From cb04295981d407c3871a7c0bc621fd85a5e50a93 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha <v-lsaldanha@microsoft.com>
Date: Mon, 12 Oct 2020 14:03:39 +0530
Subject: [PATCH] New_4490409

Created new topic "Schedule scans with Microsoft Defender ATP for Linux"
---
 images/linux-mdatp.png                        | Bin 0 -> 5634 bytes
 .../linux-schedule-scan-atp.md                | 247 ++++++++++++++++++
 2 files changed, 247 insertions(+)
 create mode 100644 images/linux-mdatp.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md

diff --git a/images/linux-mdatp.png b/images/linux-mdatp.png
new file mode 100644
index 0000000000000000000000000000000000000000..f8c9c07b16906f1465cf3b97f50b71ab49b3f10f
GIT binary patch
literal 5634
zcmV+d7X9goP)<h;3K|Lk000e1NJLTq00KGy003SH0{{R39c)gQ00004XF*Lt006O%
z3;baP00009a7bBm000@*000@*0T|KB?EnA*B2Y|JMF0Q*001ii0RaL60s{jB1Ox;H
z1qB8M1_%fU2?+@b3JMGi3=Itp4-XFz5D*a&5fTy-6B82@6ciN|6&Dv585tQFIZ_%L
z8XFrM92^`S9UUPdAtE9oBqSsyB_$~-DJm)|D=RB2MO!QY04*&oE-o%FFE24MF)}hT
zGcz+ZG&D6eH8wUjH#avqIXO8}XE{=6IyyQ#J3Bl)JU>4_KtMo6D;h>!XGcdzOG`^k
zOiWEpO;Au!Qc_Y=Q&Ut_R8>_~R#sM5S65hASXo(FT3T9NU0q&YUSD5dU`H%sVP0cl
zUt?lmV`F1vV_;-sVPs@vWn^MyWn*S#V`^$@Yinz4D*$Y4Yi(_8Zf$LDZf<XHZ*XvM
zb#--ic6N7ncX)VsdwY9)e0+a@e}I61gM)*Gg@uNOhKPuWiHV7dii(eqkC0FRkdTm)
zPymvWl9iQ}mX?;6mzS8Bn3<WGnwpxMo12`RoSmJWo}QkdprE0lp`@gwrKP2(r>Cf>
zsHv%`sj8}~s;R1~s;jH3tgNi9t*x%EuCcMPvT!c5uc@=Mv$V0QwX?0YwY9gjuDG_a
zxwWynwz9gov%9&pytuTyyu7`;w!XTyzP+EnySKl;zrnq^!NI}8!otPR-^S11#?ar!
z(BR69Ps+im%gM*g%gN2KbIr}n&d$!y&dt!!(9zJ((b3V;($dq@)6~?|)z#J4*VozE
