 2020 12:03:59 -0700
Subject: [PATCH 278/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 6639add709..7d8cde33bc 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -25,7 +25,7 @@ ms.topic: article
 1. [Enable or reinstall Microsoft Defender Antivirus (for certain versions of Windows)](#enable-or-reinstall-microsoft-defender-antivirus-for-certain-versions-of-windows).
 2. [Enable Microsoft Defender Antivirus](#enable-microsoft-defender-antivirus).
 3. [Add Microsoft Defender ATP to the exclusion list for Symantec](#add-microsoft-defender-atp-to-the-exclusion-list-for-symantec).
-4. [Add Symantec to the exclusion list for Microsoft Defender Antivirus](#add-symantec-to-the-exclusion-list-for-microsoft-defender-av). 
+4. [Add Symantec to the exclusion list for Microsoft Defender Antivirus](#add-symantec-to-the-exclusion-list-for-microsoft-defender-antivirus).
 5. [Add Symantec to the exclusion list for Microsoft Defender ATP](#add-symantec-to-the-exclusion-list-for-microsoft-defender-atp).
 6. [Set up your device groups, device collections, and organizational units](#set-up-your-device-groups-device-collections-and-organizational-units).
 7. [Configure antimalware policies and real-time protection](#configure-antimalware-policies-and-real-time-protection).

From 6ebc460abb1217c567d053a338167f1cc60f0cee Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 29 Jun 2020 12:05:05 -0700
Subject: [PATCH 279/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 7d8cde33bc..e6fc34485f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -189,7 +189,7 @@ Using Configuration Manager and your device collection(s), configure your antima
 
 - See [Create and deploy antimalware policies for Endpoint Protection in Configuration Manager](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-antimalware-policies).
 
-- While you create and configure your antimalware policies, make sure to review the [real-time protection settings](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-antimalware-policies#real-time-protection-settings) and [enable block at first sight](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus).
+- While you create and configure your antimalware policies, make sure to review the [real-time protection settings](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-antimalware-policies#real-time-protection-settings) and [enable block at first sight](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus).
 
 > [!TIP]
 > You can deploy the policies before your organization's devices on onboarded.

From 24435cae6be74480b762739b413d4f82acb1fd7c Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 29 Jun 2020 12:10:13 -0700
Subject: [PATCH 280/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index e6fc34485f..2530833082 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -88,7 +88,7 @@ To enable Microsoft Defender Antivirus, we recommend using Intune. However, you
 |---------|---------|
 |[Intune](https://docs.microsoft.com/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager) <br/><br/>**NOTE**: Intune is now Microsoft Endpoint Manager. |1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and sign in.<br/><br/>2. Select **Devices** > **Configuration profiles**, and then select the profile type you want to configure. If you haven't yet created a **Device restrictions** profile type, or if you want to create a new one, see [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure).<br/><br/>3. Select **Properties**, and then select **Configuration settings: Edit**.<br/><br/>4. Expand **Microsoft Defender Antivirus**. <br/><br/>5. Enable **Cloud-delivered protection**.<br/><br/>6. In the **Prompt users before sample submission** dropdown, select **Send all samples automatically**.<br/><br/>7. In the **Detect potentially unwanted applications** dropdown, select **Enable** or **Audit**.<br/><br/>8. Select **Review + save**, and then choose **Save**.<br/><br/>For more information about Intune device profiles, including how to create and configure their settings, see [What are Microsoft Intune device profiles?](https://docs.microsoft.com/intune/device-profiles)|
 |Control Panel in Windows     |Follow the guidance here: [Turn on Microsoft Defender Antivirus](https://docs.microsoft.com/mem/intune/user-help/turn-on-defender-windows).         |
-|[Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm/) <br/>or<br/>[Group Policy Management Console](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus)  |1. Go to `Computer configuration > Administrative templates > Windows components > Microsoft Defender Antivirus`. <br/><br/>2. Look for a policy called **Turn off Microsoft Defender Antivirus**.<br/> <br/>3. Choose **Edit policy setting**, and make sure that policy is disabled. This enables Microsoft Defender Antivirus.  |
+|[Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm/) <br/>or<br/>[Group Policy Management Console](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus)  |1. Go to `Computer configuration > Administrative templates > Windows components > Microsoft Defender Antivirus`. <br/><br/>2. Look for a policy called **Turn off Microsoft Defender Antivirus**.<br/> <br/>3. Choose **Edit policy setting**, and make sure that policy is disabled. This enables Microsoft Defender Antivirus. <br/><br/>**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows. |
 
 ### Verify that Microsoft Defender Antivirus is in passive mode
 

From e70ae772a233a3bbf156af9258778863a0191cb1 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 29 Jun 2020 12:10:59 -0700
Subject: [PATCH 281/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 2530833082..91b4e33418 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -87,7 +87,7 @@ To enable Microsoft Defender Antivirus, we recommend using Intune. However, you
 |Method  |What to do  |
 |---------|---------|
 |[Intune](https://docs.microsoft.com/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager) <br/><br/>**NOTE**: Intune is now Microsoft Endpoint Manager. |1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and sign in.<br/><br/>2. Select **Devices** > **Configuration profiles**, and then select the profile type you want to configure. If you haven't yet created a **Device restrictions** profile type, or if you want to create a new one, see [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure).<br/><br/>3. Select **Properties**, and then select **Configuration settings: Edit**.<br/><br/>4. Expand **Microsoft Defender Antivirus**. <br/><br/>5. Enable **Cloud-delivered protection**.<br/><br/>6. In the **Prompt users before sample submission** dropdown, select **Send all samples automatically**.<br/><br/>7. In the **Detect potentially unwanted applications** dropdown, select **Enable** or **Audit**.<br/><br/>8. Select **Review + save**, and then choose **Save**.<br/><br/>For more information about Intune device profiles, including how to create and configure their settings, see [What are Microsoft Intune device profiles?](https://docs.microsoft.com/intune/device-profiles)|
-|Control Panel in Windows     |Follow the guidance here: [Turn on Microsoft Defender Antivirus](https://docs.microsoft.com/mem/intune/user-help/turn-on-defender-windows).         |
+|Control Panel in Windows     |Follow the guidance here: [Turn on Microsoft Defender Antivirus](https://docs.microsoft.com/mem/intune/user-help/turn-on-defender-windows). <br/><br/>**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.        |
 |[Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm/) <br/>or<br/>[Group Policy Management Console](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus)  |1. Go to `Computer configuration > Administrative templates > Windows components > Microsoft Defender Antivirus`. <br/><br/>2. Look for a policy called **Turn off Microsoft Defender Antivirus**.<br/> <br/>3. Choose **Edit policy setting**, and make sure that policy is disabled. This enables Microsoft Defender Antivirus. <br/><br/>**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows. |
 
 ### Verify that Microsoft Defender Antivirus is in passive mode

From 86bdd115537b936435cdbb4f60ca090a4ec9453b Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 29 Jun 2020 12:28:06 -0700
Subject: [PATCH 282/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md               | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 91b4e33418..d58c04c9bf 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -86,7 +86,7 @@ To enable Microsoft Defender Antivirus, we recommend using Intune. However, you
 
 |Method  |What to do  |
 |---------|---------|
-|[Intune](https://docs.microsoft.com/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager) <br/><br/>**NOTE**: Intune is now Microsoft Endpoint Manager. |1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and sign in.<br/><br/>2. Select **Devices** > **Configuration profiles**, and then select the profile type you want to configure. If you haven't yet created a **Device restrictions** profile type, or if you want to create a new one, see [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure).<br/><br/>3. Select **Properties**, and then select **Configuration settings: Edit**.<br/><br/>4. Expand **Microsoft Defender Antivirus**. <br/><br/>5. Enable **Cloud-delivered protection**.<br/><br/>6. In the **Prompt users before sample submission** dropdown, select **Send all samples automatically**.<br/><br/>7. In the **Detect potentially unwanted applications** dropdown, select **Enable** or **Audit**.<br/><br/>8. Select **Review + save**, and then choose **Save**.<br/><br/>For more information about Intune device profiles, including how to create and configure their settings, see [What are Microsoft Intune device profiles?](https://docs.microsoft.com/intune/device-profiles)|
+|[Intune](https://docs.microsoft.com/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager) <br/><br/>**NOTE**: Intune is now Microsoft Endpoint Manager. |1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and sign in.<br/><br/>2. Select **Devices** > **Configuration profiles**, and then select the profile type you want to configure. If you haven't yet created a **Device restrictions** profile type, or if you want to create a new one, see [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure).<br/><br/>3. Select **Properties**, and then select **Configuration settings: Edit**.<br/><br/>4. Expand **Microsoft Defender Antivirus**. <br/><br/>5. Enable **Cloud-delivered protection**.<br/><br/>6. In the **Prompt users before sample submission** dropdown, select **Send all samples automatically**.<br/><br/>7. In the **Detect potentially unwanted applications** dropdown, select **Enable** or **Audit**.<br/><br/>8. Select **Review + save**, and then choose **Save**.<br/><br/>For more information about Intune device profiles, including how to create and configure their settings, see [What are Microsoft Intune device profiles?](https://docs.microsoft.com/intune/device-profiles).|
 |Control Panel in Windows     |Follow the guidance here: [Turn on Microsoft Defender Antivirus](https://docs.microsoft.com/mem/intune/user-help/turn-on-defender-windows). <br/><br/>**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.        |
 |[Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm/) <br/>or<br/>[Group Policy Management Console](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus)  |1. Go to `Computer configuration > Administrative templates > Windows components > Microsoft Defender Antivirus`. <br/><br/>2. Look for a policy called **Turn off Microsoft Defender Antivirus**.<br/> <br/>3. Choose **Edit policy setting**, and make sure that policy is disabled. This enables Microsoft Defender Antivirus. <br/><br/>**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows. |
 
@@ -122,7 +122,7 @@ You can choose from several methods to add your exclusions to Microsoft Defender
 
 |Method | What to do|
 |--|--|
-|[Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune) |1. Go to the Azure portal [https://portal.azure.com](https://portal.azure.com) and sign in.<br/><br/>2. In the list of Azure services, select **Intune**.<br/><br/>3. Go to **Device Configuration** > **Profiles**, and then select your profile for AV. If you need to create a profile, see [Create the profile](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-configure#create-the-profile).<br/><br/>4. Go to **Properties**, and then edit your **Configuration settings**. <br/><br/>5. Expand **Microsoft Defender Antivirus**, and then expand **Microsoft Defender Antivirus Exclusions**.<br/><br/>6. **Settings** > **Microsoft Defender Antivirus** > **Microsoft Defender Antivirus Exclusions**.<br/><br/>7. Specify the files and folders, extensions, and processes to exclude from Microsoft Defender Antivirus scans. For reference, see [Microsoft Defender Antivirus exclusions](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions).  |
+|[Intune](https://docs.microsoft.com/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager) <br/><br/>**NOTE**: Intune is now Microsoft Endpoint Manager. ||1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and sign in.<br/><br/>2. Select **Devices** > **Configuration profiles**, and then select the profile type you want to configure.<br/><br/>3. Go to **Device Configuration** > **Profiles**, and then select your profile for AV. If you need to create a profile, see [Create the profile](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-configure#create-the-profile).<br/><br/>4. Go to **Properties**, and then edit your **Configuration settings**. <br/><br/>5. Expand **Microsoft Defender Antivirus**, and then expand **Microsoft Defender Antivirus Exclusions**.<br/><br/>6. **Settings** > **Microsoft Defender Antivirus** > **Microsoft Defender Antivirus Exclusions**.<br/><br/>7. Specify the files and folders, extensions, and processes to exclude from Microsoft Defender Antivirus scans. For reference, see [Microsoft Defender Antivirus exclusions](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions).  |
 |[Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/mem/configmgr/) |1. Using the [Configuration Manager console](https://docs.microsoft.com/mem/configmgr/core/servers/manage/admin-console), go to **Assets and Compliance** > **Endpoint Protection** > **Antimalware Policies**, and then select the policy that you want to modify. <br/><br/>2. Specify exclusion settings for files and folders, extensions, and processes to exclude from Microsoft Defender Antivirus scans. |
 |[Group Policy Object](https://docs.microsoft.com/previous-versions/windows/desktop/Policy/group-policy-objects) | 1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.<br/><br/>2. In the **Group Policy Management Editor**, go to **Computer configuration** and click **Administrative templates**.<br/><br/>3. Expand the tree to **Windows components > Microsoft Defender Antivirus > Exclusions**.<br/><br/>4. Double-click the **Path Exclusions** setting and add the exclusions.<br/>- Set the option to **Enabled**.<br/>- Under the **Options** section, click **Show...**.<br/>- Specify each folder on its own line under the **Value name** column.<br/>- If you specify a file, make sure to enter a fully qualified path to the file, including the drive letter, folder path, filename, and extension. Enter **0** in the **Value** column.<br/><br/>5. Click **OK**.<br/><br/>6. Double-click the **Extension Exclusions** setting and add the exclusions.<br/>- Set the option to **Enabled**.<br/>- Under the **Options** section, click **Show...**.<br/>- Enter each file extension on its own line under the **Value name** column.  Enter **0** in the **Value** column.<br/><br/>7. Click **OK**. |
 |Local group policy object |1. On the endpoint or device, open the Local Group Policy Editor. <br/><br/>2. Go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **Exclusions**. <br/><br/>3. Specify your path and process exclusions. |

From 51912a66b4e65ed02916a1b22e98e6d10e9ba106 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 29 Jun 2020 12:32:43 -0700
Subject: [PATCH 283/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index d58c04c9bf..d11d827c7b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -122,7 +122,7 @@ You can choose from several methods to add your exclusions to Microsoft Defender
 
 |Method | What to do|
 |--|--|
-|[Intune](https://docs.microsoft.com/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager) <br/><br/>**NOTE**: Intune is now Microsoft Endpoint Manager. ||1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and sign in.<br/><br/>2. Select **Devices** > **Configuration profiles**, and then select the profile type you want to configure.<br/><br/>3. Go to **Device Configuration** > **Profiles**, and then select your profile for AV. If you need to create a profile, see [Create the profile](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-configure#create-the-profile).<br/><br/>4. Go to **Properties**, and then edit your **Configuration settings**. <br/><br/>5. Expand **Microsoft Defender Antivirus**, and then expand **Microsoft Defender Antivirus Exclusions**.<br/><br/>6. **Settings** > **Microsoft Defender Antivirus** > **Microsoft Defender Antivirus Exclusions**.<br/><br/>7. Specify the files and folders, extensions, and processes to exclude from Microsoft Defender Antivirus scans. For reference, see [Microsoft Defender Antivirus exclusions](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions).  |
+|[Intune](https://docs.microsoft.com/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager) <br/><br/>**NOTE**: Intune is now Microsoft Endpoint Manager. ||1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and sign in.<br/><br/>2. Select **Devices** > **Configuration profiles**, and then select the profile that you want to configure.<br/><br/>3. Under **Manage**, select **Properties**. <br/><br/>4. Select **Configuration settings: Edit**.<br/><br/>4. Expand **Microsoft Defender Antivirus**. <br/><br/>5. Expand **Microsoft Defender Antivirus**, and then expand **Microsoft Defender Antivirus Exclusions**.<br/><br/>6. **Settings** > **Microsoft Defender Antivirus** > **Microsoft Defender Antivirus Exclusions**.<br/><br/>7. Specify the files and folders, extensions, and processes to exclude from Microsoft Defender Antivirus scans. For reference, see [Microsoft Defender Antivirus exclusions](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions).  |
 |[Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/mem/configmgr/) |1. Using the [Configuration Manager console](https://docs.microsoft.com/mem/configmgr/core/servers/manage/admin-console), go to **Assets and Compliance** > **Endpoint Protection** > **Antimalware Policies**, and then select the policy that you want to modify. <br/><br/>2. Specify exclusion settings for files and folders, extensions, and processes to exclude from Microsoft Defender Antivirus scans. |
 |[Group Policy Object](https://docs.microsoft.com/previous-versions/windows/desktop/Policy/group-policy-objects) | 1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.<br/><br/>2. In the **Group Policy Management Editor**, go to **Computer configuration** and click **Administrative templates**.<br/><br/>3. Expand the tree to **Windows components > Microsoft Defender Antivirus > Exclusions**.<br/><br/>4. Double-click the **Path Exclusions** setting and add the exclusions.<br/>- Set the option to **Enabled**.<br/>- Under the **Options** section, click **Show...**.<br/>- Specify each folder on its own line under the **Value name** column.<br/>- If you specify a file, make sure to enter a fully qualified path to the file, including the drive letter, folder path, filename, and extension. Enter **0** in the **Value** column.<br/><br/>5. Click **OK**.<br/><br/>6. Double-click the **Extension Exclusions** setting and add the exclusions.<br/>- Set the option to **Enabled**.<br/>- Under the **Options** section, click **Show...**.<br/>- Enter each file extension on its own line under the **Value name** column.  Enter **0** in the **Value** column.<br/><br/>7. Click **OK**. |
 |Local group policy object |1. On the endpoint or device, open the Local Group Policy Editor. <br/><br/>2. Go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **Exclusions**. <br/><br/>3. Specify your path and process exclusions. |

From 6a56279e61e7cd2b647b1b2ab9fb000826832903 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 29 Jun 2020 12:34:17 -0700
Subject: [PATCH 284/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index d11d827c7b..aef52214d0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -122,7 +122,7 @@ You can choose from several methods to add your exclusions to Microsoft Defender
 
 |Method | What to do|
 |--|--|
-|[Intune](https://docs.microsoft.com/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager) <br/><br/>**NOTE**: Intune is now Microsoft Endpoint Manager. ||1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and sign in.<br/><br/>2. Select **Devices** > **Configuration profiles**, and then select the profile that you want to configure.<br/><br/>3. Under **Manage**, select **Properties**. <br/><br/>4. Select **Configuration settings: Edit**.<br/><br/>4. Expand **Microsoft Defender Antivirus**. <br/><br/>5. Expand **Microsoft Defender Antivirus**, and then expand **Microsoft Defender Antivirus Exclusions**.<br/><br/>6. **Settings** > **Microsoft Defender Antivirus** > **Microsoft Defender Antivirus Exclusions**.<br/><br/>7. Specify the files and folders, extensions, and processes to exclude from Microsoft Defender Antivirus scans. For reference, see [Microsoft Defender Antivirus exclusions](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions).  |
+|[Intune](https://docs.microsoft.com/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager) <br/><br/>**NOTE**: Intune is now Microsoft Endpoint Manager. ||1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and sign in.<br/><br/>2. Select **Devices** > **Configuration profiles**, and then select the profile that you want to configure.<br/><br/>3. Under **Manage**, select **Properties**. <br/><br/>4. Select **Configuration settings: Edit**.<br/><br/>4. Expand **Microsoft Defender Antivirus**. <br/><br/>5. Expand **Microsoft Defender Antivirus**, and then expand **Microsoft Defender Antivirus Exclusions**.<br/><br/>6. **Settings** > **Microsoft Defender Antivirus** > **Microsoft Defender Antivirus Exclusions**.<br/><br/>7. Specify the files and folders, extensions, and processes to exclude from Microsoft Defender Antivirus scans. For reference, see [Microsoft Defender Antivirus exclusions](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions).<br/><br/>8. Choose **Review + save**, and then choose **Save**.  |
 |[Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/mem/configmgr/) |1. Using the [Configuration Manager console](https://docs.microsoft.com/mem/configmgr/core/servers/manage/admin-console), go to **Assets and Compliance** > **Endpoint Protection** > **Antimalware Policies**, and then select the policy that you want to modify. <br/><br/>2. Specify exclusion settings for files and folders, extensions, and processes to exclude from Microsoft Defender Antivirus scans. |
 |[Group Policy Object](https://docs.microsoft.com/previous-versions/windows/desktop/Policy/group-policy-objects) | 1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.<br/><br/>2. In the **Group Policy Management Editor**, go to **Computer configuration** and click **Administrative templates**.<br/><br/>3. Expand the tree to **Windows components > Microsoft Defender Antivirus > Exclusions**.<br/><br/>4. Double-click the **Path Exclusions** setting and add the exclusions.<br/>- Set the option to **Enabled**.<br/>- Under the **Options** section, click **Show...**.<br/>- Specify each folder on its own line under the **Value name** column.<br/>- If you specify a file, make sure to enter a fully qualified path to the file, including the drive letter, folder path, filename, and extension. Enter **0** in the **Value** column.<br/><br/>5. Click **OK**.<br/><br/>6. Double-click the **Extension Exclusions** setting and add the exclusions.<br/>- Set the option to **Enabled**.<br/>- Under the **Options** section, click **Show...**.<br/>- Enter each file extension on its own line under the **Value name** column.  Enter **0** in the **Value** column.<br/><br/>7. Click **OK**. |
 |Local group policy object |1. On the endpoint or device, open the Local Group Policy Editor. <br/><br/>2. Go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **Exclusions**. <br/><br/>3. Specify your path and process exclusions. |

From 4dbfe3b340194f9e401e70b95d4d057b51dc0fb8 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 29 Jun 2020 12:51:31 -0700
Subject: [PATCH 285/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md             | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index aef52214d0..fe7079af5b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -122,10 +122,10 @@ You can choose from several methods to add your exclusions to Microsoft Defender
 
 |Method | What to do|
 |--|--|
-|[Intune](https://docs.microsoft.com/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager) <br/><br/>**NOTE**: Intune is now Microsoft Endpoint Manager. ||1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and sign in.<br/><br/>2. Select **Devices** > **Configuration profiles**, and then select the profile that you want to configure.<br/><br/>3. Under **Manage**, select **Properties**. <br/><br/>4. Select **Configuration settings: Edit**.<br/><br/>4. Expand **Microsoft Defender Antivirus**. <br/><br/>5. Expand **Microsoft Defender Antivirus**, and then expand **Microsoft Defender Antivirus Exclusions**.<br/><br/>6. **Settings** > **Microsoft Defender Antivirus** > **Microsoft Defender Antivirus Exclusions**.<br/><br/>7. Specify the files and folders, extensions, and processes to exclude from Microsoft Defender Antivirus scans. For reference, see [Microsoft Defender Antivirus exclusions](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions).<br/><br/>8. Choose **Review + save**, and then choose **Save**.  |
+|[Intune](https://docs.microsoft.com/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager) <br/><br/>**NOTE**: Intune is now Microsoft Endpoint Manager. |1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and sign in.<br/><br/>2. Select **Devices** > **Configuration profiles**, and then select the profile that you want to configure.<br/><br/>3. Under **Manage**, select **Properties**. <br/><br/>4. Select **Configuration settings: Edit**.<br/><br/>4. Expand **Microsoft Defender Antivirus**. <br/><br/>5. Expand **Microsoft Defender Antivirus**, and then expand **Microsoft Defender Antivirus Exclusions**.<br/><br/>6. **Settings** > **Microsoft Defender Antivirus** > **Microsoft Defender Antivirus Exclusions**.<br/><br/>7. Specify the files and folders, extensions, and processes to exclude from Microsoft Defender Antivirus scans. For reference, see [Microsoft Defender Antivirus exclusions](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions).<br/><br/>8. Choose **Review + save**, and then choose **Save**.  |
 |[Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/mem/configmgr/) |1. Using the [Configuration Manager console](https://docs.microsoft.com/mem/configmgr/core/servers/manage/admin-console), go to **Assets and Compliance** > **Endpoint Protection** > **Antimalware Policies**, and then select the policy that you want to modify. <br/><br/>2. Specify exclusion settings for files and folders, extensions, and processes to exclude from Microsoft Defender Antivirus scans. |
-|[Group Policy Object](https://docs.microsoft.com/previous-versions/windows/desktop/Policy/group-policy-objects) | 1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.<br/><br/>2. In the **Group Policy Management Editor**, go to **Computer configuration** and click **Administrative templates**.<br/><br/>3. Expand the tree to **Windows components > Microsoft Defender Antivirus > Exclusions**.<br/><br/>4. Double-click the **Path Exclusions** setting and add the exclusions.<br/>- Set the option to **Enabled**.<br/>- Under the **Options** section, click **Show...**.<br/>- Specify each folder on its own line under the **Value name** column.<br/>- If you specify a file, make sure to enter a fully qualified path to the file, including the drive letter, folder path, filename, and extension. Enter **0** in the **Value** column.<br/><br/>5. Click **OK**.<br/><br/>6. Double-click the **Extension Exclusions** setting and add the exclusions.<br/>- Set the option to **Enabled**.<br/>- Under the **Options** section, click **Show...**.<br/>- Enter each file extension on its own line under the **Value name** column.  Enter **0** in the **Value** column.<br/><br/>7. Click **OK**. |
-|Local group policy object |1. On the endpoint or device, open the Local Group Policy Editor. <br/><br/>2. Go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **Exclusions**. <br/><br/>3. Specify your path and process exclusions. |
+|[Group Policy Object](https://docs.microsoft.com/previous-versions/windows/desktop/Policy/group-policy-objects) | 1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.<br/><br/>2. In the **Group Policy Management Editor**, go to **Computer configuration** and click **Administrative templates**.<br/><br/>3. Expand the tree to **Windows components > Microsoft Defender Antivirus > Exclusions**.<br/>**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.<br/><br/>4. Double-click the **Path Exclusions** setting and add the exclusions.<br/>- Set the option to **Enabled**.<br/>- Under the **Options** section, click **Show...**.<br/>- Specify each folder on its own line under the **Value name** column.<br/>- If you specify a file, make sure to enter a fully qualified path to the file, including the drive letter, folder path, filename, and extension. Enter **0** in the **Value** column.<br/><br/>5. Click **OK**.<br/><br/>6. Double-click the **Extension Exclusions** setting and add the exclusions.<br/>- Set the option to **Enabled**.<br/>- Under the **Options** section, click **Show...**.<br/>- Enter each file extension on its own line under the **Value name** column.  Enter **0** in the **Value** column.<br/><br/>7. Click **OK**. |
+|Local group policy object |1. On the endpoint or device, open the Local Group Policy Editor. <br/><br/>2. Go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **Exclusions**. <br/>**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.<br/><br/>3. Specify your path and process exclusions. |
 |Registry key |1. Export the following registry key: `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\exclusions`.<br/><br/>2. Import the registry key. Here are two examples:<br/>- Local path: `regedit.exe /s c:\temp\ MDAV_Exclusion.reg` <br/>- Network share: `regedit.exe /s \\FileServer\ShareName\MDAV_Exclusion.reg` |
 
 ## Add Symantec to the exclusion list for Microsoft Defender ATP

From 63b1b8b27c37b2bee054d61d6d506fdc0844122e Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 29 Jun 2020 12:53:57 -0700
Subject: [PATCH 286/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md                | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index fe7079af5b..979f76c0a4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -99,6 +99,9 @@ Microsoft Defender Antivirus can run alongside Symantec if you set Microsoft Def
 |Command Prompt     |1. On a Windows device, open Command Prompt as an administrator. <br/><br/>2. Type `sc query windefend`, and then press Enter.<br/><br/>3. Review the results to confirm that Microsoft Defender Antivirus is running in passive mode.         |
 |PowerShell     |1. On a Windows device, open Windows PowerShell as an administrator.<br/><br/>2. Run the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/Get-MpComputerStatus?view=win10-ps) cmdlet. <br/><br/>3. In the list of results, look for **AntivirusEnabled: True**.          |
 
+> [!NOTE]
+> You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.
+
 ## Add Microsoft Defender ATP to the exclusion list for Symantec
 
 This step of the setup process involves adding Microsoft Defender ATP to the exclusion list for Symantec and any other security products your organization is using. The specific exclusions to configure depend on which version of Windows your endpoints or devices are running, and are listed in the following table:

From 09721d8fcc0a7f885c89ad38e59f4d2891fbaa9e Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 29 Jun 2020 12:59:03 -0700
Subject: [PATCH 287/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 41deadab21..40e120cd03 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -43,7 +43,7 @@ Deployment methods vary, depending on which operating system is selected. Refer
 
 |Operating system  |Method  |
 |---------|---------|
-|Windows 10     |- [Group Policy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp)<br/>- [Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm)<br/>- [Mobile Device Management (Intune)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm)<br/>- [Local script](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script)         |
+|Windows 10     |- [Group Policy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp)<br/>- [Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm)<br/>- [Mobile Device Management (Intune)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm)<br/>- [Local script](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script) <br/><br/>**NOTE**: A local script is suitable for a proof of concept but should not be used for production deployment. For a production deployment, we recommend using Group Policy, Microsoft Endpoint Configuration Manager, or Intune.         |
 |Windows 8.1 Enterprise <br/>Windows 8.1 Pro <br/>Windows 7 SP1 Enterprise <br/>Windows 7 SP1 Pro     | [Microsoft Monitoring Agent](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#install-and-configure-microsoft-monitoring-agent-mma-to-report-sensor-data-to-microsoft-defender-atp)        |
 |Windows Server 2019 and later <br/>Windows Server 2019 core edition <br/>Windows Server version 1803 and later |- [Local script](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script) <br/>- [Group Policy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp) <br/>- [Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm) <br/>- [System Center Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm#onboard-windows-10-machines-using-earlier-versions-of-system-center-configuration-manager) <br/>- [VDI onboarding scripts for non-persistent machines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi)   |
 |Windows Server 2016 <br/>Windows Server 2012 R2 <br/>Windows Server 2008 R2 SP1  |- [Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints#option-1-onboard-servers-through-microsoft-defender-security-center)<br/>- [Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-wdatp) |

From 99e1aa394774d4829c471a2638bfcfab02c289d7 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 29 Jun 2020 13:07:12 -0700
Subject: [PATCH 288/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 40e120cd03..650bbf5900 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -56,7 +56,7 @@ To verify that your onboarded devices are properly connected to Microsoft Defend
 
 |Operating system  |Guidance  |
 |---------|---------|
-|Windows 10 <br/>Windows Server 2019 <br/>Windows Server, version 1803 <br/>Windows Server 2016 <br/>Windows Server 2012 R2     |[Run a detection test](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/run-detection-test)         |
+|Windows 10 <br/>Windows Server 2019 <br/>Windows Server, version 1803 <br/>Windows Server 2016 <br/>Windows Server 2012 R2     |See [Run a detection test](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/run-detection-test). <br/><br/>Visit the Microsoft Defender ATP demo scenarios site ([https://demo.wd.microsoft.com](https://demo.wd.microsoft.com)) and try one or more of the scenarios. For example, try the **Cloud-delivered protection** demo scenario.         |
 |macOS<br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave)<br/>- 10.13 (High Sierra)     |Using Terminal, run the following command: <br/>`$ mdatp --connectivity-test` <br/><br/>For more information, see [Microsoft Defender Advanced Threat Protection for Mac](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac)        |
 |Linux |1. Run the following command, and look for a result of **1**: <br/>`mdatp health --field real_time_protection_enabled` <br/><br/>2. Open a Terminal window, and run the following command: <br/>`curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt` <br/><br/>3. Run the following command to list any detected threats: <br/>`mdatp threat list` <br/><br/>For more information, see [Microsoft Defender ATP for Linux](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux). |
 

From 8aca0f9c873c771c666dd3272c0024b54ebba630 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 29 Jun 2020 13:13:25 -0700
Subject: [PATCH 289/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 650bbf5900..6f01558138 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -45,7 +45,7 @@ Deployment methods vary, depending on which operating system is selected. Refer
 |---------|---------|
 |Windows 10     |- [Group Policy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp)<br/>- [Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm)<br/>- [Mobile Device Management (Intune)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm)<br/>- [Local script](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script) <br/><br/>**NOTE**: A local script is suitable for a proof of concept but should not be used for production deployment. For a production deployment, we recommend using Group Policy, Microsoft Endpoint Configuration Manager, or Intune.         |
 |Windows 8.1 Enterprise <br/>Windows 8.1 Pro <br/>Windows 7 SP1 Enterprise <br/>Windows 7 SP1 Pro     | [Microsoft Monitoring Agent](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#install-and-configure-microsoft-monitoring-agent-mma-to-report-sensor-data-to-microsoft-defender-atp)        |
-|Windows Server 2019 and later <br/>Windows Server 2019 core edition <br/>Windows Server version 1803 and later |- [Local script](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script) <br/>- [Group Policy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp) <br/>- [Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm) <br/>- [System Center Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm#onboard-windows-10-machines-using-earlier-versions-of-system-center-configuration-manager) <br/>- [VDI onboarding scripts for non-persistent machines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi)   |
+|Windows Server 2019 and later <br/>Windows Server 2019 core edition <br/>Windows Server version 1803 and later |- [Local script](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script) <br/>- [Group Policy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp) <br/>- [Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm) <br/>- [System Center Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm#onboard-windows-10-machines-using-earlier-versions-of-system-center-configuration-manager) <br/>- [VDI onboarding scripts for non-persistent machines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi) <br/><br/>**NOTE**: A local script is suitable for a proof of concept but should not be used for production deployment. For a production deployment, we recommend using Group Policy, Microsoft Endpoint Configuration Manager, or Intune.    |
 |Windows Server 2016 <br/>Windows Server 2012 R2 <br/>Windows Server 2008 R2 SP1  |- [Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints#option-1-onboard-servers-through-microsoft-defender-security-center)<br/>- [Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-wdatp) |
 |macOS<br/>iOS<br/>Linux |[Onboard non-Windows machines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows)  |
 

From 85390356fb39a12726a3616531a824e0253dc91c Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 29 Jun 2020 13:28:25 -0700
Subject: [PATCH 290/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md             | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 6f01558138..737b081b10 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -57,8 +57,8 @@ To verify that your onboarded devices are properly connected to Microsoft Defend
 |Operating system  |Guidance  |
 |---------|---------|
 |Windows 10 <br/>Windows Server 2019 <br/>Windows Server, version 1803 <br/>Windows Server 2016 <br/>Windows Server 2012 R2     |See [Run a detection test](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/run-detection-test). <br/><br/>Visit the Microsoft Defender ATP demo scenarios site ([https://demo.wd.microsoft.com](https://demo.wd.microsoft.com)) and try one or more of the scenarios. For example, try the **Cloud-delivered protection** demo scenario.         |
-|macOS<br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave)<br/>- 10.13 (High Sierra)     |Using Terminal, run the following command: <br/>`$ mdatp --connectivity-test` <br/><br/>For more information, see [Microsoft Defender Advanced Threat Protection for Mac](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac)        |
-|Linux |1. Run the following command, and look for a result of **1**: <br/>`mdatp health --field real_time_protection_enabled` <br/><br/>2. Open a Terminal window, and run the following command: <br/>`curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt` <br/><br/>3. Run the following command to list any detected threats: <br/>`mdatp threat list` <br/><br/>For more information, see [Microsoft Defender ATP for Linux](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux). |
+|macOS<br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave)<br/>- 10.13 (High Sierra)     |Using Terminal, run the following command: <br/>`$ mdatp --connectivity-test` <br/><br/>For more information, see [Microsoft Defender Advanced Threat Protection for Mac](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac).        |
+|Linux |1. Run the following command, and look for a result of **1**: <br/>`mdatp health --field real_time_protection_enabled`. <br/><br/>2. Open a Terminal window, and run the following command: <br/>`curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt`. <br/><br/>3. Run the following command to list any detected threats: <br/>`mdatp threat list`. <br/><br/>For more information, see [Microsoft Defender ATP for Linux](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux). |
 
 ## Uninstall Symantec
 

From 5bcde4c5c3991189307d50ac088f3048446c2a0e Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 29 Jun 2020 13:30:37 -0700
Subject: [PATCH 291/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md             | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 737b081b10..71a9f5259e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -56,9 +56,9 @@ To verify that your onboarded devices are properly connected to Microsoft Defend
 
 |Operating system  |Guidance  |
 |---------|---------|
-|Windows 10 <br/>Windows Server 2019 <br/>Windows Server, version 1803 <br/>Windows Server 2016 <br/>Windows Server 2012 R2     |See [Run a detection test](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/run-detection-test). <br/><br/>Visit the Microsoft Defender ATP demo scenarios site ([https://demo.wd.microsoft.com](https://demo.wd.microsoft.com)) and try one or more of the scenarios. For example, try the **Cloud-delivered protection** demo scenario.         |
+|- Windows 10 <br/>- Windows Server 2019 <br/>- Windows Server, version 1803 <br/>- Windows Server 2016 <br/>- Windows Server 2012 R2     |See [Run a detection test](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/run-detection-test). <br/><br/>Visit the Microsoft Defender ATP demo scenarios site ([https://demo.wd.microsoft.com](https://demo.wd.microsoft.com)) and try one or more of the scenarios. For example, try the **Cloud-delivered protection** demo scenario.         |
 |macOS<br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave)<br/>- 10.13 (High Sierra)     |Using Terminal, run the following command: <br/>`$ mdatp --connectivity-test` <br/><br/>For more information, see [Microsoft Defender Advanced Threat Protection for Mac](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac).        |
-|Linux |1. Run the following command, and look for a result of **1**: <br/>`mdatp health --field real_time_protection_enabled`. <br/><br/>2. Open a Terminal window, and run the following command: <br/>`curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt`. <br/><br/>3. Run the following command to list any detected threats: <br/>`mdatp threat list`. <br/><br/>For more information, see [Microsoft Defender ATP for Linux](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux). |
+|Linux:<br/>- RHEL 7.2+<br/>- CentOS Linux 7.2+<br/>- Ubuntu 16 LTS, or higher LTS<br/>- SLES 12+<br/>- Debian 9+<br/>- Oracle Linux 7.2 |1. Run the following command, and look for a result of **1**: <br/>`mdatp health --field real_time_protection_enabled`. <br/><br/>2. Open a Terminal window, and run the following command: <br/>`curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt`. <br/><br/>3. Run the following command to list any detected threats: <br/>`mdatp threat list`. <br/><br/>For more information, see [Microsoft Defender ATP for Linux](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux). |
 
 ## Uninstall Symantec
 

From 09d0b84c5e9d457e63b77d12148130de86a79165 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 29 Jun 2020 13:31:58 -0700
Subject: [PATCH 292/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 979f76c0a4..ee37fdd164 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -125,7 +125,7 @@ You can choose from several methods to add your exclusions to Microsoft Defender
 
 |Method | What to do|
 |--|--|
-|[Intune](https://docs.microsoft.com/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager) <br/><br/>**NOTE**: Intune is now Microsoft Endpoint Manager. |1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and sign in.<br/><br/>2. Select **Devices** > **Configuration profiles**, and then select the profile that you want to configure.<br/><br/>3. Under **Manage**, select **Properties**. <br/><br/>4. Select **Configuration settings: Edit**.<br/><br/>4. Expand **Microsoft Defender Antivirus**. <br/><br/>5. Expand **Microsoft Defender Antivirus**, and then expand **Microsoft Defender Antivirus Exclusions**.<br/><br/>6. **Settings** > **Microsoft Defender Antivirus** > **Microsoft Defender Antivirus Exclusions**.<br/><br/>7. Specify the files and folders, extensions, and processes to exclude from Microsoft Defender Antivirus scans. For reference, see [Microsoft Defender Antivirus exclusions](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions).<br/><br/>8. Choose **Review + save**, and then choose **Save**.  |
+|[Intune](https://docs.microsoft.com/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager) <br/><br/>**NOTE**: Intune is now Microsoft Endpoint Manager. |1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and sign in.<br/><br/>2. Select **Devices** > **Configuration profiles**, and then select the profile that you want to configure.<br/><br/>3. Under **Manage**, select **Properties**. <br/><br/>4. Select **Configuration settings: Edit**.<br/><br/>5. Expand **Microsoft Defender Antivirus**. <br/><br/>6. Expand **Microsoft Defender Antivirus**, and then expand **Microsoft Defender Antivirus Exclusions**.<br/><br/>7. **Settings** > **Microsoft Defender Antivirus** > **Microsoft Defender Antivirus Exclusions**.<br/><br/>8. Specify the files and folders, extensions, and processes to exclude from Microsoft Defender Antivirus scans. For reference, see [Microsoft Defender Antivirus exclusions](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions).<br/><br/>9. Choose **Review + save**, and then choose **Save**.  |
 |[Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/mem/configmgr/) |1. Using the [Configuration Manager console](https://docs.microsoft.com/mem/configmgr/core/servers/manage/admin-console), go to **Assets and Compliance** > **Endpoint Protection** > **Antimalware Policies**, and then select the policy that you want to modify. <br/><br/>2. Specify exclusion settings for files and folders, extensions, and processes to exclude from Microsoft Defender Antivirus scans. |
 |[Group Policy Object](https://docs.microsoft.com/previous-versions/windows/desktop/Policy/group-policy-objects) | 1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.<br/><br/>2. In the **Group Policy Management Editor**, go to **Computer configuration** and click **Administrative templates**.<br/><br/>3. Expand the tree to **Windows components > Microsoft Defender Antivirus > Exclusions**.<br/>**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.<br/><br/>4. Double-click the **Path Exclusions** setting and add the exclusions.<br/>- Set the option to **Enabled**.<br/>- Under the **Options** section, click **Show...**.<br/>- Specify each folder on its own line under the **Value name** column.<br/>- If you specify a file, make sure to enter a fully qualified path to the file, including the drive letter, folder path, filename, and extension. Enter **0** in the **Value** column.<br/><br/>5. Click **OK**.<br/><br/>6. Double-click the **Extension Exclusions** setting and add the exclusions.<br/>- Set the option to **Enabled**.<br/>- Under the **Options** section, click **Show...**.<br/>- Enter each file extension on its own line under the **Value name** column.  Enter **0** in the **Value** column.<br/><br/>7. Click **OK**. |
 |Local group policy object |1. On the endpoint or device, open the Local Group Policy Editor. <br/><br/>2. Go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **Exclusions**. <br/>**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.<br/><br/>3. Specify your path and process exclusions. |

From 10a36cc404c895c4762ef11e42f1efe8bab1ac85 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 29 Jun 2020 13:32:47 -0700
Subject: [PATCH 293/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index ee37fdd164..96e87c231c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -125,7 +125,7 @@ You can choose from several methods to add your exclusions to Microsoft Defender
 
 |Method | What to do|
 |--|--|
-|[Intune](https://docs.microsoft.com/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager) <br/><br/>**NOTE**: Intune is now Microsoft Endpoint Manager. |1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and sign in.<br/><br/>2. Select **Devices** > **Configuration profiles**, and then select the profile that you want to configure.<br/><br/>3. Under **Manage**, select **Properties**. <br/><br/>4. Select **Configuration settings: Edit**.<br/><br/>5. Expand **Microsoft Defender Antivirus**. <br/><br/>6. Expand **Microsoft Defender Antivirus**, and then expand **Microsoft Defender Antivirus Exclusions**.<br/><br/>7. **Settings** > **Microsoft Defender Antivirus** > **Microsoft Defender Antivirus Exclusions**.<br/><br/>8. Specify the files and folders, extensions, and processes to exclude from Microsoft Defender Antivirus scans. For reference, see [Microsoft Defender Antivirus exclusions](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions).<br/><br/>9. Choose **Review + save**, and then choose **Save**.  |
+|[Intune](https://docs.microsoft.com/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager) <br/><br/>**NOTE**: Intune is now Microsoft Endpoint Manager. |1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and sign in.<br/><br/>2. Select **Devices** > **Configuration profiles**, and then select the profile that you want to configure.<br/><br/>3. Under **Manage**, select **Properties**. <br/><br/>4. Select **Configuration settings: Edit**.<br/><br/>5. Expand **Microsoft Defender Antivirus**, and then expand **Microsoft Defender Antivirus Exclusions**.<br/><br/>6. **Settings** > **Microsoft Defender Antivirus** > **Microsoft Defender Antivirus Exclusions**.<br/><br/>7. Specify the files and folders, extensions, and processes to exclude from Microsoft Defender Antivirus scans. For reference, see [Microsoft Defender Antivirus exclusions](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions).<br/><br/>8. Choose **Review + save**, and then choose **Save**.  |
 |[Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/mem/configmgr/) |1. Using the [Configuration Manager console](https://docs.microsoft.com/mem/configmgr/core/servers/manage/admin-console), go to **Assets and Compliance** > **Endpoint Protection** > **Antimalware Policies**, and then select the policy that you want to modify. <br/><br/>2. Specify exclusion settings for files and folders, extensions, and processes to exclude from Microsoft Defender Antivirus scans. |
 |[Group Policy Object](https://docs.microsoft.com/previous-versions/windows/desktop/Policy/group-policy-objects) | 1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.<br/><br/>2. In the **Group Policy Management Editor**, go to **Computer configuration** and click **Administrative templates**.<br/><br/>3. Expand the tree to **Windows components > Microsoft Defender Antivirus > Exclusions**.<br/>**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.<br/><br/>4. Double-click the **Path Exclusions** setting and add the exclusions.<br/>- Set the option to **Enabled**.<br/>- Under the **Options** section, click **Show...**.<br/>- Specify each folder on its own line under the **Value name** column.<br/>- If you specify a file, make sure to enter a fully qualified path to the file, including the drive letter, folder path, filename, and extension. Enter **0** in the **Value** column.<br/><br/>5. Click **OK**.<br/><br/>6. Double-click the **Extension Exclusions** setting and add the exclusions.<br/>- Set the option to **Enabled**.<br/>- Under the **Options** section, click **Show...**.<br/>- Enter each file extension on its own line under the **Value name** column.  Enter **0** in the **Value** column.<br/><br/>7. Click **OK**. |
 |Local group policy object |1. On the endpoint or device, open the Local Group Policy Editor. <br/><br/>2. Go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **Exclusions**. <br/>**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.<br/><br/>3. Specify your path and process exclusions. |

From 9d5cc8daf887e588f4cb6b05fef4794e5707927e Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 29 Jun 2020 13:35:32 -0700
Subject: [PATCH 294/331] Update symantec-to-microsoft-defender-atp-setup.md

---
 .../symantec-to-microsoft-defender-atp-setup.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index 96e87c231c..9de272158f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -125,7 +125,7 @@ You can choose from several methods to add your exclusions to Microsoft Defender
 
 |Method | What to do|
 |--|--|
-|[Intune](https://docs.microsoft.com/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager) <br/><br/>**NOTE**: Intune is now Microsoft Endpoint Manager. |1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and sign in.<br/><br/>2. Select **Devices** > **Configuration profiles**, and then select the profile that you want to configure.<br/><br/>3. Under **Manage**, select **Properties**. <br/><br/>4. Select **Configuration settings: Edit**.<br/><br/>5. Expand **Microsoft Defender Antivirus**, and then expand **Microsoft Defender Antivirus Exclusions**.<br/><br/>6. **Settings** > **Microsoft Defender Antivirus** > **Microsoft Defender Antivirus Exclusions**.<br/><br/>7. Specify the files and folders, extensions, and processes to exclude from Microsoft Defender Antivirus scans. For reference, see [Microsoft Defender Antivirus exclusions](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions).<br/><br/>8. Choose **Review + save**, and then choose **Save**.  |
+|[Intune](https://docs.microsoft.com/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager) <br/><br/>**NOTE**: Intune is now Microsoft Endpoint Manager. |1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and sign in.<br/><br/>2. Select **Devices** > **Configuration profiles**, and then select the profile that you want to configure.<br/><br/>3. Under **Manage**, select **Properties**. <br/><br/>4. Select **Configuration settings: Edit**.<br/><br/>5. Expand **Microsoft Defender Antivirus**, and then expand **Microsoft Defender Antivirus Exclusions**.<br/><br/>6. Specify the files and folders, extensions, and processes to exclude from Microsoft Defender Antivirus scans. For reference, see [Microsoft Defender Antivirus exclusions](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions).<br/><br/>7. Choose **Review + save**, and then choose **Save**.  |
 |[Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/mem/configmgr/) |1. Using the [Configuration Manager console](https://docs.microsoft.com/mem/configmgr/core/servers/manage/admin-console), go to **Assets and Compliance** > **Endpoint Protection** > **Antimalware Policies**, and then select the policy that you want to modify. <br/><br/>2. Specify exclusion settings for files and folders, extensions, and processes to exclude from Microsoft Defender Antivirus scans. |
 |[Group Policy Object](https://docs.microsoft.com/previous-versions/windows/desktop/Policy/group-policy-objects) | 1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.<br/><br/>2. In the **Group Policy Management Editor**, go to **Computer configuration** and click **Administrative templates**.<br/><br/>3. Expand the tree to **Windows components > Microsoft Defender Antivirus > Exclusions**.<br/>**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.<br/><br/>4. Double-click the **Path Exclusions** setting and add the exclusions.<br/>- Set the option to **Enabled**.<br/>- Under the **Options** section, click **Show...**.<br/>- Specify each folder on its own line under the **Value name** column.<br/>- If you specify a file, make sure to enter a fully qualified path to the file, including the drive letter, folder path, filename, and extension. Enter **0** in the **Value** column.<br/><br/>5. Click **OK**.<br/><br/>6. Double-click the **Extension Exclusions** setting and add the exclusions.<br/>- Set the option to **Enabled**.<br/>- Under the **Options** section, click **Show...**.<br/>- Enter each file extension on its own line under the **Value name** column.  Enter **0** in the **Value** column.<br/><br/>7. Click **OK**. |
 |Local group policy object |1. On the endpoint or device, open the Local Group Policy Editor. <br/><br/>2. Go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **Exclusions**. <br/>**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.<br/><br/>3. Specify your path and process exclusions. |

From 2daab0f8c8c6156af00c866b2a585612b7400b09 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 29 Jun 2020 13:42:02 -0700
Subject: [PATCH 295/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md      | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 71a9f5259e..58d37c6a9e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -26,6 +26,7 @@ ms.topic: article
 1. [Onboard devices to Microsoft Defender ATP](#onboard-devices-to-microsoft-defender-atp).
 2. [Run a detection test](#run-a-detection-test).
 3. [Uninstall Symantec](#uninstall-symantec).
+4. [Make sure Microsoft Defender ATP is in active mode](#make-sure-microsoft-defender-atp-is-in-active-mode).
 
