Merge pull request #585 from MicrosoftDocs/mdatp-mac-ga

Mdatp mac ga

windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md

@@ -22,21 +22,18 @@ ms.topic: conceptual
 
 **Applies to:**
 
-[Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
-
->[!IMPORTANT]
->This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 ## Prerequisites and system requirements
 
-Before you get started, please see [the main Microsoft Defender ATP for Mac page](microsoft-defender-atp-mac.md) for a description of prerequisites and system requirements for the current software version.
+Before you get started, see [the main Microsoft Defender ATP for Mac page](microsoft-defender-atp-mac.md) for a description of prerequisites and system requirements for the current software version.
 
 ## Download installation and onboarding packages
 
 Download the installation and onboarding packages from Windows Defender Security Center:
 
 1. In Windows Defender Security Center, go to **Settings > Machine Management > Onboarding**.
-2. In Section 1 of the page, set operating system to **Linux, macOS, iOS or Android** and Deployment method to **Local script**.
+2. In Section 1 of the page, set operating system to **Linux, macOS, iOS, and Android** and Deployment method to **Local script**.
 3. In Section 2 of the page, select **Download installation package**. Save it as wdav.pkg to a local directory.
 4. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory.
 
@@ -76,18 +73,18 @@ To complete this process, you must have admin privileges on the machine.
 
     ![Security and privacy window screenshot](images/MDATP_31_SecurityPrivacySettings.png)
 
-The installation will proceed.
+The installation proceeds.
 
 > [!NOTE]
 > If you don't select **Allow**, the installation will proceed after 5 minutes. Defender ATP will be loaded, but real-time protection will be disabled.
 
-### Fixing disabled Real Time Protection
+### Fixing disabled Real-Time Protection
 
-If you did not enable Microsoft's driver during installation, then Defender's application will display a banner prompting you to enable it:
+If you did not enable Microsoft's driver during installation, then the application displays a banner prompting you to enable it:
 
    ![RTP disabled screenshot](images/MDATP_32_Main_App_Fix.png)
 
-You can also run ```mdatp --health```. It will report if Real Time Protection is enabled but not available:
+You can also run ```mdatp --health```. It reports if Real-Time Protection is enabled but not available:
 
 ```bash
 mavel-mojave:~ testuser$ mdatp --health
@@ -98,15 +95,15 @@ realTimeProtectionEnabled               : true
 ```
 
 > [!NOTE]
-> You have a 30 minute window to enable Real Time Protection from the warning banner, immediately following installation.
+> You have a 30 minute window to enable Real-Time Protection from the warning banner, immediately following installation.
 
-The warning banner containing a **Fix** button, which allows you to quickly enable Real Time Protection, without having to open a command prompt. Select the **Fix** button. It will prompt the **Security & Privacy** system window, where you will have to **Allow** system software from developers "Microsoft Corporation".
+The warning banner contains a **Fix** button, which allows you to quickly enable Real-Time Protection, without having to open a command prompt. Select the **Fix** button. It prompts the **Security & Privacy** system window, where you have to **Allow** system software from developers "Microsoft Corporation".
 
-If you don't see a prompt, it means that 30 or more minutes have already passed, and Real Time Protection has still not been enabled:
+If you don't see a prompt, it means that 30 or more minutes have already passed, and Real-Time Protection has still not been enabled:
 
 ![Security and privacy window after prompt expired screenshot](images/MDATP_33_SecurityPrivacySettings_NoPrompt.png)
 
-In this case, you will need to perform the following steps to enable Real Time Protection instead. 
+In this case, you need to perform the following steps to enable Real-Time Protection instead.
 
 1. In Terminal, attempt to install the driver. (The operation will fail)
     ```bash
@@ -126,7 +123,7 @@ In this case, you will need to perform the following steps to enable Real Time P
 mavel-mojave:~ testuser$ sudo kextutil /Library/Extensions/wdavkext.kext
 ```
 
-The banner should disappear from the Defender application, and ```mdatp --health``` should now report that Real Time Protection is both enabled and available:
+The banner should disappear from the Defender application, and ```mdatp --health``` should now report that Real-Time Protection is both enabled and available:
 
 ```bash
 mavel-mojave:~ testuser$ mdatp --health
@@ -140,7 +137,7 @@ realTimeProtectionEnabled               : true
 
 1. Copy wdav.pkg and WindowsDefenderATPOnboarding.py to the machine where you deploy Microsoft Defender ATP for Mac.
 
-    The client machine is not associated with orgId.  Note that the orgid is blank.
+    The client machine is not associated with orgId. Note that the *orgId* attribute is blank.
 