z+1uOO-QC?QUjx<v026jeL_t(|+U=eBV;e^m#|Jr4s>qgHpeUs%xPU|Dwm@VT8WkMH
z1sv|n;!?0$6QYEo($unvF(!sB4flQD_kES)|6}g+&1khckeq!#B<tBZ-t2z0J9_%;
zTl9<6QcGkgJp`!@Af5j{cM0W-#Byk+fd4DZAY!77Y~}es2xVm%uE%$XdZ6XpUi21j
zf2swvW%P2-PE<DrgT~OkSM^3V-`mB6bf(YpjaC&EyOwlPOQqA(a<$Io`ucuzVd~Gp
zv6)ONo$=ag3tM^mKfWi9A4{b(sfO1p*$MXU_)IFDNwvjpcX4vPJ3gIvtlL96l_;vD
z>)KICXQ7TQ&XThP)Wc;Zv!q&&+aEYaE$3Yv*O^t}F>qNeS0#JZjH>l!6g891ZE)|2
z&(%<am)6(bbT>koDV0t=I@oGeW3(u59XMZz?N4=fvE9K-*xhEbMQmxUTlDP0-^OXr
zQ41P_l(qL(+MQLRm=^W4A77xkCGmdV3?pn{cLTb}R6h2V{Z}D0Ww$L&I^NS|pS^A8
z@Y-t$9&Twxtwc@*d?{S()>zNn4Py+l7yCl12se1W#(pc=+>&@dZxw9@rE>x;J$raR
z{*q4XWNt6%*xz7ACmkI9&H1H6_GVS2SC>wHePX3EgO+X)=}hkpD<B;$g2HbDIF{R5
zB|F%yf$k;o-7?;+_LL6okKP`|mTHT)I^yQ(*5l@pj(c~L(m|y%<N=LI(|^?5oY9;X
z<@ny0nRIr85vZkG(F4=FO!iBMEl7FXwtBg<zE4g_H;Ov-dME1OHQ_>&u61a97nfbG
zl5<ufdt2~QSJZ>I>X)Pab-Y}K_R0?IGOu)aJ!AQ+dAhCCCFTb8Z2HpNU+?L?e$+Oj
zPB8AhbnBT1Ge=N5`1F@6m6bid<XmM(8!uPeQPl3xW@4F4F9GC=fX^8&i(u*SYZAU<
z;jWsMN~O)4iE9Y=MO|0&4Z6x@*Elq{ve&N0S^mm_?0Tv{B^_;U!1aumQ4d<tZX-`-
z`7|w~cO&(Wx?z!{c0*K|-LO2xdx_Dq`;Vw}8Z(8h{qD|9aZrVHh&U?s<kDd$WWP(S
z5ta^F<!*`fRBq+w&LTo_Z&>OUXH1IsXU+)ql8)-C(QSmKGgEk+A2q#-vW+gAc?Pd>
zD!0Dy;8DC`<qOvi)*0R~0_m(%f+62aI{Ebj@hz^lw{uT+Q0a*N5=#f;7h&lXu9BnH
z^-71K8)W7)=#^YLnIk40@W{rK4tz5)q+^~CuXIqULT^)^y#eXu8)ZN`qQAt_A!R}7
z(7jF-$c~}=o_*$lR60^R{>Uts4vzVX^(hIqTGCN_aT#8GvQ=}nf9Vvr>H5^Dr~2zt
zI?B_qbcpw{rE?rh=kNitFO!*0>FljkO7I;EFDff%FX3gL+A^e5T8pB!k|rHm4_lx=
zyg2Txsx3o0RTdG3>j~)?Wnfg7E$yLtR?pVl!Y%M}I%+RwEe|wt2=6yUe`Iev<mstL
z55D;B7h>T|r*vvv6@_(I%H8g@LW3-3#TJj-F4pj$sx7a=>V^B0E!?&=I_>P0{m~)K
zUO>~l+KZySn%@I!Zg9_{49^_bD_Xs5ko7M82YbIQ%5c2~+Y$D3?^E4Rp3B{lolfcG