 ## Onboard devices to Microsoft Defender ATP
 
@@ -81,6 +82,15 @@ Now that you have onboarded your organization's devices to Microsoft Defender AT
 > - macOS computers: [Remove Symantec software for Mac using RemoveSymantecMacFiles](https://knowledge.broadcom.com/external/article?articleId=151387).
 > - Linux devices: [Frequently Asked Questions for Endpoint Protection for Linux](https://knowledge.broadcom.com/external/article?articleId=162054). 
 
+## Make sure Microsoft Defender ATP is in active mode
+
+Now that you have uninstalled Symantec, your next step is to make sure that Microsoft Defender Antivirus and endpoint detection and response are enabled and in active mode.
+
+To do this, visit the Microsoft Defender ATP demo scenarios site ([https://demo.wd.microsoft.com](https://demo.wd.microsoft.com)). Try one or more of the demo scenarios on that page, including at least the following:
+- Cloud-delivered protection
+- Potentially Unwanted Applications (PUA)
+- Network Protection (NP)
+
 ## Next steps
 
 **Congratulations**! You have completed your [migration from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)! 

From 5177b6d4669fcff5878a8a6776171bd27dd4affe Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 29 Jun 2020 13:49:22 -0700
Subject: [PATCH 296/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md             | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 58d37c6a9e..4f6bd5eb70 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -95,4 +95,6 @@ To do this, visit the Microsoft Defender ATP demo scenarios site ([https://demo.
 
 **Congratulations**! You have completed your [migration from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)! 
 
-- [Visit your security operations dashboard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard) in the Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)). 
\ No newline at end of file
+- [Visit your security operations dashboard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard) in the Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)). 
+
+- To learn more about Microsoft Defender ATP and how to configure or adjust various features and capabilities, see [Microsoft Defender ATP documentation](https://docs.microsoft.com/windows/security/threat-protection). 
\ No newline at end of file

From eea81685097ac4620e02b33300390ceb5d89f14a Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 29 Jun 2020 14:03:16 -0700
Subject: [PATCH 297/331] Update mdm-enrollment-of-windows-devices.md

---
 .../client-management/mdm/mdm-enrollment-of-windows-devices.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
index bb5e6e271f..8c71b2b60a 100644
--- a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
+++ b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
@@ -17,7 +17,6 @@ ms.date: 11/15/2017
 
 # MDM enrollment of Windows 10-based devices
 
-
 In today’s cloud-first world, enterprise IT departments increasingly want to let employees use their own devices, or even choose and purchase corporate-owned devices. Connecting your devices to work makes it easy for you to access your organization’s resources, such as apps, the corporate network, and email.
 
 > [!NOTE]
@@ -233,7 +232,7 @@ To create a local account and connect the device:
 
    ![access work or school](images/unifiedenrollment-rs1-30.png)
 
-4. Select the **Enroll only in device management** link (available in servicing build 14393.82, KB3176934). For older builds, use [Connecting your Windows 10-based device to work using a deep link](#connecting-your-windows-10-based-device-to-work-using-a-deep-link).
+4. Select the **Enroll only in device management** link (available in servicing build 14393.82, KB3176934). For older builds, see [Connect your Windows 10-based device to work using a deep link](mdm-enrollment-of-windows-devices.md#connect-your-windows-10-based-device-to-work-using-a-deep-link).
 
    ![connect to work or school](images/unifiedenrollment-rs1-31.png)
 

From 256ae867cd53a191dc25fd67c9c434227700c8ee Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 29 Jun 2020 14:03:51 -0700
Subject: [PATCH 298/331] Update mdm-enrollment-of-windows-devices.md

---
 .../client-management/mdm/mdm-enrollment-of-windows-devices.md  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
index 8c71b2b60a..8d199d824e 100644
--- a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
+++ b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
@@ -259,7 +259,7 @@ To create a local account and connect the device:
 
     ![phone settings](images/unifiedenrollment-rs1-39.png)
 
-3.  Select the **Enroll only in device management** link. This is only available in the servicing build 14393.82 (KB3176934). For older builds, use [Connecting your Windows 10-based device to work using a deep link](#connecting-your-windows-10-based-device-to-work-using-a-deep-link).
+3.  Select the **Enroll only in device management** link. This is only available in the servicing build 14393.82 (KB3176934). For older builds, see [Connect your Windows 10-based device to work using a deep link](mdm-enrollment-of-windows-devices.md#connect-your-windows-10-based-device-to-work-using-a-deep-link).
 
     ![access work or school page](images/unifiedenrollment-rs1-40.png)
 

From 70952d6654fbd56f4d47c0a574e2436e6058c3a8 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 29 Jun 2020 14:11:33 -0700
Subject: [PATCH 299/331] Update new-in-windows-mdm-enrollment-management.md

---
 .../mdm/new-in-windows-mdm-enrollment-management.md             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index 2927d154d3..ab527dcd11 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -727,7 +727,7 @@ Policy, Policy/Channels, Policy/Channels/ChannelName, Policy/Channels/ChannelNam
 <li>User knows what policies, profiles, apps MDM has configured</li>
 <li>IT helpdesk can get detailed MDM diagnostic information using client tools</li>
 </ul>
-<p>For details, see <a href="mdm-enrollment-of-windows-devices.md#managing-connections" data-raw-source="[Managing connection](mdm-enrollment-of-windows-devices.md#managing-connections)">Managing connection</a> and <a href="mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs" data-raw-source="[Collecting diagnostic logs](mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs)">Collecting diagnostic logs</a></p>
+<p>For details, see <a href="mdm-enrollment-of-windows-devices.md#managing-connections" data-raw-source="[Managing connection](mdm-enrollment-of-windows-devices.md#manage-connections)">Managing connection</a> and <a href="mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs" data-raw-source="[Collecting diagnostic logs](mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs)">Collecting diagnostic logs</a></p>
 </td></tr>
 <tr class="odd">
 <td style="vertical-align:top"><a href="enroll-a-windows-10-device-automatically-using-group-policy.md" data-raw-source="[Enroll a Windows 10 device automatically using Group Policy](enroll-a-windows-10-device-automatically-using-group-policy.md)">Enroll a Windows 10 device automatically using Group Policy</a></td>

From be55be6c6b90471c09035b70caa92b11fb0f6640 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 29 Jun 2020 14:12:31 -0700
Subject: [PATCH 300/331] Update new-in-windows-mdm-enrollment-management.md

---
 .../mdm/new-in-windows-mdm-enrollment-management.md             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index ab527dcd11..f5a78504b8 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -1226,7 +1226,7 @@ Policy, Policy/Channels, Policy/Channels/ChannelName, Policy/Channels/ChannelNam
 </ul>
 </td></tr>
 <tr class="even">
-<td style="vertical-align:top"><a href="mdm-enrollment-of-windows-devices.md#connecting-your-windows-10-based-device-to-work-using-a-deep-link" data-raw-source="[Connecting your Windows 10-based device to work using a deep link](mdm-enrollment-of-windows-devices.md#connecting-your-windows-10-based-device-to-work-using-a-deep-link)">Connecting your Windows 10-based device to work using a deep link</a></td>
+<td style="vertical-align:top"><a href="mdm-enrollment-of-windows-devices.md#connect-your-windows-10-based-device-to-work-using-a-deep-link" data-raw-source="[Connecting your Windows 10-based device to work using a deep link](mdm-enrollment-of-windows-devices.md#connect-your-windows-10-based-device-to-work-using-a-deep-link)">Connect your Windows 10-based device to work using a deep link</a></td>
 <td style="vertical-align:top"><p>Added following deep link parameters to the table:</p>
 <ul>
 <li>Username</li>

From b04f6f13392629f0b1d39c9ca27f8ebe823cb1ed Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 29 Jun 2020 14:36:17 -0700
Subject: [PATCH 301/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 4f6bd5eb70..ee6e6655bf 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -45,7 +45,7 @@ Deployment methods vary, depending on which operating system is selected. Refer
 |Operating system  |Method  |
 |---------|---------|
 |Windows 10     |- [Group Policy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp)<br/>- [Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm)<br/>- [Mobile Device Management (Intune)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm)<br/>- [Local script](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script) <br/><br/>**NOTE**: A local script is suitable for a proof of concept but should not be used for production deployment. For a production deployment, we recommend using Group Policy, Microsoft Endpoint Configuration Manager, or Intune.         |
-|Windows 8.1 Enterprise <br/>Windows 8.1 Pro <br/>Windows 7 SP1 Enterprise <br/>Windows 7 SP1 Pro     | [Microsoft Monitoring Agent](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#install-and-configure-microsoft-monitoring-agent-mma-to-report-sensor-data-to-microsoft-defender-atp)        |
+|Windows 8.1 Enterprise <br/>Windows 8.1 Pro <br/>Windows 7 SP1 Enterprise <br/>Windows 7 SP1 Pro     | [Microsoft Monitoring Agent](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#install-and-configure-microsoft-monitoring-agent-mma-to-report-sensor-data-to-microsoft-defender-atp)<br/><br/>**NOTE**: Microsoft Monitoring Agent is now Azure Log Analytics agent. To learn more, see [Log Analytics agent overview](https://docs.microsoft.com/azure/azure-monitor/platform/log-analytics-agent).        |
 |Windows Server 2019 and later <br/>Windows Server 2019 core edition <br/>Windows Server version 1803 and later |- [Local script](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script) <br/>- [Group Policy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp) <br/>- [Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm) <br/>- [System Center Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm#onboard-windows-10-machines-using-earlier-versions-of-system-center-configuration-manager) <br/>- [VDI onboarding scripts for non-persistent machines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi) <br/><br/>**NOTE**: A local script is suitable for a proof of concept but should not be used for production deployment. For a production deployment, we recommend using Group Policy, Microsoft Endpoint Configuration Manager, or Intune.    |
 |Windows Server 2016 <br/>Windows Server 2012 R2 <br/>Windows Server 2008 R2 SP1  |- [Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints#option-1-onboard-servers-through-microsoft-defender-security-center)<br/>- [Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-wdatp) |
 |macOS<br/>iOS<br/>Linux |[Onboard non-Windows machines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows)  |

From 74c3c12ef35bef6d9f8c1adc678b752302946ac6 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 29 Jun 2020 14:39:25 -0700
Subject: [PATCH 302/331] Update new-in-windows-mdm-enrollment-management.md

---
 .../mdm/new-in-windows-mdm-enrollment-management.md             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index f5a78504b8..dd10e850e0 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -2899,7 +2899,7 @@ How do I turn if off? | The service can be stopped from the "Services" console o
 <li>User knows what policies, profiles, apps MDM has configured</li>
 <li>IT helpdesk can get detailed MDM diagnostic information using client tools</li>
 </ul>
-<p>For details, see <a href="mdm-enrollment-of-windows-devices.md#managing-connections" data-raw-source="[Managing connections](mdm-enrollment-of-windows-devices.md#managing-connections)">Managing connections</a> and <a href="mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs" data-raw-source="[Collecting diagnostic logs](mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs)">Collecting diagnostic logs</a></p>
+<p>For details, see <a href="mdm-enrollment-of-windows-devices.md#manage-connections" data-raw-source="[Manage connections](mdm-enrollment-of-windows-devices.md#manage-connections)">Managing connections</a> and <a href="mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs" data-raw-source="[Collecting diagnostic logs](mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs)">Collecting diagnostic logs</a></p>
 </td></tr>
 </tbody>
 </table>

From 1fb6baaf543b529fc5d16014ee54d3c54ad259a1 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 29 Jun 2020 14:54:36 -0700
Subject: [PATCH 303/331] Update new-in-windows-mdm-enrollment-management.md

---
 .../mdm/new-in-windows-mdm-enrollment-management.md             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index dd10e850e0..eed052ba71 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -727,7 +727,7 @@ Policy, Policy/Channels, Policy/Channels/ChannelName, Policy/Channels/ChannelNam
 <li>User knows what policies, profiles, apps MDM has configured</li>
 <li>IT helpdesk can get detailed MDM diagnostic information using client tools</li>
 </ul>
-<p>For details, see <a href="mdm-enrollment-of-windows-devices.md#managing-connections" data-raw-source="[Managing connection](mdm-enrollment-of-windows-devices.md#manage-connections)">Managing connection</a> and <a href="mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs" data-raw-source="[Collecting diagnostic logs](mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs)">Collecting diagnostic logs</a></p>
+<p>For details, see <a href="mdm-enrollment-of-windows-devices.md#manage-connections" data-raw-source="[Manage connection](mdm-enrollment-of-windows-devices.md#manage-connections)">Managing connection</a> and <a href="mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs" data-raw-source="[Collecting diagnostic logs](mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs)">Collecting diagnostic logs</a></p>
 </td></tr>
 <tr class="odd">
 <td style="vertical-align:top"><a href="enroll-a-windows-10-device-automatically-using-group-policy.md" data-raw-source="[Enroll a Windows 10 device automatically using Group Policy](enroll-a-windows-10-device-automatically-using-group-policy.md)">Enroll a Windows 10 device automatically using Group Policy</a></td>

From 09094d14787b03db3cb605454e7b22c0ce541db1 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 29 Jun 2020 15:23:21 -0700
Subject: [PATCH 304/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index ee6e6655bf..13a16840fb 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -58,7 +58,7 @@ To verify that your onboarded devices are properly connected to Microsoft Defend
 |Operating system  |Guidance  |
 |---------|---------|
 |- Windows 10 <br/>- Windows Server 2019 <br/>- Windows Server, version 1803 <br/>- Windows Server 2016 <br/>- Windows Server 2012 R2     |See [Run a detection test](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/run-detection-test). <br/><br/>Visit the Microsoft Defender ATP demo scenarios site ([https://demo.wd.microsoft.com](https://demo.wd.microsoft.com)) and try one or more of the scenarios. For example, try the **Cloud-delivered protection** demo scenario.         |
-|macOS<br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave)<br/>- 10.13 (High Sierra)     |Using Terminal, run the following command: <br/>`$ mdatp --connectivity-test` <br/><br/>For more information, see [Microsoft Defender Advanced Threat Protection for Mac](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac).        |
+|macOS<br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave)<br/>- 10.13 (High Sierra)     |Download and use the DIY app at [https://aka.ms/mdatpmacosdiy](https://aka.ms/mdatpmacosdiy). <br/><br/>For more information, see [Microsoft Defender Advanced Threat Protection for Mac](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac).        |
 |Linux:<br/>- RHEL 7.2+<br/>- CentOS Linux 7.2+<br/>- Ubuntu 16 LTS, or higher LTS<br/>- SLES 12+<br/>- Debian 9+<br/>- Oracle Linux 7.2 |1. Run the following command, and look for a result of **1**: <br/>`mdatp health --field real_time_protection_enabled`. <br/><br/>2. Open a Terminal window, and run the following command: <br/>`curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt`. <br/><br/>3. Run the following command to list any detected threats: <br/>`mdatp threat list`. <br/><br/>For more information, see [Microsoft Defender ATP for Linux](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux). |
 
 ## Uninstall Symantec

From 1d192862386aea932392f418ae3868357d662274 Mon Sep 17 00:00:00 2001
From: Jaime Ondrusek <jaimeo@microsoft.com>
Date: Mon, 29 Jun 2020 15:47:22 -0700
Subject: [PATCH 305/331] Update waas-wu-settings.md

Removed a stray en-us.
---
 windows/deployment/update/waas-wu-settings.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/waas-wu-settings.md b/windows/deployment/update/waas-wu-settings.md
index badac422e6..83cc19c6e9 100644
--- a/windows/deployment/update/waas-wu-settings.md
+++ b/windows/deployment/update/waas-wu-settings.md
@@ -32,7 +32,7 @@ You can use Group Policy settings or mobile device management (MDM) to configure
 | --- | --- | --- |
 | [Specify Intranet Microsoft update service location](#specify-intranet-microsoft-update-service-location) | [UpdateServiceUrl](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-updateserviceurl) and [UpdateServiceUrlAlternate](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-updateserviceurlalternate) | All |
 | [Automatic Updates Detection Frequency](#automatic-updates-detection-frequency) | [DetectionFrequency](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-detectionfrequency) | 1703 |
-| [Remove access to use all Windows Update features](#remove-access-to-use-all-windows-update-features) | [Update/SetDisableUXWUAccess](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-update#update-setdisableuxwuaccess)| All |
+| [Remove access to use all Windows Update features](#remove-access-to-use-all-windows-update-features) | [Update/SetDisableUXWUAccess](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-setdisableuxwuaccess)| All |
 | [Do not connect to any Windows Update Internet locations](#do-not-connect-to-any-windows-update-internet-locations) | | All |
 | [Enable client-side targeting](#enable-client-side-targeting) | | All |
 | [Allow signed updates from an intranet Microsoft update service location](#allow-signed-updates-from-an-intranet-microsoft-update-service-location) | [AllowNonMicrosoftSignedUpdate](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-allownonmicrosoftsignedupdate) | All |

From c2d42eb946d91801242054275fc276d8035f14b8 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 29 Jun 2020 15:49:49 -0700
Subject: [PATCH 306/331] Update collect-diagnostic-data.md

---
 .../microsoft-defender-antivirus/collect-diagnostic-data.md     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data.md b/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data.md
index 990a685d98..840b26d06e 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data.md
@@ -12,7 +12,7 @@ ms.localizationpriority: medium
 author: denisebmsft
 ms.author: deniseb
 ms.custom: nextgen
-ms.date: 06/10/2020
+ms.date: 06/29/2020
 ms.reviewer: 
 manager: dansimp
 ---

From ff6441d6fd2ff969c5cdaed28692a5c8250c12ef Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Mon, 29 Jun 2020 15:51:05 -0700
Subject: [PATCH 307/331] Corrected broken "Warning" note...

and made a couple of other corrections.
---
 .../mdm/mdm-enrollment-of-windows-devices.md               | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
index 8d199d824e..7b8e606d40 100644
--- a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
+++ b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
@@ -324,7 +324,7 @@ To connect your devices to MDM using deep links:
 
 1.  Starting with Windows 10, version 1607, create a link to launch the built-in enrollment app using the URI **ms-device-enrollment:?mode=mdm**, and user-friendly display text, such as **Click here to connect Windows to work**:
 
-    > (Be aware that this will launch the flow equivalent to the Enroll into the device management option in Windows 10, version 1511.)
+    (Be aware that this will launch the flow equivalent to the Enroll into the device management option in Windows 10, version 1511.)
 
     - IT admins can add this link to a welcome email that users can select to enroll into MDM.
 
@@ -340,7 +340,8 @@ To connect your devices to MDM using deep links:
 
 3.  If the device finds an endpoint that only supports on-premises authentication, this page will change and ask you for your password. If the device finds an MDM endpoint that supports federated authentication, you’ll be presented with a new window that will ask you for additional authentication information. Based on IT policy, you may also be prompted to provide a second factor of authentication at this point.
 
-After you complete the flow, your device will be connected to your organization’s MDM.
+    After you complete the flow, your device will be connected to your organization's MDM.
+
     ![corporate sign in](images/deeplinkenrollment4.png)
 
 ## Manage connections
@@ -374,7 +375,7 @@ The **Disconnect** button can be found on all work connections. Generally, selec
 -   Devices that enforce the AllowManualMDMUnenrollment policy will not allow users to remove MDM enrollments. These connections must be removed by a server-initiated unenroll command.
 -   On mobile devices, you cannot disconnect from Azure AD. These connections can only be removed by wiping the device.
 
-> [!WARNING]  
+> [!WARNING]
 > Disconnecting might result in the loss of data on the device.
 
 ## Collecting diagnostic logs

From ba077bafa64a46bfd8d30791ad538ec5134a43ef Mon Sep 17 00:00:00 2001
From: Beth Levin <elizabeth.levin@microsoft.com>
Date: Mon, 29 Jun 2020 17:36:36 -0700
Subject: [PATCH 308/331] move sections around

---
 .../next-gen-threat-and-vuln-mgt.md           | 14 +++++-
 .../threat-and-vuln-mgt-scenarios.md          | 45 -------------------
 .../tvm-security-recommendation.md            | 40 ++++++++++++++++-
 3 files changed, 51 insertions(+), 48 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md b/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md
index b51e526c2d..882bfcb8b0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md
@@ -91,7 +91,19 @@ Ensure that your devices:
 
 - Are onboarded to Microsoft Intune and  Microsoft Endpoint Configuration Manager. If you are using Configuration Manager, update your console to the latest version.
 - Have at least one security recommendation that can be viewed in the device page
-- Are tagged or marked as co-managed
+- Are tagged or marked as co-managed 
+
+## APIs
+
+Run Threat & Vulnerability Management-related API calls such as get your organization's threat exposure score or device secure score, software and device vulnerability inventory, software version distribution, device vulnerability information, security recommendation information. Learn more from this [Microsoft Tech Community blog post](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/threat-amp-vulnerability-management-apis-are-now-generally/ba-p/1304615).
+See the following topics for related APIs:
+
+- [Supported Microsoft Defender ATP APIs](exposed-apis-list.md)
+- [Machine APIs](machine.md)
+- [Recommendation APIs](vulnerability.md)
+- [Score APIs](score.md)
+- [Software APIs](software.md)
+- [Vulnerability APIs](vulnerability.md)
 
 ## Related topics
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
index b099ac0a4c..7580afe46e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
@@ -27,18 +27,6 @@ ms.topic: article
 
 [!include[Prerelease information](../../includes/prerelease.md)]
 
-## APIs
-
-Run Threat & Vulnerability Management-related API calls such as get your organization's threat exposure score or device secure score, software and device vulnerability inventory, software version distribution, device vulnerability information, security recommendation information. Learn more from this [Microsoft Tech Community blog post](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/threat-amp-vulnerability-management-apis-are-now-generally/ba-p/1304615).
-See the following topics for related APIs:
-
-- [Supported Microsoft Defender ATP APIs](exposed-apis-list.md)
-- [Machine APIs](machine.md)
-- [Recommendation APIs](vulnerability.md)
-- [Score APIs](score.md)
-- [Software APIs](software.md)
-- [Vulnerability APIs](vulnerability.md)
-
 ## Use advanced hunting query to search for devices with High active alerts or critical CVE public exploit
 
 1. Go to **Advanced hunting** from the left-hand navigation pane of the Microsoft Defender Security Center.
@@ -62,40 +50,7 @@ DeviceName=any(DeviceName) by DeviceId, AlertId
 
 ```
 
-## Find and remediate software or software versions which have reached end-of-support (EOS)
 
-End-of-support (otherwise known as end-of-life) for software or software versions means that they will no longer be supported or serviced, and will not receive security updates. When you use software or software versions which have reached end-of-support, you're exposing your organization to security vulnerabilities, legal, and financial risks.
-
-It is crucial for Security and IT Administrators to work together and ensure that the organization's software inventory is configured for optimal results, compliance, and a healthy network ecosystem. They should examine the options to remove or replace apps that have reached end of support, and update versions that have reached end of support. It is best to create and implement a plan **before** the end of support dates.
-
-To find software or software versions which have reached end-of-support:
-
-1. From the Threat & Vulnerability Management menu, navigate to **Security recommendations**.
-2. Go to the **Filters** panel and look for the tags section. Select one or more of the EOS tag options. Then **Apply**.
-
-    ![Screenshot tags that say EOS software, EOS versions, and Upcoming EOS versions](images/tvm-eos-tag.png)
-
-3. You will see a list recommendations related to software that is end of support, software versions that are end of support, or upcoming end of support versions. These tags are also visible in the [software inventory](tvm-software-inventory.md) page.
-
-    ![Screenshot tags that say EOS software, EOS versions, and Upcoming EOS versions](images/tvm-eos-tags-column.png)
-
-### List of versions and dates
-
-To view a list of version that have reached end of support, or end or support soon, and those dates, follow the below steps:
-
-1. For software that has versions which have reached end of support, or will reach end of support soon, a message will appear in the flyout once the security recommendation is selected.
-
-    ![Screenshot of version distribution link](images/eos-upcoming-eos.png)
-
-2. Select the **version distribution** link to go to the software drill down page. There, you can see a filtered list of versions with tags identifying them as end of support, or upcoming end of support.
-
-    ![Screenshot of version distribution link](images/software-drilldown-eos.png)
-
-3. Select one of the versions in the table to open. For example, version 10.0.18362.1. A flyout will appear with the end of support date.
-
-    ![Screenshot of version distribution link](images/version-eos-date.png)
-
-After you have identified which software and software versions are vulnerable due to its end-of-support status, remediate them to lower your organizations exposure to vulnerabilities and advanced persistent threats. See [Remediation and exception](tvm-remediation.md) for details.
 
 ## Related topics
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
index f32f8abb06..e940efeeed 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
@@ -90,9 +90,9 @@ From the flyout, you can do any of the following:
 
 - **Open software page** - Open the software page to get more context on the software and how it is distributed. The information can include threat context, associated recommendations, weaknesses discovered, number of exposed devices, discovered vulnerabilities, names and detailed of devices with the software installed, and version distribution.
 
-- **Remediation options** - Submit a remediation request to open a ticket in Microsoft Intune for your IT Administrator to pick up and address.
+- [**Remediation options**](tvm-security-recommendation.md#request-remediation) - Submit a remediation request to open a ticket in Microsoft Intune for your IT Administrator to pick up and address.
 
-- **Exception options** - Submit an exception, provide justification, and set exception duration if you can't remediate the issue just yet.
+- [**Exception options**](tvm-security-recommendation.md#file-for-exception) - Submit an exception, provide justification, and set exception duration if you can't remediate the issue just yet.
 
 >[!NOTE]
 >When a change is made on a device, it may take up to two hours for the data to be reflected in the Microsoft Defender Security Center.
@@ -163,6 +163,42 @@ You can report a false positive when you see any vague, inaccurate, incomplete,
 
 4. Select **Submit**. Your feedback is immediately sent to the Threat & Vulnerability Management experts.
 
+## Find and remediate software or software versions which have reached end-of-support (EOS)
+
+End-of-support (otherwise known as end-of-life) for software or software versions means that they will no longer be supported or serviced, and will not receive security updates. When you use software or software versions which have reached end-of-support, you're exposing your organization to security vulnerabilities, legal, and financial risks.
+
+It is crucial for Security and IT Administrators to work together and ensure that the organization's software inventory is configured for optimal results, compliance, and a healthy network ecosystem. They should examine the options to remove or replace apps that have reached end of support, and update versions that have reached end of support. It is best to create and implement a plan **before** the end of support dates.
+
+To find software or software versions which have reached end-of-support:
+
+1. From the Threat & Vulnerability Management menu, navigate to **Security recommendations**.
+2. Go to the **Filters** panel and look for the tags section. Select one or more of the EOS tag options. Then **Apply**.
+
+    ![Screenshot tags that say EOS software, EOS versions, and Upcoming EOS versions](images/tvm-eos-tag.png)
+
+3. You will see a list recommendations related to software that is end of support, software versions that are end of support, or upcoming end of support versions. These tags are also visible in the [software inventory](tvm-software-inventory.md) page.
+
+    ![Screenshot tags that say EOS software, EOS versions, and Upcoming EOS versions](images/tvm-eos-tags-column.png)
+
+### List of versions and dates
+
+To view a list of version that have reached end of support, or end or support soon, and those dates, follow the below steps:
+
+1. For software that has versions which have reached end of support, or will reach end of support soon, a message will appear in the flyout once the security recommendation is selected.
+
+    ![Screenshot of version distribution link](images/eos-upcoming-eos.png)
+
+2. Select the **version distribution** link to go to the software drill down page. There, you can see a filtered list of versions with tags identifying them as end of support, or upcoming end of support.
+
+    ![Screenshot of version distribution link](images/software-drilldown-eos.png)
+
+3. Select one of the versions in the table to open. For example, version 10.0.18362.1. A flyout will appear with the end of support date.
+
+    ![Screenshot of version distribution link](images/version-eos-date.png)
+
+After you have identified which software and software versions are vulnerable due to its end-of-support status, remediate them to lower your organizations exposure to vulnerabilities and advanced persistent threats. 
+
+
 ## Related topics
 
 - [Threat & Vulnerability Management overview](next-gen-threat-and-vuln-mgt.md)

From de8c42f97fd680a9ddc6396e7c5145682e0a02be Mon Sep 17 00:00:00 2001
From: Beth Levin <elizabeth.levin@microsoft.com>
Date: Mon, 29 Jun 2020 17:37:02 -0700
Subject: [PATCH 309/331] delete space

---
 .../microsoft-defender-atp/tvm-security-recommendation.md       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
index e940efeeed..14ffe3083e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
@@ -196,7 +196,7 @@ To view a list of version that have reached end of support, or end or support so
 
     ![Screenshot of version distribution link](images/version-eos-date.png)
 
-After you have identified which software and software versions are vulnerable due to its end-of-support status, remediate them to lower your organizations exposure to vulnerabilities and advanced persistent threats. 
+After you have identified which software and software versions are vulnerable due to its end-of-support status, remediate them to lower your organizations exposure to vulnerabilities and advanced persistent threats.
 
 
 ## Related topics

From fc3e88b88108dd5994dd5a23ece7541af399c4cf Mon Sep 17 00:00:00 2001
From: Beth Levin <elizabeth.levin@microsoft.com>
Date: Mon, 29 Jun 2020 17:37:26 -0700
Subject: [PATCH 310/331] delete more spaces

---
 .../microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md     | 2 --
 1 file changed, 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
index 7580afe46e..791dcee0ba 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
@@ -50,8 +50,6 @@ DeviceName=any(DeviceName) by DeviceId, AlertId
 
 ```
 
-
-
 ## Related topics
 
 - [Threat & Vulnerability Management overview](next-gen-threat-and-vuln-mgt.md)

From 884265b532274cc8b9031be7c5cf143af77dfe2b Mon Sep 17 00:00:00 2001
From: Icelyn Jennings <icelynjennings@gmail.com>
Date: Tue, 30 Jun 2020 02:43:22 +0200
Subject: [PATCH 311/331] Fix typo in whats-new-windows-10-version-2004.md

---
 windows/whats-new/whats-new-windows-10-version-2004.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/whats-new/whats-new-windows-10-version-2004.md b/windows/whats-new/whats-new-windows-10-version-2004.md
index 99be4872aa..489cb3373f 100644
--- a/windows/whats-new/whats-new-windows-10-version-2004.md
+++ b/windows/whats-new/whats-new-windows-10-version-2004.md
@@ -150,7 +150,7 @@ Windows Sandbox also has improved accessibility in this release, including:
 
 With this release, memory that is no longer in use in a Linux VM will be freed back to Windows. Previously, a WSL VM's memory could grow, but would not shrink when no longer needed.
 
-[WSL2](https://docs.microsoft.com/windows/wsl/wsl2-index) support is has been added for ARM64 devices if your device supports virtualization.
+[WSL2](https://docs.microsoft.com/windows/wsl/wsl2-index) support has been added for ARM64 devices if your device supports virtualization.
 
 For a full list of updates to WSL, see the [WSL release notes](https://docs.microsoft.com/windows/wsl/release-notes).
 

From 706a02383293dc996d5cca9d361a7afff2892294 Mon Sep 17 00:00:00 2001
From: Beth Levin <elizabeth.levin@microsoft.com>
Date: Mon, 29 Jun 2020 17:54:22 -0700
Subject: [PATCH 312/331] moved apis link

---
 .../microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md      | 2 +-
 .../microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md     | 2 +-
 .../microsoft-defender-atp/tvm-dashboard-insights.md            | 2 +-
 .../microsoft-defender-atp/tvm-exposure-score.md                | 2 +-
 .../threat-protection/microsoft-defender-atp/tvm-remediation.md | 2 +-
 .../microsoft-defender-atp/tvm-security-recommendation.md       | 2 +-
 .../microsoft-defender-atp/tvm-software-inventory.md            | 2 +-
 .../microsoft-defender-atp/tvm-supported-os.md                  | 2 +-
 .../threat-protection/microsoft-defender-atp/tvm-weaknesses.md  | 2 +-
 9 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md b/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md
index 882bfcb8b0..7a336fa1a5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md
@@ -116,6 +116,6 @@ See the following topics for related APIs:
 - [Software inventory](tvm-software-inventory.md)
 - [Weaknesses](tvm-weaknesses.md)
 - [Scenarios](threat-and-vuln-mgt-scenarios.md)
-- [APIs](threat-and-vuln-mgt-scenarios.md#apis)
+- [APIs](next-gen-threat-and-vuln-mgt.md#apis)
 - [Configure data access for Threat & Vulnerability Management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
 - [BLOG: Microsoft's Threat & Vulnerability Management now helps thousands of customers to discover, prioritize, and remediate vulnerabilities in real time](https://www.microsoft.com/security/blog/2019/07/02/microsofts-threat-vulnerability-management-now-helps-thousands-of-customers-to-discover-prioritize-and-remediate-vulnerabilities-in-real-time/)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
index 791dcee0ba..aa09248fe1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
@@ -61,7 +61,7 @@ DeviceName=any(DeviceName) by DeviceId, AlertId
 - [Remediation and exception](tvm-remediation.md)
 - [Software inventory](tvm-software-inventory.md)
 - [Weaknesses](tvm-weaknesses.md)
-- [APIs](threat-and-vuln-mgt-scenarios.md#apis)
+- [APIs](next-gen-threat-and-vuln-mgt.md#apis)
 - [Configure data access for Threat & Vulnerability Management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
 - [Advanced hunting overview](overview-hunting.md)
 - [All advanced hunting tables](advanced-hunting-reference.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md
index 907fbf1634..f3e37477b9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md
@@ -94,5 +94,5 @@ See [Microsoft Defender ATP icons](portal-overview.md#microsoft-defender-atp-ico
 - [Software inventory](tvm-software-inventory.md)
 - [Weaknesses](tvm-weaknesses.md)
 - [Scenarios](threat-and-vuln-mgt-scenarios.md)
-- [APIs](threat-and-vuln-mgt-scenarios.md#apis)
+- [APIs](next-gen-threat-and-vuln-mgt.md#apis)
 - [Configure data access for Threat & Vulnerability Management roles](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md
index 3e920228a6..43b92d5790 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md
@@ -62,5 +62,5 @@ Lower your threat and vulnerability exposure by remediating [security recommenda
 - [Software inventory](tvm-software-inventory.md)
 - [Weaknesses](tvm-weaknesses.md)
 - [Scenarios](threat-and-vuln-mgt-scenarios.md)
-- [APIs](threat-and-vuln-mgt-scenarios.md#apis)
+- [APIs](next-gen-threat-and-vuln-mgt.md#apis)
 - [Configure data access for Threat & Vulnerability Management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md
index bb9818de99..b896af9637 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md
@@ -104,5 +104,5 @@ Select **Show exceptions** at the bottom of the **Top security recommendations**
 - [Software inventory](tvm-software-inventory.md)
 - [Weaknesses](tvm-weaknesses.md)
 - [Scenarios](threat-and-vuln-mgt-scenarios.md)
-- [APIs](threat-and-vuln-mgt-scenarios.md#apis)
+- [APIs](next-gen-threat-and-vuln-mgt.md#apis)
 - [Configure data access for Threat & Vulnerability Management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
index 14ffe3083e..f6fa46930d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
@@ -210,5 +210,5 @@ After you have identified which software and software versions are vulnerable du
 - [Software inventory](tvm-software-inventory.md)
 - [Weaknesses](tvm-weaknesses.md)
 - [Scenarios](threat-and-vuln-mgt-scenarios.md)
-- [APIs](threat-and-vuln-mgt-scenarios.md#apis)
+- [APIs](next-gen-threat-and-vuln-mgt.md#apis)
 - [Configure data access for Threat & Vulnerability Management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md
index 381bdcdf15..71a557d488 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md
@@ -85,5 +85,5 @@ You can report a false positive when you see any vague, inaccurate version, inco
 - [Remediation and exception](tvm-remediation.md)
 - [Weaknesses](tvm-weaknesses.md)
 - [Scenarios](threat-and-vuln-mgt-scenarios.md)
-- [APIs](threat-and-vuln-mgt-scenarios.md#apis)
+- [APIs](next-gen-threat-and-vuln-mgt.md#apis)
 - [Configure data access for Threat & Vulnerability Management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md
index 0842174b9a..849743a1aa 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md
@@ -52,5 +52,5 @@ Some of the above prerequisites might be different from the [Minimum requirement
 - [Software inventory](tvm-software-inventory.md)
 - [Weaknesses](tvm-weaknesses.md)
 - [Scenarios](threat-and-vuln-mgt-scenarios.md)
-- [APIs](threat-and-vuln-mgt-scenarios.md#apis)
+- [APIs](next-gen-threat-and-vuln-mgt.md#apis)
 - [Configure data access for Threat & Vulnerability Management roles](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md
index 86a8667ca9..29ac035edd 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md
@@ -132,5 +132,5 @@ You can report a false positive when you see any vague, inaccurate, incomplete,
 - [Remediation and exception](tvm-remediation.md)
 - [Software inventory](tvm-software-inventory.md)
 - [Scenarios](threat-and-vuln-mgt-scenarios.md)
-- [APIs](threat-and-vuln-mgt-scenarios.md#apis)
+- [APIs](next-gen-threat-and-vuln-mgt.md#apis)
 - [Configure data access for Threat & Vulnerability Management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
\ No newline at end of file

From 172aa1b5dcb4a97d4a4cf67982c3492d547463df Mon Sep 17 00:00:00 2001
From: Beth Levin <elizabeth.levin@microsoft.com>
Date: Mon, 29 Jun 2020 18:09:54 -0700
Subject: [PATCH 313/331] change link in config score

---
 .../microsoft-defender-atp/configuration-score.md               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/configuration-score.md b/windows/security/threat-protection/microsoft-defender-atp/configuration-score.md
index 0577df46b2..4cfed0c928 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configuration-score.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configuration-score.md
@@ -91,5 +91,5 @@ You can improve your security configuration when you remediate issues from the s
 - [Software inventory](tvm-software-inventory.md)
 - [Weaknesses](tvm-weaknesses.md)
 - [Scenarios](threat-and-vuln-mgt-scenarios.md)
-- [APIs](threat-and-vuln-mgt-scenarios.md#apis)
+- [APIs](next-gen-threat-and-vuln-mgt.md#apis)
 - [Configure data access for Threat & Vulnerability Management roles](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group)

From 1bb11dbc9456be54865b8469bca9d8b3fcfc8f3e Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 29 Jun 2020 18:48:37 -0700
Subject: [PATCH 314/331] Update symantec-to-microsoft-defender-atp-onboard.md

---
 .../symantec-to-microsoft-defender-atp-onboard.md               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 13a16840fb..e1f80dbe12 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -72,7 +72,7 @@ Now that you have onboarded your organization's devices to Microsoft Defender AT
    2. Go to `HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC`.
    3. Look for an entry named **SmcInstData**. Right-click the item, and then choose **Delete**. 
 
