From a0fdcac5c16cd3d1add557261f9bf677b74334cb Mon Sep 17 00:00:00 2001
From: Kurt Sarens <56369685+kurtsarens@users.noreply.github.com>
Date: Tue, 23 Jun 2020 15:59:05 -0700
Subject: [PATCH 01/14] Update collect-diagnostic-data.md

adding ref to KB for identifying Defender client version
---
 .../windows-defender-antivirus/collect-diagnostic-data.md       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data.md b/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data.md
index 195c50060b..d02d11ab90 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data.md
@@ -38,7 +38,7 @@ On at least two devices that are experiencing the same issue, obtain the .cab di
 2. Navigate to the Microsoft Defender directory. By default, this is `C:\Program Files\Windows Defender`.
 
 > [!NOTE]
-> If you're running an updated Microsoft Defender Platform version, please run `MpCmdRun` from the following location: `C:\ProgramData\Microsoft\Windows Defender\Platform\<version>`.
+> If you're running an [updated Microsoft Defender Platform version](https://support.microsoft.com/help/4052623/update-for-microsoft-defender-antimalware-platform), please run `MpCmdRun` from the following location: `C:\ProgramData\Microsoft\Windows Defender\Platform\<version>`.
 
 3. Type the following command, and then press **Enter**  
 

From 46a86854483a2bafc2ed47bc33ec432271abf0d1 Mon Sep 17 00:00:00 2001
From: Tudor Dobrila <tudor.dobrila@microsoft.com>
Date: Fri, 26 Jun 2020 15:25:53 -0700
Subject: [PATCH 02/14] Add more info on command-line tool and a known issue

---
 .../microsoft-defender-atp/linux-resources.md | 59 +++++++++++++------
 1 file changed, 40 insertions(+), 19 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md b/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md
index a892d04701..22e71176b4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md
@@ -69,26 +69,46 @@ There are several ways to uninstall Microsoft Defender ATP for Linux. If you are
 
 ## Configure from the command line
 
-Important tasks, such as controlling product settings and triggering on-demand scans, can be done from the command line:
+Important tasks, such as controlling product settings and triggering on-demand scans, can be done from the command line.
 
