Merge pull request #3854 from MicrosoftDocs/chrisda

Update mdb-manage-devices.md

Author: chrisda

defender-business/mdb-manage-devices.md

@@ -9,7 +9,7 @@ audience: Admin
 ms.topic: how-to
 ms.service: defender-business
 ms.localizationpriority: medium
-ms.date: 02/28/2025
+ms.date: 05/21/2025
 ms.reviewer: nehabha
 f1.keywords: NOCSH
 ms.collection:
@@ -33,54 +33,60 @@ In Defender for Business, you can manage devices as follows:
 
 :::image type="content" source="/defender/media/defender-business/mdb-device-inventory.png" alt-text="Screenshot of device inventory":::
 
-1. Go to the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) and sign in.
+1. In the Microsoft Defender portal at <https://security.microsoft.com>, go to **Assets** \> **Devices**. Or, to go directly to the **Device inventory** page, use <https://security.microsoft.com/machines>.
+2. On the **Device inventory** page, you can see the list of devices and view some information about them.
+3. Select a device from the list to open the details flyout for the device, where you can learn more about the status of the device and take actions.
 
-2. In the navigation pane, go to **Assets** > **Devices**.
-
-3. Select a device to open its flyout panel, where you can learn more about its status and take action.
-
-   If you don't have any devices listed yet, [Onboard devices to Defender for Business](mdb-onboard-devices.md)
+If no devices are listed, see [Onboard devices to Defender for Business](mdb-onboard-devices.md)
 
 ## Take action on a device that has threat detections
 
 :::image type="content" source="/defender/media/defender-business/mdb-selected-device.png" alt-text="Screenshot of a selected device with details and actions available.":::
 
-1. In the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, go to **Assets** > **Devices**.
+1. In the Microsoft Defender portal at <https://security.microsoft.com>, go to **Assets** \> **Devices**. Or, to go directly to the **Device inventory** page, use <https://security.microsoft.com/machines>.
+2. On the **Device inventory** page, select a device from the list.
+3. In the details flyout that opens, select :::image type="icon" source="media/m365-cc-sc-more-actions-icon.png" border="false"::: **More**, and then select an available action (for example, **Run antivirus scan** or **Initiate Automated Investigation**).
+
+## View the state of Microsoft Defender Antivirus
 
-2. Select a device to open its flyout panel, and review the information that is displayed.
+Microsoft Defender Antivirus is a key component of next-generation protection in Defender for Business. To view the state of Microsoft Defender Antivirus, you have several options:
 
-3. Select the ellipsis (**...**) to open the actions menu.
+- Use the [Device health report](mdb-reports.md#device-health-report).
+- Use one of the methods described in [How to confirm the state of Microsoft Defender Antivirus](/defender-endpoint/microsoft-defender-antivirus-compatibility#how-to-confirm-the-state-of-microsoft-defender-antivirus).
 
-4. Select an action, such as **Run antivirus scan** or **Initiate Automated Investigation**.
+Microsoft Defender Antivirus has one of the following states on devices:
 
-## View the state of Microsoft Defender Antivirus
+- **Active mode** (*recommended*): Microsoft Defender Antivirus is the exclusive antivirus app on a device onboarded to Defender for Business. Files are scanned and threats are remediated. Detection information is reported in the Microsoft Defender portal and in the Windows Security app on Windows devices.
+
+  We recommend active mode so devices onboarded to Defender for Business get all of the following types of protection:
 
-Microsoft Defender Antivirus is a key component of next-generation protection in Defender for Business. When devices are onboarded to Defender for Business, Microsoft Defender Antivirus can have one of the following states:
+  - **Real-time protection**: Locates and stops malware from running on devices.
+  - **Cloud protection**: Works with Microsoft Defender Antivirus and the Microsoft cloud to identify new threats, sometimes even before a single device is affected.
+  - **Network protection**: Helps protect against phishing scams, exploit-hosting sites, and malicious content on the internet.
+  - **Web content filtering**: Regulates access to websites based on content categories (such as adult content, high bandwidth, and legal liability) across all browsers.
+  - **Protection from potentially unwanted applications**: For example:
+    - Advertising software.
+    - Bundled software that offers to install other, unsigned software.
+    - Evasion software that attempts to evade security features.
 
