Merging changes synced from https://github.com/MicrosoftDocs/windows-docs-pr (branch live)

windows/security/threat-protection/TOC.md

@@ -248,6 +248,18 @@
 #### [Privacy](microsoft-defender-atp/linux-privacy.md)
 #### [Resources](microsoft-defender-atp/linux-resources.md)
 
+
+### [Microsoft Defender Advanced Threat Protection for Android]()
+#### [Overview of Microsoft Defender ATP for Android](microsoft-defender-atp/microsoft-defender-atp-android.md)
+
+#### [Deploy]()
+##### [Deploy Microsoft Defender ATP for Android with Microsoft Intune](microsoft-defender-atp/android-intune.md)
+
+#### [Configure]()
+##### [Configure Microsoft Defender ATP for Android features](microsoft-defender-atp/android-configure.md)
+
+
+
 ### [Configure and manage Microsoft Threat Experts capabilities](microsoft-defender-atp/configure-microsoft-threat-experts.md)
 
 ## [Security operations]()

windows/security/threat-protection/microsoft-defender-atp/android-configure.md

@@ -0,0 +1,50 @@
+---
+title: Configure Microsoft Defender ATP for Android features
+ms.reviewer:
+description: Describes how to configure Microsoft Defender ATP for Android 
+keywords: microsoft, defender, atp, android, configuration
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dansimp
+author: dansimp
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: conceptual
+---
+
+# Configure Microsoft Defender ATP for Android features
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Android](microsoft-defender-atp-android.md)
+
+## Conditional Access with Microsoft Defender ATP for Android  
+Microsoft Defender ATP for Android along with Microsoft Intune and Azure Active
+Directory enables enforcing Device compliance and Conditional Access policies
+based on device risk levels. Microsoft Defender ATP is a Mobile Threat Defense
+(MTD) solution that you can deploy to leverage this capability via Intune.
+
+For more infomation on how to setup Microsoft Defender ATP for Android and Conditional Access, see [Microsoft Defender ATP and
+Intune](https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection).
+
+
+## Configure custom indicators  
+
+>[!NOTE]
+> Microsoft Defender ATP for Android only supports creating custom indicators for IP addresses and URLs/domains.
+
+Microsoft Defender ATP for Android enables admins to configure custom indicators to support Android devices as well. For more information on how to configure custom indicators, see [Manage indicators](manage-indicators.md).
+
+## Configure web protection
+Microsoft Defender ATP for Android allows IT Administrators the ability to configure the web protection feature. This capability is available within the Microsoft Endpoint Manager Admin center.
+
+For more information, see [Configure web protection on devices that run Android](https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection).
+
+## Related topics
+- [Overview of Microsoft Defender ATP for Android](microsoft-defender-atp-android.md)
+- [Deploy Microsoft Defender ATP for Android with Microsoft Intune](android-intune.md)

windows/security/threat-protection/microsoft-defender-atp/android-intune.md

@@ -0,0 +1,294 @@
+---
+title: Deploy Microsoft Defender ATP for Android with Microsoft Intune
+ms.reviewer:
+description: Describes how to deploy Microsoft Defender ATP for Android with Microsoft Intune
+keywords: microsoft, defender, atp, android, installation, deploy, uninstallation,
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dansimp
+author: dansimp
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: conceptual
+---
+
+# Deploy Microsoft Defender ATP for Android with Microsoft Intune 
+
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Android](microsoft-defender-atp-android.md)
+
+This topic describes deploying Microsoft Defender ATP for Android on Intune
+Company Portal enrolled devices. For more information about Intune device enrollment, see  [Enroll your
+device](https://microsoft.sharepoint.com/teams/WDATPIndia/Shared%20Documents/General/PM%20Docs/External%20Documentation/aka.ms/enrollAndroid).
+
+
+> [!NOTE]
+> During public preview, instructions to deploy Microsoft Defender ATP for Android on Intune enrolled Android devices are different across Device Administrator and Android Enterprise entrollment modes. <br>
+> **When Microsoft Defender ATP for Android reaches General Availability (GA), the app will be available on Google Play.**
+
+## Deploy on Device Administrator enrolled devices
+
+**Deploy Microsoft Defender ATP for Android on Intune Company Portal - Device
+Administrator enrolled devices**
+
+This topic describes how to deploy Microsoft Defender ATP for Android on Intune Company Portal - Device Administrator enrolled devices. Upgrade from the Preview APK to the GA version on Google Play would be supported.
+
+### Download the onboarding package
+
+Download the onboarding package from Microsoft Defender Security Center.
+
+1. In [Microsoft Defender Security
+Center](https://microsoft.sharepoint.com/teams/WDATPIndia/Shared%20Documents/General/PM%20Docs/External%20Documentation/securitycenter.microsoft.com), go to **Settings** \> **Machine Management** \> **Onboarding**.
+
+2. In the first drop-down, select **Android** as the Operating system.
+
+3. Select **Download Onboarding package** and save the downloaded .APK file.
+
+    ![Image of onboarding package page](images/onboarding_package_1.png)
+
+### Add as Line of Business (LOB) App
+
+The downloaded Microsoft Defender ATP for Android onboarding package. It is a
+.APK file can be deployed to user groups as a Line of Business app during the
+preview from Microsoft Endpoint Manager Admin Center.
+
+1. In [Microsoft Endpoint Manager admin
+center](https://go.microsoft.com/fwlink/?linkid=2109431) , go to **Apps** \>
+**Android Apps** \> **Add \> Line-of-business app** and click **Select**.
+
+    ![Image of Microsoft Endpoint Manager Admin Center](images/eba67e1a3adfec2c77c35a34cb030fba.png)
+
+
+2. On the **Add app** page and in the *App Information* section, click **Select
+add package file** and then click the ![Icon](images/1a62eac0222a9ba3c2fd62744bece76e.png) icon and select the MDATP Universal APK file that was downloaded from the *Download Onboarding package* step.
+
+    ![Image of Microsoft Endpoint Manager Admin Center](images/e78d36e06495c2f70eb14230de6f7429.png)
+
+
+3. Select **OK**.
+
+4. In the *App Information* section that comes up, enter the **Publisher** as
+Microsoft. Other fields are optional and then select **Next**.
+
+    ![Image of Microsoft Endpoint Manager Admin Center](images/190a979ec5b6a8f57c9067fe1304cda8.png)
+
+5. In the *Assignments* section, go to the **Required** section and select **Add
+group.** You can then choose the user group(s) that you would like to target
+Microsoft Defender ATP for Android app. Click **Select** and then **Next**.
+
+    >[!NOTE]
+    >The selected user group should consist of Intune enrolled users.
+
+      ![Image of Microsoft Endpoint Manager Admin Center](images/363bf30f7d69a94db578e8af0ddd044b.png)
+
+
+6. In the **Review+Create** section, verify that all the information entered is
+correct and then select **Create**.
+
+    In a few moments, the Microsoft Defender ATP app would be created successfully,
+and a notification would show up at the top-right corner of the page.
+
+    ![Image of Microsoft Endpoint Manager Admin Center](images/86cbe56f88bb6e93e9c63303397fc24f.png)
+
+
+7. In the app information page that is displayed, in the **Monitor** section,
+select **Device install status** to verify that the device installation has
+completed successfully.
+
+    ![Image of Microsoft Endpoint Manager Admin Center](images/513cf5d59eaaef5d2b5bc122715b5844.png)
+
+
+During Public Preview, to **update** Microsoft Defender ATP for Android deployed
+as a Line of Business app, download the latest APK. Following the steps in
+*Download the onboarding package* section and follow instructions on how to [update
+a Line of Business
+App](https://docs.microsoft.com/mem/intune/apps/lob-apps-android#step-5-update-a-line-of-business-app).
+
+### Complete onboarding and check status
+
+1. Once Microsoft Defender ATP for Android has been installed on the device, you'll see the app icon.
+
+    ![Icon on mobile device](images/7cf9311ad676ec5142002a4d0c2323ca.jpg)
+
+2. Tap the Microsoft Defender ATP app icon and follow the on-screen instructions
+to complete onboarding the app. The details include end-user acceptance of Android permissions required by Microsoft Defender ATP for Android.
+
+3. Upon successful onboarding, the device will start showing up on the Devices
+list in Microsoft Defender Security Center.
+
+    ![Image of device in Microsoft Defender ATP portal](images/9fe378a1dce0f143005c3aa53d8c4f51.png)
+
+## Deploy on Android Enterprise enrolled devices
+
+Microsoft Defender ATP for Android supports Android Enterprise enrolled devices.
+
+For more information on the enrollment options supported by Intune, see 
+[Enrollment
+Options](https://docs.microsoft.com/mem/intune/enrollment/android-enroll) .
+
+As Microsoft Defender ATP for Android is deployed via managed Google Play,
+updates to the app are automatic via Google Play.
+
+Currently only Work Profile, Fully Managed devices are supported for deployment.
+
+
+>[!NOTE]
+>During Public Preview, to access Microsoft Defender ATP in your managed Google Play, contact [atpm@microsoft.com](mailto:atpm@microsoft.com) with the organization ID of your managed Google Play for next steps. This can be found under the **Admin Settings** of [managed Google Play](https://play.google.com/work/).<br>
+> At General Availability (GA), Microsoft Defender ATP for Android will be available as a public app. Upgrades from preview to GA version will be supported.
+
+## Add Microsoft Defender ATP for Android as a managed Google Play app
