From b1fe035918fd46595d3a13662059191d1372af87 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 20 Aug 2020 13:49:36 -0700
Subject: [PATCH 01/66] Create mcafee-to-microsoft-defender-migration.md

---
 .../mcafee-to-microsoft-defender-migration.md | 56 +++++++++++++++++++
 1 file changed, 56 insertions(+)
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md
new file mode 100644
index 0000000000..d27a685af8
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md
@@ -0,0 +1,56 @@
+---
+title: Migrate from McAfee to Microsoft Defender ATP
+description: Make the switch from McAfee to Microsoft Defender ATP
+keywords: migration, windows defender advanced threat protection, atp, edr
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: deniseb
+author: denisebmsft
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: 
+- M365-security-compliance
+- m365solution-symantecmigrate
+- m365solution-overview 
+ms.topic: article
+---
+
+# Migrate from McAfee to Microsoft Defender Advanced Threat Protection
+
+If you are planning to switch from McAfee Endpoint Security (McAfee) to [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection) (Microsoft Defender ATP), you're in the right place. Use this article as a guide to plan your migration.  
+
+## The migration process
+
+When you switch from McAfee to Microsoft Defender ATP, you follow a process that can be divided into three phases, as described in the following table:
+
+|Phase |Description |
+|--|--|
+|[![Phase 1: Prepare](images/prepare.png)](symantec-to-microsoft-defender-atp-prepare.md)<br/>[Prepare for your migration](symantec-to-microsoft-defender-atp-prepare.md) |During the **Prepare** phase, you get Microsoft Defender ATP, plan your roles and permissions, and grant access to the Microsoft Defender Security Center. You also configure your device proxy and internet settings to enable communication between your organization's devices and Microsoft Defender ATP. |
+|[![Phase 2: Set up](images/setup.png)](symantec-to-microsoft-defender-atp-setup.md)<br/>[Set up Microsoft Defender ATP](symantec-to-microsoft-defender-atp-setup.md) |During the **Setup** phase, you configure settings and exclusions for Microsoft Defender Antivirus, Microsoft Defender ATP, and Symantec Endpoint Protection. You also create device groups, collections, and organizational units. Finally, you configure your antimalware policies and real-time protection settings.|
+|[![Phase 3: Onboard](images/onboard.png)](symantec-to-microsoft-defender-atp-onboard.md)<br/>[Onboard to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-onboard.md) |During the **Onboard** phase, you onboard your devices to Microsoft Defender ATP and verify that those devices are communicating with Microsoft Defender ATP. Last, you uninstall Symantec and make sure protection through Microsoft Defender ATP is in active mode. |
+
+## What's included in Microsoft Defender ATP?
+
+In this migration guide, we focus on [next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) and [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) capabilities as a starting point for moving to Microsoft Defender ATP. However, Microsoft Defender ATP includes much more than antivirus and endpoint protection. Microsoft Defender ATP is a unified platform for preventative protection, post-breach detection, automated investigation, and response. The following table summarizes features and capabilities in Microsoft Defender ATP. 
+
+| Feature/Capability | Description |
+|---|---|
+| [Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) | Threat & Vulnerability Management capabilities helps identify, assess, and remediate weaknesses across your endpoints (such as devices). |
+| [Attack surface reduction](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction) | Attack surface reduction rules help protect your organization's devices and applications from cyberthreats and attacks. |
+| [Next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) | Next-generation protection includes Microsoft Defender Antivirus to help block threats and malware. |
+| [Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) | Endpoint detection and response capabilities detect, investigate, and respond to intrusion attempts and active breaches.  |
+| [Advanced hunting](advanced-hunting-overview.md) | Advanced hunting capabilities enable your security operations team to locate indicators and entities of known or potential threats. |
+| [Behavioral blocking and containment](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment) | Behavioral blocking and containment capabilities help identify and stop threats, based on their behaviors and process trees even when the threat has started execution. |
+| [Automated investigation and remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations) | Automated investigation and response capabilities examine alerts and take immediate remediation action to resolve breaches. |
+| [Threat hunting service](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts) (Microsoft Threat Experts) | Threat hunting services provide security operations teams with expert level monitoring and analysis, and to help ensure that critical threats aren't missed. |
+
+**Want to learn more? See [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection).**
+
+## Next step
+
+- Proceed to [Prepare for your migration](symantec-to-microsoft-defender-atp-prepare.md).

From 23c4458555244f64d2f34004d007c034856ea115 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 20 Aug 2020 13:51:04 -0700
Subject: [PATCH 02/66] Create mcafee-to-microsoft-defender-onboard.md

---
 .../mcafee-to-microsoft-defender-onboard.md   | 100 ++++++++++++++++++
 1 file changed, 100 insertions(+)
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md
new file mode 100644
index 0000000000..88b63ef663
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md
@@ -0,0 +1,100 @@
+---
+title: Phase 3 - Onboard to Microsoft Defender ATP
+description: Make the switch from McAfee to Microsoft Defender ATP
+keywords: migration, windows defender advanced threat protection, atp, edr
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: deniseb
+author: denisebmsft
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: 
+- M365-security-compliance 
+- m365solution-symantecmigrate
+ms.topic: article
+---
+
+# Migrate from McAfee - Phase 3: Onboard to Microsoft Defender ATP
+
+|[![Phase 1: Prepare](images/prepare.png)](symantec-to-microsoft-defender-atp-prepare.md)<br/>[Phase 1: Prepare](symantec-to-microsoft-defender-atp-prepare.md) |[![Phase 2: Set up](images/setup.png)](symantec-to-microsoft-defender-atp-setup.md)<br/>[Phase 2: Set up](symantec-to-microsoft-defender-atp-setup.md) |![Phase 3: Onboard](images/onboard.png)<br/>Phase 3: Onboard |
+|--|--|--|
+|| |*You are here!* |
+
+
+**Welcome to Phase 3 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)**. This migration phase includes the following steps:
+
+1. [Onboard devices to Microsoft Defender ATP](#onboard-devices-to-microsoft-defender-atp).
+2. [Run a detection test](#run-a-detection-test).
+3. [Uninstall Symantec](#uninstall-symantec).
+4. [Make sure Microsoft Defender ATP is in active mode](#make-sure-microsoft-defender-atp-is-in-active-mode).
+
+## Onboard devices to Microsoft Defender ATP
+
+1. Go to the Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)) and sign in.
+
+2. Choose **Settings** > **Device management** > **Onboarding**. 
+
+3. In the **Select operating system to start onboarding process** list, select an operating system. 
+
+4. Under **Deployment method**, select an option. Follow the links and prompts to onboard your organization's devices. Need help? See [Onboarding methods](#onboarding-methods).
+
+### Onboarding methods
+ 
+Deployment methods vary, depending on which operating system is selected. Refer to the resources listed in the table below to get help with onboarding.
+
+|Operating system  |Method  |
+|---------|---------|
+|Windows 10     |- [Group Policy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp)<br/>- [Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm)<br/>- [Mobile Device Management (Intune)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm)<br/>- [Local script](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script) <br/><br/>**NOTE**: A local script is suitable for a proof of concept but should not be used for production deployment. For a production deployment, we recommend using Group Policy, Microsoft Endpoint Configuration Manager, or Intune.         |
+|- Windows 8.1 Enterprise <br/>- Windows 8.1 Pro <br/>- Windows 7 SP1 Enterprise <br/>- Windows 7 SP1 Pro     | [Microsoft Monitoring Agent](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#install-and-configure-microsoft-monitoring-agent-mma-to-report-sensor-data-to-microsoft-defender-atp)<br/><br/>**NOTE**: Microsoft Monitoring Agent is now Azure Log Analytics agent. To learn more, see [Log Analytics agent overview](https://docs.microsoft.com/azure/azure-monitor/platform/log-analytics-agent).        |
+|- Windows Server 2019 and later <br/>- Windows Server 2019 core edition <br/>- Windows Server version 1803 and later |- [Local script](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script) <br/>- [Group Policy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp) <br/>- [Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm) <br/>- [System Center Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm#onboard-windows-10-devices-using-earlier-versions-of-system-center-configuration-manager) <br/>- [VDI onboarding scripts for non-persistent devices](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi) <br/><br/>**NOTE**: A local script is suitable for a proof of concept but should not be used for production deployment. For a production deployment, we recommend using Group Policy, Microsoft Endpoint Configuration Manager, or Intune.    |
+|- Windows Server 2016 <br/>- Windows Server 2012 R2 <br/>- Windows Server 2008 R2 SP1  |- [Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints#option-1-onboard-servers-through-microsoft-defender-security-center)<br/>- [Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-wdatp) |
+|macOS<br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave)<br/>- 10.13 (High Sierra)<br/><br/>iOS<br/><br/>Linux:<br/>- RHEL 7.2+<br/>- CentOS Linux 7.2+<br/>- Ubuntu 16 LTS, or higher LTS<br/>- SLES 12+<br/>- Debian 9+<br/>- Oracle Linux 7.2 |[Onboard non-Windows devices](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows)  |
+
+## Run a detection test
+
+To verify that your onboarded devices are properly connected to Microsoft Defender ATP, you can run a detection test.
+
+
+|Operating system  |Guidance  |
+|---------|---------|
+|- Windows 10 <br/>- Windows Server 2019 <br/>- Windows Server, version 1803 <br/>- Windows Server 2016 <br/>- Windows Server 2012 R2     |See [Run a detection test](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/run-detection-test). <br/><br/>Visit the Microsoft Defender ATP demo scenarios site ([https://demo.wd.microsoft.com](https://demo.wd.microsoft.com)) and try one or more of the scenarios. For example, try the **Cloud-delivered protection** demo scenario.         |
+|macOS<br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave)<br/>- 10.13 (High Sierra)     |Download and use the DIY app at [https://aka.ms/mdatpmacosdiy](https://aka.ms/mdatpmacosdiy). <br/><br/>For more information, see [Microsoft Defender Advanced Threat Protection for Mac](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac).        |
+|Linux:<br/>- RHEL 7.2+<br/>- CentOS Linux 7.2+<br/>- Ubuntu 16 LTS, or higher LTS<br/>- SLES 12+<br/>- Debian 9+<br/>- Oracle Linux 7.2 |1. Run the following command, and look for a result of **1**: <br/>`mdatp health --field real_time_protection_enabled`. <br/><br/>2. Open a Terminal window, and run the following command: <br/>`curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt`. <br/><br/>3. Run the following command to list any detected threats: <br/>`mdatp threat list`. <br/><br/>For more information, see [Microsoft Defender ATP for Linux](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux). |
+
+## Uninstall Symantec
+
+Now that you have onboarded your organization's devices to Microsoft Defender ATP, your next step is to uninstall Symantec.
+
+1. [Disable Tamper Protection](https://knowledge.broadcom.com/external/article?legacyId=tech192023) in Symantec.
+
+2. Delete the uninstall password for Symantec:
+   1. On your Windows devices, open Registry Editor as an administrator.
+   2. Go to `HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC`.
+   3. Look for an entry named **SmcInstData**. Right-click the item, and then choose **Delete**. 
+
+3. Remove Symantec from your devices. If you need help with this, see the following Broadcom resources: 
+   - [Uninstall Symantec Endpoint Protection](https://knowledge.broadcom.com/external/article/156148/uninstall-symantec-endpoint-protection.html)
+   - Windows devices: [Manually uninstall Endpoint Protection 14 clients on Windows](https://knowledge.broadcom.com/external/article?articleId=170040)
+   - macOS computers: [Remove Symantec software for Mac using RemoveSymantecMacFiles](https://knowledge.broadcom.com/external/article?articleId=151387)
+   - Linux devices: [Frequently Asked Questions for Endpoint Protection for Linux](https://knowledge.broadcom.com/external/article?articleId=162054)
+
+## Make sure Microsoft Defender ATP is in active mode
+
+Now that you have uninstalled Symantec, your next step is to make sure that Microsoft Defender Antivirus and endpoint detection and response are enabled and in active mode.
+
+To do this, visit the Microsoft Defender ATP demo scenarios site ([https://demo.wd.microsoft.com](https://demo.wd.microsoft.com)). Try one or more of the demo scenarios on that page, including at least the following:
+- Cloud-delivered protection
+- Potentially Unwanted Applications (PUA)
+- Network Protection (NP)
+
+## Next steps
+
+**Congratulations**! You have completed your [migration from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)! 
+
+- [Visit your security operations dashboard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard) in the Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)). 
+- [Manage Microsoft Defender Advanced Threat Protection, post migration](manage-atp-post-migration.md).

From 9d96795cde93220734b9b66aba86b4a51c7c413a Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 20 Aug 2020 13:52:57 -0700
Subject: [PATCH 03/66] Create mcafee-to-microsoft-defender-prepare.md

---
 .../mcafee-to-microsoft-defender-prepare.md   | 87 +++++++++++++++++++
 1 file changed, 87 insertions(+)
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
new file mode 100644
index 0000000000..3702b20f5a
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
@@ -0,0 +1,87 @@
+---
+title: Phase 1 - Prepare for your migration to Microsoft Defender ATP
+description: Phase 1 of "Make the switch from McAfee to Microsoft Defender ATP". Prepare for your migration.
+keywords: migration, windows defender advanced threat protection, atp, edr
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: deniseb
+author: denisebmsft
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: 
+- M365-security-compliance 
+- m365solution-McAfeemigrate
+ms.topic: article
+---
+
+# Migrate from McAfee - Phase 1: Prepare for your migration
+
+|![Phase 1: Prepare](images/prepare.png)<br/>Phase 1: Prepare |[![Phase 2: Set up](images/setup.png)](McAfee-to-microsoft-defender-atp-setup.md)<br/>[Phase 2: Set up](symantec-to-microsoft-defender-atp-setup.md) |[![Phase 3: Onboard](images/onboard.png)](symantec-to-microsoft-defender-atp-onboard.md)<br/>[Phase 3: Onboard](symantec-to-microsoft-defender-atp-onboard.md) |
+|--|--|--|
+|*You are here!*| | |
+
+
+**Welcome to the Prepare phase of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)**. 
+
+This migration phase includes the following steps:
+1. [Get Microsoft Defender ATP](#get-microsoft-defender-atp).
+2. [Grant access to the Microsoft Defender Security Center](#grant-access-to-the-microsoft-defender-security-center).
+3. [Configure device proxy and internet connectivity settings](#configure-device-proxy-and-internet-connectivity-settings).
+
+## Get Microsoft Defender ATP
+
+To get started, you must have Microsoft Defender ATP, with licenses assigned and provisioned.
+
+1. Buy or try Microsoft Defender ATP today. [Visit Microsoft Defender ATP to start a free trial or request a quote](https://aka.ms/mdatp). 
+
+2. Verify that your licenses are properly provisioned. [Check your license state](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#check-license-state).
+
+3. As a global administrator or security administrator, set up your dedicated cloud instance of Microsoft Defender ATP. See [Microsoft Defender ATP setup: Tenant configuration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#tenant-configuration).
+
+4. If endpoints (such as devices) in your organization use a proxy to access the internet, see [Microsoft Defender ATP setup: Network configuration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#network-configuration).
+ 
+At this point, you are ready to grant access to your security administrators and security operators who will use the Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)). 
+
+> [!NOTE]
+> The Microsoft Defender Security Center is sometimes referred to as the Microsoft Defender ATP portal. 
+
+## Grant access to the Microsoft Defender Security Center
+
+The Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)) is where you access and configure features and capabilities of Microsoft Defender ATP. To learn more, see [Overview of the Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use).
+
+Permissions to the Microsoft Defender Security Center can be granted by using either basic permissions or role-based access control (RBAC). We recommend using RBAC so that you have more granular control over permissions.
+
+1. Plan the roles and permissions for your security administrators and security operators. See [Role-based access control](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment#role-based-access-control).
+
+2. Set up and configure RBAC. We recommend using [Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune) to configure RBAC, especially if your organization is using a combination of Windows 10, macOS, iOS, and Android devices. See [setting up RBAC using Intune](https://docs.microsoft.com/mem/intune/fundamentals/role-based-access-control).
+
+    If your organization requires a method other than Intune, choose one of the following options:
+    - [Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/servers/deploy/configure/configure-role-based-administration)
+    - [Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm)
+    - [Windows Admin Center](https://docs.microsoft.com/windows-server/manage/windows-admin-center/overview)
+
+3. Grant access to the Microsoft Defender Security Center. (Need help? See [Manage portal access using RBAC](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/rbac)).
+
+## Configure device proxy and internet connectivity settings
+
+To enable communication between your devices and Microsoft Defender ATP, configure proxy and internet settings. The following table includes links to resources you can use to configure your proxy and internet settings for various operating systems and capabilities:
+
+|Capabilities  | Operating System | Resources |
+|--|--|--|
+|[Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) |- [Windows 10](https://docs.microsoft.com/windows/release-information) <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803)  |[Configure machine proxy and internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet) |
+|EDR |- [Windows Server 2016](https://docs.microsoft.com/windows/release-information/status-windows-10-1607-and-windows-server-2016) <br/>- [Windows Server 2012 R2](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/>- [Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/>- [Windows 8.1](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/>- [Windows 7 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1) |[Configure proxy and internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#configure-proxy-and-internet-connectivity-settings) |
+|EDR  |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra)  |[Microsoft Defender ATP for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
+|[Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) |- [Windows 10](https://docs.microsoft.com/windows/release-information) <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) <br/>- [Windows Server 2016](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-2016) |[Configure and validate Microsoft Defender Antivirus network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus)<br/> |
+|Antivirus |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra) |[Microsoft Defender ATP for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
+|Antivirus |Linux: <br/>- RHEL 7.2+<br/>- CentOS Linux 7.2+<br/>- Ubuntu 16 LTS, or higher LTS<br/>- SLES 12+<br/>- Debian 9+<br/>- Oracle Linux 7.2 |[Microsoft Defender ATP for Linux: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux#network-connections) 
+
+## Next step
+
+**Congratulations**! You have completed the **Prepare** phase of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)!
+
+- [Proceed to set up Microsoft Defender ATP](symantec-to-microsoft-defender-atp-setup.md).

From 82b01701457866624d1e2561405c8fae96f7fbd0 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 20 Aug 2020 13:53:57 -0700
Subject: [PATCH 04/66] Create mcafee-to-microsoft-defender-setup.md

---
 .../mcafee-to-microsoft-defender-setup.md     | 209 ++++++++++++++++++
 1 file changed, 209 insertions(+)
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
new file mode 100644
index 0000000000..309ae74145
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
@@ -0,0 +1,209 @@
+---
+title: Phase 2 - Set up Microsoft Defender ATP
+description: Phase 2 - Set up Microsoft Defender ATP
+keywords: migration, windows defender advanced threat protection, atp, edr
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: deniseb
+author: denisebmsft
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: 
+- M365-security-compliance
+- m365solution-symantecmigrate 
+ms.topic: article
+---
+
+# Migrate from McAfee - Phase 2: Set up Microsoft Defender ATP
+
+|[![Phase 1: Prepare](images/prepare.png)](symantec-to-microsoft-defender-atp-prepare.md)<br/>[Phase 1: Prepare](symantec-to-microsoft-defender-atp-prepare.md) |![Phase 2: Set up](images/setup.png)<br/>Phase 2: Set up |[![Phase 3: Onboard](images/onboard.png)](symantec-to-microsoft-defender-atp-onboard.md)<br/>[Phase 3: Onboard](symantec-to-microsoft-defender-atp-onboard.md) |
+|--|--|--|
+||*You are here!* | |
+
+
+**Welcome to the Setup phase of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)**. This phase includes the following steps:
+1. [Enable or reinstall Microsoft Defender Antivirus (for certain versions of Windows)](#enable-or-reinstall-microsoft-defender-antivirus-for-certain-versions-of-windows).
+2. [Enable Microsoft Defender Antivirus](#enable-microsoft-defender-antivirus).
+3. [Add Microsoft Defender ATP to the exclusion list for Symantec](#add-microsoft-defender-atp-to-the-exclusion-list-for-symantec).
+4. [Add Symantec to the exclusion list for Microsoft Defender Antivirus](#add-symantec-to-the-exclusion-list-for-microsoft-defender-antivirus).
+5. [Add Symantec to the exclusion list for Microsoft Defender ATP](#add-symantec-to-the-exclusion-list-for-microsoft-defender-atp).
+6. [Set up your device groups, device collections, and organizational units](#set-up-your-device-groups-device-collections-and-organizational-units).
+7. [Configure antimalware policies and real-time protection](#configure-antimalware-policies-and-real-time-protection).
+
+## Enable or reinstall Microsoft Defender Antivirus (for certain versions of Windows)
+
+> [!TIP]
+> If you're running Windows 10, you do not need to perform this task. Proceed to **[Enable Microsoft Defender Antivirus](#enable-microsoft-defender-antivirus)**.
+
+On certain versions of Windows, Microsoft Defender Antivirus might have been uninstalled or disabled. This is because Microsoft Defender Antivirus does not enter passive or disabled mode when you install a third-party antivirus product, such as Symantec. To learn more, see [Microsoft Defender Antivirus compatibility](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility). 
+
+Now that you're moving from Symantec to Microsoft Defender ATP, you'll need to enable or reinstall Microsoft Defender Antivirus, and set it to passive mode. 
+
+### Reinstall Microsoft Defender Antivirus on Windows Server
+
+> [!NOTE]
+> The following procedure applies only to endpoints or devices that are running the following versions of Windows:
+> - Windows Server 2019
+> - Windows Server, version 1803 (core-only mode)
+> - Windows Server 2016
+> 
+> Microsoft Defender Antivirus is built into Windows 10, but it might be disabled. In this case, proceed to [Enable Microsoft Defender Antivirus](#enable-microsoft-defender-antivirus).
+
+1. As a local administrator on the endpoint or device, open Windows PowerShell.
+
+2. Run the following PowerShell cmdlets: <br/>
+   `Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender-Features` <br/>
+   `Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender` <br/>
+
+3. To verify Microsoft Defender Antivirus is running, use the following PowerShell cmdlet: <br/>
+   `Get-Service -Name windefend`
+
+> [!TIP]
+> Need help? See [Microsoft Defender Antivirus on Windows Server 2016 and 2019](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016).
+
+### Set Microsoft Defender Antivirus to passive mode on Windows Server
+
+Because your organization is still using Symantec, you must set Microsoft Defender Antivirus to passive mode. That way, Symantec and Microsoft Defender Antivirus can run side by side until you have finished onboarding to Microsoft Defender ATP.
+
+1. Open Registry Editor, and then navigate to <br/>
+   `Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Windows Advanced Threat Protection`.
+
+2. Edit (or create) a DWORD entry called **ForceDefenderPassiveMode**, and specify the following settings:
+   - Set the DWORD's value to **1**.
+   - Under **Base**, select **Hexadecimal**.
+
+> [!NOTE]
+> You can use other methods to set the registry key, such as the following:
+>- [Group Policy Preference](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn581922(v=ws.11))
+>- [Local Group Policy Object tool](https://docs.microsoft.com/windows/security/threat-protection/security-compliance-toolkit-10#what-is-the-local-group-policy-object-lgpo-tool)
+>- [A package in Configuration Manager](https://docs.microsoft.com/mem/configmgr/apps/deploy-use/packages-and-programs)
+
+## Enable Microsoft Defender Antivirus
+
+Because your organization has been using Symantec as your primary antivirus solution, Microsoft Defender Antivirus is most likely disabled on your organization's Windows devices. This step of the migration process involves enabling Microsoft Defender Antivirus. 
+
+To enable Microsoft Defender Antivirus, we recommend using Intune. However, you can any of the methods that are listed in the following table:
+
+|Method  |What to do  |
+|---------|---------|
+|[Intune](https://docs.microsoft.com/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager) <br/><br/>**NOTE**: Intune is now Microsoft Endpoint Manager. |1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and sign in.<br/><br/>2. Select **Devices** > **Configuration profiles**, and then select the profile type you want to configure. If you haven't yet created a **Device restrictions** profile type, or if you want to create a new one, see [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure).<br/><br/>3. Select **Properties**, and then select **Configuration settings: Edit**.<br/><br/>4. Expand **Microsoft Defender Antivirus**. <br/><br/>5. Enable **Cloud-delivered protection**.<br/><br/>6. In the **Prompt users before sample submission** dropdown, select **Send all samples automatically**.<br/><br/>7. In the **Detect potentially unwanted applications** dropdown, select **Enable** or **Audit**.<br/><br/>8. Select **Review + save**, and then choose **Save**.<br/><br/>For more information about Intune device profiles, including how to create and configure their settings, see [What are Microsoft Intune device profiles?](https://docs.microsoft.com/intune/device-profiles).|
+|Control Panel in Windows     |Follow the guidance here: [Turn on Microsoft Defender Antivirus](https://docs.microsoft.com/mem/intune/user-help/turn-on-defender-windows). <br/><br/>**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.        |
+|[Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm/) <br/>or<br/>[Group Policy Management Console](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus)  |1. Go to `Computer configuration > Administrative templates > Windows components > Microsoft Defender Antivirus`. <br/><br/>2. Look for a policy called **Turn off Microsoft Defender Antivirus**.<br/> <br/>3. Choose **Edit policy setting**, and make sure that policy is disabled. This enables Microsoft Defender Antivirus. <br/><br/>**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows. |
+
+### Verify that Microsoft Defender Antivirus is in passive mode
+
+Microsoft Defender Antivirus can run alongside Symantec if you set Microsoft Defender Antivirus to passive mode. You can use either Command Prompt or PowerShell to perform this task, as described in the following table:
+
+|Method  |What to do  |
+|---------|---------|
+|Command Prompt     |1. On a Windows device, open Command Prompt as an administrator. <br/><br/>2. Type `sc query windefend`, and then press Enter.<br/><br/>3. Review the results to confirm that Microsoft Defender Antivirus is running in passive mode.         |
+|PowerShell     |1. On a Windows device, open Windows PowerShell as an administrator.<br/><br/>2. Run the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/Get-MpComputerStatus?view=win10-ps) cmdlet. <br/><br/>3. In the list of results, look for **AntivirusEnabled: True**.          |
+
+> [!NOTE]
+> You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.
+
+## Add Microsoft Defender ATP to the exclusion list for Symantec
+
+This step of the setup process involves adding Microsoft Defender ATP to the exclusion list for Symantec and any other security products your organization is using. The specific exclusions to configure depend on which version of Windows your endpoints or devices are running, and are listed in the following table:
+
+|OS |Exclusions |
+|--|--|
+|- Windows 10, [version 1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803) or later (See [Windows 10 release information](https://docs.microsoft.com/windows/release-information))<br/>- Windows 10, version 1703 or [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709) with [KB4493441](https://support.microsoft.com/help/4493441) installed <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server, version 1803](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) |`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe`<br/>  |
+|- [Windows 8.1](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2) <br/>- [Windows 7](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/>- [Windows Server 2016](https://docs.microsoft.com/windows/release-information/status-windows-10-1607-and-windows-server-2016)<br/>- [Windows Server 2012 R2](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/>- [Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1) |`C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 6\45\MsSenseS.exe`<br/><br/>**NOTE**: Where Monitoring Host Temporary Files 6\45 can be different numbered subfolders.<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\AgentControlPanel.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HSLockdown.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MOMPerfSnapshotHelper.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\TestCloudConnection.exe` |
+
+## Add Symantec to the exclusion list for Microsoft Defender Antivirus
+
+During this step of the setup process, you add Symantec and your other security solutions to the Microsoft Defender Antivirus exclusion list. 
+
+When you add [exclusions to Microsoft Defender Antivirus scans](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus), you should add path and process exclusions. Keep the following points in mind:
+- Path exclusions exclude specific files and whatever those files access.
+- Process exclusions exclude whatever a process touches, but does not exclude the process itself.
+- If you list each executable (.exe) as both a path exclusion and a process exclusion, the process and whatever it touches are excluded.
+- List your process exclusions using their full path and not by their name only. (The name-only method is less secure.)
+
+You can choose from several methods to add your exclusions to Microsoft Defender Antivirus, as listed in the following table:
+
+|Method | What to do|
+|--|--|
+|[Intune](https://docs.microsoft.com/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager) <br/><br/>**NOTE**: Intune is now Microsoft Endpoint Manager. |1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and sign in.<br/><br/>2. Select **Devices** > **Configuration profiles**, and then select the profile that you want to configure.<br/><br/>3. Under **Manage**, select **Properties**. <br/><br/>4. Select **Configuration settings: Edit**.<br/><br/>5. Expand **Microsoft Defender Antivirus**, and then expand **Microsoft Defender Antivirus Exclusions**.<br/><br/>6. Specify the files and folders, extensions, and processes to exclude from Microsoft Defender Antivirus scans. For reference, see [Microsoft Defender Antivirus exclusions](https://docs.microsoft.com/mem/intune/configuration/device-restrictions-windows-10#microsoft-defender-antivirus-exclusions).<br/><br/>7. Choose **Review + save**, and then choose **Save**.  |
+|[Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/mem/configmgr/) |1. Using the [Configuration Manager console](https://docs.microsoft.com/mem/configmgr/core/servers/manage/admin-console), go to **Assets and Compliance** > **Endpoint Protection** > **Antimalware Policies**, and then select the policy that you want to modify. <br/><br/>2. Specify exclusion settings for files and folders, extensions, and processes to exclude from Microsoft Defender Antivirus scans. |
+|[Group Policy Object](https://docs.microsoft.com/previous-versions/windows/desktop/Policy/group-policy-objects) | 1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.<br/><br/>2. In the **Group Policy Management Editor**, go to **Computer configuration** and click **Administrative templates**.<br/><br/>3. Expand the tree to **Windows components > Microsoft Defender Antivirus > Exclusions**.<br/>**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.<br/><br/>4. Double-click the **Path Exclusions** setting and add the exclusions.<br/>- Set the option to **Enabled**.<br/>- Under the **Options** section, click **Show...**.<br/>- Specify each folder on its own line under the **Value name** column.<br/>- If you specify a file, make sure to enter a fully qualified path to the file, including the drive letter, folder path, filename, and extension. Enter **0** in the **Value** column.<br/><br/>5. Click **OK**.<br/><br/>6. Double-click the **Extension Exclusions** setting and add the exclusions.<br/>- Set the option to **Enabled**.<br/>- Under the **Options** section, click **Show...**.<br/>- Enter each file extension on its own line under the **Value name** column.  Enter **0** in the **Value** column.<br/><br/>7. Click **OK**. |
+|Local group policy object |1. On the endpoint or device, open the Local Group Policy Editor. <br/><br/>2. Go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **Exclusions**. <br/>**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.<br/><br/>3. Specify your path and process exclusions. |
+|Registry key |1. Export the following registry key: `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\exclusions`.<br/><br/>2. Import the registry key. Here are two examples:<br/>- Local path: `regedit.exe /s c:\temp\ MDAV_Exclusion.reg` <br/>- Network share: `regedit.exe /s \\FileServer\ShareName\MDAV_Exclusion.reg` |
+
+## Add Symantec to the exclusion list for Microsoft Defender ATP
+
+To add exclusions to Microsoft Defender ATP, you create [indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators#create-indicators-for-files).
+
+1. Go to the Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)) and sign in.
+
+2. In the navigation pane, choose **Settings** > **Rules** > **Indicators**.
+
+3.  On the **File hashes** tab, choose **Add indicator**.
+
+3. On the **Indicator** tab, specify the following settings:
+   - File hash (Need help? See [Find a file hash using CMPivot](#find-a-file-hash-using-cmpivot) in this article.)
+   - Under **Expires on (UTC)**, choose **Never**.
+
+4. On the **Action** tab, specify the following settings:
+   - **Response Action**: **Allow**
+   - Title and description
+
+5. On the **Scope** tab, under **Device groups**, select either **All devices in my scope** or **Select from list**.
+
+6. On the **Summary** tab, review the settings, and then click **Save**.
+
+### Find a file hash using CMPivot
+
+CMPivot is an in-console utility for Configuration Manager. CMPivot provides access to the real-time state of devices in your environment. It immediately runs a query on all currently connected devices in the target collection and returns the results. To learn more, see [CMPivot overview](https://docs.microsoft.com/mem/configmgr/core/servers/manage/cmpivot-overview).
+
+To use CMPivot to get your file hash, follow these steps:
+
+1. Review the [prerequisites](https://docs.microsoft.com/mem/configmgr/core/servers/manage/cmpivot#prerequisites).
+
+2. [Start CMPivot](https://docs.microsoft.com/mem/configmgr/core/servers/manage/cmpivot#start-cmpivot). 
+
+3. Connect to Configuration Manager (`SCCM_ServerName.DomainName.com`).
+
+4. Select the **Query** tab.
+ 
+5. In the **Device Collection** list, and choose **All Systems (default)**.
+
+6. In the query box, type the following query:<br/>
+
+```kusto
+File(c:\\windows\\notepad.exe)
+| project Hash
+```
+> [!NOTE]
+> In the query above, replace *notepad.exe* with the your third-party security product process name. 
+
+## Set up your device groups, device collections, and organizational units
+
+| Collection type | What to do |
+|--|--|
+|[Device groups](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups) (formerly called machine groups) enable your security operations team to configure security capabilities, such as automated investigation and remediation.<br/><br/> Device groups are also useful for assigning access to those devices so that your security operations team can take remediation actions if needed. <br/><br/>Device groups are created in the Microsoft Defender Security Center. |1. Go to the Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)).<br/><br/>2. In the navigation pane on the left, choose **Settings** > **Permissions** > **Device groups**.  <br/><br/>3. Choose **+ Add device group**.<br/><br/>4. Specify a name and description for the device group.<br/><br/>5. In the **Automation level** list, select an option. (We recommend **Full - remediate threats automatically**.) To learn more about the various automation levels, see [How threats are remediated](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations#how-threats-are-remediated).<br/><br/>6. Specify conditions for a matching rule to determine which devices belong to the device group. For example, you can choose a domain, OS versions, or even use [device tags](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-tags). <br/><br/>7. On the **User access** tab, specify roles that should have access to the devices that are included in the device group. <br/><br/>8. Choose **Done**. |
+|[Device collections](https://docs.microsoft.com/mem/configmgr/core/clients/manage/collections/introduction-to-collections) enable your security operations team to manage applications, deploy compliance settings, or install software updates on the devices in your organization. <br/><br/>Device collections are created by using [Configuration Manager](https://docs.microsoft.com/mem/configmgr/). |Follow the steps in [Create a collection](https://docs.microsoft.com/mem/configmgr/core/clients/manage/collections/create-collections#bkmk_create). |
+|[Organizational units](https://docs.microsoft.com/azure/active-directory-domain-services/create-ou) enable you to logically group objects such as user accounts, service accounts, or computer accounts. You can then assign administrators to specific organizational units, and apply group policy to enforce targeted configuration settings.<br/><br/> Organizational units are defined in [Azure Active Directory Domain Services](https://docs.microsoft.com/azure/active-directory-domain-services). | Follow the steps in [Create an Organizational Unit in an Azure Active Directory Domain Services managed domain](https://docs.microsoft.com/azure/active-directory-domain-services/create-ou). |
+
+## Configure antimalware policies and real-time protection
+
+Using Configuration Manager and your device collection(s), configure your antimalware policies.
+
+- See [Create and deploy antimalware policies for Endpoint Protection in Configuration Manager](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-antimalware-policies).
+
+- While you create and configure your antimalware policies, make sure to review the [real-time protection settings](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-antimalware-policies#real-time-protection-settings) and [enable block at first sight](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus).
+
+> [!TIP]
+> You can deploy the policies before your organization's devices on onboarded.
+
+## Next step
+
+**Congratulations**! You have completed the Setup phase of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)!
+
+- [Proceed to Phase 3: Onboard to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-onboard.md)

From 398411d817bde12973d5f04726e8ef2e22de6591 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 20 Aug 2020 13:55:01 -0700
Subject: [PATCH 05/66] Update TOC.md

---
 windows/security/threat-protection/TOC.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 24e94ee4c1..bd1727d3c7 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -21,12 +21,12 @@
 ### [Phase 3: Onboard](microsoft-defender-atp/onboarding.md)
 
 ## [Migration guides]()
-### [Migrate from Symantec to Microsoft Defender ATP]()
+### [Switch from Symantec to Microsoft Defender ATP]()
 #### [Get an overview of migration](microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md)
 #### [Prepare for your migration](microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md)
 #### [Set up Microsoft Defender ATP](microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md)
 #### [Onboard to Microsoft Defender ATP](microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md)
-### [Manage Microsoft Defender ATP post migration]()
+### [Manage Microsoft Defender ATP after migration]()
 #### [Overview](microsoft-defender-atp/manage-atp-post-migration.md)
 #### [Intune (recommended)](microsoft-defender-atp/manage-atp-post-migration-intune.md)
 #### [Configuration Manager](microsoft-defender-atp/manage-atp-post-migration-configuration-manager.md)

From 5b52dfbe89d6e3c0a6efb8c5403f20e062bca67d Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 20 Aug 2020 13:57:43 -0700
Subject: [PATCH 06/66] Update mcafee-to-microsoft-defender-migration.md

---
 .../mcafee-to-microsoft-defender-migration.md             | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md
index d27a685af8..afa5d9f08e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md
@@ -30,9 +30,9 @@ When you switch from McAfee to Microsoft Defender ATP, you follow a process that
 
 |Phase |Description |
 |--|--|
-|[![Phase 1: Prepare](images/prepare.png)](symantec-to-microsoft-defender-atp-prepare.md)<br/>[Prepare for your migration](symantec-to-microsoft-defender-atp-prepare.md) |During the **Prepare** phase, you get Microsoft Defender ATP, plan your roles and permissions, and grant access to the Microsoft Defender Security Center. You also configure your device proxy and internet settings to enable communication between your organization's devices and Microsoft Defender ATP. |
-|[![Phase 2: Set up](images/setup.png)](symantec-to-microsoft-defender-atp-setup.md)<br/>[Set up Microsoft Defender ATP](symantec-to-microsoft-defender-atp-setup.md) |During the **Setup** phase, you configure settings and exclusions for Microsoft Defender Antivirus, Microsoft Defender ATP, and Symantec Endpoint Protection. You also create device groups, collections, and organizational units. Finally, you configure your antimalware policies and real-time protection settings.|
-|[![Phase 3: Onboard](images/onboard.png)](symantec-to-microsoft-defender-atp-onboard.md)<br/>[Onboard to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-onboard.md) |During the **Onboard** phase, you onboard your devices to Microsoft Defender ATP and verify that those devices are communicating with Microsoft Defender ATP. Last, you uninstall Symantec and make sure protection through Microsoft Defender ATP is in active mode. |
+|[![Phase 1: Prepare](images/prepare.png)](mcafee-to-microsoft-defender-prepare.md)<br/>[Prepare for your migration](mcafee-to-microsoft-defender-prepare.md) |During the **Prepare** phase, you get Microsoft Defender ATP, plan your roles and permissions, and grant access to the Microsoft Defender Security Center. You also configure your device proxy and internet settings to enable communication between your organization's devices and Microsoft Defender ATP. |
+|[![Phase 2: Set up](images/setup.png)](mcafee-to-microsoft-defender-setup.md)<br/>[Set up Microsoft Defender ATP](mcafee-to-microsoft-defender-setup.md) |During the **Setup** phase, you configure settings and exclusions for Microsoft Defender Antivirus, Microsoft Defender ATP, and Symantec Endpoint Protection. You also create device groups, collections, and organizational units. Finally, you configure your antimalware policies and real-time protection settings.|
+|[![Phase 3: Onboard](images/onboard.png)](mcafee-to-microsoft-defender-onboard.md)<br/>[Onboard to Microsoft Defender ATP](mcafee-to-microsoft-defender-onboard.md) |During the **Onboard** phase, you onboard your devices to Microsoft Defender ATP and verify that those devices are communicating with Microsoft Defender ATP. Last, you uninstall Symantec and make sure protection through Microsoft Defender ATP is in active mode. |
 
 ## What's included in Microsoft Defender ATP?
 
@@ -53,4 +53,4 @@ In this migration guide, we focus on [next-generation protection](https://docs.m
 
 ## Next step
 
-- Proceed to [Prepare for your migration](symantec-to-microsoft-defender-atp-prepare.md).
+- Proceed to [Prepare for your migration](mcafee-to-microsoft-defender-prepare.md).

From 128057b246cfa07520ad7952a5fd8ca38ea9af8a Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 20 Aug 2020 14:55:15 -0700
Subject: [PATCH 07/66] Update mcafee-to-microsoft-defender-prepare.md

---
 .../mcafee-to-microsoft-defender-prepare.md                 | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
index 3702b20f5a..466f3426f5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
@@ -21,7 +21,7 @@ ms.topic: article
 
 # Migrate from McAfee - Phase 1: Prepare for your migration
 
-|![Phase 1: Prepare](images/prepare.png)<br/>Phase 1: Prepare |[![Phase 2: Set up](images/setup.png)](McAfee-to-microsoft-defender-atp-setup.md)<br/>[Phase 2: Set up](symantec-to-microsoft-defender-atp-setup.md) |[![Phase 3: Onboard](images/onboard.png)](symantec-to-microsoft-defender-atp-onboard.md)<br/>[Phase 3: Onboard](symantec-to-microsoft-defender-atp-onboard.md) |
+|![Phase 1: Prepare](images/prepare.png)<br/>Phase 1: Prepare |[![Phase 2: Set up](images/setup.png)](mcafee-to-microsoft-defender-setup.md)<br/>[Phase 2: Set up](mcafee-to-microsoft-defender-setup.md) |[![Phase 3: Onboard](images/onboard.png)](mcafee-to-microsoft-defender-onboard.md)<br/>[Phase 3: Onboard](mcafee-to-microsoft-defender-onboard.md) |
 |--|--|--|
 |*You are here!*| | |
 
@@ -82,6 +82,6 @@ To enable communication between your devices and Microsoft Defender ATP, configu
 
 ## Next step
 
-**Congratulations**! You have completed the **Prepare** phase of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)!
+**Congratulations**! You have completed the **Prepare** phase of [migrating from McAfee to Microsoft Defender ATP](mcafee-to-microsoft-defender-migration.md#the-migration-process)!
 
-- [Proceed to set up Microsoft Defender ATP](symantec-to-microsoft-defender-atp-setup.md).
+- [Proceed to set up Microsoft Defender ATP](mcafee-to-microsoft-defender-setup.md).

From 5040929c80383dc78079d078c3eaf831390c3bc8 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 20 Aug 2020 14:59:45 -0700
Subject: [PATCH 08/66] Update mcafee-to-microsoft-defender-prepare.md

---
 .../mcafee-to-microsoft-defender-prepare.md                     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
index 466f3426f5..aa726f53fb 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
@@ -26,7 +26,7 @@ ms.topic: article
 |*You are here!*| | |
 
 
-**Welcome to the Prepare phase of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)**. 
+**Welcome to the Prepare phase of [migrating from McAfee to Microsoft Defender ATP](mcafee-to-microsoft-defender-migration.md#the-migration-process)**. 
 
 This migration phase includes the following steps:
 1. [Get Microsoft Defender ATP](#get-microsoft-defender-atp).

From 100936b136e5d21e688d4a9de09075b33a327dea Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 20 Aug 2020 15:03:26 -0700
Subject: [PATCH 09/66] Update mcafee-to-microsoft-defender-onboard.md

---
 .../mcafee-to-microsoft-defender-onboard.md   | 28 ++++++++-----------
 1 file changed, 12 insertions(+), 16 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md
index 88b63ef663..98fc71785a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md
@@ -15,22 +15,22 @@ manager: dansimp
 audience: ITPro
 ms.collection: 
 - M365-security-compliance 
-- m365solution-symantecmigrate
+- m365solution-McAfeemigrate
 ms.topic: article
 ---
 
 # Migrate from McAfee - Phase 3: Onboard to Microsoft Defender ATP
 
-|[![Phase 1: Prepare](images/prepare.png)](symantec-to-microsoft-defender-atp-prepare.md)<br/>[Phase 1: Prepare](symantec-to-microsoft-defender-atp-prepare.md) |[![Phase 2: Set up](images/setup.png)](symantec-to-microsoft-defender-atp-setup.md)<br/>[Phase 2: Set up](symantec-to-microsoft-defender-atp-setup.md) |![Phase 3: Onboard](images/onboard.png)<br/>Phase 3: Onboard |
+|[![Phase 1: Prepare](images/prepare.png)](mcafee-to-microsoft-defender-prepare.md)<br/>[Phase 1: Prepare](mcafee-to-microsoft-defender-prepare.md) |[![Phase 2: Set up](images/setup.png)](mcafee-to-microsoft-defender-setup.md)<br/>[Phase 2: Set up](mcafee-to-microsoft-defender-setup.md) |![Phase 3: Onboard](images/onboard.png)<br/>Phase 3: Onboard |
 |--|--|--|
 || |*You are here!* |
 
 
-**Welcome to Phase 3 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)**. This migration phase includes the following steps:
+**Welcome to Phase 3 of [migrating from McAfee to Microsoft Defender ATP](mcafee-to-microsoft-defender-migration.md#the-migration-process)**. This migration phase includes the following steps:
 
 1. [Onboard devices to Microsoft Defender ATP](#onboard-devices-to-microsoft-defender-atp).
 2. [Run a detection test](#run-a-detection-test).
-3. [Uninstall Symantec](#uninstall-symantec).
+3. [Uninstall McAfee](#uninstall-McAfee).
 4. [Make sure Microsoft Defender ATP is in active mode](#make-sure-microsoft-defender-atp-is-in-active-mode).
 
 ## Onboard devices to Microsoft Defender ATP
@@ -66,26 +66,22 @@ To verify that your onboarded devices are properly connected to Microsoft Defend
 |macOS<br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave)<br/>- 10.13 (High Sierra)     |Download and use the DIY app at [https://aka.ms/mdatpmacosdiy](https://aka.ms/mdatpmacosdiy). <br/><br/>For more information, see [Microsoft Defender Advanced Threat Protection for Mac](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac).        |
 |Linux:<br/>- RHEL 7.2+<br/>- CentOS Linux 7.2+<br/>- Ubuntu 16 LTS, or higher LTS<br/>- SLES 12+<br/>- Debian 9+<br/>- Oracle Linux 7.2 |1. Run the following command, and look for a result of **1**: <br/>`mdatp health --field real_time_protection_enabled`. <br/><br/>2. Open a Terminal window, and run the following command: <br/>`curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt`. <br/><br/>3. Run the following command to list any detected threats: <br/>`mdatp threat list`. <br/><br/>For more information, see [Microsoft Defender ATP for Linux](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux). |
 
-## Uninstall Symantec
+## Uninstall McAfee
 
-Now that you have onboarded your organization's devices to Microsoft Defender ATP, your next step is to uninstall Symantec.
+Now that you have onboarded your organization's devices to Microsoft Defender ATP, your next step is to uninstall McAfee.
 
-1. [Disable Tamper Protection](https://knowledge.broadcom.com/external/article?legacyId=tech192023) in Symantec.
+1. [Disable Tamper Protection](https://knowledge.broadcom.com/external/article?legacyId=tech192023) in McAfee.
 
-2. Delete the uninstall password for Symantec:
+2. Delete the uninstall password for McAfee:
    1. On your Windows devices, open Registry Editor as an administrator.
-   2. Go to `HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC`.
+   2. Go to `HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\McAfee Endpoint Protection\SMC`.
    3. Look for an entry named **SmcInstData**. Right-click the item, and then choose **Delete**. 
 
-3. Remove Symantec from your devices. If you need help with this, see the following Broadcom resources: 
-   - [Uninstall Symantec Endpoint Protection](https://knowledge.broadcom.com/external/article/156148/uninstall-symantec-endpoint-protection.html)
-   - Windows devices: [Manually uninstall Endpoint Protection 14 clients on Windows](https://knowledge.broadcom.com/external/article?articleId=170040)
-   - macOS computers: [Remove Symantec software for Mac using RemoveSymantecMacFiles](https://knowledge.broadcom.com/external/article?articleId=151387)
-   - Linux devices: [Frequently Asked Questions for Endpoint Protection for Linux](https://knowledge.broadcom.com/external/article?articleId=162054)
+3. Remove McAfee from your devices. If you need help with this, see the following resources: 
 
 ## Make sure Microsoft Defender ATP is in active mode
 
-Now that you have uninstalled Symantec, your next step is to make sure that Microsoft Defender Antivirus and endpoint detection and response are enabled and in active mode.
+Now that you have uninstalled McAfee, your next step is to make sure that Microsoft Defender Antivirus and endpoint detection and response are enabled and in active mode.
 
 To do this, visit the Microsoft Defender ATP demo scenarios site ([https://demo.wd.microsoft.com](https://demo.wd.microsoft.com)). Try one or more of the demo scenarios on that page, including at least the following:
 - Cloud-delivered protection
@@ -94,7 +90,7 @@ To do this, visit the Microsoft Defender ATP demo scenarios site ([https://demo.
 
 ## Next steps
 
-**Congratulations**! You have completed your [migration from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)! 
+**Congratulations**! You have completed your [migration from McAfee to Microsoft Defender ATP](mcafee-to-microsoft-defender-migration.md#the-migration-process)! 
 
 - [Visit your security operations dashboard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard) in the Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)). 
 - [Manage Microsoft Defender Advanced Threat Protection, post migration](manage-atp-post-migration.md).

From 331339314ff64a359a96e03c78ebdc8ea52aa4a4 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 20 Aug 2020 15:24:02 -0700
Subject: [PATCH 10/66] Update mcafee-to-microsoft-defender-setup.md

---
 .../mcafee-to-microsoft-defender-setup.md     | 36 +++++++++----------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
index 309ae74145..f7168fdc32 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
@@ -15,23 +15,23 @@ manager: dansimp
 audience: ITPro
 ms.collection: 
 - M365-security-compliance
-- m365solution-symantecmigrate 
+- m365solution-McAfeemigrate 
 ms.topic: article
 ---
 
 # Migrate from McAfee - Phase 2: Set up Microsoft Defender ATP
 
-|[![Phase 1: Prepare](images/prepare.png)](symantec-to-microsoft-defender-atp-prepare.md)<br/>[Phase 1: Prepare](symantec-to-microsoft-defender-atp-prepare.md) |![Phase 2: Set up](images/setup.png)<br/>Phase 2: Set up |[![Phase 3: Onboard](images/onboard.png)](symantec-to-microsoft-defender-atp-onboard.md)<br/>[Phase 3: Onboard](symantec-to-microsoft-defender-atp-onboard.md) |
+|[![Phase 1: Prepare](images/prepare.png)](mcafee-to-microsoft-defender-prepare.md)<br/>[Phase 1: Prepare](mcafee-to-microsoft-defender-prepare.md) |![Phase 2: Set up](images/setup.png)<br/>Phase 2: Set up |[![Phase 3: Onboard](images/onboard.png)](mcafee-to-microsoft-defender-onboard.md)<br/>[Phase 3: Onboard](mcafee-to-microsoft-defender-onboard.md) |
 |--|--|--|
 ||*You are here!* | |
 
 
-**Welcome to the Setup phase of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)**. This phase includes the following steps:
+**Welcome to the Setup phase of [migrating from McAfee to Microsoft Defender ATP](mcafee-to-microsoft-defender-migration.md#the-migration-process)**. This phase includes the following steps:
 1. [Enable or reinstall Microsoft Defender Antivirus (for certain versions of Windows)](#enable-or-reinstall-microsoft-defender-antivirus-for-certain-versions-of-windows).
 2. [Enable Microsoft Defender Antivirus](#enable-microsoft-defender-antivirus).
-3. [Add Microsoft Defender ATP to the exclusion list for Symantec](#add-microsoft-defender-atp-to-the-exclusion-list-for-symantec).
-4. [Add Symantec to the exclusion list for Microsoft Defender Antivirus](#add-symantec-to-the-exclusion-list-for-microsoft-defender-antivirus).
-5. [Add Symantec to the exclusion list for Microsoft Defender ATP](#add-symantec-to-the-exclusion-list-for-microsoft-defender-atp).
+3. [Add Microsoft Defender ATP to the exclusion list for McAfee](#add-microsoft-defender-atp-to-the-exclusion-list-for-McAfee).
+4. [Add McAfee to the exclusion list for Microsoft Defender Antivirus](#add-McAfee-to-the-exclusion-list-for-microsoft-defender-antivirus).
+5. [Add McAfee to the exclusion list for Microsoft Defender ATP](#add-McAfee-to-the-exclusion-list-for-microsoft-defender-atp).
 6. [Set up your device groups, device collections, and organizational units](#set-up-your-device-groups-device-collections-and-organizational-units).
 7. [Configure antimalware policies and real-time protection](#configure-antimalware-policies-and-real-time-protection).
 
@@ -40,9 +40,9 @@ ms.topic: article
 > [!TIP]
 > If you're running Windows 10, you do not need to perform this task. Proceed to **[Enable Microsoft Defender Antivirus](#enable-microsoft-defender-antivirus)**.
 
-On certain versions of Windows, Microsoft Defender Antivirus might have been uninstalled or disabled. This is because Microsoft Defender Antivirus does not enter passive or disabled mode when you install a third-party antivirus product, such as Symantec. To learn more, see [Microsoft Defender Antivirus compatibility](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility). 
+On certain versions of Windows, Microsoft Defender Antivirus might have been uninstalled or disabled. This is because Microsoft Defender Antivirus does not enter passive or disabled mode when you install a third-party antivirus product, such as McAfee. To learn more, see [Microsoft Defender Antivirus compatibility](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility). 
 
-Now that you're moving from Symantec to Microsoft Defender ATP, you'll need to enable or reinstall Microsoft Defender Antivirus, and set it to passive mode. 
+Now that you're moving from McAfee to Microsoft Defender ATP, you'll need to enable or reinstall Microsoft Defender Antivirus, and set it to passive mode. 
 
 ### Reinstall Microsoft Defender Antivirus on Windows Server
 
@@ -68,7 +68,7 @@ Now that you're moving from Symantec to Microsoft Defender ATP, you'll need to e
 
 ### Set Microsoft Defender Antivirus to passive mode on Windows Server
 
-Because your organization is still using Symantec, you must set Microsoft Defender Antivirus to passive mode. That way, Symantec and Microsoft Defender Antivirus can run side by side until you have finished onboarding to Microsoft Defender ATP.
+Because your organization is still using McAfee, you must set Microsoft Defender Antivirus to passive mode. That way, McAfee and Microsoft Defender Antivirus can run side by side until you have finished onboarding to Microsoft Defender ATP.
 
 1. Open Registry Editor, and then navigate to <br/>
    `Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Windows Advanced Threat Protection`.
@@ -85,7 +85,7 @@ Because your organization is still using Symantec, you must set Microsoft Defend
 
 ## Enable Microsoft Defender Antivirus
 
-Because your organization has been using Symantec as your primary antivirus solution, Microsoft Defender Antivirus is most likely disabled on your organization's Windows devices. This step of the migration process involves enabling Microsoft Defender Antivirus. 
+Because your organization has been using McAfee as your primary antivirus solution, Microsoft Defender Antivirus is most likely disabled on your organization's Windows devices. This step of the migration process involves enabling Microsoft Defender Antivirus. 
 
 To enable Microsoft Defender Antivirus, we recommend using Intune. However, you can any of the methods that are listed in the following table:
 
@@ -97,7 +97,7 @@ To enable Microsoft Defender Antivirus, we recommend using Intune. However, you
 
 ### Verify that Microsoft Defender Antivirus is in passive mode
 
-Microsoft Defender Antivirus can run alongside Symantec if you set Microsoft Defender Antivirus to passive mode. You can use either Command Prompt or PowerShell to perform this task, as described in the following table:
+Microsoft Defender Antivirus can run alongside McAfee if you set Microsoft Defender Antivirus to passive mode. You can use either Command Prompt or PowerShell to perform this task, as described in the following table:
 
 |Method  |What to do  |
 |---------|---------|
@@ -107,18 +107,18 @@ Microsoft Defender Antivirus can run alongside Symantec if you set Microsoft Def
 > [!NOTE]
 > You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.
 
-## Add Microsoft Defender ATP to the exclusion list for Symantec
+## Add Microsoft Defender ATP to the exclusion list for McAfee
 
-This step of the setup process involves adding Microsoft Defender ATP to the exclusion list for Symantec and any other security products your organization is using. The specific exclusions to configure depend on which version of Windows your endpoints or devices are running, and are listed in the following table:
+This step of the setup process involves adding Microsoft Defender ATP to the exclusion list for McAfee and any other security products your organization is using. The specific exclusions to configure depend on which version of Windows your endpoints or devices are running, and are listed in the following table:
 
 |OS |Exclusions |
 |--|--|
 |- Windows 10, [version 1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803) or later (See [Windows 10 release information](https://docs.microsoft.com/windows/release-information))<br/>- Windows 10, version 1703 or [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709) with [KB4493441](https://support.microsoft.com/help/4493441) installed <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server, version 1803](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) |`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe`<br/><br/>`C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe`<br/>  |
 |- [Windows 8.1](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2) <br/>- [Windows 7](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/>- [Windows Server 2016](https://docs.microsoft.com/windows/release-information/status-windows-10-1607-and-windows-server-2016)<br/>- [Windows Server 2012 R2](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/>- [Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1) |`C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 6\45\MsSenseS.exe`<br/><br/>**NOTE**: Where Monitoring Host Temporary Files 6\45 can be different numbered subfolders.<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\AgentControlPanel.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\HSLockdown.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MOMPerfSnapshotHelper.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe`<br/><br/>`C:\Program Files\Microsoft Monitoring Agent\Agent\TestCloudConnection.exe` |
 
-## Add Symantec to the exclusion list for Microsoft Defender Antivirus
+## Add McAfee to the exclusion list for Microsoft Defender Antivirus
 
-During this step of the setup process, you add Symantec and your other security solutions to the Microsoft Defender Antivirus exclusion list. 
+During this step of the setup process, you add McAfee and your other security solutions to the Microsoft Defender Antivirus exclusion list. 
 
 When you add [exclusions to Microsoft Defender Antivirus scans](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus), you should add path and process exclusions. Keep the following points in mind:
 - Path exclusions exclude specific files and whatever those files access.
@@ -136,7 +136,7 @@ You can choose from several methods to add your exclusions to Microsoft Defender
 |Local group policy object |1. On the endpoint or device, open the Local Group Policy Editor. <br/><br/>2. Go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **Exclusions**. <br/>**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.<br/><br/>3. Specify your path and process exclusions. |
 |Registry key |1. Export the following registry key: `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\exclusions`.<br/><br/>2. Import the registry key. Here are two examples:<br/>- Local path: `regedit.exe /s c:\temp\ MDAV_Exclusion.reg` <br/>- Network share: `regedit.exe /s \\FileServer\ShareName\MDAV_Exclusion.reg` |
 
-## Add Symantec to the exclusion list for Microsoft Defender ATP
+## Add McAfee to the exclusion list for Microsoft Defender ATP
 
 To add exclusions to Microsoft Defender ATP, you create [indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators#create-indicators-for-files).
 
@@ -204,6 +204,6 @@ Using Configuration Manager and your device collection(s), configure your antima
 
 ## Next step
 
-**Congratulations**! You have completed the Setup phase of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#the-migration-process)!
+**Congratulations**! You have completed the Setup phase of [migrating from McAfee to Microsoft Defender ATP](mcafee-to-microsoft-defender-migration.md#the-migration-process)!
 
-- [Proceed to Phase 3: Onboard to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-onboard.md)
+- [Proceed to Phase 3: Onboard to Microsoft Defender ATP](mcafee-to-microsoft-defender-onboard.md)

From 1b7c4c170ce2130d6649a5d42cfd4aa555ef744f Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 26 Aug 2020 10:12:24 -0700
Subject: [PATCH 11/66] Update mcafee-to-microsoft-defender-migration.md

---
 .../mcafee-to-microsoft-defender-migration.md               | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md
index afa5d9f08e..c328561e80 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md
@@ -15,7 +15,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: 
 - M365-security-compliance
-- m365solution-symantecmigrate
+- m365solution-mcafeemigrate
 - m365solution-overview 
 ms.topic: article
 ---
@@ -31,8 +31,8 @@ When you switch from McAfee to Microsoft Defender ATP, you follow a process that
 |Phase |Description |
 |--|--|
 |[![Phase 1: Prepare](images/prepare.png)](mcafee-to-microsoft-defender-prepare.md)<br/>[Prepare for your migration](mcafee-to-microsoft-defender-prepare.md) |During the **Prepare** phase, you get Microsoft Defender ATP, plan your roles and permissions, and grant access to the Microsoft Defender Security Center. You also configure your device proxy and internet settings to enable communication between your organization's devices and Microsoft Defender ATP. |
-|[![Phase 2: Set up](images/setup.png)](mcafee-to-microsoft-defender-setup.md)<br/>[Set up Microsoft Defender ATP](mcafee-to-microsoft-defender-setup.md) |During the **Setup** phase, you configure settings and exclusions for Microsoft Defender Antivirus, Microsoft Defender ATP, and Symantec Endpoint Protection. You also create device groups, collections, and organizational units. Finally, you configure your antimalware policies and real-time protection settings.|
-|[![Phase 3: Onboard](images/onboard.png)](mcafee-to-microsoft-defender-onboard.md)<br/>[Onboard to Microsoft Defender ATP](mcafee-to-microsoft-defender-onboard.md) |During the **Onboard** phase, you onboard your devices to Microsoft Defender ATP and verify that those devices are communicating with Microsoft Defender ATP. Last, you uninstall Symantec and make sure protection through Microsoft Defender ATP is in active mode. |
+|[![Phase 2: Set up](images/setup.png)](mcafee-to-microsoft-defender-setup.md)<br/>[Set up Microsoft Defender ATP](mcafee-to-microsoft-defender-setup.md) |During the **Setup** phase, you configure settings and exclusions for Microsoft Defender Antivirus, Microsoft Defender ATP, and McAfee. You also create device groups, collections, and organizational units. Finally, you configure your antimalware policies and real-time protection settings.|
+|[![Phase 3: Onboard](images/onboard.png)](mcafee-to-microsoft-defender-onboard.md)<br/>[Onboard to Microsoft Defender ATP](mcafee-to-microsoft-defender-onboard.md) |During the **Onboard** phase, you onboard your devices to Microsoft Defender ATP and verify that those devices are communicating with Microsoft Defender ATP. Last, you uninstall McAfee and make sure protection through Microsoft Defender ATP is in active mode. |
 
 ## What's included in Microsoft Defender ATP?
 

From 346a0b5a6939a072a649b784e4e359191833b09f Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 26 Aug 2020 10:19:21 -0700
Subject: [PATCH 12/66] Update mcafee-to-microsoft-defender-prepare.md

---
 .../mcafee-to-microsoft-defender-prepare.md                     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
index aa726f53fb..1581ca1e64 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
@@ -15,7 +15,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: 
 - M365-security-compliance 
-- m365solution-McAfeemigrate
+- m365solution-mcafeemigrate
 ms.topic: article
 ---
 

From 7a29d952693a884c57b78e27da4a6eb0ace7d2f5 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 26 Aug 2020 10:25:38 -0700
Subject: [PATCH 13/66] Update mcafee-to-microsoft-defender-setup.md

---
 .../mcafee-to-microsoft-defender-setup.md                | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
index f7168fdc32..ec1c6041f4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
@@ -15,7 +15,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: 
 - M365-security-compliance
-- m365solution-McAfeemigrate 
+- m365solution-mcafeemigrate 
 ms.topic: article
 ---
 
@@ -109,7 +109,12 @@ Microsoft Defender Antivirus can run alongside McAfee if you set Microsoft Defen
 
 ## Add Microsoft Defender ATP to the exclusion list for McAfee
 
-This step of the setup process involves adding Microsoft Defender ATP to the exclusion list for McAfee and any other security products your organization is using. The specific exclusions to configure depend on which version of Windows your endpoints or devices are running, and are listed in the following table:
+This step of the setup process involves adding Microsoft Defender ATP to the exclusion list for McAfee and any other security products your organization is using. 
+
+> [!TIP]
+> To get help configuring exclusions, refer to McAfee documentation, such as the following article: [McAfee Endpoint Security 10.5.0 - Threat Prevention Module Product Guide (McAfee ePolicy Orchestrator) - Windows: Configuring exclusions](https://docs.mcafee.com/bundle/endpoint-security-10.5.0-threat-prevention-product-guide-epolicy-orchestrator-windows/page/GUID-71C5FB4B-A143-43E6-8BF0-8B2C16ABE6DA.html).
+
+The specific exclusions to configure depend on which version of Windows your endpoints or devices are running, and are listed in the following table:
 
 |OS |Exclusions |
 |--|--|

From 03084e70d5abfcb0a6dd169902f0a2aaae79e965 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 26 Aug 2020 10:37:19 -0700
Subject: [PATCH 14/66] Update mcafee-to-microsoft-defender-onboard.md

---
 .../mcafee-to-microsoft-defender-onboard.md              | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md
index 98fc71785a..8379669ce4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md
@@ -70,14 +70,7 @@ To verify that your onboarded devices are properly connected to Microsoft Defend
 
 Now that you have onboarded your organization's devices to Microsoft Defender ATP, your next step is to uninstall McAfee.
 
-1. [Disable Tamper Protection](https://knowledge.broadcom.com/external/article?legacyId=tech192023) in McAfee.
-
-2. Delete the uninstall password for McAfee:
-   1. On your Windows devices, open Registry Editor as an administrator.
-   2. Go to `HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\McAfee Endpoint Protection\SMC`.
-   3. Look for an entry named **SmcInstData**. Right-click the item, and then choose **Delete**. 
-
-3. Remove McAfee from your devices. If you need help with this, see the following resources: 
+To get help with this step, go to your McAfee support ServicePortal ([http://mysupport.mcafee.com](http://mysupport.mcafee.com)).
 
 ## Make sure Microsoft Defender ATP is in active mode
 

From 27a8abc6cc88fae7aa6ec227c79723609cc4c977 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 26 Aug 2020 11:10:39 -0700
Subject: [PATCH 15/66] McAfee guide

---
 .../mcafee-to-microsoft-defender-migration.md                   | 2 +-
 .../mcafee-to-microsoft-defender-onboard.md                     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md
index c328561e80..3743317c43 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md
@@ -1,6 +1,6 @@
 ---
 title: Migrate from McAfee to Microsoft Defender ATP
-description: Make the switch from McAfee to Microsoft Defender ATP
+description: Make the switch from McAfee to Microsoft Defender ATP. Read this article for an overview.
 keywords: migration, windows defender advanced threat protection, atp, edr
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md
index 8379669ce4..94c3e54fff 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md
@@ -1,6 +1,6 @@
 ---
 title: Phase 3 - Onboard to Microsoft Defender ATP
-description: Make the switch from McAfee to Microsoft Defender ATP
+description: Switch from McAfee to onboard with Microsoft Defender ATP
 keywords: migration, windows defender advanced threat protection, atp, edr
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150

From 3f144e5a4aa803ab79b0174febfe1036c87325e6 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 26 Aug 2020 11:17:40 -0700
Subject: [PATCH 16/66] Update mcafee-to-microsoft-defender-onboard.md

---
 .../mcafee-to-microsoft-defender-onboard.md                     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md
index 94c3e54fff..ceb5e5626d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md
@@ -30,7 +30,7 @@ ms.topic: article
 
 1. [Onboard devices to Microsoft Defender ATP](#onboard-devices-to-microsoft-defender-atp).
 2. [Run a detection test](#run-a-detection-test).
-3. [Uninstall McAfee](#uninstall-McAfee).
+3. [Uninstall McAfee](#uninstall-mcafee).
 4. [Make sure Microsoft Defender ATP is in active mode](#make-sure-microsoft-defender-atp-is-in-active-mode).
 
 ## Onboard devices to Microsoft Defender ATP

From 3d2859317bbe823a52efda3b310d0c5da8eee4aa Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 26 Aug 2020 11:18:35 -0700
Subject: [PATCH 17/66] Update mcafee-to-microsoft-defender-setup.md

---
 .../mcafee-to-microsoft-defender-setup.md                       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
index ec1c6041f4..785b0240fb 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
@@ -29,7 +29,7 @@ ms.topic: article
 **Welcome to the Setup phase of [migrating from McAfee to Microsoft Defender ATP](mcafee-to-microsoft-defender-migration.md#the-migration-process)**. This phase includes the following steps:
 1. [Enable or reinstall Microsoft Defender Antivirus (for certain versions of Windows)](#enable-or-reinstall-microsoft-defender-antivirus-for-certain-versions-of-windows).
 2. [Enable Microsoft Defender Antivirus](#enable-microsoft-defender-antivirus).
-3. [Add Microsoft Defender ATP to the exclusion list for McAfee](#add-microsoft-defender-atp-to-the-exclusion-list-for-McAfee).
+3. [Add Microsoft Defender ATP to the exclusion list for McAfee](#add-microsoft-defender-atp-to-the-exclusion-list-for-mcafee).
 4. [Add McAfee to the exclusion list for Microsoft Defender Antivirus](#add-McAfee-to-the-exclusion-list-for-microsoft-defender-antivirus).
 5. [Add McAfee to the exclusion list for Microsoft Defender ATP](#add-McAfee-to-the-exclusion-list-for-microsoft-defender-atp).
 6. [Set up your device groups, device collections, and organizational units](#set-up-your-device-groups-device-collections-and-organizational-units).

From 279f04be8e6b81c13357bcf084e9001fa8b3315a Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 26 Aug 2020 11:19:40 -0700
Subject: [PATCH 18/66] Update mcafee-to-microsoft-defender-setup.md

---
 .../mcafee-to-microsoft-defender-setup.md                     | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
index 785b0240fb..1a140ef682 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
@@ -30,8 +30,8 @@ ms.topic: article
 1. [Enable or reinstall Microsoft Defender Antivirus (for certain versions of Windows)](#enable-or-reinstall-microsoft-defender-antivirus-for-certain-versions-of-windows).
 2. [Enable Microsoft Defender Antivirus](#enable-microsoft-defender-antivirus).
 3. [Add Microsoft Defender ATP to the exclusion list for McAfee](#add-microsoft-defender-atp-to-the-exclusion-list-for-mcafee).
-4. [Add McAfee to the exclusion list for Microsoft Defender Antivirus](#add-McAfee-to-the-exclusion-list-for-microsoft-defender-antivirus).
-5. [Add McAfee to the exclusion list for Microsoft Defender ATP](#add-McAfee-to-the-exclusion-list-for-microsoft-defender-atp).
+4. [Add McAfee to the exclusion list for Microsoft Defender Antivirus](#add-mcafee-to-the-exclusion-list-for-microsoft-defender-antivirus).
+5. [Add McAfee to the exclusion list for Microsoft Defender ATP](#add-mcafee-to-the-exclusion-list-for-microsoft-defender-atp).
 6. [Set up your device groups, device collections, and organizational units](#set-up-your-device-groups-device-collections-and-organizational-units).
 7. [Configure antimalware policies and real-time protection](#configure-antimalware-policies-and-real-time-protection).
 

From 840afed6d5070beeee51cc1c6784e6407c160aea Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 26 Aug 2020 11:26:37 -0700
Subject: [PATCH 19/66] Update mcafee-to-microsoft-defender-prepare.md

---
 .../mcafee-to-microsoft-defender-prepare.md                     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
index 1581ca1e64..ddaa912016 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
@@ -1,6 +1,6 @@
 ---
 title: Phase 1 - Prepare for your migration to Microsoft Defender ATP
-description: Phase 1 of "Make the switch from McAfee to Microsoft Defender ATP". Prepare for your migration.
+description: This is phase 1, Prepare, for migrating from McAfee to Microsoft Defender ATP.
 keywords: migration, windows defender advanced threat protection, atp, edr
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150

From dd43b9d98fe6bacafd183c960f0c7000393bd925 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 26 Aug 2020 11:27:50 -0700
Subject: [PATCH 20/66] description updates

---
 .../mcafee-to-microsoft-defender-onboard.md                     | 2 +-
 .../mcafee-to-microsoft-defender-setup.md                       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md
index ceb5e5626d..32b73cba74 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md
@@ -1,6 +1,6 @@
 ---
 title: Phase 3 - Onboard to Microsoft Defender ATP
-description: Switch from McAfee to onboard with Microsoft Defender ATP
+description: This is phase 3, Onboard, for migrating from McAfee to Microsoft Defender ATP.
 keywords: migration, windows defender advanced threat protection, atp, edr
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
index 1a140ef682..bee34bab98 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
@@ -1,6 +1,6 @@
 ---
 title: Phase 2 - Set up Microsoft Defender ATP
-description: Phase 2 - Set up Microsoft Defender ATP
+description: This is phase 2, Setup, for migrating from McAfee to Microsoft Defender ATP.
 keywords: migration, windows defender advanced threat protection, atp, edr
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150

From 8b7416aa8de180e2ed40d95c9ff68f262c7ecb3d Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 26 Aug 2020 11:37:22 -0700
Subject: [PATCH 21/66] fixes

---
 .../mcafee-to-microsoft-defender-prepare.md                     | 2 +-
 .../mcafee-to-microsoft-defender-setup.md                       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
index ddaa912016..f1adcc29e7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
@@ -1,5 +1,5 @@
 ---
-title: Phase 1 - Prepare for your migration to Microsoft Defender ATP
+title: McAfee to Microsoft Defender ATP - Prepare
 description: This is phase 1, Prepare, for migrating from McAfee to Microsoft Defender ATP.
 keywords: migration, windows defender advanced threat protection, atp, edr
 search.product: eADQiWindows 10XVcnh
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
index bee34bab98..8c931fd2ba 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
@@ -1,5 +1,5 @@
 ---
-title: Phase 2 - Set up Microsoft Defender ATP
+title: McAfee to Microsoft Defender ATP - Setup
 description: This is phase 2, Setup, for migrating from McAfee to Microsoft Defender ATP.
 keywords: migration, windows defender advanced threat protection, atp, edr
 search.product: eADQiWindows 10XVcnh

From daa08ebbe41a804a8723a4182252e85938a9f264 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 26 Aug 2020 11:39:03 -0700
Subject: [PATCH 22/66] Update mcafee-to-microsoft-defender-onboard.md

---
 .../mcafee-to-microsoft-defender-onboard.md                     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md
index 32b73cba74..b75ea590b3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md
@@ -1,5 +1,5 @@
 ---
-title: Phase 3 - Onboard to Microsoft Defender ATP
+title: McAfee to Microsoft Defender ATP - Onboard
 description: This is phase 3, Onboard, for migrating from McAfee to Microsoft Defender ATP.
 keywords: migration, windows defender advanced threat protection, atp, edr
 search.product: eADQiWindows 10XVcnh

From 736089bfbc8b671b8ec20e989dc0f6dec4d21260 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 26 Aug 2020 11:48:42 -0700
Subject: [PATCH 23/66] Update TOC.md

---
 windows/security/threat-protection/TOC.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 899166a16a..ea322e5231 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -21,6 +21,11 @@
 ### [Phase 3: Onboard](microsoft-defender-atp/onboarding.md)
 
 ## [Migration guides]()
+### [Switch from McAfee to Microsoft Defender ATP]()
+#### [Get an overview of migration](microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md)
+#### [Prepare for your migration](microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md) 
+#### [Set up Microsoft Defender ATP](microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md)
+#### [Onboard to Microsoft Defender ATP](microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md)
 ### [Switch from Symantec to Microsoft Defender ATP]()
 #### [Get an overview of migration](microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md)
 #### [Prepare for your migration](microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md)

From 833c3d8748fb102b617431c39d193de2cab0eb35 Mon Sep 17 00:00:00 2001
From: Heike Ritter <hritter@microsoft.com>
Date: Tue, 1 Sep 2020 12:57:21 -0700
Subject: [PATCH 24/66] Update service-status.md

---
 .../threat-protection/microsoft-defender-atp/service-status.md  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/service-status.md b/windows/security/threat-protection/microsoft-defender-atp/service-status.md
index 0caa79489b..a8a4322b55 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/service-status.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/service-status.md
@@ -26,7 +26,7 @@ ms.topic: article
 
 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-servicestatus-abovefoldlink)
 
-The **Service health** provides information on the current status of the Window Defender ATP service. You'll be able to verify that the service health is healthy or if there are current issues. If there are issues, you'll see details related to the issue such as when the issue was detected, what the preliminary root cause is, and the expected resolution time.
+The **Service health** provides information on the current status of the Microsoft Defender ATP service. You'll be able to verify that the service health is healthy or if there are current issues. If there are issues, you'll see details related to the issue such as when the issue was detected, what the preliminary root cause is, and the expected resolution time.
 
 You'll also see information on historical issues that have been resolved and details such as the date and time when the issue was resolved. When there are no issues on the service, you'll see a healthy status.
 

From dc0413f922fd3d7a9cb9de774d85bf4e7de84998 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Wed, 2 Sep 2020 12:51:24 +0500
Subject: [PATCH 25/66] Update configure-endpoints-vdi.md

---
 .../configure-endpoints-vdi.md                | 24 ++++++++-----------
 1 file changed, 10 insertions(+), 14 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
index 771c2b866b..974c15a4c8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
@@ -63,25 +63,21 @@ The following steps will guide you through onboarding VDI devices and will highl
 
     1. Click **Download package** and save the .zip file.
 
-2. Copy all the extracted files from the .zip into `golden/master` image under the path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. You should have a folder called `WindowsDefenderATPOnboardingPackage` containing the file `WindowsDefenderATPOnboardingScript.cmd`.
+2. Copy files from the WindowsDefenderATPOnboardingPackage folder extracted from .zip file into `golden/master` image under the path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. 
 
+    1. If you are not implementing a single entry for each device: copy WindowsDefenderATPOnboardingScript.cmd.
+
+    1. If you are implementing a single entry for each device: copy both Onboard-NonPersistentMachine.ps1 and WindowsDefenderATPOnboardingScript.cmd.
+    
     >[!NOTE]
     >If you don't see the `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup` folder, it might be hidden. You'll need to choose the **Show hidden files and folders** option from file explorer.
 
-3. The following step is only applicable if you're implementing a single entry for each device: <br>
-   **For single entry for each device**:
-    
-   1. From the `WindowsDefenderATPOnboardingPackage`, copy the `Onboard-NonPersistentMachine.ps1` and `WindowsDefenderATPOnboardingScript.cmd` file to `golden/master` image to the path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. <br>
-
-   > [!NOTE]
-   > If you don't see the `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup` folder, it might be hidden. You'll need to choose the **Show hidden files and folders** option from file explorer.
-
-4. Open a Local Group Policy Editor window and navigate to **Computer Configuration** > **Windows Settings** > **Scripts** > **Startup**.
+3. Open a Local Group Policy Editor window and navigate to **Computer Configuration** > **Windows Settings** > **Scripts** > **Startup**.
 
    > [!NOTE]
    > Domain Group Policy may also be used for onboarding non-persistent VDI devices.
 
-5. Depending on the method you'd like to implement, follow the appropriate steps: <br>
+4. Depending on the method you'd like to implement, follow the appropriate steps: <br>
    **For single entry for each device**:<br>
    
    Select the **PowerShell Scripts** tab, then click **Add** (Windows Explorer will open directly in the path where you copied the onboarding script earlier). Navigate to onboarding PowerShell script `Onboard-NonPersistentMachine.ps1`.
@@ -90,7 +86,7 @@ The following steps will guide you through onboarding VDI devices and will highl
    
    Select the **Scripts** tab, then click **Add** (Windows Explorer will open directly in the path where you copied the onboarding script earlier). Navigate to the onboarding bash script `WindowsDefenderATPOnboardingScript.cmd`.
 
-6. Test your solution:
+5. Test your solution:
 
    1. Create a pool with one device.
       
@@ -103,9 +99,9 @@ The following steps will guide you through onboarding VDI devices and will highl
    1. **For single entry for each device**: Check only one entry in Microsoft Defender Security Center.<br>
       **For multiple entries for each device**: Check multiple entries in Microsoft Defender Security Center.
 
-7. Click **Devices list** on the Navigation pane.
+6. Click **Devices list** on the Navigation pane.
 
-8. Use the search function by entering the device name and select **Device** as search type.
+7. Use the search function by entering the device name and select **Device** as search type.
 
 ## Updating non-persistent virtual desktop infrastructure (VDI) images
 As a best practice, we recommend using offline servicing tools to patch golden/master images.<br>

From 65ed5e8b585b307be14f0fd6f7d213210ca58e2b Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Wed, 2 Sep 2020 14:17:47 +0500
Subject: [PATCH 26/66] Update
 windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../microsoft-defender-atp/configure-endpoints-vdi.md           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
index 974c15a4c8..5663fcae92 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
@@ -63,7 +63,7 @@ The following steps will guide you through onboarding VDI devices and will highl
 
     1. Click **Download package** and save the .zip file.
 
-2. Copy files from the WindowsDefenderATPOnboardingPackage folder extracted from .zip file into `golden/master` image under the path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. 
+2. Copy the files from the WindowsDefenderATPOnboardingPackage folder extracted from the .zip file into the `golden/master` image under the path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. 
 
     1. If you are not implementing a single entry for each device: copy WindowsDefenderATPOnboardingScript.cmd.
 

From 08a64bc7bcd32b006b8b033f2714539ab7d4d8c7 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Wed, 2 Sep 2020 14:17:55 +0500
Subject: [PATCH 27/66] Update
 windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../microsoft-defender-atp/configure-endpoints-vdi.md           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
index 5663fcae92..ea02791b4f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
@@ -65,7 +65,7 @@ The following steps will guide you through onboarding VDI devices and will highl
 
 2. Copy the files from the WindowsDefenderATPOnboardingPackage folder extracted from the .zip file into the `golden/master` image under the path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. 
 
-    1. If you are not implementing a single entry for each device: copy WindowsDefenderATPOnboardingScript.cmd.
+    1. If you are not implementing a single entry for each device, copy WindowsDefenderATPOnboardingScript.cmd.
 
     1. If you are implementing a single entry for each device: copy both Onboard-NonPersistentMachine.ps1 and WindowsDefenderATPOnboardingScript.cmd.
     

From 7f4cc15eb7d48c4f1b7513ad2f8009d3de16a42d Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Wed, 2 Sep 2020 14:18:02 +0500
Subject: [PATCH 28/66] Update
 windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../microsoft-defender-atp/configure-endpoints-vdi.md           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
index ea02791b4f..bcb82513f9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
@@ -67,7 +67,7 @@ The following steps will guide you through onboarding VDI devices and will highl
 
     1. If you are not implementing a single entry for each device, copy WindowsDefenderATPOnboardingScript.cmd.
 
-    1. If you are implementing a single entry for each device: copy both Onboard-NonPersistentMachine.ps1 and WindowsDefenderATPOnboardingScript.cmd.
+    1. If you are implementing a single entry for each device, copy both Onboard-NonPersistentMachine.ps1 and WindowsDefenderATPOnboardingScript.cmd.
     
     >[!NOTE]
     >If you don't see the `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup` folder, it might be hidden. You'll need to choose the **Show hidden files and folders** option from file explorer.

From d54c5355c0bb19c019ff4d825df82fee4853f237 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Wed, 2 Sep 2020 14:18:10 +0500
Subject: [PATCH 29/66] Update
 windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../microsoft-defender-atp/configure-endpoints-vdi.md           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
index bcb82513f9..f9b4d99f69 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
@@ -69,7 +69,7 @@ The following steps will guide you through onboarding VDI devices and will highl
 
     1. If you are implementing a single entry for each device, copy both Onboard-NonPersistentMachine.ps1 and WindowsDefenderATPOnboardingScript.cmd.
     
-    >[!NOTE]
+    > [!NOTE]
     >If you don't see the `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup` folder, it might be hidden. You'll need to choose the **Show hidden files and folders** option from file explorer.
 
 3. Open a Local Group Policy Editor window and navigate to **Computer Configuration** > **Windows Settings** > **Scripts** > **Startup**.

From 780bd24f2722510d9720b071971dec29dad5afe7 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Wed, 2 Sep 2020 14:18:20 +0500
Subject: [PATCH 30/66] Update
 windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../microsoft-defender-atp/configure-endpoints-vdi.md           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
index f9b4d99f69..07ede3efae 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
@@ -70,7 +70,7 @@ The following steps will guide you through onboarding VDI devices and will highl
     1. If you are implementing a single entry for each device, copy both Onboard-NonPersistentMachine.ps1 and WindowsDefenderATPOnboardingScript.cmd.
     
     > [!NOTE]
-    >If you don't see the `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup` folder, it might be hidden. You'll need to choose the **Show hidden files and folders** option from file explorer.
+    > If you don't see the `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup` folder, it might be hidden. You'll need to choose the **Show hidden files and folders** option from File Explorer.
 
 3. Open a Local Group Policy Editor window and navigate to **Computer Configuration** > **Windows Settings** > **Scripts** > **Startup**.
 

From b90e3392d1d6a74df6eaaa1ba8dfa9b932841aed Mon Sep 17 00:00:00 2001
From: JesseEsquivel <33558203+JesseEsquivel@users.noreply.github.com>
Date: Thu, 3 Sep 2020 14:27:15 -0400
Subject: [PATCH 31/66] Update RBAC for file downloads

Different RBAC roles are required for downloading PE vs non-PE files.  Removed periods from bullet items as some had periods and some didnt.
---
 .../microsoft-defender-atp/user-roles.md                 | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/user-roles.md b/windows/security/threat-protection/microsoft-defender-atp/user-roles.md
index 4514bd1e98..14ddebf85f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/user-roles.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/user-roles.md
@@ -60,21 +60,22 @@ The following steps guide you on how to create roles in Microsoft Defender Secur
     - **Threat and vulnerability management - Exception handling** - Create new exceptions and manage active exceptions
     - **Threat and vulnerability management - Remediation handling** - Submit new remediation requests, create tickets, and manage existing remediation activities
 
-- **Alerts investigation** - Manage alerts, initiate automated investigations, run scans, collect investigation packages, manage device tags.
+- **Alerts investigation** - Manage alerts, initiate automated investigations, run scans, collect investigation packages, manage device tags, and download only portable executable (PE) files 
 
-- **Manage portal system settings** - Configure storage settings, SIEM and threat intel API settings (applies globally), advanced settings, automated file uploads, roles and device groups.
+- **Manage portal system settings** - Configure storage settings, SIEM and threat intel API settings (applies globally), advanced settings, automated file uploads, roles and device groups
 
     > [!NOTE]
     > This setting is only available in the Microsoft Defender ATP administrator (default) role.
 
-- **Manage security settings in Security Center** - Configure alert suppression settings, manage folder exclusions for automation, onboard and offboard devices, and manage email notifications, manage evaluation lab.
+- **Manage security settings in Security Center** - Configure alert suppression settings, manage folder exclusions for automation, onboard and offboard devices, and manage email notifications, manage evaluation lab
 
 - **Live response capabilities**
     - **Basic** commands:
         - Start a live response session
         - Perform read only live response commands on remote device (excluding file copy and execution
     - **Advanced** commands:
-        - Download a file from the remote device
+        - Download a file from the remote device via live response
+        - Download PE and non-PE files from the file page
         - Upload a file to the remote device
         - View a script from the files library
         - Execute a script on the remote device from the files library

From fb48807f7b5276a76c7e4b844447067fe20b1172 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 3 Sep 2020 12:40:36 -0700
Subject: [PATCH 32/66] metadata

---
 .../mcafee-to-microsoft-defender-migration.md                   | 2 ++
 .../mcafee-to-microsoft-defender-onboard.md                     | 2 ++
 .../mcafee-to-microsoft-defender-prepare.md                     | 2 ++
 .../mcafee-to-microsoft-defender-setup.md                       | 2 ++
 4 files changed, 8 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md
index 3743317c43..d7ab137a8a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md
@@ -18,6 +18,8 @@ ms.collection:
 - m365solution-mcafeemigrate
 - m365solution-overview 
 ms.topic: article
+ms.date: 09/03/2020
+ms.reviewer: jesquive, chventou, jonix, chriggs, owtho
 ---
 
 # Migrate from McAfee to Microsoft Defender Advanced Threat Protection
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md
index b75ea590b3..addfffa8be 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md
@@ -17,6 +17,8 @@ ms.collection:
 - M365-security-compliance 
 - m365solution-McAfeemigrate
 ms.topic: article
+ms.date: 09/03/2020
+ms.reviewer: jesquive, chventou, jonix, chriggs, owtho
 ---
 
 # Migrate from McAfee - Phase 3: Onboard to Microsoft Defender ATP
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
index f1adcc29e7..2a2b2776cb 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
@@ -17,6 +17,8 @@ ms.collection:
 - M365-security-compliance 
 - m365solution-mcafeemigrate
 ms.topic: article
+ms.date: 09/03/2020
+ms.reviewer: jesquive, chventou, jonix, chriggs, owtho
 ---
 
 # Migrate from McAfee - Phase 1: Prepare for your migration
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
index 8c931fd2ba..71c4777eaf 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
@@ -17,6 +17,8 @@ ms.collection:
 - M365-security-compliance
 - m365solution-mcafeemigrate 
 ms.topic: article
+ms.date: 09/03/2020
+ms.reviewer: jesquive, chventou, jonix, chriggs, owtho
 ---
 
 # Migrate from McAfee - Phase 2: Set up Microsoft Defender ATP

From 7b09d980ac14f93d1cd39721792cef0f57fcae97 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 4 Sep 2020 09:55:08 -0700
Subject: [PATCH 33/66] metadata for migration guides

---
 .../manage-atp-post-migration-configuration-manager.md          | 2 ++
 .../manage-atp-post-migration-group-policy-objects.md           | 2 ++
 .../microsoft-defender-atp/manage-atp-post-migration-intune.md  | 2 ++
 .../manage-atp-post-migration-other-tools.md                    | 2 ++
 .../microsoft-defender-atp/manage-atp-post-migration.md         | 2 ++
 5 files changed, 10 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-configuration-manager.md b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-configuration-manager.md
index 022658e40b..1200b24369 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-configuration-manager.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-configuration-manager.md
@@ -15,6 +15,8 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
+ms.date: 09/04/2020
+ms.reviewer: chventou
 ---
 
 # Manage Microsoft Defender Advanced Threat Protection with Configuration Manager
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-group-policy-objects.md b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-group-policy-objects.md
index 1e7317f3e8..299b6b807e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-group-policy-objects.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-group-policy-objects.md
@@ -15,6 +15,8 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
+ms.date: 09/04/2020
+ms.reviewer: chventou
 ---
 
 # Manage Microsoft Defender Advanced Threat Protection with Group Policy Objects
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-intune.md b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-intune.md
index 6801853a3f..43b5a8c70c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-intune.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-intune.md
@@ -15,6 +15,8 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
+ms.date: 09/04/2020
+ms.reviewer: chventou
 ---
 
 # Manage Microsoft Defender Advanced Threat Protection with Intune
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-other-tools.md b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-other-tools.md
index 245b969459..8629492da7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-other-tools.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration-other-tools.md
@@ -15,6 +15,8 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
+ms.date: 09/04/2020
+ms.reviewer: chventou
 ---
 
 # Manage Microsoft Defender Advanced Threat Protection with PowerShell, WMI, and MPCmdRun.exe
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration.md b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration.md
index f716c99579..9a214694df 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration.md
@@ -15,6 +15,8 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
+ms.date: 09/04/2020
+ms.reviewer: chventou
 ---
 
 # Manage Microsoft Defender Advanced Threat Protection, post migration

From af2b025ef22c46fe367992b5b2f9e4fc4dcd1128 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 4 Sep 2020 10:00:14 -0700
Subject: [PATCH 34/66] metadata for migration guides

---
 .../microsoft-defender-atp/manage-atp-post-migration.md       | 2 +-
 .../mcafee-to-microsoft-defender-migration.md                 | 2 +-
 .../symantec-to-microsoft-defender-atp-migration.md           | 4 +++-
 .../symantec-to-microsoft-defender-atp-onboard.md             | 2 ++
 .../symantec-to-microsoft-defender-atp-prepare.md             | 2 ++
 .../symantec-to-microsoft-defender-atp-setup.md               | 2 ++
 6 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration.md b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration.md
index 9a214694df..f06086dbc1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-atp-post-migration.md
@@ -14,7 +14,7 @@ ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
-ms.topic: article
+ms.topic: conceptual
 ms.date: 09/04/2020
 ms.reviewer: chventou
 ---
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md
index d7ab137a8a..2021fb1a37 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md
@@ -17,7 +17,7 @@ ms.collection:
 - M365-security-compliance
 - m365solution-mcafeemigrate
 - m365solution-overview 
-ms.topic: article
+ms.topic: conceptual
 ms.date: 09/03/2020
 ms.reviewer: jesquive, chventou, jonix, chriggs, owtho
 ---
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
index 9e26a9fef5..121b141f1d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-migration.md
@@ -17,7 +17,9 @@ ms.collection:
 - M365-security-compliance
 - m365solution-symantecmigrate
 - m365solution-overview 
-ms.topic: article
+ms.topic: conceptual
+ms.date: 09/04/2020
+ms.reviewer: depicker, yongrhee, chriggs
 ---
 
 # Migrate from Symantec to Microsoft Defender Advanced Threat Protection
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 6c7c329a2e..87f80f841f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -17,6 +17,8 @@ ms.collection:
 - M365-security-compliance 
 - m365solution-symantecmigrate
 ms.topic: article
+ms.date: 09/04/2020
+ms.reviewer: depicker, yongrhee, chriggs
 ---
 
 # Migrate from Symantec - Phase 3: Onboard to Microsoft Defender ATP
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
index 2a678e94e4..a983531f0c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-prepare.md
@@ -17,6 +17,8 @@ ms.collection:
 - M365-security-compliance 
 - m365solution-symantecmigrate
 ms.topic: article
+ms.date: 09/04/2020
+ms.reviewer: depicker, yongrhee, chriggs
 ---
 
 # Migrate from Symantec - Phase 1: Prepare for your migration
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
index a3c0638d1e..e3dd61e48d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
@@ -17,6 +17,8 @@ ms.collection:
 - M365-security-compliance
 - m365solution-symantecmigrate 
 ms.topic: article
+ms.date: 09/04/2020
+ms.reviewer: depicker, yongrhee, chriggs
 ---
 
 # Migrate from Symantec - Phase 2: Set up Microsoft Defender ATP

From e4803449c464bbe851660f10109ed4e590703ea2 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 4 Sep 2020 10:15:52 -0700
Subject: [PATCH 35/66] Update mcafee-to-microsoft-defender-prepare.md

---
 .../mcafee-to-microsoft-defender-prepare.md     | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
index 2a2b2776cb..018f28f54e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
@@ -31,9 +31,20 @@ ms.reviewer: jesquive, chventou, jonix, chriggs, owtho
 **Welcome to the Prepare phase of [migrating from McAfee to Microsoft Defender ATP](mcafee-to-microsoft-defender-migration.md#the-migration-process)**. 
 
 This migration phase includes the following steps:
-1. [Get Microsoft Defender ATP](#get-microsoft-defender-atp).
-2. [Grant access to the Microsoft Defender Security Center](#grant-access-to-the-microsoft-defender-security-center).
-3. [Configure device proxy and internet connectivity settings](#configure-device-proxy-and-internet-connectivity-settings).
+1. 
+2. [Get Microsoft Defender ATP](#get-microsoft-defender-atp).
+3. [Grant access to the Microsoft Defender Security Center](#grant-access-to-the-microsoft-defender-security-center).
+4. [Configure device proxy and internet connectivity settings](#configure-device-proxy-and-internet-connectivity-settings).
+
+## Make sure your McAfee solution is up to date
+
+Before you begin to prepare for Microsoft Defender ATP and Microsoft Defender Antivirus, make sure McAfee Endpoint Security (McAfee) is up to date. Make sure your organization's devices have the latest security updates. To learn more, see the following resources:
+
+- [McAfee Enterprise Product Documentation: How Endpoint Security Works](https://docs.mcafee.com/bundle/endpoint-security-10.7.x-common-product-guide-windows/page/GUID-1207FF39-D1D2-481F-BBD9-E4079112A8DD.html)
+
+- [McAfee Knowledge Center Technical Article: Windows Security Center intermittently incorrectly reports that Endpoint Security is disabled when running on Windows 10](https://kc.mcafee.com/corporate/index?page=content&id=KB91830) 
+
+- [McAfee Knowledge Center Technical Article: Windows Security Center reports Endpoint Security is disabled when Endpoint Security is running](https://kc.mcafee.com/corporate/index?page=content&id=KB91428)
 
 ## Get Microsoft Defender ATP
 

From 0dabaf8d0254a160f36a2a7cdd2b093b8be57d0e Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 4 Sep 2020 10:17:30 -0700
Subject: [PATCH 36/66] Update mcafee-to-microsoft-defender-prepare.md

---
 .../mcafee-to-microsoft-defender-prepare.md                | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
index 018f28f54e..8fe5f3729f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
@@ -31,14 +31,14 @@ ms.reviewer: jesquive, chventou, jonix, chriggs, owtho
 **Welcome to the Prepare phase of [migrating from McAfee to Microsoft Defender ATP](mcafee-to-microsoft-defender-migration.md#the-migration-process)**. 
 
 This migration phase includes the following steps:
-1. 
+1. [Make sure your McAfee solution is up to date](#make-sure-your-mcafee-solution-is-up-to-date)
 2. [Get Microsoft Defender ATP](#get-microsoft-defender-atp).
 3. [Grant access to the Microsoft Defender Security Center](#grant-access-to-the-microsoft-defender-security-center).
 4. [Configure device proxy and internet connectivity settings](#configure-device-proxy-and-internet-connectivity-settings).
 
 ## Make sure your McAfee solution is up to date
 
-Before you begin to prepare for Microsoft Defender ATP and Microsoft Defender Antivirus, make sure McAfee Endpoint Security (McAfee) is up to date. Make sure your organization's devices have the latest security updates. To learn more, see the following resources:
+Before you begin to prepare for Microsoft Defender ATP and Microsoft Defender Antivirus, make sure McAfee Endpoint Security (McAfee) is up to date. Make sure your organization's devices have the latest security updates. Need help? Here are a few McAfee resources:
 
 - [McAfee Enterprise Product Documentation: How Endpoint Security Works](https://docs.mcafee.com/bundle/endpoint-security-10.7.x-common-product-guide-windows/page/GUID-1207FF39-D1D2-481F-BBD9-E4079112A8DD.html)
 
@@ -46,6 +46,9 @@ Before you begin to prepare for Microsoft Defender ATP and Microsoft Defender An
 
 - [McAfee Knowledge Center Technical Article: Windows Security Center reports Endpoint Security is disabled when Endpoint Security is running](https://kc.mcafee.com/corporate/index?page=content&id=KB91428)
 
+> [!NOTE]
+> McAfee documentation links are included in this guide; however, Microsoft makes no warranties or promises for accuracy.
+
 ## Get Microsoft Defender ATP
 
 To get started, you must have Microsoft Defender ATP, with licenses assigned and provisioned.

From 79fc16ba8f2ba26dcbb62cea713b7e172a73283e Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 4 Sep 2020 10:18:08 -0700
Subject: [PATCH 37/66] Update mcafee-to-microsoft-defender-prepare.md

---
 .../mcafee-to-microsoft-defender-prepare.md                    | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
index 8fe5f3729f..bef5eb5c85 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
@@ -46,9 +46,6 @@ Before you begin to prepare for Microsoft Defender ATP and Microsoft Defender An
 
 - [McAfee Knowledge Center Technical Article: Windows Security Center reports Endpoint Security is disabled when Endpoint Security is running](https://kc.mcafee.com/corporate/index?page=content&id=KB91428)
 
-> [!NOTE]
-> McAfee documentation links are included in this guide; however, Microsoft makes no warranties or promises for accuracy.
-
 ## Get Microsoft Defender ATP
 
 To get started, you must have Microsoft Defender ATP, with licenses assigned and provisioned.

From 8b5f12b42784defa98b9ab198aa90b6ee848681f Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 4 Sep 2020 10:20:09 -0700
Subject: [PATCH 38/66] Update mcafee-to-microsoft-defender-setup.md

---
 .../mcafee-to-microsoft-defender-setup.md                       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
index 71c4777eaf..4de7a49217 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
@@ -28,7 +28,7 @@ ms.reviewer: jesquive, chventou, jonix, chriggs, owtho
 ||*You are here!* | |
 
 
-**Welcome to the Setup phase of [migrating from McAfee to Microsoft Defender ATP](mcafee-to-microsoft-defender-migration.md#the-migration-process)**. This phase includes the following steps:
+**Welcome to the Setup phase of [migrating from McAfee Endpoint Security (McAfee) to Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](mcafee-to-microsoft-defender-migration.md#the-migration-process)**. This phase includes the following steps:
 1. [Enable or reinstall Microsoft Defender Antivirus (for certain versions of Windows)](#enable-or-reinstall-microsoft-defender-antivirus-for-certain-versions-of-windows).
 2. [Enable Microsoft Defender Antivirus](#enable-microsoft-defender-antivirus).
 3. [Add Microsoft Defender ATP to the exclusion list for McAfee](#add-microsoft-defender-atp-to-the-exclusion-list-for-mcafee).

From 7e840c97e2db3ad8ef8678d6048d8f643377c021 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 4 Sep 2020 10:21:02 -0700
Subject: [PATCH 39/66] Update mcafee-to-microsoft-defender-onboard.md

---
 .../mcafee-to-microsoft-defender-onboard.md                     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md
index addfffa8be..4b65da3b72 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-onboard.md
@@ -28,7 +28,7 @@ ms.reviewer: jesquive, chventou, jonix, chriggs, owtho
 || |*You are here!* |
 
 
-**Welcome to Phase 3 of [migrating from McAfee to Microsoft Defender ATP](mcafee-to-microsoft-defender-migration.md#the-migration-process)**. This migration phase includes the following steps:
+**Welcome to Phase 3 of [migrating from McAfee Endpoint Security (McAfee) to Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](mcafee-to-microsoft-defender-migration.md#the-migration-process)**. This migration phase includes the following steps:
 
 1. [Onboard devices to Microsoft Defender ATP](#onboard-devices-to-microsoft-defender-atp).
 2. [Run a detection test](#run-a-detection-test).

From ad6c9184c0f777e592edeb70d73052b87bb30779 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 4 Sep 2020 10:21:40 -0700
Subject: [PATCH 40/66] Update mcafee-to-microsoft-defender-prepare.md

---
 .../mcafee-to-microsoft-defender-prepare.md                     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
index bef5eb5c85..f43d565825 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
@@ -28,7 +28,7 @@ ms.reviewer: jesquive, chventou, jonix, chriggs, owtho
 |*You are here!*| | |
 
 
-**Welcome to the Prepare phase of [migrating from McAfee to Microsoft Defender ATP](mcafee-to-microsoft-defender-migration.md#the-migration-process)**. 
+**Welcome to the Prepare phase of [migrating from McAfee Endpoint Security (McAfee) to Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](mcafee-to-microsoft-defender-migration.md#the-migration-process)**. 
 
 This migration phase includes the following steps:
 1. [Make sure your McAfee solution is up to date](#make-sure-your-mcafee-solution-is-up-to-date)

From 108729e8469201c9512d1f23996190c0e9fb5ec3 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 4 Sep 2020 10:48:17 -0700
Subject: [PATCH 41/66] Update mcafee-to-microsoft-defender-setup.md

---
 .../mcafee-to-microsoft-defender-setup.md         | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
index 4de7a49217..52ff20bf93 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
@@ -29,7 +29,7 @@ ms.reviewer: jesquive, chventou, jonix, chriggs, owtho
 
 
 **Welcome to the Setup phase of [migrating from McAfee Endpoint Security (McAfee) to Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](mcafee-to-microsoft-defender-migration.md#the-migration-process)**. This phase includes the following steps:
-1. [Enable or reinstall Microsoft Defender Antivirus (for certain versions of Windows)](#enable-or-reinstall-microsoft-defender-antivirus-for-certain-versions-of-windows).
+1. [Enable or reinstall Microsoft Defender Antivirus (for certain versions of Windows Server)](#enable-or-reinstall-microsoft-defender-antivirus-for-certain-versions-of-windows).
 2. [Enable Microsoft Defender Antivirus](#enable-microsoft-defender-antivirus).
 3. [Add Microsoft Defender ATP to the exclusion list for McAfee](#add-microsoft-defender-atp-to-the-exclusion-list-for-mcafee).
 4. [Add McAfee to the exclusion list for Microsoft Defender Antivirus](#add-mcafee-to-the-exclusion-list-for-microsoft-defender-antivirus).
@@ -37,14 +37,11 @@ ms.reviewer: jesquive, chventou, jonix, chriggs, owtho
 6. [Set up your device groups, device collections, and organizational units](#set-up-your-device-groups-device-collections-and-organizational-units).
 7. [Configure antimalware policies and real-time protection](#configure-antimalware-policies-and-real-time-protection).
 
-## Enable or reinstall Microsoft Defender Antivirus (for certain versions of Windows)
+## Enable Microsoft Defender Antivirus and set it to passive mode
 
-> [!TIP]
-> If you're running Windows 10, you do not need to perform this task. Proceed to **[Enable Microsoft Defender Antivirus](#enable-microsoft-defender-antivirus)**.
+On certain versions of Windows, such as Windows Server, Microsoft Defender Antivirus might have been uninstalled or disabled when your McAfee solution was installed. This is because Microsoft Defender Antivirus does not enter passive or disabled mode when you install a third-party antivirus product, such as McAfee. (To learn more about this, see [Microsoft Defender Antivirus compatibility](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility).)
 
-On certain versions of Windows, Microsoft Defender Antivirus might have been uninstalled or disabled. This is because Microsoft Defender Antivirus does not enter passive or disabled mode when you install a third-party antivirus product, such as McAfee. To learn more, see [Microsoft Defender Antivirus compatibility](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility). 
-
-Now that you're moving from McAfee to Microsoft Defender ATP, you'll need to enable or reinstall Microsoft Defender Antivirus, and set it to passive mode. 
+This step of the migration process involves reinstalling Microsoft Defender Antivirus on Windows Server, enabling Microsoft Defender Antivirus on your Windows client devices, and setting Microsoft Defender Antivirus to passive mode.  
 
 ### Reinstall Microsoft Defender Antivirus on Windows Server
 
@@ -54,7 +51,7 @@ Now that you're moving from McAfee to Microsoft Defender ATP, you'll need to ena
 > - Windows Server, version 1803 (core-only mode)
 > - Windows Server 2016
 > 
-> Microsoft Defender Antivirus is built into Windows 10, but it might be disabled. In this case, proceed to [Enable Microsoft Defender Antivirus](#enable-microsoft-defender-antivirus).
+> Microsoft Defender Antivirus is built into Windows 10, but it might be disabled. In this case, see [Enable Microsoft Defender Antivirus](#enable-microsoft-defender-antivirus).
 
 1. As a local administrator on the endpoint or device, open Windows PowerShell.
 
@@ -85,7 +82,7 @@ Because your organization is still using McAfee, you must set Microsoft Defender
 >- [Local Group Policy Object tool](https://docs.microsoft.com/windows/security/threat-protection/security-compliance-toolkit-10#what-is-the-local-group-policy-object-lgpo-tool)
 >- [A package in Configuration Manager](https://docs.microsoft.com/mem/configmgr/apps/deploy-use/packages-and-programs)
 
-## Enable Microsoft Defender Antivirus
+## Enable Microsoft Defender Antivirus on your Windows client devices
 
 Because your organization has been using McAfee as your primary antivirus solution, Microsoft Defender Antivirus is most likely disabled on your organization's Windows devices. This step of the migration process involves enabling Microsoft Defender Antivirus. 
 

From 0fcc37d99d30014d91eec363b6b0cc8351cabf11 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 4 Sep 2020 10:52:22 -0700
Subject: [PATCH 42/66] Update mcafee-to-microsoft-defender-setup.md

---
 .../mcafee-to-microsoft-defender-setup.md     | 24 +++++++++----------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
index 52ff20bf93..c0de5bd13e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
@@ -29,19 +29,21 @@ ms.reviewer: jesquive, chventou, jonix, chriggs, owtho
 
 
 **Welcome to the Setup phase of [migrating from McAfee Endpoint Security (McAfee) to Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](mcafee-to-microsoft-defender-migration.md#the-migration-process)**. This phase includes the following steps:
-1. [Enable or reinstall Microsoft Defender Antivirus (for certain versions of Windows Server)](#enable-or-reinstall-microsoft-defender-antivirus-for-certain-versions-of-windows).
-2. [Enable Microsoft Defender Antivirus](#enable-microsoft-defender-antivirus).
-3. [Add Microsoft Defender ATP to the exclusion list for McAfee](#add-microsoft-defender-atp-to-the-exclusion-list-for-mcafee).
-4. [Add McAfee to the exclusion list for Microsoft Defender Antivirus](#add-mcafee-to-the-exclusion-list-for-microsoft-defender-antivirus).
-5. [Add McAfee to the exclusion list for Microsoft Defender ATP](#add-mcafee-to-the-exclusion-list-for-microsoft-defender-atp).
-6. [Set up your device groups, device collections, and organizational units](#set-up-your-device-groups-device-collections-and-organizational-units).
-7. [Configure antimalware policies and real-time protection](#configure-antimalware-policies-and-real-time-protection).
+1. [Enable Microsoft Defender Antivirus and confirm it's in passive mode](#enable-microsoft-defender-antivirus-and-confirm-its-in-passive-mode).
+2. [Add Microsoft Defender ATP to the exclusion list for McAfee](#add-microsoft-defender-atp-to-the-exclusion-list-for-mcafee).
+3. [Add McAfee to the exclusion list for Microsoft Defender Antivirus](#add-mcafee-to-the-exclusion-list-for-microsoft-defender-antivirus).
+4. [Add McAfee to the exclusion list for Microsoft Defender ATP](#add-mcafee-to-the-exclusion-list-for-microsoft-defender-atp).
+5. [Set up your device groups, device collections, and organizational units](#set-up-your-device-groups-device-collections-and-organizational-units).
+6. [Configure antimalware policies and real-time protection](#configure-antimalware-policies-and-real-time-protection).
 
-## Enable Microsoft Defender Antivirus and set it to passive mode
+## Enable Microsoft Defender Antivirus and confirm it's in passive mode
 
 On certain versions of Windows, such as Windows Server, Microsoft Defender Antivirus might have been uninstalled or disabled when your McAfee solution was installed. This is because Microsoft Defender Antivirus does not enter passive or disabled mode when you install a third-party antivirus product, such as McAfee. (To learn more about this, see [Microsoft Defender Antivirus compatibility](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility).)
 
-This step of the migration process involves reinstalling Microsoft Defender Antivirus on Windows Server, enabling Microsoft Defender Antivirus on your Windows client devices, and setting Microsoft Defender Antivirus to passive mode.  
+This step of the migration process includes the following tasks:
+- [Reinstalling Microsoft Defender Antivirus on Windows Server](#reinstall-microsoft-defender-antivirus-on-windows-server); 
+- Enabling Microsoft Defender Antivirus on your Windows client devices; and
+- Confirming that Microsoft Defender Antivirus is set to passive mode.  
 
 ### Reinstall Microsoft Defender Antivirus on Windows Server
 
@@ -50,8 +52,6 @@ This step of the migration process involves reinstalling Microsoft Defender Anti
 > - Windows Server 2019
 > - Windows Server, version 1803 (core-only mode)
 > - Windows Server 2016
-> 
-> Microsoft Defender Antivirus is built into Windows 10, but it might be disabled. In this case, see [Enable Microsoft Defender Antivirus](#enable-microsoft-defender-antivirus).
 
 1. As a local administrator on the endpoint or device, open Windows PowerShell.
 
@@ -82,7 +82,7 @@ Because your organization is still using McAfee, you must set Microsoft Defender
 >- [Local Group Policy Object tool](https://docs.microsoft.com/windows/security/threat-protection/security-compliance-toolkit-10#what-is-the-local-group-policy-object-lgpo-tool)
 >- [A package in Configuration Manager](https://docs.microsoft.com/mem/configmgr/apps/deploy-use/packages-and-programs)
 
-## Enable Microsoft Defender Antivirus on your Windows client devices
+### Enable Microsoft Defender Antivirus on your Windows client devices
 
 Because your organization has been using McAfee as your primary antivirus solution, Microsoft Defender Antivirus is most likely disabled on your organization's Windows devices. This step of the migration process involves enabling Microsoft Defender Antivirus. 
 

From 68c4b2d9870cdc38827d2e45dddc0c9ff3242ef8 Mon Sep 17 00:00:00 2001
From: Paul Huijbregts <30799281+pahuijbr@users.noreply.github.com>
Date: Fri, 4 Sep 2020 19:55:37 +0200
Subject: [PATCH 43/66] Update
 manage-updates-baselines-microsoft-defender-antivirus.md

Please check my markdown!
---
 ...-baselines-microsoft-defender-antivirus.md | 42 ++++++++++++++++++-
 1 file changed, 40 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
index 6f73b79b2b..576aafd9bf 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
@@ -57,6 +57,44 @@ All our updates contain:
 * serviceability improvements
 * integration improvements (Cloud, MTP)  
 <br/>
+<details>
+<summary> August-2020 (Platform: 4.18.2008.3 | Engine: 1.1.17400.5)</summary>
+
+&ensp;Security intelligence update version: **1.323.9.0**  
+&ensp;Released: **August 27, 2020**  
+&ensp;Platform: **4.18.2008.3**  
+&ensp;Engine: **1.1.17400.5**  
+&ensp;Support phase: **Security and Critical Updates**
+    
+### What's new
+* Add more telemetry events
+* Improved scan event telemetry
+* Improved behavior monitoring for memory scans
+* Improved macro streams scanning
+
+### Known Issues
+No known issues  
+<br/>
+</details>
+
+<details>
+<summary> July-2020 (Platform: 4.18.2007.8 | Engine: 1.1.17300.4)</summary>
+
+&ensp;Security intelligence update version: **1.321.30.0**  
+&ensp;Released: **July 28, 2020**  
+&ensp;Platform: **4.18.2007.8**  
+&ensp;Engine: **1.1.17300.4**  
+&ensp;Support phase: **Security and Critical Updates**
+    
+### What's new
+* Improved telemetry for BITS
+* Improved Authenticode code signing certificate validation
+
+### Known Issues
+No known issues  
+<br/>
+</details>
+
 <details>
 <summary> June-2020 (Platform: 4.18.2006.10 | Engine: 1.1.17200.2)</summary>
 
@@ -86,7 +124,7 @@ No known issues
 &ensp;Released: **May 26, 2020**  
 &ensp;Platform: **4.18.2005.4**  
 &ensp;Engine: **1.1.17100.2**  
-&ensp;Support phase: **Security and Critical Updates**
+&ensp;Support phase: **Technical upgrade Support (Only)**
     
 ### What's new
 * Improved logging for scan events
@@ -108,7 +146,7 @@ No known issues
 &ensp;Released: **April 30, 2020**  
 &ensp;Platform: **4.18.2004.6**  
 &ensp;Engine: **1.1.17000.2**  
-&ensp;Support phase: **Security and Critical Updates**
+&ensp;Support phase: **Technical upgrade Support (Only)**
     
 ### What's new
 * WDfilter improvements

From 7b8fbdebd8fb0723b53da33803d77326bb756620 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 4 Sep 2020 10:58:47 -0700
Subject: [PATCH 44/66] Update mcafee-to-microsoft-defender-setup.md

---
 .../mcafee-to-microsoft-defender-setup.md                | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
index c0de5bd13e..9befe29754 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
@@ -41,9 +41,10 @@ ms.reviewer: jesquive, chventou, jonix, chriggs, owtho
 On certain versions of Windows, such as Windows Server, Microsoft Defender Antivirus might have been uninstalled or disabled when your McAfee solution was installed. This is because Microsoft Defender Antivirus does not enter passive or disabled mode when you install a third-party antivirus product, such as McAfee. (To learn more about this, see [Microsoft Defender Antivirus compatibility](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility).)
 
 This step of the migration process includes the following tasks:
-- [Reinstalling Microsoft Defender Antivirus on Windows Server](#reinstall-microsoft-defender-antivirus-on-windows-server); 
-- Enabling Microsoft Defender Antivirus on your Windows client devices; and
-- Confirming that Microsoft Defender Antivirus is set to passive mode.  
+- [Reinstalling Microsoft Defender Antivirus on Windows Server](#reinstall-microsoft-defender-antivirus-on-windows-server);
+-  [Setting Microsoft Defender Antivirus to passive mode on Windows Server](#set-microsoft-defender-antivirus-to-passive-mode-on-windows-server)
+- [Enabling Microsoft Defender Antivirus on your Windows client devices](#enable-microsoft-defender-antivirus-on-your-windows-client-devices); and
+- [Confirming that Microsoft Defender Antivirus is set to passive mode](#confirm-that-microsoft-defender-antivirus-is-in-passive-mode).  
 
 ### Reinstall Microsoft Defender Antivirus on Windows Server
 
@@ -94,7 +95,7 @@ To enable Microsoft Defender Antivirus, we recommend using Intune. However, you
 |Control Panel in Windows     |Follow the guidance here: [Turn on Microsoft Defender Antivirus](https://docs.microsoft.com/mem/intune/user-help/turn-on-defender-windows). <br/><br/>**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.        |
 |[Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm/) <br/>or<br/>[Group Policy Management Console](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus)  |1. Go to `Computer configuration > Administrative templates > Windows components > Microsoft Defender Antivirus`. <br/><br/>2. Look for a policy called **Turn off Microsoft Defender Antivirus**.<br/> <br/>3. Choose **Edit policy setting**, and make sure that policy is disabled. This enables Microsoft Defender Antivirus. <br/><br/>**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows. |
 
-### Verify that Microsoft Defender Antivirus is in passive mode
+### Confirm that Microsoft Defender Antivirus is in passive mode
 
 Microsoft Defender Antivirus can run alongside McAfee if you set Microsoft Defender Antivirus to passive mode. You can use either Command Prompt or PowerShell to perform this task, as described in the following table:
 

From 3cc24e0aa4f5dce32976884056716f7f643a7ab6 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 4 Sep 2020 11:07:29 -0700
Subject: [PATCH 45/66] Update
 manage-updates-baselines-microsoft-defender-antivirus.md

---
 .../manage-updates-baselines-microsoft-defender-antivirus.md     | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
index 576aafd9bf..c8bcc9a9ad 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
@@ -13,6 +13,7 @@ ms.author: deniseb
 ms.custom: nextgen
 ms.reviewer: 
 manager: dansimp
+ms.date: 09/04/2020
 ---
 
 # Manage Microsoft Defender Antivirus updates and apply baselines

From ca9f39291d3f4450d0ce117cc4cd7bdbba83d4df Mon Sep 17 00:00:00 2001
From: Beth Levin <elizabeth.levin@microsoft.com>
Date: Fri, 4 Sep 2020 11:28:56 -0700
Subject: [PATCH 46/66] updating redirects

---
 .openpublishing.redirection.json | 55 +++++++++++++++++---------------
 1 file changed, 30 insertions(+), 25 deletions(-)

diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index 72163a76f0..4909977610 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -1210,11 +1210,6 @@
       "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-attack-surface-reduction",
       "redirect_document_id": true
     },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/configuration-score.md",
-      "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configuration-score",
-      "redirect_document_id": false
-    },
     {
       "source_path": "windows/security/threat-protection/windows-defender-atp/configure-conditional-access-windows-defender-advanced-threat-protection.md",
       "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-conditional-access",
@@ -1435,16 +1430,6 @@
       "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators",
       "redirect_document_id": false
     },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/enable-security-analytics-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection",
-      "redirect_document_id": true
-    },
-    {
-      "source_path": "windows/security/threat-protection/microsoft-defender-atp/enable-secure-score.md",
-      "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices",
-      "redirect_document_id": true
-    },
     {
       "source_path": "windows/keep-secure/configure-aad-windows-defender-advanced-threat-protection.md",
       "redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection",
@@ -1795,6 +1780,21 @@
       "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-hardware-based-isolation",
       "redirect_document_id": true
     },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/secure-score-dashboard",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/enable-security-analytics-windows-defender-advanced-threat-protection.md",
+      "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection",
+      "redirect_document_id": true
+    },
     {
       "source_path": "windows/security/threat-protection/windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection.md",
       "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-secure-score",
@@ -1805,11 +1805,26 @@
       "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configuration-score",
       "redirect_document_id": true
     },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/configuration-score.md",
+      "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices",
+      "redirect_document_id": true
+    },
     {
       "source_path": "windows/security/threat-protection/microsoft-defender-atp/secure-score-dashboard.md",
       "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configuration-score",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/enable-secure-score.md",
+      "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-atp/configuration-score.md",
+      "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configuration-score",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/security/threat-protection/windows-defender-atp/partner-applications.md",
       "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/partner-applications",
@@ -1980,16 +1995,6 @@
       "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/run-detection-test",
       "redirect_document_id": true
     },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection",
-      "redirect_document_id": true
-    },
-    {
-      "source_path": "windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md",
-      "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/secure-score-dashboard",
-      "redirect_document_id": true
-    },
     {
       "source_path": "windows/security/threat-protection/windows-defender-atp/dashboard-windows-defender-advanced-threat-protection.md",
       "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection",

From 7d755486d39a3f22d126f4d3992271e8ea5b68fa Mon Sep 17 00:00:00 2001
From: Tudor Dobrila <tudor.dobrila@microsoft.com>
Date: Fri, 4 Sep 2020 12:07:38 -0700
Subject: [PATCH 47/66] Release notes for 101.07.23

---
 .../linux-preferences.md                      | 22 +++++++++++++++++
 .../microsoft-defender-atp/mac-preferences.md | 24 +++++++++++++++++++
 .../microsoft-defender-atp/mac-whatsnew.md    | 11 +++++++++
 3 files changed, 57 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md b/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md
index bc9ddc57fc..4e853d9875 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md
@@ -215,6 +215,28 @@ Specifies the merge policy for threat type settings. This can be a combination o
 | **Possible values** | merge (default) <br/> admin_only |
 | **Comments** | Available in Microsoft Defender ATP version 100.83.73 or higher. |
 
+#### Antivirus scan history retention (in days)
+
+Specify the number of days that results are retained in the scan history on the device. Old scan results are removed from the history. Old quarantined files that are also removed from the disk.
+
+|||
+|:---|:---|
+| **Key** | scanResultsRetentionDays |
+| **Data type** | String |
+| **Possible values** | 90 (default). Allowed values are from 1 day to 180 days. |
+| **Comments** | Available in Microsoft Defender ATP version 101.04.76 or higher. |
+
+#### Maximum number of items in the antivirus scan history
+
+Specify the maximum number of entries to keep in the scan history. Entries include all on-demand scans performed in the past and all antivirus detections.
+
+|||
+|:---|:---|
+| **Key** | scanHistoryMaximumItems |
+| **Data type** | String |
+| **Possible values** | 10000 (default). Allowed values are from 5000 items to 15000 items. |
+| **Comments** | Available in Microsoft Defender ATP version 101.04.76 or higher. |
+
 ### Cloud-delivered protection preferences
 
 The *cloudService* entry in the configuration profile is used to configure the cloud-driven protection feature of the product.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md b/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md
index e2f79e5846..7b20fefb12 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md
@@ -233,6 +233,30 @@ Specify the merge policy for threat type settings. This can be a combination of
 | **Possible values** | merge (default) <br/> admin_only |
 | **Comments** | Available in Microsoft Defender ATP version 100.83.73 or higher. |
 
+### Antivirus scan history retention (in days)
+
+Specify the number of days that results are retained in the scan history on the device. Old scan results are removed from the history. Old quarantined files that are also removed from the disk.
+
+|||
+|:---|:---|
+| **Domain** | `com.microsoft.wdav` |
+| **Key** | scanResultsRetentionDays |
+| **Data type** | String |
+| **Possible values** | 90 (default). Allowed values are from 1 day to 180 days. |
+| **Comments** | Available in Microsoft Defender ATP version 101.07.23 or higher. |
+
+### Maximum number of items in the antivirus scan history
+
+Specify the maximum number of entries to keep in the scan history. Entries include all on-demand scans performed in the past and all antivirus detections.
+
+|||
+|:---|:---|
+| **Domain** | `com.microsoft.wdav` |
+| **Key** | scanHistoryMaximumItems |
+| **Data type** | String |
+| **Possible values** | 10000 (default). Allowed values are from 5000 items to 15000 items. |
+| **Comments** | Available in Microsoft Defender ATP version 101.07.23 or higher. |
+
 ### Cloud-delivered protection preferences
 
 Configure the cloud-driven protection features of Microsoft Defender ATP for Mac.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
index ce8693466d..7391bec98a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
@@ -38,6 +38,17 @@ ms.topic: conceptual
 > 2. Refer to this documentation for detailed configuration information and instructions: [New configuration profiles for macOS Catalina and newer versions of macOS](mac-sysext-policies.md).
 > 3. Monitor this page for an announcement of the actual release of MDATP for Mac agent update.
 
+## 101.07.23
+
+- Added new fields to the output of `mdatp --health` for checking the status of passive mode and the EDR group ID
+
+> [!NOTE]
+> `mdatp --health` will be replaced with `mdatp health` in a future product update.
+
+- Fixed a bug where automatic sample submission was not marked as managed in the user interface
+- Added new settings for controlling the retention of items in the antivirus threat history. You can now [specify the number of days to retain items in the threat history](mac-preferences.md#antivirus-scan-history-retention-in-days) and [specify the maximum number of items in the scan history](mac-preferences.md#maximum-number-of-items-in-the-antivirus-scan-history)
+- Bug fixes
+
 ## 101.06.63
 
 - Addressed a performance regression introduced in version `101.05.17`. The regression was introduced with the fix to eliminate the kernel panics some customers have observed when accessing SMB shares. We have reverted this code change and are investigating alternative ways to eliminate the kernel panics.

From af24fa1935a7e4d4c4c2c7c56d69dcfc40919263 Mon Sep 17 00:00:00 2001
From: Tudor Dobrila <tudor.dobrila@microsoft.com>
Date: Fri, 4 Sep 2020 12:23:19 -0700
Subject: [PATCH 48/66] Fix indentation

---
 .../microsoft-defender-atp/mac-preferences.md                 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md b/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md
index 7b20fefb12..830692c78c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md
@@ -233,7 +233,7 @@ Specify the merge policy for threat type settings. This can be a combination of
 | **Possible values** | merge (default) <br/> admin_only |
 | **Comments** | Available in Microsoft Defender ATP version 100.83.73 or higher. |
 
-### Antivirus scan history retention (in days)
+#### Antivirus scan history retention (in days)
 
 Specify the number of days that results are retained in the scan history on the device. Old scan results are removed from the history. Old quarantined files that are also removed from the disk.
 
@@ -245,7 +245,7 @@ Specify the number of days that results are retained in the scan history on the
 | **Possible values** | 90 (default). Allowed values are from 1 day to 180 days. |
 | **Comments** | Available in Microsoft Defender ATP version 101.07.23 or higher. |
 
-### Maximum number of items in the antivirus scan history
+#### Maximum number of items in the antivirus scan history
 
 Specify the maximum number of entries to keep in the scan history. Entries include all on-demand scans performed in the past and all antivirus detections.
 

From 46df5f75a793fc14a16ad0b6b2bc011ca861ec0e Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 4 Sep 2020 12:29:46 -0700
Subject: [PATCH 49/66] Update mcafee-to-microsoft-defender-setup.md

---
 .../mcafee-to-microsoft-defender-setup.md     | 24 ++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
index 9befe29754..f3398db1b3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
@@ -41,11 +41,33 @@ ms.reviewer: jesquive, chventou, jonix, chriggs, owtho
 On certain versions of Windows, such as Windows Server, Microsoft Defender Antivirus might have been uninstalled or disabled when your McAfee solution was installed. This is because Microsoft Defender Antivirus does not enter passive or disabled mode when you install a third-party antivirus product, such as McAfee. (To learn more about this, see [Microsoft Defender Antivirus compatibility](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility).)
 
 This step of the migration process includes the following tasks:
+- [Setting DisableAntiSpyware to false on Windows Server](#set-disableantispyware-to-false-on-windows-server)
 - [Reinstalling Microsoft Defender Antivirus on Windows Server](#reinstall-microsoft-defender-antivirus-on-windows-server);
--  [Setting Microsoft Defender Antivirus to passive mode on Windows Server](#set-microsoft-defender-antivirus-to-passive-mode-on-windows-server)
+- [Setting Microsoft Defender Antivirus to passive mode on Windows Server](#set-microsoft-defender-antivirus-to-passive-mode-on-windows-server)
 - [Enabling Microsoft Defender Antivirus on your Windows client devices](#enable-microsoft-defender-antivirus-on-your-windows-client-devices); and
 - [Confirming that Microsoft Defender Antivirus is set to passive mode](#confirm-that-microsoft-defender-antivirus-is-in-passive-mode).  
 