-|Group        |Scenario                                   |Command                                                                |
-|-------------|-------------------------------------------|-----------------------------------------------------------------------|
-|Configuration|Turn on/off real-time protection           |`mdatp config real_time_protection --value [enabled|disabled]`         |
-|Configuration|Turn on/off cloud protection               |`mdatp config cloud --value [enabled|disabled]`                        |
-|Configuration|Turn on/off product diagnostics            |`mdatp config cloud-diagnostic --value [enabled|disabled]`             |
-|Configuration|Turn on/off automatic sample submission    |`mdatp config cloud-automatic-sample-submission [enabled|disabled]`    |
-|Configuration|Turn on/off AV passive mode                |`mdatp config passive-mode [enabled|disabled]`                         |
-|Configuration|Turn on PUA protection                     |`mdatp threat policy set --type potentially_unwanted_application --action block` |
-|Configuration|Turn off PUA protection                    |`mdatp threat policy set --type potentially_unwanted_application --action off` |
-|Configuration|Turn on audit mode for PUA protection      |`mdatp threat policy set --type potentially_unwanted_application --action audit` |
-|Diagnostics  |Change the log level                       |`mdatp log level set --level verbose [error|warning|info|verbose]`     |
-|Diagnostics  |Generate diagnostic logs                   |`mdatp diagnostic create`                                              |
-|Health       |Check the product's health                 |`mdatp health`                                                         |
-|Protection   |Scan a path                                |`mdatp scan custom --path [path]`                                      |
-|Protection   |Do a quick scan                            |`mdatp scan quick`                                                     |
-|Protection   |Do a full scan                             |`mdatp scan full`                                                      |
-|Protection   |Cancel an ongoing on-demand scan           |`mdatp scan cancel`                                                    |
-|Protection   |Request a security intelligence update     |`mdatp definitions update`                                             |
+### Global options
+
+By default, the command-line tool outputs the result in human-readable format. In addition to this, the tool also supports outputting the result as JSON, which is useful for automation scenarios. To change the output to JSON, pass `--output json` to any of the below commands.
+
+### Supported commands
+
+The following table lists commands for some of the most common scenarios. Run `mdatp help` from the Terminal to view the full list of supported commands.
+
+|Group                 |Scenario                                                |Command                                                                |
+|----------------------|--------------------------------------------------------|-----------------------------------------------------------------------|
+|Configuration         |Turn on/off real-time protection                        |`mdatp config real-time-protection --value [enabled|disabled]`         |
+|Configuration         |Turn on/off cloud protection                            |`mdatp config cloud --value [enabled|disabled]`                        |
+|Configuration         |Turn on/off product diagnostics                         |`mdatp config cloud-diagnostic --value [enabled|disabled]`             |
+|Configuration         |Turn on/off automatic sample submission                 |`mdatp config cloud-automatic-sample-submission [enabled|disabled]`    |
+|Configuration         |Turn on/off AV passive mode                             |`mdatp config passive-mode [enabled|disabled]`                         |
+|Configuration         |Add/remove an antivirus exclusion for a file extension  |`mdatp exclusion extension [add|remove] --name <extension>`            |
+|Configuration         |Add/remove an antivirus exclusion for a file            |`mdatp exclusion file [add|remove] --path <path-to-file>`              |
+|Configuration         |Add/remove an antivirus exclusion for a directory       |`mdatp exclusion folder [add|remove] --path <path-to-directory>`       |
+|Configuration         |Add/remove an antivirus exclusion for a process         |`mdatp exclusion process [add|remove] --path <path-to-process>`<br/>`mdatp exclusion process [add|remove] --name <process-name>`   |
+|Configuration         |List all antivirus exclusions                           |`mdatp exclusion list`                                                 |
+|Configuration         |Turn on PUA protection                                  |`mdatp threat policy set --type potentially_unwanted_application --action block` |
+|Configuration         |Turn off PUA protection                                 |`mdatp threat policy set --type potentially_unwanted_application --action off` |
+|Configuration         |Turn on audit mode for PUA protection                   |`mdatp threat policy set --type potentially_unwanted_application --action audit` |
+|Diagnostics           |Change the log level                                    |`mdatp log level set --level verbose [error|warning|info|verbose]`     |
+|Diagnostics           |Generate diagnostic logs                                |`mdatp diagnostic create`                                              |
+|Health                |Check the product's health                              |`mdatp health`                                                         |
+|Protection            |Scan a path                                             |`mdatp scan custom --path [path]`                                      |
+|Protection            |Do a quick scan                                         |`mdatp scan quick`                                                     |
+|Protection            |Do a full scan                                          |`mdatp scan full`                                                      |
+|Protection            |Cancel an ongoing on-demand scan                        |`mdatp scan cancel`                                                    |
+|Protection            |Request a security intelligence update                  |`mdatp definitions update`                                             |
+|Protection history    |Print the full protection history                       |`mdatp threat list`                                                    |
+|Protection history    |Get threat details                                      |`mdatp threat get --id <threat-id>`                                    |
+|Quarantine management |List all quarantined files                              |`mdatp threat quarantine list`                                         |
+|Quarantine management |Remove all files from the quarantine                    |`mdatp threat quarantine remove-all`                                   |
+|Quarantine management |Add a file detected as a threat to the quarantine       |`mdatp threat quarantine add --id <threat-id>`                         |
+|Quarantine management |Remove a file detected as a threat from the quarantine  |`mdatp threat quarantine add --id <threat-id>`                         |
+|Quarantine management |Restore a file from the quarantine                      |`mdatp threat quarantine add --id <threat-id>`                         |
 
 ## Microsoft Defender ATP portal information
 
@@ -113,6 +133,7 @@ In the Microsoft Defender ATP portal, you'll see two categories of information:
 
 ### Known issues
 
+- You might see "No sensor data, impaired communications" in the machine information page of the Microsoft Defender Security Center portal, even though the product is working as expected. We are working on addressing this issue.
 - Logged on users do not appear in the Microsoft Defender Security Center portal.
 - In SUSE distributions, if the installation of *libatomic1* fails, you should validate that your OS is registered:
 

From fe3c03f09f9da1300334d2fc5711f52a360c59aa Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Fri, 26 Jun 2020 15:51:19 -0700
Subject: [PATCH 03/14] Update
 detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md

---
 ...k-potentially-unwanted-apps-microsoft-defender-antivirus.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
index 3345190e01..9a71bf89f4 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
@@ -25,6 +25,9 @@ manager: dansimp
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 - [Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/microsoft-edge)
 
+> [!NOTE]
+> Potentially unwanted applications (PUA) are a category of software that can cause your machine to run slowly, display unexpected ads, or at worst, install other software which might not be be unexpected or unwanted. By default in Windows 10 (version 2004 and later), Microsoft Defender Antivirus blocks apps that are considered PUA, for Enterprise (E5) devices.
+
 Potentially unwanted applications (PUA) are not considered viruses, malware, or other types of threats, but they might perform actions on endpoints which adversely affect endpoint performance or use. _PUA_ can also refer to an application that has a poor reputation, as assessed by Microsoft Defender ATP, due to certain kinds of undesirable behavior.
 
 For example:

From cc24a3b5ac8d0473ec856681ad8f85814841ed8e Mon Sep 17 00:00:00 2001
From: Max Velitchko <mavel@microsoft.com>
Date: Fri, 26 Jun 2020 22:01:31 -0700
Subject: [PATCH 04/14] com.microsoft.wdavtray => com.microsoft.wdav.tray

---
 .../microsoft-defender-atp/mac-install-with-intune.md         | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md
index 270e61656a..ff78248097 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md
@@ -51,7 +51,7 @@ The following table summarizes the steps you would need to take to deploy and ma
 | [Grant full disk access to Microsoft Defender ATP](#create-system-configuration-profiles-step-8) | MDATP_tcc_Catalina_or_newer.xml | com.microsoft.wdav.tcc |
 | [Configure Microsoft AutoUpdate (MAU)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-updates#intune) | MDATP_Microsoft_AutoUpdate.xml | com.microsoft.autoupdate2 |
 | [Microsoft Defender ATP configuration settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-preferences#intune-profile-1)<br/><br/> **Note:** If you are planning to run a 3rd party AV for macOS, set `passiveMode` to `true`. | MDATP_WDAV_and_exclusion_settings_Preferences.xml | com.microsoft.wdav |
-| [Configure Microsoft Defender ATP and MS AutoUpdate (MAU) notifications](#create-system-configuration-profiles-step-9) | MDATP_MDAV_Tray_and_AutoUpdate2.mobileconfig | com.microsoft.autoupdate2 or com.microsoft.wdavtray |
+| [Configure Microsoft Defender ATP and MS AutoUpdate (MAU) notifications](#create-system-configuration-profiles-step-9) | MDATP_MDAV_Tray_and_AutoUpdate2.mobileconfig | com.microsoft.autoupdate2 or com.microsoft.wdav.tray |
 
 ## Download installation and onboarding packages
 
@@ -245,7 +245,7 @@ You may now enroll more devices. You can also enroll them later, after you have
                <key>BadgesEnabled</key>
                <true/>
                <key>BundleIdentifier</key>
-               <string>com.microsoft.wdavtray</string>
+               <string>com.microsoft.wdav.tray</string>
                <key>CriticalAlertEnabled</key>
                <false/>
                <key>GroupingType</key>

From 84622329a5f3d0a14d01940d1b1c097675f8fea1 Mon Sep 17 00:00:00 2001
From: Max Velitchko <mavel@microsoft.com>
Date: Fri, 26 Jun 2020 22:02:39 -0700
Subject: [PATCH 05/14] Update mac-install-with-jamf.md

