Merge pull request MicrosoftDocs#2597 from TimShererWithAquent/defender-v-tishe

Defender PowerShell reference update

Author: tiburd

docset/winserver2022-ps/defender/Add-MpPreference.md

@@ -1,5 +1,5 @@
 ---
-description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell.
+description: The Add-MpPreference cmdlet modifies settings for Windows Defender.
 external help file: MSFT_MpPreference.cdxml-help.xml
 Module Name: Defender
 ms.date: 12/20/2016
@@ -17,8 +17,11 @@ Modifies settings for Windows Defender.
 
 ```
 Add-MpPreference [-ExclusionPath <String[]>] [-ExclusionExtension <String[]>] [-ExclusionProcess <String[]>]
- [-ThreatIDDefaultAction_Ids <Int64[]>] [-ThreatIDDefaultAction_Actions <ThreatAction[]>] [-Force]
- [-CimSession <CimSession[]>] [-ThrottleLimit <Int32>] [-AsJob] [<CommonParameters>]
+ [-ExclusionIpAddress <String[]>] [-ThreatIDDefaultAction_Ids <Int64[]>]
+ [-ThreatIDDefaultAction_Actions <ThreatAction[]>] [-AttackSurfaceReductionOnlyExclusions <String[]>]
+ [-ControlledFolderAccessAllowedApplications <String[]>] [-ControlledFolderAccessProtectedFolders <String[]>]
+ [-AttackSurfaceReductionRules_Ids <String[]>] [-AttackSurfaceReductionRules_Actions <ASRRuleActionType[]>]
+ [-Force] [-CimSession <CimSession[]>] [-ThrottleLimit <Int32>] [-AsJob] [<CommonParameters>]
 ```
 
 ## DESCRIPTION
@@ -28,13 +31,20 @@ Use this cmdlet to add exclusions for file name extensions, paths, and processes
 ## EXAMPLES
 
 ### Example 1: Add a folder to the exclusion list
-```
-PS C:\> Add-MpPreference -ExclusionPath "C:\Temp"
+```powershell
+Add-MpPreference -ExclusionPath "C:\Temp"
 ```
 
 This command adds the folder C:\Temp to the exclusion list.
 The command disables Windows Defender scheduled and real-time scanning for files in this folder.
 
+### Example 2: Allow an application to access folders
+```powershell
+Add-MpPreference -ControlledFolderAccessAllowedApplications "c:\apps\test.exe"
+```
+
+This command allows the specified application to make changes in controlled folders.
+
 ## PARAMETERS
 
 ### -AsJob
@@ -59,6 +69,57 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -AttackSurfaceReductionOnlyExclusions
+Specifies the files and paths to exclude from Attack Surface Reduction (ASR) rules. Specify the folders or files and resources that should be excluded from ASR rules. Enter a folder path or a fully qualified resource name. For example, ""C:\Windows"" will exclude all files in that directory. ""C:\Windows\App.exe"" will exclude only that specific file in that specific folder.
+
+For more information about excluding files and folders from [ASR rules](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction#exclude-files-and-folders-from-asr-rules).
+
+```yaml
+Type: String[]
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -AttackSurfaceReductionRules_Actions
+Specifies the states of attack surface reduction rules specified by using the **AttackSurfaceReductionRules_Ids** parameter.
+If you add multiple rules as a comma-separated list, specify their states separately as a comma-separated list.
+
+```yaml
+Type: ASRRuleActionType[]
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -AttackSurfaceReductionRules_Ids
+Specifies the IDs of attack surface reduction rules.
+Use the **AttackSurfaceReductionRules_Actions** parameter to specify the state for each rule. 
+If you add multiple rules as a comma-separated list, specify their states separately as a comma-separated list.
+
+
+```yaml
+Type: String[]
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -CimSession
 Runs the cmdlet in a remote session or on a remote computer. 
 Enter a computer name or a session object, such as the output of a [New-CimSession](https://go.microsoft.com/fwlink/p/?LinkId=227967) or [Get-CimSession](https://go.microsoft.com/fwlink/p/?LinkId=227966) cmdlet. 
@@ -76,10 +137,55 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -ControlledFolderAccessAllowedApplications
+Specifies applications that can make changes in controlled folders.
+
+```yaml
+Type: String[]
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -ControlledFolderAccessProtectedFolders
+Specifies more folders to protect.
+
+```yaml
+Type: String[]
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -ExclusionExtension
 Specifies an array of file name extensions, such as obj or lib, to exclude from scheduled, custom, and real-time scanning.
 This cmdlet adds these file name extensions to the exclusions.
 
+```yaml
+Type: String[]
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -ExclusionIpAddress
+Specifies an array of IP addresses to exclude from scheduled and real-time scanning.
+
 ```yaml
 Type: String[]
 Parameter Sets: (All)