Update health-status.md

denisebmsft · denisebmsft · commit 16687f1642eb · 2024-11-04T10:50:58.000-08:00
diff --git a/defender-endpoint/health-status.md b/defender-endpoint/health-status.md
@@ -36,32 +36,32 @@ The following table provides information about the values that are returned when
 |`cloud_enabled`|`True` if cloud-delivered protection is enabled; otherwise, `false`.|
 |`conflicting_applications`|List of applications that are possibly conflicting with Microsoft Defender for Endpoint. This list includes, but isn't limited to, other security products and other applications known to cause compatibility issues.|
 |definitions_status|Status of antivirus definitions. Can be one of the following: <br/>- **up_to_date**<br/>- **updating**<br/>- **unavailable**|
-|definitions_updated|Date and time of last antivirus definition update.|
-|definitions_updated_minutes_ago|Number of minutes since last antivirus definition update.|
-|definitions_version|Antivirus definition version.|
-|edr_client_version|Version of the EDR client running on the device.|
-|edr_configuration_version|EDR configuration version.|
-|edr_device_tags|List of tags associated with the device.|
-|edr_early_preview_enabled|Setting of edr early preview. Can be one of the following: <ul><li>**disabled**</li><li>**enabled**</li></ul>|
-|edr_group_ids|Group ID that the device is associated with.|
-|edr_machine_id|Device identifier used in Microsoft Defender XDR.|
-|engine_load_status|Status of antivirus engine whether its running. Can be one of the following: <ul><li>**Engine not loaded** - AV engine process is down</li><li>**Engine load succeeded** - AV engine process is up and running</li></ul>|
-|engine_version|Version of the antivirus engine.|
-|healthy|True if the product is healthy, false otherwise.|
-|health_issues|Lists health issues if any.|
-|licensed|True if the device is onboarded to a tenant, false otherwise.|
-|log_level|Current log level for the product. Can be one of the following values: <ul><li>**info**</li><li>**debug**</li></ul>|
-|machine_guid|Unique machine identifier used by the antivirus component.|
-|network_protection_enforcement_level|Mode of network protection. Can be one of the following: <ul><li>**disabled** - all components associated with network protection are disabled</li><li>**block** - network protection prevents connection to malicious websites</li><li>**audit** - Check how blocks occur</li></ul>|
-|network_protection_status|Status of the network protection component (macOS only). Can be one of the following values: <ul><li>**starting** - Network protection is starting</li><li>**failed_to_start** - Network protection couldn't be started due to an error</li><li>**started** - Network protection is running on the device</li><li>**restarting** - Network protection is restarting</li><li>**stopping** - Network protection is stopping</li><li>**stopped** - Network protection isn't running</li></ul>|
-|org_id|Organization that the device is onboarded to. If the device isn't yet onboarded to any organization, this prints unavailable. For more information on onboarding, see [Onboard to Microsoft Defender for Endpoint](onboarding.md).|
-|passive_mode_enabled|True if the antivirus component is set to run in passive mode, false otherwise.|
-|product_expiration|Date and time when the current product version reaches end of support.|
-|real_time_protection_available|True if the real-time protection component is healthy, false otherwise.|
-|real_time_protection_enabled|True if real-time antivirus protection is enabled, false otherwise.|
-|real_time_protection_subsystem|Subsystem used to serve real-time protection. If real-time protection isn't operating as expected, this prints unavailable.|
-|release_ring|Release ring. For more information, see [Deployment rings](onboarding.md).|
-|supplementary_events_subsystem|Subsystem that provides supplementary event data. Can be one of the following values: <ul><li>**ebpf** - Default from app version: 101.2408.0000</li><li>**auditd**</li></ul>|
+|`definitions_updated`|Date and time of last antivirus definition update.|
+|`definitions_updated_minutes_ago`|Number of minutes since last antivirus definition update.|
+|`definitions_version`|Antivirus definition version.|
+|`edr_client_version`|Version of the EDR client running on the device.|
+|`edr_configuration_version`|EDR configuration version.|
+|`edr_device_tags`|List of tags associated with the device.|
+|`edr_early_preview_enabled`|Setting of edr early preview. Can be one of the following: <br/>- **disabled** <br/>- **enabled**|
+|`edr_group_ids`|Group ID that the device is associated with.|
+|`edr_machine_id`|Device identifier used in the Microsoft Defender portal.|
+|`engine_load_status`|Status of antivirus engine to determine whether it's running. Can be one of the following: <br/>- **Engine not loaded** - antivirus engine process is down<br/>- **Engine load succeeded** - antivirus engine process is up and running|
+|`engine_version`|Version of the antivirus engine.|
+|`healthy`|`True` if the product is healthy, `false` otherwise.|
+|`health_issues`|Lists health issues if any.|
+|`licensed`|`True` if the device is onboarded to a tenant, `false` otherwise.|
+|`log_level`|Current log level for the product. Can be one of the following values: <br/>- **info** <br/>- **debug**|
+|`machine_guid`|Unique machine identifier used by the antivirus component.|
+|`network_protection_enforcement_level`|Mode of network protection. <br/><br/>Can be one of the following: <br/>- **disabled** - all components associated with network protection are disabled<br/>- **block** - network protection prevents connection to malicious websites<br/>- **audit** - Check how blocks occur|
+|`network_protection_status`|Status of the network protection component (macOS only).<br/><br/> Can be one of the following values: <br/>- **starting** - Network protection is starting<br/>- **failed_to_start** - Network protection couldn't be started due to an error<br/>- **started** - Network protection is running on the device<br/>- **restarting** - Network protection is restarting<br/>- **stopping** - Network protection is stopping<br/>- **stopped** - Network protection isn't running|
+|`org_id`|Organization that the device is onboarded to. If the device isn't yet onboarded to any organization, it shows as `unavailable`. For more information on onboarding, see [Onboard to Microsoft Defender for Endpoint](onboarding.md).|
+|`passive_mode_enabled`|`True` if the antivirus component is set to run in passive mode, `false` otherwise.|
+|`product_expiration`|Date and time when the current product version reaches end of support.|
+|`real_time_protection_available`|`True` if the real-time protection component is healthy, `false` otherwise.|
+|`real_time_protection_enabled`|`True` if real-time antivirus protection is enabled, `false` otherwise.|
+|`real_time_protection_subsystem`|Subsystem used to serve real-time protection. If real-time protection isn't operating as expected, it shows as `unavailable`.|
+|`release_ring`|Release ring. For more information, see [Deployment rings](onboarding.md).|
+|`supplementary_events_subsystem`|Subsystem that provides supplementary event data. Can be one of the following values: <br/>- **ebpf** - Default from app version: `101.2408.0000`<br/>- **auditd**|
 
 ## Component specific health
 
