Merge branch 'master' of https://github.com/MicrosoftDocs/windows-docs-pr into us1610820a

windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md

@@ -67,6 +67,9 @@ Run the following command to see the available switches for managing exclusions:
 mdatp exclusion
 ```
 
+> [!TIP]
+> When configuring exclusions with wildcards, enclose the parameter in double-quotes to prevent globbing.
+
 Examples:
 
 - Add an exclusion for a file extension:
@@ -96,6 +99,15 @@ Examples:
     Folder exclusion configured successfully
     ```
 
+- Add an exclusion for a folder with a wildcard in it:
+
+    ```bash
+    mdatp exclusion folder add --path "/var/*/"
+    ```
+    ```Output
+    Folder exclusion configured successfully
+    ```
+
 - Add an exclusion for a process:
 
     ```bash

windows/security/threat-protection/microsoft-defender-atp/live-response.md

@@ -23,9 +23,9 @@ ms.topic: article
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 
-Live response is a capability that gives your security operations team instantaneous access to a device (also referred to as a machine) using a remote shell connection. This gives you the power to do in-depth investigative work and take immediate response actions to promptly contain identified threats — in real time. 
+Live response gives security operations teams instantaneous access to a device (also referred to as a machine) using a remote shell connection. This gives you the power to do in-depth investigative work and take immediate response actions to promptly contain identified threats—in real time. 
 
-Live response is designed to enhance investigations by enabling your security operations team to collect forensic data, run scripts, send suspicious entities for analysis, remediate threats, and proactively hunt for emerging threats. 
+Live response is designed to enhance investigations by enabling your security operations team to collect forensic data, run scripts, send suspicious entities for analysis, remediate threats, and proactively hunt for emerging threats.<br/><br/>
 
 > [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4qLUW]
 
@@ -98,7 +98,7 @@ The dashboard also gives you access to:
 
 ## Initiate a live response session on a device 
 
-1. Log in to Microsoft Defender Security Center.
+1. Sign in to Microsoft Defender Security Center.
 
 2. Navigate to the devices list page and select a device to investigate. The devices page opens.
 
@@ -112,6 +112,10 @@ The dashboard also gives you access to:
 
 Depending on the role that's been granted to you, you can run basic or advanced live response commands. User permissions are controlled by RBAC custom roles. For more information on role assignments, see [Create and manage roles](user-roles.md). 
 
+
+>[!NOTE]
+>Live response is a cloud-based interactive shell, as such, specific command experience may vary in response time depending on network quality and system load between the end user and the target device.
+
 ### Basic commands
 
 The following commands are available for user roles that are granted the ability to run **basic** live response commands. For more information on role assignments, see [Create and manage roles](user-roles.md). 
@@ -137,7 +141,7 @@ drivers |  Shows all drivers installed on the device. |
 |`trace` | Sets the terminal's logging mode to debug. |
 
 ### Advanced commands
-The following commands are available for user roles that are granted the ability to run **advanced** live response commands. For more information on role assignments see [Create and manage roles](user-roles.md). 
+The following commands are available for user roles that are granted the ability to run **advanced** live response commands. For more information on role assignments, see [Create and manage roles](user-roles.md). 
 
 | Command | Description |
 |---|---|
@@ -201,7 +205,7 @@ You can have a collection of PowerShell scripts that can run on devices that you
 
 4. Specify if you'd like to overwrite a file with the same name.
 
-5. If you'd like to be know what parameters are needed for the script, select the script parameters check box. In the text field, enter an example and a description.
+5. If you'd like to be,  know what parameters are needed for the script, select the script parameters check box. In the text field, enter an example and a description.
 
 6. Click **Confirm**. 
 
@@ -220,7 +224,7 @@ Some commands have prerequisite commands to run. If you don't run the prerequisi
 
 You can use the auto flag to automatically run prerequisite commands, for example:
 
-```
+```console
 getfile c:\Users\user\Desktop\work.txt -auto
 ```
 
@@ -269,7 +273,7 @@ Live response supports output piping to CLI and file. CLI is the default output
 
 Example:
 
-```
+```console
 processes > output.txt
 ```
 
@@ -285,7 +289,7 @@ Each command is tracked with full details such as:
 ## Limitations
 
 - Live response sessions are limited to 10 live response sessions at a time.
-- Large scale command execution is not supported.
+- Large-scale command execution is not supported.
 - A user can only initiate one session at a time.
 - A device can only be in one session at a time.
 - The following file size limits apply:
@@ -295,11 +299,3 @@ Each command is tracked with full details such as:
 
 ## Related article
 - [Live response command examples](live-response-command-examples.md)
-
-
-
-
-
-
-
-

windows/security/threat-protection/microsoft-defender-atp/user-roles.md

@@ -30,19 +30,21 @@ ms.topic: article
 
 The following steps guide you on how to create roles in Microsoft Defender Security Center. It assumes that you have already created Azure Active Directory user groups.
 
-1. In the navigation pane, select **Settings > Roles**.
+1. Log in to [Microsoft Defender Security Center](https://securitycenter.windows.com/) using account with a Security administrator or Global administrator role assigned.
 
-2. Select **Add item**.
+2. In the navigation pane, select **Settings > Roles**.
 
-3. Enter the role name, description, and permissions you'd like to assign to the role.
+3. Select **Add item**.
 
-4. Select **Next** to assign the role to an Azure AD Security group.
+4. Enter the role name, description, and permissions you'd like to assign to the role.
 
-5. Use the filter to select the Azure AD group that you'd like to add to this role to.
+5. Select **Next** to assign the role to an Azure AD Security group.
 
-6. **Save and close**.
+6. Use the filter to select the Azure AD group that you'd like to add to this role to.
 
-7. Apply the configuration settings.
+7. **Save and close**.
+
+8. Apply the configuration settings.
 
 > [!IMPORTANT]
 > After creating roles, you'll need to create a device group and provide access to the device group by assigning it to a role that you just created.
@@ -81,19 +83,27 @@ For more information on the available commands, see [Investigate devices using L
   
 ## Edit roles
 
-1. Select the role you'd like to edit.
+1. Log in to [Microsoft Defender Security Center](https://securitycenter.windows.com/) using account with Security administrator or Global administrator role assigned.
 
-2. Click **Edit**.
+2. In the navigation pane, select **Settings > Roles**.
 
-3. Modify the details or the groups that are assigned to the role. 
+3. Select the role you'd like to edit.
 
-4. Click **Save and close**.
+4. Click **Edit**.
+
+5. Modify the details or the groups that are assigned to the role. 
+
+6. Click **Save and close**.
 
 ## Delete roles
 
-1. Select the role you'd like to delete.
+1. Log in to [Microsoft Defender Security Center](https://securitycenter.windows.com/) using account with Security administrator or Global administrator role assigned.
 
-2. Click the drop-down button and select **Delete role**.
+2. In the navigation pane, select **Settings > Roles**.
+
+3. Select the role you'd like to delete.
+
+4. Click the drop-down button and select **Delete role**.
 
 ## Related topic