zLcFcP<<c!4x6S4V*xQ3X2K!UQZ<q&mwouMxi9yr6T8W~SoZka$Zg9^dq?u35&CQig
z5L$35rE{ch;-QO~<Hx3Vt#hQ!g+eCDGV;4sDxK8&vSU+8wWrdVgu4|=rIXt2WT|vg
z8&o=+<Q44i0#fWRjlJ?ns{H0F7-7v!B-hUu_rHXtqs8qnUOh73QhNS}Af0k^mx2j6
zLK?9x1vL;fqHG7|C3Jy})N6IjUouK-dn<Fp`r=HzYUE=nC+4`-cKVdWP^44b+HY`v
zSN|Of2_7%nD$H2Y*{hM0UK4>@{8Ka!^0Je?ez0?MCC=x+_cKzte0)|l{<xDA>zU>U
zhr0*sdCu>`(!sj0q_dJE2R|nQwHSaYXkQiZpZDzS)na(i`^n5&BffOvkDET5H5}<g
zir<B$gL&Is{p@8I=h(rYt5oJR?2a1!QIX#9R&|CMqI(6`>~P2m*I4bebm@3`WyIYO
z<LU%)BX4-1ODEJ{YO$q*s8%|XFP74|+yuZa^|>txa+yC~XUdK-%%oGB?j_4rn`_pY
zUW5c{A*AEwmBk8-j~nKnmG|NPQtMMXyY#sL<Mh|b!);#al-3Tm45$mY<;*c|tCrIm
zhs@|+)r-#l3KE*w90$B4Bh!U>WqVxh>Zubsa<4WnFN69^txxH+2vM3hrGr_61D|x%
z3RystxGiCh4_I5q^<XnOWDZyu(m{mj-I7eN;E*Bd7`(EQ4j<Pe9qEBKt}Ju=ORZn&
zkh9mYq=U<R(orkq21m7VTf!V~S<*2%WR57<(orNdk{mKD9gSC3(&6KJq$54h#+7Am
zf2qZmPIc9@Os*r~OAb5u{6dfKGmX4>K*Ve-rK8K!>P1OMf9`Iz!+1Q253U*y2P$6K
zS?hSDQ%Bx$q5e|qEgil-z1-?wI^y6jG*w72ARUA5b$Y4tB{uz2z{pZM*gt(CtnteI
zNQXzo?Qx<0Qi~By#-DFV-Wq(dc&-h2rhpO2e4$xsMq%mTZ}$$}t9pTG;o`Qq1ke_8
zF$?g@0qM|sE~N~Q8zP8PbEWg~_Uk3dOUPTBFXq`L__9_->NHlDnu;c?7COUh(!B+v
z7l;-vTw7HAb>(6f;+36oEl!#*yA8rQ#6PDN|EeQMUP9j5d@;{1VPziHTQF16WYt1v
zm?64XCx~rYc&3n5{mBR3KwjAy7tXJ25Y8d~Iki5d6U#_!m|48vBFAH4uULNN?WxGG
zoayzqu<4VILM>_&^x+J9b#(G8PxV!2I&Hf1D`!&aq!wQ-8RH%`p)yLPGl|N{D4`fD
zn~6%WEWezmHc{Ha61mg9(%`KL`f?(#I)mjo9>hw0ueif426$Xg<CS}k;pUDGwTMqb
zvy05kadhh8JIxL=$Iy!(p1-5#mxgngdKt&X>6h64^N(g_pghL|DQ7Ki=G2%ilGA^f
z&)zzq89RE70pwS9vLzcvNa&^b7aaWm-H$%?eEarPdgIeC=y}WPm8E&8()st_o6$hY
zYWw>tZC-S}d3|!ei?h|ju9y6M5DYh|#~1^M69Fl2^|qD6c+!z}{?P3YDg$hDJkt3U
zwtxNg!()_Atr1T;Ry}VEyI%6Q&@kMj9%GDtq*J4bQ;w)~p8NBMBKGT`DV<f78F?sW
zYzHBYHA)%Ckqp)Y@)C=BP!8vCo@026esapCIAiGfm08AU-ooInd0SmNYP2`t;P))<
zFTa6XY|1j`^M>+(mYqg!nMF~vvgHiVmrA!rE}eh=@q<`8m@l>vQk+NFVRZ*7Lr%tH
zC`U3}56Vj{>M8yi%HiBA&#|^eJD}0&;20vmvZAQN^H4V|p9ijgcJ}3a$?_MMT_j_i
zdxF(l))&XL?1{_EB)M4U0^1t7bpH1H4`6P1&3Wdb(qusKVs;p1#29I8Fv4bLKqE7<
z4tuysDvf$h4regWF~Bt&xtY~tf`Kt;wm05Pqp0N#OV1lPw{nAXBTPCfwcz~q=t2hn
zd4XOfb{n&#O#DgO%9|6*zD#zAvf_1m{I2NtC6a#bG`aMwW@LY3kj`Iz_m<DQPg-Gs
zVV?oT227E-45^IAIwNdK$E?>&I$AwDB_^2X7~q<nF>L8LV^CyGFt>`LhNP2Q`RvXa
z6hk^KnoJIoj>x`jNoQZ=TvoQRzctTRdEum&LzT{-K5^Hf`+O$`7}gn3Y`_$W%aF==
ztTV!pbb!prpmel)J*AT`<{_@Rr*xb#lyvmW$e?s^+m~cxN{8iPcBF&HxHyl;u%vTw
zUNYA5y7T7Gbh~H9ES*2R{6(L0pDIU^92{a9y?+^uFd!XSuZMK>dOf9stoP;Ud6NUu
zamP^7!KYBBw}qsm$m$r<L3FPp9a>hrZcFC^APYRB8|~%HSf%qN^cwKXd6m8Dt~#7D
zh5Z_gu$d#7GQzT+Uph`bk95pD#{kzHkd9}JfOP0+;>4XaFy}<lVcC~W>5ww^CqKF@
zdX5*-Z2i2P8K-ofeBSF?qvvuJX>3ryPLAYa7pm7%nTL4`)t@09hdGAw979_MF)hY;
z+8u*3)>fuv)k5V+E?(Cjt`J^r$Z^RQUH)bluSD%LS-#XI%iqo_5yq9hhw#>{$i93U
znPsHjdG)oQv|XZQCl;@aM>@a8_9S}s7`R+T8k-cbog*2p*NP6T76!Qt=5TgNXgFUp
zKuib6Xz+Z<jG``zT+cjP@+SARa8(Ox*HnIGZHq2{3s+ShX14c{jOdSS(d^4wMrK~7
z*E^%PCH<)!&Lfu2Z_vxez~w5^*rb5%9LaFKR<vccFvw*vhjTd3aj0H+3@FpGn#X2@
zzv)=>@Q~1S`3w68WnYH!Nvr6&K99Uhl8;6@zkUB*Xwq#gzmW{Z;@v4o3|TC0rqqaZ
ze*UA^PPmsU(u<CWr$>O8Cer!Y58gN7UeaeCCg~xJA$Tf&o0@9r{N%guMX9BhKsrDD
z&U?}Wky;Yz{P>&iN)JS8Nu=|`Z@d#^lZVeM`}tk+7@ihEi%IhK%?J-`9+rQm_aUp2
z=M1a<%43?*Ssh>Y(98?x>-AGTr1QP6y&YhaW4sKy?<4Lfeof9SE?*2Y!o`tGr(%)D
z)O+XPmn-(6!;#}od+(t(jTgf+di=ot!XBoc6GjjYA2WcB=rPx!vsdseGhyj``>SsQ
ze#7EfBZe7J33AB#Kt8_MWrVu`=s9}nxc))W9E?E}%~yxuNN-I<oqaQMVm&dj(!R`!