     ```bash
     mavel-mojave:wdavconfig testuser$ mdatp --health orgId
@@ -153,7 +150,7 @@ realTimeProtectionEnabled               : true
     Generating /Library/Application Support/Microsoft/Defender/com.microsoft.wdav.atp.plist ... (You may be required to enter sudos password)
     ```
 
-3. Verify that the machine is now associated with orgId:
+3. Verify that the machine is now associated with your organization and reports a valid *orgId*:
 
     ```bash
     mavel-mojave:wdavconfig testuser$ mdatp --health orgId

windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md

@@ -22,21 +22,18 @@ ms.topic: conceptual
 
 **Applies to:**
 
-[Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
-
->[!IMPORTANT]
->This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 ## Prerequisites and system requirements
 
-Before you get started, please see [the main Microsoft Defender ATP for Mac page](microsoft-defender-atp-mac.md) for a description of prerequisites and system requirements for the current software version.
+Before you get started, see [the main Microsoft Defender ATP for Mac page](microsoft-defender-atp-mac.md) for a description of prerequisites and system requirements for the current software version.
 
 ## Download installation and onboarding packages
 
 Download the installation and onboarding packages from Microsoft Defender Security Center:
 
 1. In Microsoft Defender Security Center, go to **Settings** > **Device Management** > **Onboarding**.
-2. In Section 1 of the page, set the operating system to **Linux, macOS, iOS or Android** and the deployment method to **Mobile Device Management / Microsoft Intune**.
+2. In Section 1 of the page, set the operating system to **Linux, macOS, iOS, or Android** and the deployment method to **Mobile Device Management / Microsoft Intune**.
 3. In Section 2 of the page, select **Download installation package**. Save it as _wdav.pkg_ to a local directory.
 4. In Section 2 of the page, select **Download onboarding package**. Save it as _WindowsDefenderATPOnboardingPackage.zip_ to the same directory.
 5. Download **IntuneAppUtil** from [https://docs.microsoft.com/intune/lob-apps-macos](https://docs.microsoft.com/intune/lob-apps-macos).
@@ -85,19 +82,19 @@ Download the installation and onboarding packages from Microsoft Defender Securi
 
 You need no special provisioning for a Mac device beyond a standard [Company Portal installation](https://docs.microsoft.com/intune-user-help/enroll-your-device-in-intune-macos-cp).
 
-1. You'll be asked to confirm device management.
+1. You are asked to confirm device management.
 
 ![Confirm device management screenshot](images/MDATP_3_ConfirmDeviceMgmt.png)
 
-Select **Open System Preferences**, locate **Management Profile** on the list and select **Approve...**. Your Management Profile would be displayed as **Verified**:
+Select **Open System Preferences**, locate **Management Profile** on the list, and select **Approve...**. Your Management Profile would be displayed as **Verified**:
 
 ![Management profile screenshot](images/MDATP_4_ManagementProfile.png)
 
 2. Select **Continue** and complete the enrollment.
 
-You may now enroll additional devices. You can also enroll them later, after you have finished provisioning system configuration and application packages.
+You may now enroll more devices. You can also enroll them later, after you have finished provisioning system configuration and application packages.
 
-3. In Intune, open **Manage** > **Devices** > **All devices**. You'll see your device among those listed:
+3. In Intune, open **Manage** > **Devices** > **All devices**. Here you can see your device among those listed:
 
 ![Add Devices screenshot](images/MDATP_5_allDevices.png)
 
@@ -105,17 +102,17 @@ You may now enroll additional devices. You can also enroll them later, after you
 
 1. In Intune, open **Manage** > **Device configuration**. Select **Manage** > **Profiles** > **Create Profile**.
 2. Choose a name for the profile. Change **Platform=macOS** to **Profile type=Custom**. Select **Configure**.
-3. Open the configuration profile and upload intune/kext.xml. This file was created during the Generate settings step above.
+3. Open the configuration profile and upload intune/kext.xml. This file was created in one of the preceding sections.
 4. Select **OK**.
 