+
+After receiving a confirmation e-mail from Microsoft that your managed Google
+Play organization ID has been approved, follow the steps below to add Microsoft
+Defender ATP app into your managed Google Play.
+
+1. In [Microsoft Endpoint Manager admin
+center](https://go.microsoft.com/fwlink/?linkid=2109431) , go to **Apps** \>
+**Android Apps** \> **Add** and select **managed Google Play app**.
+
+    ![Image of Microsoft Endpoint Manager admin center](images/579ff59f31f599414cedf63051628b2e.png)
+
+
+2. On your managed Google Play page that loads subsequently, go to the search
+box and lookup **Microsoft Defender.** Your search should display the Microsoft
+Defender ATP app in your Managed Google Play. Click on the Microsoft Defender
+ATP app from the Apps search result.
+
+    ![Image of Microsoft Endpoint Manager admin center](images/0f79cb37900b57c3e2bb0effad1c19cb.png)
+
+3. In the App description page that comes up next, you should be able to see app
+details on Microsoft Defender ATP. Review the information on the page and then
+select **Approve**.
+
+    ![A screenshot of a Managed Google Play](images/07e6d4119f265037e3b80a20a73b856f.png)
+
+
+4. You should now be presented with the permissions that Microsoft Defender ATP
+obtains for it to work. Review them and then select **Approve**.
+
+    ![A screenshot of Microsoft Defender ATP preview app approval](images/206b3d954f06cc58b3466fb7a0bd9f74.png)
+
+
+5. You'll be presented with the Approval settings page. The page confirms
+your preference to handle new app permissions that Microsoft Defender ATP for
+Android might ask. Review the choices and select your preferred option. Select
+**Done**.
+
+    By default, managed Google Play selects *Keep approved when app requests new
+permissions*
+
+   ![Image of notifications tab](images/ffecfdda1c4df14148f1526c22cc0236.png)
+
+
+6. After the permissions handling selection is made, select **Sync** to sync
+Microsoft Defender ATP to your apps list.
+
+    ![Image of sync page](images/34e6b9a0dae125d085c84593140180ed.png)
+
+
+7. The sync will complete in a few minutes.
+
+    ![Image of Android app](images/9fc07ffc150171f169dc6e57fe6f1c74.png)
+
+8. Select the **Refresh** button in the Android apps screen and Microsoft
+Defender ATP should be visible in the apps list.
+
+    ![Image of list of Android apps](images/fa4ac18a6333335db3775630b8e6b353.png)
+
+
+9. Microsoft Defender ATP supports App configuration policies for managed devices via Intune. This capability can be leveraged to autogrant applicable Android permission(s), so the end user does not need to accept these permission(s).
+
+    a. In the **Apps** page, go to **Policy > App configuration policies > Add > Managed devices**.
+
+    ![Image of Microsoft Endpoint Manager admin center](images/android-mem.png)
+
+    b. In the **Create app configuration policy** page, enter the following details:
+        - Name: Microsoft Defender ATP.
+        - Choose **Android Enterprise** as platform.
+        - Choose **Work Profile only** as Profile Type.
+        - Click **Select App**, choose **Microsoft Defender ATP**, select **OK** and then **Next**.
+    
+    ![Image of create app configuration policy page](images/android-create-app.png)
+
+    c. In the **Settings** page, go to the Permissions section click on Add to view the list of supported permissions. In the Add Permissions section, select the following permissions 
+    - External storage (read)
+    - External storage (write)
+
+    Then select **OK**.
+
+    ![Image of create app configuration policy](images/android-create-app-config.png)
+
+    
+    d. You should now see both the permissions listed and now you can autogrant both by choosing autogrant in the **Permission state** drop-down and then select **Next**.
+
+     ![Image of create app configuration policy](images/android-auto-grant.png)
+
+
+    e. In the **Assignments** page, select the user group to which this app config policy would be assigned to. Click **Select groups to include** and selecting the applicable group and then selecting **Next**.  The group selected here is usually the same group to which you would assign Microsoft Defender ATP Android app. 
+
+    ![Image of create app configuration policy](images/android-select-group.png)
+    
+
+     f. In the **Review + Create** page that comes up next, review all the information and then select **Create**. <br>
+    
+    The app configuration policy for Microsoft Defender ATP auto-granting the storage permission is now assigned to the selected user group.
+
+    ![Image of create app configuration policy](images/android-review-create.png)
+
+
+
+10. Select **Microsoft Defender ATP** app in the list \> **Properties** \>
+**Assignments** \> **Edit**.
+
+    ![Image of list of apps](images/9336bbd778cff5e666328bb3db7c76fd.png)
+
+
+11. Assign the app as a *Required* app to a user group. It is automatically installed in the *work profile* during the next sync of
+the device via Company Portal app. This assignment can be done by navigating to
+the *Required* section \> **Add group,** selecting the user group and click
+**Select**.
+
+    ![Image of edit application page](images/ea06643280075f16265a596fb9a96042.png)
+
+
+12. In the **Edit Application** page, review all the information that was entered
+above. Then select **Review + Save** and then **Save** again to commence
+assignment.
+
+## Complete onboarding and check status
+
+1. Confirm the installation status of Microsoft Defender ATP for Android by
+clicking on the **Device Install Status**. Verif that the device is
+displayed here.
+
+    ![Image of device installation status](images/900c0197aa59f9b7abd762ab2b32e80c.png)
+
+
+2. On the device, you can confirm the same by going to the **work profile** and
+confirm that Microsoft Defender ATP is available.
+
+    ![Image of app in mobile device](images/c2e647fc8fa31c4f2349c76f2497bc0e.png)
+
+3. When the app is installed, open the app and accept the permissions
+and then your onboarding should be successful.
+
+    ![Image of mobile device with Microsoft Defender ATP app](images/23c125534852dcef09b8e37c98e82148.png)
+
+4. At this stage the device is successfully onboarded onto Microsoft Defender
+ATP for Android. You can verify this on the [Microsoft Defender Security
+Center](https://microsoft.sharepoint.com/teams/WDATPIndia/Shared%20Documents/General/PM%20Docs/External%20Documentation/securitycenter.microsoft.com)
+by navigating to the **Devices** page.
+
+    ![Image of Microsoft Defender ATP portal](images/9fe378a1dce0f143005c3aa53d8c4f51.png)
+
+
+## Related topics
+- [Overview of Microsoft Defender ATP for Android](microsoft-defender-atp-android.md)
+- [Configure Microsoft Defender ATP for Android features](android-configure.md)

windows/security/threat-protection/microsoft-defender-atp/android-terms.md

@@ -0,0 +1,229 @@
+---
+title: Microsoft Defender ATP for Android Application license terms
+ms.reviewer:
+description: Describes the Microsoft Defender ATP for Android license terms
+keywords: microsoft, defender, atp, android,license, terms, application, use, installation, service, feedback, scope, 
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dansimp
+author: dansimp
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: conceptual
+hideEdit: true
+---
+
+# Microsoft Defender ATP for Android application license terms
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Android](microsoft-defender-atp-android.md)
+
+## MICROSOFT APPLICATION LICENSE TERMS: MICROSOFT DEFENDER ATP
+
+These license terms ("Terms") are an agreement between Microsoft Corporation (or
+based on where you live, one of its affiliates) and you. Please read them. They
+apply to the application named above. These Terms also apply to any Microsoft
+
+-   updates,
+
+-   supplements,
+
+-   Internet-based services, and
+
+-   support services
+
+for this application, unless other terms accompany those items. If so, those
+terms apply.
+
+**BY USING THE APPLICATION, YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT THEM,
+DO NOT USE THE APPLICATION.**
+
+**If you comply with these Terms, you have the perpetual rights below.**
+
+1.  **INSTALLATION AND USE RIGHTS.**
+
+    1.  **Installation and Use.** You may install and use any number of copies
+        of this application on Android enabled device or devices which you own
+        or control. You may use this application with your company's valid
+        subscription of Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) or
+        an online service that includes MDATP functionalities.
+
+    2.  **Updates.** Updates or upgrades to MDATP may be required for full
+        functionality. Some functionality may not be available in all countries.
+
+    3.  **Third Party Programs.** The application may include third party
+        programs that Microsoft, not the third party, licenses to you under this
+        agreement. Notices, if any, for the third-party program are included for
+        your information only.
+
+2.  **INTERNET ACCESS MAY BE REQUIRED.** You may incur charges related to
+    Internet access, data transfer and other services per the terms of the data
+    service plan and any other agreement you have with your network operator due
+    to use of the application. You are solely responsible for any network
+    operator charges.
+
+3.  **INTERNET-BASED SERVICES.** Microsoft provides Internet-based services with
+    the application. It may change or cancel them at any time.
+
+    1.  Consent for Internet-Based or Wireless Services. The application may
+        connect to Internet-based wireless services. Your use of the application
+        operates as your consent to the transmission of standard device
+        information (including but not limited to technical information about
+        your device, system and application software, and peripherals) for
+        Internet-based or wireless services. If other terms are provided in
+        connection with your use of the services, those terms also apply.
+
+        -   Data. Some online services require, or may be enhanced by, the
+            installation of local software like this one. At your, or your
+            admin's direction, this software may send data from a device to or
+            from an online service.
+
+        -   Usage Data. Microsoft automatically collects usage and performance
+            data over the internet. This data will be used to provide and
+            improve Microsoft products and services and enhance your experience.
+            You may limit or control collection of some usage and performance
+            data through your device settings. Doing so may disrupt your use of
+            certain features of the application. For additional information on
+            Microsoft's data collection and use, see the [Online Services
+            Terms](https://go.microsoft.com/fwlink/?linkid=2106777).
+
+    2.  Misuse of Internet-based Services. You may not use any Internet-based
+        service in any way that could harm it or impair anyone else's use of it
+        or the wireless network. You may not use the service to try to gain
+        unauthorized access to any service, data, account or network by any
+        means.
+
+4.  **FEEDBACK.** If you give feedback about the application to Microsoft, you
+    give to Microsoft, without charge, the right to use, share and commercialize
+    your feedback in any way and for any purpose. You also give to third
+    parties, without charge, any patent rights needed for their products,
+    technologies and services to use or interface with any specific parts of a
+    Microsoft software or service that includes the feedback. You will not give
+    feedback that is subject to a license that requires Microsoft to license its
+    software or documentation to third parties because we include your feedback
+    in them. These rights survive this agreement.
+
+5.  **SCOPE OF LICENSE.** The application is licensed, not sold. This agreement
+    only gives you some rights to use the application. Microsoft reserves all
+    other rights. Unless applicable law gives you more rights despite this
+    limitation, you may use the application only as expressly permitted in this
+    agreement. In doing so, you must comply with any technical limitations in
+    the application that only allow you to use it in certain ways. You may not
+
+    -   work around any technical limitations in the application;
+
+    -   reverse engineer, decompile or disassemble the application, except and
+        only to the extent that applicable law expressly permits, despite this
+        limitation;
+
+    -   make more copies of the application than specified in this agreement or
+        allowed by applicable law, despite this limitation;
+
+    -   publish the application for others to copy;
+
+    -   rent, lease or lend the application; or
+
+    -   transfer the application or this agreement to any third party.
+
+6.  **EXPORT RESTRICTIONS.** The application is subject to United States export
+    laws and regulations. You must comply with all domestic and international
+    export laws and regulations that apply to the application. These laws
+    include restrictions on destinations, end users and end use. For additional
+    information,
+    see [www.microsoft.com/exporting](https://www.microsoft.com/exporting).
+
+7.  **SUPPORT SERVICES.** Because this application is "as is," we may not
+    provide support services for it. If you have any issues or questions about
+    your use of this application, including questions about your company's
+    privacy policy, please contact your company's admin. Do not contact the
+    application store, your network operator, device manufacturer, or Microsoft.
+    The application store provider has no obligation to furnish support or
+    maintenance with respect to the application.
+
+8.  **APPLICATION STORE.**
+
+    1.  If you obtain the application through an application store (e.g., Google
+        Play), please review the applicable application store terms to ensure
+        your download and use of the application complies with such terms.
+        Please note that these Terms are between you and Microsoft and not with
+        the application store.
+
+    2.  The respective application store provider and its subsidiaries are third
+        party beneficiaries of these Terms, and upon your acceptance of these
+        Terms, the application store provider(s) will have the right to directly
+        enforce and rely upon any provision of these Terms that grants them a
+        benefit or rights.
+
+9.  **TRADEMARK NOTICES.** Microsoft, Microsoft Defender ATP, MDATP, and
+    Microsoft 365 are registered or common-law trademarks of Microsoft
+    Corporation in the United States and/or other countries.
+
+10. **ENTIRE AGREEMENT.** This agreement and the terms for supplements, updates,
+    Internet-based services, and support services that you use are the entire
+    agreement for the application and support services.
+
+11. **APPLICABLE LAW.**
+
+    1.  **United States.** If you acquired the application in the United States,
+        Washington state law governs the interpretation of this agreement and
+        applies to claims for breach of it, regardless of conflict of laws
+        principles. The laws of the state where you live govern all other
+        claims, including claims under state consumer protection laws, unfair
+        competition laws, and in tort.
+
+    2.  **Outside the United States.** If you acquired the application in any
+        other country, the laws of that country apply.
+
+12. **LEGAL EFFECT.** This agreement describes certain legal rights. You may
+    have other rights under the laws of your country. You may also have rights
+    with respect to the party from whom you acquired the application. This
+    agreement does not change your rights under the laws of your country if the
+    laws of your country do not permit it to do so.
+
+13. **DISCLAIMER OF WARRANTY. THE APPLICATION IS LICENSED "AS-IS." "WITH ALL
+    FAULTS," AND "AS AVAILABLE." YOU BEAR THE RISK OF USING IT. MICROSOFT AND
+    WIRELESS CARRIERS OVER WHOSE NETWORK THE APPLICATION IS DISTRIBUTED, AND
+    EACH OF OUR RESPECTIVE AFFILIATES, AND SUPPLIERS ("COVERED PARTIES") GIVE NO
+    EXPRESS WARRANTIES, GUARANTEES OR CONDITIONS UNDER OR IN RELATION TO THE
+    APPLICATION. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
+    APPLICATION IS WITH YOU. SHOULD THE APPLICATION BE DEFECTIVE, YOU ASSUME THE
+    ENTIRE COST OF ALL NECESSARY SERVICING OR REPAIR. YOU MAY HAVE ADDITIONAL
+    CONSUMER RIGHTS UNDER YOUR LOCAL LAWS WHICH THIS AGREEMENT CANNOT CHANGE. TO
+    THE EXTENT PERMITTED UNDER YOUR LOCAL LAWS, COVERED PARTIES EXCLUDE THE
+    IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+    NON-INFRINGEMENT.**
+
+    **FOR AUSTRALIA - YOU HAVE STATUTORY GUARANTEES UNDER THE AUSTRALIAN CONSUMER LAW AND NOTHING IN THESE TERMS IS INTENDED TO AFFECT THOSE RIGHTS.**
+
+14.  **LIMITATION ON AND EXCLUSION OF REMEDIES AND DAMAGES. TO THE EXTENT NOT
+    PROHIBITED BY LAW, YOU CAN RECOVER FROM MICROSOFT ONLY DIRECT DAMAGES UP TO
+    ONE U.S. DOLLAR (\$1.00). YOU AGREE NOT TO SEEK TO RECOVER ANY OTHER
+    DAMAGES, INCLUDING CONSEQUENTIAL, LOST PROFITS, SPECIAL, INDIRECT OR
+    INCIDENTAL DAMAGES FROM ANY COVERED PARTIES.**
+
+This limitation applies to:
+
+-   anything related to the application, services, content (including code) on
+    third party Internet sites, or third party programs; and
+
+-   claims for breach of contract, warranty, guarantee or condition; consumer
+    protection; deception; unfair competition; strict liability, negligence,
+    misrepresentation, omission, trespass or other tort; violation of statute or
+    regulation; or unjust enrichment; all to the extent permitted by applicable
+    law.
+
+It also applies even if:
+
+a.  Repair, replacement or refund for the application does not fully compensate
+    you for any losses; or
+
+b.  Covered Parties knew or should have known about the possibility of the
+    damages.
+
+The above limitation or exclusion may not apply to you because your country may not allow the exclusion or limitation of incidental, consequential or other damages.

windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md

@@ -125,6 +125,8 @@ The first example demonstrates how to connect Power BI to Advanced Hunting API a
 ## Power BI dashboard samples in GitHub
 For more information see the [Power BI report templates](https://github.com/microsoft/MDATP-PowerBI-Templates).
 
+## Sample reports
+View the Microsoft Defender ATP Power BI report samples. For more information, see [Browse code samples](https://docs.microsoft.com/samples/browse/?products=mdatp).
 
 
 ## Related topic

windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md

@@ -95,26 +95,29 @@ You can partner with Microsoft Threat Experts who can be engaged directly from w
 4. Enter the email address that you'd like to use to correspond with Microsoft Threat Experts.
 
 > [!NOTE]
-> Customers with Premier Support subscription mapped to their Office 365 license can track the status of their Experts on Demand cases through Microsoft Services Hub. Watch this video for a quick overview of the Microsoft Services Hub.
+> Customers with Premier Support subscription mapped to their Office 365 license can track the status of their Experts on Demand cases through Microsoft Services Hub. 
+
+Watch this video for a quick overview of the Microsoft Services Hub.
 
 >[!VIDEO https://www.microsoft.com/videoplayer/embed/RE4pk9f] 
-<BR>
+
+
    
 ## Sample investigation topics that you can consult with Microsoft Threat Experts
 
 **Alert information**
 - We see a new type of alert for a living-off-the-land binary: [AlertID]. Can you tell us something more about this alert and how we can investigate further?
-- We’ve observed two similar attacks which try to execute malicious PowerShell scripts but generate different alerts. One is "Suspicious Powershell command line" and the other is "A malicious file was detected based on indication provided by O365". What is the difference?
+- We’ve observed two similar attacks, which try to execute malicious PowerShell scripts but generate different alerts. One is "Suspicious Powershell command line" and the other is "A malicious file was detected based on indication provided by O365". What is the difference?
 - I receive an odd alert today for abnormal number of failed logins from a high profile user’s device. I cannot find any further evidence around these sign-in attempts. How can Microsoft Defender ATP see these attempts? What type of sign-ins are being monitored?
 - Can you give more context or insights about this alert: “Suspicious behavior by a system utility was observed”. 
 
 **Possible machine compromise**
-- Can you help answer why we see “Unknown process observed?” This is seen quite frequently on many machines. We appreciate any input to clarify whether this is related to malicious activity.
+- Can you help answer why we see “Unknown process observed?” This message or alert is seen frequently on many machines. We appreciate any input to clarify whether this message or alert is related to malicious activity.
 - Can you help validate a possible compromise on the following system on [date] with similar behaviors as the previous [malware name] malware detection on the same system in [month]?
 
 **Threat intelligence details**
-- This morning, we detected a phishing email that delivered a malicious Word document to a user. This caused a series of suspicious events which triggered multiple Microsoft Defender alerts for [malware name] malware. Do you have any information on this malware? If yes, can you send me a link?
-- I recently saw a [social media reference e.g., Twitter or blog] post about a threat that is targeting my industry. Can you help me understand what protection Microsoft Defender ATP provides against this threat actor? 
+- This morning, we detected a phishing email that delivered a malicious Word document to a user. This caused a series of suspicious events, which triggered multiple Microsoft Defender alerts for [malware name] malware. Do you have any information on this malware? If yes, can you send me a link?
+- I recently saw a [social media reference, for example, Twitter or blog] post about a threat that is targeting my industry. Can you help me understand what protection Microsoft Defender ATP provides against this threat actor? 
 
 **Microsoft Threat Experts’ alert communications** 
 - Can your incident response team help us address the targeted attack notification that we got?
@@ -133,7 +136,7 @@ Response from Microsoft Threat Experts varies according to your inquiry. They wi
 - Investigation requires more time   
 - Initial information was enough to conclude the investigation 
 
-It is crucial to respond in a timely manner to keep the investigation moving. 
+It is crucial to respond in quickly to keep the investigation moving. 
 
 ## Related topic
 - [Microsoft Threat Experts overview](microsoft-threat-experts.md)

windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md

@@ -259,18 +259,29 @@ Determines whether suspicious samples (that are likely to contain threats) are s
 | **Data type** | String |
 | **Possible values** | none <br/> safe (default) <br/> all |
 
+#### Enable / disable automatic security intelligence updates
+
+Determines whether security intelligence updates are installed automatically:
+
+|||
+|:---|:---|
+| **Key** | automaticDefinitionUpdateEnabled |
+| **Data type** | Boolean |
+| **Possible values** | true (default) <br/> false |
+
 ## Recommended configuration profile
 
 To get started, we recommend the following configuration profile for your enterprise to take advantage of all protection features that Microsoft Defender ATP provides.
 
 The following configuration profile will:
 
-- Enable real-time protection (RTP).
+- Enable real-time protection (RTP)
 - Specify how the following threat types are handled:
-  - **Potentially unwanted applications (PUA)** are blocked.
-  - **Archive bombs** (file with a high compression rate) are audited to the product logs.
-- Enable cloud-delivered protection.
-- Enable automatic sample submission at `safe` level.
+  - **Potentially unwanted applications (PUA)** are blocked
+  - **Archive bombs** (file with a high compression rate) are audited to the product logs
+- Enable automatic security intelligence updates
+- Enable cloud-delivered protection
+- Enable automatic sample submission at `safe` level
 
 ### Sample profile
 
@@ -290,6 +301,7 @@ The following configuration profile will:
       ]
    },
    "cloudService":{
+      "automaticDefinitionUpdateEnabled":true,
       "automaticSampleSubmissionConsent":"safe",
       "enabled":true
    }
@@ -350,7 +362,8 @@ The following configuration profile contains entries for all settings described
    "cloudService":{
       "enabled":true,
       "diagnosticLevel":"optional",
-      "automaticSampleSubmissionConsent":"safe"
+      "automaticSampleSubmissionConsent":"safe",
+      "automaticDefinitionUpdateEnabled":true
    }
 }
 ```

windows/security/threat-protection/microsoft-defender-atp/linux-resources.md

@@ -110,3 +110,12 @@ In the Microsoft Defender ATP portal, you'll see two categories of information:
   - Computer model
   - Processor architecture
   - Whether the device is a virtual machine
+
+### Known issues
+
+- Logged on users do not appear in the Microsoft Defender Security Center portal.
+- In SUSE distributions, if the installation of *libatomic1* fails, you should validate that your OS is registered:
+
+    ```bash
+    $ sudo SUSEConnect --status-text
+    ```

windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md

@@ -277,6 +277,16 @@ Determines whether suspicious samples (that are likely to contain threats) are s
 | **Data type** | Boolean |
 | **Possible values** | true (default) <br/> false |
 
+#### Enable / disable automatic security intelligence updates
+
+Determines whether security intelligence updates are installed automatically:
+
+|||
+|:---|:---|
+| **Key** | automaticDefinitionUpdateEnabled |
+| **Data type** | Boolean |
+| **Possible values** | true (default) <br/> false |
+
 ### User interface preferences
 
 Manage the preferences for the user interface of Microsoft Defender ATP for Mac.
@@ -358,6 +368,7 @@ The following configuration profile (or, in case of JAMF, a property list that c
 - Specify how the following threat types are handled:
   - **Potentially unwanted applications (PUA)** are blocked
   - **Archive bombs** (file with a high compression rate) are audited to Microsoft Defender ATP logs
+- Enable automatic security intelligence updates
 - Enable cloud-delivered protection
 - Enable automatic sample submission
 
@@ -394,6 +405,8 @@ The following configuration profile (or, in case of JAMF, a property list that c
         <true/>
         <key>automaticSampleSubmission</key>
         <true/>
+        <key>automaticDefinitionUpdateEnabled</key>
+        <true/>
     </dict>
 </dict>
 </plist>
@@ -471,6 +484,8 @@ The following configuration profile (or, in case of JAMF, a property list that c
                     <true/>
                     <key>automaticSampleSubmission</key>
                     <true/>
+                    <key>automaticDefinitionUpdateEnabled</key>
+                    <true/>
                 </dict>
             </dict>
         </array>
@@ -563,6 +578,8 @@ The following templates contain entries for all settings described in this docum
         <string>optional</string>
         <key>automaticSampleSubmission</key>
         <true/>
+        <key>automaticDefinitionUpdateEnabled</key>
+        <true/>
     </dict>
     <key>edr</key>
     <dict>
@@ -701,6 +718,8 @@ The following templates contain entries for all settings described in this docum
                     <string>optional</string>
                     <key>automaticSampleSubmission</key>
                     <true/>
+                    <key>automaticDefinitionUpdateEnabled</key>
+                    <true/>
                 </dict>
                 <key>edr</key>
                 <dict>

windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md

@@ -0,0 +1,100 @@
+---
+title: Microsoft Defender ATP for Android
+ms.reviewer:
+description: Describes how to install and use Microsoft Defender ATP for Android
+keywords: microsoft, defender, atp, android, installation, deploy, uninstallation, intune
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: dansimp
+author: dansimp
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: conceptual
+---
+
+# Microsoft Defender Advanced Threat Protection for Android
+
+> [!IMPORTANT]
+> **PUBLIC PREVIEW EDITION**
+> 
+> This documentation is for a pre-release solution. The guidelines and the solution are subject to change between now and its general availability.
+> 
+> As with any pre-release solution, remember to exercise caution when determining the target population for your deployments.
+> 
+> If you have preview features turned on in the Microsoft Defender Security Center, you should be able to access the Linux onboarding page immediately. If you have not yet opted into previews, we encourage you to [turn on preview features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/preview) in the Microsoft Defender Security Center today.
+
+This topic describes how to install, configure, update, and use Microsoft Defender ATP for Android.
+
+> [!CAUTION]
+> Running other third-party endpoint protection products alongside Microsoft Defender ATP for Android is likely to cause performance problems and unpredictable system errors.
+
+
+
+## How to install Microsoft Defender ATP for Android
+
+### Prerequisites
+
+-   **For end users**
+
+    -   Microsoft Defender ATP license assigned to the end user(s) of the app.
+
+    -   Intune Company Portal app can be downloaded from [Google
+        Play](https://play.google.com/store/apps/details?id=com.microsoft.windowsintune.companyportal)
+        and is available on the Android device.
+
+        -   Additionally, device(s) can be
+            [enrolled](https://docs.microsoft.com/mem/intune/user-help/enroll-device-android-company-portal)
+            via the Intune Company Portal app to enforce Intune device compliance
+            policies. This requires the end user to be assigned a Microsoft Intune license.
+
+    -   For more information on how to assign licenses, see [Assign licenses to
+        users](https://docs.microsoft.com/azure/active-directory/users-groups-roles/licensing-groups-assign).
+        
+
+-   **For Administrators**
+
+    -   Access to the Microsoft Defender Security Center portal.
+
+        > [!NOTE]
+        > Microsoft Intune is the only supported Mobile Device Management (MDM) solution for deploying Microsoft Defender ATP for Android. Currently only enrolled devices are supported for enforcing Microsoft Defender ATP for Android related device compliance policies in Intune. 