zH5*EjcHd!7>3r+UZv~{ovqp?XI(BAcA7AV;!v7!Xxc))XAvqRJUwBMfi`v)hp9{t#
z9V^zHSUUI-K9EgDTDCV~@!4cM3$jD}YL!`L<X!P(cvZG=IN!vKFyxi(AKZfGT&DRl
z=syU|^~@*>i^X;_ySl-h4#9{C+DG|5HX|Y(mq^wbW-B_x_AZmX%Na!}>t*Iy6+=pz
z`EVDAF$w9YdX%STo-*lt|LgAn*<_UuSzG4C;*g;%$QJQyR;Fk~M~nvKQWo{_WhMzD
zY<UIy7iys>3+~^N>7PScc#fYtb9|YxX2ggJP9&=t`H5s)Mz)&!7x@;WlyzR&9QWK4
z(PJldn)$GE@za;?1*JoJxj^fklv`3dG!3Q0CPSZ^xE!*cgV^ME-J6M)8ChQA?DwXt
zdg`?%jEd+2j4&I+MsRem;4IB<3-+$^Z3ECz%Vhp1?FFM2Pzp=JLU^w`j9kWJh#5UZ
zIS(owmq>;XE?(InlIO20>c>m&;5(GSS;@T$|1-O>(>x7HhmY|Q+~O(480pe+*ktF8
zA*de?S+Ku0zw1cH%#3WL;Wo+?*K8nHU4RkxNyj0Qk?CJT>G0DULC<#*wAcqfaB`WP
z3&PygG2|;w4MZddq@(r{!a13AGVX#WwsdSZ*?D6K>W4!X?5~jp8Iq2f8QCu##Wg$9
zfyaQPV-d;7^lt>xA^5WI2d&x-N-jgvfr#W-(jkQN*rnsJ$<7LyuT<l4$Oijc?0ThR
zWk&W&N9USt>8KOjOF9;jY=~n}=|DHEvUr9aTp=?y5Ry(&!%zE?4wB^Z7^UNUIXANm
zt7vFE4%uLTb?JC`<*;;2uDPdl6p?Jq$RUy$`#Y#~1d;46lNa!#d8NP#S)Tr$(lMxK
zM><s!3?7zrO6NrkIi7S{U=CvKWgLBm4S+1jNaJ_q7~ATDs?o=s<kiz=OGdaGml4+b
zgS~S6gBR9X&SfzM$UnO$31`k|%zBQHBA1nP<cv<|0V0`n-(KS6vbGAZNFrGg&P$wJ
z4oPQLuXjj$rmVA!=9DfRMvtDt{q0<0^=8SISiDQ=z&VJ!>SY}LnwtfgM`5ioKweqn
ziyJ)qvX2oiNJiKmL#LTRuN?o>KSm3cb6Jex^3Na-9KwSOSI?Lc<}<Zzf*=bH86uJy
z_54W23=1nF*(IDe0Iz5?kX~W*dWv;^1@?t*oZA+Ax4UXfEZ&uLz#PQIqVu3w{BUJ4
zz}BiUKweoRdGkE`a{r95PBVjEIsWAVrq{^1EXDx&XQ-|J&<#R8Lo@Ob*sfPpNmM#;
z#%LKS_wdx)wsel34eb|{iOIPv?mQ$I%=1Lg#{3{_E!a&A{N<r{FU#&)=g0|Xcr-JK
zvQNS*M@R^`^T<gKN$@<;C*!tNEvg?)ng@f%mDh39`DjaLcr<gFzRh$3X0*}AWhP{2
zH(RZQ*>?<{`sm)U!oPH<Hn80u(pgO3u9r$DnWgVEAEk5_;&R9!J?pT<gK^DahMBz(
z8~J!@!T!n_RqObt{q*%BBa=?ugJHSLMwbV6KGg$q%>llcKo_Lvs0EEd%4EcvgJ2_I
ztW&e36Bo<`;v9?an}6#AgjNE+C}J9Vtt5{%ix{%{g^OSSt@Lb9pmehC`^HBk9Yst-
z(y`cIT{`*oR63)T4##gfja#<(U3D9Pauur<dah7!f5sM^85v@UsRiDHY%5r#-72Lw
ctfAWf03;rIZBhViga7~l07*qoM6N<$f)nxr0RR91

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md
new file mode 100644
index 0000000000..8515254bac
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-schedule-scan-atp.md
@@ -0,0 +1,247 @@
+---
+title: How to schedule scans with MDATP for Linux
+description: Learn how to schedule an automatic scanning time for Microsoft Defender ATP in Linux to better protect your organization's assets.
+keywords: microsoft, defender, atp, linux, scans, antivirus
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dansimp
+author: dansimp
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: conceptual
+---
+
+# Schedule scans with Microsoft Defender ATP for Linux
+
+For the command line to be able to run a scan on MDATP for Linux, see [Supported Commands](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/linux-resources#supported-commands).