     ![System configuration profiles screenshot](images/MDATP_6_SystemConfigurationProfiles.png)
 
 5. Select **Manage** > **Assignments**. In the **Include** tab, select **Assign to All Users & All devices**.
-6. Repeat steps 1 through 5 for additional profiles.
+6. Repeat steps 1 through 5 for more profiles.
 7. Create a new profile one more time, give it a name, and upload the intune/WindowsDefenderATPOnboarding.xml file.
 8. Select **Manage > Assignments**.  In the **Include** tab, select **Assign to All Users & All devices**.
 
-Once the Intune changes are propagated to the enrolled devices, you'll see them listed under **Monitor** > **Device status**:
+Once the Intune changes are propagated to the enrolled devices, you can see them listed under **Monitor** > **Device status**:
 
 ![System configuration profiles screenshot](images/MDATP_7_DeviceStatusBlade.png)
 
@@ -138,11 +135,11 @@ Once the Intune changes are propagated to the enrolled devices, you'll see them
     ![Client apps screenshot](images/MDATP_10_ClientApps.png)
 
 8. Change **Assignment type** to **Required**.
-9. Select **Included Groups**. Select **Make this app required for all devices=Yes**. Select **Select group to include** and add a group that contains the users you want to target. Select **OK** and **Save**.
+9. Select **Included Groups**. Select **Make this app required for all devices=Yes**. Click **Select group to include** and add a group that contains the users you want to target. Select **OK** and **Save**.
 
     ![Intune assignments info screenshot](images/MDATP_11_Assignments.png)
 
-10. After some time the application will be published to all enrolled devices. You'll see it listed on **Monitor** > **Device**, under **Device install status**:
+10. After some time the application will be published to all enrolled devices. You can see it listed in **Monitor** > **Device**, under **Device install status**:
 
     ![Intune device status screenshot](images/MDATP_12_DeviceInstall.png)
 
@@ -153,7 +150,7 @@ Once the Intune changes are propagated to the enrolled devices, you'll see them
     ![System Preferences screenshot](images/MDATP_13_SystemPreferences.png)
     ![System Preferences Profiles screenshot](images/MDATP_14_SystemPreferencesProfiles.png)
 
-2. Verify that the following configuration profiles are present and installed. The **Management Profile** should be the Intune system profile. _Wdav-config_ and _wdav-kext_ are system configuration profiles that we added in Intune.:
+2. Verify that the following configuration profiles are present and installed. The **Management Profile** should be the Intune system profile. _Wdav-config_ and _wdav-kext_ are system configuration profiles that were added in Intune:
     ![Profiles screenshot](images/MDATP_15_ManagementProfileConfig.png)
 
 3. You should also see the Microsoft Defender icon in the top-right corner:
@@ -162,7 +159,7 @@ Once the Intune changes are propagated to the enrolled devices, you'll see them
 
 ## Logging installation issues
 
-See [Logging installation issues](microsoft-defender-atp-mac-resources.md#logging-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs.
+For more information on how to find the automatically generated log that is created by the installer when an error occurs, see [Logging installation issues](microsoft-defender-atp-mac-resources.md#logging-installation-issues) .
 
 ## Uninstallation
 

windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md

@@ -22,10 +22,7 @@ ms.topic: conceptual
 
 **Applies to:**
 
-[Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
-
->[!IMPORTANT]
->This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 ## Prerequisites and system requirements
 

windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-other-mdm.md

@@ -1,6 +1,6 @@
 ---
 title: Installing Microsoft Defender ATP for Mac with different MDM product
-description: Describes how to install Microsoft Defender ATP for Mac, using an unsupported MDM solution.
+description: Describes how to install Microsoft Defender ATP for Mac on other management solutions.
 keywords: microsoft, defender, atp, mac, installation, deploy, macos, mojave, high sierra, sierra
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -17,65 +17,63 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ---
 
-# Deployment with a different MDM system
+# Deployment with a different Mobile Device Management (MDM) system
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
->[!IMPORTANT]
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
->This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available. Microsoft makes no warranties, express or implied, with respect to the information provided here.
  