-- Active mode
-- Passive mode
-- Disabled (or uninstalled) mode
+- **Passive mode**: A non-Microsoft antivirus/antimalware product is installed on a device onboarded to Defender for Business. Microsoft Defender Antivirus can detect threats and can receive security intelligence and platform updates. But Microsoft Defender Antivirus doesn't remediate threats.
 
-To view the state of Microsoft Defender Antivirus, you can choose from several options, such as:
+   You can automatically switch to active mode by uninstalling the non-Microsoft antivirus/antimalware product.
 
-- Reports, like the [Device health report](mdb-reports.md#device-health-report); or
-- One of the methods described in [How to confirm the state of Microsoft Defender Antivirus](/defender-endpoint/microsoft-defender-antivirus-compatibility#how-to-confirm-the-state-of-microsoft-defender-antivirus).
+- **Disabled mode**: Also known as *uninstalled mode*. A non-Microsoft antivirus/antimalware product is installed on a device that isn't onboarded to Defender for Business. Microsoft Defender Antivirus isn't currently running on the device; it might be automatically disabled or manually disabled. Microsoft Defender Antivirus can't detect or remediate threats on the device.
 
-The following table describes each state and what it means.
+  You can switch to active mode by doing the following steps:
 
-|Microsoft Defender Antivirus state|What it means|
-|---|---|
-|**Active mode** <br/>(*recommended*)|Microsoft Defender Antivirus is used as the antivirus app on the machine. Files are scanned, threats are remediated, and detection information is reported in the Microsoft Defender portal and in the Windows Security app on a device running Windows.<br/><br/>We recommend running Microsoft Defender Antivirus in active mode so that devices onboarded to Defender for Business will get all of the following types of protection:  <br/>- **Real-time protection**, which locates and stops malware from running on devices. <br/> - **Cloud protection**, which works with Microsoft Defender Antivirus and the Microsoft cloud to identify new threats, sometimes even before a single device is affected.<br/> - **Network protection**, which helps protect against phishing scams, exploit-hosting sites, and malicious content on the internet.<br/> - **Web content filtering**, which regulates access to websites based on content categories (such as adult content, high bandwidth, and legal liability) across all browsers.<br/> - **Protection from potentially unwanted applications**, such as advertising software, bundling software that offers to install other, unsigned software, and evasion software that attempts to evade security features.|
-|**Passive mode**|A non-Microsoft antivirus/antimalware product is installed on the device, and even though the device has been onboarded to Defender for Business, Microsoft Defender Antivirus can detect threats but doesn't remediate them. Devices with Microsoft Defender Antivirus can still receive security intelligence and platform updates. <br/><br/>You can switch Microsoft Defender Antivirus to active mode automatically by uninstalling the non-Microsoft antivirus/antimalware product.|
-|**Disabled mode**|A non-Microsoft antivirus/antimalware product is installed on the device, and the device hasn't been onboarded to Defender for Business. Whether Microsoft Defender Antivirus went into disabled mode automatically or was set manually, it's not currently running on the device. In this case, Microsoft Defender Antivirus neither detects nor remediates threats on the device.<br/><br/>You can switch Microsoft Defender Antivirus to active mode by uninstalling the non-Microsoft antivirus/antimalware solution and onboarding the device to Defender for Business.|
+  1. Uninstall the non-Microsoft antivirus/antimalware solution.
+  2. Onboard the device to Defender for Business.
 
 ## Onboard a device
 
-See [Onboard devices to Defender for Business](mdb-onboard-devices.md).
+For more information, see [Onboard devices to Defender for Business](mdb-onboard-devices.md).
 
 ## Offboard a device
 
-See [Offboarding a device](mdb-offboard-devices.md).
+For more information, see [Offboarding a device](mdb-offboard-devices.md).
 
 ## Next steps