Defender for Mac: update data collection checklist and mdatp usage

windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-privacy.md

@@ -148,6 +148,8 @@ Diagnostic logs are collected only with the consent of the user as part of the f
 - All files under */Library/Logs/Microsoft/mdatp/*
 - Subset of files under */Library/Application Support/Microsoft/Defender/* that are created and used by Microsoft Defender ATP for Mac
 - Subset of files under */Library/Managed Preferences* that are used by Microsoft Defender ATP for Mac
+- /Library/Logs/Microsoft/autoupdate.log
+- $HOME/Library/Preferences/com.microsoft.autoupdate2.plist
 
 ### Optional diagnostic data
 

windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md

@@ -80,21 +80,21 @@ Important tasks, such as controlling product settings and triggering on-demand s
 
 |Group        |Scenario                                   |Command                                                                |
 |-------------|-------------------------------------------|-----------------------------------------------------------------------|
-|Configuration|Turn on/off real-time protection           |`mdatp --config rtp [true/false]`                                      |
+|Configuration|Turn on/off real-time protection           |`mdatp --config realTimeProtectionEnabled [true/false]`                |
-|Configuration|Turn on/off cloud protection               |`mdatp --config cloud [true/false]`                                    |
+|Configuration|Turn on/off cloud protection               |`mdatp --config cloudEnabled [true/false]`                             |
 |Configuration|Turn on/off product diagnostics            |`mdatp --config diagnostic [true/false]`                               |
-|Configuration|Turn on/off automatic sample submission    |`mdatp --config sample-submission [true/false]`                        |
+|Configuration|Turn on/off automatic sample submission    |`mdatp --config cloudAutomaticSampleSubmission [true/false]`           |
 |Configuration|Turn on PUA protection                     |`mdatp --threat --type-handling potentially_unwanted_application block`|
 |Configuration|Turn off PUA protection                    |`mdatp --threat --type-handling potentially_unwanted_application off`  |
 |Configuration|Turn on audit mode for PUA protection      |`mdatp --threat --type-handling potentially_unwanted_application audit`|
 |Diagnostics  |Change the log level                       |`mdatp --log-level [error/warning/info/verbose]`                       |
-|Diagnostics  |Generate diagnostic logs                   |`mdatp --diagnostic --create`                                          |
+|Diagnostics  |Generate diagnostic logs                   |`mdatp --diagnostic`                                                   |
 |Health       |Check the product's health                 |`mdatp --health`                                                       |
 |Protection   |Scan a path                                |`mdatp --scan --path [path]`                                           |
 |Protection   |Do a quick scan                            |`mdatp --scan --quick`                                                 |
 |Protection   |Do a full scan                             |`mdatp --scan --full`                                                  |
 |Protection   |Cancel an ongoing on-demand scan           |`mdatp --scan --cancel`                                                |
-|Protection   |Request a security intelligence update                |`mdatp --definition-update`                                            |
+|Protection   |Request a security intelligence update     |`mdatp --definition-update`                                            |
 
 ## Microsoft Defender ATP portal information