From 9dbdacde70e0ad5263d03e6b17eb42d70a862a3e Mon Sep 17 00:00:00 2001
From: Mark Thomas <66015890+mthomas-1@users.noreply.github.com>
Date: Fri, 9 Oct 2020 14:44:54 +0100
Subject: [PATCH] Update configure-proxy-internet.md

Updated MMA Section
---
 .../microsoft-defender-atp/configure-proxy-internet.md       | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md
index 2e587b1c0b..986f1886c2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md
@@ -156,10 +156,13 @@ Please see the following guidance to eliminate the wildcard (*) requirement for
 
 ![Image of administrator in Windows PowerShell](images/admin-powershell.png)
 
-The *.ods.opinsights.azure.com, *.oms.opinsights.azure.com and *.agentsvc.azure-automation.net URL endpoints can be replaced with your specific Workspace ID. The Workspace ID is specific to your environment and workspace and can be found in the Onboarding section of your tenant within the Microsoft Defender Security Center portal
+The wildcards (*) used in *.ods.opinsights.azure.com, *.oms.opinsights.azure.com, and *.agentsvc.azure-automation.net URL endpoints can be replaced with your specific Workspace ID. The Workspace ID is specific to your environment and workspace and can be found in the Onboarding section of your tenant within the Microsoft Defender Security Center portal.
 
 The *.blob.core.windows.net URL endpoint can be replaced with the URLs shown in the “Firewall Rule: *.blob.core.windows.net” section of the test results. 
 
+> [!NOTE]
+> In the case of onboarding via Azure Security Center (ASC), multiple workspaces maybe used. You will need to perform the TestCloudConnection.exe procedure above on an onboarded machine from each workspace (to determine if there are any changes to the *.blob.core.windows.net URLs between the workspaces).
+
 ## Verify client connectivity to Microsoft Defender ATP service URLs
 
 Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Microsoft Defender ATP service URLs.