+
+    -   Access [Microsoft Endpoint Manager admin
+        center](https://go.microsoft.com/fwlink/?linkid=2109431), to deploy the
+        app to enrolled user groups in your organization.
+
+### System Requirements
+
+-   Android devices running Android 6.0 and above.
+-   Intune Company Portal app is downloaded from [Google
+    Play](https://play.google.com/store/apps/details?id=com.microsoft.windowsintune.companyportal)
+    and installed. Device enrollment is required for Intune device compliance policies to be enforced.
+
+### Installation instructions
+
+Microsoft Defender ATP for Android supports installation on both modes of
+enrolled devices - the legacy Device Administrator and Android Enterprise modes
+
+Deployment of Microsoft Defender ATP for Android is via Microsoft Intune (MDM).
+For more information, see [Deploy Microsoft Defender ATP for Android with Microsoft Intune](android-intune.md).
+
+
+> [!NOTE]
+> During public preview, instructions to deploy Microsoft Defender ATP for Android on Intune enrolled Android devices are different across Device Administrator and Android Enterprise entrollment modes. <br>
+> **When Microsoft Defender ATP for Android reaches General Availability (GA), the app will be available on Google Play.**
+
+## How to Configure Microsoft Defender ATP for Android
+
+Guidance on how to configure Microsoft Defender ATP for Android features is available in [Configure Microsoft Defender ATP for Android features](android-configure.md).
+
+
+
+## Related topics
+- [Deploy Microsoft Defender ATP for with Microsoft Intune](android-intune.md)
+- [Configure Microsoft Defender ATP for Android features](android-configure.md)
+

windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md

@@ -20,20 +20,7 @@ ms.topic: conceptual
 
 # Microsoft Defender ATP for Linux
 
-> [!IMPORTANT]
-> **PUBLIC PREVIEW EDITION**
-> 
-> This documentation is for a pre-release solution. The guidelines and the solution are subject to change between now and its general availability.
-> 
-> As with any pre-release solution, remember to exercise caution when determining the target population for your deployments.
-> 
-> If you have preview features turned on in the Microsoft Defender Security Center, you should be able to access the Linux onboarding page immediately. If you have not yet opted into previews, we encourage you to [turn on preview features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/preview) in the Microsoft Defender Security Center today.
-
-This topic describes how to install, configure, update, and use Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Linux.
-
-> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4q3yP]
-
-<p></p>
+This topic describes how to install, configure, update, and use Microsoft Defender ATP for Linux.
 
 > [!CAUTION]
 > Running other third-party endpoint protection products alongside Microsoft Defender ATP for Linux is likely to cause performance problems and unpredictable system errors.
@@ -46,16 +33,6 @@ This topic describes how to install, configure, update, and use Microsoft Defend
 - Beginner-level experience in Linux and BASH scripting
 - Administrative privileges on the device (in case of manual deployment)
 
-### Known issues
-
-- Logged on users do not appear in the ATP portal.
-- Running the product on CentOS / RHEL / Oracle Linux 7.0 or 7.1 with kernel versions lower than 3.10.0-327 can result in hanging the operating system. We recommend that you upgrade to version 7.2 or newer.
-- In SUSE distributions, if the installation of *libatomic1* fails, you should validate that your OS is registered:
-
-    ```bash
-    $ sudo SUSEConnect --status-text
-    ```
-
 ### Installation instructions
 
 There are several methods and deployment tools that you can use to install and configure Microsoft Defender ATP for Linux.
@@ -108,8 +85,6 @@ If you experience any installation failures, refer to [Troubleshooting installat
   - `vfat`
   - `xfs`
 
-  More file system types will be added in the future.
-
 After you've enabled the service, you may need to configure your network or firewall to allow outbound connections between it and your endpoints.
 
 ### Network connections

windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md

@@ -66,10 +66,12 @@ The option to **Consult a threat expert** is available in several places in the
 ![Screenshot of MTE-EOD file page action menu option](images/mte-eod-file.png)
 
 > [!NOTE]
-> Customers with Premier Support subscription mapped to their Office 365 license can track the status of their Experts on Demand cases through Microsoft Services Hub. Watch this video for a quick overview of the Microsoft Services Hub.
-<BR>
+> Customers with Premier Support subscription mapped to their Office 365 license can track the status of their Experts on Demand cases through Microsoft Services Hub. 
+
+Watch this video for a quick overview of the Microsoft Services Hub.
+
 >[!VIDEO https://www.microsoft.com/videoplayer/embed/RE4pk9f] 
-<BR>
+
    
 ## Related topic
 - [Configure Microsoft Threat Experts capabilities](configure-microsoft-threat-experts.md)

windows/security/threat-protection/microsoft-defender-atp/preview.md

@@ -36,7 +36,7 @@ For more information on new capabilities that are generally available, see [What
 
 ## Turn on preview features
 
-You'll have access to upcoming features which you can provide feedback on to help improve the overall experience before features are generally available.
+You'll have access to upcoming features that you can provide feedback on to help improve the overall experience before features are generally available.
 
 Turn on the preview experience setting to be among the first to try upcoming features.
 
@@ -47,6 +47,7 @@ Turn on the preview experience setting to be among the first to try upcoming fea
 ## Preview features
 
 The following features are included in the preview release:
+- [Microsoft Defender ATP for Android](microsoft-defender-atp-android.md) <br> Microsoft Defender ATP now adds support for Android. Learn how to install, configure, and use Microsoft Defender ATP for Android.
 
 - [Create indicators for certificates](manage-indicators.md) <br> Create indicators to allow or block certificates.