-3. Remove Symantec from your devices. You can use SEP Manager to perform this task. See [Configuring client packages to uninstall existing security software](https://techdocs.broadcom.com/content/broadcom/techdocs/symantec-security-software/endpoint-security-and-management/endpoint-protection/all/Managing-a-custom-installation/preparing-for-client-installation-v16742985-d21e7/configuring-client-packages-to-uninstall-existing-v73569396-d21e2634.html).
+3. Remove Symantec from your devices. You can use SEP Manager to perform this task. See [Configuring client packages to uninstall existing security software](https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/symantec-security-software/endpoint-security-and-management/endpoint-protection/all/Managing-a-custom-installation/preparing-for-client-installation-v16742985-d21e7/configuring-client-packages-to-uninstall-existing-v73569396-d21e2634.html).
   
 
 > [!TIP]

From c0d2ef59115519b6afbdcfe7971948ce79357d09 Mon Sep 17 00:00:00 2001
From: Narkis Engler <41025789+narkissit@users.noreply.github.com>
Date: Mon, 29 Jun 2020 19:01:26 -0700
Subject: [PATCH 315/331] updates VPN Q&A for accuracy

---
 windows/deployment/update/waas-delivery-optimization.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md
index d39db925b7..8101b52a2d 100644
--- a/windows/deployment/update/waas-delivery-optimization.md
+++ b/windows/deployment/update/waas-delivery-optimization.md
@@ -141,11 +141,11 @@ For the payloads (optional):
 **How does Delivery Optimization handle VPNs?**
 Delivery Optimization attempts to identify VPNs by checking the network adapter type and details and will treat the connection as a VPN if the adapter description contains certain keywords, such as "VPN" or "secure."
 
-If the connection is identified as a VPN, Delivery Optimization will not use any peer-to-peer activity. However, you can allow peer-to-peer activity over a VPN by using the [Enable Peer Caching while the device connects via VPN](waas-delivery-optimization-reference.md#enable-peer-caching-while-the-device-connects-via-vpn)	policy.
+If the connection is identified as a VPN, Delivery Optimization will suspend uploads to other peers. However, you can allow uploads over a VPN by using the [Enable Peer Caching while the device connects via VPN](waas-delivery-optimization-reference.md#enable-peer-caching-while-the-device-connects-via-vpn)	policy.
 
-If you have defined a boundary group in Configuration Manager and have for VPN IP ranges, you can set the DownloadMode policy to 0 for that boundary group to ensure that there will be no peer-to-peer activity over the VPN.
+If you have defined a boundary group in Configuration Manager for VPN IP ranges, you can set the DownloadMode policy to 0 for that boundary group to ensure that there will be no peer-to-peer activity over the VPN. When the device is not connected via VPN, it can still leverage peer-to-peer with the default of LAN.
 
-With split tunnelling, it's best to exclude the boundary group for the VPN devices to exclude it from using peer-to-peer. (In this case, those devices won't get the policy and will default to using LAN.) If you're using split tunnelling, you should allow direct access for these endpoints:
+With split tunnelling, make sure to allow direct access to these endpoints:
 
 Delivery Optimization service endpoint:
 - `https://*.prod.do.dsp.mp.microsoft.com`
@@ -161,7 +161,7 @@ Windows Update and Microsoft Store backend services and Windows Update and Micro
 - `https://*.update.microsoft.com`
 - `https://tsfe.trafficshaping.dsp.mp.microsoft.com`
 
-For more information about this if you're using Configuration Manager, see this post on the [Configuration Manager blog](https://techcommunity.microsoft.com/t5/configuration-manager-blog/managing-patch-tuesday-with-configuration-manager-in-a-remote/ba-p/1269444).
+For more information about remote work if you're using Configuration Manager, see this post on the [Configuration Manager blog](https://techcommunity.microsoft.com/t5/configuration-manager-blog/managing-patch-tuesday-with-configuration-manager-in-a-remote/ba-p/1269444).
 
 ## Troubleshooting
 

From a2878c0b038b3cfac14f9a6ec93d1cc6ac3179d6 Mon Sep 17 00:00:00 2001
From: illfated <illfated@users.noreply.github.com>
Date: Tue, 30 Jun 2020 05:19:30 +0200
Subject: [PATCH 316/331] MD-ATP/Exclusions: avoid translation of keywords

Description:

As recommended by Tina McNaboe in issue ticket #7021 (Doubt), I suggest
encapsulating all OS strings and keywords in MarkDown back ticks to
avoid automatic translation of text that should never be translated, as
well as keeping the strings as coherent and unmodified as possible.

To paraphrase:
While the engineers are working on a fix to avoid overlocalization like
this on machine translated articles, it may be a few months before
it's fixed. In the meantime, it would be helpful to encapsulate the
non-localizable strings in the English article.

It is also a common problem that Machine Translation adds spacing where
it should not be, even if the surrounding text is kept untranslated.
This type of issue tends to be less easy to discover for non-English
readers who rely more on the translated pages than on the /en-us/ pages.

This PR aims to reduce these issues, at least for this page, to keep it
as correct as possible, even when filtered through Machine Translation.

Changes proposed:
- Encapsulate listed strings, filenames and extensions in MD back ticks
- Make sure that the encapsulated strings don't keep extra backslashes

Additional corrections, since we are already editing this page:
- Replace TechNet URLs with their permanent docs.microsoft.com redirects
- Replace MSDN URLs with their permanent docs.microsoft.com redirects
- Reduce a docs.microsoft.com link to internal tag link (same page)
- Adjust "Currentcontrolset" to CurrentControlSet (3 occurrences)

Ticket closure or reference:

Ref.  #7021 (keep open until changes migrate to localized pages)
---
 ...exclusions-microsoft-defender-antivirus.md | 224 +++++++++---------
 1 file changed, 112 insertions(+), 112 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md
index 66adf9c4d6..64b5f0e6d4 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md
@@ -54,7 +54,7 @@ You can disable the automatic exclusion lists with Group Policy, PowerShell cmdl
 
 ### Use Group Policy to disable the auto-exclusions list on Windows Server 2016 and 2019
 
-1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx). Right-click the Group Policy Object you want to configure, and then click **Edit**.
+1. On your Group Policy management computer, open the [Group Policy Management Console](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc725752(v=ws.11)). Right-click the Group Policy Object you want to configure, and then click **Edit**.
 
 2. In the **Group Policy Management Editor** go to **Computer configuration**, and then click **Administrative templates**.
 
@@ -72,18 +72,18 @@ Set-MpPreference -DisableAutoExclusions $true
 
 [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md).
 
-[Use PowerShell with Microsoft Defender Antivirus](https://technet.microsoft.com/itpro/powershell/windows/defender/index).
+[Use PowerShell with Microsoft Defender Antivirus](https://docs.microsoft.com/powershell/module/defender/).
 
 ### Use Windows Management Instruction (WMI) to disable the auto-exclusions list on Windows Server 2016 and 2019
 
-Use the **Set** method of the [MSFT_MpPreference](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties:
+Use the **Set** method of the [MSFT_MpPreference](https://docs.microsoft.com/previous-versions/windows/desktop/defender/msft-mppreference) class for the following properties:
 
 ```WMI
 DisableAutoExclusions
 ```
 
 See the following for more information and allowed parameters:
-- [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/library/dn439477(v=vs.85).aspx)
+- [Windows Defender WMIv2 APIs](https://docs.microsoft.com/previous-versions/windows/desktop/defender/windows-defender-wmiv2-apis-portal)
 
 ## List of automatic exclusions
 
@@ -95,110 +95,110 @@ This section lists the default exclusions for all Windows Server 2016 and 2019 r
 
 #### Windows "temp.edb" files
 
-- *%windir%*\SoftwareDistribution\Datastore\\*\tmp.edb
+- `%windir%\SoftwareDistribution\Datastore\*\tmp.edb`
 
-- *%ProgramData%*\Microsoft\Search\Data\Applications\Windows\\*\\\*.log
+- `%ProgramData%\Microsoft\Search\Data\Applications\Windows\*\*.log`
 
 #### Windows Update files or Automatic Update files
 
-- *%windir%*\SoftwareDistribution\Datastore\\*\Datastore.edb
+- `%windir%\SoftwareDistribution\Datastore\*\Datastore.edb`
 
-- *%windir%*\SoftwareDistribution\Datastore\\*\edb.chk
+- `%windir%\SoftwareDistribution\Datastore\*\edb.chk`
 
-- *%windir%*\SoftwareDistribution\Datastore\\*\edb\*.log
+- `%windir%\SoftwareDistribution\Datastore\*\edb\*.log`
 
-- *%windir%*\SoftwareDistribution\Datastore\\*\Edb\*.jrs
+- `%windir%\SoftwareDistribution\Datastore\*\Edb\*.jrs`
 
-- *%windir%*\SoftwareDistribution\Datastore\\*\Res\*.log
+- `%windir%\SoftwareDistribution\Datastore\*\Res\*.log`
 
 #### Windows Security files
 
-- *%windir%*\Security\database\\*.chk
+- `%windir%\Security\database\*.chk`
 
-- *%windir%*\Security\database\\*.edb
+- `%windir%\Security\database\*.edb`
 
-- *%windir%*\Security\database\\*.jrs
+- `%windir%\Security\database\*.jrs`
 
-- *%windir%*\Security\database\\*.log
+- `%windir%\Security\database\*.log`
 
-- *%windir%*\Security\database\\*.sdb
+- `%windir%\Security\database\*.sdb`
 
 #### Group Policy files
 
-- *%allusersprofile%*\NTUser.pol
+- `%allusersprofile%\NTUser.pol`
 
-- *%SystemRoot%*\System32\GroupPolicy\Machine\registry.pol
+- `%SystemRoot%\System32\GroupPolicy\Machine\registry.pol`
 
-- *%SystemRoot%*\System32\GroupPolicy\User\registry.pol
+- `%SystemRoot%\System32\GroupPolicy\User\registry.pol`
 
 #### WINS files
 
-- *%systemroot%*\System32\Wins\\*\\\*.chk
+- `%systemroot%\System32\Wins\*\*.chk`
 
-- *%systemroot%*\System32\Wins\\*\\\*.log
+- `%systemroot%\System32\Wins\*\*.log`
 
-- *%systemroot%*\System32\Wins\\*\\\*.mdb
+- `%systemroot%\System32\Wins\*\*.mdb`
 
-- *%systemroot%*\System32\LogFiles\
+- `%systemroot%\System32\LogFiles\`
 
-- *%systemroot%*\SysWow64\LogFiles\
+- `%systemroot%\SysWow64\LogFiles\`
 
 #### File Replication Service (FRS) exclusions
 
 - Files in the File Replication Service (FRS) working folder. The FRS working folder is specified in the registry key `HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Working Directory`
 
-  - *%windir%*\Ntfrs\jet\sys\\*\edb.chk
+  - `%windir%\Ntfrs\jet\sys\*\edb.chk`
 
-  - *%windir%*\Ntfrs\jet\\*\Ntfrs.jdb
+  - `%windir%\Ntfrs\jet\*\Ntfrs.jdb`
 
-  - *%windir%*\Ntfrs\jet\log\\*\\\*.log
+  - `%windir%\Ntfrs\jet\log\*\*.log`
 
-- FRS Database log files. The FRS Database log file folder is specified in the registry key `HKEY_LOCAL_MACHINE\System\Currentcontrolset\Services\Ntfrs\Parameters\DB Log File Directory`
+- FRS Database log files. The FRS Database log file folder is specified in the registry key `HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Ntfrs\Parameters\DB Log File Directory`
 
-  - *%windir%*\Ntfrs\\*\Edb\*.log
+  - `%windir%\Ntfrs\*\Edb\*.log`
 
-- The FRS staging folder. The staging folder is specified in the registry key `HKEY_LOCAL_MACHINE\System\Currentcontrolset\Services\NtFrs\Parameters\Replica Sets\GUID\Replica Set Stage`
+- The FRS staging folder. The staging folder is specified in the registry key `HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Replica Sets\GUID\Replica Set Stage`
 
-  - *%systemroot%*\Sysvol\\*\Nntfrs_cmp\*\
+  - `%systemroot%\Sysvol\*\Nntfrs_cmp*\`
 
 - The FRS preinstall folder. This folder is specified by the folder `Replica_root\DO_NOT_REMOVE_NtFrs_PreInstall_Directory`
 
-  - *%systemroot%*\SYSVOL\domain\DO_NOT_REMOVE_NtFrs_PreInstall_Directory\\*\Ntfrs\*\
+  - `%systemroot%\SYSVOL\domain\DO_NOT_REMOVE_NtFrs_PreInstall_Directory\*\Ntfrs*\`
 
-- The Distributed File System Replication (DFSR) database and working folders. These folders are specified by the registry key `HKEY_LOCAL_MACHINE\System\Currentcontrolset\Services\DFSR\Parameters\Replication Groups\GUID\Replica Set Configuration File`
+- The Distributed File System Replication (DFSR) database and working folders. These folders are specified by the registry key `HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\GUID\Replica Set Configuration File`
 
   > [!NOTE]
-  > For custom locations, see [Opt out of automatic exclusions](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus#opt-out-of-automatic-exclusions). 
+  > For custom locations, see [Opt out of automatic exclusions](#opt-out-of-automatic-exclusions).
 
-  - *%systemdrive%*\System Volume Information\DFSR\\$db_normal$
+  - `%systemdrive%\System Volume Information\DFSR\$db_normal$`
 
-  - *%systemdrive%*\System Volume Information\DFSR\FileIDTable_*
+  - `%systemdrive%\System Volume Information\DFSR\FileIDTable_*`
 
-  - *%systemdrive%*\System Volume Information\DFSR\SimilarityTable_*
+  - `%systemdrive%\System Volume Information\DFSR\SimilarityTable_*`
 
-  - *%systemdrive%*\System Volume Information\DFSR\\*.XML
+  - `%systemdrive%\System Volume Information\DFSR\*.XML`
 
-  - *%systemdrive%*\System Volume Information\DFSR\\$db_dirty$
+  - `%systemdrive%\System Volume Information\DFSR\$db_dirty$`
 
-  - *%systemdrive%*\System Volume Information\DFSR\\$db_clean$
+  - `%systemdrive%\System Volume Information\DFSR\$db_clean$`
 
-  - *%systemdrive%*\System Volume Information\DFSR\\$db_lostl$
+  - `%systemdrive%\System Volume Information\DFSR\$db_lostl$`
 
-  - *%systemdrive%*\System Volume Information\DFSR\Dfsr.db
+  - `%systemdrive%\System Volume Information\DFSR\Dfsr.db`
 
-  - *%systemdrive%*\System Volume Information\DFSR\\*.frx
+  - `%systemdrive%\System Volume Information\DFSR\*.frx`
 
-  - *%systemdrive%*\System Volume Information\DFSR\\*.log
+  - `%systemdrive%\System Volume Information\DFSR\*.log`
 
-  - *%systemdrive%*\System Volume Information\DFSR\Fsr*.jrs
+  - `%systemdrive%\System Volume Information\DFSR\Fsr*.jrs`
 
-  - *%systemdrive%*\System Volume Information\DFSR\Tmp.edb
+  - `%systemdrive%\System Volume Information\DFSR\Tmp.edb`
 
 #### Process exclusions
 
-- *%systemroot%*\System32\dfsr.exe
+- `%systemroot%\System32\dfsr.exe`
 
-- *%systemroot%*\System32\dfsrs.exe
+- `%systemroot%\System32\dfsrs.exe`
 
 #### Hyper-V exclusions
 
@@ -206,59 +206,59 @@ This section lists the file type exclusions, folder exclusions, and process excl
 
 - File type exclusions:
 
-  - *.vhd
+  - `*.vhd`
 
-  - *.vhdx
+  - `*.vhdx`
 
-  - *.avhd
+  - `*.avhd`
 
-  - *.avhdx
+  - `*.avhdx`
 
-  - *.vsv
+  - `*.vsv`
 
-  - *.iso
+  - `*.iso`
 
-  - *.rct
+  - `*.rct`
 
-  - *.vmcx
+  - `*.vmcx`
 
-  - *.vmrs
+  - `*.vmrs`
 
 - Folder exclusions:
 
-  - *%ProgramData%*\Microsoft\Windows\Hyper-V
+  - `%ProgramData%\Microsoft\Windows\Hyper-V`
 
-  - *%ProgramFiles%*\Hyper-V
+  - `%ProgramFiles%\Hyper-V`
 
-  - *%SystemDrive%*\ProgramData\Microsoft\Windows\Hyper-V\Snapshots
+  - `%SystemDrive%\ProgramData\Microsoft\Windows\Hyper-V\Snapshots`
 
-  - *%Public%*\Documents\Hyper-V\Virtual Hard Disks
+  - `%Public%\Documents\Hyper-V\Virtual Hard Disks`
 
 - Process exclusions:
 
-  - *%systemroot%*\System32\Vmms.exe
+  - `%systemroot%\System32\Vmms.exe`
 
-  -   *%systemroot%*\System32\Vmwp.exe
+  - `%systemroot%\System32\Vmwp.exe`
 
 #### SYSVOL files
 
-- *%systemroot%*\Sysvol\Domain\\*.adm
+- `%systemroot%\Sysvol\Domain\*.adm`
 
-- *%systemroot%*\Sysvol\Domain\\*.admx
+- `%systemroot%\Sysvol\Domain\*.admx`
 
-- *%systemroot%*\Sysvol\Domain\\*.adml
+- `%systemroot%\Sysvol\Domain\*.adml`
 
-- *%systemroot%*\Sysvol\Domain\Registry.pol
+- `%systemroot%\Sysvol\Domain\Registry.pol`
 
-- *%systemroot%*\Sysvol\Domain\\*.aas
+- `%systemroot%\Sysvol\Domain\*.aas`
 
-- *%systemroot%*\Sysvol\Domain\\*.inf
+- `%systemroot%\Sysvol\Domain\*.inf`
 
-- *%systemroot%*\Sysvol\Domain\\*.Scripts.ini
+- `%systemroot%\Sysvol\Domain\*.Scripts.ini`
 
-- *%systemroot%*\Sysvol\Domain\\*.ins
+- `%systemroot%\Sysvol\Domain\*.ins`
 
-- *%systemroot%*\Sysvol\Domain\Oscfilter.ini
+- `%systemroot%\Sysvol\Domain\Oscfilter.ini`
 
 ### Active Directory exclusions
 
@@ -268,51 +268,51 @@ This section lists the exclusions that are delivered automatically when you inst
 
 The database files are specified in the registry key `HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\DSA Database File`
 
-- %windir%\Ntds\ntds.dit
+- `%windir%\Ntds\ntds.dit`
 
-- %windir%\Ntds\ntds.pat
+- `%windir%\Ntds\ntds.pat`
 
 #### The AD DS transaction log files
 
 The transaction log files are specified in the registry key `HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\Database Log Files Path`
 
-- %windir%\Ntds\EDB*.log
+- `%windir%\Ntds\EDB*.log`
 
-- %windir%\Ntds\Res*.log
+- `%windir%\Ntds\Res*.log`
 
-- %windir%\Ntds\Edb*.jrs
+- `%windir%\Ntds\Edb*.jrs`
 
-- %windir%\Ntds\Ntds*.pat
+- `%windir%\Ntds\Ntds*.pat`
 
-- %windir%\Ntds\TEMP.edb
+- `%windir%\Ntds\TEMP.edb`
 
 #### The NTDS working folder
 
 This folder is specified in the registry key `HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\DSA Working Directory`
 
-- %windir%\Ntds\Temp.edb
+- `%windir%\Ntds\Temp.edb`
 
-- %windir%\Ntds\Edb.chk
+- `%windir%\Ntds\Edb.chk`
 
 #### Process exclusions for AD DS and AD DS-related support files
 
-- %systemroot%\System32\ntfrs.exe
+- `%systemroot%\System32\ntfrs.exe`
 
-- %systemroot%\System32\lsass.exe
+- `%systemroot%\System32\lsass.exe`
 
 ### DHCP Server exclusions
 
 This section lists the exclusions that are delivered automatically when you install the DHCP Server role. The DHCP Server file locations are specified by the *DatabasePath*, *DhcpLogFilePath*, and *BackupDatabasePath* parameters in the registry key `HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DHCPServer\Parameters`
 
-- *%systemroot%*\System32\DHCP\\*\\\*.mdb
+- `%systemroot%\System32\DHCP\*\*.mdb`
 
-- *%systemroot%*\System32\DHCP\\*\\\*.pat
+- `%systemroot%\System32\DHCP\*\*.pat`
 
-- *%systemroot%*\System32\DHCP\\*\\\*.log
+- `%systemroot%\System32\DHCP\*\*.log`
 
-- *%systemroot%*\System32\DHCP\\*\\\*.chk
+- `%systemroot%\System32\DHCP\*\*.chk`
 
-- *%systemroot%*\System32\DHCP\\*\\\*.edb
+- `%systemroot%\System32\DHCP\*\*.edb`
 
 ### DNS Server exclusions
 
@@ -320,27 +320,27 @@ This section lists the file and folder exclusions and the process exclusions tha
 
 #### File and folder exclusions for the DNS Server role
 
-- *%systemroot%*\System32\Dns\\*\\\*.log
+- `%systemroot%\System32\Dns\*\*.log`
 
-- *%systemroot%*\System32\Dns\\*\\\*.dns
+- `%systemroot%\System32\Dns\*\*.dns`
 
-- *%systemroot%*\System32\Dns\\*\\\*.scc
+- `%systemroot%\System32\Dns\*\*.scc`
 
-- *%systemroot%*\System32\Dns\\*\BOOT
+- `%systemroot%\System32\Dns\*\BOOT`
 
 #### Process exclusions for the DNS Server role
 
-- *%systemroot%*\System32\dns.exe
+- `%systemroot%\System32\dns.exe`
 
 ### File and Storage Services exclusions
 
 This section lists the file and folder exclusions that are delivered automatically when you install the File and Storage Services role. The exclusions listed below do not include exclusions for the Clustering role.
 
-- *%SystemDrive%*\ClusterStorage
+- `%SystemDrive%\ClusterStorage`
 
-- *%clusterserviceaccount%*\Local Settings\Temp
+- `%clusterserviceaccount%\Local Settings\Temp`
 
-- *%SystemDrive%*\mscs
+- `%SystemDrive%\mscs`
 
 ### Print Server exclusions
 
@@ -348,19 +348,19 @@ This section lists the file type exclusions, folder exclusions, and the process
 
 #### File type exclusions
 
-- *.shd
+- `*.shd`
 
-- *.spl
+- `*.spl`
 
 #### Folder exclusions
 
 This folder is specified in the registry key `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers\DefaultSpoolDirectory`
 
-- *%system32%*\spool\printers\\*
+- `%system32%\spool\printers\*
 
 #### Process exclusions
 
-- spoolsv.exe
+- `spoolsv.exe`
 
 ### Web Server exclusions
 
@@ -368,35 +368,35 @@ This section lists the folder exclusions and the process exclusions that are del
 
 #### Folder exclusions
 
-- *%SystemRoot%*\IIS Temporary Compressed Files
+- `%SystemRoot%\IIS Temporary Compressed Files`
 
-- *%SystemDrive%*\inetpub\temp\IIS Temporary Compressed Files
+- `%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files`
 
-- *%SystemDrive%*\inetpub\temp\ASP Compiled Templates
+- `%SystemDrive%\inetpub\temp\ASP Compiled Templates`
 
-- *%systemDrive%*\inetpub\logs
+- `%systemDrive%\inetpub\logs`
 
-- *%systemDrive%*\inetpub\wwwroot
+- `%systemDrive%\inetpub\wwwroot`
 
 #### Process exclusions
 
-- *%SystemRoot%*\system32\inetsrv\w3wp.exe
+- `%SystemRoot%\system32\inetsrv\w3wp.exe`
 
-- *%SystemRoot%*\SysWOW64\inetsrv\w3wp.exe
+- `%SystemRoot%\SysWOW64\inetsrv\w3wp.exe`
 
-- *%SystemDrive%*\PHP5433\php-cgi.exe
+- `%SystemDrive%\PHP5433\php-cgi.exe`
 
 ### Windows Server Update Services exclusions
 
 This section lists the folder exclusions that are delivered automatically when you install the Windows Server Update Services (WSUS) role. The WSUS folder is specified in the registry key `HKEY_LOCAL_MACHINE\Software\Microsoft\Update Services\Server\Setup`
 
-- *%systemroot%*\WSUS\WSUSContent
+- `%systemroot%\WSUS\WSUSContent`
 
-- *%systemroot%*\WSUS\UpdateServicesDBFiles
+- `%systemroot%\WSUS\UpdateServicesDBFiles`
 
-- *%systemroot%*\SoftwareDistribution\Datastore
+- `%systemroot%\SoftwareDistribution\Datastore`
 
-- *%systemroot%*\SoftwareDistribution\Download
+- `%systemroot%\SoftwareDistribution\Download`
 
 ## Related articles
 

From af02e26ac1deea1d14693fbc9aefcf612f459638 Mon Sep 17 00:00:00 2001
From: illfated <illfated@users.noreply.github.com>
Date: Tue, 30 Jun 2020 05:30:52 +0200
Subject: [PATCH 317/331] Missed one ending back tick

- `%system32%\spool\printers\*
---
 .../configure-server-exclusions-microsoft-defender-antivirus.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md
index 64b5f0e6d4..59e059aeb5 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md
@@ -356,7 +356,7 @@ This section lists the file type exclusions, folder exclusions, and the process
 
 This folder is specified in the registry key `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers\DefaultSpoolDirectory`
 
-- `%system32%\spool\printers\*
+- `%system32%\spool\printers\*`
 
 #### Process exclusions
 

From 4c451fa14578ee0aa6d4b75c4f079d41416c8442 Mon Sep 17 00:00:00 2001
From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com>
Date: Tue, 30 Jun 2020 10:29:02 +0530
Subject: [PATCH 318/331] Update
 windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md

Accepted

Co-authored-by: Marty Hernandez Avedon <martyavedon@gmail.com>
---
 .../auditing/audit-kerberos-service-ticket-operations.md       | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md b/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md
index c4423ca961..0c95144cb1 100644
--- a/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md
+++ b/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md
@@ -31,7 +31,7 @@ This subcategory contains events about issued TGSs and failed TGS requests.
 
 | Computer Type     | General Success | General Failure | Stronger Success | Stronger Failure | Comments                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |
 |-------------------|-----------------|-----------------|------------------|------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Domain Controller | IF              | Yes             | Yes              | Yes              | Expected volume is very high on domain controllers.<br><br>IF - We recommend Success auditing, because you will see all Kerberos Service Ticket requests (TGS requests), which are part of service use and access requests by specific accounts. Also, you can see the IP address from which this account requested TGS, when TGS was requested, which encryption type was used, and so on. For recommendations for using and analyzing the collected information, see the [***Security Monitoring Recommendations***](https://docs.microsoft.com/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events) sections.<br>We recommend Failure auditing, because you will see all failed requests and be able to investigate the reason for failure. You will also be able to detect Kerberos issues or possible attack attempts. |
+| Domain Controller | IF              | Yes             | Yes              | Yes              | Expected volume is very high on domain controllers.<br><br>IF - We recommend Success auditing, because you will see all Kerberos Service Ticket requests (TGS requests), which are part of service use and access requests by specific accounts. Also, you can see the IP address from which this account requested TGS, when TGS was requested, which encryption type was used, and so on. For recommendations for using and analyzing the collected information, see our [***Security Monitoring Recommendations***](https://docs.microsoft.com/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events).<br /><br />We recommend Failure auditing, because you will see all failed requests and be able to investigate the reason for failure. You will also be able to detect Kerberos issues or possible attack attempts. |
 | Member Server     | No              | No              | No               | No               | This subcategory makes sense only on domain controllers.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |
 | Workstation       | No              | No              | No               | No               | This subcategory makes sense only on domain controllers.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |
 
@@ -42,4 +42,3 @@ This subcategory contains events about issued TGSs and failed TGS requests.
 -   [4770](event-4770.md)(S): A Kerberos service ticket was renewed.
 
 -   [4773](event-4773.md)(F): A Kerberos service ticket request failed.
-

From b74884d29e1e3f0f8881beb6c6d2667176b1e6d7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thomas=20Sj=C3=B6gren?=
 <konstruktoid@users.noreply.github.com>
Date: Tue, 30 Jun 2020 11:50:30 +0200
Subject: [PATCH 319/331] link to the Microsoft Defender ATP portal, and
 reformat Ansible
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
---
 .../linux-install-with-ansible.md             | 88 +++++++------------
 .../microsoft-defender-atp-linux.md           |  8 +-
 2 files changed, 36 insertions(+), 60 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md
index 378fbbc6a0..709b03a5e2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md
@@ -35,14 +35,15 @@ This topic describes how to deploy Microsoft Defender ATP for Linux using Ansibl
 
 Before you get started, please see [the main Microsoft Defender ATP for Linux page](microsoft-defender-atp-linux.md) for a description of prerequisites and system requirements for the current software version.
 
+In addition, for Ansible deployment, you need to be familiar with Ansible administration tasks, have Ansible configured, and know how to deploy playbooks and tasks. Ansible has many ways to complete the same task. These instructions assume availability of supported Ansible modules, such as *apt* and *unarchive* to help deploy the package. Your organization might use a different workflow. Please refer to the [Ansible documentation](https://docs.ansible.com/) for details.
+
 - Ansible needs to be installed on at least on one computer (we will call it the master).
 - SSH must be configured for an administrator account between the master and all clients, and it is recommended be configured with public key authentication.
 - The following software must be installed on all clients:
   - curl
   - python-apt
-  - unzip
 
-- All hosts must be listed in the following format in the `/etc/ansible/hosts` file:
+- All hosts must be listed in the following format in the `/etc/ansible/hosts` or relevant file:
 
     ```bash
     [servers]
@@ -79,55 +80,32 @@ Download the onboarding package from Microsoft Defender Security Center:
 
 ## Create Ansible YAML files
 
-Create subtask or role files that contribute to an actual task. First create the `download_copy_blob.yml` file under the `/etc/ansible/roles` directory:
+Create a subtask or role files that contribute to an playbook or task.
 
-- Copy the onboarding package to all client devices:
+- Create the onboarding task, `onboarding_setup.yml`:
 
     ```bash
-    - name: Copy the zip file
-        copy:
-            src:  /root/WindowsDefenderATPOnboardingPackage.zip
-            dest: /root/WindowsDefenderATPOnboardingPackage.zip
-            owner: root
-            group: root
-            mode: '0644'
+    - name: Create MDATP directories
+      file:
+        path: /etc/opt/microsoft/mdatp/
+        recurse: true
+        state: directory
+        mode: 0755
+        owner: root
+        group: root
 
-    - name: Add Microsoft apt signing key
-      apt_key:
-        url: https://packages.microsoft.com/keys/microsoft.asc
-        state: present
-      when: ansible_os_family == "Debian"
-    ```
-
-- Create the `setup.sh` script that operates on the onboarding file, in this example located in the `/root` directory:
-
-    ```bash
-    #!/bin/bash
-    # We assume WindowsDefenderATPOnboardingPackage.zip is stored in /root
-    cd /root || exit 1
-    # Unzip the archive and create the onboarding file
-    mkdir -p /etc/opt/microsoft/mdatp/
-    unzip WindowsDefenderATPOnboardingPackage.zip
-    cp mdatp_onboard.json /etc/opt/microsoft/mdatp/mdatp_onboard.json
-    ```
-
-- Create the onboarding task, `onboarding_setup.yml`, under the `/etc/ansible/roles` directory:
-
-    ```bash
     - name: Register mdatp_onboard.json
-      stat: path=/etc/opt/microsoft/mdatp/mdatp_onboard.json
+      stat:
+        path: /etc/opt/microsoft/mdatp/mdatp_onboard.json
       register: mdatp_onboard
 
-    - name: Copy the setup script file
-        copy:
-            src: /root/setup.sh
-            dest: /root/setup.sh
-            owner: root
-            group: root
-            mode: '0744'
-
-    - name: Run a script to create the onboarding file
-      script: /root/setup.sh
+    - name: Extract WindowsDefenderATPOnboardingPackage.zip into /etc/opt/microsoft/mdatp
+      unarchive:
+        src: WindowsDefenderATPOnboardingPackage.zip
+        dest: /etc/opt/microsoft/mdatp
+        mode: 0600
+        owner: root
+        group: root
       when: not mdatp_onboard.stat.exists
     ```
 
@@ -150,6 +128,12 @@ Create subtask or role files that contribute to an actual task. First create the
     > In case of Oracle Linux, replace *[distro]* with “rhel”.
 
   ```bash
+  - name: Add Microsoft APT key
+      apt_key:
+          keyserver: https://packages.microsoft.com/
+          id: BC528686B50D79E339D3721CEB3E94ADBE1229CF
+      when: ansible_os_family == "Debian"
+
   - name: Add Microsoft apt repository for MDATP
       apt_repository:
           repo: deb [arch=arm64,armhf,amd64] https://packages.microsoft.com/[distro]/[version]/prod [channel] main
@@ -158,12 +142,6 @@ Create subtask or role files that contribute to an actual task. First create the
           filename: microsoft-[channel].list
       when: ansible_os_family == "Debian"
 
-  - name: Add Microsoft APT key
-      apt_key:
-          keyserver: https://packages.microsoft.com/
-          id: BC528686B50D79E339D3721CEB3E94ADBE1229CF
-      when: ansible_os_family == "Debian"
-
   - name: Add  Microsoft yum repository for MDATP
       yum_repository:
           name: packages-microsoft-com-prod-[channel]
@@ -175,7 +153,7 @@ Create subtask or role files that contribute to an actual task. First create the
       when: ansible_os_family == "RedHat"
   ```
 
-- Create the actual install/uninstall YAML files under `/etc/ansible/playbooks`.
+- Create the Ansible install and uninstall YAML files.
 
     - For apt-based distributions use the following YAML file:
 
@@ -183,8 +161,7 @@ Create subtask or role files that contribute to an actual task. First create the
         $ cat install_mdatp.yml
         - hosts: servers
             tasks:
-                - include: ../roles/download_copy_blob.yml
-                - include: ../roles/setup_blob.yml
+                - include: ../roles/onboarding_setup.yml
                 - include: ../roles/add_apt_repo.yml
                 - apt:
                     name: mdatp
@@ -207,8 +184,7 @@ Create subtask or role files that contribute to an actual task. First create the
         $ cat install_mdatp_yum.yml
         - hosts: servers
         tasks:
-            - include: ../roles/download_copy_blob.yml
-            - include: ../roles/setup_blob.yml
+            - include: ../roles/onboarding_setup.yml
             - include: ../roles/add_yum_repo.yml
             - yum:
                 name: mdatp
@@ -227,7 +203,7 @@ Create subtask or role files that contribute to an actual task. First create the
 
 ## Deployment
 
-Now run the tasks files under `/etc/ansible/playbooks/`.
+Now run the tasks files under `/etc/ansible/playbooks/` or relevant directory.
 
 - Installation:
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md
index 385bdbecbb..425c0389da 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md
@@ -1,6 +1,6 @@
 ---
 title: Microsoft Defender ATP for Linux
-ms.reviewer: 
+ms.reviewer:
 description: Describes how to install and use Microsoft Defender ATP for Linux.
 keywords: microsoft, defender, atp, linux, installation, deploy, uninstallation, puppet, ansible, linux, redhat, ubuntu, debian, sles, suse, centos
 search.product: eADQiWindows 10XVcnh
@@ -14,7 +14,7 @@ author: dansimp
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
-ms.collection: M365-security-compliance 
+ms.collection: M365-security-compliance
 ms.topic: conceptual
 ---
 
@@ -39,7 +39,7 @@ There are several methods and deployment tools that you can use to install and c
 
 In general you need to take the following steps:
 
-- Ensure that you have a Microsoft Defender ATP subscription, and that you have access to the Microsoft Defender ATP portal.
+- Ensure that you have a Microsoft Defender ATP subscription, and that you have access to the [Microsoft Defender ATP portal](microsoft-defender-security-center.md).
 - Deploy Microsoft Defender ATP for Linux using one of the following deployment methods:
   - The command-line tool:
     - [Manual deployment](linux-install-manually.md)
@@ -51,7 +51,7 @@ If you experience any installation failures, refer to [Troubleshooting installat
 
 ### System requirements
 
-- Supported Linux server distributions and versions: 
+- Supported Linux server distributions and versions:
 
   - Red Hat Enterprise Linux 7.2 or higher
   - CentOS 7.2 or higher

From 72bf3ac7623df1d11019651a73744d5ca44e6a11 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Tue, 30 Jun 2020 07:03:50 -0700
Subject: [PATCH 320/331] Update SymantecMigration-DefenderATP-overview.png

---
 ...SymantecMigration-DefenderATP-overview.png | Bin 33280 -> 33929 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/SymantecMigration-DefenderATP-overview.png b/windows/security/threat-protection/microsoft-defender-atp/images/SymantecMigration-DefenderATP-overview.png
index 5bff5f007a100c9f4413cffb2bae9bd1f1dc3cc6..138df35a03d709681e0a84dd2d1e50d7f33a6d4a 100644
GIT binary patch
literal 33929
zcmeGDWl)??^fihm0fHqA?hFBf221e3-~@LG?u6h@V6YG%gS!NGcXu5mK!Q6AFt{_g
z!<qd4@40n9zIEz+xOMA&3TmpUr+U`jy?giCt2ZGkO46^f$g!S1d-hsZMpEtBGZg5v
zXD?hZP>_G2B!1tA{CMu7CN2J~VuW%RIY6}(QxtpltU3z&-UJOfPE%3PkV1a`dz|}m
zadGkR@Tdd+zIpS8j*gC#larg98x%h!Dk>^1Ev=%W@)`N$%o`gUTUlAzSFSiZI)cIA
z@87@wXju;l35kk|ii2(^BqaR$^(!+oGxyJ4VPRoqWo7l$QGI=V+XAAqv$MOq8w!OE
zte%dJj*g9ujc;8n>|eoPu$7gSb;Qlq*46>?IlntTKEAklczSwzfu0FQVtekYrlkH%
zbZhPla)9Y5qvP`I842FM-{(UNXClv@1z5>SifMQl9;Uy}-0Ph<bRY!e1fv5&mpwQ5
z2f}hFsi$rpR}N=NbRS|Fp11fXn;hRhxhntm(z4DMlr7wU@?PT~p<4&Krw#Oj4)~)Y
zyyl#M6jxR2LcB*N1D>`^(8#m7CJ5DbwG%*a#O(j+i>Z3x>#!B0$Hx%paggA_Bwy#l
z!|7=cwc=C-oFe(I<aO+d1<yA@v2Cr#$q1Y^&FihvB$3W_L~G$Pl%I%$qZ2X9Xf)@L
z*1p1tsE_b9z!l-(@H?Gl%)Bq|^h?TKJe~x!9KpZVJ>WjxKMZj2AN^9dA<dhCb{ao+
z-q5WRfy!FbPX0!K%HE-MK5?_V3O4oQU|b7ZT{sGLQ6FA;Asm-3XD`p#fjHfRnLas?
zZVtL`H|N&@8sKX#gNI=!fm0f=_O<`I{cmYFoRr3IPC2c8G;jGfH==xXpW5#(B7n~O
zZ1UKWHfs3>;P*J-+XJ<`bA6#t_?Rac<zBW8PwIqJQr(cV=T1Obx6L$}Ppg2B2dz){
zC$Ax|4Xjpe%db3cOiWpQ+1z&Ji9JZTJxM<^-{NRm-P_{4mgN4!JAzg!egE4QKE$kP
z#p(*KkN6EX@=)bpuI_*!y&AsmWh@7?$e)1fUddR$1x`bCD?eUV*&bqpW?Tt){&bxN
zq($|8lZ}HsNuKL^%W2*^Ecx(4UMf9U!OVZUln%(L&{Sc6P$Kh%{e`|le|7ndmGTdX
z$Q;#;lPZ(3IE<%b1lm;g=noPoF}t*LH~XmtJb(7tLp#cE4B8Ol!Y7Y142V5GLK)Xe
z>PH)<m2AsN>e(9OuUte!PF+Q@MOG~L<kL9m-!8CkQry1lLT|WpYkUs^g)<U9bszSQ
zvthYc-bkjKecim#X^Mkf^uxo`j^HnL{5i)lx_OK;t;I%N6NT?&+a9)+ZynJV;K#}s
zHqFMqSJW~Wg`kseRH^*QzQ;#44iODssnI!-76f%CAtNeXHHDT>{0Bs%<HwrcHwObN
zsw<BMiS@-I4|Z+~)V>m%cURO_{He#vN1u+9Dim*u=ibxV5`C4mB|`B@Iv?<J?42j)
z+(b9%X|Qb#^?bsKf_7X-m2CnRi3jd!%^o*S%v_^+vWf7^h5O(A1~~iQ-8EKLS7!>}
z;KbPusAR@I?4;uZQ7;unvLdr3YjSUM8v%VocXK7L1lx|yw?zELrx$u1@jpbEV~Z?Y
zVvX0<MrO9~+{W2F#hD~SWUIZaub5f*<Bpsf)*p6A`DGoHQXv;X_&8Yo<J4o5k;>QP
zjH064^Z*Hx(ASUsm}^y-m#@X;{CZd438g7XcP5sU_J6`l!7w`ec^`atJ_s;5tf5U0
zmHlvEe?(tpsbaEyNa;(G2)>bUXR&)~gVcZT;wBz+N80>0t*79rH_;70Q~II&<b;Q>
zqSi#x1G{VB8);S<rjNMEWnC%m3eTW6WwI@?pN0tNC&z^FE^~FjDy^TfB#o>e^-#jq
z?~AeW!09#AZN}_ERUk2FycXK43`;qB4aFKDP;U7FJ>W1p@F6Cm9MkNj;>eZwJR>OU
zpp3Lo7f`=>?4YU)627_95wgb>DszhV)XuziR6&!k_-*YEDn)qKPH<KCzb`OlEtxoZ
z8|Z@tutC$oE7*IyKOZC+&l6IlF?4fcs|`jqT(~&{&d5{XpwbP_-jEC5u-e^@8kS-4
zM;n`<?Em>91`q0t=Mf__#u_5M&sO>5^D6N9JgiR32P5gQGJT_tT2&S0PNkwvx<dLG
zQDyFqe@kv*;%{ZuO#|4E72?uPwZ(xD;nIVLNxU+p(a>FqOa`KIa=#I_lX?r1gTl>{
zFvQXxaWAIUvHkMNzsxqRnrx;j``&K~HhcS^q}ouiq<=~CfAaqFS-5=*@5ZW7-tKIX
zM2(_H^illzyPKbAxHD(+`gU`SATqxv#5|+X{oB-O0)X#?nErizSAwZDAMO6*t+ar|
zUX4gc3>Ha$e@#?%pct%L<|FCzxJ~rD+qhB{b(6M==a3UYfV8{ZH%;DxX*^1dZ-03!
z(Eaf~FkTXI?RZ3^H4ZV|Req*sWBOsMmG>LR21J2n7Dx$plGC6}HsT8dHEecVZ`4vt
z#+p(`YAw^vLUE351ckz<4!>tca^J2?3*?Meq2f&P#!{P2J=*w?#!*~c`E$x5-LeuD
zYWod}`?xjk<Q=>GJOVf)XwZ7=LwsJh9@iO68==)cBqn$-l?vf7Jq#f6SKtc|LGk4L
zt$Y{ZVp@q;70s@QxT9#rn<BV0_~!`yRCO4-I-YW-Peh!xn-XXo-}IVbO$s2I)B`?`
zw}^W`7q#HQ`3!0M)EF8kZogSzKLM8TtKZ=*rN6Sas>j{aCx1viihnN({1Y<nqw_bb
zB^Tp^fvyGA{XEaa^B_baRM0q3{YSvqI0AC;+5L%?@XoRAG)+Is!vp?xLY9B#cNd4g
z4S2h^>z8QT@QvPOY-=8u2{wOD9dfrm6#aHjl8_#Ea*bU^L0WothayQF!TGXh=j6mT
zWz7V`Z(Y9a*!T8z6du#(DYnYz7q3EBN(7aPr9!~+kXL1rp&mC^BxzJ3@G9M-xLZN)
z=hekqe{B^Tz#uygzd5>BX;y;8A3sutQt2;L%LtK*$qN>9t}CPBg>-657%C62Lk#LY
zZh8vV8zZ7Sb!X6e1FzLPDEin-!Tb_n!LWQ=zG^ShA1XDe{O+YVmrAli7zfd1K*s)~
zFtKXDz`N1Giyi8W`#woQ%mH$rlXXAeMmDkHjqYG2uJhfH3IiA~E`!yLf4j13%pp4@
zGG~3~Z9BRyC_ML0F%y`ty>+rXUW{hiw8k-7IV1Nf;oV+AAvdm)P?v)NDT+IT1Sx9O
z0iRYy)_qLZtJ2pg>&mS16QA5Z^8JjdNq1z6vGyTF<7A=4f?@`w$xVPgvmeLZd15QY
zzOkwOgn$G%j{~87nZdTne&DyB&wsq~I~;?;chGjZ+yvb7_~}pHG)Y{izo1&DbtjlN
z@>HsjenM<Gq-a~8C(lH`K6ryRIBq5GA%!<<A7^Vmr=|-;iSa&8sFSAb(QSSbYI{^Y
zzuGPTdcnz_?nkFUKk@#hWz+yk{CXR|(tZ6|Scu=#^<R?f(mhESCvLVQmhXNK=}u<a
zv&01Ern0p)+Cus=-mj4&vL{XB{<VRPRH4_5;rN^klvtkw#gyo++P#f0f)1_U8U-Bb
zzCE<Yh^n)JJDxDo>TPAF8Nw@q+!_W>9N$cRs}huRDg%l9XG}82i+-s;XnjLmA3&kd
zxK68_$Pn*bb>F*@N7K!Zum=3DU*0xOhc_ob+448v;|^XK%6j!?yJES9+gAAzKKOv&
z>4M7KcuVD^L7v`V*CO0}U7p93HTVLcwD_YcpF(wtfq!^okUBjkNz}dn3uRs{7A_Mx
zZM!kb$i3P8!zJ^2`ad~*(V5;?VdRL`GIpv=6gY=6)k{0S7gp_;wuV35x((B@>8f5*
zN*WTdLs2>p-$;~`ds$paq2%5PW_hLgJ5%}{HdQHq6ybfqp23nGQpX4U5DeTcW;ZxM
z`NFJ~5p&K2P<|{33Ho$hOyJm4ZHeOB{hv(|Cb5Yemp~DYGI=vCfw5C$l%;_FU<;#m
z8wC?ba@;rI@sIF-f~bssGA`0r<s(`uS@o$3W-m*6O%)X6+_~Op3%Sz#g|9_%iMc3m
z6Gg$6sT(MI`{#w&Xm%tN?7Bz_RfmWPmWXN}&x)9Ors6Sn@_qi56*H{q|3OGC-nbtA
z#<uZw_|dWG(}-I1u#%9rLH0=0{A2H>xPhPuy_4?|u9CvSs44YJtqi<EtOw-c%=dPD
z`b97j`huRGmNd?Rt-^;%VdAuJ`6`!okq(DSTKb9U_U>GZ+e_Q6F)pfejEj;wzMDs0
zxdX_ETodiRq|x(w|H1sIm+zzYF3^vZI&Pv2<}uk3esAV98m=ea%mQN98|`(D9eZ{$
z?(&A$YLBk%LkjT&P7eLU@A?hvx&l^+juX!@IJ*=FsKSgb$XdQ1u?jmstf4Qy_1!10
zdfhfxb)`K3_m6mD6Ev|XRTz^Waxfhp?U-B?z5j!f?1I2iW_x2e=JO<FeF5&b^^LF~
zuH0k}S#yMF1a|t}|5;`uy5p=nl`L>^@;K#7otwqjkB=TpGAM~ROfGZ!{LJjMyszHn
zq5c0(`GjFkD+s=*$o05$oUd0^EP2YJ@1KF7Csqha$F%FzAB<UyDw@+K21`4AKY}>>
zH=`<QS)yel4tIv?9?6u%r_yZj%%ya$&zIMr?Uac|&J$;g@}<hA!G-LH+RyeC=h(ln
z39$a=%(9V5CC7<Uz<sV>b8%(y`fGQON&6=m|M+9kUzsH~c<LFkOiFV!Bdmdgl9wi5
zH$xP**N|y}x4Kf5!&ig3bb7AJKl5g0Z6Rp=A9AeA9NMtHDhCT!%FMiPqOA~~HXaPl
zXP9dzL2(s+PHERRp|yWUsmJD(vJCCq_^npL(Ds6z=v<06<{}Lop`>M8>5ENetSLdt
z)-u805|XRS><nzfu1-@EP)Ik5huy=?@nSnf6e+5xy1y&RzdJs(eiemla!aBvEKkwp
zdVeS%^d5XK8l@dc%R8^oSjHUzRP&U};otTC`Ov%bU%dTxJ3?mYzl@hWYfb|Q%p^5+
z#qLpWn_VGn>HjuO2MLi5YroIC9JAH8?Vv;8%*S6ZpZAOY$jjw5e)^jdv(A5#<m_Ai
zx37Nd3nQX7^GzI%-wC$l{TbgB2Uo|Kv_i{0$x}CFwv{((Y-t9QdL0XLHQenxXX>B)
z3-&y(Wr9r|poPRU`W;tjf%i&w8=KNXZu603zcg>wNwmHuP@iw^A3u#V{hmc6H@GK8
zMCc=Z*R|5=O_gJK{Ym8I>fZa0iyv(ooQAVMJPcai?)FBtc%>QHi8qoIqPi6G%eHd3
ziaf=0VS)dJn~Z+Kn269#sxm8gPa}u3UJx0SVY2E6a>Z)SSSf>K8@&CF&x(GVzF%xK
zbbXbc$A_#IiFP)lppolKL0(|(mC6ma3d(_Ifo~@WY7x1Jo!Vn#_%}6}V;Uf_)q`}I
zzAeI$a$9L>7V1&I#XkaS4ukmJQ$<}xW^f2bx_BMkC=5HL-TgnUdH;8+=)X@+lmq{p
zKZ7?$15QA)|JQ5t{~etF$pWdWfKGnPER_lkwyD2Cr9mwTO_0>=|Nj~;{f2fvo}DST
zDnH$D`S}v66p`mY-aei^Ipf}64Ic}ftBS#vp!F(^v5OwpMw#yYjg%+vMYGvI?^*sn
zr}z6_DOv5eS@6i8Wq$<MEz%oQ6uNIGBlYf6rG8GhCyt!z#zlQ+h4SR|)Pdq;^9gY^
z@WQPWv%1sw@zKc0_puleRrz>xD6I(_&a$U(L?A}9312cxinuaONy$B29EubvU+o&1
zP%5%{>j%AeYvu2KyuC{D4D_!QZrINdhsoK)O*Am+o>qSYsIlDq)pSE5151V)@5{Xv
z#AIRYud0o_*64-TQlo$9d1#0I;_!QD^t{Q9Nfb~2%#zUfQxnaro&<iTBJ77yX$%uT
z=%mAW`E)<0uYjC*6>gNhErRQBy_J}n;5KU~aLun$bSBql%{^W+WMp*uc~w3A%DKUy
zacea|491R8-KoS+dLMRXFw(Zq@A^4~m+N?olH9)~VG4YGXZA=oeNXbUV{M1hpzhh3
zJIvN68qNSXCU&s##&Q!T)J&w@i2<Q=vwM;=eZ-7Ii)`(KF81Z^yY4mywxp9B&DOkh
z>D}&ho>8AGBer_Ir8fSB;&Eu6z0iQq0B7f>0%QxO%mp67;F~)+XlYY_B^SVe<BTsg
z2WB4Eeg~plj}JCFaUBQsX`b5A!PW>wsJzJ86@?gV1nXPb_%jkAiOn=}<g{xO?;gV`
ziPM~gcGpi3x0_W&REcar;+Vhz1j4ALa=U56zhmcZQe{Lu_8l=`v@rD{j1{zb%=e=u
zo#5zBp4B!XWpX2C#<-$b|I}U0^x#JDO=*g-UE@0e3TcMNU?J9Eenp_6?H)-B8{u9X
z#E2cMUmj>x3^6jy$TpA{2w!+BxBh|Bh-A<GQ&Vng#QPB~<5L+M&ZJO=Sdwmr?H6dR
z3Q0ss{?|^P+UaxV14tHmb8Q_wDsU{jV=`{P{HP#L?5z%CCpa?2{swEFb@t5TNtWj)
zwwq9#>QR&V2J87rd%OZ&d3o+MvrRgYvN}pS@%@4ECm~ya>-dkn1Eo!$#Nm1T63UsJ
zF7xV1F*1Sa8x@k2z4Py$9xg{+$1j6gx}eg4`j=y2s{*kQl0A5O@CS$rM{2Xi?iM(=
zbkul@$r`Y4MVfpv<wm<+bAsiFQnV-wf84GKt#jJqeH+F7OI{;+=hp*1ye~@-&#LFs
zJC4>tZVeO3N9}+_DK<*_pNuW$bFV(v#;m}4lq5f@Yl~a2kuut79~ezSciDcAUf(D`
zz9FxY)%2<Efde(Pa5SR6gxs_whsUg^51A-k>dGf8UHq1WhTLN%2|vShJ>p~0WST+)
ze#sq*({~mOm*}U)TgMbbtu0ac#fjIsW|g3Dpg{PWFHQ%mR!P$$dDyo@c<M0Tv2#Yd
zX<tbseS}UizFH>W`DT<1s(_O8!mtU~xLfcaF@-Q;iJ$e9H9ThYHDq4ji>B?GnV6hK
zGBTOT;%_#%=bR_!&A_B+A@?!4F-1#Zu4+ZB2z*hfhTN;0cE5?z<xf8uSWseufO(W1
z8`(2bheR9EY*}x6B=L(IDL3xJg!l6k@rx#RMK~z%>?`mzmLG>+FrhBH33#8M-oGlO
zK;MdCC`h(7YRJh___Y=kvr{cdWi{8MfIVJD*|5Xqs{I(lvu>I-u@BH`lxhs*&e2Q!
zJrW;2&@55LaryD#M99{-(<%ORTPJFe{d*JB;8(-fBn-Q{`HUZUO0J1jir(i7Kb@Bz
z&o6IQp5@DZm3r9ke7d;tkX$PZ2$76OrN|S^GF1HATQQd4Ce*Ar`Mp+@#)HQBo@K)=
z+n!NK=+@XGJnkE9n)D{V3(Z$aW~Y=Ah8Gpe(kblWg_8oF=et$+0rEe3tM1`n-iGE!
zH<s=Vi#>g@luI15`+F$W{iq7EJsx2W9%AlpG~5B9^tjgGmrq*#{+v+y4;)^;w%_C4
zVy4mK9uE^W{Hzn1W%U{kseNSVAgl_G%n*KDc@B3b@kAGmac=J|3dzvFuUv)ENbb(}
zBeLw*fsYObisWe}{d1JWRyjD2i1%k_V0Jpmn8_Fht|40=g6(le=pDZ}+SV6N{QU+g
zlD%oyf(d+gO&@5>xya+Zgre8YL)C<!?-G?lU$3+1D8IH)T{o%3_U9gP2ecq^RhF}I
zImbk0_0>q>+)py7KOh&f81_FHF<v+0ii-%<#v~Uff8vP#xb*hXgR5w<338#j>-mT$
zyiKT7?>tNwv4ww9w!HY)JX}GT%&N;ik-(YgcZStGSGp=dFKusrctpbi6aG5W>a|l4
zWb+N)7ojZ65SiwiVN0CApk*v9o-z#y)!6r1C0_}nm!N8|p{+(r%ObMDUmtKgKj2K-
z=LG#-6o-8Rd1t$4KJh(ypGk_Pp(`K3E%>CKIh}^cpyYSweG#&_(6iUgQ%W0foC~)#
zjTK^D+)poF#uxWY=Ks->&?W-lIG2&61x9OmeL=Ac`ya!#N^T=7q@BF*$JLdc0V4C)
zxB^;iwSu*jAw}Pe;kCdH1;N8<reqI=4>VDAOVG<QfgKOpiLRLL4gEPY4#I6`mr0jA
z+m}~@U~JZJ!5?$)wJ%3Bv`wv3<Ed^`gjkcH=~@`{Snt)S$rf^3lYEvtmWaWbqxnxQ
zWsgFi4j8jUagrr`0AWJPC4{sR>}P7L?6?%VPRrUwn6ztJc+4xuF1y$n&#>+_xIV2G
zuA?~tt(qZyf|pGmJ}eV6HqA%y;)buuprnRbRSFxM5XjGbh-GV1`+bblJ2DH3g{x7*
zr0C9Jl#B#FP9U)-TC?K#_Qa**uzjqUidI#SLP6tq@z*SFw-JcKr|bLh0crB*!!#~M
z$0p6a*aUc(<VsGNj5)tymH4#Kc(j_V`{D6Q95)K=YWd{?bZpDxn1Myb?U+O_?J2_5
zD)pEzE;>3aP%BMzouus12a6Q;oZ2qvM@;!$AHL{PQQv|d{IrU`8CfLba0B|@cm}$v
zmR%ykc-+Ol+GkHJEr(|@55EPa<Jo3k>EL8~blz+>&d|a;S27V!3{H`hA0W5D8E4b#
z$-zrd+D!75e8{h4;l7t3K<A3{b!_3a5m4v4SG`<l!WocDKkZr`r!2Vu{IRf|(eA80
zxAQsV9mRB*i4IjsEIdrgAU{3sKp}`eZ-$v~b}okR1mXD!bdOLeqRFq*3ltL`4GViB
z`{q>g+uK8>F$T9ak3|vtN<@jW`RV#QlJgwFzc5WjtK}+Nbg;aztNSBx61)Y^wx^@v
z1^XplZ$}5EevI~HEz%3|Y9hnp$(s7A>b#Wpb?T6DIYH>-l-=9j5x=T)j#|eXonFXF
zqk!AH<{{|Q!;SaDrr9|{n-qtr!i@d|oigUXS9uXxK~XIj*N9f$LVJ4Tg@)c>;1ZqR
z>nsA{Pk<;_l>CR6!1vC|_s_3R<YAx0%i4+(ZmZZ`mWBtUjEqINr^@qSP;Z9cpOYmx
zP|t7n2X^2_5bRm_moaFiT1Q)6Z6kV6OGKbHeBSS2n&VeM&<$7a9`P|vwmtnJ5XZ@y
zNb<@tD!U`Ae<;NN$Mxj#=t`at`_v&VAa^b8TQ;XX9Kb!~T%;%43XzCk;J9+^KCy$%
zQ5`uoCK>s50qRiqcxm;I_bd|?0gpv+M4V{q<#P#`TndP?)8-ohaAu>^5lL2iK(l%V
zxPftI*(Z54Ay|znqJ;i5hEQ`N!M9W5&{z-h!=M9%M8c7v0+M=wcElGFG7<?G`-vlG
zwcHIeHB&gKxuMtr8_c=BdiX!UNhIF!?19Q^tF9g(f#MNfO&mkl0b9#v2b1aC)_(pl
zZr{GK7c;neuWDitC9|RRk)V`kD<jZ837_R>Vexg2C*kkLPv065hh;J!Za^se?K{2#
z28rAQp^cE1ggUQZNfOrgXGsHJH&4PLeSJ~ZrdV!0&~}ET^-5uIM5%HEFP71JeIf=#
zRsE}((ZeaIW$IpraY#k3b(TF{PlDp#n}w@w<?<@hddJCDdR7wQfxxF;Xf=@wir2%7
zU3(;Te<yT*D)MxHnrTVVl#X!R^Le7lR$&xcvf(Aw5M)?NU}ALmd1CkE-U^HV>7}a?
zA8-~)U4}*5+42o&U=Zc&N;8`@jes-`s5IiiPYcIFVP)-eZ2cj=5uX-4ggEL&N@?;)
zBTokQde7c^FB(Pp$T>NO&5FY0DozkmY3Eg(t!A+G4wWKR0Ez4!`#GX`i4K_r9_Cet
zhrdH~u4S5?8VCw&9oKJ}N2LCJMI^QMc<-vlta%w85E}Le7r`mmxwvZ6jYS5*AWxfH
z<3XClcZJ~5Olk}gk6=!4yEG36C9#V*laFqa2=fW$OhC`burmwooqU>Lb5Imzt(*|$
zOLl(U0D)bTVzI^C?^0JAK;YI3fL;dr{)w<#4M&2I?`LN7W@?00!NqJq<p;~pCBA5c
z*4oAXf11tE4xGG#s_~^l|CVJyDg!j}msYXhYBDA~k*i=K-iD)?*U5<99?J!gUek%M
zc4tDmom=%^LYt}g>he?O>TZh6PS5!s{SHT^vj1%=+aj(bm2_bXc(qMlFY$MV#31fY
zo9GkleF3eydV5X0Fj5mw!z-P(&9Fjqa#<SH*MDl+mWlVYoFgE9kF%ejT8@0RF+72|
z*hOQ#N|#dXWcVuPzcsdeyWTub;*b>3u1J}<0GOt-)I_fK2ZrXjlKdZE^ytOoGjlV*
z#e_2)#JK;`pnehxHzt^Hu}pq59=f78E__v01gPU6(&PCU{Co$3O_8QUt<e<m(%HJ{
zWYN<D@eX(Ts4i$=Loreu!2iZ8lx02hkoiHktjuK`dN3j}-RJkvmmMFTK*kjW9D`nd
zkLE!5T8!2SY-h+1i=9r>Mv~9+sfw8nf1FQJ<=THRjF)Ss&MFp0H?T3L`gVV5ty1(n
z|I>mz;Pd6r<srB9kZ-88!_H_{0Gl1aOXXPbb0~E;^q`b^6WAS?Pb@6o+&&`IM$ni4
z74{WK>eIzS5u-*n{w|J07jtfi(z#_$j8G|1X)5O0<@uByYj5OYIcDZl!Z%ZaUTrRZ
zmTX;_>Y*iURH*uEP;u-p=PeTf^WrtinLU$;#^ts5$)A*I*eM!4Z2l(?5g}TxpeJ(|
zFWHXGjq)VsvbmHo8Nz3l$+L@F+)e$qw1~hcOjF<0=(>4503Q+)&GWS9<^D>@|0tXz
z%h4Y^t$HQ$1HzNCaY|w{`3sqRd#PiCO<tyOlNu0D*2{lgyF}YYccE1#*r8{yvTy_5
zH$U6sB{qd7+X;(UU(IYwW_q~B8w4QYl&ev{*7sEB$e9i$1I!vrKD46gI-FcPRu|$X
zMd-Eh{Fj==)V%Um_TYvY=#eO-ye=ug_g5&~eP1!ToJpG5k*6~gk9I7^Jj%@P@lwJM
zx@B)f@_xyhzsXr*1}r}4@j{eD;kDHlq9U5_K^KXAO*pmX@naNedAkH9=^v)qF%p|r
zXMn;_XeYRg9l(Oz9(c&1DFF#(VLZNIdF&2HSf59*_CjQ7V^esYIXNf@_!s)5xryrH
z8U|5cq6ZWzT|!-_QQTy<d}V+c^JO#$LyG^-v&g!2h-LuwDu!A6<O@7Ax(^Bm2sQz+
zi4XTGFiCnM-b@L`vOZs~!1N#r5apIEuwPQluhMBBlH#ddJb$?bjLg=AhM;o^g*tjT
zU7=C&B?YJ%EvlM2^D3V@Hh3r$s515Tt<51R-@k)meTv1W@zjx=q{3^5MW^HkQ>A9g
z2Hb;T`6U)l-qcrFwfNrkh)AW2LV8HY5k$5^?>d|7cbRU6jE>o6brykn;8bD$+v<z(
zL}&wEGQ}-5f?s#iIQd*gzstg57oPazT7wZN6#6C>RlSlj5s#oecCK<2zV6)A$RB5Q
zP6Xxz3=9+>x>-%42AYiu&Tq3N7u~!~;QdN_WpoNj`MG?yg7XiDhwQ26WADulk+W%)
z_I$EiuXj_Je9YXWny)A+f&A1u!OK=V6k=nw$o;o>`ND)3lMhuDoVJq0+x_MWB2Lef
zrackcFa9xW>HYV)-r&6l3@V}@VOB4RKuQ8QUQIcj+{Bx>P_slNw7wIMg34(2cS4~M
zvckU)9ve<1kp>k`)p0&L3VU{~WWYL^zw{fv!6`!=LS@U#QswelDgko4s(`bb#>?}~
zSqEhyOR5%^pY@5O5ZI@ZIzj#G6VdakPd6#fPZ+mNq|7fR$==gpt!|$OGob#GDVI{*
zG9e4nTyU`h3EW*zY5pm>>cJKokLlWUu?o+DSQKbaW&Ui5@bWmP>1N8ctLy4vH+J4#
z53snNu3DGuBfZ__2$LcUN<M6^8(Gk!j42%C24nT{ZxK7Zc6(=aRps-B;x_yyEFHRC
z)LJT3X8q!ZezU3_OfZNW+Vmt<hpK3Hd~>`1`kxUIplRBt>(jGbhBu&}D}dBjFMi-M
zpweIzXT412oP=E01P;d2>zdNgbSQWJfoK@502T)^DZ1kvm;8sb6n+zs1X?($!p8)P
z7BK-)pm}Purox)<z`z4{4EAzKQunmP^YBhqVkiv*;EFhDwfEHrvkDbMVl*@dOe9I`
zf$q%4;s}eSLu!>S>EF2LWV%&lI*Ytj1YB#mSWm9JK-Mu+AwRBP^k;mvBjz_Rcp)Cw
zU>}JuCJ(W4WzNu7XZ>~J$+BP-G@6AhuWVPK9HTXI+z+9^M3xwRnR2@c0;PzCziU=C
zy=W#nicg;7XHt9aLr}M<dZn4XARhIG5>ufU0RtgPQ26IyDN1(TSN$HtB(n`Vo*!P9
z{^;e$(Q9LyD&JrM81)oEMxEeN4~JPQP&v)nmtNtGpNrlmpHPXxl#oZmvTZy;W{9_n
zN+bT2BiFwp^LF5a!1^H(i>Edqs>79Hb>lArg8CmX^-Hgm^D6_6EJvARJ}Srjb=#AY
zrHa~z58Hg8jtDwNDsCsM@OQ*yeh*iq>4<9ZT*uSX`LKiE<GzA~(fYqS_o~s`=vxi-
zcNX9r)C{ze;4MVl(GGdCK|_CS@MOPB2{?i$`FY<?H+C-67R#&MoG=r6dqW8UQ3vp_
zqY#k??W3UQ|Kh~)ns?wXn3}<>&U^5$6Yt&Mqn|6xQ-@`csMagcTEOu@Bl>@@G3gy7
zd0nF>5i(hd^gcRf*^^*=+bXzLFHpYIMw0ixz(|WQuWQz%rFkDoH}O695Qvd4Xx#l)
zVnmh)133c+L;^IBg4P02cC2~AbZ)gAKL+l($3UbF?suiPR|P%zHC)P`IRP@?=pQMW
z<QPJwc8MFRrIr?visE?{!e?H&r_jjPuN3l<g#L^1WJBZ6{}^LFHud4t?eu$=TCeM(
z^&t~>%%S?fAB|qu6?L-0deDHMI#9S*d)s2z8bQrsi&}f`&5$5Jzq{$AThy(|(azh;
zA5#|sE$cAXZ0bXjGR_d_y8fz3^LJed^*Uz8n&{U{OsW49q#P@L7dM{^)x$83;Oh+1
znU8nd>)>H}zTWdH$28@Q8dq!*4^q3k`tsvwNKonGbM;1K#GqX1v5R`DTUkUUZc++&
zdji(Oq7ZhbZ^6GZCH1k9k<bq%fdhp*s6M&u<ZkOHE#c-WwpWS2^NI}B*IH@qg2qMq
z#8Xw3>+nG{Q5x7RxP`s{bYy=0(bAp+NpePANVm6I!`^tdUGF2#m!vDWFxY^gD!7kX
zDI$ll{=@AA;FHK6ftY#<+8PZdm~p6T`n+8oZmL=E*0G5^6T4&W)7+XQ?O1AX7j>kX
zIwS(wdbP#GHZkD@WLfeb!*#9*KQ5ER4lOmLaXffZO_le8mR<#YqzLs(u&@8z-EOYX
zQw*$o@qT0MBJj18{U$s=&~)AffU(%o@j&V3<px;C4YkLz-!v(fJFe%`TK^5LNtYkG
z<3h4lV!$jkNQ4zB$Yoz2FS|^Sbv1tOdpymlgEDVu5fh>`1J{_sp=O_l<FnTbmBZN|
zF2Rv0^f|+7wxkO__q3YR=t7j>VymE*_72GA+_|y%4_rJHWBos5wCmhlKUu!6lX!)W
z$&1&dT97E7JG9DcUeEv*Z!3_B#eX*!BtdJH#oel`4(jjr!dBcE0P+d$bXSJX->|N}
zGy^A?!fQJiaX%?|v8XbstB_<4VkEyQ?LBDF5@Sh2zb9as%!gP^1Q{HKi^B|8pa%rl
zR1B;5iJttCJ^aJr+0*uu4%Q)?DkLOuPMRU<0uQEiH71}Z|CcYVSbJJ)K>MHK2IQeD
zwQ}hhBDK&AKmCjw5l_-SG{O9^W+1NR4b#b%E#QpS_ibqJxpEE2jV~k4+RwgbD1&*r
zR?RpFC~ylDwl%lw16lA)9ljP~4P6yg`++OK^oxxG%_t0LYIyTmzqLxAZp&VWR#_bX
z{b*=Ld;tO><#5FD{eRh?1X&yX>J)$F4spQmEc2Y#@o4&e@vL?;_pK?OrL`tm_Hp1_
z-u$vJ@5A^LH2bCB|5%#q9xo0UUxE&uV5jI7E$VslE8~g-EORB9c1(P})d1x2q$GD3
zX+nsIs-}kX42Zv%y#>!@1<#7X<g7vWQ4CE82wG4HR^PE#i0sqdZll}lmvNB%z+j@U
zVzm8hZ>jU~hQG(s*M~>*4;x;{IdX-fsHxELZvu{2umD%!E$hIRc7I5rGbb&23`%Y8
zsPtgfNcjL&37u}z7OOa}plSN~5VbH16UcU6p#qs2roeL{Dn+vza^jH^Y8g4L4Tcry
zfttc42+p7DfRQ{hZD+u+B8|!JQl<O~>fYroF!9tC4Grl=!CUY6SKGh_`WrfBadAz;
z=B$?oScNR_c5j_f{+IS}!2nELsM0^p?G!~glJjhsuywi!>Jp-ljl?2o{y;WNn%Sm>
z1t*^`j&J9_1cjfrS`KtTEZU!Y)vW@3ahay{JV-&?!$d~Mt|-J>H$_X(HG}2T!6?^t
zEwDCm<HtIUg2Rq0l+!9of5LY6LivN8GgS~kd3_S?CME-q5SZAf1Ia+7r+HnAWvNsi
zzz^N;!hsPc;>8pN`hfqL@GD`DhS7(4pjxNxTjx9Am$5xCYnccJAh(?UHf%;~I7dtY
zw<mY>(}fUgTnwGkMk4iP^lgx=Oc55wth7Otp%@Gbco77)08pr7$2ijc<Tuf_$aMy|
z-1ja6&Me+T<KYZ4&#9J~WqbD}ssKGu^L*)eMhy74WiA-F<x$Nb*@cGt8y^HfFOKy+
zf}{J3BX?<Gm^Q(PGbpf14*Al|0U(SjU?!GemCR)nil6UI88K96zZr0X@FueVP=iVX
z-<d4RfaI@z5EJCHUX&OAffuTwV>-;k(B%XW!5|z;C<$t5c0}IB{dd;>pW*-U#=l^Q
z9k@b#Sx~&9^hI9vfD&}S3F5Tdwld<t0zMPPw7|rgbYr#%aH18CuaK0a_yXa(Y$xCm
z`d~fd7I!o0-x;OjChI`9+}0+<Beh$RT9M?CBZO4(_wchX)8B)a_Uj_;8n;yXU1r(%
zgW>cW!E`Jh26)AbS&k(AvuCCgZnbV?h5@wc#>-CM&A}uJSdE>S$ZB)~I!X&eBX?kc
zdAA!XVasOLSZuF3W&DsR<ZAHrfPscPTZiJlVKYrtsgYpT6YYOjy-GVn=(0aEiJY%X
zZ3JJtN#)r~^cavD4cph~R~Ep^I8XGvu1B!c8e=~KDqH*ZUPNTJh6HUkh&Zs1x9Mde
z(3D{<4|7Q^BMbk{o28b7Ss%2o<g^UMChQRH*<M=c_xuO^`#<0*TLy{J-XZ{_{&b=|
zdwMru2FSqq7i93aozx0+6!zz3;pDqW*q&h}k*@%uwMy}DV2eLwwsvGF$D+~U3b7w5
z1A7_R%GqK1+Fln`_YluJ97w#&&i_Y|i6Z>LnN~AXqUkPo51$vC!uKfSeD2V{*Wabn
z)uuQ`UN)kyHOT&4$G*mrG<3b8MXtCmAhG0{NTo<DpPhi^4ACN3#sGVzxsX)8bWn_{
zJpi6ibTTFeLh32^XkS)%{QC9=y;x#@p^p8b1L-1^9s_ctcQ{rLcET$hOrgQ&LWd0R
zzA}CoI$Ti8oU+>(u`9Vu8U3an$Vi-g91F>QJfG(UzPRj~3}`;s{j5Q~-$1m-B#aY|
zwP%%5o#H8olsyi)%H_EY_h6dFe92`q*zwK#o{jpDZQM1u<=L&Na~5Qini-n3Pye$;
zr%~U|+$nra)Vu$1U4bFr$qUb>*>_o{e6QDT(<e*COl}(N!K+i=qLgDYtN59gh@o5%
zPdP`vr)LUJaifb7j#tx*$WArIh$8<3JslM!iD`L_{mtL@9VH~^#YkaXF)FF~oI8I}
zvEcykngv-zYfGVhLt?e_*e}lx!({Q=!M9-T^Zt)jCxlflZ048R=`B=T<qS205uw5I
zgIKu*OPg6)X$;|qBo=%~4zL7;YH`JdwHd~3fgSEqVaS|5Nl4PzPHBCLki-7b{%3&J
zq=M0QcCbudi{i{_=@<LmkV+A<iX5$T?5ovlV+`ywto*Jk-B1nA0teavJuq<MCFEb%
z6$d(=BmQCM@tV6N{sqyDM8m>4sS0)yMK+O{EQLI8B>lKkzNr6D-UDA*HEB%|R<7D2
ztkPPw+3A6fY7KZMy6rz)i&r$MF9XOm9Lv4(TAkF9HyaN^_jNNlqIrv0<mvekp0}T!
z^S}qUquhpMhxVSMsarvRD)w<totEZof{bv2T85xlw9qY_dOk5}M=B=3Iff-w-O}mx
zdmlD}x5gX3Z_ob22pfTtdiRf<Va()wDstSGDu2vP;uMzp6%_KW^y8YpE^!qE6YCqB
zRaF(}h9K`nh>pt2l)QA{V&=j^rhPdhlD$J9>rU`!(n9j$n;L$+Tf#52)p-LIPkC<|
zve}f;4t#&fU&xfi-0&L!l6)+frZj<((!<Sey>KgmOq=>hGd$e_95IdOY)S=j0W$2W
zx!CKOb-EN_OIo$YFMvWXo_614h&o1c=Aj!|!BF?nY}k!H%$6%G`WDjp<5|mzkTG1h
z^ul<ApU-fYS((H68%VMIO_Pry(Cyg%U(Eu6WcGBdN9T=o@z}HyF`rpz^5A&{kjgQx
zYFrNv>g4eJMn5uXR@F2|9ryy|Ws{&%1hIZt^$iS#|9`=Nl%NL2><xGV928Xkd<%i7
zcl87nF)pMfBRAo)eP0_SLZ1+NvwA7=3~&sET2iV#_R|?@X~toVzB<O7z?9LX*0U!m
z^==q~nNLt(!96|3v(u*VC<WvAr|1+C%q2jq^`>6MB{oozV|~fJnFDw_sDDyWNp)`y
z>ajx<9@$S8XHO?qa5fHM+?#0s?5Y;kANNvE$w9EIfMcrvs2a`Q4}WjsmUGP=nf<>2
zlzRkQp3lG(0;G;r>(rQ_IqtqH#Jq7KhNTmj+Iy_G{QY@#ed|_U$%6ue1M}d86h;H|
zppWZt10X&c6gZ>T5b#pLqktY=&W-z%`^QS-s4v9n%Z>DaP8Vdlv;t&?a(IPaIBS<E
zdjYq&%G<S7KWDj#x9cBXypRE;imTC#8+HFwGaT-({Z6F5zO38j%sUAeD7y<955EGx
zB&wS<|NKi2slV+Bwdo98NiZ(<mVXp7H`-BGZSIVw|I)N{+%mXeI2TlfM+CpzfVa1w
zMAQ7FPI+FL1h(I*84*y@<Bi;pkzcVUI*K*K#NsK^z?Z|xT#v-GW81{|0I0M$ur7&`
zIgFS@4GJuA8RIR(#(vi=#F|}5mjhX84xX|TZNgsP=Y;MzCbUcBu#t&--0*7JR3hxH
zDoDiI2y_?1kZFV{MM<swr9*)E7h7&@ZKu+Xqjl%YAsOYEGQE))nT9UCQl=DUCYu3y
zrgoQRdgK8&0(EJv?1HDaD23vDea~sISA95U-n~GQ)%}8`7EC42Y`1J;C*<zog_8>j
z(*tXAn96!w4FuiN7#>Dtp0|o-zf6!5PiKKZ`2fxe_okl!x{)q5;QrtX$sux^8$8{v
z;Fo8l6lHS={hglM(K}*fYQ*?v<xQ2rx!vPhwMFtOn@U^(aBRT^jWK2Wdiudf*Q^7P
zKcS>mHOFy{U7NKz9Jd#ZR(24>Tr_MoNtTXa4J+-sJ(OxWQtd92{mX{D+nRQ>Vie8R
zFV-ze#r}*e%>OH#|9@`iX#l8XVAKV?%l1D;5zRiznL?-6z;yFM2MTkz81wBj6pEmG
z22tW6<tlbyMh*=8l_%q5>hG+j_;Gka>d0*XcEtKgdl!~p!2)2TR6M&vWvIh*tl`Y3
zg2Z}oGyuYME7)0fcSa!&TL>Z$>6=U0g-F4NcRog1G%UY}B#;S~DV^ROjqZ_-Gn<>$
z;HXZGu7F-C_S~P>(*z(7l|JYi>%*y|s!aDtxRMhCcVFvm{>UfZETiJ`#t%v&MA+1l
z?c{`eSosHw5+UMuV+>C9D(E4R>qUlhh3<f36I5aJ%yNz)UO?&}&&!zlCUR<?L<{?!
ziw#suA=YJ0WRF?@iCeMpwqG$U(eR&+76&;wHWWPm!`zxpy6XD%NN_(u12boSpz=Mu
zyHqT@0{O3Yhgu@IBh9)+igM3lx}z*t$oJeMAmjOYHNUi}85Dp0X}&oKu&s7Gc${Sd
zACazwLz0*)WraN5AHUs8-UuNb843JkGPcr8kO@Usf^4Zb)>deXtw6IKl4k?N4USFp
zqb?jath0#;_9LrDA?t8UVt`k1K)u(TIS^5Ge`xd^dQFfvA2ld`SIi3rCa!JwEN~-{
z7edD4LhdPUdmERZZR!%<jwg}L>NPi3>*<i~B_5;^WjdS<UmXs$q^K0A7YhaTv>(Hh
z=H}OJ#Io&?@>DUDCNMWr9Bq>w*BVB(wJY~s_;gN6L+*{q6*y<Y8(*+HsPy8@ogvV;
z@Wn?tLHwq=l+P$`t^H8=OXKN7?pFu?u}9UP$ophql-gU^toQ@Te-3hEX^7jvW4Mtz
zJg&q#CUUhg+nc0Acr@f6as&M<s3ml%bTW%a&qj}YN02woM|&o)fjP!UtqpOG>tgDM
zB%JotKj$)yF!TBp>m%XfZ(sRtXvc`t$9v0C1SxG<jgXSXv{65j2sI+Aekuv=z0nwA
za5OA(<4Y~r=Guw+k>s;Kf<DcY=b~LHCB{?n$xhCsD-bu_Bz$4tss&Osb;ttXnuVI%
zn`AwSCiCRb1jpoqMX5pZl1k*#$!5nQZxS1|6^BY_&i+U>v;O@QOLR735dk*J=;P&*
z!#yXh2{GLC+`ftOIZXc-sW7Nc<~3y|z3<q>R+fQvDFFbRGT~y^Qxx)JaXB}cNUP^G
zXj_pJVEK)r5*69)3aQQI&AuH<$Fqic74Sjj4r(~M8T`tUq-XL^3S~^*P>fv<3AJH<
zT%p`^Pk<a^1x>Jd&b4$cgl;N?vra>Wr<PC80SvWl@?c;?g?GK56~zh#o<)7F_EvB-
z&koNNzcJY`_j8YByTK_<xB!yyz(8piAr9+jy#RMs50>ur$&bq=UOkk--H&IYc`f7M
z9AqEPtm?ZYLn17<cK}OiJMoKnK}L-oC7o*SrUe&1&6*aMEjVqE*bctHS(S#ZaiE|m
z47nc;a`YF*L@du8_cRhsH;RD_>hG|@yVN5d{KF+C>t1v@Wl#ZH^ViAVmj_<OeGOfp
z`t1ouucQN{igR=T529p^*>8)C;`qJs!D8SANSuFN+52Yr6}`V@aV^F{d(sEzOP!*E
zHXz|1FVJ@=Y9Vls`I}Oa5H5WhV#Y4NV*}NI<*ce#J)`G4MRap6#DdKkue(xD0#<Rx
znL&8GN(2&BXXwR>YMxcR?`^?9$oJ#lg{Ld<o{RgR+}k0+X#u9*d)lhon*D4nR~!5i
zB3bWtDchzg^iN7X<6_&0Q}kJzgcei#2oei|1z8EC!bsk}Irj9(KE>cCQ|-@!mr7(K
z`(&qH{98}(P&xria5krE;BvXs5B3DFrp*6v#X*eR-|au#&8Rf)3x$UUCfb0%7yQ8l
zbRJ|D6g?X5z)`$e(DG<$(Eyf6NFYGr+z6;`{RX4{O9|EJQxKAec!9MA2S--QcCXv0
zeJFazw>5izrIs9<lmZHfP!FkBpkV2Es(Q?6^`kTuu~%6JXV@(-l*WiQfJcR#7^;2T
zMl_E&?qQy0MT>60#DJ9@rTyn?ndcgD18IfeXFH@FeD+Jwg?jJH#O400Pm(&)&XOBI
zoZ~7e=DIDisT2J$ROpysrQh;lXYqXzFl7fXL=VsF<L#S1yCe9uHlSEOFzW&8<x!}d
z`2TSOpcjE<piW@f%|Jw!Zah9MZ!#9eQrx%C@#owg)V5zn;124_3kOY3n2o4|p1p+}
zMASn6)JBa#M;H3({wH)?3EYVfPErnkM1Hc}M#541<<wevxrua#peJd9pH{D0=Jk}q
z(Th5#JPiAREO4-G>9nMTI*!p|RtR@9#0tjr(Zc&HVA!c*vqH-OXF^rINWa-d9PK^o
z7b23?dDc0}rg`0w5UI~1LH>5n#Q2Ryd7iq#4Z4}uZZI6T)(L1$>E0_)S5f$q%bI^p
zNQ@fDws81D&Irq5m%1rK=q|XvK20YskhS!uXA>XoVCa?afB@|W0Q!DE%kyd9QQ(XN
zumJ8ab3h<MDYhrQ0_<GG2D`>|e*B6de_sV}w&3GjdtN(1IHIAaH@}~)@|nqEMd(j7
z?d#rL9C7;15v&9sp12CHA~KgB70(7=ZE(0yovV>LUR!jE(!Ff^>z$}st2r2vZGYI4
zEL3*2|6Gl%1g|f+7<lP%Ul_qva}E&OVnt#MNamuj8Y<~FrHf#)0FB^@C5Q!U^p@bf
zkGCPvS8a@K^|)UDF5awGufj)Cf$W9&Pfh+m!~gfaaa!%c?@r+>$TUTjP_npNrhdwD
z^yaTs(IQ3ATq*U@A@a`44Y<rvm~`>bX+$G0y2J5A72UGXN%lV)N$A6U)PVs^X&ckm
zniMwFj{jAq@j0A5oMV`-#u~fgR>q@Ll2#hIIamP4jB(St>Y^FX=M86V1ZbG`CNRSK
zy99eqzfhaary9*eNwA2{4)u57c-8#3Cm?StZ!6(S`8CI2Y$>$x^xBV(9W>mB59LTe
zn!sgt$$Dt~jo*N0Lz;R`*G@H>F3NGRP^&JE^8DAV28ryS@hvJvx`3$QzHwyZP<xjB
zz(3U_ao^V0y+e$hkVwDePsojFY?U6eX^H#@@_Acs7P@hYeGS<)SuayLg42u)5l@O|
zq&h?+zdeb?#k52E0>MyVjk<rtDb4$r?L*IQdt|tdVoUPY5*l1bA!Xg7QPlY(89%GQ
z(VGOuVSUS7bJ58qRZzQ>xbw$!2jYscL>(1&X4<ob2Ie;xROpr8#bJM-i}sAt+~bQv
z7~DQH<LH0w<_K&krk*>Uw@tSF1m7rFlR1Ti6s)AfjS`e+O7%>9R2|0L=0Oa`ONJXq
z+;J-ni^7VNKU1^qXTcsplYavPZ-pF$8_Oa{pXWHgCD4q*a!QbVZH7v~5tiP8!vO=o
zV;tK0Ys#t@)PFn~mIlaXZ-!$c<(~kEW#W~0nuWtpBu}Xzaqj#mwfq^iJUqEf>$h(!
zN&SpX0ps7TIo;Sfw$SrU^5Rqg*Q>8DbtuFmd|C`gJv#X0m;8^pn=ipU5ufpNhMmiI
zSvL*k8$%u@bw()rbeN`^)GUKoK;d+$d(0$cGhs?xY8)+nx<4FJdlz>6xw3u8LB|ZV
zbqv%aQ)(0V%G&J=03)+B2J(KbU%h04b!wg)g-Ua~WMi(dhJeK8JMyB%Uyha*>Hz8t
zZVG;EGd6|oNv7}k33SOtf=iwpEjnr(k<~X^&UC4!g_Y2-9ZnK~VN&_hF^apsdy7(9
zBZ{whds=G8a65b})G+jBYpZT1i2u7u!zlBa;v*08lRU9s)8;h-+?ZS+TK4NNEu!ki
za2*(14kZxm?=1t}cI#Q*U1`9rZIfW$sd^*MN1P*K*`E?Va%k+D2uY0@G-8gD`%zGC
zx-iU`<N#cVY4X8iDzvhX23^l(+31bLl}3OzB6C(TH*x@FiDgHnD$PNuNq5I@ZiY_C
zcE=^p`CjNVO|<!eKTz3c^y)YpIU^VTe+eSlibw{8_BGG5K9n%!<J9<&B@zT(po}DG
zRfpW+jvy3~`(hfHXfR79?B55S)Wud2=yDYL0W7CF6$5abRr!aIn_~@OTFlrzU$guW
zq`_?-2rQ`j!@;JqVw>u0&{cA7>hzk>TA>&_kOlOobS&;5$GSnz=65gnC~@vdV=)BS
z-#Mx+Uyv9fFMq%|DbUuo`!3#-Kc!14s2pXmvN@pkG=5qf_A{tel=lSJ8W-%p=S3R8
zBKj#jUtua>DFBmPtU-hK3)#0fVd?tl6(7>6QaSYcDpI+c)@B@#H}u7qRkx?y?=jBv
z)G><hS+`w4Vw7<~`FPvLRT!!-TF>{=u?_X%DNK#?ana%;AHS>V>0sBKy)pKY!K|Fi
z&q8*}7EGauzXp@Omyw=Va+p19hME4-wmIs6VPZ{<J?`l82N08sJ7C`UAF4!i#(R1&
zUbWqtQWG?^spOb%<7^d{Veav=E}_*7!UsjPIDuaLXvzhYza?R6fcPd8=9*Ou(Fi#z
z(u6c}$Z5im!Quz3|Es;X42bgU-i1XZ1Yr=7W)NxVZX`sM7Lo3h?wFwrU}$NO?vQY3
z7(|4jyFq&B1_>$AbK_5*2cPr)-%sZ`pAO%KnS1TM*WPRIwXb!pbwhao(<z3<4^S?M
z`a{%|z#pcRnfBhAl)=>oDc5)(-88MZKD(86Y_|(3s3iCA(ggx&u)c;PVf25n_C+UK
zbm-HS+cDs(mHY2Co$3tFsMl`~bKb}*qSugLWurm)Bkp6|lztC0z^AAc?#xWsodAD+
z#J>-Z4b2lxX2t@-OZS~w+^ro81R1EP`5w3$sySIvc50lKMN>FZKAk#c1J*<=`16x_
zZ>D*mf9sjj?+YFZGT_S7_uMwovHKuIz%tSr<==1Dl-XM4kHK4ZQlmQ8T4tMz7<5(1
zFP&e!o}n)#S#SsiH_Bzw6@K4BFbD9Is<I`hAPGXbD^*wwq)P0_yIZCMMsGiFx1Dnq
zxtoC>ROg~cCt_x+QcZ(mk5N35pibQ7bV=hzlPCeysVHD=RA6%}hoEe{!*%X~5Fh>$
z%Uyhg@42JKZ@eh^sSO8nfR;NCU+GNZuF4Ab(A#w+7t}+GBEbgVla8K*cYoc71s!Vc
zhM*f&c-Q*|_SJ4+IXdZsN=I%|xvibTm^4$PPKJs_aI}jU`K$7;U4r66iR~qY{)+}*
zEm^J=joKP-9lkE2B>Rar%!!MVDz*tix;Tw5IL7^?olNJ|P7OMq`YOE(PsS;F^n+m9
zQ5IxCYOrkdqQ@`t4E>~f*WqFmOV8>><zrOpd0Ur}JjJ4J+*IMB-6v(SZ|<s7b|qY#
zDIY{Xtua{3EWTiFjX0eE0wTKreJL<+v#>y%Xp!{Ad_ht%WTs3g^_$&IyP3&5=X_E+
zW5)+&DePk`pZMQ*1qu}kHf8G+r<PvRzt#MpDqmcS<EY-Y_uCg=p=W&tX#V7?5AMiq
zM+rJzt5xrFAb?uj13c)I_1mZ=|IoOU(Q4}urOC}_MSR1zbKsa?2DGplD?=-8$U#n+
zCp9H8MAK9)v$yFc<9dQ4a7DSI2u5%AB>?g4uIY<o_kA{2J-1@U@FNzmKg@Y4hVDUc
zC!s8dtju8<*LSEYahD0>5UL%S%u#GCrql6>srH*s$eFVkfRJ?}mEGQEyjXfZ_Vk&l
z&=z8iFgAWSC9t{0^e~i~(j;DlSN;nJO^?wQ$l<}ES?ww<Pbc{|R_k{bsveOX<?^Hx
znN8)aY?<aC=fe(f&?|jbj7+d@01`a1)fk35oD$enZ8YeP;UCvU+PNpijq)<S*ogGC
zK#6av5xvdYs>>-R7x*C4L^wr(_riv}Jb`!A3XP=7A3L9oR#39);Xv5e549;Qe_R39
zse|11L|0Z$29j&0oy_m^xq+N9UWGULCkdP}ZAybQk0Qg>Z9Z4v_;FBp2JRa9{*Jbb
z4>{c@S~r(#xxOe3LqGz79Zzlw*`vaA<N#!hN*DdhQ-xV)*ny2N<F@Mo;Ll&fhRy=6
zKBDn~czwC)UlRT+A7?6IAlx(k^XqQqcA05$VNrbc^>`Q16uS?t*U#0NYu0>I*Ib=J
zW577J=Z%5{D@ZlWCqR1NgN!gj>}tbj>6zti3DfwNLFsLE3#CG9Jkb=t0Vmyz!Mxsu
zWO3n&)}3Vmam0S|kAwxH;U2Nybe|B|ZB<Gy{1l!lkMYlSy(05t;2ZIGeA1G!r&*Kd
zxI{%0xaSTAEE&@a`x`CpnsjinH;Mh2_<e;EbVJl6WS1bVjM}hIjy{a0bvAzP=@wj{
zoKHAfM~T1ngq*IbHryG}9eFhQuV)Uh5%EstLe1kC$Wqw1YJ*DCYPmcQLr|JHV%*@F
z*ft6V5Mrh}kSLz57u7@g6<Bi2<*#yl`u%X9pI;Yeuz#{p^y}$HG?$kfSoB8`8qwLv
z7{t_{xn8o9p2ozC>0l>KmCj|O$8|d8dA_xn4XDbc?TE`vB1*d75w*(d-{SQ-<b1AA
z+RV#5mYOo3>ZjLH*?aAes#?8oV{#<a8QTZ7v;z~2&~LHR*Rh(!k5)V2UTP{HR@q0w
zOuJ03ib_k+l6d~`6DyZ-uGoOzBHq`UF#K)Ppah)zP|~FK(-DI#>z{d|7kzr|zs#L9
z6K}yx7*R3TZ2})s$=?uT{pB}><8&{P`(7v7;D8ZB<+hh_q)}3+zVYy<3>`)-rMvpU
zD~qI+?pdrWlAWp%^ljLPwH{YBhy!zq1z!pRW<UW@&N)Ckhds#0$&_Nr7R3D-#fP;1
zc4@|Y0XE6E-i_vrAhj&c)hD|LDGv684f!S-d{cMl*2Ptsh80Dp`idhKIhzI=C9t+Q
z98w#`BTxMh<524nEJL^B(eoip+OlLUt+?yc{LA48OAfKsFcmU=Ic2H!habt;m%$|f
z{4~{tbjqa1@82*za7fjXD75HSOZOJ_U&K49;Q{xGY*aJ#4N@eKB#cRF1X)-^n%?e}
zYVr}SGk~|3)Ct~D22kmxHc6db3!@xW-H*GwI`oVFXX!}7yjG3|Y|~;U$91rH)nJ4v
zj&Pc5)pbn+NX3}yK?bI!e3gHL@rzRw1K(ewxnBRtOvF2pHB^uSgDRa?%)Y>OYVFOU
z*Inc61k7)eq&X!r?B-GWb{I76M!Tz<nOW1bD~Ye(64gGLXM`&6rZ=ifhpb2DCS$qH
z3CkwDmUvEen@l@6FGo+}a*RDlte_nFPGdacA100%f-z@&boMp<$ad@4qe5y?8(L$@
zY{$`k2RV;^$~R~@u6IC3PAsnyx~?Z5!Q*n)4K^T?>d}yK^0rm3$=4f{1IS#tO-yml
zni$XHi>s0QK0MiXBUJA##xKexE)$HX`Z|-KyqTIiVEy)KE&UzbO2spJhdT-Mh4L#L
z+W(Aa!H8yA{T@xcj37ePzoiuRf=o!Q-p+}y0}1Ix7jZ~=%R@JPDz=8tvE;f|ePKv_
z$huzr>6h@iwEN}P-l%6?^HEdrTU=O0eF`HH`!vYe3D7Ywrpn=trt~PVM($?_-9QJn
zP4MUxj#goDLRY4{OI*|a{arWAA#lY*^V$Qgu_L$R%l5M3DWzRQ$oRjss|tfsqf8Xg
zhqr9Sie&9zzc_(C;tZmxRQZ{5V5sER0S_)VPiTKUJr_ipKfICFi0ZlIlg-Rx`oi~G
zV?T(Ow4msAQe&^G?{CgNl#jerXxkJ{9QVDBjPZdbW>#)c*Gq4-Y?3Cj==QHDM$n27
zX!DCLzI=G(8ZnQ}tH>PAJ}V~>$fEXG`8HvCbC*H-eV*WLZ(%<HD`$OxG73~wP?Q@@
zsf55PzeRBNaN|A+HT2`x4(y;PbIgdrruv3nFPX&ZQr1mSw`}n(_ChHL!<hzOxk!gY
zz62?~C8Mv_=Zwqh@EEkG`2Mo-Iq-I8woS)=er+oX{zm+?Ss5DD@{8rfj}>iVYDr@p
zfahRb5WDOLup_B(^Vas4uJ@#6X_7r#KrNWBdV>rGmMLxT>E8rwnFQoZsgm!Wqt^NL
zG&}>i0o#%|ZABzu)F-4E4kNSt5)CqUP%IP4d9hPee-M^>mYiegxwrImt6#YYz~Y}l
zYE%fhgC24ct&1`HlR$T<*ZCQyPBv8ffUD~n?^aPz^^9@%N}Mbnt%FINfV4s0_gOJe
z8~=(8Z782}OCQH1L||aV-htMfB6t!$W?xe*A??fG->_Nrnf$Uz#vESMejN-EhFvX^
z^6U-~__6iQ=CfHZ;rAsZ6RYVq0jbr$wjqL5LhqE<zm-rbZZlG;bGO9pI*bIA+1ebk
zTq|XtNd0&qE<ug4r}aw_h;m(I*u}8Cz;&e{*oMcA@9^<ZW$$uMv}&gM?8C+H^ao(d
z@Equ$?WDp?lJ-e#2cQY<Z>r|Q#Mj1hS6_-WS1)|!uOaj#bW8{?*3i!1ncRW50j70D
zsvQhkP#+^GgEC^<-R<S}AZ@6WQ{|Tyi1LmGL^^w8!5be|8CTH_j<75NqPW--5j~59
z5qx|IfMWfdT<Vl#m0^c$qDn2Uf(Fxo7_HwoxVU`1Rd4ev1)^D1WZPTWJOY}mF;0@z
zKp1c=JA40#wWaNqa67M@A-sZyRdb=fd$oxvc?1_N%`t=Gd-}V+&-zbRkVPD8=yX$g
zYJM2O@r?sAA3a#CnMR=i*W-6q;gTHSc0BgSZP{dUwzYh7TBzou4ApE;%%HCP#XgnG
z23c|=OREQYcnqR^PG3^+Bctf+9eP4OL|^5hQQ=k(lZYyx4zCUmt%X%qPOl|ZID>nC
z3&98XP9`@f<c{KOw<8e-p7oPG)ka~+@%~@;wyWR0`0;)ei0fU%9Vbg23hjbhCnki1
z#GjFw1(6lUM;TU1f=GJ$-%a>pfsQ7UKMGrKx-A;H1XUzcPJ<TwV}GP9Pz@2{shHWW
zPCSYK%=|~CP>|d-FU{i_;xqOO3@UY5PoR{fGH;g9x-E#Gmcn0WKm7Pz82j)3RmC?-
z%`AJpTTzvIX<M@YrQ#)m%Uhdd(&KA~(!$3o>VdfBiI3@9(-*7B{TrOWH?810i6a8*
zgi*|(`r~_DTz`ZVbFJaVN`jH*Pc<({wBwK;se0?w?e*{aAwfrz<6*!yi9~9fY4vF-
z*Iql^ebW2-txqTu3C2%xV@{qXYY8AIiBo^m|7{$U4!^Vq3C&~RUI(>^58B8Dek=9V
z^yG!c1ACpPhoI~DGj#ihaz!$sOohMj`#rsXC0<ZeMBk15==d}(Qmy#U@14E=`F+in
zbcqqjzA^w3-1ePQ1c%VxcA_5HOBgN|+Hf8+d-Cp$xErYYh|9$t2)~Gl0#Oc}&5)ly
z*U@HvOz>cIRlefrG80EJpV>XqTIM2+=FPT$G0(`XMNI%9^b-L>sr#Ih<5?sIhv8zZ
zkQP7E6Af|F#GP)WfI{Fisp**l*en+iOay~xl%+m0NZ-6csz<KVUHK|AMhL5H=P}Vn
z`P7rA<Yo3Rni!dx*Q7aaHc@4$j6pQ<3HSs=Z*hVa(#8}5BfXch`nb%$?=8mN<dVxz
z@~pW?h691J-hZg|V0talhx~r5Ux;Ld4!P6HjhZvc4@USFHX&T%4l?3zpnO#FS;UHZ
zHd-PG9%JtI6*4rpfBtfF2##C*yNmynHmUQ_oLAOmMdON*NH@SYQE6g;2zm=-nu2?y
zcpdc56PiVn8NF8-C2J^%*5yDONw;j}iNt<<xXEQhV+#qjw{tO8-f)Pr!@6{x7mYlg
zWj?WQ@Dsi09=RtFEdfTm6*SU*AusIVzC-E(&AX)w1s=c?ZtK~HXt-2=16dPahi$(n
zKoYA;Lh38@?m4k7Jw;Gm`i4m`19d{;c@ui&dk(G0-H$*An|t%PG!zCo7f~^n@(wx0
z!ENyiRg>oTPC0H(^Uwsaxon~+7@C<f{#0l=7Y%($CU@_PfbwY)ttU8qHjK$e4!=wz
zsSVs4ExuUlCCfBi3Do@9YzO*up)k0=T7MC{H?XAXFZ%+6RrVkr52##63%hUr+0^4@
zek(TKY#1pj#KA9<FJlBID6G2hE``J5DfOP_XIi3lE6_vNJM~8W)2$CbCKAx@!@cdx
zA31vcEz@GueVp)}z_+ISGzr6Zo41~K5q{Z)t5hbVuhrc)5opv2&#AYRl%07p7~wfC
z{xtHLM_aaX19dm@exN>(8ZfX;2qP3@4eks)qib##Et;KFVAOsx%T4q6=H<koj5g5J
z0IvFt>yu;?6ffhh5!crzqX(|3rM5p%FT*)oreUybZ+L-XWaa?Yqkib@Z5&sB)gtKb
zwv>Ak?9qq<DboYm?Pvldf5PW4TAL)o%K=x`WWyQC9Gn$x3TiR`L#Tkjz&;JLVFwv1
z;NZ*H#U8%c51$5#HR%jdBH&ucu6vPZa}GJC@)a0_NkN!KrKWXjE=uW$u)?S@aDH#j
zzyI;?z54&)$8C1qmj$Pd07h|fam~k44esd%=mG%tW#m-i?Y5aVrz`ztx22usi}|WM
zz%c)vN1*Y5kIG()yrGphI1O*tnWKrVO<#Ps2X)KW{6yFN6~N)EPEIagcB|L7#tOFf
z8Q===92Y|OM<_8n_J7e(PaN6k1>@_?gpgIxD$@O2M;t==>Y>tk8Fp`*I@t9Gl|K6N
zk)!U4{Sf|hz^n`B#OaMrsw^t?D0)WDPCAXJyR|td;BOA%T|Cp1M?&?<QxJKPrh!l@
z=rDe$vR)qm^VHdfXj%ohpF4#j@NQPGr51{Q+NvtF+xu0K#pT78<-7QxBGF~Y0<cDr
zYbkRaAXw$_*r8)Q!;uL>`jv7S$?-e`9j~DFgz(Vp+=A6Kx?8%vGI`m^+Sp$8XTQs?
zJ;>>ICao)#<1!Y)Z86wua3c?46eAqB62eqWWy>Pr7)3)rm44d6d4nvm$QfjzLwpLJ
zVQ`*BU+2F!WfY7o+S|1$(+*xpe~e(rVEiGIr$-Q5i*8CtJn%WdEsjZWR9L-i-0A^t
ziy!8Bj<m(;DyPh5xSk=_DdOSR^;Ab^r~MV2KPMhSj``qyV{gUtP@BW=YBo#*Uf5d8
zW?(!!OuVzMrhK1I_p&Nuq{su?mkn<R^RY8#*mFnNYOQ+Ku&qtET%3^ywkj#Gk^1i)
zLY@n)nnm+kFIJcEC6r}GA4Yypw(ZDw`xey9dyt(%NFF0^t>L!{0*Lxu4Vw}MM~pht
z-1<}(iEY0rL?zGGU)8`3+fC^FxPEFH?8Z5unUL|mhn;;Z1K23dE^)V{OKvc^nRg_e
z#9`R=i?SXe-Ot}70Um7i*dtXV1Eok&n@XShLCYP3S3#@lna>`&Uu(^LXwOs;=QN4`
zaQWE8AcOmLox>;I4H*ephr8oxUam*A6n}iZVLmynZBsg{wKi-MY~TKKUh5#?xYtn-
z4<>z^r+5PLlj-HAXbJXObC@ki>zH}Rsyd13aDSbb7K#6~?CY2_G|Yq3(s=IR<;-wB
zvB@ny6a$Izg?kKJr1sDwN)OwbN^^o?>w=lMuj**gHA1zlO3`rQAMwXL#+c|avf%yE
zX>HiF(!Uhw;g#GL4~3Zb9d2_>9(u70cpJSy=x_9JhoS+)FL@yv`l@np70A=4MP+xs
zN{O=i^_2=+mhfj&1B>UQdk3Pr%lLvQR6O!=MK>WiB}Z{I|AXjJEvBh&>#6a2x?30b
zyx&D6?#gYE;-03Pb|bNa-j5O<GBTQhx7$L*2#_9+=hFdmAg)m_l%J(o=buA;`6_FL
zdNO~z2l1AnOQj5P;JE#2(Wt8y)@je#0FMl7^TTYD-@s&~+SYWrVL_@r-3vCGBKYHK
z>SYkUxwXnRkpRm9*H>$2{#?u!)d?V2FdI|6-9XxR+zNdMuol^Hjl}HNjf~GS-FLHg
z$L9?S3N%4SI9~ZVIh0e+E}B!i)4`egGBrJ+f9|EFo>C8D%%_HVYHoeA(^DGQ|8yW8
z0J&@HMb$pZy2dLhy$m%E?EPEsmchBSY!cZM)*5c-9qAqAX0Hf1)H8;#%0umo#<*oS
z2gB^_yQDPx&c4CP9f-g>KUhXL%CH>E@i`*RHT|aszdK`@f_+*ma>P%cGvI#Wj)I5Y
z#0!rbUD{o@vV<fu>((Mpyx2s(P{bwy{Ev0f<Qb1N6eRLcMZDRxOxre5=Y4BG+uDne
z?OXm<M-H435dI@heS!`H5d~)D&CZgCkX5a!Q2kFY!MifBv5ruCJq~VJR{DHbg<3Nj
z>{E{=hro0*A3a(7lk%--OzHO`U)Tey-mo>Pi8N`LDtT6>URc)#Cdl~h+7LNy&5Ox*
z6~es4sH78spLT&Gw^8gc7oO)ugxu!#4mFS~t~qWOv!TEKg}y<d=AJK`L~|TN^v_!v
ziDhO73m9yn=99Id7G69~w_WSf-F>^H2o9F39i&yN-B1BfK)K?&K+qx<R*hTBO;u6l
z7*&~b(umiB4biX11ZtQ7p5<h~eA_kGx?-TRM8yXW1HcCjI5QGoq?E-8f3_c0z9AUq
zc^sKxCvaEEAj@|Z_!<+W)0J_@#z|~QOls6e!{DBR)+DkX_Dc3tTX~ow?!?PN=$t>}
z<Ri_CcDoL{MI@cLX$xEU^ky^hMxsV{V!_*!>+akW731VxT`@Jj-=&NmzTY>0mc*3y
zMymD#MHRTqF8cCUI$-LD;F%PkiF-v&w(;;%Mz8g_VILB<zA@!>;S-DCT**QUGS#uw
zp2RBUcu#Y$O*Vni#^#rypA(f_TLps@58~$y^!TeZ9~!=u?>Q)V8NHapUutG@;`J+`
z)446FX*j{-2F}t24D~zR2FN&|?tk0F8)r=mKSvW(IA}b-qZ?N_Yo-SjomG6jw%m<e
zmM^@YGj@cq^2~`+Ec2wvmLE1V332u8jjV1&61YFM=sW_21s{q}KOo<C7SJT>lrFsl
zeAh*b*eqFBwr+BRV3YwK@#gRLTa5OUmr=Fi%lrmQV0Emgk>R;^C|V)@!7+pj|I_*p
zOAK*}Vb<nU%MthE8@3L6aK%}TkTqVv^i%8na}`H~&-*Rvy_sTQ#+Q`~)y8r_eJ3O~
zZ&`;-e(nm9I*|<`t+MrnSbq)^Kk^2dsQe^|iF3sF&W%-69kYUjo7GZvKW@UkQ$nP1
zyEkShtwi;sIMY~h&>r(usl1{?6SB&oyF@G><2^{z8cGgQUHg&R<91r`Be7(Lj`hm0
zsYsYDe%-a^*l?&vE9h))b{}u)FA*NcHYQ*$NKNdm*%lPnKp<?T93zdYya2L|>Q9Yd
zbY1g`8qONv@MojYDUyeDq8YP@rGLHS&M^B>>$oFztiyc#(FxI2bpl3W%8Wsq0u`>`
z>?eH`T9%hmX$t=4;5J*pQ+|d~KHK`k1N%_hHq@t|A>f3Li|RBd{g+9|VUDdMNw-~J
z#pu`G#WSoO9cxHI`~uAp+11{vK|Dqj4`ptNI(|?@B;2xP8(8)-+ky1kSvMo01|kFY
z>hY?@j|*oOjZQ@LKE}UP%}?h#waNr<D{8x`+kJom%^<Ur7HGfjM!lR_tD`Th-T)dC
zkoJa_#BQwg|Hnwy*9Vo21*>j9JdZnmYR9&fgvHyOka<`${<uDS%e^?KB3#RrMf3KI
zq`P0ah3yBsVlRxXdBu2*)I4KhTZXBmW(}EnqaQ(Rqo6L!v7QBF0R$G%KH*5?&M^6K
z<B^p;2P|*kXhDSu)N;uHwydT8%q+q}P;O_uEz303XVO=r^p~UBBi6m6xIGn{=~xPr
zJ~C(g%d=eu&&V$k9~ChcE(^>XgA5L6DE#+SiY|=^pk8zl8|W)@tZB|!%`1KvGLP4N
zc2&Ed>S5Hx|80-=ALqKz^LXC9Vh4<K*qY%{RTp`5d3ggeTT6?F3lC&{fO}B7DhWfg
zL|)>w*AH|!E}VlC%cEy|Z{xDqrN|y<gHH{qe8!pEMY$(-g}@9dhZ18P-z-(kqun-i
zR~CpgDBe#Q$|2Km*GKxI&J!TdFf&FxmOB)Bd@l7*Y0ZBU=XIGkR_AU^B$)?!j*|gp
zBLQOZacJW<=E}bJD%%Ez^uFF6Tzp!NM`0ih<^!dEE>cv7q@=QPvF;)W$Z1Mh*0=EO
zI=$~tuCZ<-6$)9myl0;Mgd1DoL7tqe@)Ls$DpFEcW{zMH7rIZ^R@G-8^+K%;`6%CY
zRZVY`)t4Dolx%p-Vq08Z5&<YcI$q2fkG-b|-cK-4l*rRH@gYBH=oZDIt)~2L_Avg2
z9m5^^ga~D~-1@CehrHS^DY-UAwMtZ8pTvo*)C%@*az(&LMc;F)J|ep&@AN`WhM?Nt
zbu{PG69gH7eMw5njmUx9QGucQLF1Bw>b4z1xthf@iyU?;o6iL<qG!KR1M6>D=Lj7R
z7hE2?dB+st7G6*unPyP;o<I><DV6w2?4*2A1cc1A*|S96AP(?9X#F#m3P(V3e6%w9
z@qqJh(IJ8rjcgEHlF6ljPmv(>gIUd6s2PenL_;xTJhLkY_Mu{zSK8Tgcx%MtAlC|{
zE?(lYWCo0@oqe9q(DQ_X)vBUs06L$MWR&T~e3mNar6qOCL(i(lDMIUU@H0>$HtS2X
zr!3Do6d;ism{lK&)T^1fS$<BG+V>$5Sk_uu3WGcze3#9Hz(C4fC%Qa=Niuu{n%5>t
zfmc0P7}l7cP`r_6Bm8FFWf{15v}uHT<3~CNe?-C{`k?E6be!;a&K+N_B)mCghObXL
zLv#h;&v|%k!#ha_<xy43<49<v-qRcuanz;m*pHCkYi_*mUqmG|7_}p{Q*9zsex!J6
zZZr4NH*@xr*vCcQKUJz3N3N*qFCv(0x>5=wIRNXl;~Nk@j#c^B4CuQQ8kTlv=B*D3
zqa*3NW(jnyP{9Vw)Y^%s>MHqn<Wl4VjlOUJYFHI{ErwwZHg_^j5E{wp%lp*sitdEf
zqt-9^*qiS4b?qO0N28hnp5^ml2aR^{k8csb4|DpXUAX=rh#dR9O#CUYIpjbA_pLDc
z^FWIe3II@QEXhh;y5C5`VUKwc;Fb@J<Zh!ZP03Ju)TtIJQ~V~BC`PihX*3mmf~Oeb
z@qk`#&S)rynS*=!RlSEQ6Zcr@m($8)(7P_6B0k;0NSza?0m$VCz$pE$yFPq9swMd{
zM;_I@DcOX12fJNBbUmB%$q5CfD64>*{HN=YPbOTW`3!nK-6XPlQou?Ru*oS4rU_<^
z5ZBX<w#ZJu)k(Aytx%3%-aRy#frue_Z}(;UorT91#iLXp?4alN?tLD@>KkXkA=$i*
zKPx5od8av0mi3=_XcrHg&`R_Ok5Ywqj_K38tZi@Z5`LNRFy*-iL!W0}w#Ux#k5$MR
zXv$7v<=q^OKBzkQU9Tj^kCd?!6)!fZGG1y*#{A~i7xFLp=F?M7y5l!8*nu^k1W)Q6
zJ>?e+Dk@euW|~eMHXLzs_3ws4O<&m5N>2*>*>3)@DeL1@8A~t@S&L4dLIt@3Mj~)>
zzX?y>aNQ^PSEXannvty#ESKVR<AyZY=kuQAe|(Fgw;R_W`Sb<6w<|gmT`f5++6>^>
z|J+6jA)5AH_RVMl{Z6o+w1ws$5kb?g?nvOKaus#{KZs=fkD^@bRY%Q#@M|7Hs=Z>p
z663t{{)xp$xo@K8Hxdd5rKV`}0KWTcSev#ezn5OYhVW1}%P+(??Z-#wH~vf-<Q>@j
zI*bNnkUD8(?Dz>z>I`CG2nLeTf${DPAW<QsXi5qX3@NLd$Ng3EMW8jWhrpjLldN0B
zegt2_<QKF5C%C>~<fT;7L8ZF=%GF&{k<}Y%ID^?37kra)*YULbv$MbJ%AEs_jA-*w
z9tB?BC}M?*{osfl!vY?5{!`iYfzwrbW#QML35)`@b#)yCIslq7#pZpMz<+e$U^d-X
zPnkVqO-(sIAPGyjh71&<EbBYs0p-=!Vg}zIs$>`Qva1++_0yj_XRF<Ub;wN@|FT!}
zD4{|8xfzx&D)_c}^vH+jM|jJ&f%3)gzn~GzG_+n97nZGXAl$jLkhdB~CyA;08T|mO
z!e>U_;o}&0d4P7Di!n<yJ-J372aDd~;Gh`n;?9<OYHXrf+}}W)oAK`D`L43X;Lj@6
z>$m8a9VGI!6RwFx!-l4e@QCP@sD%akgw;RZf6Zzu%Wv{|=gKzZGrI8u?Y*?>_BEk%
zZkv=C&_%BbAQ(Ts7S{2xyndXgSXQc|7yolnB5voN8ikfp0?f6{Z7yGovrs0thZ?Dx
z&k|EsVo}*uhxAk3YSDFI4sgNJfHqEK$rrh}+*@|gbiVE*3$k!-<Gb<9=5(%Bt1M(9
z^mjk1b^zS&@<0mL%UP~P@Ae)QEAv;4tfp~=14XEeRl5TYB#Bd!v)>iD7I7P?$FR;e
z!eLzbt}o6)sWkAucT8LZ;sXUmbu%k=L3%Lb_0MA8d)T?%Zk%V`QFSkmOOq+`M@LR2
zMD?UVH|Fji^ElZVGXxT*FeY(L9s!QoCEz_IKniz|K8)QSVjA>y2|fJC#5$;Iq<&s5
zX?Wi|LUAP<@4jN&gQOr=#`q->Y*c6EIyHs52`k)UeR;YfN&Ksw`bF+jus`W{c^qEp
z;Fh(;biO;2FThWJt=>q<e_4Ekw)qSis!5k5QbKd<>p`QlbAmh`)sYAp^TmW*QACdz
z<vu9;<y_I}$~~pZpGhvljExPDk4k5G%vKP{XY|R(nuR}0jl#UAz86QBt5m@w;dt~=
zfM}wA5qhe-+Y-TJ8IUwTh+JFsD+h-ITKA(#68EyxPmLdqcBPY_jO<wj`*{D3NKg(<
zuGFIM36>f*Cb0gJkPGh9+Ilyf5TCECQ{fObOhi8nZNWgK_w7?Tw1je<n;^;0_O-mE
z*lZ5eKM`Mmw_4t68x)V$2R!SOM)bmz!}b8B=T+a)0pfc@Ce1N6+XquYA#;7>wYS~Q
ziMg~U!fhUZly4CKeNyntQ>L0pWWA|HS4|#&Nfo^ZYR+LLMH2Q+cOq0qS8uV!(;e8@
z+-Px1-FfBM-m0GiJIk%SAyWy&9AY|E4K^c%6#J1$uA^(^+aG!=X1|ByH&f!r(am$V
z$gn{LFZ3K3rT9=-K!OD=@?y0uJevsb`nL<l$`v?9?vz<Rg+>eRy=Xh(%WHWBt;(U*
z&{`^UEq{9vy)xtEB@s=RkV?Pr&joZ~56qX1>UEM?7vFG2ejPkZBxf4FE4Ng@G3xQW
zqHN48Ny*^V*OGOGuAprfQDFjS!FI~b<mC{!iJJG&lqDXKOdcpL>BOskRM)CN(mbw;
zHi>KY=wBfh5|DM$^+lp~a%#?$SC0eyVPQ{Cu;x`2=DyI=)qH~)wEIorC$Z+ufx|0;
zOLg%QcCKmBXJ<<wF~25Oe(RU1KsA5Rq50BMS9bDg`Vj`vI(g3CFi9V`Xyp_SEQr{t
zs&F($nlU@;xiLOgMYPdpY_Z4dNfp@E=}f}j$5V#cRTMWNcQMG?DyUALb|2N_Uot3K
zkRM;w|Fkj7t5jz0I8X+H4d{3>J<>kZe=KJ&AH2NL^O#ph{K3RFip%^+-c06CNqekA
zPJJQ0M*R=3pYXiwizLrbp*Cl-`-pg)8t}(K0j;AptQrY3Yw%Jh@`#I7@<BXAB;V|g
zzh7<&&o%~kuKi!Rviyes4+G^&r}u%v?N?6PjR&qJzDHfc$dx161>LH|$N5Px&CAF#
zlo4#M52T+S?`4y_stABefylx?l9XcP(s1;@Xn|PbdtQL99{U%S{I7^WJT4HGM0(|=
zSY_WJLayEAY!NQ-Y}z~SHE3-k!XNExbijdm`8TGhAC2~6R!x7mw4%CZ$j3GNxHHp{
z_AfzF1^RCS)*c14JfT5rae!j5*$Y^^7|>No&kA!N@h?_JjHKHqqlob9?*cHAuja&B
zUzPOd(BYhS-GwLo#>8Pde~tUD+~FPGRpf`5SH^<%Qu#bPjH?lDZ>0`}s6qQ-*$%74
z4*kg0O!u}=LVNFe?v}rty0yMcqkfs@TB7nHEnO1!{5p=bx2bujvuXS08lJtc*XF_^
zQ++^GF~NZ->#r}17cfkM%!2t<)d9PTY)V}gfO_bFu->lST^)%~HLFYQD~2k>8}pe=
zH&7R=2!4leKiNh_{O6-OpuFEo+)O)fhSrtIYLP&XJ^T|KW{@-?tv%^iS%Nq@;e@>H
zX$cp@dvpFaG^eQ~DRWd8>Otp^{Dy<kh2}Vcd~=BH`=2__x`Ah0<-sVLtS|X1h|lue
zT1>M1HL*HRR1?a>|BXJLTe&0%mQ5~|I<;=~AJYRodQAKBdNAq$=d|yJ*wjaXxHiuL
zOCI@LhyIaUc@Bd58SpiR!V%MPWSknU*+9+Rt29TwEVcLPG{Bp0qV&;zjfWMF6W*jW
zpA>54@qb%lPFLSLfb*JvW8COj*8?MKc>O>&xfXHQ-%D9B7V-3Y@Dcvi)hO^{o#7_a
zjL6lNrqv3P=+ZrQ{+bn?9J|O@^YzkKY~wfW!x?qyl>WbufCKtJX=6AgcA^Inl&cK&
z9=H6_bCs|P<N+Y*mXyd>ECcLVrI%yS7@|k4qRqq+7$ha(9XfV@&6kNB8)G8%8XZ<o
zD4p}(5my}XmO9v{OjLdw)#mpnLP9GSgx2fnQ3C1F*Kd99VsE#e6~nScIECD~^(V#<
z#>AJVo!a!=CUWVF*ZK&4=Q7FxS54YJ`2>rP)9V;#N7$7;3huY99<lM`&cBJD$Bh{~
zYf<Y?Oq{`PLx!^=(xdvJ7XLZ438`(Kx`u??)u(hMf}Y$!chgNVdOpT+W;SLC4Lav8
z!Uk70BhTytAo0_Zcb*xV)!d_8hTfiNR@B41x)k5aQRU9hmV;Ash%ytgNrU1{yQ`91
zyDD?(_512hPM=QG{Zfc5@;Ic#vFIWaP3azEnbP7|Y8B4C`B>QaJy}ahku7^Taaz|z
z+(zXwCySx0j?>))g;F*$uJ`T1yr?_olN&XPupbK?(O<iOLOg;Ch$O`^TtOW-!(f|2
z5~(W-8$hNK=Z=bCbqA~)oUc7|{O&%t8R-yVJL@j7LdY;;j%1|5w$`fY6{f!Z)Yir7
z6Wc&9#gE2+UK8QEmI~u~A@`CsfB)s}`Zx5hRb>2S$qPqH>eU*By*6ggZA=S8z_}Lo
zxc9GG93FFJ+PxBM(NE9nXv91!5)h30ySf|YaG>%eXH@qm4E2?;Rq(i7k>M<m##DJP
zprYXU^qmyh0lf8x$__gRmJC=2M1^>W)XKZ{h1)lE)O8I0(yX)`8}HGo7D)M789A??
zrW3Vj5%E?mvP`vyeddT0bE{RW|HrxE#U9&hT_-sy1Nz8StqZdGP~5^`ufBhBOQ*kh
z``NKuT`W;KE>R^cZ^=u%N1cCc3#V}oz_k8Ny|$8IF2Kx+i9XZdStboRP}sN*dbn}U
zx$S`^R<yLsPikrTnf%Bh{Qy3t$-)im;ZLf!Vc`DcEBV4mptPg*qWZ`ByO689v{gS6
ztzLu5%mnkgat1pa#@cWEnws>X8Bae_oh*D4!CZ0^5A3tPTy`@BX|CgbM&G&7LrlMw
zsk0_SS8QYH``|Bey3Cbr>?a2a%smy6>mSq`(sp0HY(}oVfseS#*=qjGfyGyKhx?Q*
z>+z>;y%G-R$WelfKe&O=O0pfZ%`F=?e!X7N%~S``GzBmFuM!jz{WbdaP+0ZXw}rIX
z=D}5QOpi1G_+!W1IPx}VBW%SKEkv>I1S&pI77rFzFdc^8*8kDjM?a%>7d+z{eaNjo
z8as&8*=)0UBP2NK5`O*Ik{fA;CV*X7@VNr0+p1;D0Y!91Ufq0$$v|nWK(<Pu<?%8a
z8-1=dQLD|H3`N1B#bK^OyByoXmS)f57aSE~SZT&o{k$e%Tx3c&*JQ6z(eB>O%H2v`
z-d&#rbrN8bW%PpL=t9Jn=WMLKRTz%2tiB$qDf|qL{YuV-V=L;?$MN<GlRke;)yg6#
zQ#`@P=IZGNWy>kLE9;SZ*naiUIMkNg$_Wk;(f9s-*#FlTR&pq7^jdcx58OJK&L2?Y
z|JwO6ycOG-#ABfNQrSB($!?GGswGY%ksHVF@72OJj?j+vhRF6f-nZZP8gy{JI@;4Y
z(QZ?MZInB}N&Ov?-(E!NJljF->g`TnU2mNin8X#tM}w(y%dM~6u57T6bWapy%;eeW
zqN%Np@iVxV(&p1GCg!6iFS}`UL)L)hx<%ANC;>Csqdf-&%#5_-k9A0^H{dG%=NlP?
z-HZd*{}Kxsk77+{2?HuqAHsiR>8+<1vYy2{35`b-FVT0^bEYZfmJx3~BJS#CV9uL&
zd>j~a>pnz~;cfrCrn3<1()9s0+g9$hM*vU$-$@k!S61^oXDs2zv=tf;kDQhraJ_EF
z$Cxg(6miC~Dcraxj<0`0ix}BA1eJw)u_L1-O~G+w73@@^towmMW-ApGXa64(U3;~Y
zp)o6f<0RI*{t<ZPhAC7n=|!JbkJj0S(L6>EaYm?_p9EU?;m!bKl`hXIxD`&XB4*f%
z@*@1pyLPRI8P#Tq&mX3Zr=_0XSB1^AD_U*-V(+Rq1TRksv(-^o(Ud$AL4<VNgEz;S
zyb~+hD6b!o@ek1s50$vO&s#$^yCiy+;J%4gd?co|B<y<*y7F?EjbhJ$>ILl6x2|e=
z%+rJZC_xqiK1e&3kn_D;OBt6jEgR=av%f2$r~NCt(zN4V4P)n15Xo8pUr3$?@Va43
z#q3S7&i(XX35q}x)BX6jIY-2R8sEcgwV18AF#C~~Y+Bsd2sNW5xY7S6U<^`&tfSW~
z=mwtOJe(e+`=kRbn5rTAp}g0uM^ej1dTv%7_lTf^#WJ(v|A^rZGy>)2OkUlb*B^jB
zMtU^<P+5e))v2D0agJ<0IKJyFv>91V&sP!Ab<LS$TtiM*-CTQ<kIc_0`SyMKw{ZGE
z`nQG@ARE8uDAfNpp({rC-fCCP`gch8e@@iVTS9HJA1u7SvYjyfS2A&aX9@lPO3trV
z`%u4e47~p9-`&kWV{Y-omEJ6h&GkIax~%GY^t@AihH5cGNBjAe``v$x^a7FC7d<HB
z?A}djaMi4ireW|TFm<CdkI?dC^x?ft0)ecJ>S$&3oZ0=yl;nwmm~r3!cqRbz!>tQ4
ze<ks*chyyP+4n2!0Bvt?@PbVwi5AL>jiqH`_OGNTK$i(CD0*|FSHEnCHU^!|UyXmF
z?3eBB3W=#HlHW-4io~}hHQm)CY5otZcD=tR8VDP4ub7Q~e+Mk?!sD_U+H1`=d%ayO
znIltAzrLu|K6@7Zucvm56pNem8Q<S9D~z?Q%*-{o7NWwr(Y}cCy1l;}1T)$}yL$KA
z-T`tit99H+3Tt2wAOE=!111}Jv6B!!XjQG}XW8zFmniI#+Xf^Y?ZR$dGMn}sy7vi0
zZ6HMW&qIw_SQP^pa`>Vo{VcRaJg?`1dr2HYzU`OPFk#R}9sMFC9d^{71yAJc`pBRg
zK{3As6+@b=+?`>w#LRhGtu2-W+n1R_QgdIjxH^%{ebVhsuP~{mn?zsUB++*Zc`8u)
z>}5~JQ{vRT=^JFxaGR<p9+Ljm&vpO?!Ic~BJ||54!PQg1=^~Ts-$+5s1(JC6fj#&P
zj<3yM_HjW4{~wX`|1uZx|FsK1p7}7UHVF0<GJJo$21d0~>If3)HTiG8lJobgF8|}5
gnC(Aye*N_I9hj}`n7&qa4fuO1qx7gm%J9wq0$<QlrT_o{

literal 33280
zcmeFYbx@pLvo9K6LJ}Y_I0PBoH9-S2xVyUqf?IGIEa>18ELia1?j9H{xVt-p2lq31
zzrE}Hd+)7Xb#I-zPtDX*Yid=mU-#<n)v_i`Sy2iDjTr64ix(I&(&DNwULeC>y!glY
z4Km^vQiAtAh!>Kxs+8!9@)6Q~#Nefch=RzA7gaIn55_2naf-6Mx&-3=_i^gQ!otGF
z#wHIOrl6pprl#iL;Naro0w+uf3kyq0NhvEUYayPT`A?rdSy@@xSFAcXI6xqfuV23g
zG;fB5g~i0g#KU$I6BECG|DKtdnL7k8C@83?sHmDcuB)qST{!LN=zzgseQSS4M@PrT
z#>RIp7Y?qMmzP&pS2s^@cXoCT5zoc_$;rv(?c?+Fa}fXO4gwgGi>jj93*ntPbHo7E
zL0ZT8#S230zh9&Qx^tlyFTQTdh>NIu7#_7@bil<Y+8$$iMerOQlrQEHT!epEDfE5@
zTu&A2F7I=pj$s_OeJm)?{6Y3-g}H7bqoMryI&70~G}3F%@dwFu<tB*t*tpNrehC(R
zzSIaM+ih|L2#h#y0^QPgd%=f%qf!4)Cm!#wv-=7?J>o)F(E)P>UwrTHJwSh?@bhhM
zBzM}a0=L|ChGCdv`H9ai1){BJs}G(J=K`1=UIXArF-Oo-mr<s-afjoDFYMPW&z-Bt
z18I!kpIQ3MhoTO@<m~&CNkH@Qx@GMn*3-jdA3NW1g0l@#-W06k(^JPS^*TPdv?cv?
zI0IbDjMDMU#pVL$>%)9=BUp6lz_J!|br1I7v%j~wzr_MT*S1Cl$6;&9aclf7AtGqt
zhm`Us58W8=P#}TtTBE=p6%Rhie)20^sS{4Ch9}F<=r?zLtG=6SZ&n{J?t}Yt-Jb?C
zpX)MD9hL<%km!Sj_DAB$4m@veu1}k&4PdT#knfk?woDQ~W?-2<*Q-M9>y_Ee82YxC
zKiGuiBYP_HS$&58ISF6_Y_dqKW-~@*PG|dvhRpXinOugFr?94f%x8=W9;v9u(K(5u
z51u4D@IsKbAYDaP8&G5p2F}z=6-f5gK(rS%3V=yvKG|kRY&jwCw0&a-t8Une{+wop
z8b&Bt$v#JwjKar$WeZiL4LMj{YNHarbQA5RgjGO2zpsDoe2Nb4@;(bRh|AOr{)a9h
zV{;G`ISD79i;w3qUp03(x7-#1I0QoL9s+^&3i{33#E1o4+%rR)>$w!Q2`D%4!T6fc
zUbE$LZLns*GRLU2+T9714D)bU0w8ywaKd~hKKpu;eBXE}`-Yv3UXe|u(rfxP97l{<
zDW)qBR7!|Rxa9({5C#N=Nxm7mg=nEe+@$tvGP@W3p7MCLvdEsEf+~}6cif+Y)%_O8
z$mNyQ`3(+FRwwSnwzV!oeX`M?&*a>MIdEExhoy>;{m`M*Vd<m34`fG2t7bZBcay6#
zKOfh5x!V1n<3eg~pSJ8TeD@a;GONiryEOf0x@S1XEM)v12x%2(zA_5!;nbTgY7E`G
zH<DfT_?fZ#&DHbm5WYL7AB-6nnZdM+wLE|SL&P^0cWJf5Co1ak;<x*EQ-P4HghQ#5
z*h;K9&W{27AvnLI;V~<MrpzawOFoo(to|PId&()P3tOk4A^uI^TYF@dLoY=p<Z5$4
zKl?-v`+yN|duw~rQn)7H-1j^BI`{J$McYSL;LK}T2E52zp{#;Lr5obc!opmxzz{Y(
zl7}edZe!d-lAwgA(9UGfMgh`C&Ej%m5(!Hx?_rWZ)W?(bLP2$d;Vw*czfWhIlYbqH
z1ZOmSzA?~--#`!58y*LNGid)zYSZe4#dAyZ1uHy<u^!N@#N6p^Zra%ETfjn3@xC^k
za0u%NTwn&zPmYLs&(M5U`7qD&ROqW4!rtsNA!ZW1M&<WOoKD7%{7>Sw^yOGt(DcTO
zg4fvvD#Qff@pzMs0(*t)5aZxK-GSv<-ygSY+LUqvkekCBH$7eU1|YBZkBZJKe;j1j
zKRmL+i?-uCGJBi?*NmeAyJ3(%XdsjJZg?L4Tn*X@FEbd|hV(O2Zw@0FKy<Fap+++n
z-?;dAR4LONTVVi(x1m8e%O4@V<|^Pf4}(~XiEw=L&M04xA8l56o{!K#LO~_qsT?sS
zP&d4h(-B}mmKS*!D1<jq*x=7W(Xv>k@uiFQ-sW}FVoYJ7zfZr`3iWiZ7KkN<G^kxt
zM*EX)!&)rVRR;L3RDlO-f+8Na@@IafK&2DOKw|DJes3=^hcNJqR6bP2EexxBAE2Vd
zYIMUq%puT+0$^VC{<F!x`g{L?WKMrkdD*xZ`{u;LZD-OM7?<hRIK|W9Ls>@oHV=ST
z`R$7~k}<fWdpg8tBJk`Qkm>WMN2yu|e7Z(Y*8SUvS-;55g}VB<!Y_e3kL`Yw#LB_g
zw)CDzj%bQ3!X+4+L&sORSf~k&8^8B}SUGZ4hjgBCS!4b?kCZajajKm@x<B>@`YU|S
zJ&)Lz4Fe4K6&B=W3<0*9`TdwS0widkgYdutG)&P$6=^-dMJFTgKl1=8nR);{^GO`s
zxaWQ$92(b5b~+g*>G!}ud-ql@>wA4%ZKTS5#ihBt_0;O?t~@=##d}|Mnii6fQ{JfP
z$-oQD!i!47{e}6Hn!oD%L>11Zd&%<p=#=mT<c+OI4nn1AHkK!q4ixcS_(F>775O#T
z#VTNRbuKsySb4Hx4HH~nTB`Hmz(2c~pXDo@*_lFSr3?|GG^~Bmj5m`DWl4$b^quPM
zdLf@gt}I6QOPDAIn^>vvhJ%6=UTzYQ+9$c_smM%li;k3o^MPLS+Kf989!=HnVwH%o
zI35_XT}A(a@%Sq?CMsHX?mA$;V(U()|7zW3o3RL3<&n*`EW$V4|BF4{2GZC4>$`C4
zz^&fZx0XCkV{`_U2Jiao$3khhWHI`2N2k~o<V4`i<~_1FK@`WUF3VdFE`>9WppG-j
z6?dV>ki|C%%<!c8uaH+gU#7{RQ#s;o`C_j$sWe(2?$M*8yB)MyuVo&|43Vmec7{zA
z>LFm;KA}T`SJAa(>SSc$Ccy`8EI8=YmUi?Q<_}>MRA+=X(u@0Z+m$5*>_&4g5B1o8
zv<{lTe#i3rW05;&rU8(WX1AzHIHGd{h+)aP;hHt<d^(Bk7X1V@z2xI?Gk9C=!)M?r
zTP)S#@rMxih$7wkq9^A0ak>6wK0iRxB{kb!$>j)M@6WNHL_T-V#`JA@drZb9oiy)S
zxD2Y&yn1o0LO95hnWV^y1;h9A^sdt|Db!ct1?TxYtReXxbP-ijzw4s-YSvK&LAi{1
zX|8QIM(Sr`Fkz=&;QX10aS?SF$7%+u@*-DMg-DTTOMRj&nI2AVr$xO_>@rK`=`ojq
ze6GmA_9SjP_%N9pPe{>!IvWlQ&!x{Bo!Xv@J4CSJ06lF%cZrOclQ8xByI+qRzgO)|
z%Ev7hM0qL$@n|FpP}i{~^jj3F<Ba8&{}6@dc~!W0byJom-j8lv%8joUG~~>{_*|c&
zI1;7%h)BUn><oRLDvA$vn-O7t&o{$_HzjcKWe%)t2eiK&?UARyNJ?bnE8Ezjg3^}q
zSVjwFY&hm3OQ9+W;GHQE(SDL=K+_5mQKVglc*5Z5i__B0ua@hi8%iia%?9W_J(;1l
zDSoPu#1_q&-@v{N;lh(o?o%7uUJz*$%0{uUH~;iX457>q;NpO*|FV)39p;^@=6gT#
zWU|e_T#xhXyNiwEk(DPbsd@W7mdv%`{#B^hGUeF&>P}zAyZZ~xDMSQdJChI%srJ_8
z=L&7s<bF!sSYHB^6!EL@%2y>BghVz3w@BhB0{1acfVQRT=3NPu3t1mYr@zQ8R>|nf
zeV1UT5V}1k<X&@^(c@ov-DL#if4lJXviWkM&GX$1ikBT*<S%07&|2Db=xbj+O0g1R
zFS8>F<lK9KEU)yh5K_M~{W<y!^0X%un_!w-%CO)yOk>Dw(#RE3jVZIz-bH@|y<baM
zisVfZuEVb?3uNEUe|Zu!o?y*90{a@yC-s)9jy+Jcy)Fh1;R?R&GzujcAoN8T4`=i^
zWo->M5tG)G0!jm&2RTa)`hk_0lyUad$qnn`x-0(AAcWKGx@xZLi`sE#6{YYo_s{B6
z?lT5A+eNNt!?F^Yux9QrW3*SyyE{*Y@#!qLoHQr^F>JDx3(9X6?fx<`)=`bORf~&W
z!aQ~Relc^-(9)&=N;5J_*5$u{#kmOePo(cI5=B@HZ_3>48|N+^l`O@uH@$g!5jNy#
z@%D(b`(7pP5F4tPn`;#QB-n;O4b)sdTH9p5c)K0=fzM*UbJl62f-ySZ_g0>q<hwq^
z2J5`g&~FXCmG-=llCk#k`E`JTSp)z>^^xME??KWf8a-)rrBXAC;6e0gk_W?kqD)|a
z<CjAbbkL2#m9322S0sD>W9^sBa$_hi7H4q>ghF$4XL_?=?bbR&z<vA}0NaNz^Qa|y
zW&uA`eR1`CuQCi@ZCDWZrw3|zSR<VU9N)7~6wgwdpWCq1K!yP_cu;{ns)xr-iz{2k
zMQC=SI}N`@PkhJk?siG-f}kM5L)H9?AyamD6b`y&U44PsRrLSjdc4PEiT6Pvck_ax
z4H*tDMcXG+ek(kxEQs;r%|KX(!RgD37sbW=r4b};+Lc(njTbYn6E8m$RgoE_)C<8x
zLQ|bt14<cCGgs8S8<Syw<S-!+Ppc!Dw`XIn0tCMx0=9(lydPQmIkIf_c(_S{VHE%T
zq&YYlBpwS7hC!lZ(HNKgIfOK3ndpRQRMIQO(ska%haJMk1_W?2Y7n+$YGRaY_)w@i
zQ(R??EHqixQ-@ygSLYb#BEo41VC~!Ej*!?Dq)Xt;=?ulM7c`;U=&uc)bJA~Y!p}1@
zg|ceMgu#n&hXNmVf<o%vsG;m{p9S2yFg{m~9MAQdnT^wUHxr_sm40}i)TT$c+9U8}
ze)-~+=iWCmYMCIH)l4^%O0v$c3J01ii_=6v%B~CcpWZWeFDB0#*ztQUZ~c?BWwDLs
z57~6Ah*?#ArE~a}&)(jLjn50dEp4TqZZZPhrYRoUbUXE(q86yCDRhpy*ep8|DE{ZP
zHB_gmBD!Xci1rV>xSI0PUi?J-k_Z`<pX?IlYW0xYDFN4yad-Bvxv_rf@P+RcuIU6K
zC-V>WdkVQS>mr0i$Rs~+bbP07B_{XZDyE0y*~x|k#*!{pxE}efX<Tx7(}-6!tgE4W
z8MI%c1U($D#3hrTjnN92f70BJF`CQL@EwCzbUbV2QW(H2?&@o7ZMX1Z*k3+9Z69D=
zcJbc5f1wpK{(EM=I!X^SYF|lkQi<MoYI*a)8n+n{YkZgM*{{79y*^j^n3L525Mz$%
z)<FI1$X!f+Vz>Lm4KfW8@yuf|-=x^HejMqN`A#!<eJvP;*tB?`1Bt#d5s32uSpVyf
zC%!|z5iyTE=;f{KU2ozhpZhK)@M%-Z3ft$3jO9Twl_dJS^A8pP))JJA9lZ$(?Sl}-
z%#ikZ(g4m*V>&jkR(?O4^*J7oQlD6Tj6V1HpHGGVH^p1O=uN)=iyy}4UA_^{|A9>W
ze=q-kFSqA}uje`=p>4}1iZ1Insut=+do>dOpEVrG06iQC2|d@|UStZL?@A#BGpWEU
zPK2JxUw1yYKl~6Q$DbMo>!Z02HpM`nFRea%4`P!e<G~^Mz9I5Pe_r3n;@xXm!()))
zJ3zMJ=Ix~(*lL=8rxxiYws3a2I=muNh&T8NhTXU6XWO0pymJzR0@uVb@q2uD>}Y>@
zP+KQAdOTl@DQ-#@UUoWOU(Xa{ecO!nIF_xf#dtZ}@SG($T;Lb%$W?dhsL?xh1jo8R
z5Hk9S{i^+LZp7;^DkyZECh{SWTF9GW3SZWWnja^XY4uOTpZ6%Vt}P$BeUHLs&#;Yx
zOqXCV-5&4T1HYj`@~B!oc(tm5kBzok<tzkS5O8_^8sOT()cwS}@#%ClX1HgHbr%!(
zgb#T_#x683Z_?J`9!?4zMGkH*RkxMIwJUzOr1e7)oc64+Sma{H6nr;z6pla^8Q9su
zw|Y608X^YBx8|%d@6E<8)Ke^ib_i`}sto%X?=eR!j!STIe3_Kjdi}2a&#C=WeQ$ws
zvY3jQj6d+VkML${i+@i1*oew8G2qLt-Q?cH7gX04mZb_$^qrtlzwOf9N*&e-rlI^C
zh1rM1Y6JOH^J=28a|5rr3qA?(QcIT{f;?YQN_g!yaHUP&Y<~Cjw4*Ew_4$_ji;U5=
z_6UeYT3o}!<99yq!=t2fLqu1GHP<ivYvqpxlDff7jThg9sG%PV(iQJKK&|}1`W#qJ
zFO2HjDJk$t?)nmEc4>?-W9y<W31V!txjt{&CNwaC`{YYqxJbL+-qG7NQ}|Jd*b09q
zwV&||J$LVq4&>_M--B)~3Av6Y8!`Q`fKavV_1k9e?0eB{Hm@5G4Gu$RIXSR5$Ue(J
z0US9)W4#F?H6nz&i8RJXM7?L@`7|M2!jT+K_syb{uJ0fG7WriSUH=<LPwfnCv%cLk
z2j6?^(9w@4I(x?B_L_c5as=LL%jLMo*66&$`F&1Sc^WBleE4N{x^<Q66AGLS+5Pv|
zrwvGL8J8bJYH4pcL%2RYhfzu#P#AFKs<{>XvEOp3|H=eSWEdN9=Vzd%=O<qf#mxY6
z04mt=AB>d?nL*x8YBn#xsD?S`r~2SlTorRHc;gS5c>AA(%@BZjNbyx=YET?1y8`tG
zHm1=R?q8cT@Q+t#x$~mXlPRt8I`wm8OFmzr2N4Dy%jcom*tH%m$XIrTK2)KwM(Fa%
zzHMkWoqMZQle9X#gemTxR~b~>{a$f~W3}Taw55PTXmeNSHqi2yTQNKkAM-k^T2+~K
z_@8rbwRhCp8Pe|;+v-*6a9L9<=LRYq;K;GUyS}-)!J-E1#_j5!Nj7Xy71Iao_l8*F
z93^PMsAV_!?j@!spL2xUi-x|XxaKeo>R+8-X4~%u-Pd(@DL6kJyAWIDL`o39W$+WH
z>UR{Jh=#hB9AKpcekbq=d20hUwds{L<#a<<Nn3PMRo;Stz^We@&VL(MZqrTfUT`qs
z+*0Sq6)r`%s1^;KVF|<3t>50Z`Hk1C=!WPf`uB?}sRE3g)eefU@$>o#lyQuy!fN#}
zogO4Ir$ud0YxgfQH+6&3tX^&>cT~S%@^?1?WP(5)ziyL}C#7*GYZo^)@e)vRK^!<>
zw_R!sz3<kvsZ%fnGR#4tYV-8B>X1jugZjOsSV@;boZoTZ&iLFyFK-PCgfgKRhrF_k
zemuH#0!SNqG`XHU>1lb)i9h<M3ODqGvwIWn9wsZ=ckkK!49YdS^rkwVc8xM)q-dh~
zEopOT<|vktj;yWe+=9z(H-DR@zDh?y>qL&5l%lLacNN%NA17h{oZg1B4q{6FjxIti
z8#bxVjqTtnIN@Tvl%Xh-s|4L9PsgDN*#_`ZtFR=tW@yB`eoP}})Ddmqu6d1eZ*f@(
z7AT-#DtNhST|WEv&7>Qnt~->{K%@9CILQQ)``eN)eu7WaUfJG3qtAB-yI*eYpZ64q
z8LP)O)G-|?l71X22eX)4=2+bf&4l8mz1#CfQ@mQP;0<Vw^14Bk^Q;`o-+gx0&I{we
zfh`WDP0LG$QteVJm?zBN(JAICg<LxZp$!dxqM5Oa7@00vj)Nyv*1$>X^PkT~fz}HL
z70^V(TSr$8Y+N~i9tIZsg-?;$=gh|04FRH242d_Iw2l1*25ZqPxsuW^1E80RZ`cC#
zf<n^YWRoAy_YY0U=MqYjlt&4zyoK`|8@FjdQv8BOKL$I0Y08h2bPn^FIkx-xL6R;r
zit7{MAej?^^s&`EI70=XmkuA7i&p=Fx{h&Th2a<o&5wP<NnlBh%}D6CKjdFIrYDje
zl2}|Qi_>e3AN9{Sh<2*6$JOBPdqPxfJMs;!F5`(>-T7A5DZ43{mi6`R^Ta6csCu{6
zX&%s!3-=`!eP$R}EQ!2sFD_5Vc8<hCx7Azda6jF`2&}qoB@WI?xm6H`Tc|g3kFb0>
zDx50eg~JrgRy{ld2s6V}rD~6s3%GhPJ`@P~2D$0!h4xpOrx>K<ON+N5qZ?hEx-M8%
zNM?lf(cn%<%YkjLQv;(ds4&ur<fDU^uS8wh2zkL$1Lh8Gxyiqrf(tnZVkAzagK6pN
zW#;1mJuoN!C96Q?94zX~r0nHpf#b>RLA&g0PoukvgN4!0-M;^P$m=JCdueZZs^nw6
zb4pD{bB~@I3prm9Rlve-2$#O~J&`kVe674zkox`~A+n0lNdyR%m8!*_66d&j-QS)7
z_d1Eet@c`QwC-X{Qlr&(FAu~r+cA-P0}P8}?S6TUK@SF`4iyi9XO;cT{bu1S$@OV^
zZgFn|ssmU}KeVCXSt}QvD+LKX_U#ga1pnYv;-!fB00tQiEhT6y`8r*Hgi>jB$cDaE
zBj^wK!!FgqKV`?#UGA9*WJw1}0sX%4N7YWja(=#mW<+qM4Z>C59c#MAy1s*~8vWd-
z;ztLS##bg7x+8x?&y!+e>D<?~%lI2??5uB&QoGRim;lI+%m{;a2$+Tsf4?y_vubJK
z3}C$wJXq%(<?VQwS&_b3y|(a9mrkdW*il}E=_(Dm^Ut?KCwb0&DX}@HTjsKM*RS;u
z?uhVt5EnhOsU%TS7jE1t!>zNw#Ti!*&AMu`r~neo+-Yn~NM4#~YeIjT-k7LpS@qF;
zR5eDmavkX5cH2?_d8eoVgur;#(u_w0#<8Q5@Qu|?wqxQC<iIIAn(lHd*~zZQ7+k4x
zAwi1&iYB@9ruGa{DyoG^%A7}*ay%i0i_)P{hMBGp&i!2)Wc?t*Db_x)K1MLHvUM%f
zN1qJKsUwRYi6DW$1ljy5FW74wo^-mQs|_C!(a>+$^Zl*U{r2aJQ*9zljq=ajXRk@)
z{+-&sCW4;nf_=K~Zl}2HWPe)OPK)al^T7R8@rDQtn!rf7BJt?zN6cU9V|OJ%t$N5y
zI)K#=S+SFA`S?FhDL14;0Ovm_$jvapSY!7U<hf8kvT}W>Q6SJa;m<aAMjM#%?>Zkw
zpAIT~dq`P^GEpUxJ(N&g2aB#9Le*?2nxS5AFHyKPmENj%XZrfxQf+%?+iQ6eVeHnT
z2RowsWvL{IE<3@&q&ZW*O;Aon_JiJX2c?#_hd;>e*|f?H*y|7rp&DEF%@|_LRn%H5
za*iq1f(6)Fi`(@nN5{_P!T0y)z<&gvV>2<3;cih-&e1>Xcm2cOX*Wn>2)YOBSUE|N
zlVESznYGP1HHgZ6(6FUjoFn(t5i#I3Zb?GspOCJ(44bsO`mEQSm@DM)B(;-uhYz*7
zxl1s9bgxxES%#@b=zUJ)s^#%=ui&ao?iJyj{D#(B?oSwJQ6lX$t%q$ry1l@P7ptSN
zc?BQC7ZC}y4sJ0exjTyOECfPo3%>!3z4km6fZw!kL9lCR^Y)b2_X08Nhx6nD%gwU@
zXiv|mwF#PQFRV?At&iO2!mwQMzFy@feElbfKlEt$)8mpN*!xUlnUiJARULK8PQ39!
z!&&g^@m8&bMUqwj(iU|vc=Y|c(3yjGL{mVUum1%H!eL<m1)uISjh@ao(CsZiOPB4>
z3Ce|>z~eR^B6R^;{X_-}_K-8XXSWuE-4L%7!l}TT5b{zqs*YxN0t16+Ul+>V<n2>v
zL&4u2m}nUbHz*}L!r7GXkjy>tuq9Z?oW@ec=)3vsY%&@0<$kbAiE+gKi~zANE3iGh
z21xJ|VCw}UK;wq5vskSr0tJ)3#6?XTg#@fU$xb<#$%}Z|+%{aW?e&Fvn$X}pR7?99
z%&A1_2dR;)U1}cR-u(kK-*va~X4R(H#1aYQ)N4h7C!OyA+w=GT)GHUh&;K^^BeLp#
z;#Nv=v+1F0H-sJ!;=yCKeLgYt1<)Yi<*_y*%XK!tf+D5IVF6}gwQRxX_+p4i2K3jB
z2hTr&SKKoW<)~v;HPB>^UwfxoJzlPr4DCl1uf7N-*0iQ@KGsI@x@+&!j-r}2pBRD7
zb~2%|IRrZ}<y8_(Ie_g+^sf6u<UNeHIjwjI>|22|U(5>h3~a%j#I8f#INbB<25QNT
zUrC;y4@Wh!<(4HyZ3{V%$I=BY)~lTJx(UA0B?WV}S;w9^AAHoTt+Us_jvzAjG`yB+
z&5v;Z&BY%q&dniL?_u<>G@ovbj2;i_4~!|dJcU`ZL~sS>37br%g%c^&QtpugZ<GY|
zzlVBj1rJkaDF@0vE`1?q{(P<f>JI&ll8RH_ge5G>ducVmGF9wNqz6$aoy&EGS%5gR
z?-z-Cgy$6;Ygf0O-lKSxMb2jHVC|#4{(-nZd%gE$cfGShSiR+(02trkj0gFJ^xHuF
zT}M^R1#?yPhy<WU0H8tmd`SpZ{h(<sj|UM2EMkZX{<=>DPyW<zW@ioF%9ThU-sM#h
zF&X5aPgYSocr;9aI|&J^wE>zZe(@jO98G5_Bg;m$vV)iANFYqJTy!g_p)7;=dEnA)
zA)+N2ILceUmw=jzpKRA}=vZq1==5*9Zmef8uxT9Vp8wjz(3}sQ8VEH^0nJMO(%gxK
z^<d^WP`KnocV{wZ*?*>VyIV;;y*09;PZEo4dnHAyj$Wjh;^qIzBPW|)0Y?py5J@D_
zjTq+xXFLvAf$>%scpKG@5!WGqjgyZH>5G>j>0mjbr4{`>6<L?!0-qczUF6IPaduI2
zeVq`e4O$x#p0#jM+$WOOSMTKHKB$)2=5J?ncgh{URT(k0(hec-gb^z^-9?mH$&U?4
zZ2)AtIgk~IBiSPM7ihU0Zv!?1KgJcHUf>YURr3R$^pRXi(5u#mcrr6vuV;4UGd)}q
zG6GNI-K$<&)`{zk)4bmvf>!Biq%8ka*5J|FG^Z9i*vq;?@~^L=C|aJVxO8A2Meaj-
zoAyy5=KDQTs!46oJI_#kE#d4}3B;u`L0hkEwzgEz-j!*_lB*8Ue85sUPKO@dv8IU8
zXZ_Jxgk)tF&n;gj^)zDElueD<kmmhHPtEu+t@tLXacu?I{(y3ZWzi1&nJaqM?RJJw
zn4o4Imcb))k=$d#LX}kSbV-mLmn5HCFjnJv<5!&iDZ2d3fzUkz+M;*`bD2iAliu;&
z1A*#v#Mat){t9lK)T)5D<dx7b>|RI#3RSPJsb$$sQhL_phX>_laaw$y3^DrBZeO*a
zj9?Nl>CQeVGA!W9aD4*6dS0nobF>U56)Oqi<Tck0S8i>*4~R~a$)1|kl$BRROigD&
z?58Q3V-??3JL34V2K4dONv^hmmZH#i!7hm`3L;apObWZ}9yBYj&=BXarNX!A?oD>G
zi~}XP@OC&<rdaPLo3p=EH&fc+^JP^Qu4zzhK|Wp8W#kO39y^8Pj@&^&ck)xpg|z-J
zvy=Vx)bJa9dLWAgmP|mA7GN+`GmYko+2f`bc+5ItO6(K-V+eNUX6>W5z=f23h)}3j
z8eDFpyzy5GTX%9#%9CSWPm72UHi5W8Mo{U5FB2qsOjN4rW={5=ynLfs`p}9|h$1qK
z7Jh~qXi$%Y&Qa9o`t4DbJp69?va+1RR-9nB*Hm7}5h;1v^K=)jaIq08wfH{Q8*+U6
zh73O-!s-=1Ye53czI=~8N`ld(aTo{W-OOh{dVxP-7Ho0Gv02+p9>aAkI=@XyC@`Pg
zleb)-wjmi&t1o&CEi8KI8ipT<O*JC~RhW<j`99iF*TUZ6>$M|zFqX(!S~o}PW@9yR
z?6A>?F%Cn!v`M~~8e8m<eorwF`c4JuOS2vq<u7sTGHV>bAVcZIvD`uDd|yksiDnzY
zkIm@lmux3;pYgyfoIS-)peeg0SS~NB<U1cJ^r54dbOnMd+95_5%=E;)V@iHHECUQf
zw%7TtGb<aRAcddfY7D*a8$7-s>MU*0Bjoupiy@;!QbCDjgDqnX+<x{V=+StZbck~I
zC3_C7C9&7&tkD;QZ&$ZIEGM|_OGen)KNFvCZYzINP`oh~#R`Z;v#vx{YYStS`z|k&
zL#v6iaethA8w)=;Hx}SCrf$TIW_Ea&fNHf7P|2dmMB4oFZ_ZaGaR2%3wK~C=Xumyl
zZ9+20c)K>w;=!znD16Sdv7zxLy?N|Awcv?n1_lqMe~)CzjwF}UcLShwmuhyTD%{7?
zz(=-gv4VZ1Rcl4tJ4B)vlE|-yZPYnOR(44$Va`O+Ix#b(Ol^6@5ysY&VH1wRX-}7v
z!E^H#qJ7eR1@>O*XF7vxT~u;~ZHZf-(6z0N?X~ED<dYgHSW5PVDw;c_mq$Ds59?><
zlWHqX1~fGyX*skNL8O=+qAWR$9-ldS^_m;o(-P?>E9s;oH!FMY5wV#4pHuEg$PJFx
zkEvBmH11M$N1MvNn|rii7jthZ<pyUUu$6~od&q){9Pht_RL$atdijCBb3kQKDe`6v
zhbxmCu>eG@zO~-L#+xss37{X9`u6g9S9*v4Ix8=7_ww|TH6^CE3vhZ`(Rg->UlQ5z
z<Q}egqYbuQefGQCZV-BQU6(N0JnwkA8*T75bgw7>O7&w7_8Gjo?F}Mm?|?pA;J?N&
zc(UEcQ954V6cT)dFB%=KOmP=Ico3oswto(XT3nrK%p!tLmf5ba|2lT>v`wFGK>U(!
z`_2Ym%A>s&>;w<)HV!LTzW;IBdA+$9`0unS)~i9VcZdyBLIk;qAD?mqb5M(e$^+wM
zfe*`nJW6v9*gMXq{7^85htjpB7uIJq+A8o!xtm8EgrG1B%g*>*fzk{eb*O(vb?WdM
zKLNts5}{HC5BpNPYp*@{xSUJ>aRg*irXP<O=d5&T>=V?VMKv}AHXH04uiv+31}Sws
zJQ?z0l*<nN(pp?0{_E(CXV_Zno)5GN3Wtu@<D;3OO>_)eJO{QPPbD8+_X)~RIsTBX
zp(qZK%sVX}k*(O}+s}Gw-;6dG`4qW-5`26p`BEWmkeMT}BENGt?%RtK&j%X82PWYb
zwpoU|4}`IpBD)Wm|K0x6)3f^u!DqO)HFhW1`)**o;Q98pcG+nd<vo}seFwLRZMh2{
z*xT}WSAG%;4NhA{{%J1(Y)3h6NdG#am7fS+Vc9)>$L6K2iPxbJDGoS~57o=I|JdMh
z!?Xk|NQQZk-E9fZauarY6c}o6uzE#@>(8#VbiwRkf&-XyGqoujqezQM{KVvfbgN40
zBFl#3Fmy(Lw}P~^8?=wV%<PQDhV$#A-Ktr=p^Sc8ys47zgMV=^!KRf92eZE$VJ;>+
z-OkylYmlSfd|>;+V|2~ax1F^t?V5PQ6~f+7MuxTY%GFB(un4TkryD7TQS70xd3h|f
z21Q>7E1KEsMJGSCV!)F&f#o5h25);hoEjE#*9<?<t?L7H{fV6RAYCC;*MCk$Mc<z^
zy$-TleR?8w^>PK|zR}@Dx&Bkhm4CfJQsTH_JU_yH`G|t>P*Kpq^)7M(Jb1YBgVIU6
zwMS>eZ1>Zjdz<4)7s`g(ETaBPEGc7B`xf1wZ^?u_ja~K|W;ttFunm$-U}MLdy9R1L
zzhK$Psk()W2VU9(KZ8+GMaAEKb$o9T8aX*cRGbx+dBP~lj{4g^HJxj`<EY%G7~nZK
z<Bt1Z=Gn}I=XYet7k+7XO>j9q$}a$ri+5w4HFR=CyQXUbHmeX>_$X0Ce!o)BQU005
zDwv4<K}0ib-mWZwiw|%^&-K$8Fqp^Ovh*&vxvd>KPfx%v|BI33%z-r6G3lLH+VaoU
zZk)kvR<<r<(S#Uz2eoFoY>$og?<q%g|CQ~!+A;W!(z&`nr;uGeY!)+VBMx+UK*mIm
zJ|MKlCBehF8S05Ggd<^cM>zkZndDlgPKZ~>Y%~F`Q&cG$L+S${pQ)}tOsyt@U%dhn
zNGQj$iG<>znafFb&gMYBYdzu5j<C*#Ht8iv$H$5f)#T9U{|0$a$KNAD!H>u5)(lgZ
z**Bake6n6GFy1huB+%gyD1969b$&txrz(`Qt~hecLKG)WRjVddB7J~qvy4cD?Qm_c
zJaBvpHn5MJs#>_H=gFslB?_R=6=&Ep_HnNU$YD!}@6l6+Vc=JeP3C0~d@ZGc%w>f(
zh%7tFf*)d-8c(4p!Axj9CthJP&)546X6$d>fJwwuJXt7VL=o{W36d<xvPo0?q8lup
zQ_P*i44BdqQELf8t-gbxrGu0boWHF8kTw>_q(Z5gD9AO{-kouR?u6Foe~iHDj@G7c
z`vYx2a{}n`#HS&QD<9}ag$L(O{1&?zJ5{h(UY2}-WSkg10E%3{3FNeTl{5u&Qjyjc
zxL%xa_y4<#`GN+b{s=K93X;*nilBBfPYBs5<4Y(OA_>5X24vlz8j=4?eIU31IU8-o
z+i@cbk46&iE#tBdH340`*QY;d*A>14e#4w}ihbPNQ0fsdUx6d<S}gk7p=NDJEp=-^
zUmS)hJr5%A?%+G43KwJo&HchD*oJ}OpWiXZU98uYEcSMmR`QFkC$G1R8U5AU-16m0
zFZK(6K<Uqp10ME{u}y(VJ@X;<xAG(42O8x<t*cYFmgOv|&)=07LJZ1ZqnEg-BPup{
zUFt?3=IvF<XK|W*0GyVtV1gO)Am~{+?Onu7Ly|<`cZ#5VCCN(=OMD!);#Ly5Tl`%=
z4UIZV(0OjT)M(c6I=#PWTQxK)ELge`ODvtE^qWc%^kaM7F3ekdh{LQARaFFPA&YYc
z!95H-<<PMXn|Mjd;`5<+*EpKcM)YO+3xAgJbBEaC$<cpd&R(CI0`<CN%Ar`A%Ls0`
z?_u73S#?`48~c{dE5#YVNaemS)4Tly0_lZBMAC>zGx+c#XjwJZdW=RbTz!lE6hx(v
zbhAT@yVeNJeEEM?^YQ<@cIy9I9F3fNd4R3xyf8bM@ZfQ>WvOJ)=*692v6wXti9CA%
zR=Ikf&LGmay+`1`E@EXgmG$*#m62lF&x|(GoBIT_$$eJX!RA>$ldSu&X`Kh|Hse&N
z>g=1kFOlO;70s@;Y4}ha9tF-_iV(tB>S%^FR|MI>E`xVQX`YK*lNvz7K&lMm8HcYl
z5R2NB#nqRHIAw1=O4>cR_n<zdOfy1;ZeOnYP#!cQ=3wd4%MYkXje2Nd26<e66~$n7
zO;pya!X$DXr3F-My~Nu2u9&J*1~t+Whx5=ZC7#t;F7#M`wECG6wz>cVXvQ{gCwO{H
z4<&0^wp!_;58C;ysORW#N^PSXrfT@i6E=@b1iAwlrm|FLQR{*aMjYp1&g$*LUAq$t
zy`BcxMT=h@w0dX5cMP^@ebb>8o1JK?4e1{MN=D_3JK1DSrF&i;lk#>BADXfcXRaV+
zr*heda*6@{6d9;Bl}D41HPxr>KiDV`*zoln;#tOI<xby2wDVeWz8@&_65UHMD`bi_
z-sQq^c$`UAxY%{wS|}aYmio+TS)GcCsysMnqwKe+yu!2j>`O`#Bn1ks!vEHr)ZzTu
zI0(tWs_lMSP5>L6stRyEk(Jb^WPKt4LKE>^fyi2*A?Db?+H6<5g(TlqD%A$0_423+
zT4?PfPukHgo`m><e5xDjk+@`&zTRF&bDe&Z!jxgnynVoFH&u<nu5qEz{9LctFQA79
zNAmJxIQ;W+y(n4FqQ8m=SYC~X^W?SbAY)sBYg8|KTQl0>f?HE+?ufx~Y7f&A6btZW
z=-~WH7%(WL3T4+sf6F~-UZp>{L6q&^*txx_PUpILMKxnmrz2MaA2QqioTdC(HWA{n
zz?Q5)Jzi-;Cl`knuNf6eKTd0G3=gGKJ>^*vO(GKH!hO508R)6~<hhGr$9TOw)-KG6
zfoaWlLXqYd1*~2qn+^ihi%2%(Du)}U?#uSdX1_nTt>X&*X-5KPfqW*L^B}C`EHk~*
z&S)m%WYwGB(v|2gG7VF~J$6!7#>DNtDybGg+${jE8{4G(mN6Wa;cVma^*`RP{%#cz
zzi1e~;OS9>-)Xq>Igw)$x!%Tf1|=<OpU+-C*~g4wN&z_IrOUTDPrHKNWl~`wY)8GQ
z&03h`&=UY%69(6g38zWFkpgr$V;AYwLG8Zydunfg&)vWRL=e5^ssgZXD!y&(853b&
zHiv(~$9#STSe$p6G#NJdr5jw4jSl!y8dVeLdT@E8KhlV62q0E>$oI-?anwR&h?}5?
z>WO0EyhSwPj3y{IO|q&gYs(X7n1y7E?#g+NCtJ+{e~=3)@0IR)vS_ybpUQy#$|kV`
zg)waX*KlOk^;-WVy(IEUtq&sqNR~_C{0njM5fs^p;r4@8JB&EHGefiPF6Kv<2ca=B
z9b4IcD2cVqFQBgaF`}Yj+;UDYjf_*1)mBsx{iZ>vs;*;6PYF?XeFNxo%9f5)i<)xL
zA$`+^J}Jv$HGi4O7HVfXD2CKRZax9}W^T%_I14i~dWYs35B+TQu_2nTmBpOXZpM*C
zba09?lqqZacOE!&3x~Uz<7r>hM(jjh9Ikn^eypo7YP7S?7Bn<^)%aE|zw&<Cn@5dz
zafmAKX}yBtt33!qyKzPr{GD?oN(wSCs8U`|zpRI~B&ZbA?0${Nwm@AlcH>nQnj$WT
zkp+8+0T&$&g_nlZA<f7RY!6#&ET=sEuaAwJlr>CW_R#@(Sj9*bz$_ouAVJ~lnf7%&
z7bD_%_R~O21=Kgx!!d(E!?djLC&U1EBy_@@3`=J^;0(m01^*m4<D~kwFL3es1*jFk
zo2im_5hm4KT1<!WgYgHh%j+zgyE&(pxvd(F<Ar*mW7zp=s|dJ=n$L~Nv5@wV_;(0I
zTes&*Sz|WDZ>1@8s%!x!&=OUkm7X(I1a+KbCL&|Es2$b~kl)P(jMnCR#q8ygMG0Wk
zryII`bu}uiGx&_Y<V&(J0pZ;6{Wk$^Sbw+tqQtzoGiR1zfg!<IMSwLSSYZ*~R4niU
zJwxJ4-}i)i50GtN5ox?jdRf8oW!_?zG9jo{PK@gF91QZ?ZR{)Rb!}djy3}XWf^#%C
z8}pStSH0bJcQz_lfs=LTGc)(9XlU?V?XL04<U$0#E6M`h)a10G($|YhMj8y9M|@j`
z%Q{;Ss`h*C@-h?_3r;c~<7FvH&L0Qw)W<O6GmMWB9U#W@QwV-0Aj5~=etwPaUjHO~
z;4+xyeb2t{Y%R0bC&DgC^`J!oz{yb<^zHkHQ{q$W>^^h4gY@-E+RaAb$4l1ab*BBq
zzh!M#QJJ%k#|fw9`3V$fr?S0l^pJ?DAAEI%H0l|F?J)j^N}M4W4uqcya+47uz5FVu
z<wHBB8pu~~fs<z88)Xpm3vS&N&S;W31gD!bI~XjT1J%fuS*)`;<&rk<m5l$2-vHkf
zWV48gyukY1yiF8l>I|w2&q)cWb^`@XFeiH<^2-4bsOA6-?_|kS)#Vona(r--9aM|p
z@bRD4%3nRD27S7+Mkkf-AU6*PW-c^d@4C>i``hVp4Em86Xn|a458y9~!8DEPS`Nfq
z1xcse^h6Tq4$QOh5>;8}msjx$b&+u7bh7lmBH;lMG*>>Iw<C^P<SqjeBPij}M_#hS
zOZ1R2Ov;}<0_6n^j57gRhIH)ALxk<>3%}8J?mzk&6SUs`$>FC#V)imcgFD^9BNgZR
zH<&7Yy~Z=H3qSpl9R?#}fF3(5df{ySBGtk)bS=a^Do22p*#Gy2o(2H+Mb0k(=5>@+
z`mds3@gjh1Au0R{6XdP4^UHprc30@NXD}%?;<^?k@W)!)<>`z^mmH^_0m3(>mXjO+
z*jh<rPEe9=ILCb{jPTK1168kv1KR~wciplH9zY(Ur5)!7%|ad2Q)PyHXKImUMZVg2
z?U8Jo>gETmYh3<8p|$!yp5HQhbA1f)QE-i14&uUS|AJ$_JBoq&@0tV_`^nIAc{De3
zmuU2C#+7My*O_XhM_IeNM8~@#?HdX>qPxM%V73aB#an>#kny6s#_sV&!JB-nuP=a-
zYt9azeN<*V=S&rAVoJNGZwlX6IEz)#TQsg2pOwQ~lc}RC<WK~j(2wdbm=LEzASlxB
zdco5|b_Jv7#jcq1sy2C^EY`4~ZxkxP5aX}It*h006z1DD&z>>(C-kK+=zd1IK@Swk
zMw{qq<MUnJ_(Q=?4WPPbrt02^`k?7^C_2#4#ZzIUvu3knlYSr>p&0<g&7Hufk&IhX
zK?gxDqtp!79<)0krq5t25K$rnY<idaQS+j6e<>5_6(o;_@|FUxCSH|XSN;aA8Q(4n
zA%~n<G**%y>E9ReK!8c`-GLb{*Fn!b=y-hC1Ib-?!^(?oeZ0Hz<ab(nP4!iBI`6Cr
z4%6{7znl+VA5Ao;D%0Uwfr1CxPS!sk9-h@@DZ8Im>Q80A$(~Xv%v!=1ElY)!3gBkN
zfZVXBX=5vGz$#WVy^0R&){m_jsFZU>U!y0YUzXeLBnmIvpE)$X(B=`qKyJy-^D2##
zeBW%3$#RZD5Vk3Aex>po3*8WG`KGUwm_MSlQm!U$XPamMo09lLZjgUDxtK1QPG-^Q
z=IF668=`#-gc~pS&Cx$;Zi%wr7zo|<y=qI7ughEfX~0IG+M={TwxH1drdGm&>wU=%
zW^mM{+$wDMZqVZ`9vldq84JtD6m^|{$%bBM{WJdf>Fr(an$>Faxrj5yKB*?NigHwm
z%3?mpC($>(9Fj+u9AHs(xLZ6l<sdslhiFeo**w_tjR{Q=a7=3SpSa1W+@Y##a;yWr
z(w~FHl;=a@O*F%j^vpYC{n*$aWU(%Ys-q3J9b+ylQT|9EbOr`azX%&Wli7G(W{0_u
zU(bKWAyrhWG>XiRw{&Gc%u<Cj!w#|!@Z@V+@StUwY6GPwECj)s-9-vDPJXQ5F;`8t
zzf60mG6W+2pODEC>~AZ)$$WOozvt~<xTpZE=ftya7=g{8%xJP${Ka^ceVO#rk0ZrS
zXX3olb-UzIZt-R%l%a&I2P73#Dl(egi!`YH6ZO}oy_}l?z9FJA3|fN8WZv)yDm;8L
z>oh=3Qd;yF+(B`scy)h`90!+N43ph8{ura%c2TTc=;g`BScf{TcKl5_TfnSmV$FJV
zS^f9INEoyR?^U+kRyS;-(jOc6!nNf$tUAKUTI@M}9A;2ZjYq9;Ii^_3wwLeMxVBDH