---
 .../microsoft-defender-atp/mac-install-with-jamf.md           | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md
index 6f844e39a0..4cb0f6f707 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md
@@ -46,7 +46,7 @@ The following table summarizes the steps you would need to take to deploy and ma
 |-|-|-|
 | [Download installation and onboarding packages](#download-installation-and-onboarding-packages) | WindowsDefenderATPOnboarding__MDATP_wdav.atp.xml | com.microsoft.wdav.atp |
 | [Microsoft Defender ATP configuration settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-preferences#property-list-for-jamf-configuration-profile-1)<br/><br/> **Note:** If you are planning to run a 3rd party AV for macOS, set `passiveMode` to `true`. | MDATP_WDAV_and_exclusion_settings_Preferences.plist | com.microsoft.wdav |
-| [Configure Microsoft Defender ATP and MS AutoUpdate (MAU) notifications](#notification-settings) | MDATP_MDAV_Tray_and_AutoUpdate2.mobileconfig | com.microsoft.wdavtray |
+| [Configure Microsoft Defender ATP and MS AutoUpdate (MAU) notifications](#notification-settings) | MDATP_MDAV_Tray_and_AutoUpdate2.mobileconfig | com.microsoft.wdav.tray |
 | [Configure Microsoft AutoUpdate (MAU)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-updates#jamf) | MDATP_Microsoft_AutoUpdate.mobileconfig | com.microsoft.autoupdate2 |
 | [Grant Full Disk Access to Microsoft Defender ATP](#privacy-preferences-policy-control) | Note: If there was one, MDATP_tcc_Catalina_or_newer.plist | com.microsoft.wdav.tcc |
 | [Approve Kernel Extension for Microsoft Defender ATP](#approved-kernel-extension) | Note: If there was one, MDATP_KExt.plist | N/A |
@@ -142,7 +142,7 @@ Starting in macOS 10.15 (Catalina) a user must manually allow to display notific
    ```xml
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-   <plist version="1.0"><dict><key>PayloadContent</key><array><dict><key>NotificationSettings</key><array><dict><key>AlertType</key><integer>2</integer><key>BadgesEnabled</key><true/><key>BundleIdentifier</key><string>com.microsoft.autoupdate2</string><key>CriticalAlertEnabled</key><false/><key>GroupingType</key><integer>0</integer><key>NotificationsEnabled</key><true/><key>ShowInLockScreen</key><false/><key>ShowInNotificationCenter</key><true/><key>SoundsEnabled</key><true/></dict><dict><key>AlertType</key><integer>2</integer><key>BadgesEnabled</key><true/><key>BundleIdentifier</key><string>com.microsoft.wdavtray</string><key>CriticalAlertEnabled</key><false/><key>GroupingType</key><integer>0</integer><key>NotificationsEnabled</key><true/><key>ShowInLockScreen</key><false/><key>ShowInNotificationCenter</key><true/><key>SoundsEnabled</key><true/></dict></array><key>PayloadDescription</key><string/><key>PayloadDisplayName</key><string>notifications</string><key>PayloadEnabled</key><true/><key>PayloadIdentifier</key><string>BB977315-E4CB-4915-90C7-8334C75A7C64</string><key>PayloadOrganization</key><string>Microsoft</string><key>PayloadType</key><string>com.apple.notificationsettings</string><key>PayloadUUID</key><string>BB977315-E4CB-4915-90C7-8334C75A7C64</string><key>PayloadVersion</key><integer>1</integer></dict></array><key>PayloadDescription</key><string/><key>PayloadDisplayName</key><string>mdatp - allow notifications</string><key>PayloadEnabled</key><true/><key>PayloadIdentifier</key><string>85F6805B-0106-4D23-9101-7F1DFD5EA6D6</string><key>PayloadOrganization</key><string>Microsoft</string><key>PayloadRemovalDisallowed</key><false/><key>PayloadScope</key><string>System</string><key>PayloadType</key><string>Configuration</string><key>PayloadUUID</key><string>85F6805B-0106-4D23-9101-7F1DFD5EA6D6</string><key>PayloadVersion</key><integer>1</integer></dict></plist>
+   <plist version="1.0"><dict><key>PayloadContent</key><array><dict><key>NotificationSettings</key><array><dict><key>AlertType</key><integer>2</integer><key>BadgesEnabled</key><true/><key>BundleIdentifier</key><string>com.microsoft.autoupdate2</string><key>CriticalAlertEnabled</key><false/><key>GroupingType</key><integer>0</integer><key>NotificationsEnabled</key><true/><key>ShowInLockScreen</key><false/><key>ShowInNotificationCenter</key><true/><key>SoundsEnabled</key><true/></dict><dict><key>AlertType</key><integer>2</integer><key>BadgesEnabled</key><true/><key>BundleIdentifier</key><string>com.microsoft.wdav.tray</string><key>CriticalAlertEnabled</key><false/><key>GroupingType</key><integer>0</integer><key>NotificationsEnabled</key><true/><key>ShowInLockScreen</key><false/><key>ShowInNotificationCenter</key><true/><key>SoundsEnabled</key><true/></dict></array><key>PayloadDescription</key><string/><key>PayloadDisplayName</key><string>notifications</string><key>PayloadEnabled</key><true/><key>PayloadIdentifier</key><string>BB977315-E4CB-4915-90C7-8334C75A7C64</string><key>PayloadOrganization</key><string>Microsoft</string><key>PayloadType</key><string>com.apple.notificationsettings</string><key>PayloadUUID</key><string>BB977315-E4CB-4915-90C7-8334C75A7C64</string><key>PayloadVersion</key><integer>1</integer></dict></array><key>PayloadDescription</key><string/><key>PayloadDisplayName</key><string>mdatp - allow notifications</string><key>PayloadEnabled</key><true/><key>PayloadIdentifier</key><string>85F6805B-0106-4D23-9101-7F1DFD5EA6D6</string><key>PayloadOrganization</key><string>Microsoft</string><key>PayloadRemovalDisallowed</key><false/><key>PayloadScope</key><string>System</string><key>PayloadType</key><string>Configuration</string><key>PayloadUUID</key><string>85F6805B-0106-4D23-9101-7F1DFD5EA6D6</string><key>PayloadVersion</key><integer>1</integer></dict></plist>
    ```
 
 ### Package

From dcf524da76a9c22891db14952f6b7417ffe2cd0b Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Mon, 29 Jun 2020 11:25:03 -0700
Subject: [PATCH 06/14] Update
 detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md

---
 ...ck-potentially-unwanted-apps-microsoft-defender-antivirus.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
index 9a71bf89f4..40994831c4 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
@@ -13,7 +13,7 @@ author: denisebmsft
 ms.author: deniseb
 ms.custom: nextgen
 audience: ITPro
-ms.date: 02/12/2020
+ms.date:
 ms.reviewer: 
 manager: dansimp
 ---

From eea81685097ac4620e02b33300390ceb5d89f14a Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 29 Jun 2020 14:03:16 -0700
Subject: [PATCH 07/14] Update mdm-enrollment-of-windows-devices.md

---
 .../client-management/mdm/mdm-enrollment-of-windows-devices.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
index bb5e6e271f..8c71b2b60a 100644
--- a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
+++ b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
@@ -17,7 +17,6 @@ ms.date: 11/15/2017
 
 # MDM enrollment of Windows 10-based devices
 
-
 In today’s cloud-first world, enterprise IT departments increasingly want to let employees use their own devices, or even choose and purchase corporate-owned devices. Connecting your devices to work makes it easy for you to access your organization’s resources, such as apps, the corporate network, and email.
 
 > [!NOTE]
@@ -233,7 +232,7 @@ To create a local account and connect the device:
 
    ![access work or school](images/unifiedenrollment-rs1-30.png)
 
-4. Select the **Enroll only in device management** link (available in servicing build 14393.82, KB3176934). For older builds, use [Connecting your Windows 10-based device to work using a deep link](#connecting-your-windows-10-based-device-to-work-using-a-deep-link).
+4. Select the **Enroll only in device management** link (available in servicing build 14393.82, KB3176934). For older builds, see [Connect your Windows 10-based device to work using a deep link](mdm-enrollment-of-windows-devices.md#connect-your-windows-10-based-device-to-work-using-a-deep-link).
 
    ![connect to work or school](images/unifiedenrollment-rs1-31.png)
 

From 256ae867cd53a191dc25fd67c9c434227700c8ee Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 29 Jun 2020 14:03:51 -0700
Subject: [PATCH 08/14] Update mdm-enrollment-of-windows-devices.md

---
 .../client-management/mdm/mdm-enrollment-of-windows-devices.md  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
index 8c71b2b60a..8d199d824e 100644
--- a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
+++ b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
@@ -259,7 +259,7 @@ To create a local account and connect the device:
 
     ![phone settings](images/unifiedenrollment-rs1-39.png)
 
-3.  Select the **Enroll only in device management** link. This is only available in the servicing build 14393.82 (KB3176934). For older builds, use [Connecting your Windows 10-based device to work using a deep link](#connecting-your-windows-10-based-device-to-work-using-a-deep-link).
+3.  Select the **Enroll only in device management** link. This is only available in the servicing build 14393.82 (KB3176934). For older builds, see [Connect your Windows 10-based device to work using a deep link](mdm-enrollment-of-windows-devices.md#connect-your-windows-10-based-device-to-work-using-a-deep-link).
 