 ## Prerequisites and system requirements
 
-Before you get started, please see [the main Microsoft Defender ATP for Mac page](microsoft-defender-atp-mac.md) for a description of prerequisites and system requirements for the current software version.
+Before you get started, see [the main Microsoft Defender ATP for Mac page](microsoft-defender-atp-mac.md) for a description of prerequisites and system requirements for the current software version.
 
 ## Approach
 
-Your organization may use a Mobile Device Management (MDM) solution we do not officially support.
+> [!CAUTION]
-This does not mean you will be unable to deploy or run Microsoft Defender ATP for Mac.
+> Currently, Microsoft oficially supports only Intune and JAMF for the deployment and management of Microsoft Defender ATP for Mac. Microsoft makes no warranties, express or implied, with respect to the information provided below.
-However, we will not be able to provide support for deploying or managing Defender via these solutions.
+
+If your organization uses a Mobile Device Management (MDM) solution that is not officially supported, this does not mean you are unable to deploy or run Microsoft Defender ATP for Mac.
 
 Microsoft Defender ATP for Mac does not depend on any vendor-specific features. It can be used with any MDM solution that supports the following features:
 
-- Deploying a macOS .pkg to managed machines.
+- Deploy a macOS .pkg to managed machines.
-- Deploying macOS system configuration profiles to managed machines.
+- Deploy macOS system configuration profiles to managed machines.
-- Running an arbitrary admin-configured tool/script on managed machines. 
+- Run an arbitrary admin-configured tool/script on managed machines.
 
-The majority of modern MDM solutions include these features, however, they may call them differently.
+Most modern MDM solutions include these features, however, they may call them differently.
 
-You can deploy Defender without the last requirement from the list above, however:
+You can deploy Defender without the last requirement from the preceding list, however:
 
-- You won't be able to collect status in a centralized way
+- You will not be able to collect status in a centralized way
-- If you decide to uninstall Defender, you'll need to logon to the client machine locally as an administrator
+- If you decide to uninstall Defender, you will need to logon to the client machine locally as an administrator
 
 ## Deployment
 
-Most MDM solution use the same model for managing macOS machines, with similar terminology.
+Most MDM solutions use the same model for managing macOS machines, with similar terminology. Use [JAMF-based deployment](microsoft-defender-atp-mac-install-with-jamf.md) as a template.
-Use [JAMF-based deployment](microsoft-defender-atp-mac-install-with-jamf.md) as a template.
 
 ### Package
 
 Configure deployment of a [required application package](microsoft-defender-atp-mac-install-with-jamf.md#package), 
-with the installation package (wdav.pkg) downloaded from [ATP](microsoft-defender-atp-mac-install-with-jamf.md#download-installation-and-onboarding-packages).
+with the installation package (wdav.pkg) downloaded from [Microsoft Defender Security Center](microsoft-defender-atp-mac-install-with-jamf.md#download-installation-and-onboarding-packages).
 
-Your MDM solution can allow you uploading of an arbitrary application package, or require you to wrap it into a custom package first. 
+In order to deploy the package to your enterprise, use the instructions associated with your MDM solution.
 
 ### License settings
 
 Set up [a system configuration profile](microsoft-defender-atp-mac-install-with-jamf.md#configuration-profile). 
 Your MDM solution may call it something like "Custom Settings Profile", as Microsoft Defender ATP for Mac is not part of macOS.
 
-Use the property list, jamf/WindowsDefenderATPOnboarding.plist, which can extracted from an onboarding package downloaded from [ATP](microsoft-defender-atp-mac-install-with-jamf.md#download-installation-and-onboarding-packages).
+Use the property list, jamf/WindowsDefenderATPOnboarding.plist, which can be extracted from an onboarding package downloaded from [Microsoft Defender Security Center](microsoft-defender-atp-mac-install-with-jamf.md#download-installation-and-onboarding-packages).
-Your system may support an arbitrary property list in XML format. You can just upload the jamf/WindowsDefenderATPOnboarding.plist file as-is in that case. 
+Your system may support an arbitrary property list in XML format. You can upload the jamf/WindowsDefenderATPOnboarding.plist file as-is in that case.
 Alternatively, it may require you to convert the property list to a different format first.
 
-Note that your custom profile would have an id, name or domain attribute. You must use exactly "com.microsoft.wdav.atp". 
+Typically, your custom profile has an id, name, or domain attribute. You must use exactly "com.microsoft.wdav.atp" for this value.
-MDM will use it to deploy the settings file to **/Library/Managed Preferences/com.microsoft.wdav.atp.plist** on a client machine, and Defender will use this file for loading onboarding info.
+MDM uses it to deploy the settings file to **/Library/Managed Preferences/com.microsoft.wdav.atp.plist** on a client machine, and Defender uses this file for loading the onboarding information.
 
-### KEXT
+### Kernel extension policy
 
 Set up a KEXT or kernel extension policy. Use team identifier **UBF8T346G9** to whitelist kernel extensions provided by Microsoft.
 
-## Was it successful?
+## Check installation status
 
-Run [mdatp](microsoft-defender-atp-mac-install-with-jamf.md#check-onboarding-status) on a client machine.
+Run [mdatp](microsoft-defender-atp-mac-install-with-jamf.md#check-onboarding-status) on a client machine to check the onboarding status.

windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md

@@ -20,6 +20,10 @@ ms.topic: conceptual
 
 # Set preferences for Microsoft Defender ATP for Mac
 
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
+
 >[!IMPORTANT]
 >This topic contains instructions for how to set preferences for Microsoft Defender ATP for Mac in enterprise environments. If you are interested in configuring the product on a device from the command-line, please refer to the [Resources](microsoft-defender-atp-mac-resources.md#configuring-from-the-command-line) page.
 

windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-privacy.md

@@ -20,6 +20,10 @@ ms.topic: conceptual
 
 # Privacy for Microsoft Defender ATP for Mac
 
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
+
 Microsoft is committed to providing you with the information and controls you need to make choices about how your data is collected and used when you’re using Microsoft Defender ATP for Mac.
 
 This topic describes the privacy controls available within the product, how to manage these controls with policy settings and more details on the data events that are collected.

windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md

@@ -22,10 +22,7 @@ ms.topic: conceptual
 
 **Applies to:**
 
-[Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
-
->[!IMPORTANT]
->This topic relates to the pre-release version of Microsoft Defender ATP for Mac. Microsoft Defender ATP for Mac is not yet widely available. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 ## Collecting diagnostic information
 
@@ -66,21 +63,11 @@ If an error occurs during installation, the installer will only report a general
 
 The detailed log will be saved to /Library/Logs/Microsoft/mdatp/install.log. If you experience issues during installation, send us this file so we can help diagnose the cause.
 
-## Upgrade
-
-We distribute our updates via Microsoft Auto Update (MAU). You can check for MAU settings in main application's menu (Help => Check For Product Updates...):
-
-    ![MAU screenshot](images/MDATP_34_MAU.png)
-
-**Q**: Can MDATP for Mac be updated without MAU?
-
-**A**: In the current release, MDATP for Mac product updates are done via MAU. While advanced manageability experts may be able to set up the product updates without MAU, this scenario is not explicitly supported. We will monitor customer interest in this scenario to evaluate its importance relative to other product advancements.
-
 ## Uninstalling
 
 There are several ways to uninstall Microsoft Defender ATP for Mac. Please note that while centrally managed uninstall is available on JAMF, it is not yet available for Microsoft Intune.
 
-### Within the GUI
+### Interactive uninstallation
 
 - Open **Finder > Applications**. Right click on **Microsoft Defender ATP > Move to Trash**.
 
@@ -114,7 +101,7 @@ Important tasks, such as controlling product settings and triggering on-demand s
 
 In the Microsoft Defender ATP portal, you'll see two categories of information:
 
-- AV alerts, including:
+- Antivirus alerts, including:
   - Severity
   - Scan type
   - Device information (hostname, machine identifier, tenant identifier, app version, and OS type)
@@ -133,7 +120,5 @@ In the Microsoft Defender ATP portal, you'll see two categories of information:
 
 ## Known issues
 
-- Not fully optimized for performance or disk space yet.
 - Full Microsoft Defender ATP integration is not available yet.
-- Mac devices that switch networks may appear multiple times in the Microsoft Defender ATP portal.
 - Centrally managed uninstall via Intune is still in development. As an alternative, manually uninstall Microsoft Defender ATP for Mac from each client device.

windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-updates.md

@@ -0,0 +1,144 @@
+---
+title: Deploy updates for Microsoft Defender ATP for Mac
+ms.reviewer: 
+description: Describes how to control updates for Microsoft Defender ATP for Mac in enterprise environments.
+keywords: microsoft, defender, atp, mac, updates, deploy
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dansimp
+author: dansimp
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: conceptual
+---
+
+# Deploy updates for Microsoft Defender ATP for Mac
+
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md)
+
+Microsoft regularly publishes software updates to improve performance, security, and to deliver new features.
+
+To update Microsoft Defender ATP for Mac, a program named Microsoft AutoUpdate (MAU) is used. By default, MAU automatically checks for updates daily, but you can change that to weekly, monthly, or manually.
+
+![MAU screenshot](images/MDATP_34_MAU.png)
+
+If you decide to deploy updates by using your software distribution tools, you should configure MAU to manually check for software updates. You can deploy preferences to configure how and when MAU checks for updates for the Macs in your organization.
+
+## Use msupdate
+
+MAU includes a command line tool, called *msupdate*, that is designed for IT administrators so that they have more precise control over when updates are applied. Instructions for how to use this tool can be found in [Update Office for Mac by using msupdate](https://docs.microsoft.com/en-us/deployoffice/mac/update-office-for-mac-using-msupdate).
+
+In MAU, the application identifier for Microsoft Defender ATP for Mac is *WDAV00*. To download and install the latest updates for Microsoft Defender ATP for Mac, execute the following command from a Terminal window:
+
+```
+./msupdate --install --apps wdav00
+```
+
+## Set preferences for Microsoft AutoUpdate
+
+This section describes the most common preferences that can be used to configure MAU. These settings can be deployed as a configuration profile through the management console that your enterprise is using. An example of a configuration profile is shown in the following sections.
+
+### Set the channel name
+
+The channel determines the type and frequency of updates that are offered through MAU. Devices in `InsiderFast` (corresponding to the Insider Fast channel) can try out new features before devices in `External` (corresponding to the Insider Slow channel) and `Production`. 
+
+The `Production` channel contains the most stable version of the product.
+
+>[!TIP]
+>Microsoft recommends keeping some devices in your enterprise either in `InsiderFast` or `External` in order to preview new features and provide early feedback.
+
+|||
+|:---|:---|
+| **Domain** | com.microsoft.autoupdate2 |
+| **Key** | ChannelName |
+| **Data type** | String |
+| **Possible values** | InsiderFast <br/> External <br/> Production |
+
+### Set update check frequency
+
+Change how often MAU searches for updates.
+
+|||
+|:---|:---|
+| **Domain** | com.microsoft.autoupdate2 |
+| **Key** | UpdateCheckFrequency |
+| **Data type** | Integer |
+| **Default value** | 720 (minutes) |
+| **Comment** | This value is set in minutes. |
+
+### Change how MAU interacts with updates
+
+Change how MAU searches for updates.
+
+|||
+|:---|:---|
+| **Domain** | com.microsoft.autoupdate2 |
+| **Key** | HowToCheck |
+| **Data type** | String |
+| **Possible values** | Manual <br/> AutomaticCheck <br/> AutomaticDownload |
+| **Comment** |  Note that AutomaticDownload will do a download and install silently if possible. |
+
+### Disable Insider checkbox
+
+Set to true to make the "Join the Office Insider Program..." checkbox unavailable / greyed out to users.
+
+|||
+|:---|:---|
+| **Domain** | com.microsoft.autoupdate2 |
+| **Key** | DisableInsiderCheckbox |
+| **Data type** | Boolean |
+| **Possible values** | False (default) <br/> True |
+
+### Limit the telemetry that is sent from MAU
+
+Set to false to send minimal heartbeat data, no application usage, and no environment details.
+
+|||
+|:---|:---|
+| **Domain** | com.microsoft.autoupdate2 |
+| **Key** | SendAllTelemetryEnabled |
+| **Data type** | Boolean |
+| **Possible values** | True (default) <br/> False |
+
+## Example configuration profile
+
+The following configuration profile is used to:
+- Place the device in the Insider Fast channel
+- Automatically download and install updates
+- Enable the "Check for updates" button in the user interface
+- Allow users on the device to enroll into the Insider channels
+
+```XML
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>ChannelName</key>
+	<string>InsiderFast</string>
+	<key>HowToCheck</key>
+	<string>AutomaticDownload</string>
+	<key>EnableCheckForUpdatesButton</key>
+	<true/>
+    <key>DisableInsiderCheckbox</key>
+    <false/>
+	<key>SendAllTelemetryEnabled</key>
+	<true/>
+</dict>
+</plist>
+```
+
+To configure MAU, you can deploy this configuration profile from the management tool that your enterprise is using:
+- From JAMF, upload this configuration profile and set the Preference Domain to *com.microsoft.autoupdate2*.
+- From Intune, upload this configuration profile and set the custom configuration profile name to *com.microsoft.autoupdate2*.
+
+## Resources
+
+- [msupdate reference](https://docs.microsoft.com/en-us/deployoffice/mac/update-office-for-mac-using-msupdate)

windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md

@@ -20,62 +20,37 @@ ms.topic: conceptual
 
 # Microsoft Defender Advanced Threat Protection for Mac
 
->[!IMPORTANT]
+This topic describes how to install, configure, update, and use Microsoft Defender ATP for Mac.
->This topic relates to the pre-release version of Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac. Microsoft Defender ATP for Mac is not yet widely available. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
-This topic describes how to install and use Microsoft Defender ATP for Mac.
+> [!CAUTION]
+> Running other third-party endpoint protection products alongside Microsoft Defender ATP for Mac may lead to performance problems and unpredictable side effects.
 
-## What’s new in the public preview
+## What’s new in the latest release
 
-Since opening the limited preview, we've been working non-stop to enhance the product, by listening to customer feedback. We've reduced the time it takes for devices to appear in Microsoft Defender Security Center, immediately following deployment. We've improved threat handling, enhanced the user experience, and fixed bugs. Other updates to Microsoft Defender ATP for Mac include:
+Since the announcement of the public preview, Microsoft has been working non-stop to enhance the product, by listening to customer feedback. We've added management features and more granular controls for diagnostic data collection, refined the user experience, and fixed bugs.
 
-- Enhanced accessibility
+If you have any feedback that you would like to share, submit it by opening Microsoft Defender ATP for Mac on your device and navigating to **Help** > **Send feedback**.
-- Improved performance
-- improved client product health monitoring
-- Localization into 37 languages
-- Improved anti-tampering protections
-- Feedback and samples can now be submitted via the interface.
-- Product health can be queried with JAMF or the command line.
-- Admins can set their cloud preference for any location, not just for those in the US.
 
-## Installing and configuring
+## How to install Microsoft Defender ATP for Mac
-
-There are several methods and deployment tools that you can use to install and configure Microsoft Defender ATP for Mac.
-
-In general you'll need to take the following steps:
-
-- Ensure you have a Microsoft Defender ATP subscription and have access to the Microsoft Defender ATP Portal
-- Deploy Microsoft Defender ATP for Mac using one of the following deployment methods:
-  - Via the command line tool:
-    - [Manual deployment](microsoft-defender-atp-mac-install-manually.md)
-  - Via third party tools:
-    - [Microsoft Intune-based deployment](microsoft-defender-atp-mac-install-with-intune.md)
-    - [JAMF-based deployment](microsoft-defender-atp-mac-install-with-jamf.md)
-    - [Other MDM products](microsoft-defender-atp-mac-install-with-other-mdm.md)
-
-Whichever method you choose, you will first need to visit the onboarding page in the Microsoft Defender ATP portal.
-
-Once installed, you can configure the product in your enterprise using the steps in [Set preferences for Microsoft Defender ATP for Mac](microsoft-defender-atp-mac-preferences.md).
 
 ### Prerequisites
 
-You should have beginner-level experience in macOS and BASH scripting. You must have administrative privileges on the machine.
+- Microsoft Defender ATP subscription
+- Access to the Microsoft Defender Security Center portal
+- Beginner-level experience in macOS and BASH scripting
+- Administrative privileges on the device (in case of manual deployment)
 
-You should also have access to Microsoft Defender Security Center.
+### System requirements
-
-### System Requirements
-
-- macOS version: 10.14 (Mojave), 10.13 (High Sierra), 10.12 (Sierra)
-- Disk space during preview: 1GB
-
-Beta versions of macOS are not supported.
 
 > [!CAUTION]
-> Running other third-party endpoint protection alongside Microsoft Defender ATP for Mac may lead to performance problems and unpredictable side effects.
+> The three most recent released versions of macOS are supported. Beta versions of macOS are not supported.
+
+- Supported macOS versions: 10.14 (Mojave), 10.13 (High Sierra), 10.12 (Sierra)
+- Disk space: 650 MB
 
 After you've enabled the service, you may need to configure your network or firewall to allow outbound connections between it and your endpoints.
 
-The following table lists the services and their associated URLs that your network must be able to connect to. You should ensure there are no firewall or network filtering rules that would deny access to these URLs, or you may need to create an **allow** rule specifically for them:
+The following table lists the services and their associated URLs that your network must be able to connect to. You should ensure that there are no firewall or network filtering rules that would deny access to these URLs, or you may need to create an *allow* rule specifically for them:
 
 | Service        | Description                          | URL                                                                  |
 | -------------- | ------------------------------------ | -------------------------------------------------------------------- |
@@ -86,18 +61,45 @@ To test that a connection is not blocked, open [https://x.cp.wd.microsoft.com/ap
 If you prefer the command line, you can also check the connection by running the following command in Terminal:
 
 ```bash
-testuser$ curl -w ' %{url_effective}\n' 'https://x.cp.wd.microsoft.com/api/report' 'https://cdn.x.cp.wd.microsoft.com/ping'
+curl -w ' %{url_effective}\n' 'https://x.cp.wd.microsoft.com/api/report' 'https://cdn.x.cp.wd.microsoft.com/ping'
 ```
 
-The output from this command should look like this:
+The output from this command should be similar to the following:
 
 > `OK https://x.cp.wd.microsoft.com/api/report`
 >
 > `OK https://cdn.x.cp.wd.microsoft.com/ping`
 
+> [!CAUTION]
+> We recommend that you keep [System Integrity Protection](https://support.apple.com/en-us/HT204899) (SIP) enabled on client machines. SIP is a built-in macOS security feature that prevents low-level tampering with the OS, and is enabled by default.
 
-We recommend that you keep [System Integrity Protection](https://support.apple.com/en-us/HT204899) (SIP) enabled on client machines. SIP is a built-in macOS security feature that prevents low-level tampering with the OS, and is enabled by default.
+### Installation instructions
+
+There are several methods and deployment tools that you can use to install and configure Microsoft Defender ATP for Mac.
+
+In general you need to take the following steps:
+
+- Ensure that you have a Microsoft Defender ATP subscription and have access to the Microsoft Defender ATP Portal
+- Deploy Microsoft Defender ATP for Mac using one of the following deployment methods:
+  - Via third-party management tools:
+    - [Microsoft Intune-based deployment](microsoft-defender-atp-mac-install-with-intune.md)
+    - [JAMF-based deployment](microsoft-defender-atp-mac-install-with-jamf.md)
+    - [Other MDM products](microsoft-defender-atp-mac-install-with-other-mdm.md)
+  - Via the command-line tool:
+    - [Manual deployment](microsoft-defender-atp-mac-install-manually.md)
+
+## How to update Microsoft Defender ATP for Mac
+
+Microsoft regularly publishes software updates to improve performance, security, and to deliver new features. To update Microsoft Defender ATP for Mac, a program named Microsoft AutoUpdate (MAU) is used.
+
+To read more on how to configure MAU in enterprise environments, refer to [Deploy updates for Microsoft Defender ATP for Mac](microsoft-defender-atp-mac-updates.md)
+
+## How to configure Microsoft Defender ATP for Mac
+
+Guidance for how to configure the product in enterprise environments is available in [Set preferences for Microsoft Defender ATP for Mac](microsoft-defender-atp-mac-preferences.md).
 
 ## Resources
 
-For additional information about logging, uninstalling, or known issues, see our [Resources](microsoft-defender-atp-mac-resources.md) page.
+- For more information about logging, uninstalling, or known issues, see the [Resources](microsoft-defender-atp-mac-resources.md) page.
+
+- [Privacy for Microsoft Defender ATP for Mac](microsoft-defender-atp-mac-privacy.md)