+### Set DisableAntiSpyware to false on Windows Server
+
+The [DisableAntiSpyware](https://docs.microsoft.com/windows-hardware/customize/desktop/unattend/security-malware-windows-defender-disableantispyware) registry key was used in the past to disable Microsoft Defender Antivirus, and deploy another antivirus product, such as McAfee. In general, you should not have this registry key on your Windows devices and endpoints; however, here's how to make sure `DisableAntiSpyware` is set to false.
+
+1. On your Windows Server device, open Registry Editor.
+
+2. Navigate to `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender`.
+
+3. In that folder, look for a DWORD entry called **DisableAntiSpyware**.
+
+   - If you do not see that entry, you're all set.
+
+   - If you do see **DisableAntiSpyware**, proceed to step 4.
+
+4. Right-click the DisableAntiSpyware DWORD, and then choose **Modify**.
+
+5. Set the value to `0`. (This sets the registry key's value to *false*.)
+
+> [!TIP]
+> To learn more, see [DisableAntiSpyware](https://docs.microsoft.com/windows-hardware/customize/desktop/unattend/security-malware-windows-defender-disableantispyware).
+
 ### Reinstall Microsoft Defender Antivirus on Windows Server
 
 > [!NOTE]

From 2ddd7283c002980a16ca612c581cb47a2e0e9766 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 4 Sep 2020 12:30:17 -0700
Subject: [PATCH 50/66] Update mcafee-to-microsoft-defender-setup.md

---
 .../mcafee-to-microsoft-defender-setup.md                       | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
index f3398db1b3..6401b8ce70 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
@@ -68,6 +68,8 @@ The [DisableAntiSpyware](https://docs.microsoft.com/windows-hardware/customize/d
 > [!TIP]
 > To learn more, see [DisableAntiSpyware](https://docs.microsoft.com/windows-hardware/customize/desktop/unattend/security-malware-windows-defender-disableantispyware).
 
+Proceed to the next task (reinstalling Microsoft Defender Antivirus).
+
 ### Reinstall Microsoft Defender Antivirus on Windows Server
 
 > [!NOTE]

From 62ceec8bacc482e1cd5360964712a7ca71c523e6 Mon Sep 17 00:00:00 2001
From: Tudor Dobrila <tudor.dobrila@microsoft.com>
Date: Fri, 4 Sep 2020 12:32:08 -0700
Subject: [PATCH 51/66] Wording

---
 .../threat-protection/microsoft-defender-atp/mac-whatsnew.md    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
index 7391bec98a..ffcf78a69f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
@@ -46,7 +46,7 @@ ms.topic: conceptual
 > `mdatp --health` will be replaced with `mdatp health` in a future product update.
 
 - Fixed a bug where automatic sample submission was not marked as managed in the user interface
-- Added new settings for controlling the retention of items in the antivirus threat history. You can now [specify the number of days to retain items in the threat history](mac-preferences.md#antivirus-scan-history-retention-in-days) and [specify the maximum number of items in the scan history](mac-preferences.md#maximum-number-of-items-in-the-antivirus-scan-history)
+- Added new settings for controlling the retention of items in the antivirus scan history. You can now [specify the number of days to retain items in the scan history](mac-preferences.md#antivirus-scan-history-retention-in-days) and [specify the maximum number of items in the scan history](mac-preferences.md#maximum-number-of-items-in-the-antivirus-scan-history)
 - Bug fixes
 
 ## 101.06.63

From 2f89c98b2b0bf5f051fe0ab86d5f83a8b21a5aca Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Fri, 4 Sep 2020 12:32:48 -0700
Subject: [PATCH 52/66] remove page

---
 .openpublishing.redirection.json              |   5 +
 windows/security/threat-protection/TOC.md     |   1 -
 .../microsoft-defender-atp/powerbi-reports.md | 213 ------------------
 3 files changed, 5 insertions(+), 214 deletions(-)
 delete mode 100644 windows/security/threat-protection/microsoft-defender-atp/powerbi-reports.md

diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index 4909977610..11bad4b893 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -1849,6 +1849,11 @@
       "source_path": "windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md",
       "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/powerbi-reports",
       "redirect_document_id": true
+    },
+	{
+      "source_path": "windows/security/threat-protection/windows-defender-atp/powerbi-reports.md",
+      "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/api-power-bi",
+      "redirect_document_id": true
     },
     {
       "source_path": "windows/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md",
diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 7ea377a772..bc59850154 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -338,7 +338,6 @@
 
 #### [Reporting]()
 ##### [Power BI - How to use API - Samples](microsoft-defender-atp/api-power-bi.md)
-##### [Create and build Power BI reports using Microsoft Defender ATP data connectors (deprecated)](microsoft-defender-atp/powerbi-reports.md)
 ##### [Threat protection reports](microsoft-defender-atp/threat-protection-reports.md)
 #### [Device health and compliance reports](microsoft-defender-atp/machine-reports.md)
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/powerbi-reports.md b/windows/security/threat-protection/microsoft-defender-atp/powerbi-reports.md
deleted file mode 100644
index dd83d08373..0000000000
--- a/windows/security/threat-protection/microsoft-defender-atp/powerbi-reports.md
+++ /dev/null
@@ -1,213 +0,0 @@
----
-title: Create and build Power BI reports using Microsoft Defender ATP data connectors
-description: Get security insights by creating and building Power BI dashboards using data from Microsoft Defender ATP and other data sources.
-keywords: settings, power bi, power bi service, power bi desktop, reports, dashboards, connectors, security insights, mashup
-search.product: eADQiWindows 10XVcnh
-search.appverid: met150
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-author: mjcaparas
-ms.author: macapara
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance 
-ms.topic: article
----
-
-
-# Create and build Power BI reports using Microsoft Defender ATP data connectors (Deprecated)
-
-**Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-
->[!WARNING]
->This connector is being deprecated, learn how to [Create Power-BI reports using Microsoft Defender ATP APIs](api-power-bi.md).
-
- 
-> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-powerbireports-abovefoldlink) 
-
-Understand the security status of your organization, including the status of devices, alerts, and investigations using the Microsoft Defender ATP reporting feature that integrates with Power BI. 
-
-Microsoft Defender ATP supports the use of Power BI data connectors to enable you to connect and access Microsoft Defender ATP data using Microsoft Graph.
-
-Data connectors integrate seamlessly in Power BI, and make it easy for power users to query, shape and combine data to build reports and dashboards that meet the needs of your organization. 
-
-You can easily get started by:
-- Creating a dashboard on the Power BI service 
-- Building a custom dashboard on Power BI Desktop and tweaking it to fit the visual analytics and reporting requirements of your organization 
-
-You can access these options from Microsoft Defender Security Center. Both the Power BI service and Power BI Desktop are supported. 
-
-## Create a Microsoft Defender ATP dashboard on Power BI service
-Microsoft Defender ATP makes it easy to create a Power BI dashboard by providing an option straight from the portal. 
-
-1. In the navigation pane, select **Settings** > **General** > **Power BI reports**.
-
-2. Click **Create dashboard**.
-
-   ![Image of create dashboard](images/atp-create-dashboard.png)
-    
-   You'll see a notification that things are being loaded. 
-
-   ![Image of loading](images/atp-loading.png)
-
-   >[!NOTE]
-   >Loading your data in the Power BI service can take a few minutes.
-
-3. Specify the following details:
-   - **extensionDataSourceKind**: WDATPConnector
-   - **extensionDataSourcePath**: WDATPConnector
-   - **Authentication method**: OAuth2
-
-     ![Image of Power BI authentication method](images/atp-powerbi-extension.png)
-
-4. Click **Sign in**. If this is the first time you’re using Power BI with Microsoft Defender ATP, you’ll need to sign in and give consent to Microsoft Defender ATP Power BI app. By providing consent, you’re allowing Microsoft Defender ATP Power BI to sign in and read your profile, access your data, and be used for report refresh.
-
-      ![Consent image](images/atp-powerbi-accept.png)
-
-5. Click **Accept**. Power BI service will start downloading your Microsoft Defender ATP data from Microsoft Graph. After a successful login, you'll see a notification that data is being imported:
-
-    ![Image of importing data](images/atp-powerbi-importing.png)
-    
-    >[!NOTE]
-    >Depending on the number of onboarded devices, loading your data in the Power BI service can take several minutes. A larger number of devices might take longer to load. 
-
-    When importing data is completed and the dataset is ready, you’ll the following notification:
-
-    ![Image of dataset is ready](images/atp-data-ready.png)
-
-6. Click **View dataset** to explore your data.
-
-
-For more information, see [Create a Power BI dashboard from a report](https://powerbi.microsoft.com/en-us/documentation/powerbi-service-create-a-dashboard/).
-
-## Create a Power BI dashboard from the Power BI portal
-
-1. Login to [Power BI](https://powerbi.microsoft.com/).
-
-2. Click **Get Data**.
-
-3. Select **Microsoft AppSource** > **My Organization** > **Get**.
-
-    ![Image of Microsoft AppSource to get data](images/atp-get-data.png)
-
-4. In the AppSource window, select **Apps** and search for Microsoft Defender Advanced Threat Protection.
-
-    ![Image of AppSource to get Microsoft Defender ATP](images/atp-appsource.png)
-
-5. Click **Get it now**.
-
-6. Specify the following details:
-   - **extensionDataSourceKind**: WDATPConnector
-   - **extensionDataSourcePath**: WDATPConnector
-   - **Authentication method**: OAuth2
-
-     ![Image of Power BI authentication method](images/atp-powerbi-extension.png)
-
-7. Click **Sign in**. If this is the first time you’re using Power BI with Microsoft Defender ATP, you’ll need to sign in and give consent to Microsoft Defender ATP Power BI app. By providing consent, you’re allowing Microsoft Defender ATP Power BI to sign in and read your profile, access your data, and be used for report refresh.
-
-      ![Consent image](images/atp-powerbi-accept.png)
-
-8. Click **Accept**. Power BI service will start downloading your Microsoft Defender ATP data from Microsoft Graph. After a successful login, you'll see a notification that data is being imported:
-
-   ![Image of importing data](images/atp-powerbi-importing.png)
-    
-   >[!NOTE]
-   >Depending on the number of onboarded devices, loading your data in the Power BI service can take several minutes. A larger number of devices might take longer to load. 
-
-   When importing data is completed and the dataset is ready, you’ll the following notification:
-
-   ![Image of dataset is ready](images/atp-data-ready.png)
-
-9. Click **View dataset** to explore your data.
-
-
-## Build a custom Microsoft Defender ATP dashboard in Power BI Desktop
-You can create a custom dashboard in Power BI Desktop to create visualizations that cater to the specific views that your organization requires.  
-
-### Before you begin
-1. Make sure you use Power BI Desktop June 2017 and above. [Download the latest version](https://powerbi.microsoft.com/en-us/desktop/).
-
-2. In the Microsoft Defender Security Center navigation pane, select **Settings** > **Power BI reports**.
-
-    ![Image of settings Power BI reports](images/atp-settings-powerbi.png)    
-
-3. Click **Download connector** to download the WDATPPowerBI.zip file and extract it.
-
-    ![Settings with download connector button](images/atp-download-connector.png)
-
-4. Create a new directory `[Documents]\Power BI Desktop\Custom Connectors`.
-
-5. Copy WDATPDataConnector.mez from the zip to the directory you just created.
-
-6. Open Power BI Desktop.
-
-7. Click **File** > **Options and settings** > **Custom data connectors**.
-
-8. Select **New table and matrix visuals** and **Custom data connectors** and click **OK**.
-
-    > [!NOTE]
-    > If you plan on using Custom Connectors or connectors that you or a third party has developed, you must select *(Not Recommended) Allow any extension to load without warning* under **Power BI Desktop** > **File** > **Options and settings** > **Options** > **Security** > **Data Extensions**".
-    
-    >[!NOTE]
-    >If you are using Power BI Desktop July 2017 version (or later), you won't need to select **New table and matrix visuals**. You'll only need to select **Custom data connectors**.
-
-    ![Power BI options page](images/atp-powerbi-options.png)
-    
-9. Restart Power BI Desktop.
-
-## Customize the Microsoft Defender ATP Power BI dashboard
-After completing the steps in the Before you begin section, you can proceed with building your custom dashboard.
-
-1. Open WDATPPowerBI.pbit from the zip with Power BI Desktop.
-
-2. If this is the first time you’re using Power BI with Microsoft Defender ATP, you’ll need to sign in and give consent to Microsoft Defender ATP Power BI app. By providing consent, you’re allowing Microsoft Defender ATP Power BI to sign in and read your profile, and access your data.
-
-    ![Consent image](images/atp-powerbi-consent.png)
-
-3. Click **Accept**. Power BI Desktop will start downloading your Microsoft Defender ATP data from Microsoft Graph. When all data has been downloaded, you can proceed to customize your reports.
-
-
-
-## Mashup Microsoft Defender ATP data with other data sources
-You can use Power BI Desktop to analyze data from Microsoft Defender ATP and mash that data up with other data sources to gain better security perspective in your organization.
-
-1. In Power BI Desktop, in the Home ribbon, click **Get data** and search for **Microsoft Defender Advanced Threat Protection**.
-
-2. Click **Connect**.
-
-3. On the Preview Connector windows, click **Continue**. 
-
-4. If this is the first time you’re using Power BI with Microsoft Defender ATP, you’ll need to sign in and give consent to Microsoft Defender ATP Power BI app. By providing consent, you’re allowing Microsoft Defender ATP Power BI to sign in and read your profile, and access your data.
-
-    ![Consent image](images/atp-powerbi-consent.png)
-
-5. Click **Accept**. Power BI Desktop will start downloading your Microsoft Defender ATP data from Microsoft Graph. When all data has been downloaded, you can proceed to customize your reports.
-
-6. In the Navigator dialog box, select the Microsoft Defender ATP feeds you'd like to download and use in your reports and click Load. Data will start to be downloaded from the Microsoft Graph.
-
-7. Load other data sources by clicking **Get data item** in the Home ribbon, and select another data source.
-
-8. Add visuals and select fields from the available data sources. 
-
-## Using the Power BI reports
-There are a couple of tabs on the report that's generated:
-
-- Device and alerts 
-- Investigation results and action center
-- Secure Score
-
-In general, if you know of a specific threat name, CVE, or KB, you can identify devices with unpatched vulnerabilities that might be leveraged by threats. This report also helps you determine whether device-level mitigations are configured correctly on the devices and prioritize those that might need attention.
-
-
-## Related topic
-- [Create custom Power BI reports](api-power-bi.md)
-
-
-
-
-

From d312aea16c74ae620cb9cfd5f04f31120277838f Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 4 Sep 2020 12:41:22 -0700
Subject: [PATCH 53/66] Update mcafee-to-microsoft-defender-setup.md

---
 .../mcafee-to-microsoft-defender-setup.md                     | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
index 6401b8ce70..5ade8249ed 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
@@ -49,7 +49,7 @@ This step of the migration process includes the following tasks:
 
 ### Set DisableAntiSpyware to false on Windows Server
 
-The [DisableAntiSpyware](https://docs.microsoft.com/windows-hardware/customize/desktop/unattend/security-malware-windows-defender-disableantispyware) registry key was used in the past to disable Microsoft Defender Antivirus, and deploy another antivirus product, such as McAfee. In general, you should not have this registry key on your Windows devices and endpoints; however, here's how to make sure `DisableAntiSpyware` is set to false.
+The [DisableAntiSpyware](https://docs.microsoft.com/windows-hardware/customize/desktop/unattend/security-malware-windows-defender-disableantispyware) registry key was used in the past to disable Microsoft Defender Antivirus, and deploy another antivirus product, such as McAfee. In general, you should not have this registry key on your Windows devices and endpoints; however, if you do have `DisableAntiSpyware` configured, here's how to set its value to false:
 
 1. On your Windows Server device, open Registry Editor.
 
@@ -66,7 +66,7 @@ The [DisableAntiSpyware](https://docs.microsoft.com/windows-hardware/customize/d
 5. Set the value to `0`. (This sets the registry key's value to *false*.)
 
 > [!TIP]
-> To learn more, see [DisableAntiSpyware](https://docs.microsoft.com/windows-hardware/customize/desktop/unattend/security-malware-windows-defender-disableantispyware).
+> To learn more about this registry key, see [DisableAntiSpyware](https://docs.microsoft.com/windows-hardware/customize/desktop/unattend/security-malware-windows-defender-disableantispyware).
 
 Proceed to the next task (reinstalling Microsoft Defender Antivirus).
 

From 0203c2a964b55554580cb15103d273da961b084e Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Fri, 4 Sep 2020 12:46:41 -0700
Subject: [PATCH 54/66] add link to google play

---
 .../threat-protection/microsoft-defender-atp/android-intune.md | 2 +-
 .../microsoft-defender-atp/microsoft-defender-atp-android.md   | 3 +--
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md
index 20ef58ffa1..f6b75a00f1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md
@@ -30,7 +30,7 @@ device](https://docs.microsoft.com/mem/intune/user-help/enroll-device-android-co
 
 
 > [!NOTE]
-> **Microsoft Defender ATP for Android is now available on Google Play.**
+> **Microsoft Defender ATP for Android is now available on [Google Play](https://play.google.com/store/apps/details?id=com.microsoft.scmx) now.** <br>
 > You can connect to Google Play from Intune to deploy Microsoft Defender ATP app across Device Administrator and Android Enterprise entrollment modes.
   Updates to the app are automatic via Google Play.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md
index 9e20ced652..71915fe457 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md
@@ -84,8 +84,7 @@ For more information, see [Deploy Microsoft Defender ATP for Android with Micros
 
 
 > [!NOTE]
-> **Microsoft Defender ATP for Android is available on Google Play now.**
-> You can connect to Google Play from Intune to deploy Microsoft Defender ATP app, across Device Administrator and Android Enterprise entrollment modes. 
+> **Microsoft Defender ATP for Android is available on [Google Play](https://play.google.com/store/apps/details?id=com.microsoft.scmx) now.** <br> You can connect to Google Play from Intune to deploy Microsoft Defender ATP app, across Device Administrator and Android Enterprise entrollment modes. 
 
 ## How to Configure Microsoft Defender ATP for Android
 

From f97d9bbbe2a3e44edcfebf742a7ae894dc0a4043 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Fri, 4 Sep 2020 12:51:06 -0700
Subject: [PATCH 55/66] remove link

---
 windows/security/threat-protection/TOC.md | 2 --
 1 file changed, 2 deletions(-)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index bc59850154..6d6ef97e8c 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -430,8 +430,6 @@
 #### [General]()
 ##### [Verify data storage location and  update data retention settings](microsoft-defender-atp/data-retention-settings.md)
 ##### [Configure alert notifications](microsoft-defender-atp/configure-email-notifications.md)
-##### [Enable and create Power BI reports using Windows Defender Security center data](microsoft-defender-atp/powerbi-reports.md)
-##### [Enable Secure score security controls](microsoft-defender-atp/enable-secure-score.md)
 ##### [Configure advanced features](microsoft-defender-atp/advanced-features.md)
 
 #### [Permissions]()

From f679b49b3eeb46344762658897c6e7947b46f2cc Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 4 Sep 2020 12:54:54 -0700
Subject: [PATCH 56/66] edits per feedback

---
 .../mcafee-to-microsoft-defender-prepare.md        | 14 +++++++++++---
 .../mcafee-to-microsoft-defender-setup.md          |  5 +++++
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
index f43d565825..716095abe1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
@@ -31,14 +31,18 @@ ms.reviewer: jesquive, chventou, jonix, chriggs, owtho
 **Welcome to the Prepare phase of [migrating from McAfee Endpoint Security (McAfee) to Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](mcafee-to-microsoft-defender-migration.md#the-migration-process)**. 
 
 This migration phase includes the following steps:
-1. [Make sure your McAfee solution is up to date](#make-sure-your-mcafee-solution-is-up-to-date)
+1. [Get and deploy updates across your organization's devices](#get-and-deploy-updates-across-your-organizations-devices)
 2. [Get Microsoft Defender ATP](#get-microsoft-defender-atp).
 3. [Grant access to the Microsoft Defender Security Center](#grant-access-to-the-microsoft-defender-security-center).
 4. [Configure device proxy and internet connectivity settings](#configure-device-proxy-and-internet-connectivity-settings).
 
-## Make sure your McAfee solution is up to date
+## Get and deploy updates across your organization's devices
 
-Before you begin to prepare for Microsoft Defender ATP and Microsoft Defender Antivirus, make sure McAfee Endpoint Security (McAfee) is up to date. Make sure your organization's devices have the latest security updates. Need help? Here are a few McAfee resources:
+As a best practice, keep your organization's devices and endpoints up to date. Make sure your McAfee Endpoint Security (McAfee) solution is up to date, and that the operating systems and apps your organization is also have the latest updates. Doing this now can help prevent problems later as you migrate to Microsoft Defender ATP and Microsoft Defender Antivirus.
+
+### Make sure your McAfee solution is up to date
+
+Keep McAfee up to date, and make sure that your organization's devices have the latest security updates. Need help? Here are some McAfee resources:
 
 - [McAfee Enterprise Product Documentation: How Endpoint Security Works](https://docs.mcafee.com/bundle/endpoint-security-10.7.x-common-product-guide-windows/page/GUID-1207FF39-D1D2-481F-BBD9-E4079112A8DD.html)
 
@@ -46,6 +50,10 @@ Before you begin to prepare for Microsoft Defender ATP and Microsoft Defender An
 
 - [McAfee Knowledge Center Technical Article: Windows Security Center reports Endpoint Security is disabled when Endpoint Security is running](https://kc.mcafee.com/corporate/index?page=content&id=KB91428)
 
+- Your McAfee support ServicePortal ([http://mysupport.mcafee.com](http://mysupport.mcafee.com))
+
+### Make sure your organization's devices are up to date
+
 ## Get Microsoft Defender ATP
 
 To get started, you must have Microsoft Defender ATP, with licenses assigned and provisioned.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
index 5ade8249ed..41b1659ef0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
@@ -81,10 +81,13 @@ Proceed to the next task (reinstalling Microsoft Defender Antivirus).
 1. As a local administrator on the endpoint or device, open Windows PowerShell.
 
 2. Run the following PowerShell cmdlets: <br/>
+   
    `Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender-Features` <br/>
+   
    `Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender` <br/>
 
 3. To verify Microsoft Defender Antivirus is running, use the following PowerShell cmdlet: <br/>
+   
    `Get-Service -Name windefend`
 
 > [!TIP]
@@ -98,7 +101,9 @@ Because your organization is still using McAfee, you must set Microsoft Defender
    `Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Windows Advanced Threat Protection`.
 
 2. Edit (or create) a DWORD entry called **ForceDefenderPassiveMode**, and specify the following settings:
+   
    - Set the DWORD's value to **1**.
+   
    - Under **Base**, select **Hexadecimal**.
 
 > [!NOTE]

From 0ae12656506b94c43c8d88309b5d4054560fe5e7 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 4 Sep 2020 13:05:36 -0700
Subject: [PATCH 57/66] Update mcafee-to-microsoft-defender-prepare.md

---
 .../mcafee-to-microsoft-defender-prepare.md        | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
index 716095abe1..86b4f89c0a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
@@ -54,9 +54,21 @@ Keep McAfee up to date, and make sure that your organization's devices have the
 
 ### Make sure your organization's devices are up to date
 
+Need help updating your organization's devices? See the following resources:
+
+- For Windows devices, see [Microsoft Update](https://www.update.microsoft.com)
+
+- For macOS devices, see [How to update the software on your Mac](https://support.apple.com/HT201541)
+
+- For iOS devices, see [Update your iPhone, iPad, or iPod touch](https://support.apple.com/HT204204)
+
+- For Android devices, see [Check & update your Android version](https://support.google.com/android/answer/7680439)
+
+- For Linux devices, see [Linux 101: Updating Your System](https://www.linux.com/training-tutorials/linux-101-updating-your-system)
+
 ## Get Microsoft Defender ATP
 
-To get started, you must have Microsoft Defender ATP, with licenses assigned and provisioned.
+Now that you've updated your organization's devices, the next step is to get Microsoft Defender ATP, assign licenses, and make sure the service is provisioned.
 
 1. Buy or try Microsoft Defender ATP today. [Visit Microsoft Defender ATP to start a free trial or request a quote](https://aka.ms/mdatp). 
 

From 23385b3042b66cca0d1db33ff038b196952c25f3 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 4 Sep 2020 13:08:10 -0700
Subject: [PATCH 58/66] Update mcafee-to-microsoft-defender-setup.md

---
 .../mcafee-to-microsoft-defender-setup.md                       | 2 --
 1 file changed, 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
index 41b1659ef0..22e033ff1e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
@@ -68,8 +68,6 @@ The [DisableAntiSpyware](https://docs.microsoft.com/windows-hardware/customize/d
 > [!TIP]
 > To learn more about this registry key, see [DisableAntiSpyware](https://docs.microsoft.com/windows-hardware/customize/desktop/unattend/security-malware-windows-defender-disableantispyware).
 
-Proceed to the next task (reinstalling Microsoft Defender Antivirus).
-
 ### Reinstall Microsoft Defender Antivirus on Windows Server
 
 > [!NOTE]

From 69dd5a33cb8b9d87cf6337525f48865a375433d4 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 4 Sep 2020 13:10:31 -0700
Subject: [PATCH 59/66] Update mcafee-to-microsoft-defender-prepare.md

---
 .../mcafee-to-microsoft-defender-prepare.md      | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
index 86b4f89c0a..f0d4ddd065 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md
@@ -56,15 +56,13 @@ Keep McAfee up to date, and make sure that your organization's devices have the
 
 Need help updating your organization's devices? See the following resources:
 
-- For Windows devices, see [Microsoft Update](https://www.update.microsoft.com)
-
-- For macOS devices, see [How to update the software on your Mac](https://support.apple.com/HT201541)
-
-- For iOS devices, see [Update your iPhone, iPad, or iPod touch](https://support.apple.com/HT204204)
-
-- For Android devices, see [Check & update your Android version](https://support.google.com/android/answer/7680439)
-
-- For Linux devices, see [Linux 101: Updating Your System](https://www.linux.com/training-tutorials/linux-101-updating-your-system)
+|OS | Resource |
+|:--|:--|
+|Windows |[Microsoft Update](https://www.update.microsoft.com) |
+|macOS | [How to update the software on your Mac](https://support.apple.com/HT201541)|
+|iOS |[Update your iPhone, iPad, or iPod touch](https://support.apple.com/HT204204)|
+|Android |[Check & update your Android version](https://support.google.com/android/answer/7680439) |
+|Linux | [Linux 101: Updating Your System](https://www.linux.com/training-tutorials/linux-101-updating-your-system) |
 
 ## Get Microsoft Defender ATP
 

From 932ed435a4812e886078c3bc90a724345a12e7e8 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 4 Sep 2020 13:11:37 -0700
Subject: [PATCH 60/66] Update mcafee-to-microsoft-defender-setup.md

---
 .../mcafee-to-microsoft-defender-setup.md                       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
index 22e033ff1e..e2a9c56a95 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md
@@ -118,7 +118,7 @@ To enable Microsoft Defender Antivirus, we recommend using Intune. However, you
 
 |Method  |What to do  |
 |---------|---------|
-|[Intune](https://docs.microsoft.com/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager) <br/><br/>**NOTE**: Intune is now Microsoft Endpoint Manager. |1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and sign in.<br/><br/>2. Select **Devices** > **Configuration profiles**, and then select the profile type you want to configure. If you haven't yet created a **Device restrictions** profile type, or if you want to create a new one, see [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure).<br/><br/>3. Select **Properties**, and then select **Configuration settings: Edit**.<br/><br/>4. Expand **Microsoft Defender Antivirus**. <br/><br/>5. Enable **Cloud-delivered protection**.<br/><br/>6. In the **Prompt users before sample submission** dropdown, select **Send all samples automatically**.<br/><br/>7. In the **Detect potentially unwanted applications** dropdown, select **Enable** or **Audit**.<br/><br/>8. Select **Review + save**, and then choose **Save**.<br/><br/>For more information about Intune device profiles, including how to create and configure their settings, see [What are Microsoft Intune device profiles?](https://docs.microsoft.com/intune/device-profiles).|
+|[Intune](https://docs.microsoft.com/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager) <br/><br/>**NOTE**: Intune is now Microsoft Endpoint Manager. |1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and sign in.<br/><br/>2. Select **Devices** > **Configuration profiles**, and then select the profile type you want to configure. <br/>If you haven't yet created a **Device restrictions** profile type, or if you want to create a new one, see [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure).<br/><br/>3. Select **Properties**, and then select **Configuration settings: Edit**.<br/><br/>4. Expand **Microsoft Defender Antivirus**. <br/><br/>5. Enable **Cloud-delivered protection**.<br/><br/>6. In the **Prompt users before sample submission** dropdown, select **Send all samples automatically**.<br/><br/>7. In the **Detect potentially unwanted applications** dropdown, select **Enable** or **Audit**.<br/><br/>8. Select **Review + save**, and then choose **Save**.<br/><br/>For more information about Intune device profiles, including how to create and configure their settings, see [What are Microsoft Intune device profiles?](https://docs.microsoft.com/intune/device-profiles).|
 |Control Panel in Windows     |Follow the guidance here: [Turn on Microsoft Defender Antivirus](https://docs.microsoft.com/mem/intune/user-help/turn-on-defender-windows). <br/><br/>**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.        |
 |[Advanced Group Policy Management](https://docs.microsoft.com/microsoft-desktop-optimization-pack/agpm/) <br/>or<br/>[Group Policy Management Console](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus)  |1. Go to `Computer configuration > Administrative templates > Windows components > Microsoft Defender Antivirus`. <br/><br/>2. Look for a policy called **Turn off Microsoft Defender Antivirus**.<br/> <br/>3. Choose **Edit policy setting**, and make sure that policy is disabled. This enables Microsoft Defender Antivirus. <br/><br/>**NOTE**: You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows. |
 

From b6117c465560023c16da9cd693ce01cd1d439ea7 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Fri, 4 Sep 2020 13:11:45 -0700
Subject: [PATCH 61/66] Indented a note in a list item

---
 .../threat-protection/microsoft-defender-atp/mac-whatsnew.md  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
index ffcf78a69f..869b785877 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
@@ -42,8 +42,8 @@ ms.topic: conceptual
 
 - Added new fields to the output of `mdatp --health` for checking the status of passive mode and the EDR group ID
 
-> [!NOTE]
-> `mdatp --health` will be replaced with `mdatp health` in a future product update.
+  > [!NOTE]
+  > `mdatp --health` will be replaced with `mdatp health` in a future product update.
 
 - Fixed a bug where automatic sample submission was not marked as managed in the user interface
 - Added new settings for controlling the retention of items in the antivirus scan history. You can now [specify the number of days to retain items in the scan history](mac-preferences.md#antivirus-scan-history-retention-in-days) and [specify the maximum number of items in the scan history](mac-preferences.md#maximum-number-of-items-in-the-antivirus-scan-history)

From df8596c737eecab000c061dbfec730e43bac7880 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 4 Sep 2020 13:17:49 -0700
Subject: [PATCH 62/66] Update mcafee-to-microsoft-defender-migration.md

---
 .../mcafee-to-microsoft-defender-migration.md               | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md
index 2021fb1a37..8373f178e1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md
@@ -32,9 +32,9 @@ When you switch from McAfee to Microsoft Defender ATP, you follow a process that
 
 |Phase |Description |
 |--|--|
-|[![Phase 1: Prepare](images/prepare.png)](mcafee-to-microsoft-defender-prepare.md)<br/>[Prepare for your migration](mcafee-to-microsoft-defender-prepare.md) |During the **Prepare** phase, you get Microsoft Defender ATP, plan your roles and permissions, and grant access to the Microsoft Defender Security Center. You also configure your device proxy and internet settings to enable communication between your organization's devices and Microsoft Defender ATP. |
-|[![Phase 2: Set up](images/setup.png)](mcafee-to-microsoft-defender-setup.md)<br/>[Set up Microsoft Defender ATP](mcafee-to-microsoft-defender-setup.md) |During the **Setup** phase, you configure settings and exclusions for Microsoft Defender Antivirus, Microsoft Defender ATP, and McAfee. You also create device groups, collections, and organizational units. Finally, you configure your antimalware policies and real-time protection settings.|
-|[![Phase 3: Onboard](images/onboard.png)](mcafee-to-microsoft-defender-onboard.md)<br/>[Onboard to Microsoft Defender ATP](mcafee-to-microsoft-defender-onboard.md) |During the **Onboard** phase, you onboard your devices to Microsoft Defender ATP and verify that those devices are communicating with Microsoft Defender ATP. Last, you uninstall McAfee and make sure protection through Microsoft Defender ATP is in active mode. |
+|[![Phase 1: Prepare](images/prepare.png)](mcafee-to-microsoft-defender-prepare.md)<br/>[Prepare for your migration](mcafee-to-microsoft-defender-prepare.md) |During the **Prepare** phase, you update your organization's devices, get Microsoft Defender ATP, plan your roles and permissions, and grant access to the Microsoft Defender Security Center. You also configure your device proxy and internet settings to enable communication between your organization's devices and Microsoft Defender ATP. |
+|[![Phase 2: Set up](images/setup.png)](mcafee-to-microsoft-defender-setup.md)<br/>[Set up Microsoft Defender ATP](mcafee-to-microsoft-defender-setup.md) |During the **Setup** phase, you enable Microsoft Defender Antivirus and make sure it's in passive mode, and you configure settings & exclusions for Microsoft Defender Antivirus, Microsoft Defender ATP, and McAfee. You also create device groups, collections, and organizational units. Finally, you configure your antimalware policies and real-time protection settings.|
+|[![Phase 3: Onboard](images/onboard.png)](mcafee-to-microsoft-defender-onboard.md)<br/>[Onboard to Microsoft Defender ATP](mcafee-to-microsoft-defender-onboard.md) |During the **Onboard** phase, you onboard your devices to Microsoft Defender ATP and verify that those devices are communicating with Microsoft Defender ATP. Last, you uninstall McAfee and make sure that protection through Microsoft Defender Antivirus & Microsoft Defender ATP is in active mode. |
 
 ## What's included in Microsoft Defender ATP?
 

From 70b60c61414164c3aaee0c1d892ed9e16b0462f0 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 4 Sep 2020 13:20:23 -0700
Subject: [PATCH 63/66] Update mcafee-to-microsoft-defender-migration.md

---
 .../mcafee-to-microsoft-defender-migration.md               | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md
index 8373f178e1..0ac22e7713 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md
@@ -32,9 +32,9 @@ When you switch from McAfee to Microsoft Defender ATP, you follow a process that
 
 |Phase |Description |
 |--|--|
-|[![Phase 1: Prepare](images/prepare.png)](mcafee-to-microsoft-defender-prepare.md)<br/>[Prepare for your migration](mcafee-to-microsoft-defender-prepare.md) |During the **Prepare** phase, you update your organization's devices, get Microsoft Defender ATP, plan your roles and permissions, and grant access to the Microsoft Defender Security Center. You also configure your device proxy and internet settings to enable communication between your organization's devices and Microsoft Defender ATP. |
-|[![Phase 2: Set up](images/setup.png)](mcafee-to-microsoft-defender-setup.md)<br/>[Set up Microsoft Defender ATP](mcafee-to-microsoft-defender-setup.md) |During the **Setup** phase, you enable Microsoft Defender Antivirus and make sure it's in passive mode, and you configure settings & exclusions for Microsoft Defender Antivirus, Microsoft Defender ATP, and McAfee. You also create device groups, collections, and organizational units. Finally, you configure your antimalware policies and real-time protection settings.|
-|[![Phase 3: Onboard](images/onboard.png)](mcafee-to-microsoft-defender-onboard.md)<br/>[Onboard to Microsoft Defender ATP](mcafee-to-microsoft-defender-onboard.md) |During the **Onboard** phase, you onboard your devices to Microsoft Defender ATP and verify that those devices are communicating with Microsoft Defender ATP. Last, you uninstall McAfee and make sure that protection through Microsoft Defender Antivirus & Microsoft Defender ATP is in active mode. |
+|[![Phase 1: Prepare](images/prepare.png)](mcafee-to-microsoft-defender-prepare.md)<br/>[Prepare for your migration](mcafee-to-microsoft-defender-prepare.md) |During [the **Prepare** phase](mcafee-to-microsoft-defender-prepare.md), you update your organization's devices, get Microsoft Defender ATP, plan your roles and permissions, and grant access to the Microsoft Defender Security Center. You also configure your device proxy and internet settings to enable communication between your organization's devices and Microsoft Defender ATP. |
+|[![Phase 2: Set up](images/setup.png)](mcafee-to-microsoft-defender-setup.md)<br/>[Set up Microsoft Defender ATP](mcafee-to-microsoft-defender-setup.md) |During [the **Setup** phase](mcafee-to-microsoft-defender-setup.md), you enable Microsoft Defender Antivirus and make sure it's in passive mode, and you configure settings & exclusions for Microsoft Defender Antivirus, Microsoft Defender ATP, and McAfee. You also create device groups, collections, and organizational units. Finally, you configure your antimalware policies and real-time protection settings.|
+|[![Phase 3: Onboard](images/onboard.png)](mcafee-to-microsoft-defender-onboard.md)<br/>[Onboard to Microsoft Defender ATP](mcafee-to-microsoft-defender-onboard.md) |During [the **Onboard** phase](mcafee-to-microsoft-defender-onboard.md), you onboard your devices to Microsoft Defender ATP and verify that those devices are communicating with Microsoft Defender ATP. Last, you uninstall McAfee and make sure that protection through Microsoft Defender Antivirus & Microsoft Defender ATP is in active mode. |
 
 ## What's included in Microsoft Defender ATP?
 

From 6d674b0f77f3999578937210122426b900f75844 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Fri, 4 Sep 2020 13:57:30 -0700
Subject: [PATCH 64/66] fix links

---
 windows/security/threat-protection/index.md                    | 2 +-
 .../microsoft-defender-atp/configure-email-notifications.md    | 1 -
 .../microsoft-defender-atp/data-retention-settings.md          | 1 -
 .../microsoft-defender-atp/preview-settings.md                 | 3 +--
 .../threat-protection/microsoft-defender-atp/preview.md        | 2 --
 5 files changed, 2 insertions(+), 7 deletions(-)

diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md
index 279b1a69a3..b4f683756c 100644
--- a/windows/security/threat-protection/index.md
+++ b/windows/security/threat-protection/index.md
@@ -135,7 +135,7 @@ Integrate Microsoft Defender Advanced Threat Protection into your existing workf
 - [API and SIEM integration](microsoft-defender-atp/configure-siem.md)
 - [Exposed APIs](microsoft-defender-atp/apis-intro.md)
 - [Role-based access control (RBAC)](microsoft-defender-atp/rbac.md)
-- [Reporting and trends](microsoft-defender-atp/powerbi-reports.md)
+- [Reporting and trends](microsoft-defender-atp/threat-protection-reports.md)
 
 <a name="integration"></a>
 **[Integration with Microsoft solutions](microsoft-defender-atp/threat-protection-integration.md)** <br>
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications.md b/windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications.md
index e605898b2f..893c9a3eaa 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications.md
@@ -95,5 +95,4 @@ This section lists various issues that you may encounter when using email notifi
 
 ## Related topics
 - [Update data retention settings](data-retention-settings.md)
-- [Enable and create Power BI reports using Microsoft Defender ATP data](powerbi-reports.md)
 - [Configure advanced features](advanced-features.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/data-retention-settings.md b/windows/security/threat-protection/microsoft-defender-atp/data-retention-settings.md
index 9cc9cb48ba..861f8c6cd2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/data-retention-settings.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/data-retention-settings.md
@@ -50,5 +50,4 @@ You can verify the data location by navigating to **Settings** > **Data retentio
 ## Related topics
 - [Update data retention settings](data-retention-settings.md)
 - [Configure alert notifications in Microsoft Defender ATP](configure-email-notifications.md)
-- [Enable and create Power BI reports using Microsoft Defender ATP data](powerbi-reports.md)
 - [Configure advanced features](advanced-features.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/preview-settings.md b/windows/security/threat-protection/microsoft-defender-atp/preview-settings.md
index 5aef332edd..eab6ea72ec 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/preview-settings.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/preview-settings.md
@@ -37,5 +37,4 @@ Turn on the preview experience setting to be among the first to try upcoming fea
 - [Turn on advanced features in Microsoft Defender ATP](advanced-features.md)
 - [Configure email notifications in Microsoft Defender ATP](configure-email-notifications.md)
 - [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md)
-- [Enable the custom threat intelligence API in Microsoft Defender ATP](enable-custom-ti.md)
-- [Create and build Power BI reports](powerbi-reports.md)
+
diff --git a/windows/security/threat-protection/microsoft-defender-atp/preview.md b/windows/security/threat-protection/microsoft-defender-atp/preview.md
index 2586120da8..1963e74ca8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/preview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/preview.md
@@ -70,8 +70,6 @@ Information protection is an integral part of Microsoft 365 Enterprise suite, pr
 
 - [Onboard Windows Server 2019](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints#windows-server-version-1803-and-windows-server-2019) <BR> Microsoft Defender ATP now adds support for Windows Server 2019. You'll be able to onboard Windows Server 2019 in the same method available for Windows 10 client devices.
 
-- [Power BI reports using Microsoft Defender ATP data](powerbi-reports.md) <br>
-Microsoft Defender ATP makes it easy to create a Power BI dashboard by providing an option straight from the portal.
 
 > [!TIP] 
 > Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-preview-belowfoldlink)  

From e657f680f6b35b2fb40bb0248cf6bf4150d87565 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 4 Sep 2020 14:18:48 -0700
Subject: [PATCH 65/66] Update mcafee-to-microsoft-defender-migration.md

---
 .../mcafee-to-microsoft-defender-migration.md                   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md
index 0ac22e7713..d5419822d8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-migration.md
@@ -42,7 +42,7 @@ In this migration guide, we focus on [next-generation protection](https://docs.m
 
 | Feature/Capability | Description |
 |---|---|
-| [Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) | Threat & Vulnerability Management capabilities helps identify, assess, and remediate weaknesses across your endpoints (such as devices). |
+| [Threat & vulnerability management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) | Threat & vulnerability management capabilities help identify, assess, and remediate weaknesses across your endpoints (such as devices). |
 | [Attack surface reduction](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction) | Attack surface reduction rules help protect your organization's devices and applications from cyberthreats and attacks. |
 | [Next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) | Next-generation protection includes Microsoft Defender Antivirus to help block threats and malware. |
 | [Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) | Endpoint detection and response capabilities detect, investigate, and respond to intrusion attempts and active breaches.  |

From e7d912f4f4880f035452eba1470d3cc988558725 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Fri, 4 Sep 2020 14:35:35 -0700
Subject: [PATCH 66/66] fix link

---
 .../microsoft-defender-atp/advanced-features.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md
index d5802d8faf..96506eaa8d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md
@@ -198,4 +198,4 @@ After configuring the [Security policy violation indicators](https://docs.micros
 
 - [Update data retention settings](data-retention-settings.md)
 - [Configure alert notifications](configure-email-notifications.md)
-- [Enable and create Power BI reports using Microsoft Defender ATP data](powerbi-reports.md)
+