     ![access work or school page](images/unifiedenrollment-rs1-40.png)
 

From 70952d6654fbd56f4d47c0a574e2436e6058c3a8 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 29 Jun 2020 14:11:33 -0700
Subject: [PATCH 09/14] Update new-in-windows-mdm-enrollment-management.md

---
 .../mdm/new-in-windows-mdm-enrollment-management.md             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index 2927d154d3..ab527dcd11 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -727,7 +727,7 @@ Policy, Policy/Channels, Policy/Channels/ChannelName, Policy/Channels/ChannelNam
 <li>User knows what policies, profiles, apps MDM has configured</li>
 <li>IT helpdesk can get detailed MDM diagnostic information using client tools</li>
 </ul>
-<p>For details, see <a href="mdm-enrollment-of-windows-devices.md#managing-connections" data-raw-source="[Managing connection](mdm-enrollment-of-windows-devices.md#managing-connections)">Managing connection</a> and <a href="mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs" data-raw-source="[Collecting diagnostic logs](mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs)">Collecting diagnostic logs</a></p>
+<p>For details, see <a href="mdm-enrollment-of-windows-devices.md#managing-connections" data-raw-source="[Managing connection](mdm-enrollment-of-windows-devices.md#manage-connections)">Managing connection</a> and <a href="mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs" data-raw-source="[Collecting diagnostic logs](mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs)">Collecting diagnostic logs</a></p>
 </td></tr>
 <tr class="odd">
 <td style="vertical-align:top"><a href="enroll-a-windows-10-device-automatically-using-group-policy.md" data-raw-source="[Enroll a Windows 10 device automatically using Group Policy](enroll-a-windows-10-device-automatically-using-group-policy.md)">Enroll a Windows 10 device automatically using Group Policy</a></td>

From be55be6c6b90471c09035b70caa92b11fb0f6640 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 29 Jun 2020 14:12:31 -0700
Subject: [PATCH 10/14] Update new-in-windows-mdm-enrollment-management.md

---
 .../mdm/new-in-windows-mdm-enrollment-management.md             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index ab527dcd11..f5a78504b8 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -1226,7 +1226,7 @@ Policy, Policy/Channels, Policy/Channels/ChannelName, Policy/Channels/ChannelNam
 </ul>
 </td></tr>
 <tr class="even">
-<td style="vertical-align:top"><a href="mdm-enrollment-of-windows-devices.md#connecting-your-windows-10-based-device-to-work-using-a-deep-link" data-raw-source="[Connecting your Windows 10-based device to work using a deep link](mdm-enrollment-of-windows-devices.md#connecting-your-windows-10-based-device-to-work-using-a-deep-link)">Connecting your Windows 10-based device to work using a deep link</a></td>
+<td style="vertical-align:top"><a href="mdm-enrollment-of-windows-devices.md#connect-your-windows-10-based-device-to-work-using-a-deep-link" data-raw-source="[Connecting your Windows 10-based device to work using a deep link](mdm-enrollment-of-windows-devices.md#connect-your-windows-10-based-device-to-work-using-a-deep-link)">Connect your Windows 10-based device to work using a deep link</a></td>
 <td style="vertical-align:top"><p>Added following deep link parameters to the table:</p>
 <ul>
 <li>Username</li>

From 74c3c12ef35bef6d9f8c1adc678b752302946ac6 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 29 Jun 2020 14:39:25 -0700
Subject: [PATCH 11/14] Update new-in-windows-mdm-enrollment-management.md

---
 .../mdm/new-in-windows-mdm-enrollment-management.md             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index f5a78504b8..dd10e850e0 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -2899,7 +2899,7 @@ How do I turn if off? | The service can be stopped from the "Services" console o
 <li>User knows what policies, profiles, apps MDM has configured</li>
 <li>IT helpdesk can get detailed MDM diagnostic information using client tools</li>
 </ul>
-<p>For details, see <a href="mdm-enrollment-of-windows-devices.md#managing-connections" data-raw-source="[Managing connections](mdm-enrollment-of-windows-devices.md#managing-connections)">Managing connections</a> and <a href="mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs" data-raw-source="[Collecting diagnostic logs](mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs)">Collecting diagnostic logs</a></p>
+<p>For details, see <a href="mdm-enrollment-of-windows-devices.md#manage-connections" data-raw-source="[Manage connections](mdm-enrollment-of-windows-devices.md#manage-connections)">Managing connections</a> and <a href="mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs" data-raw-source="[Collecting diagnostic logs](mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs)">Collecting diagnostic logs</a></p>
 </td></tr>
 </tbody>
 </table>

From 1fb6baaf543b529fc5d16014ee54d3c54ad259a1 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 29 Jun 2020 14:54:36 -0700
Subject: [PATCH 12/14] Update new-in-windows-mdm-enrollment-management.md

