Merge pull request #1082 from denisebmsft/docs-editor/edr-detection-1722897070

Update edr-detection.md

Author: denisebmsft

defender-endpoint/edr-detection.md

@@ -15,7 +15,7 @@ ms.custom: admindeeplinkDEFENDER
 ms.topic: conceptual
 ms.subservice: edr
 search.appverid: met150
-ms.date: 08/01/2024
+ms.date: 08/06/2024
 ---
 
 # EDR detection test for verifying device's onboarding and reporting services
@@ -33,7 +33,7 @@ ms.date: 08/01/2024
 - macOS
 - Microsoft Defender for Endpoint
 - Microsoft Defender for Endpoint on Linux
-- Microsoft Defender for Endpoint on macOS
+<!---- Microsoft Defender for Endpoint on macOS--->
 
 Endpoint detection and response for Endpoint provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats.
 
@@ -43,14 +43,13 @@ Run an EDR detection test to verify that the device is properly onboarded and re
 
 1. Open a Command Prompt window
 
-2. At the prompt, copy and run the command below. The Command Prompt window will close automatically.
+2. At the prompt, copy and run the following command. The Command Prompt window closes automatically.
 
+   ```powershell
+   powershell.exe -NoExit -ExecutionPolicy Bypass -WindowStyle Hidden $ErrorActionPreference= 'silentlycontinue';(New-Object System.Net.WebClient).DownloadFile('http://127.0.0.1/1.exe', 'C:\\test-WDATP-test\\invoice.exe');Start-Process 'C:\\test-WDATP-test\\invoice.exe'
+   ```
 
-```powershell
-powershell.exe -NoExit -ExecutionPolicy Bypass -WindowStyle Hidden $ErrorActionPreference= 'silentlycontinue';(New-Object System.Net.WebClient).DownloadFile('http://127.0.0.1/1.exe', 'C:\\test-WDATP-test\\invoice.exe');Start-Process 'C:\\test-WDATP-test\\invoice.exe'
-```
-
-3. If successful, the detection test will be marked as completed and a new alert will appear in few minutes.
+3. If successful, the detection test is marked as completed and a new alert appears within a few minutes.
 
 ### Linux
 
@@ -64,7 +63,7 @@ curl -o ~/Downloads/MDE Linux DIY.zip https://aka.ms/MDE-Linux-EDR-DIY
 1. Extract the zip 
 
 ```bash
-unzip ~/Downloads/MDE Linux DIY.zip
+unzip ~/Downloads/MDE-Linux-EDR-DIY.zip
 ```
 
 1. And run the following command: 
@@ -77,6 +76,7 @@ After a few minutes, a detection should be raised in Microsoft Defender XDR.
 
 3. Look at the alert details, machine timeline, and perform your typical investigation steps.
 
+<!---
 ### macOS
 
 1. In your browser, Microsoft Edge for Mac or Safari, download *MDATP MacOS DIY.zip* from [https://aka.ms/mdatpmacosdiy](https://aka.ms/mdatpmacosdiy) and extract.
@@ -129,12 +129,16 @@ After a few minutes, a detection should be raised in Microsoft Defender XDR.
 
     Look at the alert details and the device timeline, and perform the regular investigation steps.
 
- Next steps that you can consider performing are to add AV exclusions as needed for application compatibility or performance:
+--->
+
+## Next steps
+
+If you're experiencing issues with application compatibility or performance, you might consider adding exclusions. See the following articles for more information:
 
 - [Configure and validate exclusions for Microsoft Defender for Endpoint on macOS](mac-exclusions.md)
 - [Address false positives/negatives in Microsoft Defender for Endpoint](defender-endpoint-false-positives-negatives.md)
 - [Manage suppression rules](manage-suppression-rules.md)
 - [Create indicators of compromise (IoC)](manage-indicators.md)
 - [Create and manage custom detections rules](/defender-xdr/custom-detection-rules)
 
-Read through [Microsoft Defender for Endpoint Security Operations Guide](mde-sec-ops-guide.md).
+Also, see the [Microsoft Defender for Endpoint Security Operations Guide](mde-sec-ops-guide.md).

defender-endpoint/microsoft-defender-endpoint-mac.md

@@ -15,7 +15,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: macos
 search.appverid: met150
-ms.date: 05/08/2024
+ms.date: 08/06/2024
 ---
 
 # Microsoft Defender for Endpoint on Mac
@@ -70,14 +70,17 @@ There are several methods and deployment tools that you can use to install and c
 ### System requirements
 
 The three most recent major releases of macOS are supported.
+
 - 14 (Sonoma), 13 (Ventura), 12 (Monterey)
+
   > [!IMPORTANT]
   > On macOS 11 (Big Sur) and above, Microsoft Defender for Endpoint requires additional configuration profiles. If you are an existing customer upgrading from earlier versions of macOS, make sure to deploy the additional configuration profiles listed on [New configuration profiles for macOS Big Sur and newer versions of macOS](mac-sysext-policies.md).
 
-- Supported processors: x64 and ARM64.
+- Supported processors: x64 and ARM64
+
 - Disk space: 1GB
 
-Beta versions of macOS aren't supported.
+- Beta versions of macOS aren't supported.
 
 After you've enabled the service, you may need to configure your network or firewall to allow outbound connections between it and your endpoints.
 
@@ -119,6 +122,8 @@ If a proxy or firewall is blocking anonymous traffic, make sure that anonymous t
 >
 > SSL inspection and intercepting proxies are also not supported for security reasons. Configure an exception for SSL inspection and your proxy server to directly pass through data from Microsoft Defender for Endpoint on macOS to the relevant URLs without interception. Adding your interception certificate to the global store will not allow for interception.
 
+#### Test network connectivity
+
 To test that a connection isn't blocked, open <https://x.cp.wd.microsoft.com/api/report> and <https://cdn.x.cp.wd.microsoft.com/ping> in a browser.
 
 If you prefer the command line, you can also check the connection by running the following command in Terminal: