diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md
index 0d7b69e5ba..2d7440045a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md
@@ -26,9 +26,9 @@ ms.topic: article
In this section we will be using Microsoft Endpoint Manager (MEM) to deploy
Microsoft Defender ATP to your endpoints.
-For more information about MEM, see:
+For more information about MEM, check out the following:
- [Microsoft Entpoint Manager page](https://docs.microsoft.com/en-us/mem/)
-- The [blog post on convergence of Intune and ConfigMgr](https://www.microsoft.com/microsoft-365/blog/2019/11/04/use-the-power-of-cloud-intelligence-to-simplify-and-accelerate-it-and-the-move-to-a-modern-workplace/)
+- [Blog post on convergence of Intune and ConfigMgr](https://www.microsoft.com/microsoft-365/blog/2019/11/04/use-the-power-of-cloud-intelligence-to-simplify-and-accelerate-it-and-the-move-to-a-modern-workplace/)
- [Introduction video on MEM](https://www.microsoft.com/microsoft-365/blog/2019/11/04/use-the-power-of-cloud-intelligence-to-simplify-and-accelerate-it-and-the-move-to-a-modern-workplace)
@@ -42,8 +42,8 @@ This process is a multi-step process, you'll need to:
- In MEM we'll guide you in creating a separate policy for each feature
-Resources
----------
+## Resources
+
Here are the links you'll need for the rest of the process:
@@ -53,8 +53,8 @@ Here are the links you'll need for the rest of the process:
- [Intune Security baselines](https://docs.microsoft.com/en-us/mem/intune/protect/security-baseline-settings-defender-atp#microsoft-defender)
-## Idenfity target devices or users
-In this section we will create a testing group to assign your configurations.
+## Identify target devices or users
+In this section we will create a test group to assign your configurations on.
>[!NOTE]
>Intune uses Azure Active Directory (Azure AD) groups to manage devices and
@@ -62,7 +62,7 @@ users. As an Intune admin, you can set up groups to suit your organizational
needs.
> For more information, see [Add groups to organize users and devices](https://docs.microsoft.com/en-us/mem/intune/fundamentals/groups-add).
-### Group creation
+### Create a group
1. Open the MEM portal.
@@ -74,7 +74,7 @@ needs.
-4. Add your test user / device
+4. Add your test user or device.
>[!NOTE]
>Azure Active Directory groups can contain users or devices, not combinations of both.
@@ -83,271 +83,264 @@ needs.
6. Click on **Members > Add members**.
-7. Find your test user/device and select it.
+7. Find your test user or device and select it.
- 
+ 
8. Your testing group now has a member to test.
-Create a Configuration Policy
------------------------------
-
-In the following section, you will create a number of configuration policies.
+## Create a configuration policy
+In the following section, you'll create a number of configuration policies.
First is a configuration policy to select which groups of users or devices will
-be onboarded to Defender ATP. Then you will continue by creating several
+be onboarded to Microsoft Defender ATP. Then you will continue by creating several
different types of Endpoint Security policies.
-### Endpoint Detection and Response
+### Endpoint detection and response
-1. Open the MEM portal
+1. Open the MEM portal.
-2. Navigate to Endpoint security > Endpoint detection and response > Click
- on Create Profile
+2. Navigate to **Endpoint security > Endpoint detection and response**. Click
+ on **Create Profile**.
- 
+ 
-3. Under Platform, select Windows 10 and Later, Profile - Endpoint detection
- and response > Create
+3. Under** Platform, select Windows 10 and Later, Profile - Endpoint detection
+ and response > Create**.
-4. Enter name and description > Next
+4. Enter name and description, then click **Next**.
- 
+ 
-5. Select settings as required > Next
+5. Select settings as required, then click **Next**.
- 
+ 
- NOTE: this has been auto populated as I have integrated MDATP and Intune as
- per this
- [section](https://docs.microsoft.com/en-us/mem/intune/protect/advanced-threat-protection#enable-microsoft-defender-atp-in-intune).
- If you have not integrated MDATP and Intune, complete [these
- steps](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm#onboard-machines-using-microsoft-intune)
+ >[!NOTE]
+ >In this instance, this has been auto populated Microsoft Defender ATP has already been integrated with Intune. For more information on the integration, see [Enable Microsoft Defender ATP in Intune](https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection#enable-microsoft-defender-atp-in-intune).
+ If you have not integrated Microsoft Defender ATP h and Intune, complete [these
+ steps](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm#onboard-machines-using-microsoft-intune)
to create and upload an onboarding blob.
- 
+ 
-6. Add scope tags if required > Next
+6. Add scope tags if required, then click **Next**.
- 
+ 
-7. Add test group by clicking on Select groups to include and choose your group
- > Next
+7. Add test group by clicking on Select groups to include and choose your group, then click **Next**.
- 
+ 
-8. Review and accept > Create
+8. Review and accept, then click **Create**.
- 
+ 
-9. You can view your completed policy here
+9. You can view your completed policy.
- 
+ 
-### Antivirus
+### Next-generation protection
-1. Open the MEM portal
+1. Open the MEM portal.
-2. Navigate to Endpoint security > Antivirus > Click on Create Policy
+2. Navigate to **Endpoint security > Antivirus > Create Policy**.
- 
+ 
-3. Select Platform - Windows 10 and Later - Windows and Profile – Microsoft
- Defender Antivirus > Create
+3. Select** Platform - Windows 10 and Later - Windows and Profile – Microsoft
+ Defender Antivirus > Create**.
-4. Enter Name and Description - \> Next
+4. Enter name and description, then click **Next**.
- 
+ 
5. In the Configuration settings page: Set the configurations you require for
Microsoft Defender Antivirus (Cloud Protection, Exclusions, Real Time
Protection, and Remediation).
- 
+ 
-6. Add scope tags if required> Next
+6. Add scope tags if required, then click **Next**.
- 
+ 
7. Select groups to include, assign to your test group > Next
- 
+ 
-8. Review and create > create
+8. Review and create, then click **Create**.
- 
+ 
9. You can see the configuration policy you created as per below
- 
+ 
### Attack Surface Reduction – Attack surface reduction rules
-1. Open the MEM portal
+1. Open the MEM portal.
-2. Navigate to Endpoint security > Attack surface reduction
+2. Navigate to **Endpoint security > Attack surface reduction**.
-3. Click on Create Policy
+3. Click on **Create Policy**.
-4. NOTE: I will be setting these as audit
+ >[!NOTE]
+ >We will be setting these as Audit.
-5. Select Platform - Windows 10 and Later – Profile - Attack surface reduction
- rules > Create
+5. Select **Platform - Windows 10 and Later – Profile - Attack surface reduction
+ rules > Create**.
- 
+ 
-6. Enter Name and Description > Next
+6. Enter a name and description, then click **Next**.
- 
+ 
7. In the Configuration settings page: Set the configurations you require for
Attack surface reduction rules > Next
- NOTE: I am configuring all of my Attack surface reduction rules to Audit.
+ >[!NOTE]
+ >We will be configuring all of the Attack surface reduction rules to Audit.
- Details on Attack surface reduction rules:
-
+ For more information, see [Attack surface reduction rules](attack-surface-reduction.md).
- 
+ 
-8. Add Scope Tags as required > Next
+8. Add Scope Tags as required, then click **Next**.
- 
+ 
-9. Select groups to include and assign to test group > Next
+9. Select groups to include and assign to test group, then click **Next**.
- 
+ 
-10. Review and Create - \> Create
+10. Review the details, then click **Create**.
- 
+ 
-11. You can View the policy
+11. View the policy.
-
+ 
### Attack Surface Reduction – Web Protection
-1. Open the MEM portal
+1. Open the MEM portal.
-2. Navigate to Endpoint security > Attack surface reduction
+2. Navigate to **Endpoint security > Attack surface reduction**.
-3. Click on Create Policy
+3. Click on **Create Policy**.
-4. Select Windows 10 and Later – Web protection > Create
+4. Select **Windows 10 and Later – Web protection > Create**.
- 
+ 
-5. Enter Name and Description > Next
+5. Enter name and description, then click **Next**.
- 
+ 
6. In the Configuration settings page: Set the configurations you require for
- Web Protection> Next
+ ** Web Protection > Next**.
- NOTE: I am configuring Web Protection to Block.
+ >[!NOTE]
+ >We are configuring Web Protection to Block.
- Details on Web Protection:
-
+ For more information, see [Web Protection](web-protection-overview.md).
- 
+ 
-7. Add Scope Tags as required > Next
+7. Add **Scope Tags as required > Next**.
- 
+ 
-8. Assign to test group > Next
+8. Select **Assign to test group > Next**.
- 
+ 
-9. Review and Create - \> Create
+9. Select **Review and Create > Create**.
- 
+ 
-10. You can View the policy
+10. View the policy.
