Merge pull request #1017 from MicrosoftDocs/master

8/30 AM Publish

windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md

@@ -60,7 +60,7 @@ Business Security Test consists of three main parts: the Real-World Protection T
 
 - Business Security Test 2018 (March - June): [Real-World Protection Rate 98.7%](https://www.av-comparatives.org/tests/business-security-test-2018-march-june/)
 
-### SE Labs: Total accuracy rating of AAA in the latest test
+### SE Labs: AAA award in the latest test
 
 SE Labs tests a range of solutions used by products and services to detect and/or protect against attacks, including endpoint software, network appliances, and cloud services.
 

windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md

@@ -56,11 +56,25 @@ From that page, you can do any of the following depending on what you need to do
 
 ## Report inaccuracy
 
-You can report on a false positive when you see any vague, inaccurate, incomplete, or already remediated information in the machine page, under **Security recommendation** column.
+You can report a false positive when you see any vague, inaccurate, incomplete, or already remediated information in the machine page, under **Security recommendation** column.
+
+1. Click **:** then select **Report inaccuracy**. A flyout pane opens.
+![Screenshot of Report inaccuracy control from the machine page under the Security recommendation column](images/tvm_report_inaccuracy.png)
+![Screenshot of Report inaccuracy flyout pane](images/tvm_report_inaccuracyflyout.png)
+
+2. From the flyout pane, select the inaccuracy category from the drop-down menu. 
+![Screenshot of Report inaccuracy categories drop-down menu](images/tvm_report_inaccuracyoptions.png)
+
+3. Include your email address so Microsoft can send you feedback regarding the inaccuracy you reported.
+
+4. Include your machine name for investigation context.
+
+>[!NOTE]
+> You can also provide details regarding the inaccuracy you reported in the **Tell us more (optional)** field to give the threat and vulnerability management investigators context. 
+
+5. Click **Submit**. Your feedback is immediately sent to the Threat & Vulnerability Management experts with its context.
 
-Click **:** then select the inaccuracy category from the dropdown menu. Your feedback is immediately sent to the Threat & Vulnerability Management experts with its context.
 
-![Report inaccuracy from the machine page within the Security recommendation column](images/tvm_report_inaccuracy.png)
 
 
 ## Related topics

windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md

@@ -35,6 +35,9 @@ This topic describes the structure of this profile (including a recommended prof
 
 The configuration profile is a .plist file that consists of entries identified by a key (which denotes the name of the preference), followed by a value, which depends on the nature of the preference. Values can either be simple (such as a numerical value) or complex, such as a nested list of preferences.
 
+>[!CAUTION]
+>The layout of the configuration profile depends on the management console that you are using. The following sections contain examples of configuration profiles for JAMF and Intune.
+
 The top level of the configuration profile includes product-wide preferences and entries for subareas of the product, which are explained in more detail in the next sections.
 
 ### Antivirus engine preferences
@@ -222,6 +225,8 @@ The following configuration profile will:
 - Enable cloud delivered protection
 - Enable automatic sample submission
 
+### JAMF profile
+
 ```XML
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
@@ -258,10 +263,91 @@ The following configuration profile will:
 </plist>
 ```
 
+### Intune profile
+
+```XML
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1">
+    <dict>
+        <key>PayloadUUID</key>
+        <string>C4E6A782-0C8D-44AB-A025-EB893987A295</string>
+        <key>PayloadType</key>
+        <string>Configuration</string>
+        <key>PayloadOrganization</key>
+        <string>Microsoft</string>
+        <key>PayloadIdentifier</key>
+        <string>com.microsoft.wdav</string>
+        <key>PayloadDisplayName</key>
+        <string>Microsoft Defender ATP settings</string>
+        <key>PayloadDescription</key>
+        <string>Microsoft Defender ATP configuration settings</string>
+        <key>PayloadVersion</key>
+        <integer>1</integer>
+        <key>PayloadEnabled</key>
+        <true/>
+        <key>PayloadRemovalDisallowed</key>
+        <true/>
+        <key>PayloadScope</key>
+        <string>System</string>
+        <key>PayloadContent</key>
+        <array>
+            <dict>
+                <key>PayloadUUID</key>
+                <string>99DBC2BC-3B3A-46A2-A413-C8F9BB9A7295</string>
+                <key>PayloadType</key>
+                <string>com.microsoft.wdav</string>
+                <key>PayloadOrganization</key>
+                <string>Microsoft</string>
+                <key>PayloadIdentifier</key>
+                <string>com.microsoft.wdav</string>
+                <key>PayloadDisplayName</key>
+                <string>Microsoft Defender ATP configuration settings</string>
+                <key>PayloadDescription</key>
+                <string/>
+                <key>PayloadVersion</key>
+                <integer>1</integer>
+                <key>PayloadEnabled</key>
+                <true/>
+                <key>antivirusEngine</key>
+                <dict>
+                    <key>enableRealTimeProtection</key>
+                    <true/>
+                    <key>threatTypeSettings</key>
+                    <array>
+                        <dict>
+                            <key>key</key>
+                            <string>potentially_unwanted_application</string>
+                            <key>value</key>
+                            <string>block</string>
+                        </dict>
+                        <dict>
+                            <key>key</key>
+                            <string>archive_bomb</string>
+                            <key>value</key>
+                            <string>audit</string>
+                        </dict>
+                    </array>
+                </dict>
+                <key>cloudService</key>
+                <dict>
+                    <key>enabled</key>
+                    <true/>
+                    <key>automaticSampleSubmission</key>
+                    <true/>
+                </dict>
+            </dict>
+        </array>
+    </dict>
+</plist>
+```
+
 ## Full configuration profile example
 
 The following configuration profile contains entries for all settings described in this document and can be used for more advanced scenarios where you want more control over the product.
 
+### JAMF profile
+
 ```XML
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
@@ -329,6 +415,116 @@ The following configuration profile contains entries for all settings described
 </plist>
 ```
 
+### Intune profile
+
+```XML
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1">
+    <dict>
+        <key>PayloadUUID</key>
+        <string>C4E6A782-0C8D-44AB-A025-EB893987A295</string>
+        <key>PayloadType</key>
+        <string>Configuration</string>
+        <key>PayloadOrganization</key>
+        <string>Microsoft</string>
+        <key>PayloadIdentifier</key>
+        <string>C4E6A782-0C8D-44AB-A025-EB893987A295</string>
+        <key>PayloadDisplayName</key>
+        <string>Microsoft Defender ATP settings</string>
+        <key>PayloadDescription</key>
+        <string>Microsoft Defender ATP configuration settings</string>
+        <key>PayloadVersion</key>
+        <integer>1</integer>
+        <key>PayloadEnabled</key>
+        <true/>
+        <key>PayloadRemovalDisallowed</key>
+        <true/>
+        <key>PayloadScope</key>
+        <string>System</string>
+        <key>PayloadContent</key>
+        <array>
+            <dict>
+                <key>PayloadUUID</key>
+                <string>99DBC2BC-3B3A-46A2-A413-C8F9BB9A7295</string>
+                <key>PayloadType</key>
+                <string>com.microsoft.wdav</string>
+                <key>PayloadOrganization</key>
+                <string>Microsoft</string>
+                <key>PayloadIdentifier</key>
+                <string>99DBC2BC-3B3A-46A2-A413-C8F9BB9A7295</string>
+                <key>PayloadDisplayName</key>
+                <string>Microsoft Defender ATP configuration settings</string>
+                <key>PayloadDescription</key>
+                <string/>
+                <key>PayloadVersion</key>
+                <integer>1</integer>
+                <key>PayloadEnabled</key>
+                <true/>
+                <key>antivirusEngine</key>
+                <dict>
+                    <key>enableRealTimeProtection</key>
+                    <true/>
+                    <key>exclusions</key>
+                    <array>
+                        <dict>
+                            <key>$type</key>
+                            <string>excludedPath</string>
+                            <key>isDirectory</key>
+                            <false/>
+                            <key>path</key>
+                            <string>/var/log/system.log</string>
+                        </dict>
+                        <dict>
+                            <key>$type</key>
+                            <string>excludedPath</string>
+                            <key>isDirectory</key>
+                            <true/>
+                            <key>path</key>
+                            <string>/home</string>
+                        </dict>
+                        <dict>
+                            <key>$type</key>
+                            <string>excludedFileExtension</string>
+                            <key>extension</key>
+                            <string>pdf</string>
+                        </dict>
+                    </array>
+                    <key>allowedThreats</key>
+                    <array>
+                        <string>eicar</string>
+                    </array>
+                    <key>threatTypeSettings</key>
+                    <array>
+                        <dict>
+                            <key>key</key>
+                            <string>potentially_unwanted_application</string>
+                            <key>value</key>
+                            <string>block</string>
+                        </dict>
+                        <dict>
+                            <key>key</key>
+                            <string>archive_bomb</string>
+                            <key>value</key>
+                            <string>audit</string>
+                        </dict>
+                    </array>
+                </dict>
+                <key>cloudService</key>
+                <dict>
+                    <key>enabled</key>
+                    <true/>
+                    <key>diagnosticLevel</key>
+                    <string>optional</string>
+                    <key>automaticSampleSubmission</key>
+                    <true/>
+                </dict>
+            </dict>
+        </array>
+    </dict>
+</plist>
+```
+
 ## Configuration profile deployment
 
 Once you've built the configuration profile for your enterprise, you can deploy it through the management console that your enterprise is using. The following sections provide instructions on how to deploy this profile using JAMF and Intune.