z5)yS16<UqC8yd?^^Jl*8Bv^CtpX;e(xy&PjYD5g|Sqa@$)u!6@BqJw}{cSZc@DEs&
zZ&S(pX7DYoe^jl`%c~W+cOUP$xYP^*Xs+adj=X%HY{-BC4iknrDm}<mubBO#NU|)5
z<t*VR$J#5?<2_@Yh;;GOgB9h5MNp(bkAQ~+y5&HSwsDHra(BZ_;wSb;m=55?v^tv}
zEpqn@3AS0CTUNBp=QI-%HIQARB##YEaam2nnd%u8!tZom*TyQ<AK+#JkMG7Cs<rpa
zwCTb%*`<Y75O<Tdu^l*aB1K?YP|;-=%o2s}zoCU@bEpIvmN^EnB|;iAyS|ddHVFX8
z-Q^A*@BafUBxuG)S6FQ)5*l-#jGEe^1-W^VNvFdd0FB31nfU>2nNtL}Zl1j<GcP8K
zc}_&cA5su)f!~UmrTaIv<US<g`;&AgLkiQ^m36OM@LwKfuEHP^34gVT(OssH;?-FB
zEs6mW{T`Ys;989+sL&*}0?Y4pOLr^h)DaIrZhf|SQdjt4a(UV`Wl|mRf(&-u8|9_l
zlBD!w;$Iy)kd6+Wf~~)E<NK6;^yqbyWe`{3v$1%SNAANM2+s}!#x>$s732a`mwy7I
z8!ls;#osIlwL#q>79amxX{;zhr1nx%`A~VR`uAQ&lpCT2`l`z?8~PdlbU#=(_?%H`
zgCt;f_#-Llqr&BjSkh|Vk?<6A@@y#YU9{9U4Os8B<R0B2!`u<~A_`d)LLQ_)@;Nr$
zjE)Zedd@!_#Lu>&u09)ToK0wB$<z`K2waratjT2|Kk<xKMR2WD0h7%tE(14Hz$B;g
ztzu1f%w|=!LiHv&QIz*D&G8A>=4s}{8~0_S!z8qXg8l7Yi16tRb3J!jH|uA39W*1F
z2f0u)t?75VzX~Juoi{?N!^ZO=bBY8d`GR<|6G9GPt1E1;StsiX8X6t$Ay^xBMybcK
zdnz^6nM0+$EspZh^`Y_OjxmmXXt&^*7;3Zc#nDv@I7^D~b}%rcvKwFoYB+o)$-+UR
zur58_#_T142Y;1+m<DB3&GXlWQ>Yg#No0SkFmFBw>h`8*F$;e{z8%zm-G=vyRPcD$
zBMeE2legNsUBk(uP_NB_4zT#BE6gOuokR3~8U}25zSxeWc@&HN_*>BAq;u$dRPA7K
zr*$q#+#n>CI)Et<t0+{1%!DDCt}zE8%(K%zq+q9f*=&0@ea8PPK>q*3|9NTbem-+J
z<azK_E_}_TQ9mhDuq6Q!PCZv{;6<y_Vn2RFRL;$SE9`W$myaDrRC2<5?9XIlu62IA
z|EaLx-`|qYw^U~+;yxsBG$%^Yj%EFgR^J&VNtx;p>Tk!LYKDm`B8W%;R~n9-@);@E
zzuH!mB$CFm=}o*jANVEE`NurdWIoMk9;Stce}1IDzm8qScXtc+w)3_UtgzW|2xXQ)
ziOh)LcW9^NI(lsT53Lc2I#|%HU*Ej;2&2xYT3i2xUjmfF<w;#)Jj8{U%7v8q<#@$Y
zFlrOWi)HWwL*ZhP!)$NzHh-Ey`j=P)!C59}^Y-sFhd_iI3qM%j&R@73GxYoCnFDOA
zk2e4YbxX{f==RH<V>sm(uIZYM3|*H34g1uiK24LF_y25?kmPHdiF-d-pJF{?fOXvC
z;!Nu9Oj8i=4-44Dobad~a^;bI#WhSeJt;>+Q!sh^bN#Jd3d(i@)rSh(w0~4r9Zz2|
zOf7?2?c7vzG}+H7#!Pc_0jZ0X^fNq#$Qye)xt<u87xP7C-L$$29RfWaOqr!x4P93`
zhFJ&IUh=;h+xnL+={oFcd{SIU%0rr$;p?=Rytp{<$JY6wY95o9p#yQ^>a6%1#kky&
z*z&D3Zg>2oY15jR3BzgK+SO=LtI4^ffNYkg^>>K2R4}w4>DoJ8;!B7IXGZCcQyag?
ziq^}rNULNy(~ji`-4guCcsgfWR+&QrjXRUzsbMJNE3Uv&jO-pkowA>xl>?OWU+$^;
zUUli+HKC<uRTC~rPG$Lv-B0^0gtCs<Xx!yf64_3GTvJ@|78T5T#ZnUP$!R2WY9~-N
zqw7Fddm=fSsu?u11q;)aZRkeVtoRMnA}R<Aslumo?8Ri&0Nxhix<OuY88jSanH{&I
zz<KDFB<81JP{QF?BLmvZlk+raS>oH$RB%kKm2>ljBEr5oZ@H$}Ba?y(n2O8yuyoHz
z*OD>x``g1tjkqruwQmq9>Gf$nuGPzk*B@=HdKh|srC3$artlOC980!ZV$rdtm|`k)
zMMfS&%E8BR1jHLh;tf7;R#0{#D_PrA&9+mS(xZ-Q)9jrGb=dGXaqz6wiv~rvfxQMV
zmtE5;$8Yp<6Vk*>#Y%XccPR5AW6D%APZ=<z3|-mgAkuX3jBh23>U<mcBdB#f{Zq-e
z_@75>$2+YXe{b{+R);~6Qqiho!k_|33F04P!}%vkc-R^Al-Z-__jE3@J`^)FVOIOR
zOF|C5L>`$fGa<XCBwcSol(@pdEG^{%-mfB{$%&d-s=t(hB62nof|h4E0Fv*8B0sZ!
zDE}NLpzvKl&C8*rzTgNp^R@E7qgzZk|3@>QK0@zr#m<0I{n+?Nu%RiTMvYlRh<K?&
z&95i-vWz|Bhn7xVoH|?mhVJ%^p|x#SqwH?j_)9kiTQX_iVY2icXel0?hh+&LfqyJu
z3|D;>Mx>5}W5Pn41Kc8(AA3`s|LuK5BeKk49=}84@_5zlH;u#8cY)0IkAF?j1W>|0
ziW?{l;17=N9W~*ZMDBhsqfP9H`6>d7wo<LauxYIme<aK)WjO?qJRl`3z;$CuUn3oe
z$$IoCq9FRc@AJ#CtjA!XBK!kxke1ZpLmXJQuH*HQta4V!mDFt4yV?mXh+IFw78($Q
zKrYa<GyVGhd*yZ*4!3|i2iR0Y`QPHBLOA`ic8>>qoy`MhTbK%-1j*{fkc;~$^};&g
z;8)?+6kkHQdier@%2><44ZhaU9im;@p<JixLML!`KOkDBOLc!|4^u2bSd#g4`6+nx
z6)(EoG=u&Q6Tk-SecLpP!tlS^`^u;&zpif!kQ@XA5g0^T8l;C7q)Vi0C~1Z+MaiL+
z?hZw|8-*byrMp3L=#cWg@UQm+_p{zF&sxv@;a#uaMrO`+&OZC>v-fZR_P%~2>(n1D
zNcvvz$$W4hMFvqBbS!yozBPTWh`<dliB@4stMu_98V@9(!lDKX0+5qaq&VALxxniX
z%VlUTajz?n63#v(@8z;;!SKAYt*n~hf6Z>cDgx6slIkC^ih}g0cLY^zpU?*J*(knR
z`!hfPVkV*?QvVQh!$xV-k&@5FR?wRvmeU0URmDaLI$En-bc5=ScD{;jic03S0A45^
zN!8t;!_f$PtU7{0Gst=;L$-TRI_5)Z0;;`Jd74!-^WyM!HCbSvU-Qcv=5W#yzE2Y$
zU~1p8-BY>c)Ul>MKD+VZ2^yYKZ4gk1!|tbi_a7}td<gH4!a$q)a#2MB_)o@Qd8!IH
z0U|FxCtjUJPJNKLX+QM@7EH+EibfNMu$JmT@2;zv`SuPRm&6>vIgl|h3vH-0-Rls4
zX=*gk-N7}Iy-qPWTdw#Cb4bcr@Zr1CF$B-_fVuI=kmzpVM%l|7!)si{hi+o3(tdAm
zaLS7EykO9nXEg)4Pxkb`H6n?WSm(Hx!tZ_;94+P<<xif@4_=vL06M|seU4+bd-Ld*
z30OYrcEBgbAzMl%(SsT`E^?$<R&m4%Y#!PZlSjZ<Jg?q1c^gQ5EY3L&6cB`|WjzoZ
zw<sMl?>X(~qePal(7L_&V5kxhV^TA3E3-U0JBBw|SIK|E;8Rhsvs9JDs44^DitF$v
zPT&!pV2mMQe1~?sIDqMMWo}DDWjC?)F^lHG8TRGfhL^VZB!Cj_gZ%-4Zy&?$ogxCK
zbm}GqCNUF#zQV|INJHuKVpYZGkxdV8Jg23Y%rSP5NsW$4DG8xg`Fc(tB{42vVl|d`
zm$!|K5*?aU)ac`ztP4iYSuAu?39Q7K-OAFmaxnr{`+`r&R)vtRJ~D8P+HhkhlQFtg
zJ{=JN=hdqW9CD!FOJ8o?V?y?B0w?$}=*uXIA6Haw60LYxOQsnO=2P7!=f`+Nn|9vh
zq=p~)>!RQ3iE_j1-@X&e0d<O#$0-f_yKA^lMl^Z9j?-!CBfQU5Qsy5I3FKB~GEa0!
zc+589fe%pWbDn)FJz$-YEY=B|MKpZgderG~>XqboYhaV{z6B-TCpy&U6V5VPoYpEq
zKGap*4?mASHDNQ`$VW*WU4ER}K-`F4a<0m4lDq6=4U}VHI9t6gwi^g~?4EBJ%9eBE
zk&?XBvnVsG0rS{9N&{?Ax{xG!IIcLKX7SIOmycfmEP>x8Km1_=+>)yTOthkD$ZVB7
zVL^va32^m)d8MEj(J4qX;Hm!R7(}{P5v(m!sQyLOkSlYwIz06@*M9OJ@N0kQxF54t
zZVeUcb6aVimsv(G9t@ufr&%kmt<g5c$Q+@LY9a0`av#BfbpY^Lv_FDm;hV~7nv5VD
zqy99b>P{_{aav(BEz2HS-@?@DXe5#&f?wn^*N~W2qmb0btH)OtGSh|BuIWrXk6j@B
zQzz=`55K2OI_c9xYyq*H(fLTWV*&CCik_i$_OT}H0V)Z>vc#|khjH{3c86_^W_7#Z
zTo~vJ7cd7AaA*>9&qTp`k@6^;=t=$OgO7GaHXQi!Clx$P^=?(Yv%1MFIwM=p*tqM{
zH^ClOzY#G~w>wiZ^%`Ub8(wpRh~o(x%@VCFdq^?7H-`C8O(oR*I0x_;LA$VHS@*Gx
zr%yKhlw&l$Dhru5`3890B#+>BSjhV&wI0Ft+6fG)`+g(vd~F?4(!^XZ5+ftp`b}|V
z=8H^NU*2$~qqBUP^+D0pXg}FZTjb3oQm;_VtWpBP(lO>kZz0T(og7XNMMZ`SOJ{9`
zJhdFEA0jbX!m70G{Zg9#vC!LC%+$4vhD5`aFzmmQiiDT<66H{uJXD@biPaE(Aw)_9
zL`un~qPu=ZlbUGGCC_A0?g<3TQJt?9_Hq7_iJwmGr1tbR_;n!_c!!Fq3P!R4xy0l;
zg(xb$2%fz_ea0)S#@CfOoFu17T+y*YEzwO<;~2iAGUw|e|Ls#f2{kXMh7m=|E;uzo
zSNnMsT1>xdbVPvraXFy6?{~L#Qy_UQ9p4dVCO65(HHDN{4(VxZBwIVSO|>)y5*>zZ
z^1G?(MOX@Nt7e>^enbaZBPo4Fr&<u_lNd>)5_Du(4t*E5UafkQnJIh<%CA(dziHA^
ziA))O5Vi=BEFoB_U~?Xnb6*v)@%gr`?1o!&u@{(Tjhq7tt9vpajA)wkH|pgjKp*2!
z%3NDzQO4U|NKStUt(~1KEA<H4rK<OI^>ih3h^nfLrh&BE1l<=)L(b3XTBA_3L)BON
z2?)p0Oc#s7qbu`-w=P(=-{-dyC_Jp^GZGqL&gY*hxp*03N&lV9dpg>~@e&q;1RsyZ
z)l;c&gAgxf74JUNUiV$ZUacwxTN|^7J?ThK{9=31C8v+A-Rk5id0(5%>n4UH5$MQ{
z;jRddcUEacsMFgN^IJH|OOFFmR;K19yz~7Chr*qBL3y)$&tpA>Uy$7+)(nJa=?ecT
zjfQj~&;qhh)(o%-&kSu*cp^_YscfqH5$zUHhq>esOG*RrOxxi-Sj=`R-yNXDni-5-
zQoX?zgHp8t&6gSaGQ3xjPqR~0Pnuy|;k8cs9g!`)fhx#a73qGQf2rYnMWk=ngLS-7
zekCrl8Qu=BuQd#anXcjhCwC5Mj3Y7g<xZ(#__5SxG9N*jxniusX~+dA#j@%niWqS^
zo%p8tLB!`^f|tDs+5ji|=?~BQ+COHolB~~@9pEv$75iF%zXSdOU?lIYpQ>*wL~Gm-
z$yK@`^yHIhzwJKkB$P;?Zje>_WT=u(p`QeXuP)aA<!$`qwBJjy1`khSbZBX@#fTR=
zL^nO&*>=Jh0GA1w@E&N49I2l5Ak2DhGgS2e1%7EYEm$P_M)XN&&K+#ox7H3Tz{BBM
zJ1M9@`jH3JnKlfkbQ?WL@i4gw4ZL?!M0Kg4Y%WxJhEMJW=+s$sn3(i)ei3&KpMICn
z$2psG_w-0XnMwt&|L#&z*($xVuvQio^Bl}Df|?QRn&dZD17P2%?EW={ZfFM^-jsnK
zHfssNvPQ-GZCH5FFH(w|(vWi$4EBtbX=ibl4CkKCOM&kcNp)0|HcUgeTqI*@;!vn0
zSVi?T{X0m)ZPTLflI`5C7q<Apr(xo+vsZeub}5t^{c)gq-{ZMudsg2X0HGW?QRvFo
zr@zg|OAyU01r1x)9L?zC($pm3Y7Fe%O2^HSx)e)y<KlyVY)GPpc@8hd=Tz&DO=c&r
zc}4bq(5XI;bUEJV+;4!}xcng960XDhZOt!uQWdwPbC_SP^ZNmpUS(2ewHPzuzLArk
z66igirU%&@(9Cv^Yh^eb0Jnb=CY`eg$P2&Ne42=bIW56LPu-9GoO`Aa3Ru2w3et0)
z)2Hy75On9Ckios}im?XShwd#}ENmtmof&@js#s<8#Pl4u-X1|nXLx_`H>q=|)$v-t
zlFQB2TM+HyBB+GEpMhz35}p6_x^Rp+Xi=;rJ%Vu(tO?L(p{L9UT*f_9KZD~R?XgZD
z%3B|F(`*`Xj>O>Xj`R&2eQ^heZY8$yAGoN7sv##(8RGP1s;bS!I=CuM?!Qwf+Dc|Q
z;1jk%+134}^Y;d3c!}Xif{QE)AKj`q;gej3){z*xo^&JJ6omDjw(E**)&H8>gT4N7
z_Q|FUtf|qbS~tvpe)5EGnrwbx$B0BbU@Cw|ws}}4fAHu)ZPf73biYMC@vXtWTPapM
z2$oKy+$&ObaWNr=1ka39b?Aw4^PM_f&UBsQ9p^>y{XMzII`!c;-VFB^=3iFkB;E>F
z3qfLDNwiHA!Qdg~s=aKBb3K~NK-Iw)zvM5!l3dg)^0pE!LUPF~Y+JbA7dU*0?=^8d
zWf+r4^xQbHsHeROg&8(&{tR|cgb``1H`;@H^u&5+e)UXd7v2nbdk|9n0whzaIoCUh
z&;;2SV~=TGvOE5j=bQKhON%En&bEn9J%1810~Bh7kMt=_U;f-?_uCS?pgZ|CY+}~!
z#E66o;l)`G>-7FydQ}jBQuU!hSlmWdCZ|@*>n&;rXw70EiFJM+yBE&eu#=vj#Yv-D
zFk0~N`S|*fbq%&VZ!pUVdGq;Uap25=+bz1t%U$BXZ#^cvT~gsBAF7}tp`kCao<#+;
z%R-D<tk7<~MFSm8^XhROmP`b|zf<?83si$!Z!`SlM{s1L=n6-br&&<yoD}>^o9G-z
zd>*XUj)FXaZ8~DNh#v+ICcl-=BcmM;eoa5AyXF6DbY+8cKjP@iCbZ~7gMCBW8+wX5
ztAf3+WiF0}yCvT$Y$rS97YZAM(rw}`zIatQI|F5=kY>b*-G$2is=z&g_Ae_tHE%l?
zRp|z?r905IgxatWyB}ve6MSlEnv3|BJrygDH0A1MVy1vQh7yt|7d;fb8OfjsdcR1@
zv(n~or#!obkIF$=hkA*u_9ZCNm6cH{HS>YiqvG2?2@#x1mOi0qZ9_sgzpv;3xn}U(
zTmd2!&*f*Bp-r=Y$;sA@`nID&^h@he>e6HL>R`IsMl|^S6k<GKq4pmVgd@2fw!2F%
zQ<puY5<aH%!No#ni_9q+wgx@hOgUqIOR!(;Ue)kE?egRU!@sP1sjs(xgnxH?egsLc
zUV!pigLw~~rNf!>+vAYN*vzz3Rcep$@co-%G$JmKfEXXNM|QeU#<?}x9j+$pALg;-
zoi^43dEMsofOl{+$?cfzpK;%ixN#CoKl-}TKWb2bqLS6c`{6Zrx_ZizL`){dPgUyI
z;r-NaR;d4sDRc9?9iscj9_xi`x6gwPH9<FWLvxS<G7gs#UQ-R1xpYvrS#@7<5`n03
zS6oM}XDsYvU)mf^`G?n)Mo^haet8Mi;*&b*lkwW-p&JYV509+3e881J-R{k$X_jpG
ziat<;c?3*XY-$pb1%xYb7xj4sZN{5yk;18ZAVbBb>^<1!Xf8Zb{a;-V4Dt40@%w2h
zcjkb$4<rJ43hetj=__+;a{f@v)r7X=WeM8DG90v3kG~GI2-uH^I&gniMiT!n5SkZ{
z{2ne{p!lIwIBHMs&MUBdgkWaznegT02szT%t#$&DTo=$z(b+yqe1lQZCv?3r6`0R@
zvLKR2-hY-1+S|6JhXPZa^@7joomxK&NK!B?h|PqyBXs)VPov52`qm5~j$KIgLMN;f
zJXgN3?zj6qsOZaqZ^d2_+#YMXF`eg)6v(Pg=!Pqg2Y34ROS=z{amWF%Mv9OnG=M>L
zP~>k!JuuZOR2YwoAXFBKsMy!RH(30;ynEnb=V8u3KfJr91Z;cM2r)5E3DaZi=DT`6
zlmwgiHR}U1C^;`if7*rr9q@2lW?&7)8(5?3kk5kv_@;XT%I5{(l(hf#`6z)xum%KS
zReb=O#QB|D?nbX-)uV6t!F@k3k*+k5usJa$+c9oPVe;)tg!>I54y6Kvn>c9dPtT3O
zgd+PJ_XUEFn3W<|ph_wd5E=@JdFc7HNxwPuo8C)J{HJM+s}DRMO);MXn78Feml@&G
zJ4I`oOQgcG&IbW`2K2c_HeiErzkRLy9^rNy;ewe%$G6jfe0@tcS|PJTr3Te!lO|y$
z;+<GPsEtU>#Gf7ohRCautpyh>^YTd@D(3msRKqUy%6Vn(=yXbw9Aha>9mCOn?lLOe
z>O*WD)rJWYd=o1MLc=DYosivh3VdeAneq)?B;0_0u-lgbFf?@tw_}Y|#R8ST|4{|c
zP5WQ`sE|pZ$MM$UYG7KUl+$sXkhNnWOL?ksQ|RdNq}|5S?HN+}omcTa2RE*LRgT`a
z@2i?>{Lp$M7)NWm@XqTt|7Jb8QcWgW=U>V>Ajdu2%T@heL?wN>Y526?W02ca*^jyD
zXas6Ge=@>IKL&aC`qzefj&7GvTewtJE+xa?kKbNiNVNtV0FwR3W1z|Evwu)qyoSfD
z-Xppbb5@wtI-g+97N;4iLDX+aJYMVNMEOV^4QmCICF4iYu2?HAkZ7p^P&y~#PVXsl
zgNpxladM1MUg7XgGIK^Js&I3C!bR|kOf=dx?s-US9;Vb*DoGdFmKa6GK}pM?RSedG
zKPU5eA2+dN1>@oYjC<zxwK)-H;f$}wIyNO!Y2S@*B45Xx#$)~jUp?+Y1gR%@ae7$x
zJ&+HFw#VJ5zc0scldVMv@FLdd;2w=~S5SjNCTR_%5tX?o16%85KKuLm{`UgyZiGo~
zGeS(Qup*OhxSwl<(K6QCq4O3u9auMw@U1E52Dso~5~icRpTVjIrzVp{m03**P)Un_
z(&1sJJU@rXGmFt_sn+Q>;RyZ+FV<b}W)Hr(8jVu$5)#Z{J9q~2sd4qc)XCp|AW7tS
zj<HYdGW08=-G*x@$l$y~Dgd74q4U(-PM^D(^&%1Ou0>d-stXc&a24jTRx~%0AeiZx
zVFStVyA{TKJB)|`cBHAt`b}eE1WY8!<v5dRYN7;pcmeFu3!Icnp#9N!*@0X|o8V~`
z-X%9@9Hq9%^Z5(VK-e;)+2O7To=3lxSp}9pCucNVt9;<N84=BEFru?^Si$IXPz9gi
z02%;vA#@7PF)f#+Kucm}n|9SE@TH~ZzHX_3D9A&Mm*jzs!plIWz(ttqZGP-}-~3Pt
zqgyzWA(vLZ$y}4_-n(8Bh`c-`FOHH>u8w7DrUdtnBj^i|y_64wAGOm81%RkpHPo{~
zT!W}ZYx9&xu=ZvHrUl5H*ID_p-)O&4Ny31om%|wQhb>PVySx0n?(&r!#Bal~7L1AZ
zkv1B4z5Hl?iv6*7z>t;pIbI<A&MIfWsH~qNer5Oi>)h@G6?U9yir~O3MQ)-30suX<
z73fMxT##(BT_y7jTIYH1ejN8F?f0<>ak$(^JiKErGdllG-QI?JYiqaIul#VkrjQjx
zKC()dIA-~Z_k4KnKu;|GL$}vdJ6x)+BXC`)_SE|@)B5>dpqU?=F_%y~N_~SSBY)}O
zQSAJMhTq~F{)LwGhV<7sSIrjCLTc6B{fD|=Co?pJVWGM@%l)l0r-ex_kz>*sM`Nx?
zX9!k~#lC?Rm)R?ZY7^b|U^^(8Y+ck46D@ucoBTY(3Fb~Ab5NWS=ETBH5^d9L1#vwo
zT~kf*u{fvd(X7)pm1KTh0w)&y_rhrq0^o}Oo#+L26dt9nkGEca@A%>-PZ_Lj2ZdQ?
zdd3*QAo2=t4Ri;<yJJqW)3m+dvi>#Z?wR4T@hc<<$(T=_=IJ^zYN7lKwWEwhYT?x!
zd@pL=y5y)A4&<k?t=IcOZusshGWz~8)a;=3b%E%;L#zO}7!IPs(`r`h&0Fq+ZCM-p
zghFLdu6L&N48|NKZ$oCG)v8gr+sk!1#@foEy9229l2M&AhsVqQ7YrM%E;heH6HE%s
zUX;rT?Q7Uvv->Sps|cENFRKsYuXhw6#`*e-?3wT($$B^Svm6`T1A$<XpJIwyt-Slm
zs_araxd*(_OHQmL=pflD<wS8FVDdH60;j3Em1>c_B3C6epFHgG3GGv4%&1F!E8_Uf
zF=r&t8$A5YsWTAZO<9NMU8EkEAfX8e`5U%b8Q|nygy1oE-SJbLtLw)A>AjA7E(>O+
zMmXD6$vvH)8*}J!Z*zK8^<!>ZkVR^uf0fGYd4?W_R&?$?nz7JvY0ybh{ibZq+mh{|
zsltfv?fXmiigciszZ63H-EFUOf?x+EazDMX^N~TMz-Aujo<BTdT|UV*BT2CjVX?PB
zQD#AFszSbhAK?%li*v5r_lpl7X~tw3RIBe)`>|ZwiDpX3<*k)FhYc*^^w!l2GZ0c|
zNptcDHF-8`;gJD*ods`{M)YAK+Ll#_i+Z7j*13rzMYnm~&;-CGmsib2(WO`6DycEf
z1taA&pQ_q?hO<R%EEBRMbZv)Ox=22?*dGfopKyHDf1Z#oATZE+K;seVjCxi5jjdLR
z*b?iDY%9Rg#7q7C4X$5<9z@(<mYbO==gxBMD$!^P-0p#naSe21einA`RO@4&c5pT3
zxHqtB(Nr(>T7?SSO1?>jgO3v=HPAKRoulDR6!v5EEmF4R?Qp>0G#E!AeXH%-$+s7H
zt>&akK{M413017tYem{7!9`u^fW9cd+Yk06xQ|XF^qG$J3l6sh1(gMFU)@mdqix-X
zl~pDJ6HmY3tGUP0M(<tS9#?x1dF7sJfn?#T`mD*k_#t)nNTSj;_oE)3Liiu4FzU&5
zKVExPwgtvGXiak|t_?dvbF{xi(d~3+5IZ_KYOC+hJQY8QWEIHzd&+Yrj2)xttLf|M
z<7~%IEyalZap9d8p&sWj&S=r2%~VA(X`MJ+G5%TYR)PzOG%V!Ydo%zs@&osvr|jzn
zc`%&${pJM7`ZqqKe}iHC;9&a{umryYi{FKTRm#KP8;Q%fyGf6VIBo$HFn{<Cv9}I(
zkI8AD*6=;C%j${x+M#Y%k+<NJ)i<)6Mdmmh4xhf~F^WBi#!!oQPdaCs2qG}o&Iv+i
zGtp7F%|<Cs>-{y;?z76C*Z%!+Pfw-j-N&_}&zmscSs%zPW>%tdA#7_cCpNfNqEIp%
zbz)8>s_y=g0uYvw)ojF>!OTp2tNr{<h7v1urZTLNChC+n2x+g6GQiWb*_FJ^o@8W?
zPxRoZ#oKF}eIq2yE%1In0v8Q=;>b(UDj{o{yuq&gjQECy-Aie4+)7`^=&ZUG2aZS6
zvi$t$k25H#?h)7H6??<-#>4Gpi!|%oQ)be}KmI{vDIs+uYtK&|D|J_vO(dHaKCcrD
zKqkAtN*INIfwuTtZSxjt>l*lWbv~k;w%0nT@p;fzuHv^gPemy{9*uNWe<j6_7BR1v
zwEOrwwmK41hee#QbRL9144ewDbb<cy72A5UzsM-kP2Es3qnU3UT7W9Im)eJTU_`X@
zu&DkFn~+m;#FT%hPnJ!oHu6m`xPh4hwT_udo8Blq%wQ1l<Q9XbM*rF%!wcQa8qfSE
zx!qQQU4CDjHYWCpkd4yAbP@Y^r?LJ@6>x<*fz&eAyonO_9o4T~s8rx#;s?x97k;zK
zLC?;{?H)e<Dd4VN^_T*chq2EWUB+0$s3uEZple;P%jEWPgd|t^?&BfsjlnM2gba4S
zedVe=-h-lKqnLivD){2xkfR;Q5ipB9QgP*3wt28yG)${yMEmv!INBmm2AvISza_ya
z)4u^9IKf$wL^;+N1$M8@7uSIbekLs|@0lwa;981BD8uMhz?9FysvUlY-IzsKa6Ggm
zww~Q^pI|LmIR?+*0ZcYL?D2`bzJg}}JdTvu1UcRxb190O)m|n~Rvu+chYO=HUHq`O
zU_{hw?24Y~6O96essBX4&t23NR?)D1n$t1sNlJODKl+L!dD1sWoM8hm($F7KBH@+V
zZtP6BY)K)FXW$TLC_gH%#PHbob9=g~hy=#BRCQyEqnn$_!;F(rc+{{`;C&KA0oGr^
z5PE{R^;pAm&2#vKv716J_L~FdDTK`>t<ndsX6L6TA0EkI{#_uMNp8HLwL{>wWx|s3
z6L03Xh<EU%CTq{<kMN{wvvqd9cO?LA5H6qHj$^-wp59KnI?%#tcKKx4ZAiyc3)ap&
zcRm&1RDH)DJ=h_5|HixhMV?`LCz5UNnHm$gwP;!_kvYs)EPLkoA?;rsuv3r;b*-J8
z6`oL&j#g>3V^pWUxk2{c2z3!A3~4#TPOB)2r>`sP<J#0lSPwZV$jsaTT3)Ec;4a7l
zdqj!t8%5nAdC%y^;jLiv;V#BDUpd@w%DPlF=(QaVSqk3#VFyh3)6$h{=0)bbwW1~h
zkdh}2)nXHBqW{7jju+mE)<-M9>OooR+B}FrE;m0I7X236yaxkXt%?CGihl~u1+w4=
z-Mn=*X<vF+7w5V|xF25)zTBiiEU?Cgy7`-jAK<Tc;_Gm(`r^6()H&x)i&OP3n!)md
zly(`uF*@aR87%;PZT^>o%72SqD;bQpf@jdy1-FvlhxfiH-TJe}y-<O~H)QrNH2t41
zMqaYKw?|3d-`7)Ht6{F|kMfvuVaPc3K>cGN>Yjr*JP{w@g}s}7nxwr<t&@nrfO)XT
zW#-6zA9kGX_>Loj{XrWin-ev`nkTqmwhq2^(o+t61)xCxQ<Qnxp7sxrw8JV$JF<wQ
zgM9bWUcDl^0m^FQtuNDZ2j`gQjrmM<Q%x!1xy(vt&H)xac1R{lzLV~~T{1?8)}NZc
zB>6RM>NBNiw?%3ng-B1C%Q*v(7-3fbAW^%gKe!<8w0c2gy#BD!GYW^V`OX80uDK7d
z8&X`V5)v#@>DYB9`Vnms{MaigbhTw<tHG}0p#X98pA4871R^$mQ`?=o`nGC!nGQ3F
z<Ba~aU)5kBI;p<Wz6IlKhW#^4+8sVNk3efFJfqZ3=XV$HR1@m&9GO#dSbU<EqOD-p
zNVl!#Wp)g+us9;P45-Z3g36`JpZ(H|^%G1#KnNvColdOb>C>^nZ}SZ`-B}rPtxDj}
z^Gt7E6>BreFg#$ylk9h*;>bSLy<&$#l7E2ON&A;@J|I{S!%{ylXB8Q*_BExxMynLh
z)M1>8q;|-0RRM?UCyr=o*ny9$I;{m-==kkYO(W%VHo)N)p<j1Xt*zrPi!^6h_L5=C
z<gXgU9|r3fIA+~ugChd*xB1<8;`j?F{0#=s-gkTH4AM}U@rM&fykYs*o^8W6o^W=P
z=_5;#VN8)Fb=W#+xdCu$nifk*a-;7ZQf{4^ZBLj=(}79&0gkm*?)a+>9*ZJ{VT?<p
zmU`;IIv&M|EHLNvaFm<BLmmAj3%>?w!Xy-=j){Vpj1BLaIv8#g-+r|?+ANF9%csC@
zSh58~WdCHx?}4*zSoP=pmKml#DrNp!d9bdh6zeSGt8vi#&@*6Pgexgx*#9Y6Zl2b<
zJadOLZc~)SkPug1Yph}KV0Wz)himZ^qmSrRDgguAMvRK7pGr`~VJZ{;#7n|VJw6fI
zC*w~V@9s22-wUF$Z{zf#NDy?f#NjYYTX3UIlbHzXirsJr5TV~)m;o=Y?d-PBQ<&<x
zJ?=-%Uvhj&5wkO8Y9G%#@8s7#o$<7y%zOE3w5U~(`7~ORgHB6bX4LOt{T&QP7Jz?L
zHx+2m9{03G+!i@k;Ls!vYO7v&*z`e;T#&1+yUDF2^tafj5QU)M#@f*B^r^G(Ls~+{
z2N8?pE8+9@s;87p%P8XmgiMK4OycO}x{jXAD+905wAl=0FQ0m0`EW}S)1sb$1xO61
zs`P`04pGCL_H_$Q9Mu+dGRho8M^>#Ya=-Jx(Ug#tT1F!IZSS2C^K&&7{F0Cjub_<k
zKGFZ@;oW%f5G+#_R%c-%S}x5tho5Nk%7nqt0J+jK=15LHM1l;S8yA<CId8Y~SDwXA
z-D>!0cKIFgEC8;JlvdW;2;-IOo0lV5-`8*+G8wmVzf?7EY9OxzQw{>lFNa#(O{W@A
z2*vJ`5T=p>gzOStvEcS8;gY;@S?DN(HDByUx<cjr6^LNYZrjq+z-ICAxi+8j8Ct{5
z`e!HP2`wMc{=`}CeodWr-Y=_`77z!-A%qjviL9D&`R=+eZUKs)^YowvLm@Ewu*!03
z<u>cY%Otb!Yw~UVp0Nm#W!$BwdOlG~2b;^tVPPeQlkMWTZdHcvtl|0(ahaQvCbCEM
zxPLt)AO#_R(+-1*g`73%orIq+JY;nj)SMOj)l)_iwgCF_0lk`RSW3Q8fYc1zke7sY
z=4Oesq?{)aiIK%&D4aQ+MV>K%`j&PbLxRFg0v(VHO;?FOF`z`?cM8~>mWP+>l&kSN
zh^p~XFT=jNvv(1t8D};m5kj#E#6N<_NrDHDBt&(^MOxXcp1a`=ykYqlK)tigp#NUT
zV$5v)g*p5A3v}NTVKJq>4?=$}HzXJS)1?%zJNms}g}Y1e>VmR{(w{>mB@p~vp1UZ<
z<WWD?_?t|iyCR%8a3Y~6?8je|7~ytYp<3ia$Lvjem?O?au!g{DajkpUAoTYz3|H*)
zzZ0!i{tKP_?$q+X_fa52`SsS%kZa(dV^q!Hms7{2xxLd2+X5{)>Z^BnJwAw|uth-N
z^&907_G{NSt+ZnbhHj%ch+(ArCC*g{^zt^iLN2Ni&v`0>u>6>0?to6`H^87D=%{?;
zwX~D;CHOr(X<mx=90ATMhBtryW_}X3Wx{4>GvAG`<^~NR%t5V5*Jg^E<%a%{CLb#(
zO!QXZ+&+fpOo7@;gQO+A!O;k5)owwND>B1_peJ=>zyeoX6qOC6Sb4uD)`<~hFI=AR
z*LaFVxjId5x*>(WRPNlGI|PW;`=SZ1GwEXEoKJ@2_`u5~QgeM;bE)v};#;Av_KV~R
z3?|>JNUjP7unj^Y-Z;+abXW&rarE6`6s67zE~g8I<g~P_oRLPpsXw4U(P(1c;(^*2
zA3A$q2PpYgC&{8ds*kzxJdiCEF7%6hGBIRn(rs8nkW0LNac<<>lmmBst_*_z`%h2Z
zs$_)O5_KCd#wv#=qNcvp^dmkpH2ZXdae(!qUSFSMc&f-n^Y7(tkQ*`Hcj~^AzdVVc
zq$ibEqf^K6-vbloJwN6bxeDT9OD9p8;+D2B%mD&EQLvO+*IP%AXEB9x{`0eyF@0{b
zeVF8Dip-9DYrlV6mQ>$6AupQL2l9ofzsgqTJjyE|(|ZznrA8QNI^8e~_`rRPb)evE
z0t(VnzT97c3V#I}C(PQtgKc&zFl-;=xQ*GeC0cTpb*hIonV!^vlX8_)UiI#Nc_<lS
zc^+N`>I8}0=P;x1RruF7<z-GSRjSL@HJDs23mN`yzFzF=Ds`f2WNrl>T~phmmup~j
zx@rEa1OD%w#Q*n37EsTbDl_AJ)4z_8U)Z`PT0?2Fac1X!9+nplhQ#b2vHB`Hm-sqf
zJAewb$s#HzfhhXF$cC+vnq~3itBh#f!BqCUNA%Hzo4R0+Vu%cK?gx+_{_Xn%J;`qZ
zeXg=yyF=S{2&UF+Pd;@<IbkE`oKgP}1SBHk<ro#_cq`g>-y}!5kD~ucznH7%IF?p#
z%=sFtu~+P6n-NLgtFfwx4^c$rY@B=6nz~aPX7LIN9&d_HgH;SLX2q`;$tbv}cXYj|
zCmznLc%iX(GeG}qXfB84+FF&~(~#_#QI@8_S*Q%8&L%t7`8(;;dnl@Y_)XAk+BC<>
zLC33_$oXjy`uL)LWzH-{R0aPg<@fMl0D3bi?k{W3)!@*o|CF$pf*yXKg*(lzLbfr&
zsX}x9n;QkuFq<4}|GmzxPfo^G9JXc0+QSv<`OR=Cl-!B%Qepna3ZrKe-vXb`;hRjX
zS2=p0EwnkgO>#z1ztZL$=rG55)rlkf!RkQzs!4vRB8`8hyAK<f>f|ef6%G~|1m^R(
zesoM3dnw0l)11mTxK}iFUf~nKud5fdK3g3!jcdWW%Ib+Z2H+wOUS#>Tdhxwi{Vt=f
z{3^kKGKkn?%gE8ad~Hybt5Kq&W(8`uQ}XC4p>*(r@+qOM&iq{YIQD8|M$4c;0Q}W>
zvaj(e*e}dznW>1&=GoC#Cqwj88t`<%9kxulq?P0qNT9XiFIP`@T9y~|eKM9@D{iW)
z2h0gXmKs)X$gZAJY<kX-$qXU^h)B12AFe^io9!aaGN6B@G-s^~K;kdMd?m7X<h^Om
zRmxSkiE0J#yqYHM1dDPi2ovgbdrV$fid5D-Uz*s6R_^Xm8UpJAgh(olG1*FnJKlQN
zGD|nJGKqsV<qPz>V-34%-8I!*Trx%wRr6%~MZ<^*{Y>AV=937|NrW9Vznzq8!of|u
zlD$qSJ*UXR%5Dvs53f8~cyetY_F=+>FQ029cz%^Jm5~wW`wd}}w6b(y?H6(SQP!Gx
z*^BzZ_2T0!MSm2HsdjsKp19SE139>8H@sEViXtJDYYJ8nIc_-eb3YQjyDWP7GuIbA
zn73&&VhSCayB;}QbS490v5X@-H!5@<dtGsRjYlw&?+4TZcg4i2LZ>vjU3rf;et<n=
zV;P$45=)ydW~r=wZS|PoX&UYV`47?b)8)^oYnn^5G&t@D1-q!TKqhz@xy(#*HF6zU
z1YVmO51NC)XWx2Jl2w4hE6z>xdnD`9$T_A%!*K(g9<I2wTOMW~d6;HzL3zK!RriY+
zbGL$$ZR|3yuEntt@oIf;0m_R$1DTZz=)j0#(`)Qg<H=hdWa~7^*-{M(I2!+)yv`4<
z3v&FLOI)f>j5G>ebwV}tg)5l)7A|Ib{y>z~=)bUHT9dAmVxKX@>8a=^F}8b?8m%MO
zyhxG<yjnoXrA_SUjPL4}xG`lpsWPmEtp2!mw~Z)&o1VXWRGLhD)mG`s<kUa4wQb2g
zYDj)~?GJMFudN=9^eEUsk6=t!2~YotQox!o%B$;L-1yTU1$%Y4UD2=3?2<2YCi_8q
zEcf)rS;6Y9)fibLu%KDhwQKJU3~a)F_h`EoXd?OB;DUCy>*<bQ$IQpjtDCfR2}xYf
zymHlcmzl+!5R1kC5WzBbj>Ez1{QOmqEyg<}=4MuBJ!^u-(TxW|X=4R@+h!8}%*4-r
z%*A4f3hn4|!i|H#6~p-JX$-xzO1H0hGOnZHjHwJEy2)q<MQ0g0YpJ=6r$bA2MHE_{
zY#qRuW%wFFPLG3(KU&4S*m+9%ECwrm4<?J6HdMT9r{0d9t}z<yDj4wa>OKSXqoNJy
zV@_S6Ua{?M<=hzox9V^`9cDC#lgY3}-J)lK_WL7-0=61$uHXKd=sYw|WTL+j!Tvs0
z-ATT-xOY!#Q244-AqQ6dk=L9<>k8ga8C}S`khbG3i-;J`bL-LU8P@~hvzS)gHD;u|
z^8}Xn_Pt>7QsVa`RzD`swVNC`KO*R^d59ANSe;4x_X>YCU+ixXg>mg`GAkSYa+X4(
z?6LkBHtRSj!nUOz|E?p8>PcNe>b?fmN!bixexiM_+<y0}WvtJJm*Wg-<DA9>aM_E5
zyU#rVwUs+`JgTDoh5~BK%1yiKemQ|ymLBd=^?G06+eoe!GR7bt*Bt?}kc2?`qKAd1
zG{cQ>C-Il^;H7Uqd0pN11W4XdnP!f=!Y*V*$YcPfz|gs*zgq80btF0u)l&Ve8GLge
zRvAr2d`IW=c2W@(^y*acnk!!ETGd!etxn&&m-=htU`&}LnW;q^XQIPvbwD`Wonohm
znZMWw7ein&Upz%ngZ*v|&<4UE3UZbix#rc$fpsZ%yna#uZP9HUfft%RE6tr%>sl&$
zJ{^q|$K=IkJ@R^!)og5>{ZltWgzh6TMU4?|#T{Ve*KM~+=2TpG{$24ZU1NX0KI*?P
z&ENRjf4Qu{+siPnYbsAQ#<|N?ul6_R@;9^QH~-^5_Hm6V>hl)g1=F=Hwv}d^Yr^Gs
zml+T^Qv&GFzxfhv^v2{{IJ<*3nlG-<OaA-WmfnNxm$1qLft#axWdsF{JFbxvmB|MU
zA0m&Z_lS7GKy{|7>0X1@za2B3WH>XX_n8tm+y}E(l|wl7`K$dJ%02QC%zgjT(ls89
zMLLGWe4{M&)7opsBmqLY2O%{iL_O}6C}t8cMD;(|c_(NW`aH*W3{c0_$JqU>?X$H7
z{yA5J%?`xcvqe{2Q0|uL7a|T?$ZON=l|JI65zPja4{kg<&uZ)VnA=z~XKr6TCR0eL
zTz-=-ZQLE>+z_+!^lZHwdx~u9?LCOq$IEjZ+=%IGUl*9ZB&1euFss^v-Uk0A_Beqk
z0aF4adDz-t$Hjo`juB4ilwO;2xOcP-$NJ-zTJOTT_HZGVt^_#v!Sh<`@mO-^7F6DM
zkII~!&}0P?ndiY5AO3KF2d%)vuVmWygh5+j&!J=NorN^oA28=z%sE@Eeo!YfnW1J?
zXfSgx|F<W^{Gc#`e#Io~o`jg96NT2gPLy$B*w~wf`*vrVg|VS`(ggXSskl5mu)d}n
zTp;_EjH~AwF!%sy_kY#>H5$-*)^^*qnDgJD^Z)<x4=?UNmazzS8?{aR_*Gzor#HlX
z)Ha#qsAvJgjfA$jTK`YqA^1OdePP$H^O;{DE8CuwGlbul8^Av)artKjqWWI{2ceAU
AB>(^b


