Merge pull request #8755 from MicrosoftDocs/repo_sync_working_branch

Resolve syncing conflicts from repo_sync_working_branch to public

education/windows/deploy-windows-10-in-a-school-district.md

@@ -26,69 +26,106 @@ This guide shows you how to deploy the Windows 10 operating system in a school d
 
 Proper preparation is essential for a successful district deployment. To avoid common mistakes, your first step is to plan a typical district configuration. Just as with building a house, you need a blueprint for what your district and individual schools should look like when it’s finished. The second step in preparation is to learn how you will manage the users, apps, and devices in your district. Just as a builder needs to have the right tools to build a house, you need the right set of tools to deploy your district.
 
->**Note**  This guide focuses on Windows 10 deployment and management in a district. For management of other devices and operating systems in education environments, see [Manage BYOD and corporate-owned devices with MDM solutions](https://www.microsoft.com/cloud-platform/mobile-device-management).
+> [!NOTE]
+> This guide focuses on Windows 10 deployment and management in a district. For management of other devices and operating systems in education environments, see [Manage BYOD and corporate-owned devices with MDM solutions](https://www.microsoft.com/cloud-platform/mobile-device-management).
 
 ### Plan a typical district configuration
 
 As part of preparing for your district deployment, you need to plan your district configuration — the focus of this guide. Figure 1 illustrates a typical finished district configuration that you can use as a model (the blueprint in our builder analogy) for the finished state.
 
-![Typical district configuration for this guide](images/edu-districtdeploy-fig1.png "Typical district configuration for this guide")
+> [!div class="mx-imgBorder"]
+> ![Typical district configuration for this guide](images/edu-districtdeploy-fig1.png "Typical district configuration for this guide")
 
 *Figure 1. Typical district configuration for this guide*
 
 A *district* consists of multiple schools, typically at different physical locations. Figure 2 illustrates a typical school configuration within the district that this guide uses.
 
-![Typical school configuration for this guide](images/edu-districtdeploy-fig2.png "Typical school configuration for this guide")
+> [!div class="mx-imgBorder"]
+> ![Typical school configuration for this guide](images/edu-districtdeploy-fig2.png "Typical school configuration for this guide")
 
 *Figure 2. Typical school configuration for this guide*
 
 Finally, each school consists of multiple classrooms. Figure 3 shows the classroom configuration this guide uses.
 
-![Typical classroom configuration in a school](images/edu-districtdeploy-fig3.png "Typical classroom configuration in a school")
+> [!div class="mx-imgBorder"]
+> ![Typical classroom configuration in a school](images/edu-districtdeploy-fig3.png "Typical classroom configuration in a school")
 
 *Figure 3. Typical classroom configuration in a school*
 
 This district configuration has the following characteristics:
 
 * It contains one or more admin devices.
+
 * It contains two or more schools.
+
 * Each school contains two or more classrooms.
+
 * Each classroom contains one teacher device.
+
 * The classrooms connect to each other through multiple subnets.
+
 * All devices in each classroom connect to a single subnet.
+
 * All devices have high-speed, persistent connections to each other and to the Internet.
+
 * All teachers and students have access to Microsoft Store or Microsoft Store for Business.
+
 * You install a 64-bit version of Windows 10 on the admin device.
+
 * You install the Windows Assessment and Deployment Kit (Windows ADK) on the admin device.
+
 * You install the 64-bit version of the Microsoft Deployment Toolkit (MDT) 2013 Update 2 on the admin device.
-  >**Note**  In this guide, all references to MDT refer to the 64-bit version of MDT 2013 Update 2.
+
+  > [!NOTE]
+  > In this guide, all references to MDT refer to the 64-bit version of MDT 2013 Update 2.
+  
 * The devices use Azure AD in Office 365 Education for identity management.
+
 * If you have on-premises AD DS, you can [integrate Azure AD with on-premises AD DS](https://azure.microsoft.com/documentation/articles/active-directory-aadconnect/).
+
 * Use [Intune](https://docs.microsoft.com/intune/), [Mobile Device Management for Office 365](https://support.office.com/en-us/article/Set-up-Mobile-Device-Management-MDM-in-Office-365-dd892318-bc44-4eb1-af00-9db5430be3cd?ui=en-US&rs=en-US&ad=US), or [Group Policy in AD DS](https://technet.microsoft.com/library/cc725828.aspx) to manage devices.
+
 * Each device supports a one-student-per-device or multiple-students-per-device scenario.
+
 * The devices can be a mixture of different make, model, and processor architecture (32-bit or 64-bit) or be identical.
+
 * To initiate Windows 10 deployment, use a USB flash drive, DVD-ROM or CD-ROM, or Pre-Boot Execution Environment (PXE) boot.
+
 * The devices can be a mixture of different Windows 10 editions, such as Windows 10 Pro, Windows 10 Enterprise, or Windows 10 Education.
 
 Use these characteristics at a minimum as you deploy your schools. If your district deployment is less complex, you may want to review the guidance in [Deploy Windows 10 in a school](https://technet.microsoft.com/edu/windows/deploy-windows-10-in-a-school).
 
->**Note**  This guide focuses on Intune as the mobile device management (MDM) solution. If you want to use an MDM solution other than Intune, ignore the Intune-specific content in this guide. For each section, contact your MDM provider to determine the features and management capabilities for your institution.
+> [!NOTE]
+> This guide focuses on Intune as the mobile device management (MDM) solution. If you want to use an MDM solution other than Intune, ignore the Intune-specific content in this guide. For each section, contact your MDM provider to determine the features and management capabilities for your institution.
 
 Office 365 Education allows:
 
 * Students and faculty to use Microsoft Office to create and edit Microsoft Word, OneNote, PowerPoint, and Excel documents in a browser.
+
 * Teachers to use the [OneNote Class Notebook app](https://www.onenote.com/classnotebook) to share content and collaborate with students.
+
 * Faculty to use the [OneNote Staff Notebooks app](https://www.onenote.com/staffnotebookedu) to collaborate with other teachers, the administration, and faculty.
+
 * Teachers to employ Sway to create interactive educational digital storytelling.
+
 * Students and faculty to use email and calendars, with mailboxes up to 50 GB per user.
+
 * Faculty to use advanced email features like email archiving and legal hold capabilities.
+
 * Faculty to help prevent unauthorized users from accessing documents and email by using Microsoft Azure Rights Management.
+
 * Faculty to use advanced compliance tools on the unified eDiscovery pages in the Office 365 Compliance Center.
+
 * Faculty to host online classes, parent–teacher conferences, and other collaboration in Skype for Business.
+
 * Students and faculty to access up to 1 TB of personal cloud storage that users inside and outside the educational institution can share through OneDrive for Business.
+
 * Teachers to provide collaboration in the classroom through Microsoft SharePoint Online team sites.
+
 * Students and faculty to use Office 365 Video to manage videos.
+
 * Students and faculty to use Yammer to collaborate through private social networking.
+
 * Students and faculty to access classroom resources from anywhere on any device (including Windows 10 Mobile, iOS, and Android devices).
 
 For more information about Office 365 Education features and an FAQ, go to [Office 365 Education plans and pricing](https://products.office.com/en-us/academic).
@@ -105,7 +142,7 @@ This guide focuses on LTI deployments to deploy the reference device. You can us
 
 MDT includes the Deployment Workbench, a console from which you can manage the deployment of Windows 10 and your apps. You configure the deployment process in the Deployment Workbench, including the management of operating systems, device drivers, apps, and migration of user settings on existing devices.
 
-LTI performs deployment from a *deployment share* — a network-shared folder on the device on which you installed MDT. You can perform over-the-network deployments from the deployment share or perform deployments from a local copy of the deployment share on a USB drive or DVD. You will learn more about MDT in the [Prepare the admin device](#prepare-the-admin-device) section.
+LTI performs deployment from a *deployment share* — a network-shared folder on the device on which you installed MDT. You can perform over-the-network deployments from the deployment share or perform deployments from a local copy of the deployment share on a USB drive or DVD. You will learn more about MDT in [Prepare the admin device](#prepare-the-admin-device), earlier in this article.
 
 The focus of MDT is deployment, so you also need tools that help you manage your Windows 10 devices and apps. You can manage Windows 10 devices and apps with Intune, the Compliance Management feature in Office 365, or Group Policy in AD DS. You can use any combination of these tools based on your school requirements.
 
@@ -114,9 +151,13 @@ ZTI performs fully automated deployments using Configuration Manager and MDT. Al
 The configuration process requires the following devices:
 
 * **Admin device.** This is the device you use for your day-to-day job functions. It’s also the one you use to create and manage the Windows 10 and app deployment process. You install the Windows ADK, MDT, and the Configuration Manager Console on this device.
+
 * **Reference devices.** These are the devices that you will use as a template for the faculty and student devices. You install Windows 10 and Windows desktop apps on these devices, and then capture an image (.wim file) of the devices.
+
   You will have a reference device for each type of device in your district. For example, if your district has Surface, HP Stream, Dell Inspiron, and Lenovo Yoga devices, then you would have a reference device for each model. For more information about approved Windows 10 devices, see [Explore devices](https://www.microsoft.com/windows/view-all).
+  
 * **Faculty and staff devices.** These are the devices that the teachers, faculty, and staff use for their day-to-day job functions. You use the admin device to deploy (or upgrade) Windows 10 and apps to these devices.
+
 * **Student devices.** The students will use these devices. You will use the admin device deploy (or upgrade) Windows 10 and apps to them.
 
 The high-level process for deploying and configuring devices within individual classrooms, individual schools, and the district as a whole is as follows and illustrated in Figure 4:
@@ -139,7 +180,8 @@ The high-level process for deploying and configuring devices within individual c
 
 9. On the admin device, manage the Windows 10 devices and apps, the Office 365 subscription, and the AD DS–Azure AD integration.
 
-![How district configuration works](images/edu-districtdeploy-fig4.png "How district configuration works")
+> [!div class="mx-imgBorder"]
+> ![How district configuration works](images/edu-districtdeploy-fig4.png "How district configuration works")
 
 *Figure 4. How district configuration works*
 
@@ -512,7 +554,8 @@ For more information about installing the Windows ADK, see [Step 2-2: Install Wi
 Next, install MDT. MDT uses the Windows ADK to help you manage and perform Windows 10 and app deployment. It is a free tool available directly from Microsoft.
 You can use MDT to deploy 32-bit or 64-bit versions of Windows 10. Install the 64-bit version of MDT to support deployment of 32-bit and 64-bit operating systems.
 
->**Note**  If you install the 32-bit version of MDT, you can install only 32-bit versions of Windows 10. Ensure that you download and install the 64-bit version of MDT so that you can install 64-bit and 32-bit versions of the operating system.
+> [!NOTE]
+> If you install the 32-bit version of MDT, you can install only 32-bit versions of Windows 10. Ensure that you download and install the 64-bit version of MDT so that you can install 64-bit and 32-bit versions of the operating system.
 
 For more information about installing MDT on the admin device, see [Installing a New Instance of MDT](https://technet.microsoft.com/library/dn759415.aspx#InstallingaNewInstanceofMDT).
 
@@ -526,7 +569,8 @@ For more information about how to create a deployment share, see [Step 3-1: Crea
 
 ### Install the Configuration Manager console
 
->**Note**  If you selected Microsoft Endpoint Configuration Manager to deploy Windows 10 or manage your devices (in the [Select the deployment methods](#select-the-deployment-methods) and [Select the configuration setting management methods](#select-the-configuration-setting-management-methods) sections, respectively), perform the steps in this section. Otherwise, skip this section and continue to the next.
+> [!NOTE]
+> If you selected Microsoft Endpoint Configuration Manager to deploy Windows 10 or manage your devices (in the [Select the deployment methods](#select-the-deployment-methods) and [Select the configuration setting management methods](#select-the-configuration-setting-management-methods) sections, respectively), perform the steps in this section. Otherwise, skip this section and continue to the next.
 
 You can use Configuration Manager to manage Windows 10 deployments, Windows desktop apps, Microsoft Store apps, and software updates. To manage Configuration Manager, you use the Configuration Manager console. You must install the Configuration Manager console on every device you use to manage Configuration Manager (specifically, the admin device). The Configuration Manager console is automatically installed when you install Configuration Manager primary site servers.
 
@@ -534,7 +578,8 @@ For more information about how to install the Configuration Manager console, see
 
 ### Configure MDT integration with the Configuration Manager console
 
->**Note**  If you selected MDT only to deploy Windows 10 and your apps (and not Microsoft Endpoint Configuration Manager) in the [Select the deployment methods](#select-the-deployment-methods) section, then skip this section and continue to the next.
+> [!NOTE]
+> If you selected MDT only to deploy Windows 10 and your apps (and not Microsoft Endpoint Configuration Manager) in [Select the deployment methods](#select-the-deployment-methods), earlier in this article, then skip this section and continue to the next.
 
 You can use MDT with Configuration Manager to make ZTI operating system deployment easier. To configure MDT integration with Configuration Manager, run the Configure ConfigMgr Integration Wizard. This wizard is installed when you install MDT.
 
@@ -544,7 +589,7 @@ For more information, see [Enable Configuration Manager Console Integration for
 
 #### Summary
 
-In this section, you installed the Windows ADK and MDT on the admin device. You also created the MDT deployment share that you will configure and use later to capture a reference image. You can also use the MDT deployment share to deploy Windows 10 and your apps to faculty and students (if that’s the method you selected in the [Select the deployment methods](#select-the-deployment-methods) section). Finally, you installed the Configuration Manager console and configured MDT integration with the Configuration Manager console.
+In this section, you installed the Windows ADK and MDT on the admin device. You also created the MDT deployment share that you will configure and use later to capture a reference image. You can also use the MDT deployment share to deploy Windows 10 and your apps to faculty and students (if that’s the method you selected in [Select the deployment methods](#select-the-deployment-methods), earlier in this article). Finally, you installed the Configuration Manager console and configured MDT integration with the Configuration Manager console.
 
 ## Create and configure Office 365
 
@@ -590,13 +635,19 @@ You will use the Office 365 Education license plan information you record in Tab
 
 To create a new Office 365 Education subscription for use in the classroom, use your educational institution’s email account. There are no costs to you or to students for signing up for Office 365 Education subscriptions.
 