---
 .../mdm/new-in-windows-mdm-enrollment-management.md             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index dd10e850e0..eed052ba71 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -727,7 +727,7 @@ Policy, Policy/Channels, Policy/Channels/ChannelName, Policy/Channels/ChannelNam
 <li>User knows what policies, profiles, apps MDM has configured</li>
 <li>IT helpdesk can get detailed MDM diagnostic information using client tools</li>
 </ul>
-<p>For details, see <a href="mdm-enrollment-of-windows-devices.md#managing-connections" data-raw-source="[Managing connection](mdm-enrollment-of-windows-devices.md#manage-connections)">Managing connection</a> and <a href="mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs" data-raw-source="[Collecting diagnostic logs](mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs)">Collecting diagnostic logs</a></p>
+<p>For details, see <a href="mdm-enrollment-of-windows-devices.md#manage-connections" data-raw-source="[Manage connection](mdm-enrollment-of-windows-devices.md#manage-connections)">Managing connection</a> and <a href="mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs" data-raw-source="[Collecting diagnostic logs](mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs)">Collecting diagnostic logs</a></p>
 </td></tr>
 <tr class="odd">
 <td style="vertical-align:top"><a href="enroll-a-windows-10-device-automatically-using-group-policy.md" data-raw-source="[Enroll a Windows 10 device automatically using Group Policy](enroll-a-windows-10-device-automatically-using-group-policy.md)">Enroll a Windows 10 device automatically using Group Policy</a></td>

From c2d42eb946d91801242054275fc276d8035f14b8 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Mon, 29 Jun 2020 15:49:49 -0700
Subject: [PATCH 13/14] Update collect-diagnostic-data.md

---
 .../microsoft-defender-antivirus/collect-diagnostic-data.md     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data.md b/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data.md
index 990a685d98..840b26d06e 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/collect-diagnostic-data.md
@@ -12,7 +12,7 @@ ms.localizationpriority: medium
 author: denisebmsft
 ms.author: deniseb
 ms.custom: nextgen
-ms.date: 06/10/2020
+ms.date: 06/29/2020
 ms.reviewer: 
 manager: dansimp
 ---

From ff6441d6fd2ff969c5cdaed28692a5c8250c12ef Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Mon, 29 Jun 2020 15:51:05 -0700
Subject: [PATCH 14/14] Corrected broken "Warning" note...

and made a couple of other corrections.
---
 .../mdm/mdm-enrollment-of-windows-devices.md               | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
index 8d199d824e..7b8e606d40 100644
--- a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
+++ b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
@@ -324,7 +324,7 @@ To connect your devices to MDM using deep links:
 
 1.  Starting with Windows 10, version 1607, create a link to launch the built-in enrollment app using the URI **ms-device-enrollment:?mode=mdm**, and user-friendly display text, such as **Click here to connect Windows to work**:
 
-    > (Be aware that this will launch the flow equivalent to the Enroll into the device management option in Windows 10, version 1511.)
+    (Be aware that this will launch the flow equivalent to the Enroll into the device management option in Windows 10, version 1511.)
 
     - IT admins can add this link to a welcome email that users can select to enroll into MDM.
 
@@ -340,7 +340,8 @@ To connect your devices to MDM using deep links:
 
 3.  If the device finds an endpoint that only supports on-premises authentication, this page will change and ask you for your password. If the device finds an MDM endpoint that supports federated authentication, you’ll be presented with a new window that will ask you for additional authentication information. Based on IT policy, you may also be prompted to provide a second factor of authentication at this point.
 
-After you complete the flow, your device will be connected to your organization’s MDM.
+    After you complete the flow, your device will be connected to your organization's MDM.
+
     ![corporate sign in](images/deeplinkenrollment4.png)
 
 ## Manage connections
@@ -374,7 +375,7 @@ The **Disconnect** button can be found on all work connections. Generally, selec
 -   Devices that enforce the AllowManualMDMUnenrollment policy will not allow users to remove MDM enrollments. These connections must be removed by a server-initiated unenroll command.
 -   On mobile devices, you cannot disconnect from Azure AD. These connections can only be removed by wiping the device.
 
-> [!WARNING]  
+> [!WARNING]
 > Disconnecting might result in the loss of data on the device.
 
 ## Collecting diagnostic logs