From df275d29908f7b5b23deea6910792974f2a0c8d8 Mon Sep 17 00:00:00 2001
From: Jeff Borsecnik <v-jeffbo@microsoft.com>
Date: Tue, 30 Jun 2020 08:54:34 -0700
Subject: [PATCH 321/331] fix spelling "tunnelling"

---
 windows/deployment/update/waas-delivery-optimization.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md
index 8101b52a2d..b788f2aa7c 100644
--- a/windows/deployment/update/waas-delivery-optimization.md
+++ b/windows/deployment/update/waas-delivery-optimization.md
@@ -145,7 +145,7 @@ If the connection is identified as a VPN, Delivery Optimization will suspend upl
 
 If you have defined a boundary group in Configuration Manager for VPN IP ranges, you can set the DownloadMode policy to 0 for that boundary group to ensure that there will be no peer-to-peer activity over the VPN. When the device is not connected via VPN, it can still leverage peer-to-peer with the default of LAN.
 
-With split tunnelling, make sure to allow direct access to these endpoints:
+With split tunneling, make sure to allow direct access to these endpoints:
 
 Delivery Optimization service endpoint:
 - `https://*.prod.do.dsp.mp.microsoft.com`

From 7e2d165d2294bc425c9f3fe833bb287811350951 Mon Sep 17 00:00:00 2001
From: jcaparas <macapara@microsoft.com>
Date: Tue, 30 Jun 2020 09:27:44 -0700
Subject: [PATCH 322/331] update link

---
 .../microsoft-defender-atp/android-configure.md               | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-configure.md b/windows/security/threat-protection/microsoft-defender-atp/android-configure.md
index 7ea09555f6..5d49c1c34d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/android-configure.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/android-configure.md
@@ -43,8 +43,8 @@ Microsoft Defender ATP for Android enables admins to configure custom indicators
 ## Configure web protection
 Microsoft Defender ATP for Android allows IT Administrators the ability to configure the web protection feature. This capability is available within the Microsoft Endpoint Manager Admin center.
 
-For more information, see [Configure web protection on devices that run Android](https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection).
+For more information, see [Configure web protection on devices that run Android](https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection#configure-web-protection-on-devices-that-run-android).
 
 ## Related topics
 - [Overview of Microsoft Defender ATP for Android](microsoft-defender-atp-android.md)
-- [Deploy Microsoft Defender ATP for Android with Microsoft Intune](android-intune.md)
\ No newline at end of file
+- [Deploy Microsoft Defender ATP for Android with Microsoft Intune](android-intune.md)

From 13f5490faab237bbb1b7d74af43b80e449ee5aa0 Mon Sep 17 00:00:00 2001
From: mapalko <mapalko@microsoft.com>
Date: Tue, 30 Jun 2020 09:49:43 -0700
Subject: [PATCH 323/331] updates for ADFS issues

---
 .../hello-cert-trust-adfs.md                  | 53 +++++++++++++------
 .../hello-hybrid-cert-whfb-settings-adfs.md   | 24 +++++++--
 2 files changed, 55 insertions(+), 22 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
index a51e3b166f..bb872213ba 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
@@ -19,10 +19,10 @@ ms.reviewer:
 # Prepare and Deploy Windows Server 2016 Active Directory Federation Services
 
 **Applies to**
--   Windows 10, version 1703 or later
--   On-premises deployment
--   Certificate trust
 
+- Windows 10, version 1703 or later
+- On-premises deployment
+- Certificate trust
 
 Windows Hello for Business works exclusively with the Active Directory Federation Service role included with Windows Server 2016 and requires an additional server update.  The on-premises certificate trust deployment uses Active Directory Federation Services roles for key registration, device registration, and as a certificate registration authority.
 
@@ -36,7 +36,19 @@ Ensure you apply the Windows Server 2016 Update to all nodes in the farm after y
 
 A new Active Directory Federation Services farm should have a minimum of two federation servers for proper load balancing, which can be accomplished with an external networking peripherals, or with using the Network Load Balancing Role included in Windows Server.
 
-Prepare the Active Directory Federation Services deployment by installing and updating two Windows Server 2016 Servers.  Ensure the update listed below is applied to each server before continuing.    
+Prepare the Active Directory Federation Services deployment by installing and updating two Windows Server 2016 Servers.  Ensure the update listed below is applied to each server before continuing.
+
+> [!NOTE] For AD FS 2019, if Windows Hello for Business with a Hybrid Certificate trust is performed, a known PRT issue exists. You may encounter this error in ADFS Admin event logs: Received invalid Oauth request. The client 'NAME' is forbidden to access the resource with scope 'ugs'. To remediate this error:
+>
+> 1. Launch AD FS management console. Brose to "Services > Scope Descriptions"
+> 2. Right click "Scope Descriptions" and select "Add Scope Description"
+> 3. Under name type "ugs" and Click Apply > OK
+> 4. Launch Powershell as Administrator
+> 5. Execute the command "Get-AdfsApplicationPermission". Look for the ScopeNames :{openid, aza} that has the ClientRoleIdentifier Make a note of the ObjectIdentifier.
+> 6. Execute the command "Set-AdfsApplicationPermission -TargetIdentifier <ObjectIdentifier from step 5> -AddScope 'ugs'
+> 7. Restart the ADFS service.
+> 8. On the client: Restart the client. User should be prompted to provision WHFB.
+> 9. If the provisioning window does not pop up then need to collect NGC trace logs and further troubleshoot.
 
 ## Update Windows Server 2016
 
@@ -52,19 +64,21 @@ Sign-in the federation server with _local admin_ equivalent credentials.
 Windows Hello for Business on-premises deployments require a federation server for device registration, key registration, and authentication certificate enrollment.  Typically, a federation service is an edge facing role.  However, the federation services and instance used with the on-premises deployment of Windows Hello for Business does not need Internet connectivity.  
 
 The AD FS role needs a server authentication certificate for the federation services, but you can use a certificate issued by your enterprise (internal) certificate authority.  The server authentication certificate should have the following names included in the certificate if you are requesting an individual certificate for each node in the federation farm:
-* Subject Name: The internal FQDN of the federation server (the name of the computer running AD FS)
-* Subject Alternate Name: Your federation service name, such as *fs.corp.contoso.com* (or an appropriate wildcard entry such as *.corp.contoso.com)
-* Subject Alternate Name: Your device registration service name, such as *enterpriseregistration.contoso.com*
+
+- Subject Name: The internal FQDN of the federation server (the name of the computer running AD FS)
+- Subject Alternate Name: Your federation service name, such as *fs.corp.contoso.com* (or an appropriate wildcard entry such as *.corp.contoso.com)
+- Subject Alternate Name: Your device registration service name, such as *enterpriseregistration.contoso.com*
 
 You configure your federation service name when you configure the AD FS role. You can choose any name, but that name must be different than the name of the server or host. For example, you can name the host server **adfs** and the federation service **fs**.  The FQDN of the host is adfs.corp.contoso.com and the FQDN of the federation service is fs.corp.contoso.com.
 
 You can; however, issue one certificate for all hosts in the farm.  If you chose this option, then leave the subject name blank, and include all the names in the subject alternate name when creating the certificate request.  All names should include the FQDN of each host in the farm and the federation service name.  
 
-It’s recommended that you mark the private key as exportable so that the same certificate can be deployed across each federation server and web application proxy within your AD FS farm. Note that the certificate must be trusted (chain to a trusted root CA). Once you have successfully requested and enrolled the server authentication certificate on one node, you can export the certificate and private key to a PFX file using the Certificate Manager console. You can then import the certificate on the remaining nodes in the AD FS farm. 
+It’s recommended that you mark the private key as exportable so that the same certificate can be deployed across each federation server and web application proxy within your AD FS farm. Note that the certificate must be trusted (chain to a trusted root CA). Once you have successfully requested and enrolled the server authentication certificate on one node, you can export the certificate and private key to a PFX file using the Certificate Manager console. You can then import the certificate on the remaining nodes in the AD FS farm.
 
 Be sure to enroll or import the certificate into the AD FS server’s computer certificate store.  Also, ensure all nodes in the farm have the proper TLS server authentication certificate.
 
 ### Internal Web Server Authentication Certificate Enrollment
+
 Sign-in the federation server with domain administrator equivalent credentials.
 
 1. Start the Local Computer **Certificate Manager** (certlm.msc).
@@ -84,9 +98,10 @@ A server authentication certificate should appear in the computer’s Personal c
 ## Deploy the Active Directory Federation Service Role
 
 The Active Directory Federation Service (AD FS) role provides the following services to support Windows Hello for Business on-premises deployments.
-* Device registration
-* Key registration 
-* Certificate registration authority (certificate trust deployments)
+
+- Device registration
+- Key registration 
+- Certificate registration authority (certificate trust deployments)
 
 >[!IMPORTANT]
 > Finish the entire AD FS configuration on the first server in the farm before adding the second server to the AD FS farm.  Once complete, the second server receives the configuration through the shared configuration database when it is added the AD FS farm. 
@@ -94,6 +109,7 @@ The Active Directory Federation Service (AD FS) role provides the following serv
 Windows Hello for Business depends on proper device registration.  For on-premises deployments, Windows Server 2016 AD FS handles device registration.
 
 Sign-in the federation server with _Enterprise Admin_ equivalent credentials.
+
 1. Start **Server Manager**.  Click **Local Server** in the navigation pane.
 2. Click **Manage** and then click **Add Roles and Features**.
 3. Click **Next** on the **Before you begin** page.
@@ -107,12 +123,13 @@ Sign-in the federation server with _Enterprise Admin_ equivalent credentials.
 ## Review
 
 Before you continue with the deployment, validate your deployment progress by reviewing the following items:
-* Confirm the AD FS farm uses the correct database configuration.
-* Confirm the AD FS farm has an adequate number of nodes and is properly load balanced for the anticipated load.
-* Confirm **all** AD FS servers in the farm have the latest updates.
-* Confirm all AD FS servers have a valid server authentication certificate    
-    * The subject of the certificate is the common name (FQDN) of the host or a wildcard name.
-    * The alternate name of the certificate contains a wildcard or the FQDN of the federation service
+
+- Confirm the AD FS farm uses the correct database configuration.
+- Confirm the AD FS farm has an adequate number of nodes and is properly load balanced for the anticipated load.
+- Confirm **all** AD FS servers in the farm have the latest updates.
+- Confirm all AD FS servers have a valid server authentication certificate.
+    - The subject of the certificate is the common name (FQDN) of the host or a wildcard name.
+    - The alternate name of the certificate contains a wildcard or the FQDN of the federation service.
 
 ## Device Registration Service Account Prerequisite
 
@@ -130,6 +147,7 @@ GMSA uses the Microsoft Key Distribution Service that is located on Windows Serv
 #### Create KDS Root Key
 
 Sign-in a domain controller with _Enterprise Admin_ equivalent credentials.
+
 1. Start an elevated Windows PowerShell console.
 2. Type `Add-KdsRootKey -EffectiveTime (Get-Date).AddHours(-10)`
 
@@ -140,6 +158,7 @@ Windows Server 2008 and 2008 R2 domain controllers do not host the Microsoft Key
 #### Create an AD FS Service Account
 
 Sign-in a domain controller or management workstation with _Domain Admin_ equivalent credentials.
+
 1. Open **Active Directory Users and Computers**.
 2. Right-click the **Users** container, Click **New**. Click **User**.
 3. In the **New Object – User** window, type **adfssvc** in the **Full name** text box.  Type **adfssvc** in the **User logon name** text box.  Click **Next**.
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md
index 328c9513bf..a531963fac 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md
@@ -19,12 +19,14 @@ ms.reviewer:
 # Configure Windows Hello for Business: Active Directory Federation Services
 
 **Applies to**
--   Windows 10, version 1703 or later
--   Hybrid deployment
--   Certificate trust
+
+- Windows 10, version 1703 or later
+- Hybrid deployment
+- Certificate trust
 
 ## Federation Services
-The Windows Server 2016 Active Directory Federation Server Certificate Registration Authority (AD FS RA) enrolls for an enrollment agent certificate. Once the registration authority verifies the certificate request, it signs the certificate request using its enrollment agent certificate and sends it to the certificate authority. 
+
+The Windows Server 2016 Active Directory Federation Server Certificate Registration Authority (AD FS RA) enrolls for an enrollment agent certificate. Once the registration authority verifies the certificate request, it signs the certificate request using its enrollment agent certificate and sends it to the certificate authority.
 
 The Windows Hello for Business Authentication certificate template is configured to only issue certificates to certificate requests that have been signed with an enrollment agent certificate.
 
@@ -45,7 +47,6 @@ Sign-in the AD FS server with *Domain Admin* equivalent credentials.
     >[!NOTE]
     > If you gave your Windows Hello for Business Enrollment Agent and Windows Hello for Business Authentication certificate templates different names, then replace **WHFBEnrollmentAgent** and WHFBAuthentication in the preceding command with the name of your certificate templates.  It's important that you use the template name rather than the template display name.  You can view the template name on the **General** tab of the certificate template by using the **Certificate Template** management console (certtmpl.msc).  Or, you can view the template name by using the **Get-CATemplate** ADCS Administration Windows PowerShell cmdlet on a Windows Server 2012 or later certificate authority.
 
-
 ### Group Memberships for the AD FS Service Account
 
 The Windows Hello for Business group provides the AD FS service with the permissions needed to enroll a Windows Hello for Business authentication certificate on behalf of the provisioning user.
@@ -63,7 +64,20 @@ Sign-in a domain controller or management workstation with _Domain Admin_ equiva
 6. Click **OK** to return to **Active Directory Users and Computers**.
 7. Restart the AD FS server.
 
+> [!NOTE] For AD FS 2019, if Windows Hello for Business with a Hybrid Certificate trust is performed, a known PRT issue exists. You may encounter this error in ADFS Admin event logs: Received invalid Oauth request. The client 'NAME' is forbidden to access the resource with scope 'ugs'. To remediate this error:
+>
+> 1. Launch AD FS management console. Brose to "Services > Scope Descriptions"
+> 2. Right click "Scope Descriptions" and select "Add Scope Description"
+> 3. Under name type "ugs" and Click Apply > OK
+> 4. Launch Powershell as Administrator
+> 5. Execute the command "Get-AdfsApplicationPermission". Look for the ScopeNames :{openid, aza} that has the ClientRoleIdentifier Make a note of the ObjectIdentifier.
+> 6. Execute the command "Set-AdfsApplicationPermission -TargetIdentifier <ObjectIdentifier from step 5> -AddScope 'ugs'
+> 7. Restart the ADFS service.
+> 8. On the client: Restart the client. User should be prompted to provision WHFB.
+> 9. If the provisioning window does not pop up then need to collect NGC trace logs and further troubleshoot.
+
 ### Section Review
+
 > [!div class="checklist"]
 > * Configure the registration authority.
 > * Update group memberships for the AD FS service account.

From fbd9eea53540a4ff638f866178f6e2d907bed0ae Mon Sep 17 00:00:00 2001
From: Tina Burden <v-tibur@microsoft.com>
Date: Tue, 30 Jun 2020 10:11:06 -0700
Subject: [PATCH 324/331] pencil edit

---
 .../microsoft-defender-atp/android-configure.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-configure.md b/windows/security/threat-protection/microsoft-defender-atp/android-configure.md
index 5d49c1c34d..182bb5e356 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/android-configure.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/android-configure.md
@@ -29,7 +29,7 @@ Directory enables enforcing Device compliance and Conditional Access policies
 based on device risk levels. Microsoft Defender ATP is a Mobile Threat Defense
 (MTD) solution that you can deploy to leverage this capability via Intune.
 
-For more infomation on how to setup Microsoft Defender ATP for Android and Conditional Access, see [Microsoft Defender ATP and
+For more information on how to setup Microsoft Defender ATP for Android and Conditional Access, see [Microsoft Defender ATP and
 Intune](https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection#configure-web-protection-on-devices-that-run-android).
 
 

From 439ef0410a10263ea694a03f65981e9aaed74b4d Mon Sep 17 00:00:00 2001
From: mapalko <mapalko@microsoft.com>
Date: Tue, 30 Jun 2020 10:58:25 -0700
Subject: [PATCH 325/331] updates for ADFS issues

---
 .../hello-for-business/hello-cert-trust-adfs.md                | 3 ++-
 .../hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
index bb872213ba..95732e8c2e 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
@@ -38,7 +38,8 @@ A new Active Directory Federation Services farm should have a minimum of two fed
 
 Prepare the Active Directory Federation Services deployment by installing and updating two Windows Server 2016 Servers.  Ensure the update listed below is applied to each server before continuing.
 
-> [!NOTE] For AD FS 2019, if Windows Hello for Business with a Hybrid Certificate trust is performed, a known PRT issue exists. You may encounter this error in ADFS Admin event logs: Received invalid Oauth request. The client 'NAME' is forbidden to access the resource with scope 'ugs'. To remediate this error:
+> [!NOTE]
+>For AD FS 2019, if Windows Hello for Business with a Hybrid Certificate trust is performed, a known PRT issue exists. You may encounter this error in ADFS Admin event logs: Received invalid Oauth request. The client 'NAME' is forbidden to access the resource with scope 'ugs'. To remediate this error:
 >
 > 1. Launch AD FS management console. Brose to "Services > Scope Descriptions"
 > 2. Right click "Scope Descriptions" and select "Add Scope Description"
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md
index a531963fac..5f9afbda34 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md
@@ -64,7 +64,8 @@ Sign-in a domain controller or management workstation with _Domain Admin_ equiva
 6. Click **OK** to return to **Active Directory Users and Computers**.
 7. Restart the AD FS server.
 
-> [!NOTE] For AD FS 2019, if Windows Hello for Business with a Hybrid Certificate trust is performed, a known PRT issue exists. You may encounter this error in ADFS Admin event logs: Received invalid Oauth request. The client 'NAME' is forbidden to access the resource with scope 'ugs'. To remediate this error:
+> [!NOTE] 
+>For AD FS 2019, if Windows Hello for Business with a Hybrid Certificate trust is performed, a known PRT issue exists. You may encounter this error in ADFS Admin event logs: Received invalid Oauth request. The client 'NAME' is forbidden to access the resource with scope 'ugs'. To remediate this error:
 >
 > 1. Launch AD FS management console. Brose to "Services > Scope Descriptions"
 > 2. Right click "Scope Descriptions" and select "Add Scope Description"

From 4a885ff7aebe59b5d26c04c47066976ae89cfde1 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Tue, 30 Jun 2020 13:56:13 -0700
Subject: [PATCH 326/331] Corrected spelling, adding end punctuation

---
 .../hello-hybrid-cert-whfb-settings-adfs.md        | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md
index 5f9afbda34..00c8e2e6f2 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md
@@ -58,8 +58,8 @@ Sign-in a domain controller or management workstation with _Domain Admin_ equiva
 
 1. Open **Active Directory Users and Computers**.
 2. Click the **Users** container in the navigation pane.
-3. Right-click **Windows Hello for Business Users** group
-4. Click the **Members** tab and click **Add**
+3. Right-click **Windows Hello for Business Users** group.
+4. Click the **Members** tab and click **Add**.
 5. In the **Enter the object names to select** text box, type **adfssvc** or substitute the name of the AD FS service account in your AD FS deployment.  Click **OK**.
 6. Click **OK** to return to **Active Directory Users and Computers**.
 7. Restart the AD FS server.
@@ -67,12 +67,12 @@ Sign-in a domain controller or management workstation with _Domain Admin_ equiva
 > [!NOTE] 
 >For AD FS 2019, if Windows Hello for Business with a Hybrid Certificate trust is performed, a known PRT issue exists. You may encounter this error in ADFS Admin event logs: Received invalid Oauth request. The client 'NAME' is forbidden to access the resource with scope 'ugs'. To remediate this error:
 >
-> 1. Launch AD FS management console. Brose to "Services > Scope Descriptions"
-> 2. Right click "Scope Descriptions" and select "Add Scope Description"
-> 3. Under name type "ugs" and Click Apply > OK
-> 4. Launch Powershell as Administrator
+> 1. Launch AD FS management console. Browse to "Services > Scope Descriptions".
+> 2. Right click "Scope Descriptions" and select "Add Scope Description".
+> 3. Under name type "ugs" and Click Apply > OK.
+> 4. Launch Powershell as Administrator.
 > 5. Execute the command "Get-AdfsApplicationPermission". Look for the ScopeNames :{openid, aza} that has the ClientRoleIdentifier Make a note of the ObjectIdentifier.
-> 6. Execute the command "Set-AdfsApplicationPermission -TargetIdentifier <ObjectIdentifier from step 5> -AddScope 'ugs'
+> 6. Execute the command "Set-AdfsApplicationPermission -TargetIdentifier <ObjectIdentifier from step 5> -AddScope 'ugs'.
 > 7. Restart the ADFS service.
 > 8. On the client: Restart the client. User should be prompted to provision WHFB.
 > 9. If the provisioning window does not pop up then need to collect NGC trace logs and further troubleshoot.

From 45d4f94ea39342eee62d9ae03f6e4b8ec50e3619 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Tue, 30 Jun 2020 14:07:13 -0700
Subject: [PATCH 327/331] Applied note style, added end punctuation

---
 .../hello-cert-trust-adfs.md                  | 53 ++++++++++---------
 1 file changed, 27 insertions(+), 26 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
index 95732e8c2e..d4c919784d 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
@@ -41,12 +41,12 @@ Prepare the Active Directory Federation Services deployment by installing and up
 > [!NOTE]
 >For AD FS 2019, if Windows Hello for Business with a Hybrid Certificate trust is performed, a known PRT issue exists. You may encounter this error in ADFS Admin event logs: Received invalid Oauth request. The client 'NAME' is forbidden to access the resource with scope 'ugs'. To remediate this error:
 >
-> 1. Launch AD FS management console. Brose to "Services > Scope Descriptions"
-> 2. Right click "Scope Descriptions" and select "Add Scope Description"
-> 3. Under name type "ugs" and Click Apply > OK
-> 4. Launch Powershell as Administrator
+> 1. Launch AD FS management console. Brose to "Services > Scope Descriptions".
+> 2. Right click "Scope Descriptions" and select "Add Scope Description".
+> 3. Under name type "ugs" and Click Apply > OK.
+> 4. Launch Powershell as Administrator.
 > 5. Execute the command "Get-AdfsApplicationPermission". Look for the ScopeNames :{openid, aza} that has the ClientRoleIdentifier Make a note of the ObjectIdentifier.
-> 6. Execute the command "Set-AdfsApplicationPermission -TargetIdentifier <ObjectIdentifier from step 5> -AddScope 'ugs'
+> 6. Execute the command "Set-AdfsApplicationPermission -TargetIdentifier <ObjectIdentifier from step 5> -AddScope 'ugs'.
 > 7. Restart the ADFS service.
 > 8. On the client: Restart the client. User should be prompted to provision WHFB.
 > 9. If the provisioning window does not pop up then need to collect NGC trace logs and further troubleshoot.
@@ -98,7 +98,7 @@ A server authentication certificate should appear in the computer’s Personal c
 
 ## Deploy the Active Directory Federation Service Role
 
-The Active Directory Federation Service (AD FS) role provides the following services to support Windows Hello for Business on-premises deployments.
+The Active Directory Federation Service (AD FS) role provides the following services to support Windows Hello for Business on-premises deployments:
 
 - Device registration
 - Key registration 
@@ -150,7 +150,7 @@ GMSA uses the Microsoft Key Distribution Service that is located on Windows Serv
 Sign-in a domain controller with _Enterprise Admin_ equivalent credentials.
 
 1. Start an elevated Windows PowerShell console.
-2. Type `Add-KdsRootKey -EffectiveTime (Get-Date).AddHours(-10)`
+2. Type `Add-KdsRootKey -EffectiveTime (Get-Date).AddHours(-10)`.
 
 ### Windows Server 2008 or 2008 R2 Domain Controllers
 
@@ -261,12 +261,12 @@ Sign-in the federation server with _Enterprise Admin_ equivalent credentials. Th
 ## Review
 
 Before you continue with the deployment, validate your deployment progress by reviewing the following items:
-* Confirm you followed the correct procedures based on the domain controllers used in your deployment   
+* Confirm you followed the correct procedures based on the domain controllers used in your deployment. 
     * Windows Server 2012 or Windows Server 2012 R2
     * Windows Server 2008 or Windows Server 2008 R2
 * Confirm you have the correct service account based on your domain controller version.
 * Confirm you properly installed the AD FS role on your Windows Server 2016 based on the proper sizing of your federation, the number of relying parties, and database needs.
-* Confirm you used a certificate with the correct names as the server authentication certificate
+* Confirm you used a certificate with the correct names as the server authentication certificate.
     * Record the expiration date of the certificate and set a renewal reminder at least six weeks before it expires that includes the:
         * Certificate serial number
         * Certificate thumbprint
@@ -302,8 +302,8 @@ Sign-in a certificate authority or management workstations with _domain administ
 5. On the **General** tab, type **WHFB Enrollment Agent** in **Template display name**.  Adjust the validity and renewal period to meet your enterprise’s needs.
 6. On the **Subject** tab, select the **Supply in the request** button if it is not already selected.
 
->[!NOTE]
-> The preceding step is very important.  Group Managed Service Accounts (GMSA) do not support the Build from this Active Directory information option and will result in the AD FS server failing to enroll the enrollment agent certificate.  You must configure the certificate template with Supply in the request to ensure that AD FS servers can perform the automatic enrollment and renewal of the enrollment agent certificate.
+   > [!NOTE]
+   > The preceding step is very important.  Group Managed Service Accounts (GMSA) do not support the Build from this Active Directory information option and will result in the AD FS server failing to enroll the enrollment agent certificate.  You must configure the certificate template with Supply in the request to ensure that AD FS servers can perform the automatic enrollment and renewal of the enrollment agent certificate.
 
 7. On the **Cryptography** tab, select **Key Storage Provider** from the **Provider Category** list.  Select **RSA** from the **Algorithm name** list.  Type **2048** in the **Minimum key size** text box.  Select **SHA256** from the **Request hash** list.
 8. On the **Security** tab, click **Add**.
@@ -336,11 +336,12 @@ Sign-in a certificate authority or management workstations with _domain administ
 3. Right-click the **Smartcard Logon** template and choose **Duplicate Template**.
 4. On the **Compatibility** tab, clear the **Show resulting changes** check box.  Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Authority** list. Select **Windows Server 2012** or **Windows Server 2012 R2** from the **Certification Recipient** list.
 5. On the **General** tab, type **WHFB Authentication** in **Template display name**.  Adjust the validity and renewal period to meet your enterprise’s needs.   
-    **Note:** If you use different template names, you’ll need to remember and substitute these names in different portions of the deployment.
+   > [!NOTE]
+   > If you use different template names, you’ll need to remember and substitute these names in different portions of the deployment.
 6. On the **Cryptography** tab, select **Key Storage Provider** from the **Provider Category** list.  Select **RSA** from the **Algorithm name** list.  Type **2048** in the **Minimum key size** text box.  Select **SHA256** from the **Request hash** list.  
 7. On the **Extensions** tab, verify the **Application Policies** extension includes **Smart Card Logon**.
 8. On the **Issuance Requirements** tab, select the T**his number of authorized signatures** check box.  Type **1** in the text box.   
-    * Select **Application policy** from the **Policy type required in signature**. Select **Certificate Request Agent** from in the **Application policy** list. Select the **Valid existing certificate** option.
+   Select **Application policy** from the **Policy type required in signature**. Select **Certificate Request Agent** from in the **Application policy** list. Select the **Valid existing certificate** option.
 9. On the **Subject** tab, select the **Build from this Active Directory information** button if it is not already selected. Select **Fully distinguished name** from the **Subject name format** list if **Fully distinguished name** is not already selected. Select the **User Principal Name (UPN)** check box under **Include this information in alternative subject name**.
 10. On the **Request Handling** tab, select the **Renew with same key** check box.
 11. On the **Security** tab, click **Add**. Type **Window Hello for Business Users** in the **Enter the object names to select** text box and click **OK**.
@@ -352,7 +353,7 @@ Sign-in a certificate authority or management workstations with _domain administ
 
 Sign-in to an **AD FS Windows Server 2016** computer with _enterprise administrator_ equivalent credentials.
 1. Open an elevated command prompt.
-2. Run `certutil –dsTemplate WHFBAuthentication msPKI-Private-Key-Flag +CTPRIVATEKEY_FLAG_HELLO_LOGON_KEY`
+2. Run `certutil –dsTemplate WHFBAuthentication msPKI-Private-Key-Flag +CTPRIVATEKEY_FLAG_HELLO_LOGON_KEY`.
 
 >[!NOTE]
 >If you gave your Windows Hello for Business Authentication certificate template a different name, then replace **WHFBAuthentication** in the above command with the name of your certificate template. It’s important that you use the template name rather than the template display name. You can view the template name on the **General** tab of the certificate template using the Certificate Template management console (certtmpl.msc).  Or, you can view the template name using the **Get-CATemplate** ADCS Administration Windows PowerShell cmdlet on our Windows Server 2012 or later certificate authority.
@@ -389,14 +390,14 @@ Approximately 60 days prior to enrollment agent certificate’s expiration, the
 
 ### Service Connection Point (SCP) in Active Directory for ADFS Device Registration Service
 > [!NOTE]
-> Normally this script is not needed, as enabling Device Registration via the ADFS Management console already creates the objects. You can validate the SCP using the script below. For detailed information about the Device Registration Service, see [Configuring Device Registration](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn614658(v=ws.11)?redirectedfrom=MSDN)
+> Normally this script is not needed, as enabling Device Registration via the ADFS Management console already creates the objects. You can validate the SCP using the script below. For detailed information about the Device Registration Service, see [Configuring Device Registration](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn614658(v=ws.11)?redirectedfrom=MSDN).
 
 Now you will add the Service connection Point to ADFS device registration Service for your Active directory by running the following script:
 
 > [!TIP]
 > Make sure to change the $enrollmentService and $configNC variables before running the script.
 
-```Powershell
+```powershell
 # Replace this with your Device Registration Service endpoint
 $enrollmentService = "enterpriseregistration.contoso.com"
 # Replace this with your Active Directory configuration naming context 
@@ -440,8 +441,8 @@ Sign-in the federation server with _Enterprise Admin_ equivalent credentials.
 5. On the **Select destination server** page, choose **Select a server from the server pool**.  Select the federation server from the **Server Pool** list.  Click **Next**.
 6. On the **Select server roles** page, click **Next**.
 7. Select **Network Load Balancing** on the **Select features** page.
-8. Click **Install** to start the feature installation   
-    ![Feature selection screen with NLB selected](images/hello-nlb-feature-install.png)
+8. Click **Install** to start the feature installation. 
+   ![Feature selection screen with NLB selected](images/hello-nlb-feature-install.png)
 
 ### Configure Network Load Balancing for AD FS
 
@@ -477,7 +478,7 @@ Sign-in the domain controller or administrative workstation with domain administ
 3. In the navigation pane, select the node that has the name of your internal Active Directory domain name.
 4. In the navigation pane, right-click the domain name node and click **New Host (A or AAAA)**.
 5. In the **name** box, type the name of the federation service. In the **IP address** box, type the IP address of your federation server. Click **Add Host**. 
-6. Close the DNS Management console 
+6. Close the DNS Management console.
 
 ## Configure the Intranet Zone to include the federation service
 
@@ -485,10 +486,10 @@ The Windows Hello provisioning presents web pages from the federation service.
 
 ### Create an Intranet Zone Group Policy
 
-Sign-in the domain controller or administrative workstation with _Domain Admin_ equivalent credentials
-1. Start the **Group Policy Management Console** (gpmc.msc)
+Sign-in the domain controller or administrative workstation with _Domain Admin_ equivalent credentials:
+1. Start the **Group Policy Management Console** (gpmc.msc).
 2. Expand the domain and select the **Group Policy Object** node in the navigation pane.
-3. Right-click **Group Policy object** and select **New**
+3. Right-click **Group Policy object** and select **New**.
 4. Type **Intranet Zone Settings** in the name box and click **OK**.
 5. In the content pane, right-click the **Intranet Zone Settings** Group Policy object and click **Edit**.
 6. In the navigation pane, expand **Policies** under **Computer Configuration**.
@@ -498,7 +499,7 @@ Sign-in the domain controller or administrative workstation with _Domain Admin_
 
 ### Deploy the Intranet Zone Group Policy object
 
-1. Start the **Group Policy Management Console** (gpmc.msc)
+1. Start the **Group Policy Management Console** (gpmc.msc).
 2. In the navigation pane, expand the domain and right-click the node that has your Active Directory domain name and click **Link an existing GPO…**
 3. In the **Select GPO** dialog box, select **Intranet Zone Settings** or the name of the Windows Hello for Business Group Policy object you previously created and click **OK**.
 
@@ -510,8 +511,8 @@ Before you continue with the deployment, validate your deployment progress by re
 * Consider using an HSM to protect the enrollment agent certificate; however, understand the frequency and quantity of signature operations the enrollment agent server makes and understand the impact it has on overall performance. 
 * Confirm you properly configured the Windows Hello for Business authentication certificate template—to include:   
     * Issuance requirements of an authorized signature from a certificate request agent.
-    * The certificate template was properly marked as a Windows Hello for Business certificate template using certutil.exe
-    * The Windows Hello for Business Users group, or equivalent has the allow enroll permissions
+    * The certificate template was properly marked as a Windows Hello for Business certificate template using certutil.exe.
+    * The Windows Hello for Business Users group, or equivalent has the allow enroll permissions.
 * Confirm all certificate templates were properly published to the appropriate issuing certificate authorities.
 * Confirm the AD FS service account has the allow enroll permission for the Windows Hello Business authentication certificate template.
 * Confirm the AD FS certificate registration authority is properly configured using the `Get-AdfsCertificateAuthority` Windows PowerShell cmdlet.
@@ -531,7 +532,7 @@ You need to verify the AD FS service has properly enrolled for an enrollment age
 
 ### Event Logs
 
-Use the event logs on the AD FS service to confirm the service account enrolled for an enrollment agent certificate.  First, look for the AD FS event ID 443 that confirms certificate enrollment cycle has finished.  Once confirmed the AD FS certificate enrollment cycle completed review the CertificateLifecycle-User event log.  In this event log, look for event ID 1006, which indicates a new certificate was installed.  Details of the event log should show
+Use the event logs on the AD FS service to confirm the service account enrolled for an enrollment agent certificate.  First, look for the AD FS event ID 443 that confirms certificate enrollment cycle has finished.  Once confirmed the AD FS certificate enrollment cycle completed review the CertificateLifecycle-User event log.  In this event log, look for event ID 1006, which indicates a new certificate was installed.  Details of the event log should show:
 
 * The account name under which the certificate was enrolled.
 * The action, which should read enroll.

From b6ac3ab661306f7b573727b0b7f7e86b4a9edc7c Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Tue, 30 Jun 2020 15:53:37 -0700
Subject: [PATCH 328/331] Update
 manage-protection-updates-microsoft-defender-antivirus.md

changed MMPC name and default time
---
 .../manage-protection-updates-microsoft-defender-antivirus.md   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md
index b71b5b24ba..58e3fd0a6f 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-protection-updates-microsoft-defender-antivirus.md
@@ -58,7 +58,7 @@ There are five locations where you can specify where an endpoint should obtain u
 To ensure the best level of protection, Microsoft Update allows for rapid releases, which means smaller downloads on a frequent basis. The Windows Server Update Service, Microsoft Endpoint Configuration Manager, and Microsoft security intelligence updates sources deliver less frequent updates. Thus, the delta can be larger, resulting in larger downloads. 
 
 > [!IMPORTANT]
-> If you have set [Microsoft Malware Protection Center Security intelligence page](https://www.microsoft.com/security/portal/definitions/adl.aspx) (MMPC) updates as a fallback source after Windows Server Update Service or Microsoft Update, updates are only downloaded from security intelligence updates when the current update is considered out-of-date. (By default, this is 14 consecutive days of not being able to apply updates from the Windows Server Update Service or Microsoft Update services).
+> If you have set [Microsoft Security intelligence page](https://www.microsoft.com/security/portal/definitions/adl.aspx) updates as a fallback source after Windows Server Update Service or Microsoft Update, updates are only downloaded from security intelligence updates when the current update is considered out-of-date. (By default, this is seven consecutive days of not being able to apply updates from the Windows Server Update Service or Microsoft Update services).
 > You can, however, [set the number of days before protection is reported as out-of-date](https://docs.microsoft.com/windows/threat-protection/microsoft-defender-antivirus/manage-outdated-endpoints-microsoft-defender-antivirus#set-the-number-of-days-before-protection-is-reported-as-out-of-date).<p>
 > Starting Monday, October 21, 2019, security intelligence updates will be SHA-2 signed exclusively. Devices must be updated to support SHA-2 in order to get the latest security intelligence updates. To learn more, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](https://support.microsoft.com/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus).
 

From 321e5bf7cf81946a44bd8c94b2c474bb84167423 Mon Sep 17 00:00:00 2001
From: Thomas <v-thraya@microsoft.com>
Date: Tue, 30 Jun 2020 16:57:32 -0700
Subject: [PATCH 329/331] Update .openpublishing.redirection.json

remove "." in a redirect_url value
---
 .openpublishing.redirection.json | Bin 2576186 -> 2576184 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index ef2e397e5bfec17fd1858d9f948e661a6c8c7c31..52940ae69fce7589fd101c762f38412b41d0bf16 100644
GIT binary patch
delta 126
zcmdlrZ!Y5wAZ}=3Y+-6)ZeeL*ZDDI+Z{cX+Y~gC*ZsBR+ZQ*O-ZxLt_Y!PY^ZV_n_
zZ4qk`Z;@z`Y>{e_Zjot`ZINq{Z&7GbY*A`aZc%Ab-J*8q=5~W?YBw0S3q(u&Vw(Qp
bi(1a~2@lldw&!@VaWRAW+c!K?>&gKDvfD2R

delta 281
zcmdlnZ!Y65AZ}=3Y+-6)ZeeL*ZDDI+Z{cX+Y~gC*ZsBR+ZQ*O-ZxLt_Y!PY^ZV_n_
zZ4qk`Z;@z`Y>{e_Zjot`ZINq{Z&7GbY*A`aZc%Ab-J*8qCZpc=jhw1G8K*lqu_<g9
zh?e-pG`V1L)btHrYzEtNJlVLI!CZ$YY6;r~G9;`Z+<@~EPTL;@u*pEU8(yoaOkWqr
zq_o|@fX#$)`@T@N6^syLq}YVE9|&g)fhZLCtmd)ZAVx+B!aa};v{Nsh%?-hwZdW7B
dHhn`Ho6PoqNo+1?65D|i4sbD-t#8zQ`~W-!W&8jD


From 60bbc2b8bf8f5f4b84a2ae7f8b5391250dc0588e Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Wed, 1 Jul 2020 10:33:43 -0700
Subject: [PATCH 330/331] update deployment

---
 .../threat-protection/microsoft-defender-atp/android-intune.md  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md
index 79ac88b90c..7749eb01e7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md
@@ -136,7 +136,7 @@ Options](https://docs.microsoft.com/mem/intune/enrollment/android-enroll) .
 As Microsoft Defender ATP for Android is deployed via managed Google Play,
 updates to the app are automatic via Google Play.
 
-Currently only Work Profile, Fully Managed devices are supported for deployment.
+Currently only Work Profile enrolled devices are supported for deployment.
 
 
 >[!NOTE]

From e27c842fe70be430e5c1609d51a8fe3a39c95674 Mon Sep 17 00:00:00 2001
From: Tina Burden <v-tibur@microsoft.com>
Date: Wed, 1 Jul 2020 11:14:59 -0700
Subject: [PATCH 331/331] pencil edit

---
 .../threat-protection/microsoft-defender-atp/android-intune.md  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md
index 7749eb01e7..cb62aaa586 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md
@@ -265,7 +265,7 @@ assignment.
 ## Complete onboarding and check status
 
 1. Confirm the installation status of Microsoft Defender ATP for Android by
-clicking on the **Device Install Status**. Verif that the device is
+clicking on the **Device Install Status**. Verify that the device is
 displayed here.
 
     ![Image of device installation status](images/900c0197aa59f9b7abd762ab2b32e80c.png)