->**Note**  If you already have an Office 365 Education subscription, you can use that subscription and continue to the next section, [Create user accounts in Office 365](#create-user-accounts-in-office-365).
+> [!NOTE]
+> If you already have an Office 365 Education subscription, you can use that subscription and continue to the next section, [Create user accounts in Office 365](#create-user-accounts-in-office-365).
 
 #### To create a new Office 365 subscription
 
 1. In Microsoft Edge or Internet Explorer, type `https://portal.office.com/start?sku=faculty` in the address bar.
-   > **Note**  If you have already used your current sign-in account to create a new Office 365 subscription, you will be prompted to sign in. If you want to create a new Office 365 subscription, start an In-Private Window by using one of the following methods:
+
-   >    <ul><li>In Microsoft Edge, open the Microsoft Edge app (press Ctrl+Shift+P, or click or tap <strong>More actions</strong>), and then click or tap <strong>New InPrivate window</strong>.<li>In Internet Explorer 11, open Internet Explorer 11 (press Ctrl+Shift+P, or click or tap <strong>Settings</strong>), click or tap <strong>Safety</strong>, and then click or tap <strong>InPrivate Browsing</strong>.</li></ul>
+   > [!NOTE]
+   > If you have already used your current sign-in account to create a new Office 365 subscription, you will be prompted to sign in. If you want to create a new Office 365 subscription, start an In-Private Window by using one of the following methods:
+   > 
+   > - In Microsoft Edge, open the Microsoft Edge app (press Ctrl+Shift+P, or click or tap <strong>More actions</strong>), and then click or tap <strong>New InPrivate window</strong>.
+   > 
+   > - In Internet Explorer 11, open Internet Explorer 11 (press Ctrl+Shift+P, or click or tap <strong>Settings</strong>), click or tap <strong>Safety</strong>, and then click or tap <strong>InPrivate Browsing</strong>.
 
 
 2. On the **Get started** page, in **Enter your school email address**, type your school email address, and then click **Sign up**.
@@ -631,7 +682,8 @@ Now that you have created your new Office 365 Education subscription, add the do
 
 To make it easier for faculty and students to join your Office 365 Education subscription (or *tenant*), allow them to automatically sign up to your tenant (*automatic tenant join*). In automatic tenant join, when a faculty member or student signs up for Office 365, Office 365 automatically adds (joins) the user to your Office 365 tenant.
 
->**Note**&nbsp;&nbsp;By default, automatic tenant join is enabled in Office 365 Education, with the exception of certain areas in Europe, the Middle East, and Africa. These countries/regions require opt-in steps to add new users to existing Office 365 tenants. Check your country/region requirements to determine the automatic tenant join default configuration. Also, if you use Azure AD Connect, then automatic tenant join is disabled. For more information, see [Office 365 Education Self-Sign up: Technical FAQ](https://support.office.com/en-us/article/Office-365-Education-Self-Sign-up-Technical-FAQ-7fb1b2f9-94c2-4cbb-b01e-a6eca34261d6?ui=en-US&rs=en-US&ad=US&WT.mc_id=eml_CXM__33537_MOD_EDU_Student_Advantage_Rush).
+> [!NOTE]
+> By default, automatic tenant join is enabled in Office 365 Education, with the exception of certain areas in Europe, the Middle East, and Africa. These countries/regions require opt-in steps to add new users to existing Office 365 tenants. Check your country/region requirements to determine the automatic tenant join default configuration. Also, if you use Azure AD Connect, then automatic tenant join is disabled. For more information, see [Office 365 Education Self-Sign up: Technical FAQ](https://support.office.com/en-us/article/Office-365-Education-Self-Sign-up-Technical-FAQ-7fb1b2f9-94c2-4cbb-b01e-a6eca34261d6?ui=en-US&rs=en-US&ad=US&WT.mc_id=eml_CXM__33537_MOD_EDU_Student_Advantage_Rush).
 
 Office 365 uses the domain portion of the user’s email address to know which Office 365 tenant to join. For example, if a faculty member or student provides an email address of user@contoso.edu, then Office 365 automatically performs one of the following tasks:
 
@@ -640,7 +692,8 @@ Office 365 uses the domain portion of the user’s email address to know which O
 
 You will always want faculty and students to join the Office 365 tenant that you created. Ensure that you perform the steps in the [Create a new Office 365 Education subscription](#create-a-new-office-365-education-subscription) and [Add domains and subdomains](#add-domains-and-subdomains) sections before you allow other faculty and students to join Office 365.
 
->**Note**&nbsp;&nbsp;You cannot merge multiple tenants, so any faculty or students who create their own tenant will need to abandon their existing tenant and join yours.
+> [!NOTE]
+> You cannot merge multiple tenants, so any faculty or students who create their own tenant will need to abandon their existing tenant and join yours.
 
 By default, all new Office 365 Education subscriptions have automatic tenant join enabled, but you can enable or disable automatic tenant join by using the Windows PowerShell commands in Table 10. For more information about how to run these commands, see [How can I prevent students from joining my existing Office 365 tenant](https://support.office.com/en-us/article/Office-365-Education-Self-Sign-up-Technical-FAQ-7fb1b2f9-94c2-4cbb-b01e-a6eca34261d6?ui=en-US&rs=en-US&ad=US#BKMK_PreventJoins).
 
@@ -651,13 +704,15 @@ By default, all new Office 365 Education subscriptions have automatic tenant joi
 
 *Table 10. Windows PowerShell commands to enable or disable automatic tenant join*
 
->**Note**&nbsp;&nbsp;If your institution has AD DS, then disable automatic tenant join. Instead, use Azure AD integration with AD DS to add users to your Office 365 tenant.
+> [!NOTE]
+> If your institution has AD DS, then disable automatic tenant join. Instead, use Azure AD integration with AD DS to add users to your Office 365 tenant.
 
 ### Disable automatic licensing
 
 To reduce your administrative effort, automatically assign Office 365 Education or Office 365 Education Plus licenses to faculty and students when they sign up (automatic licensing). Automatic licensing also enables Office 365 Education or Office 365 Education Plus features that do not require administrative approval.
 
->**Note**&nbsp;&nbsp;By default, automatic licensing is enabled in Office 365 Education. If you want to use automatic licensing, then skip this section and go to the next section.
+> [!NOTE]
+> By default, automatic licensing is enabled in Office 365 Education. If you want to use automatic licensing, then skip this section and go to the next section.
 
 Although all new Office 365 Education subscriptions have automatic licensing enabled by default, you can enable or disable it for your Office 365 tenant by using the Windows PowerShell commands in Table 11. For more information about how to run these commands, see [How can I prevent students from joining my existing Office 365 tenant](https://support.office.com/en-us/article/Office-365-Education-Self-Sign-up-Technical-FAQ-7fb1b2f9-94c2-4cbb-b01e-a6eca34261d6?ui=en-US&rs=en-US&ad=US#BKMK_PreventJoins).
 
@@ -678,7 +733,7 @@ The following Azure AD Premium features are not in Azure AD Basic:
 
 * Allow designated users to manage group membership
 * Dynamic group membership based on user metadata
-* Azure multifactor authentication (MFA; see [What is Azure Multi-Factor Authentication](https://azure.microsoft.com/documentation/articles/multi-factor-authentication/))
+* Azure AD Multi-Factor Authentication authentication (MFA; see [What is Azure AD Multi-Factor Authentication Authentication](https://azure.microsoft.com/documentation/articles/multi-factor-authentication/))
 * Identify cloud apps that your users run
 * Self-service recovery of BitLocker
 * Add local administrator accounts to Windows 10 devices
@@ -709,9 +764,11 @@ Now that you have an Office 365 subscription, you must determine how you’ll cr
 
 In this method, you have an on-premises AD DS domain. As shown in Figure 5, the Azure AD Connector tool automatically synchronizes AD DS with Azure AD. When you add or change any user accounts in AD DS, the Azure AD Connector tool automatically updates Azure AD.
 
->**Note**&nbsp;&nbsp;Azure AD Connect also supports synchronization from any Lightweight Directory Access Protocol version 3 (LDAPv3)–compliant directory by using the information provided in [Generic LDAP Connector for FIM 2010 R2 Technical Reference](https://technet.microsoft.com/library/dn510997.aspx).
+> [!NOTE]
+> Azure AD Connect also supports synchronization from any Lightweight Directory Access Protocol version 3 (LDAPv3)–compliant directory by using the information provided in [Generic LDAP Connector for FIM 2010 R2 Technical Reference](https://technet.microsoft.com/library/dn510997.aspx).
 
-![Automatic synchronization between AD DS and Azure AD](images/edu-districtdeploy-fig5.png "Automatic synchronization between AD DS and Azure AD")
+> [!div class="mx-imgBorder"]
+> ![Automatic synchronization between AD DS and Azure AD](images/edu-districtdeploy-fig5.png "Automatic synchronization between AD DS and Azure AD")
 
 *Figure 5. Automatic synchronization between AD DS and Azure AD*
 
@@ -721,7 +778,8 @@ For more information about how to perform this step, see the [Integrate on-premi
 
 In this method, you have no on-premises AD DS domain. As shown in Figure 6, you manually prepare a .csv file with the student information from your source, and then manually import the information directly into Azure AD. The .csv file must be in the format that Office 365 specifies.
 
-![Bulk import into Azure AD from other sources](images/edu-districtdeploy-fig6.png "Bulk import into Azure AD from other sources")
+> [!div class="mx-imgBorder"]
+> ![Bulk import into Azure AD from other sources](images/edu-districtdeploy-fig6.png "Bulk import into Azure AD from other sources")
 
 *Figure 6. Bulk import into Azure AD from other sources*
 
@@ -742,7 +800,8 @@ In this section, you selected the method for creating user accounts in your Offi
 
 You can integrate your on-premises AD DS domain with Azure AD to provide identity management for your Office 365 tenant. With this integration, you can synchronize the users, security groups, and distribution lists in your AD DS domain with Azure AD with the Azure AD Connect tool. Users will be able to sign in to Office 365 automatically by using their email account and the same password they use to sign in to AD DS.
 
->**Note**&nbsp;&nbsp;If your institution does not have an on-premises AD DS domain, you can skip this section.
+> [!NOTE]
+> If your institution does not have an on-premises AD DS domain, you can skip this section.
 
 ### Select a synchronization model
 
@@ -752,13 +811,15 @@ You can deploy the Azure AD Connect tool:
 
 - **On premises.** As shown in Figure 7, Azure AD Connect runs on premises, which has the advantage of not requiring a VPN connection to Azure. It does, however, require a virtual machine (VM) or physical server.
 
-  ![Azure AD Connect on premises](images/edu-districtdeploy-fig7.png "Azure AD Connect on premises")
+  > [!div class="mx-imgBorder"]
+  > ![Azure AD Connect on premises](images/edu-districtdeploy-fig7.png "Azure AD Connect on premises")
 
   *Figure 7. Azure AD Connect on premises*
 
 - **In Azure.** As shown in Figure 8, Azure AD Connect runs on a VM in Azure AD, which has the advantages of being faster to provision (than a physical, on-premises server), offers better site availability, and helps reduce the number of on-premises servers. The disadvantage is that you need to deploy a VPN gateway on premises.
 
-  ![Azure AD Connect in Azure](images/edu-districtdeploy-fig8.png "Azure AD Connect in Azure")
+  > [!div class="mx-imgBorder"]
+  > ![Azure AD Connect in Azure](images/edu-districtdeploy-fig8.png "Azure AD Connect in Azure")
 
   *Figure 8. Azure AD Connect in Azure*
 
@@ -815,7 +876,8 @@ In this section, you selected your synchronization model, deployed Azure AD Conn
 
 You can bulk-import user and group accounts into your on-premises AD DS domain. Bulk-importing accounts helps reduce the time and effort needed to create users compared to creating the accounts manually in the Office 365 Admin portal. First, you select the appropriate method for bulk-importing user accounts into AD DS. Next, you create the .csv file that contains the user accounts. Finally, you use the selected method to import the .csv file into AD DS.
 
->**Note**&nbsp;&nbsp;If your institution doesn’t have an on-premises AD DS domain, you can skip this section.
+> [!NOTE]
+> If your institution doesn’t have an on-premises AD DS domain, you can skip this section.
 
 ### Select the bulk import method
 
@@ -823,7 +885,7 @@ Several methods are available to bulk-import user accounts into AD DS domains. T
 
 |Method |Description and reason to select this method |
 |-------|---------------------------------------------|
-|Ldifde.exe|This command-line tool allows you to import and export objects (such as user accounts) from AD DS. Select this method if you aren’t comfortable with Microsoft Visual Basic Scripting Edition (VBScript), Windows PowerShell, or other scripting languages. For more information about using Ldifde.exe, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com/library/bb727091.aspx), [LDIFDE—Export/Import data from Active Directory—LDIFDE commands](https://support.microsoft.com/kb/555636), [Import or Export Directory Objects Using Ldifde](https://technet.microsoft.com/library/cc816781.aspx), and [LDIFDE](https://technet.microsoft.com/library/cc755456.aspx).|
+|Ldifde.exe|This command-line tool allows you to import and export objects (such as user accounts) from AD DS. Select this method if you aren't comfortable with Microsoft Visual Basic Scripting Edition (VBScript), Windows PowerShell, or other scripting languages. For more information about using Ldifde.exe, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com/library/bb727091.aspx), [LDIFDE—Export/Import data from Active Directory—LDIFDE commands](https://support.microsoft.com/kb/555636), [Import or Export Directory Objects Using Ldifde](https://technet.microsoft.com/library/cc816781.aspx), and [LDIFDE](https://technet.microsoft.com/library/cc755456.aspx).|
 |VBScript|This scripting language uses the Active Directory Services Interfaces (ADSI) Component Object Model interface to manage AD DS objects, including user and group objects. Select this method if you’re comfortable with VBScript. For more information about using VBScript and ADSI, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com/library/bb727091.aspx) and [ADSI Scriptomatic](https://technet.microsoft.com/scriptcenter/dd939958.aspx).|
 |Windows PowerShell|This scripting language natively supports cmdlets to manage AD DS objects, including user and group objects. Select this method if you’re comfortable with Window PowerShell scripting. For more information about using Windows PowerShell, see [Import Bulk Users to Active Directory](https://blogs.technet.microsoft.com/bettertogether/2011/01/09/import-bulk-users-to-active-directory/) and [PowerShell: Bulk create AD Users from CSV file](https://social.technet.microsoft.com/wiki/contents/articles/24541.powershell-bulk-create-ad-users-from-csv-file.aspx).|
 
@@ -845,7 +907,8 @@ After you have selected your user and group account bulk import method, you’re
 
 With the bulk-import source file finished, you’re ready to import the user and group accounts into AD DS. The steps for importing the file are slightly different for each method.
 
->**Note**&nbsp;&nbsp;Bulk-import your group accounts first, and then import your user accounts. Importing in this order allows you to specify group membership when you import your user accounts.
+> [!NOTE]
+> Bulk-import your group accounts first, and then import your user accounts. Importing in this order allows you to specify group membership when you import your user accounts.
 
 For more information about how to import user accounts into AD DS by using:
 
@@ -865,7 +928,8 @@ You can bulk-import user and group accounts directly into Office 365, reducing t
 
 Now that you have created your new Office 365 Education subscription, you need to create user accounts. You can add user accounts for the teachers, other faculty, and students who will use the classroom.
 
->**Note**&nbsp;&nbsp;If your institution has AD DS, don’t create security accounts in Office 365. Instead, create the security groups in AD DS, and then use Azure AD integration to synchronize the security groups with your Office 365 tenant.
+> [!NOTE]
+> If your institution has AD DS, don’t create security accounts in Office 365. Instead, create the security groups in AD DS, and then use Azure AD integration to synchronize the security groups with your Office 365 tenant.
 
 You can use the Microsoft 365 admin center to add individual Office 365 accounts manually—a reasonable process when you’re adding only a few users. If you have many users, however, you can automate the process by creating a list of those users, and then use that list to create user accounts (that is, bulk-add users).
 
@@ -873,7 +937,8 @@ The bulk-add process assigns the same Office 365 Education license plan to all u
 
 For more information about how to bulk-add users to Office 365, see [Add several users at the same time to Office 365 - Admin help](https://support.office.com/en-us/article/Add-several-users-at-the-same-time-to-Office-365-Admin-Help-1f5767ed-e717-4f24-969c-6ea9d412ca88?ui=en-US&rs=en-US&ad=US).
 
->**Note**&nbsp;&nbsp;If you encountered errors during bulk add, resolve them before you continue the bulk-add process. You can view the log file to see which users caused the errors, and then modify the .csv file to correct the problems. Click **Back** to retry the verification process.
+> [!NOTE]
+> If you encountered errors during bulk add, resolve them before you continue the bulk-add process. You can view the log file to see which users caused the errors, and then modify the .csv file to correct the problems. Click **Back** to retry the verification process.
 
 The email accounts are assigned temporary passwords on creation. You must communicate these temporary passwords to your users before they can sign in to Office 365.
 
@@ -881,13 +946,15 @@ The email accounts are assigned temporary passwords on creation. You must commun
 
 Assign SharePoint Online resource permissions to Office 365 security groups, not individual user accounts. For example, create one security group for faculty members and another for students. Then, you can assign unique SharePoint Online resource permissions to faculty members and a different set of permissions to students. Add or remove users from the security groups to grant or revoke access to SharePoint Online resources.
 
->**Note**&nbsp;&nbsp;If your institution has AD DS, don’t create security accounts in Office 365. Instead, create the security groups in AD DS, and then use Azure AD integration to synchronize the security groups with your Office 365 tenant.
+> [!NOTE]
+> If your institution has AD DS, don’t create security accounts in Office 365. Instead, create the security groups in AD DS, and then use Azure AD integration to synchronize the security groups with your Office 365 tenant.
 
 For information about creating security groups, see [Create an Office 365 Group in the admin center](https://support.office.com/en-us/article/Create-an-Office-365-Group-in-the-admin-center-74a1ef8b-3844-4d08-9980-9f8f7a36000f?ui=en-US&rs=en-001&ad=US).
 
 You can add and remove users from security groups at any time.
 
->**Note**&nbsp;&nbsp;Office 365 evaluates group membership when users sign in. If you change group membership for a user, that user may have to sign out, and then sign in again for the change to take effect.
+> [!NOTE]
+> Office 365 evaluates group membership when users sign in. If you change group membership for a user, that user may have to sign out, and then sign in again for the change to take effect.
 
 ### Create email distribution groups
 
@@ -895,7 +962,8 @@ Microsoft Exchange Online uses an email distribution group as a single email rec
 
 You can create email distribution groups based on job role (such as teacher, administration, or student) or specific interests (such as robotics, drama club, or soccer team). You can create any number of distribution groups, and users can be members of more than one group.
 
->**Note**&nbsp;&nbsp;Office 365 can take some time to complete the Exchange Online creation process. You will have to wait until the creation process ends before you can perform the following steps.
+> [!NOTE]
+> Office 365 can take some time to complete the Exchange Online creation process. You will have to wait until the creation process ends before you can perform the following steps.
 
 
 For information about creating email distribution groups, see [Create an Office 365 Group in the admin center](https://support.office.com/en-us/article/Create-an-Office-365-Group-in-the-admin-center-74a1ef8b-3844-4d08-9980-9f8f7a36000f?ui=en-US&rs=en-001&ad=US).
@@ -957,7 +1025,8 @@ After you create the Microsoft Store for Business portal, configure it by using
 
 Now that you have created your Microsoft Store for Business portal, you’re ready to find, acquire, and distribute apps that you will add to your portal. You do this from the **Inventory** page in Microsoft Store for Business.
 
->**Note**&nbsp;&nbsp;Your educational institution can now use a credit card or purchase order to pay for apps in Microsoft Store for Business.
+> [!NOTE]
+> Your educational institution can now use a credit card or purchase order to pay for apps in Microsoft Store for Business.
 
 You can deploy apps to individual users or make apps available to users through your private store. Deploying apps to individual users restricts the app to those specified users. Making apps available through your private store allows all your users to install the apps.
 
@@ -989,13 +1058,15 @@ Depending on your school’s requirements, you may need any combination of the f
   * Upgrade institution-owned devices to Windows 10 Education.
   * Deploy new instances of Windows 10 Education so that new devices have a known configuration.
 
->**Note**&nbsp;&nbsp;Although you can use Windows 10 Home on institution-owned devices, Microsoft recommends that you use Windows 10 Pro or Windows 10 Education, instead. Windows 10 Pro and Windows 10 Education provide support for MDM, policy-based management, and Microsoft Store for Business—features not available in Windows 10 Home. For more information about how to upgrade Windows 10 Home to Windows 10 Pro or Windows 10 Education, see [Windows 10 edition upgrade](https://technet.microsoft.com/itpro/windows/deploy/windows-10-edition-upgrades).
+> [!NOTE]
+> Although you can use Windows 10 Home on institution-owned devices, Microsoft recommends that you use Windows 10 Pro or Windows 10 Education, instead. Windows 10 Pro and Windows 10 Education provide support for MDM, policy-based management, and Microsoft Store for Business—features not available in Windows 10 Home. For more information about how to upgrade Windows 10 Home to Windows 10 Pro or Windows 10 Education, see [Windows 10 edition upgrade](https://technet.microsoft.com/itpro/windows/deploy/windows-10-edition-upgrades).
 
 For more information about the Windows 10 editions, see [Compare Windows 10 Editions](https://www.microsoft.com/WindowsForBusiness/Compare).
 
 One other consideration is the mix of processor architectures you will support. If you can, support only 64-bit versions of Windows 10. If you have devices that can run only 32-bit versions of Windows 10, you will need to import both 64-bit and 32-bit versions of the Windows 10 editions listed above.
 
->**Note**&nbsp;&nbsp;On devices that have minimal system resources (such as devices with only 2 GB of memory or 32 GB of storage), use 32-bit versions of Windows 10 because 64-bit versions of Windows 10 place more stress on device system resources.
+> [!NOTE]
+> On devices that have minimal system resources (such as devices with only 2 GB of memory or 32 GB of storage), use 32-bit versions of Windows 10 because 64-bit versions of Windows 10 place more stress on device system resources.
 
 Finally, as a best practice, minimize the number of operating systems that you deploy and manage. If possible, standardize institution-owned devices on one Windows 10 edition (such as a 64-bit version of Windows 10 Education or Windows 10 Pro). Of course, you cannot standardize personal devices on a specific operating system version or processor architecture.
 
@@ -1173,7 +1244,8 @@ For more information about how to update a deployment share, see <a href="https:
 
 ### Configure Microsoft Endpoint Configuration Manager
 
->**Note**&nbsp;&nbsp;If you have already configured your Microsoft Endpoint Configuration Manager infrastructure to support the operating system deployment feature or if you selected to deploy Windows 10 by using MDT only, then skip this section and continue to the next section.
+> [!NOTE]
+> If you have already configured your Microsoft Endpoint Configuration Manager infrastructure to support the operating system deployment feature or if you selected to deploy Windows 10 by using MDT only, then skip this section and continue to the next section.
 
 Before you can use Configuration Manager to deploy Windows 10 and manage your apps and devices, you must configure Configuration Manager to support the operating system deployment feature. If you don’t have an existing Configuration Manager infrastructure, you will need to deploy a new infrastructure.
 
@@ -1228,7 +1300,8 @@ You can use Windows Deployment Services in conjunction with MDT to automatically
 
 ### Configure Window Deployment Services for Microsoft Endpoint Configuration Manager
 
->**Note**&nbsp;&nbsp;If you have already configured your Microsoft Endpoint Configuration Manager infrastructure to support PXE boot or selected to deploy Windows 10 by using MDT only, then skip this section and continue to the next.
+> [!NOTE]
+> If you have already configured your Microsoft Endpoint Configuration Manager infrastructure to support PXE boot or selected to deploy Windows 10 by using MDT only, then skip this section and continue to the next.
 
 You can use Windows Deployment Services in conjunction with Configuration Manager to automatically initiate boot images on target devices. These boot images are Windows PE images that you use to boot the target devices, and then initiate Windows 10, app, and device driver deployment.
 
@@ -1265,7 +1338,8 @@ After you deploy Windows 10 and the desktop apps to the reference device, you ca
 
 You will capture multiple reference images, one for each type of device that you have in your organization. You perform the steps in this section for each image (device) that you have in your district. Use LTI in MDT to automate the deployment and capture of the reference image.
 
->**Note**&nbsp;&nbsp;You can use LTI in MDT or Configuration Manager to automate the deployment and capture of the reference image, but this guide only discusses how to use LTI in MDT to capture the reference image.
+> [!NOTE]
+> You can use LTI in MDT or Configuration Manager to automate the deployment and capture of the reference image, but this guide only discusses how to use LTI in MDT to capture the reference image.
 
 ### Customize the MDT deployment share
 
@@ -1305,7 +1379,8 @@ To capture the reference image, run the LTI task sequence that you created in th
 
 Use the Deployment Wizard to deploy Windows 10, your apps, and device drivers to the device, and then capture the .wim file. The LTI deployment process is almost fully automated: you provide only minimal information to the Deployment Wizard at the beginning of the process. After the wizard collects the necessary information, the remainder of the process is fully automated.
 
->**Note**&nbsp;&nbsp;To fully automate the LTI deployment process, complete the steps in the “Fully Automated LTI Deployment Scenario” section of [Microsoft Deployment Toolkit Samples Guide](https://technet.microsoft.com/library/dn781089.aspx#Anchor_6).
+> [!NOTE]
+> To fully automate the LTI deployment process, complete the steps in the “Fully Automated LTI Deployment Scenario” section of [Microsoft Deployment Toolkit Samples Guide](https://technet.microsoft.com/library/dn781089.aspx#Anchor_6).
 
 In most instances, deployments occur without incident. Only in rare occasions do deployments experience problems.
 
@@ -1350,7 +1425,8 @@ You also want to deploy apps and software updates after you deploy Windows 10. Y
 
 Microsoft has several recommended settings for educational institutions. Table 17 lists them, provides a brief description of why you need to configure them, and recommends methods for configuring the settings. Review the settings in Table 17 and evaluate their relevancy to your institution.
 
->**Note**&nbsp;&nbsp;The settings for Intune in Table 17 also apply to the Configuration Manager and Intune management (hybrid) method.
+> [!NOTE]
+> The settings for Intune in Table 17 also apply to the Configuration Manager and Intune management (hybrid) method.
 
 Use the information in Table 17 to help you determine whether you need to configure the setting and which method you will use to do so. At the end, you will have a list of settings that you want to apply to the Windows 10 devices and know which management method you will use to configure the settings.
 
@@ -1517,7 +1593,8 @@ You can use  Microsoft Endpoint Configuration Manager to deploy Microsoft Store
 
 For example, you could create a Skype application that contains a deployment type for Windows 10 desktop, Windows 10 Mobile, iOS, and Android. You can deploy the one application to multiple device types.
 
->**Note**&nbsp;&nbsp;When you configure Configuration Manager and Intune in a hybrid model, you deploy apps by using Configuration Manager as described in this section.
+> [!NOTE]
+> When you configure Configuration Manager and Intune in a hybrid model, you deploy apps by using Configuration Manager as described in this section.
 
 Configuration Manager helps you manage apps by monitoring app installation. You can determine how many of your devices have a specific app installed. Finally, you can allow users to install apps at their discretion or make apps mandatory.
 
@@ -1529,7 +1606,8 @@ If you selected to manage updates by using Configuration Manager and Intune in a
 
 To help ensure that your users have the most current features and security protection, keep Windows 10 and your apps current with updates. To configure Windows 10 and app updates, use the **Updates** workspace in Intune.
 
->**Note**&nbsp;&nbsp;You can only manage updates (including antivirus and antimalware updates) for Windows 10 desktop operating systems (not Windows 10 Mobile, iOS, or Android).
+> [!NOTE]
+> You can only manage updates (including antivirus and antimalware updates) for Windows 10 desktop operating systems (not Windows 10 Mobile, iOS, or Android).
 
 For more information about how to configure Intune to manage updates and malware protection, see the following resources:
 
@@ -1542,7 +1620,8 @@ To ensure that your users have the most current features and security protection
 
 You configure the software updates feature to manage updates for specific versions of Windows and apps. Then, the software updates feature obtains the updates from Windows Updates by using the WSUS server in your environment. This integration provides greater granularity of control over updates and more specific targeting of updates to users and devices (compared to WSUS alone or Intune alone), which allows you to ensure that the right user or device gets the right updates.
 
->**Note**&nbsp;&nbsp;When you configure Configuration Manager and Intune in a hybrid model, you  use Configuration manager to manage updates as described in this section.
+> [!NOTE]
+> When you configure Configuration Manager and Intune in a hybrid model, you  use Configuration manager to manage updates as described in this section.
 
 For more information about how to configure Configuration Manager to manage Windows 10 and app updates, see [Deploy and manage software updates in Configuration Manager](https://technet.microsoft.com/library/mt634340.aspx).
 
@@ -1571,7 +1650,8 @@ Prior to deployment of Windows 10, complete the tasks in Table 18. Most of these
 
 Use the Deployment Wizard to deploy Windows 10. With the LTI deployment process, you provide only minimal information to the Deployment Wizard at the beginning of the process. After the wizard collects the necessary information, the remainder of the process is fully automated.
 
->**Note**&nbsp;&nbsp;To fully automate the LTI deployment process, complete the steps in the “Fully Automated LTI Deployment Scenario” section in the [Microsoft Deployment Toolkit Samples Guide](https://technet.microsoft.com/library/dn781089.aspx#Anchor_6).
+> [!NOTE]
+> To fully automate the LTI deployment process, complete the steps in the “Fully Automated LTI Deployment Scenario” section in the [Microsoft Deployment Toolkit Samples Guide](https://technet.microsoft.com/library/dn781089.aspx#Anchor_6).
 
 
 In most instances, deployments occur without incident. Only in rare occasions do deployments experience problems.
@@ -1590,7 +1670,8 @@ In most instances, deployments occur without incident. Only in rare occasions do
 
 After you have deployed Windows 10, the devices are almost ready for use. First, you must set up the printers that each classroom will use. Typically, you connect the printers to the same network as the devices in the same classroom. If you don’t have printers in your classrooms, skip this section and proceed to [Verify deployment](#verify-deployment).
 
->**Note**&nbsp;&nbsp;If you’re performing an upgrade instead of a new deployment, the printers remain configured as they were in the previous version of Windows. As a result, you can skip this section and proceed to [Verify deployment](#verify-deployment).
+> [!NOTE]
+> If you’re performing an upgrade instead of a new deployment, the printers remain configured as they were in the previous version of Windows. As a result, you can skip this section and proceed to [Verify deployment](#verify-deployment).
 
 #### To set up printers
 

windows/privacy/manage-windows-1709-endpoints.md

@@ -456,4 +456,4 @@ To view endpoints for non-Enterprise Windows 10 editions, see:
 ## Related links
 
 - [Office 365 URLs and IP address ranges](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US)
-- [Network infrastructure requirements for Microsoft Intune](https://docs.microsoft.com/intune/get-started/network-infrastructure-requirements-for-microsoft-intune)
+- [Network infrastructure requirements for Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/intune-endpoints)

windows/privacy/manage-windows-1803-endpoints.md

@@ -461,4 +461,4 @@ To view endpoints for non-Enterprise Windows 10 editions, see:
 ## Related links
 
 - [Office 365 URLs and IP address ranges](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US)
-- [Network infrastructure requirements for Microsoft Intune](https://docs.microsoft.com/intune/get-started/network-infrastructure-requirements-for-microsoft-intune)
+- [Network infrastructure requirements for Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/intune-endpoints)

windows/privacy/manage-windows-1809-endpoints.md

@@ -497,4 +497,4 @@ To view endpoints for non-Enterprise Windows 10 editions, see:
 ## Related links
 
 - [Office 365 URLs and IP address ranges](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US)
-- [Network endpoints for Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/intune-endpoints)
+- [Network infrastructure requirements for Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/intune-endpoints)

windows/privacy/manage-windows-1903-endpoints.md

@@ -187,6 +187,6 @@ To view endpoints for non-Enterprise Windows 10 editions, see:
 ## Related links
 
 - [Office 365 URLs and IP address ranges](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US)
-- [Network infrastructure requirements for Microsoft Intune](https://docs.microsoft.com/intune/get-started/network-infrastructure-requirements-for-microsoft-intune)
+- [Network infrastructure requirements for Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/intune-endpoints)
 
 

windows/privacy/manage-windows-1909-endpoints.md

@@ -138,4 +138,4 @@ To view endpoints for non-Enterprise Windows 10 editions, see:
 ## Related links
 
 - [Office 365 URLs and IP address ranges](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US)
-- [Network infrastructure requirements for Microsoft Intune](https://docs.microsoft.com/intune/get-started/network-infrastructure-requirements-for-microsoft-intune)
+- [Network infrastructure requirements for Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/intune-endpoints)

windows/privacy/manage-windows-2004-endpoints.md

@@ -137,4 +137,4 @@ To view endpoints for non-Enterprise Windows 10 editions, see:
 ## Related links
 
 - [Office 365 URLs and IP address ranges](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US)
-- [Network infrastructure requirements for Microsoft Intune](https://docs.microsoft.com/intune/get-started/network-infrastructure-requirements-for-microsoft-intune)
+- [Network infrastructure requirements for Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/intune-endpoints)

windows/security/identity-protection/hello-for-business/hello-feature-conditional-access.md

@@ -32,7 +32,7 @@ In a mobile-first, cloud-first world, Azure Active Directory enables single sign
 To improve productivity, Azure Active Directory provides your users with a broad range of options to access your corporate assets. With application access management, Azure Active Directory enables you to ensure that only the right people can access your applications. What if you want to have more control over how the right people are accessing your resources under certain conditions? What if you even have conditions under which you want to block access to certain applications even for the right people? For example, it might be OK for you if the right people are accessing certain applications from a trusted network; however, you might not want them to access these applications from a network you don't trust. You can address these questions using conditional access.
 
 > [!NOTE]
-> For more details about the way Windows Hello for Business interacts with Azure Multi Factor Authentication and Conditional Access, see [this article](https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/why-are-my-users-not-prompted-for-mfa-as-expected/ba-p/1449032).
+> For more details about the way Windows Hello for Business interacts with Azure AD Multi-Factor Authentication and Conditional Access, see [this article](https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/why-are-my-users-not-prompted-for-mfa-as-expected/ba-p/1449032).
 
 Read [Conditional access in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/active-directory-conditional-access-azure-portal) to learn more about Conditional Access.  Afterwards, read [Getting started with conditional access in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/active-directory-conditional-access-azure-portal-get-started) to start deploying Conditional access.
 

windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md

@@ -100,12 +100,12 @@ The next step of the deployment is to follow the [Creating an Azure AD tenant](h
 ## Multifactor Authentication Services
 Windows Hello for Business uses multi-factor authentication during provisioning and during user initiated PIN reset scenarios, such as when a user forgets their PIN.  There are two preferred multi-factor authentication configurations with hybrid deployments—Azure MFA and AD FS using Azure MFA
 
-Review the [What is Azure Multi-Factor Authentication](https://docs.microsoft.com/azure/multi-factor-authentication/multi-factor-authentication) topic to familiarize yourself its purpose and how it works.
+Review the [What is Azure AD Multi-Factor Authentication](https://docs.microsoft.com/azure/multi-factor-authentication/multi-factor-authentication) topic to familiarize yourself its purpose and how it works.
 
-### Azure Multi-Factor Authentication (MFA) Cloud ###
+### Azure AD Multi-Factor Authentication (MFA) Cloud ###
 > [!IMPORTANT]
-> As long as your users have licenses that include Azure Multi-Factor Authentication, there's nothing that you need to do to turn on Azure MFA. You can start requiring two-step verification on an individual user basis. The licenses that enable Azure MFA are:
+> As long as your users have licenses that include Azure AD Multi-Factor Authentication, there's nothing that you need to do to turn on Azure MFA. You can start requiring two-step verification on an individual user basis. The licenses that enable Azure MFA are:
-> * Azure Multi-Factor Authentication
+> * Azure AD Multi-Factor Authentication
 > * Azure Active Directory Premium
 > * Enterprise Mobility + Security
 > 
@@ -115,7 +115,7 @@ Review the [What is Azure Multi-Factor Authentication](https://docs.microsoft.co
 If your organization uses Azure MFA on a per-consumption model (no licenses), then review the [Create a Multifactor Authentication Provider](https://docs.microsoft.com/azure/multi-factor-authentication/multi-factor-authentication-get-started-auth-provider) section to create an Azure MFA Authentication provider and associate it with your Azure tenant. 
 
 #### Configure Azure MFA Settings ####
-Once you have created your Azure MFA authentication provider and associated it with an Azure tenant, you need to configure the multi-factor authentication settings.  Review the [Configure Azure Multi-Factor Authentication settings](https://docs.microsoft.com/azure/multi-factor-authentication/multi-factor-authentication-whats-next) section to configure your settings.
+Once you have created your Azure MFA authentication provider and associated it with an Azure tenant, you need to configure the multi-factor authentication settings.  Review the [Configure Azure AD Multi-Factor Authentication settings](https://docs.microsoft.com/azure/multi-factor-authentication/multi-factor-authentication-whats-next) section to configure your settings.
 
 #### Azure MFA User States ####
 After you have completed configuring your Azure MFA settings, you want to review configure [User States](https://docs.microsoft.com/azure/multi-factor-authentication/multi-factor-authentication-get-started-user-states) to understand user states.  User states determine how you enable Azure MFA for your users.
@@ -126,12 +126,12 @@ Alternatively, you can configure Windows Server 2016 Active Directory Federation
 ### Section Review
 
 > [!div class="checklist"]
-> * Review the overview and uses of Azure Multifactor Authentication.
+> * Review the overview and uses of Azure AD Multi-Factor Authentication.
-> * Review your Azure Active Directory subscription for Azure Multifactor Authentication.
+> * Review your Azure Active Directory subscription for Azure AD Multi-Factor Authentication.
-> * Create an Azure Multifactor Authentication Provider, if necessary.
+> * Create an Azure AD Multi-Factor Authentication Provider, if necessary.
-> * Configure Azure Multifactor Authentication features and settings.
+> * Configure Azure AD Multi-Factor Authentication features and settings.
-> * Understand the different User States and their effect on Azure Multifactor Authentication.
+> * Understand the different User States and their effect on Azure AD Multi-Factor Authentication Authentication.
-> * Consider using Azure Multifactor Authentication or a third-party multifactor authentication provider with Windows Server 2016 Active Directory Federation Services, if necessary.
+> * Consider using Azure AD Multi-Factor Authentication Authentication or a third-party multifactor authentication provider with Windows Server 2016 Active Directory Federation Services, if necessary.
 
 > [!div class="nextstepaction"]
 > [Configure Azure Device Registration](hello-hybrid-cert-trust-devreg.md)

windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md

@@ -110,13 +110,13 @@ The next step of the deployment is to follow the [Creating an Azure AD tenant](h
 ## Multifactor Authentication Services
 Windows Hello for Business uses multifactor authentication during provisioning and during user initiated PIN reset scenarios, such as when a user forgets their PIN.  There are two preferred multifactor authentication configurations with hybrid deployments—Azure MFA and AD FS using Azure MFA or a third-party MFA adapter
 
-Review the [What is Azure Multi-Factor Authentication](https://docs.microsoft.com/azure/multi-factor-authentication/multi-factor-authentication) topic to familiarize yourself its purpose and how it works.
+Review the [What is Azure AD Multi-Factor Authentication](https://docs.microsoft.com/azure/multi-factor-authentication/multi-factor-authentication) topic to familiarize yourself its purpose and how it works.
 
-### Azure Multi-Factor Authentication (MFA) Cloud
+### Azure AD Multi-Factor Authentication Authentication (MFA) Cloud
 
 > [!IMPORTANT]
-> As long as your users have licenses that include Azure Multi-Factor Authentication, there's nothing that you need to do to turn on Azure MFA. You can start requiring two-step verification on an individual user basis. The licenses that enable Azure MFA are:
+> As long as your users have licenses that include Azure AD Multi-Factor Authentication, there's nothing that you need to do to turn on Azure MFA. You can start requiring two-step verification on an individual user basis. The licenses that enable Azure MFA are:
-> * Azure Multi-Factor Authentication
+> * Azure AD Multi-Factor Authentication
 > * Azure Active Directory Premium
 > * Enterprise Mobility + Security
 > 
@@ -124,7 +124,7 @@ Review the [What is Azure Multi-Factor Authentication](https://docs.microsoft.co
 
 
 #### Configure Azure MFA Settings
-Review the [Configure Azure Multi-Factor Authentication settings](https://docs.microsoft.com/azure/multi-factor-authentication/multi-factor-authentication-whats-next) section to configure your settings.
+Review the [Configure Azure AD Multi-Factor Authentication settings](https://docs.microsoft.com/azure/multi-factor-authentication/multi-factor-authentication-whats-next) section to configure your settings.
 
 #### Azure MFA User States
 After you have completed configuring your Azure MFA settings, you want to review [How to require two-step verification for a user](https://docs.microsoft.com/azure/multi-factor-authentication/multi-factor-authentication-get-started-user-states) to understand user states. User states determine how you enable Azure MFA for your users.
@@ -135,12 +135,12 @@ Alternatively, you can configure Windows Server 2016 Active Directory Federation
 ### Section Review
 
 > [!div class="checklist"]
-> * Review the overview and uses of Azure Multifactor Authentication.
+> * Review the overview and uses of Azure AD Multi-Factor Authentication.
-> * Review your Azure Active Directory subscription for Azure Multifactor Authentication.
+> * Review your Azure Active Directory subscription for Azure AD Multi-Factor Authentication.
-> * Create an Azure Multifactor Authentication Provider, if necessary.
+> * Create an Azure AD Multi-Factor Authentication Provider, if necessary.
-> * Configure Azure Multifactor Authentication features and settings.
+> * Configure Azure AD Multi-Factor Authentication features and settings.
-> * Understand the different User States and their effect on Azure Multifactor Authentication.
+> * Understand the different User States and their effect on Azure AD Multi-Factor Authentication.
-> * Consider using Azure Multifactor Authentication or a third-party multifactor authentication provider with Windows Server Active Directory Federation Services, if necessary.
+> * Consider using Azure AD Multi-Factor Authentication or a third-party multifactor authentication provider with Windows Server Active Directory Federation Services, if necessary.
 
 > [!div class="nextstepaction"]
 > [Configure Azure Device Registration](hello-hybrid-key-trust-devreg.md)

windows/security/identity-protection/hello-for-business/hello-identity-verification.md

@@ -34,6 +34,7 @@ Windows Hello addresses the following problems with passwords:
 > | :---: | :---: | :---: |
 > | [![Overview Icon](images/hello_filter.png)](hello-overview.md)</br>[Overview](hello-overview.md) | [![Why a PIN is better than a password Icon](images/hello_lock.png)](hello-why-pin-is-better-than-password.md)</br>[Why PIN is better than a password](hello-why-pin-is-better-than-password.md) | [![Manage Hello Icon](images/hello_gear.png)](hello-manage-in-organization.md)</br>[Manage Windows Hello in your Organization](hello-manage-in-organization.md) |
  
+
 ## Prerequisites
 
 ### Cloud Only Deployment
@@ -41,7 +42,7 @@ Windows Hello addresses the following problems with passwords:
 * Windows 10, version 1511 or later
 * Microsoft Azure Account
 * Azure Active Directory
-* Azure Multi-factor authentication
+* Azure AD Multi-Factor Authentication
 * Modern Management (Intune or supported third-party MDM), *optional*
 * Azure AD Premium subscription - *optional*, needed for automatic MDM enrollment when the device joins Azure Active Directory
 

windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md

@@ -19,7 +19,7 @@ ms.reviewer:
 # Validate and Deploy Multi-factor Authentication (MFA)
 
 > [!IMPORTANT]
-> As of July 1, 2019, Microsoft will no longer offer MFA Server for new deployments. New customers who would like to require multi-factor authentication from their users should use cloud-based Azure Multi-Factor Authentication. Existing customers who have activated MFA Server prior to July 1 will be able to download the latest version, future updates and generate activation credentials as usual.
+> As of July 1, 2019, Microsoft will no longer offer MFA Server for new deployments. New customers who would like to require multi-factor authentication from their users should use cloud-based Azure AD Multi-Factor Authentication. Existing customers who have activated MFA Server prior to July 1 will be able to download the latest version, future updates and generate activation credentials as usual.
 
 **Applies to**
 

windows/security/identity-protection/hello-for-business/hello-planning-guide.md

@@ -106,13 +106,13 @@ The built-in Windows Hello for Business provisioning experience creates a hardwa
 #### Multifactor authentication
 
 > [!IMPORTANT]
-> As of July 1, 2019, Microsoft will no longer offer MFA Server for new deployments. New customers who require multi-factor authentication for their users should use cloud-based Azure Multi-Factor Authentication. Existing customers who have activated MFA Server prior to July 1, 2019 will be able to download the latest version, future updates and generate activation credentials as usual. See [Getting started with the Azure Multi-Factor Authentication Server](https://docs.microsoft.com/azure/active-directory/authentication/howto-mfaserver-deploy) for more details.
+> As of July 1, 2019, Microsoft will no longer offer MFA Server for new deployments. New customers who require multi-factor authentication for their users should use cloud-based Azure AD Multi-Factor Authentication. Existing customers who have activated MFA Server prior to July 1, 2019 will be able to download the latest version, future updates and generate activation credentials as usual. See [Getting started with the Azure AD Multi-Factor Authentication Server](https://docs.microsoft.com/azure/active-directory/authentication/howto-mfaserver-deploy) for more details.
 
 The goal of Windows Hello for Business is to move organizations away from passwords by providing them a strong credential that provides easy two-factor authentication.  The built-in provisioning experience accepts the user's weak credentials (username and password) as the first factor authentication; however, the user must provide a second factor of authentication before Windows provisions a strong credential.  
 
-Cloud only and hybrid deployments provide many choices for multi-factor authentication.  On-premises deployments must use a multi-factor authentication that provides an AD FS multi-factor adapter to be used in conjunction with the on-premises Windows Server 2016 AD FS server role. Organizations can use the on-premises Azure Multi-factor Authentication server, or choose from several third parties (Read [Microsoft and third-party additional authentication methods](https://docs.microsoft.com/windows-server/identity/ad-fs/operations/configure-additional-authentication-methods-for-ad-fs#microsoft-and-third-party-additional-authentication-methods) for more information).
+Cloud only and hybrid deployments provide many choices for multi-factor authentication.  On-premises deployments must use a multi-factor authentication that provides an AD FS multi-factor adapter to be used in conjunction with the on-premises Windows Server 2016 AD FS server role. Organizations can use the on-premises Azure AD Multi-Factor Authentication server, or choose from several third parties (Read [Microsoft and third-party additional authentication methods](https://docs.microsoft.com/windows-server/identity/ad-fs/operations/configure-additional-authentication-methods-for-ad-fs#microsoft-and-third-party-additional-authentication-methods) for more information).
 > [!NOTE]
-> Azure Multi-Factor Authentication is available through:
+> Azure AD Multi-Factor Authentication is available through:
 > * Microsoft Enterprise Agreement
 > * Open Volume License Program
 > * Cloud Solution Providers program

windows/security/threat-protection/TOC.md

@@ -106,7 +106,7 @@
 #### [Device control]()
 ##### [Code integrity](device-guard/enable-virtualization-based-protection-of-code-integrity.md)
 ##### [Control USB devices](device-control/control-usb-devices-using-intune.md)
-
+##### [Device control report](device-control/device-control-report.md)
 
 #### [Exploit protection]()
 ##### [Protect devices from exploits](microsoft-defender-atp/exploit-protection.md)
@@ -298,6 +298,7 @@
 ##### [Set preferences](microsoft-defender-atp/linux-preferences.md)
 ##### [Detect and block Potentially Unwanted Applications](microsoft-defender-atp/linux-pua.md)
 ##### [Schedule scans with Microsoft Defender ATP for Linux](microsoft-defender-atp/linux-schedule-scan-atp.md)
+##### [Schedule an update of the Microsoft Defender for Endpoint (Linux)](microsoft-defender-atp/linux-update-MDE-Linux.md)
 
 #### [Troubleshoot]()
 ##### [Troubleshoot installation issues](microsoft-defender-atp/linux-support-install.md)

windows/security/threat-protection/device-control/device-control-report.md

@@ -0,0 +1,73 @@
+---
+title: Protect your organization’s data with device control
+description: Monitor your organization's data security through device control reports.
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.localizationpriority: medium
+ms.author: v-ajupudi
+author: alluthewriter
+ms.reviewer: dansimp
+manager: dansimp
+audience: ITPro
+---
+# Protect your organization’s data with device control
+
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+Microsoft Defender for Endpoint device control protects against data loss, by monitoring and controlling media use by devices in your organization, such as the use of removable storage devices and USB drives.
+
+With the device control report, you can view events that relate to media usage, such as:
+
+- **Audit events:** Shows the number of audit events that occur when external media is connected.
+- **Policy events:** Shows the number of policy events that occur when a device control policy is triggered.
+
+> [!NOTE]
+> The audit event to track media usage is enabled by default for devices onboarded to Microsoft Defender for Endpoint.
+
+## Understanding the audit events
+
+The audit events include:
+
+- **USB drive mount and unmount:** Audit events that are generated when a USB drive is mounted or unmounted.
+- **PnP:** Plug and Play audit events are generated when removable storage, a printer, or Bluetooth media is connected.
+
+## Monitor device control security
+
+Device control in Microsoft Defender for Endpoint empowers security administrators with tools that enable them to track their organization’s device control security through reports. You can find the device control report in the Microsoft 365 security center by going to **Reports > Device protection**.
+
+The Device protection card on the **Reports** dashboard shows the number of audit events generated by media type, over the last 180 days.
+
+> [!div class="mx-imgBorder"]
+> ![DeviceControlReportCard](images/devicecontrolcard.png)
+
+The **View details** button shows more media usage data in the **device control report** page.
+
+The page provides a dashboard with aggregated number of events per type and a list of events. Administrators can filter on time range, media class name, and device ID.
+
+> [!div class="mx-imgBorder"]
+> ![DeviceControlReportDetails](images/Detaileddevicecontrolreport.png)
+
+When you select an event, a flyout appears that shows you more information:
+
+- **General details:** Date, Action mode, and the policy of this event.
+- **Media information:** Media information includes Media name, Class name, Class GUID, Device ID, Vendor ID, Volume, Serial number, and Bus type.
+- **Location details:** Device name and MDATP device ID.
+
+> [!div class="mx-imgBorder"]
+> ![FilterOnDeviceControlReport](images/devicecontrolreportfilter.png)
+
+To see real-time activity for this media across the organization, select the **Open Advanced hunting** button. This includes an embedded, pre-defined query.
+
+> [!div class="mx-imgBorder"]
+> ![QueryOnDeviceControlReport](images/Devicecontrolreportquery.png)
+
+To see the security of the device, select the **Open device page** button on the flyout. This button opens the device entity page.
+
+> [!div class="mx-imgBorder"]
+> ![DeviceEntityPage](images/Devicesecuritypage.png)
+
+## Reporting delays
+
+The device control report can have a 12-hour delay from the time a media connection occurs to the time the event is reflected in the card or in the domain list.

windows/security/threat-protection/microsoft-defender-atp/android-terms.md

@@ -55,9 +55,9 @@ DO NOT USE THE APPLICATION.**
         of this application on Android enabled device or devices that you own
         or control. You may use this application with your company's valid
         subscription of Microsoft Defender for Endpoint or
-        an online service that includes MDATP functionalities.
+        an online service that includes Microsoft Defender for Endpoint functionalities.
 
-    2.  **Updates.** Updates or upgrades to MDATP may be required for full
+    2.  **Updates.** Updates or upgrades to Microsoft Defender for Endpoint may be required for full
         functionality. Some functionality may not be available in all countries.
 
     3.  **Third-Party Programs.** The application may include third-party

windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md

@@ -36,7 +36,7 @@ Retrieves specific [Alert](alerts.md) by its ID.
 
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---

windows/security/threat-protection/microsoft-defender-atp/get-domain-related-machines.md

@@ -36,7 +36,7 @@ Retrieves a collection of [Machines](machine.md) that have communicated to or fr
 
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---

windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md

@@ -27,7 +27,7 @@ ms.topic: article
 Retrieves a security recommendation by its ID.
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md) for details.
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---

windows/security/threat-protection/microsoft-defender-atp/get-started-partner-integration.md

@@ -1,5 +1,5 @@
 ---
-title: Become a Microsoft Defender ATP partner
+title: Become a Microsoft Defender for Endpoint partner
 ms.reviewer: 
 description: Learn the steps and requirements to integrate your solution with Microsoft Defender ATP and be a partner
 keywords: partner, integration, solution validation, certification, requirements, member, misa, application portal
@@ -40,17 +40,23 @@ Once the Microsoft Defender for Endpoint team has reviewed and approves the inte
 [Microsoft Intelligent Security Association](https://www.microsoft.com/security/partnerships/intelligent-security-association) is a program specifically for Microsoft security partners to help enrich your security products and improve customer discoverability of your integrations to Microsoft security products.
 
 ## Step 4: Get listed in the Microsoft Defender for Endpoint partner application portal
-Microsoft Defender ATP supports third-party applications discovery and integration using the in-product [partner page](partner-applications.md) that is embedded within the Microsoft Defender for Endpoint management portal. 
+Microsoft Defender for Endpoint supports third-party applications discovery and integration using the in-product [partner page](partner-applications.md) that is embedded within the Microsoft Defender for Endpoint management portal. 
 
 To have your company listed as a partner in the in-product partner page, you will need to provide the following information:
 
 1. A square logo (SVG).
 2. Name of the product to be presented.
 3. Provide a 15-word product description.
-4. Link to the landing page for the customer to complete the integration or blog post that will include sufficient information for customers. Any press release including the Microsoft Defender ATP product name should be reviewed by the marketing and engineering teams. Wait for at least 10 days for the review process to be done.
+4. Link to the landing page for the customer to complete the integration or blog post that will include sufficient information for customers. Any press release including the Microsoft Defender for Endpoint product name should be reviewed by the marketing and engineering teams. Wait for at least 10 days for the review process to be done.
 5.	If you use a multi-tenant Azure AD approach, we will need the Azure AD application name to track usage of the application.
 6. Include the User-Agent field in each API call made to Microsoft Defender for Endpoint public set of APIs or Graph Security APIs. This will be used for statistical purposes, troubleshooting, and partner recognition. In addition, this step is a requirement for membership in Microsoft Intelligent Security Association (MISA).
 
+    Follow these steps:
+    1.	Identify a name adhering to the following nomenclature that includes your company name and the Microsoft Defender for Endpoint-integrated product with the version of the product that includes this integration. 
+      - ISV Nomenclature: `MdatpPartner-{CompanyName}-{ProductName}/{Version}`
+      - Security partner Nomenclature: `MdatpPartner-{CompanyName}-{ProductName}/{TenantID}` 
+
+
    	- Set the User-Agent field in each HTTP request header to the name based on the Following nomenclature.
 
     - `MsdePartner-{CompanyName}-{ProductName}/{Version}`

windows/security/threat-protection/microsoft-defender-atp/indicator-manage.md

@@ -68,7 +68,7 @@ rbacGroupNames | String | Comma-separated list of RBAC group names the indicator
 category | String | Category of the alert. Examples include: Execution and credential access. **Optional**
 mitretechniques| String | MITRE techniques code/id (comma separated). For more information, see [Enterprise tactics](https://attack.mitre.org/tactics/enterprise/). **Optional** It is recommended to add a value in category when a MITRE technique.
 
-For more information, see [Microsoft Defender ATP alert categories are now aligned with MITRE ATT&CK!](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/microsoft-defender-atp-alert-categories-are-now-aligned-with/ba-p/732748).
+For more information, see [Microsoft Defender for Endpoint alert categories are now aligned with MITRE ATT&CK!](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/microsoft-defender-atp-alert-categories-are-now-aligned-with/ba-p/732748).
 
 
 ## See also

windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md

@@ -143,7 +143,7 @@ To further inspect the event and related events, you can quickly run an [advance
 
 ### Security recommendations
 
-**Security recommendations** are generated from Microsoft Defender ATP's [Threat & Vulnerability Management](tvm-dashboard-insights.md) capability. Selecting a recommendation will show a panel where you can view relevant details such as description of the recommendation and the potential risks associated with not enacting it. See [Security recommendation](tvm-security-recommendation.md) for details.
+**Security recommendations** are generated from Microsoft Defender for Endpoint's [Threat & Vulnerability Management](tvm-dashboard-insights.md) capability. Selecting a recommendation will show a panel where you can view relevant details such as description of the recommendation and the potential risks associated with not enacting it. See [Security recommendation](tvm-security-recommendation.md) for details.
 
 ![Image of security recommendations tab](images/security-recommendations-device.png)
 

windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md

@@ -38,7 +38,7 @@ This article describes how to deploy Microsoft Defender for Endpoint for Linux m
 
 ## Prerequisites and system requirements
 
-Before you get started, see [Microsoft Defender ATP for Linux](microsoft-defender-atp-linux.md) for a description of prerequisites and system requirements for the current software version.
+Before you get started, see [Microsoft Defender for Endpoint for Linux](microsoft-defender-atp-linux.md) for a description of prerequisites and system requirements for the current software version.
 
 ## Configure the Linux software repository
 

windows/security/threat-protection/microsoft-defender-atp/linux-privacy.md

@@ -98,7 +98,7 @@ The following fields are considered common for all events:
 
 **Required diagnostic data** is the minimum data necessary to help keep Defender for Endpoint secure, up-to-date, and perform as expected on the device it’s installed on.
 
-Required diagnostic data helps to identify problems with Microsoft Defender ATP that may be related to a device or software configuration. For example, it can help determine if a Defender for Endpoint feature crashes more frequently on a particular operating system version, with newly introduced features, or when certain Defender for Endpoint features are disabled. Required diagnostic data helps Microsoft detect, diagnose, and fix these problems more quickly so the impact to users or organizations is reduced.
+Required diagnostic data helps to identify problems with Microsoft Defender for Endpoint that may be related to a device or software configuration. For example, it can help determine if a Defender for Endpoint feature crashes more frequently on a particular operating system version, with newly introduced features, or when certain Defender for Endpoint features are disabled. Required diagnostic data helps Microsoft detect, diagnose, and fix these problems more quickly so the impact to users or organizations is reduced.
 
 #### Software setup and inventory data events
 

windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md

@@ -55,7 +55,7 @@ Check if the mdatp service is running:
 systemctl status mdatp
 ```
 ```Output
- ● mdatp.service - Microsoft Defender ATP
+ ● mdatp.service - Microsoft Defender for Endpoint
    Loaded: loaded (/lib/systemd/system/mdatp.service; enabled; vendor preset: enabled)
    Active: active (running) since Thu 2020-03-26 10:37:30 IST; 23h ago
  Main PID: 1966 (wdavdaemon)

windows/security/threat-protection/microsoft-defender-atp/linux-update-MDE-Linux.md

@@ -0,0 +1,182 @@
+---
+title: How to schedule an update of the Microsoft Defender for Endpoint (Linux)
+description: Learn how to schedule an update of the Microsoft Defender for Endpoint (Linux) to better protect your organization's assets.
+keywords: microsoft, defender, atp, linux, scans, antivirus, microsoft defender for endpoint (linux)
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dansimp
+author: dansimp
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: conceptual
+---
+
+# Schedule an update of the Microsoft Defender for Endpoint (Linux)
+
+To run an update on Microsoft Defender for Endpoint for Linux, see [Deploy updates for Microsoft Defender for Endpoint for Linux](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/linux-updates).
+
+Linux (and Unix) have a tool called **crontab** (similar to Task Scheduler) to be able to run scheduled tasks.
+
+## Pre-requisite
+
+> [!NOTE]
+> To get a list of all the time zones, run the following command:
+> `timedatectl list-timezones`<br>
+> Examples for timezones: <br>
+> - `America/Los_Angeles`
+> - `America/New_York`
+> - `America/Chicago`
+> - `America/Denver`
+
+## To set the Cron job
+Use the following commands:
+
+**To backup crontab entries**
+
+`sudo crontab -l > /var/tmp/cron_backup_201118.dat`
+
+> [!NOTE]
+> Where 201118 == YYMMDD
+
+> [!TIP]
+> Do this before you edit or remove. <br>
+
+To edit the crontab, and add a new job as a root user: <br>
+`sudo crontab -e`
+
+> [!NOTE]
+> The default editor is VIM.
+
+You might see:
+
+0****/etc/opt/microsoft/mdatp/logrorate.sh
+
+And
+
+02**sat /bin/mdatp scan quick>~/mdatp_cron_job.log
+
+See [Schedule scans with Microsoft Defender for Endpoint (Linux)](linux-schedule-scan-atp.md)
+
+Press “Insert”
+
+Add the following entries:
+
+CRON_TZ=America/Los_Angeles
+
+> #!RHEL and variants (CentOS and Oracle Linux)
+
+`06**sun[$(date +\%d) -le 15] sudo yum update mdatp>>~/mdatp_cron_job.log`
+
+> #!SLES and variants
+
+`06**sun[$(date +\%d) -le 15] sudo zypper update mdatp>>~/mdatp_cron_job.log`
+
+> #!Ubuntu and Debian systems
+
+`06**sun [$(date +\%d) -le 15] sudo apt-get install --only-upgrade mdatp>>~/mdatp_cron_job.log`
+
+> [!NOTE]
+> In the examples above, we are setting it to 00 minutes, 6 a.m.(hour in 24 hour format), any day of the month, any month, on Sundays.[$(date +\%d) -le 15] == Won’t run unless it’s equal or less than the 15th day (3rd week). Meaning it will run every 3rd Sundays(7) of the month at 6:00 a.m. Pacific (UTC -8).
+
+Press “Esc”
+
+Type “:wq” w/o the double quotes.
+
+> [!NOTE]
+> w == write, q == quit
+
+To view your cron jobs, type `sudo crontab -l`
+
+:::image type="content" source="images/update-MDE-linux-4634577.jpg" alt-text="update MDE linux":::
+
+To inspect cron job runs:
+`sudo grep mdatp /var/log/cron`
+
+To inspect the mdatp_cron_job.log
+`sudo nano mdatp_cron_job.log`
+
+## For those who use Ansible, Chef, or Puppet
+
+Use the following commands:
+### To set cron jobs in Ansible
+
+`cron – Manage cron.d and crontab entries`
+
+See [https://docs.ansible.com/ansible/latest/modules/cron_module.html](https://docs.ansible.com/ansible/latest/modules/cron_module.html) for more information.
+
+### To set crontabs in Chef
+`cron resource`
+
+See [https://docs.chef.io/resources/cron/](https://docs.chef.io/resources/cron/) for more information.
+
+### To set cron jobs in Puppet
+Resource Type: cron
+
+See [https://puppet.com/docs/puppet/5.5/types/cron.html](https://puppet.com/docs/puppet/5.5/types/cron.html) for more information.
+
+Automating with Puppet: Cron jobs and scheduled tasks
+
+See [https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/](https://puppet.com/blog/automating-puppet-cron-jobs-and-scheduled-tasks/) for more information.
+
+## Additional information
+
+**To get help with crontab**
+
+`man crontab`
+
+**To get a list of crontab file of the current user**
+
+`crontab -l`
+
+**To get a list of crontab file of another user**
+
+`crontab -u username -l`
+
+**To backup crontab entries**
+
+`crontab -l > /var/tmp/cron_backup.dat`
+
+> [!TIP]
+> Do this before you edit or remove. <br>
+
+**To restore crontab entries**
+
+`crontab /var/tmp/cron_backup.dat`
+
+**To edit the crontab and add a new job as a root user**
+
+`sudo crontab -e`
+
+**To edit the crontab and add a new job**
+
+`crontab -e`
+
+**To edit other user’s crontab entries**
+
+`crontab -u username -e`
+
+**To remove all crontab entries**
+
+`crontab -r`
+
+**To remove other user’s crontab entries**
+
+`crontab -u username -r`
+
+**Explanation**
+
+<pre>
++—————- minute (values: 0 – 59) (special characters: , – * /)  <br>
+| +————- hour (values: 0 – 23) (special characters: , – * /) <br>
+| | +———- day of month (values: 1 – 31) (special characters: , – * / L W C)  <br>
+| | | +——- month (values: 1 – 12) (special characters: ,- * / )  <br>
+| | | | +—- day of week (values: 0 – 6) (Sunday=0 or 7) (special characters: , – * / L W C) <br>
+| | | | |*****command to be executed
+</pre>
+

windows/security/threat-protection/microsoft-defender-atp/mac-install-with-other-mdm.md

@@ -112,4 +112,4 @@ As part of the Endpoint Detection and Response capabilities, Microsoft Defender
 
 ## Check installation status
 
-Run [mdatp](mac-install-with-jamf.md) on a client device to check the onboarding status.
+Run [Microsoft Defender for Endpoint](mac-install-with-jamf.md) on a client device to check the onboarding status.

windows/security/threat-protection/microsoft-defender-atp/mac-resources.md

@@ -52,7 +52,7 @@ If you can reproduce a problem, increase the logging level, run the system for s
    ```bash
    sudo mdatp diagnostic create
    ```
-   ```Output
+   ```console
    Diagnostic file created: "/Library/Application Support/Microsoft/Defender/wdavdiag/932e68a8-8f2e-4ad0-a7f2-65eb97c0de01.zip"
    ```
 
@@ -61,7 +61,7 @@ If you can reproduce a problem, increase the logging level, run the system for s
    ```bash
    mdatp log level set --level info
    ```
-   ```Output
+   ```console
    Log level configured successfully
    ```
 
@@ -105,7 +105,7 @@ Important tasks, such as controlling product settings and triggering on-demand s
 |Diagnostics  |Generate diagnostic logs                   |`mdatp diagnostic create --path [directory]`                                      |
 |Health       |Check the product's health                 |`mdatp health`                                                                    |
 |Health       |Check for a spefic product attribute       |`mdatp health --field [attribute: healthy/licensed/engine_version...]`            |
-|Protection   |Scan a path                                |`mdatp scan custom --path [path]`                                                 |
+|Protection   |Scan a path                                |`mdatp scan custom --path [path] [--ignore-exclusions]`                           |
 |Protection   |Do a quick scan                            |`mdatp scan quick`                                                                |
 |Protection   |Do a full scan                             |`mdatp scan full`                                                                 |
 |Protection   |Cancel an ongoing on-demand scan           |`mdatp scan cancel`                                                               |
@@ -113,17 +113,17 @@ Important tasks, such as controlling product settings and triggering on-demand s
 |EDR          |Turn on/off EDR preview for Mac            |`mdatp edr early-preview [enabled/disabled]`                                      |
 |EDR          |Add group tag to device. EDR tags are used for managing device groups. For more information, please visit https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-groups |`mdatp edr tag set --name GROUP --value [name]` |
 |EDR          |Remove group tag from device               |`mdatp edr tag remove --tag-name [name]`                                          |
-|EDR          |Add Group Id                               |`mdatp edr group-ids --group-id [group]`                                          |
+|EDR          |Add Group ID                               |`mdatp edr group-ids --group-id [group]`                                          |
 
 ### How to enable autocompletion
 
-To enable autocompletion in `Bash`, run the following command and restart the Terminal session:
+To enable autocompletion in bash, run the following command and restart the Terminal session:
 
 ```bash
 echo "source /Applications/Microsoft\ Defender\ ATP.app/Contents/Resources/Tools/mdatp_completion.bash" >> ~/.bash_profile
 ```
 
-To enable autocompletion in `zsh`:
+To enable autocompletion in zsh:
 
 - Check whether autocompletion is enabled on your device:
 
@@ -131,7 +131,7 @@ To enable autocompletion in `zsh`:
    cat ~/.zshrc | grep autoload
    ```
 
-- If the above command does not produce any output, you can enable autocompletion using the following command:
+- If the preceding command does not produce any output, you can enable autocompletion using the following command:
 
    ```zsh
    echo "autoload -Uz compinit && compinit" >> ~/.zshrc
@@ -152,4 +152,4 @@ To enable autocompletion in `zsh`:
 
 ## Microsoft Defender for Endpoint portal information
 
-[This blog](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/edr-capabilities-for-macos-have-now-arrived/ba-p/1047801) provides detailed guidance on what to expect in Microsoft Defender for Endpoint Security Center.
+[EDR capabilities for macOS have now arrived](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/edr-capabilities-for-macos-have-now-arrived/ba-p/1047801), on the Microsoft Defender for Endpoint blog, provides detailed guidance on what to expect in Microsoft Defender for Endpoint Security Center.

windows/security/threat-protection/microsoft-defender-atp/mac-support-license.md

@@ -42,7 +42,7 @@ Contact your administrator for help.
 
 **Cause:** 
 
-You deployed and/or installed the MDATP for macOS package ("Download installation package") but you might have run the configuration script ("Download onboarding package").
+You deployed and/or installed the Microsoft Defender for Endpoint for macOS package ("Download installation package") but you might have run the configuration script ("Download onboarding package").
 
 **Solution:**
 

windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md

@@ -27,10 +27,17 @@ ms.topic: conceptual
 > On macOS 11 (Big Sur), Microsoft Defender for Endpoint requires additional configuration profiles. If you are an existing customer upgrading from earlier versions of macOS, make sure to deploy the additional configuration profiles listed on [this page](mac-sysext-policies.md).
 
 > [!IMPORTANT]
-> With the agent version 101.13.75+, we released a change that removed conditions when Microsoft Defender for Endpoint was triggering the macOS Big Sur bug that manifests into a kernel panic. With that change Defender code path should no longer directly facilitate the kernel panic.
+> Support for macOS 10.13 (High Sierra) will be discontinued on February 15th, 2021.
+
+## 101.15.26
+
+- Improved the reliability of the agent when running on macOS 11 Big Sur
+- Added a new command-line switch (`--ignore-exclusions`) to ignore AV exclusions during custom scans (`mdatp scan custom`)
+- Performance improvements & bug fixes
 
 ## 101.13.75
 
+- Removed conditions when Microsoft Defender for Endpoint was triggering a macOS 11 (Big Sur) bug that manifests into a kernel panic
 - Fixed a memory leak in the Endpoint Security system extension when running on mac 11 (Big Sur)
 - Bug fixes
 

windows/security/threat-protection/microsoft-defender-atp/machine.md

@@ -59,7 +59,7 @@ lastExternalIpAddress | String | Last IP through which the [machine](machine.md)
 healthStatus | Enum | [machine](machine.md) health status. Possible values are: "Active", "Inactive", "ImpairedCommunication", "NoSensorData" and "NoSensorDataImpairedCommunication"
 rbacGroupName | String | Machine group Name.
 rbacGroupId | Int | Machine group unique ID.
-riskScore | Nullable Enum | Risk score as evaluated by Microsoft Defender ATP. Possible values are: 'None', 'Informational', 'Low', 'Medium' and 'High'.
+riskScore | Nullable Enum | Risk score as evaluated by Microsoft Defender for Endpoint. Possible values are: 'None', 'Informational', 'Low', 'Medium' and 'High'.
 exposureScore | Nullable Enum | [Exposure score](tvm-exposure-score.md) as evaluated by Microsoft Defender for Endpoint. Possible values are: 'None', 'Low', 'Medium' and 'High'.
 aadDeviceId | Nullable representation Guid | AAD Device ID (when [machine](machine.md) is AAD Joined).
 machineTags | String collection | Set of [machine](machine.md) tags.

windows/security/threat-protection/microsoft-defender-atp/management-apis.md

@@ -34,7 +34,7 @@ Acknowledging that customer environments and structures can vary, Defender for E
 
 ## Endpoint onboarding and portal access 
 
-Device onboarding is fully integrated into Microsoft Endpoint Configuration Manager and Microsoft Intune for client devices and Azure Security Center for server devices, providing complete end-to-end experience of configuration, deployment, and monitoring. In addition, Microsoft Defender ATP supports Group Policy and other third-party tools used for devices management.
+Device onboarding is fully integrated into Microsoft Endpoint Configuration Manager and Microsoft Intune for client devices and Azure Security Center for server devices, providing complete end-to-end experience of configuration, deployment, and monitoring. In addition, Microsoft Defender for Endpoint supports Group Policy and other third-party tools used for devices management.
 
 Defender for Endpoint provides fine-grained control over what users with access to the portal can see and do through the flexibility of role-based access control (RBAC). The RBAC model supports all flavors of security teams structure:
 - Globally distributed organizations and security teams
@@ -42,7 +42,7 @@ Defender for Endpoint provides fine-grained control over what users with access
 - Fully segregated divisions with single centralized global security operations teams 
 
 ## Available APIs
-The Microsoft Defender ATP solution is built on top of an integration-ready platform.
+The Microsoft Defender for Endpoint solution is built on top of an integration-ready platform.
 
 Defender for Endpoint exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate workflows and innovate based on Defender for Endpoint capabilities.
 

windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-prepare.md

@@ -44,7 +44,7 @@ This migration phase includes the following steps:
 
 ## Get and deploy updates across your organization's devices
 
-As a best practice, keep your organization's devices and endpoints up to date. Make sure your McAfee Endpoint Security (McAfee) solution is up to date, and that the operating systems and apps your organization is also have the latest updates. Doing this now can help prevent problems later as you migrate to Microsoft Defender ATP and Microsoft Defender Antivirus.
+As a best practice, keep your organization's devices and endpoints up to date. Make sure your McAfee Endpoint Security (McAfee) solution is up to date, and that the operating systems and apps your organization is also have the latest updates. Doing this now can help prevent problems later as you migrate to Microsoft Defender for Endpoint and Microsoft Defender Antivirus.
 
 ### Make sure your McAfee solution is up to date
 
@@ -72,24 +72,24 @@ Need help updating your organization's devices? See the following resources:
 
 ## Get Microsoft Defender for Endpoint
 
-Now that you've updated your organization's devices, the next step is to get Microsoft Defender ATP, assign licenses, and make sure the service is provisioned.
+Now that you've updated your organization's devices, the next step is to get Microsoft Defender for Endpoint, assign licenses, and make sure the service is provisioned.
 
 1. Buy or try Microsoft Defender for Endpoint today. [Start a free trial or request a quote](https://aka.ms/mdatp). 
 
 2. Verify that your licenses are properly provisioned. [Check your license state](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#check-license-state).
 
-3. As a global administrator or security administrator, set up your dedicated cloud instance of Microsoft Defender for Endpoint. See [Microsoft Defender ATP setup: Tenant configuration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#tenant-configuration).
+3. As a global administrator or security administrator, set up your dedicated cloud instance of Microsoft Defender for Endpoint. See [Microsoft Defender for Endpoint setup: Tenant configuration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#tenant-configuration).
 
-4. If endpoints (such as devices) in your organization use a proxy to access the internet, see [Microsoft Defender ATP setup: Network configuration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#network-configuration).
+4. If endpoints (such as devices) in your organization use a proxy to access the internet, see [Microsoft Defender for Endpoint setup: Network configuration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/production-deployment#network-configuration).
  
 At this point, you are ready to grant access to your security administrators and security operators who will use the Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)). 
 
 > [!NOTE]
-> The Microsoft Defender Security Center is sometimes referred to as the Microsoft Defender ATP portal. 
+> The Microsoft Defender Security Center is sometimes referred to as the Microsoft Defender for Endpoint portal. 
 
 ## Grant access to the Microsoft Defender Security Center
 
-The Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)) is where you access and configure features and capabilities of Microsoft Defender ATP. To learn more, see [Overview of the Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use).
+The Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)) is where you access and configure features and capabilities of Microsoft Defender for Endpoint. To learn more, see [Overview of the Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use).
 
 Permissions to the Microsoft Defender Security Center can be granted by using either basic permissions or role-based access control (RBAC). We recommend using RBAC so that you have more granular control over permissions.
 
@@ -106,16 +106,16 @@ Permissions to the Microsoft Defender Security Center can be granted by using ei
 
 ## Configure device proxy and internet connectivity settings
 
-To enable communication between your devices and Microsoft Defender ATP, configure proxy and internet settings. The following table includes links to resources you can use to configure your proxy and internet settings for various operating systems and capabilities:
+To enable communication between your devices and Microsoft Defender for Endpoint, configure proxy and internet settings. The following table includes links to resources you can use to configure your proxy and internet settings for various operating systems and capabilities:
 
 |Capabilities  | Operating System | Resources |
 |--|--|--|
 |[Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) |- [Windows 10](https://docs.microsoft.com/windows/release-information) <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803)  |[Configure machine proxy and internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet) |
 |EDR |- [Windows Server 2016](https://docs.microsoft.com/windows/release-information/status-windows-10-1607-and-windows-server-2016) <br/>- [Windows Server 2012 R2](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/>- [Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1)<br/>- [Windows 8.1](https://docs.microsoft.com/windows/release-information/status-windows-8.1-and-windows-server-2012-r2)<br/>- [Windows 7 SP1](https://docs.microsoft.com/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1) |[Configure proxy and internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel#configure-proxy-and-internet-connectivity-settings) |
-|EDR  |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra)  |[Microsoft Defender ATP for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
+|EDR  |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra)  |[Microsoft Defender for Endpoint for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
 |[Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) |- [Windows 10](https://docs.microsoft.com/windows/release-information) <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) <br/>- [Windows Server 2016](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-2016) |[Configure and validate Microsoft Defender Antivirus network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus)<br/> |
-|Antivirus |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra) |[Microsoft Defender ATP for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
+|Antivirus |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra) |[Microsoft Defender for Endpoint for Mac: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac#network-connections) |
-|Antivirus |Linux: <br/>- RHEL 7.2+<br/>- CentOS Linux 7.2+<br/>- Ubuntu 16 LTS, or higher LTS<br/>- SLES 12+<br/>- Debian 9+<br/>- Oracle Linux 7.2 |[Microsoft Defender ATP for Linux: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux#network-connections) 
+|Antivirus |Linux: <br/>- RHEL 7.2+<br/>- CentOS Linux 7.2+<br/>- Ubuntu 16 LTS, or higher LTS<br/>- SLES 12+<br/>- Debian 9+<br/>- Oracle Linux 7.2 |[Microsoft Defender for Endpoint for Linux: Network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux#network-connections) 
 
 ## Next step
 

windows/security/threat-protection/microsoft-defender-atp/mcafee-to-microsoft-defender-setup.md

@@ -106,7 +106,7 @@ The [DisableAntiSpyware](https://docs.microsoft.com/windows-hardware/customize/d
 
 ### Set Microsoft Defender Antivirus to passive mode on Windows Server
 
-Because your organization is still using McAfee, you must set Microsoft Defender Antivirus to passive mode. That way, McAfee and Microsoft Defender Antivirus can run side by side until you have finished onboarding to Microsoft Defender ATP.
+Because your organization is still using McAfee, you must set Microsoft Defender Antivirus to passive mode. That way, McAfee and Microsoft Defender Antivirus can run side by side until you have finished onboarding to Microsoft Defender for Endpoint.
 
 1. Open Registry Editor, and then navigate to <br/>
    `Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Windows Advanced Threat Protection`.
@@ -193,7 +193,7 @@ You can choose from several methods to add your exclusions to Microsoft Defender
 
 ## Add McAfee to the exclusion list for Microsoft Defender for Endpoint
 
-To add exclusions to Microsoft Defender ATP, you create [indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators#create-indicators-for-files).
+To add exclusions to Microsoft Defender for Endpoint, you create [indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators#create-indicators-for-files).
 
 1. Go to the Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)) and sign in.
 

windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md

@@ -18,7 +18,7 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Configure Microsoft Cloud App Security in Microsoft Defender ATP
+# Configure Microsoft Cloud App Security in Microsoft Defender for Endpoint
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
@@ -32,7 +32,7 @@ To benefit from Microsoft Defender for Endpoint cloud app discovery signals, tur
 >[!NOTE]
 >This feature will be available with an E5 license for [Enterprise Mobility + Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security) on devices running Windows 10, version 1709 (OS Build 16299.1085 with [KB4493441](https://support.microsoft.com/help/4493441)), Windows 10, version 1803 (OS Build 17134.704 with [KB4493464](https://support.microsoft.com/help/4493464)), Windows 10, version 1809 (OS Build 17763.379 with [KB4489899](https://support.microsoft.com/help/4489899)) or later Windows 10 versions.
 
-> See [Microsoft Defender for Endpoint integration with Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/wdatp-integration) for detailed integration of Microsoft Defender ATP with Microsoft Cloud App Security. 
+> See [Microsoft Defender for Endpoint integration with Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/wdatp-integration) for detailed integration of Microsoft Defender for Endpoint with Microsoft Cloud App Security. 
 
 ## Enable Microsoft Cloud App Security in Microsoft Defender for Endpoint
 

windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md

@@ -88,7 +88,7 @@ The attack surface reduction set of capabilities provides the first line of defe
 <a name="ngp"></a>
 
 **[Next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10)**<br>
-To further reinforce the security perimeter of your network, Microsoft Defender ATP uses next-generation protection designed to catch all types of emerging threats.
+To further reinforce the security perimeter of your network, Microsoft Defender for Endpoint uses next-generation protection designed to catch all types of emerging threats.
 
 <a name="edr"></a>
 
@@ -98,7 +98,7 @@ Endpoint detection and response capabilities are put in place to detect, investi
 <a name="ai"></a>
 
 **[Automated investigation and remediation](automated-investigations.md)**<br>
-In conjunction with being able to quickly respond to advanced attacks, Microsoft Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale. 
+In conjunction with being able to quickly respond to advanced attacks, Microsoft Defender for Endpoint offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale. 
 
 <a name="ss"></a>
 
@@ -123,7 +123,10 @@ Integrate Microsoft Defender Advanced Threat Protection into your existing workf
 <a name="mtp"></a>
 
 **[Integration with Microsoft solutions](threat-protection-integration.md)** <br>
-Defender for Endpoint directly integrates with various Microsoft solutions, including:
+ Defender for Endpoint directly integrates with various Microsoft solutions, including:
+- Intune
+- Microsoft Defender for Office 365 
+- Microsoft Defender for Identity 
 - Azure Security Center
 - Azure Sentinel
 - Intune

windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md

@@ -66,12 +66,12 @@ There are several methods and deployment tools that you can use to install and c
 The three most recent major releases of macOS are supported.
 
 > [!IMPORTANT]
-> On macOS 11 (Big Sur), Microsoft Defender for Endpoint requires additional configuration profiles. If you are an existing customer upgrading from earlier versions of macOS, make sure to deploy the additional configuration profiles listed on [this page](mac-sysext-policies.md).
+> On macOS 11 (Big Sur), Microsoft Defender for Endpoint requires additional configuration profiles. If you are an existing customer upgrading from earlier versions of macOS, make sure to deploy the additional configuration profiles listed on [New configuration profiles for macOS Catalina and newer versions of macOS](mac-sysext-policies.md).
 
 > [!IMPORTANT]
-> With the agent version 101.13.75+, we released a change that removed conditions when Microsoft Defender for Endpoint was triggering the macOS Big Sur bug that manifests into a kernel panic. With that change Defender code path should no longer directly facilitate the kernel panic.
+> Support for macOS 10.13 (High Sierra) will be discontinued on February 15th, 2021.
 
-- 10.15 (Catalina), 10.14 (Mojave), 10.13 (High Sierra)
+- 11 (Big Sur), 10.15 (Catalina), 10.14 (Mojave), 10.13 (High Sierra)
 - Disk space: 1GB
 
 Beta versions of macOS are not supported.
@@ -98,7 +98,7 @@ The following downloadable spreadsheet lists the services and their associated U
 
 |**Spreadsheet of domains list**|**Description**|
 |:-----|:-----|
-|![Thumb image for Microsoft Defender for Endpoint URLs spreadsheet](images/mdatp-urls.png)<br/>  | Spreadsheet of specific DNS records for service locations, geographic locations, and OS. <br><br>[Download the spreadsheet here.](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx) 
+|![Thumb image for Microsoft Defender for Endpoint URLs spreadsheet](images/mdatp-urls.png)<br/>  | Spreadsheet of specific DNS records for service locations, geographic locations, and OS. <br><br>Download the spreadsheet here: [mdatp-urls.xlsx](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx).
 
 Microsoft Defender for Endpoint can discover a proxy server by using the following discovery methods:
 - Proxy autoconfig (PAC)
@@ -144,10 +144,10 @@ Guidance for how to configure the product in enterprise environments is availabl
 
 ## macOS kernel and system extensions
 
-In alignment with macOS evolution, we are preparing a Microsoft Defender for Endpoint for Mac update that leverages system extensions instead of kernel extensions. Visit [What's new in Microsoft Defender for Endpoint for Mac](mac-whatsnew.md) for relevant details.
+In alignment with macOS evolution, we are preparing a Microsoft Defender for Endpoint for Mac update that leverages system extensions instead of kernel extensions. For relevant details, see [What's new in Microsoft Defender for Endpoint for Mac](mac-whatsnew.md).
 
 ## Resources
 
-- For more information about logging, uninstalling, or other topics, see the [Resources](mac-resources.md) page.
+- For more information about logging, uninstalling, or other topics, see [Resources for Microsoft Defender for Endpoint for Mac](mac-resources.md).
 
-- [Privacy for Microsoft Defender for Endpoint for Mac](mac-privacy.md)
+- [Privacy for Microsoft Defender for Endpoint for Mac](mac-privacy.md).

windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md

@@ -32,7 +32,7 @@ This article is part of the Deployment guide and acts as an example onboarding m
 
 This onboarding guidance will walk you through the following basic steps that you need to take when using Microsoft Endpoint Configuration Manager:
 - **Creating a collection in Microsoft Endpoint Configuration Manager**
-- **Configuring Microsoft Defender ATP capabilities using Microsoft Endpoint Configuration Manager**
+- **Configuring Microsoft Defender for Endpoint capabilities using Microsoft Endpoint Configuration Manager**
 
 >[!NOTE]
 >Only Windows devices are covered in this example deployment. 

windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md

@@ -176,14 +176,14 @@ how the endpoint security suite should be enabled.
 | Component                               | Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | Adoption Order Rank |
 |-----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------|
 | Endpoint Detection & Response (EDR)     | Defender for Endpoint endpoint detection and response capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats. <br> [Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response)                                                                                                                                                                                                                                             | 1                   |
-|Threat & Vulnerability Management (TVM)|Threat & Vulnerability Management is a component of Microsoft Defender ATP, and provides both security administrators and security operations teams with unique value, including: <br> - Real-time endpoint detection and response (EDR) insights correlated with endpoint vulnerabilities <br> - Invaluable device vulnerability context during incident investigations <br> -  Built-in remediation processes through Microsoft Intune and Microsoft System Center Configuration Manager <br> [Learn more](https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Introducing-a-risk-based-approach-to-threat-and-vulnerability/ba-p/377845).| 2 |
+|Threat & Vulnerability Management (TVM)|Threat & Vulnerability Management is a component of Microsoft Defender for Endpoint, and provides both security administrators and security operations teams with unique value, including: <br> - Real-time endpoint detection and response (EDR) insights correlated with endpoint vulnerabilities <br> - Invaluable device vulnerability context during incident investigations <br> -  Built-in remediation processes through Microsoft Intune and Microsoft System Center Configuration Manager <br> [Learn more](https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Introducing-a-risk-based-approach-to-threat-and-vulnerability/ba-p/377845).| 2 |
 | Next-generation protection (NGP)        | Microsoft Defender Antivirus is a built-in antimalware solution that provides next-generation protection for desktops, portable computers, and servers. Microsoft Defender Antivirus includes: <br> -Cloud-delivered protection for near-instant detection and blocking of new and emerging threats. Along with machine learning and the Intelligent Security Graph, cloud-delivered protection is part of the next-gen technologies that power Microsoft Defender Antivirus.   <br> -  Always-on scanning using advanced file and process behavior monitoring and other heuristics (also known as "real-time protection"). <br> - Dedicated protection updates based on machine-learning, human and automated big-data analysis, and in-depth threat resistance research. <br> [Learn more](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10).                                                                                                                                                                                                                                                                                                                                                                       |3                   |
-| Attack Surface Reduction (ASR)          | Attack surface reduction capabilities in Microsoft Defender ATP help protect the devices and applications in the organization from new and emerging threats. <br> [Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction)                                                                                                                                                                                                                                                                                                                                                                                       | 4                   |
+| Attack Surface Reduction (ASR)          | Attack surface reduction capabilities in Microsoft Defender for Endpoint help protect the devices and applications in the organization from new and emerging threats. <br> [Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction)                                                                                                                                                                                                                                                                                                                                                                                       | 4                   |
-| Auto Investigation & Remediation (AIR)  | Microsoft Defender ATP uses Automated investigations to significantly reduce the volume of alerts that need to be investigated individually. The Automated investigation feature leverages various inspection algorithms, and processes used by analysts (such as playbooks) to examine alerts and take immediate remediation action to resolve breaches. This significantly reduces alert volume, allowing security operations experts to focus on more sophisticated threats and other high value initiatives. <br>[Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection) | Not applicable      |
+| Auto Investigation & Remediation (AIR)  | Microsoft Defender for Endpoint uses Automated investigations to significantly reduce the volume of alerts that need to be investigated individually. The Automated investigation feature leverages various inspection algorithms, and processes used by analysts (such as playbooks) to examine alerts and take immediate remediation action to resolve breaches. This significantly reduces alert volume, allowing security operations experts to focus on more sophisticated threats and other high value initiatives. <br>[Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection) | Not applicable      |
 | Microsoft Threat Experts (MTE)          | Microsoft Threat Experts is a managed hunting service that provides Security Operation Centers (SOCs) with expert level monitoring and analysis to help them ensure that critical threats in their unique environments don't get missed. <br>[Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/microsoft-threat-experts)                                                                                                                                                                                                                                                                                                                     | Not applicable      |
 
 ## Next step
 |||
 |:-------|:-----|
-|![Phase 2: Setup](images/setup.png) <br>[Phase 2: Setup](production-deployment.md) | Set up Microsoft Defender ATP deployment
+|![Phase 2: Setup](images/setup.png) <br>[Phase 2: Setup](production-deployment.md) | Set up Microsoft Defender for Endpoint deployment
 

windows/security/threat-protection/microsoft-defender-atp/preview.md

@@ -54,7 +54,7 @@ Turn on the preview experience setting to be among the first to try upcoming fea
 ## Preview features
 
 The following features are included in the preview release:
-- [Microsoft Defender for Endpoint for iOS](microsoft-defender-atp-ios.md) <br> Microsoft Defender ATP now adds support for iOS. Learn how to install, configure, and use Microsoft Defender ATP for iOS.
+- [Microsoft Defender for Endpoint for iOS](microsoft-defender-atp-ios.md) <br> Microsoft Defender for Endpoint now adds support for iOS. Learn how to install, configure, and use Microsoft Defender for Endpoint for iOS.
 
 - [Microsoft Defender for Endpoint for Android](microsoft-defender-atp-android.md) <br> Microsoft Defender for Endpoint now adds support for Android. Learn how to install, configure, and use Microsoft Defender for Endpoint for Android.
 

windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md

@@ -72,7 +72,7 @@ Want to experience Defender for Endpoint? [Sign up for a free trial.](https://ww
 
 - Each event hub message in Azure Event Hubs contains list of records.
 
-- Each record contains the event name, the time Microsoft Defender ATP received the event, the tenant it belongs (you will only get events from your tenant), and the event in JSON format in a property called "**properties**".
+- Each record contains the event name, the time Microsoft Defender for Endpoint received the event, the tenant it belongs (you will only get events from your tenant), and the event in JSON format in a property called "**properties**".
 
 - For more information about the schema of Microsoft Defender for Endpoint events, see [Advanced Hunting overview](advanced-hunting-overview.md).
 

windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md

@@ -1,6 +1,6 @@
 ---
 title: Take response actions on a file in Microsoft Defender ATP
-description: Take response actions on file related alerts by stopping and quarantining a file or blocking a file and checking activity details.
+description: Take response actions on file-related alerts by stopping and quarantining a file or blocking a file and checking activity details.
 keywords: respond, stop and quarantine, block file, deep analysis
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -133,6 +133,9 @@ You can roll back and remove a file from quarantine if you’ve determined that
 > 
 > Defender for Endpoint will restore all custom blocked files that were quarantined on this device in the last 30 days.
 
+> [!Important]
+> A file that was quarantined as a potential network threat might not be recoverable. If a user attempts to restore the file after quarantine, that file might not be accessible. This can be due to the system no longer having network credentials to access the file. Typically, this is a result of a temporary log on to a system or shared folder and the access tokens expired. 
+
 ## Add indicator to block or allow a file
 
 You can prevent further propagation of an attack in your organization by banning potentially malicious files or suspected malware. If you know a potentially malicious portable executable (PE) file, you can block it. This operation will prevent it from being read, written, or executed on devices in your organization.
@@ -213,6 +216,7 @@ The Deep analysis summary includes a list of observed *behaviors*, some of which
 Results of deep analysis are matched against threat intelligence and any matches will generate appropriate alerts.
 
 Use the deep analysis feature to investigate the details of any file, usually during an investigation of an alert or for any other reason where you suspect malicious behavior. This feature is available within the **Deep analysis** tab, on the file's profile page.
+<br/>
 
 >[!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4aAYy?rel=0] 
 
@@ -240,7 +244,8 @@ When the sample is collected, Defender for Endpoint runs the file in is a secure
 
     ![You can only submit PE files in the file details section](images/submit-file.png)
 
->**Note**&nbsp;&nbsp;Only PE files are supported, including _.exe_ and _.dll_ files
+    > [!NOTE]
+    > Only PE files are supported, including _.exe_ and _.dll_ files.
 
 A progress bar is displayed and provides information on the different stages of the analysis. You can then view the report when the analysis is done.
 

windows/security/threat-protection/microsoft-defender-atp/supported-response-apis.md

@@ -17,7 +17,7 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ---
 
-# Supported Microsoft Defender ATP query APIs 
+# Supported Microsoft Defender for Endpoint query APIs 
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 

windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md

@@ -69,7 +69,7 @@ To verify that your onboarded devices are properly connected to Microsoft Defend
 
 |Operating system  |Guidance  |
 |---------|---------|
-|- Windows 10 <br/>- Windows Server 2019 <br/>- Windows Server, version 1803 <br/>- Windows Server 2016 <br/>- Windows Server 2012 R2     |See [Run a detection test](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/run-detection-test). <br/><br/>Visit the Microsoft Defender ATP demo scenarios site ([https://demo.wd.microsoft.com](https://demo.wd.microsoft.com)) and try one or more of the scenarios. For example, try the **Cloud-delivered protection** demo scenario.         |
+|- Windows 10 <br/>- Windows Server 2019 <br/>- Windows Server, version 1803 <br/>- Windows Server 2016 <br/>- Windows Server 2012 R2     |See [Run a detection test](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/run-detection-test). <br/><br/>Visit the Microsoft Defender for Endpoint demo scenarios site ([https://demo.wd.microsoft.com](https://demo.wd.microsoft.com)) and try one or more of the scenarios. For example, try the **Cloud-delivered protection** demo scenario.         |
 |macOS<br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave)<br/>- 10.13 (High Sierra)     |Download and use the DIY app at [https://aka.ms/mdatpmacosdiy](https://aka.ms/mdatpmacosdiy). <br/><br/>For more information, see [Microsoft Defender Advanced Threat Protection for Mac](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac).        |
 |Linux:<br/>- RHEL 7.2+<br/>- CentOS Linux 7.2+<br/>- Ubuntu 16 LTS, or higher LTS<br/>- SLES 12+<br/>- Debian 9+<br/>- Oracle Linux 7.2 |1. Run the following command, and look for a result of **1**: <br/>`mdatp health --field real_time_protection_enabled`. <br/><br/>2. Open a Terminal window, and run the following command: <br/>`curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt`. <br/><br/>3. Run the following command to list any detected threats: <br/>`mdatp threat list`. <br/><br/>For more information, see [Microsoft Defender for Endpoint for Linux](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux). |
 

windows/security/threat-protection/microsoft-defender-atp/troubleshoot-collect-support-log.md

@@ -72,4 +72,4 @@ This topic provides instructions on how to run the tool via Live Response.
 >   GetFile "C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Downloads\MDATPClientAnalyzerResult.zip" -auto
 >   ```
 > 
-> - For more information on gathering data locally on a machine in case the machine isn't communicating with Microsoft Defender for Endpoint cloud services, or does not appear in MDATP portal as expected, see [Verify client connectivity to Microsoft Defender for Endpoint service URLs](configure-proxy-internet.md#verify-client-connectivity-to-microsoft-defender-atp-service-urls).
+> - For more information on gathering data locally on a machine in case the machine isn't communicating with Microsoft Defender for Endpoint cloud services, or does not appear in Microsoft Defender for Endpoint portal as expected, see [Verify client connectivity to Microsoft Defender for Endpoint service URLs](configure-proxy-internet.md#verify-client-connectivity-to-microsoft-defender-atp-service-urls).