+
+Linux (and Unix) have the tool called **crontab** (similar to Task Scheduler) to be able to run scheduled tasks.
+
+## Pre-requisite
+
+> [!NOTE]
+> To get a list of all the time zones, run the following command: 
+> timedatectl list-timezones
+
+> Examples for timezones:
+> America/Los_Angeles
+> America/New_York
+> America/Chicago
+> America/Denver
+
+## To set the Cron job
+
+**To backup crontab entries:**
+
+sudo crontab -l > /var/tmp/cron_backup_200919.dat
+
+> [!NOTE]
+> Where 200919 == YRMMDD
+
+> TIP: 
+> Do this before you edit or remove.
+> To edit the crontab and add a new job as a root user:
+> sudo crontab -e
+
+> [!NOTE]
+> The default editor is VIM
+
+You might see:
+
+0 * * * * /etc/opt/microsoft/mdatp/logrorate.sh
+
+Press “Insert”
+
+Add the following entries:
+
+CRON_TZ=America/Los_Angeles
+
+0 2 * * sat /bin/mdatp scan quick > ~/mdatp_cron_job.log
+
+> [!NOTE]
+> In this example, we are setting it to 00 minutes, 2 a.m. (hour in 24 hour format), any day of the month, any month, on Saturdays. Meaning it will run Saturdays at 2:00 a.m. Pacific (UTC –8)
+
+Press “Esc”
+
+Type “:wq” w/o the double quotes.
+
+> [!NOTE]
+> w == write, q == quit
+
+To view your cron jobs, type sudo crontab -l
+
+:::image type="content" source="../../../../images/linux-mdatp.png" alt-text="linux mdatp":::
+
+**How to inspect cron job runs:**
+
+sudo grep mdatp /var/log/cron
+
+**How to inspect the mdatp_cron_job.log**
+sudo nano mdatp_cron_job.log
+
+## For those of you that are using Ansible, Chef, or Puppet]
+### How to set cron jobs in Ansible:
+
+cron – Manage cron.d and crontab entries
+
+See [https://docs.ansible.com/ansible/latest/modules/cron_module.html](https://docs.ansible.com/ansible/latest/modules/cron_module.html)
+
+### How to set crontabs in Chef:
+cron resource
+
+See [https://docs.chef.io/resources/cron/](https://docs.chef.io/resources/cron/)
+
+### How to set cron jobs in Puppet:
+Resource Type: cron
+
+See [https://puppet.com/docs/puppet/5.5/types/cron.html](https://puppet.com/docs/puppet/5.5/types/cron.html)
+
+Automating with Puppet: Cron jobs and scheduled tasks
+
+See [https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/](https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/)
+
+## Additional information:
+
+**To get help with crontab**
+man crontab
+
+**To get a list of crontab file of the current user:**
+
+crontab -l
+
+**To get a list of crontab file of another user:**
+
+crontab -u username -l
+
+**To backup crontab entries:**
+
+crontab -l > /var/tmp/cron_backup.dat
+> [!TIP]
+> Do this before you edit or remove.
+
+**To restore crontab entries:**
+
+crontab /var/tmp/cron_backup.dat
+
+**To edit the crontab and add a new job as a root user:**
+
+Sudo crontab -e
+
+**To edit the crontab and add a new job:**
+
+crontab -e
+
+**To edit other user’s crontab entries:**
+
+crontab -u username -e
+
+**To remove all crontab entries:**
+
+crontab -r
+
+**To remove other user’s crontab entries:**
+
+crontab -u username -r
+
+**Explanation**:
+
++—————- minute (values: 0 – 59) (special characters: , – * /)
+
+| +————- hour (values: 0 – 23) (special characters: , – * /)
+
+| | +———- day of month (values: 1 – 31) (special characters: , – * / L W C)
+
+| | | +——- month (values: 1 – 12) (special characters: ,- * / )
+| | | | +—- day of week (values: 0 – 6) (Sunday=0 or 7) (special characters: , – * / L W C)
+| | | | |
+* * * * * command to be executed
+
+
+
+
+
+
+
+
+
+[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
+
+
+While you can start a threat scan at any time with Microsoft Defender ATP, your enterprise might benefit from scheduled or timed scans. For example, you can schedule a scan to run at the beginning of every workday or week. 
+
+## Schedule a scan with *launchd*
+
+You can create a scanning schedule using the *launchd* daemon on a macOS device.
+
+1. The following code shows the schema you need to use to schedule a scan. Open a text editor and use this example as a guide for your own scheduled scan file.
+
+    For more information on the *.plist* file format used here, see [About Information Property List Files](https://developer.apple.com/library/archive/documentation/General/Reference/InfoPlistKeyReference/Articles/AboutInformationPropertyListFiles.html) at the official Apple developer website.
+
+    ```XML
+    <?xml version="1.0" encoding="UTF-8"?>
+    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
+      "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+    <plist version="1.0">
+    <dict>
+        <key>Label</key>
+        <string>com.microsoft.wdav.schedquickscan</string>
+        <key>ProgramArguments</key>
+        <array>
+            <string>sh</string>
+            <string>-c</string>
+            <string>/usr/local/bin/mdatp --scan --quick</string>
+        </array>
+        <key>RunAtLoad</key>
+        <true/>
+        <key>StartCalendarInterval</key>
+        <dict>
+            <key>Day</key>
+            <integer>3</integer>
+            <key>Hour</key>
+            <integer>2</integer>
+            <key>Minute</key>
+            <integer>0</integer>
+            <key>Weekday</key>
+            <integer>5</integer>
+        </dict>
+        <key>StartInterval</key>
+        <integer>604800</integer>
+        <key>WorkingDirectory</key>
+        <string>/usr/local/bin/</string>
+    </dict>
+    </plist>
+     ```
+
+2. Save the file as *com.microsoft.wdav.schedquickscan.plist*.
+
+    > [!TIP]
+    > To run a full scan instead of a quick scan, change line 12, `<string>/usr/local/bin/mdatp --scan --quick</string>`, to use the `--full` option instead of `--quick` (i.e. `<string>/usr/local/bin/mdatp --scan --full</string>`) and save the file as *com.microsoft.wdav.sched**full**scan.plist* instead of *com.microsoft.wdav.sched**quick**scan.plist*.
+
+3. Open **Terminal**.
+4. Enter the following commands to load your file:
+
+    ```bash
+    launchctl load /Library/LaunchDaemons/<your file name.plist>
+    launchctl start <your file name>
+    ```
+
+5. Your scheduled scan will run at the date, time, and frequency you defined in your p-list. In the example, the scan runs at 2:00 AM every Friday. 
+
+    Note that the `StartInterval` value is in seconds, indicating that scans should run every 604,800 seconds (one week), while the `Weekday` value of `StartCalendarInterval` uses an integer to indicate the fifth day of the week, or Friday.
+
+ > [!IMPORTANT]
+ > Agents executed with *launchd* will not run at the scheduled time while the device is asleep. They will instead run once the device resumes from sleep mode.
+ >
+ > If the device is turned off, the scan will run at the next scheduled scan time.
+
+## Schedule a scan with Intune
+
+You can also schedule scans with Microsoft Intune. The [runMDATPQuickScan.sh](https://github.com/microsoft/shell-intune-samples/tree/master/Misc/MDATP#runmdatpquickscansh) shell script available at [Scripts for Microsoft Defender Advanced Threat Protection](https://github.com/microsoft/shell-intune-samples/tree/master/Misc/MDATP) will persist when the device resumes from sleep mode. 
+
+See [Use shell scripts on macOS devices in Intune](https://docs.microsoft.com/mem/intune/apps/macos-shell-scripts) for more detailed instructions on how to use this script in your enterprise.