Updated strings to new syntax

windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md

@@ -64,7 +64,7 @@ For more information on how to configure exclusions from Puppet, Ansible, or ano
 Run the following command to see the available switches for managing exclusions:
 
 ```bash
-$ mdatp --exclusion
+$ mdatp exclusion
 ```
 
 Examples:
@@ -72,29 +72,29 @@ Examples:
 - Add an exclusion for a file extension:
 
     ```bash
-    $ mdatp --exclusion --add-extension .txt
-    Configuration updated successfully
+    $ mdatp exclusion extension add --name .txt
+    Extension exclusion configured successfully
     ```
 
 - Add an exclusion for a file:
 
     ```bash
-    $ mdatp --exclusion --add-folder /var/log/dummy.log
-    Configuration updated successfully
+    $ mdatp exclusion file add --path /var/log/dummy.log
+    File exclusion configured successfully
     ```
 
 - Add an exclusion for a folder:
 
     ```bash
-    $ mdatp --exclusion --add-folder /var/log/
-    Configuration updated successfully
+    $ mdatp exclusion folder add --path /var/log/
+    Folder exclusion configured successfully
     ```
 
 - Add an exclusion for a process:
 
     ```bash
-    $ mdatp --exclusion --add-process cat
-    Configuration updated successfully
+    $ mdatp exclusion process add --name cat
+    Process exclusion configured successfully
     ```
 
 ## Validate exclusions lists with the EICAR test file

windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md

@@ -268,7 +268,7 @@ Download the onboarding package from Microsoft Defender Security Center:
     Initially the client machine is not associated with an organization. Note that the *orgId* attribute is blank:
 
     ```bash
-    mdatp --health orgId
+    mdatp health --field org_id
     ```
 
 2. Run MicrosoftDefenderATPOnboardingLinuxServer.py, and note that, in order to run this command, you must have `python` installed on the device:
@@ -280,13 +280,13 @@ Download the onboarding package from Microsoft Defender Security Center:
 3. Verify that the machine is now associated with your organization and reports a valid organization identifier:
 
     ```bash
-    mdatp --health orgId
+    mdatp health --field org_id
     ```
 
 4. A few minutes after you complete the installation, you can see the status by running the following command. A return value of `1` denotes that the product is functioning as expected:
 
     ```bash
-    mdatp --health healthy
+    mdatp health --field healthy
     ```
 
     > [!IMPORTANT]
@@ -298,7 +298,7 @@ Download the onboarding package from Microsoft Defender Security Center:
     - Ensure that real-time protection is enabled (denoted by a result of `1` from running the following command):
 
         ```bash
-        mdatp --health realTimeProtectionEnabled
+        mdatp health --field real_time_protection_enabled
         ```
 
     - Open a Terminal window. Copy and execute the following command:
@@ -310,7 +310,7 @@ Download the onboarding package from Microsoft Defender Security Center:
     - The file should have been quarantined by Microsoft Defender ATP for Linux. Use the following command to list all the detected threats:
 
         ```bash
-        mdatp --threat --list --pretty
+        mdatp threat list
         ```
 
 ## Log installation issues

windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md

@@ -241,8 +241,8 @@ Now run the tasks files under `/etc/ansible/playbooks/`.
 - Validation/configuration:
 
     ```bash
-    $ ansible -m shell -a 'mdatp --connectivity-test' all
-    $ ansible -m shell -a 'mdatp --health' all
+    $ ansible -m shell -a 'mdatp connectivity test' all
+    $ ansible -m shell -a 'mdatp health' all
     ```
 
 - Uninstallation:

windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md

@@ -174,10 +174,10 @@ Enrolled agent devices periodically poll the Puppet Server, and install new conf
 On the agent machine, you can also check the onboarding status by running:
 
 ```bash
-$ mdatp --health
+$ mdatp health
 ...
 licensed                                : true
-orgId                                   : "[your organization identifier]"
+org_id                                  : "[your organization identifier]"
 ...
 ```
 
@@ -190,7 +190,7 @@ orgId                                   : "[your organization identifier]"
 You can check that devices have been correctly onboarded by creating a script. For example, the following script checks enrolled devices for onboarding status:
 
 ```bash
-mdatp --health healthy
+mdatp health --field healthy
 ```
 
 The above command prints `1` if the product is onboarded and functioning as expected.

windows/security/threat-protection/microsoft-defender-atp/linux-pua.md

@@ -53,7 +53,7 @@ You can configure how PUA files are handled from the command line or from the ma
 In Terminal, execute the following command to configure PUA protection:
 
 ```bash
-$ mdatp --threat --type-handling potentially_unwanted_application [off|audit|block]
+$ mdatp threat policy set --type potentially_unwanted_application --action [off|audit|block]
 ```
 
 ### Use the management console to configure PUA protection:

windows/security/threat-protection/microsoft-defender-atp/linux-resources.md

@@ -31,29 +31,24 @@ If you can reproduce a problem, please increase the logging level, run the syste
 1. Increase logging level:
 
    ```bash
-   $ mdatp --log-level verbose
-   Creating connection to daemon
-   Connection established
-   Operation succeeded
+   $ mdatp log level set --level verbose
+   Log level configured successfully
    ```
 
 2. Reproduce the problem.
 
-3. Run `sudo mdatp --diagnostic --create` to backup Microsoft Defender ATP's logs. The files will be stored inside of a .zip archive. This command will also print out the file path to the backup after the operation succeeds:
+3. Run `sudo mdatp diagnostic create` to backup Microsoft Defender ATP's logs. The files will be stored inside of a .zip archive. This command will also print out the file path to the backup after the operation succeeds:
 
    ```bash
-   $ sudo mdatp --diagnostic --create
-   Creating connection to daemon
-   Connection established
+   $ sudo mdatp diagnostic create
+   Diagnostic file created: <path to file>
    ```
 
 4. Restore logging level:
 
    ```bash
-   $ mdatp --log-level info
-   Creating connection to daemon
-   Connection established
-   Operation succeeded
+   $ mdatp log level set --level info
+   Log level configured successfully
    ```
 
 ## Log installation issues
@@ -78,21 +73,22 @@ Important tasks, such as controlling product settings and triggering on-demand s
 
 |Group        |Scenario                                   |Command                                                                |
 |-------------|-------------------------------------------|-----------------------------------------------------------------------|
-|Configuration|Turn on/off real-time protection           |`mdatp --config realTimeProtectionEnabled [true/false]`                |
-|Configuration|Turn on/off cloud protection               |`mdatp --config cloudEnabled [true/false]`                             |
-|Configuration|Turn on/off product diagnostics            |`mdatp --config cloudDiagnosticEnabled [true/false]`                               |
-|Configuration|Turn on/off automatic sample submission    |`mdatp --config cloudAutomaticSampleSubmission [true/false]`           |
-|Configuration|Turn on PUA protection                     |`mdatp --threat --type-handling potentially_unwanted_application block`|
-|Configuration|Turn off PUA protection                    |`mdatp --threat --type-handling potentially_unwanted_application off`  |
-|Configuration|Turn on audit mode for PUA protection      |`mdatp --threat --type-handling potentially_unwanted_application audit`|
-|Diagnostics  |Change the log level                       |`mdatp --log-level [error/warning/info/verbose]`                       |
-|Diagnostics  |Generate diagnostic logs                   |`mdatp --diagnostic --create`                                                   |
-|Health       |Check the product's health                 |`mdatp --health`                                                       |
-|Protection   |Scan a path                                |`mdatp --scan --path [path]`                                           |
-|Protection   |Do a quick scan                            |`mdatp --scan --quick`                                                 |
-|Protection   |Do a full scan                             |`mdatp --scan --full`                                                  |
-|Protection   |Cancel an ongoing on-demand scan           |`mdatp --scan --cancel`                                                |
-|Protection   |Request a security intelligence update     |`mdatp --definition-update`                                            |
+|Configuration|Turn on/off real-time protection           |`mdatp config real_time_protection --value [enabled|disabled]`         |
+|Configuration|Turn on/off cloud protection               |`mdatp config cloud --value [enabled|disabled]`                        |
+|Configuration|Turn on/off product diagnostics            |`mdatp config cloud-diagnostic --value [enabled|disabled]`             |
+|Configuration|Turn on/off automatic sample submission    |`mdatp config cloud-automatic-sample-submission [enabled|disabled]`    |
+|Configuration|Turn on/off AV passive mode                |`mdatp config passive-mode [enabled|disabled]`                         |
+|Configuration|Turn on PUA protection                     |`mdatp threat policy set --type potentially_unwanted_application --action block` |
+|Configuration|Turn off PUA protection                    |`mdatp threat policy set --type potentially_unwanted_application --action off` |
+|Configuration|Turn on audit mode for PUA protection      |`mdatp threat policy set --type potentially_unwanted_application --action audit` |
+|Diagnostics  |Change the log level                       |`mdatp log level set --level verbose [error|warning|info|verbose]`     |
+|Diagnostics  |Generate diagnostic logs                   |`mdatp diagnostic create`                                              |
+|Health       |Check the product's health                 |`mdatp health`                                                         |
+|Protection   |Scan a path                                |`mdatp scan custom --path [path]`                                      |
+|Protection   |Do a quick scan                            |`mdatp scan quick`                                                     |
+|Protection   |Do a full scan                             |`mdatp scan full`                                                      |
+|Protection   |Cancel an ongoing on-demand scan           |`mdatp scan cancel`                                                    |
+|Protection   |Request a security intelligence update     |`mdatp definitions update`                                             |
 