- 
+ 
-Validate
-========
+## Validate configuration settings
+
+
+### Confirm Policies have applied
-Confirm Policies have applied
------------------------------
Once the Configuration policy has been assigned it will take some time to apply.
-You can see the timing for Intune at this link:
+For information on timing, see [Intune configuration information](https://docs.microsoft.com/mem/intune/configuration/device-profile-troubleshoot#how-long-does-it-take-for-devices-to-get-a-policy-profile-or-app-after-they-are-assigned).
-
-
-To confirm that the configuration policy have been applied to your test device
-follow the below process for each Configuration policy.
+To confirm that the configuration policy has been applied to your test device
+follow the following process for each configuration policy.
1. Open the MEM portal and navigate to the relevant policy as shown in the
- steps above. I will use Antivirus for this example
+ steps above. The following example shows the next generation protection settings.
- 
+ 
-2. Click on the Configuration Policy to view the policy status
+2. Click on the **Configuration Policy** to view the policy status.
- 
+ 
-3. Click on “Device Status” to see the per device status
+3. Click on **Device Status** to see the status.
- 
+ 
-4. Click on “User Status” to see the per user status
+4. Click on **User Status** to see the status.
- 
+ 
-5. Click on “Per-setting status” to see the Per-setting status
+5. Click on **Per-setting status** to see the status.
- Note: This View is very useful to identify any settings that conflict with
- another policy
+ >[!TIP]
+ >This view is very useful to identify any settings that conflict with another policy.
- 
+ 
-Endpoint Detection and Response
--------------------------------
+### Endpoint Detection and Response
-1. Before applying the configuration, the Windows Defender Advanced Threat
- Protection Service should not be started.
- 
+1. Before applying the configuration, the Microsoft Defender ATP
+ Protection service should not be started.
-2. After the config has been applied the Windows Defender Advanced Threat
- Protection Service should be started
+ 
- 
+2. After the configuration has been applied the Microsoft Defender ATP
+ Protection Service should be started.
+
+ 
3. After the services is running on the device, the device appears in Microsoft
- Defender Security Center
+ Defender Security Center.
- 
+ 
-Antivirus
----------
+### Next-generation protection
1. Before applying the policy on a test device, you should be able to manually
- manage the settings as per below.
+ manage the settings as shown below.
-
+ 
-1. After the policy has been applied, you should not be able to manually manage
- the settings as per below.
+2. After the policy has been applied, you should not be able to manually manage
+ the settings.
- NOTE: In the below image “**Turn on cloud-delivered protection”** and
- **“Turn on real-time protection”** are being shown as managed.
+ >[!NOTE]
+ > In the following image **Turn on cloud-delivered protection** and
+ **Turn on real-time protection** are being shown as managed.
-
+ 
-Attack Surface Reduction – Attack surface reduction rules
----------------------------------------------------------
+### Attack Surface Reduction – Attack surface reduction rules
-1. Before applying the policy on A test device
-2. Open a PowerShell Window and type “Get-MpPreference”
+1. Before applying the policy on a test device, pen a PowerShell Window and type `Get-MpPreference`.
-3. This should respond with the following lines with no content
+2. This should respond with the following lines with no content
1. AttackSurfaceReductionOnlyExclusions :
@@ -355,33 +348,26 @@ Attack Surface Reduction – Attack surface reduction rules
3. AttackSurfaceReductionRules_Ids :
-
+ 
-1. After applying the policy on A test device
+3. After applying the policy on a test device, open a PowerShell Windows and type `Get-MpPreference`.
-2. Open a PowerShell Windows and type “Get-MpPreference”
+4. This should respond with the following lines with content as shown below:
-3. This should respond with the following lines with content as shown below
+ 
- 
+### Attack Surface Reduction – Web Protection
-Attack Surface Reduction – Web Protection
------------------------------------------
+1. On the test device, open a PowerShell Windows and type
+ `(Get-MpPreference).EnableNetworkProtection`.
-1. On the test device
+2. This should respond with a 0 as shown below.
-2. Open a PowerShell Windows and type
- “(Get-MpPreference).EnableNetworkProtection”
+ 
-3. This should respond with a “0” as shown below
+3. After applying the policy, open a PowerShell Windows and type
+ `(Get-MpPreference).EnableNetworkProtection`.
- 
+4. This should respond with a 1 as shown below.
-4. After Applying the Policy
-
-5. Open a PowerShell Windows and type
- “(Get-MpPreference).EnableNetworkProtection”
-
-6. This should respond with a “1” as shown below
-
-
+ 