 ## Microsoft Defender ATP portal information
 

windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md

@@ -29,7 +29,7 @@ ms.topic: conceptual
 To test if Microsoft Defender ATP for Linux can communicate to the cloud with the current network settings, run a connectivity test from the command line:
 
 ```bash
-$ mdatp --connectivity-test
+$ mdatp connectivity test
 ```
 
 If the connectivity test fails, check if the machine has Internet access and if [any of the endpoints required by the product](microsoft-defender-atp-linux.md#network-connections) are blocked by a proxy or firewall.
@@ -84,7 +84,7 @@ $ sudo systemctl daemon-reload; sudo systemctl restart mdatp
 Upon success, attempt another connectivity test from the command line:
 
 ```bash
-$ mdatp --connectivity-test
+$ mdatp connectivity test
 ```
 
 If the problem persists, contact customer support.

windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md

@@ -116,6 +116,7 @@ and try again.
 
 If none of the above steps help, collect the diagnostic logs:
 ```bash
-$ sudo mdatp --diagnostic --create
+$ sudo mdatp diagnostic create
+Diagnostic file created: <path to file>
 ```
 Path to a zip file that contains the logs will be displayed as an output. Reach out to our customer support with these logs.

windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md

@@ -36,7 +36,8 @@ The following steps can be used to troubleshoot and mitigate these issues:
     If your device is not managed by your organization, real-time protection can be disabled from the command line:
 
     ```bash
-    $ mdatp --config realTimeProtectionEnabled false
+    $ mdatp config real-time-protection --value disabled
+    Configuration property updated
     ```
 
     If your device is managed by your organization, real-time protection can be disabled by your administrator using the instructions in [Set preferences for Microsoft Defender ATP for Linux](linux-preferences.md).
@@ -49,19 +50,20 @@ The following steps can be used to troubleshoot and mitigate these issues:
     This feature is enabled by default on the `Dogfood` and `InsisderFast` channels. If you're using a different update channel, this feature can be enabled from the command line:
  
     ```bash
-    $ mdatp config real_time_protection_statistics_enabled on
+    $ mdatp config real-time-protection-statistics --value enabled
     ```
 
     This feature requires real-time protection to be enabled. To check the status of real-time protection, run the following command:
 
     ```bash
-    $ mdatp health
+    $ mdatp health --field real_time_protection_enabled
     ```
 
     Verify that the `real_time_protection_enabled` entry is `true`. Otherwise, run the following command to enable it:
 
     ```bash
-    $ mdatp --config realTimeProtectionEnabled true
+    $ mdatp config real-time-protection --value enabled
+    Configuration property updated
     ```
 
     To collect current statistics, run: