Update onboard-windows-server-2012r2-2016.md

Author: denisebmsft

defender-endpoint/onboard-windows-server-2012r2-2016.md

@@ -69,33 +69,33 @@ The following diagram shows the general steps required to successfully onboard s
 
 2. Follow the guidance for your preferred tool to install Defender for Endpoint:
 
-   - **Command line**: Run this command: `Msiexec /i md4ws.msi /quiet`
+   - **Modern, unified solution**: [Migrating servers from Microsoft Monitoring Agent to the modern, unified solution](application-deployment-via-mecm.md)
    - **Local script**: [Onboard Windows devices using a local script](configure-endpoints-script.md)
    - **Group Policy**:  [Onboard Windows devices using Group Policy](configure-endpoints-gp.md)
-   - **Microsoft Configuration Manager**:
-   - **VDI scripts**:
+   - **Microsoft Configuration Manager**: [Onboard Windows devices using Configuration Manager](configure-endpoints-sccm.md)
+   - **VDI scripts**: [Onboard non-persistent virtual desktop infrastructure (VDI) devices in Microsoft Defender XDR](configure-endpoints-vdi.md)
    - **Direct onboarding with Defender for Cloud**: [Connect your non-Azure machines to Microsoft Defender for Cloud with Defender for Endpoint](/azure/defender-for-cloud/onboard-machines-with-defender-for-endpoint)
 
 For Windows Server, version 1803 or Windows Server 2019 and later, see [Onboard Windows Server, version 1803, Windows Server 2019, and Windows Server 2025 to the Microsoft Defender for Endpoint service](onboard-windows-server.md).
 
 > [!NOTE]
 > Windows Hyper-V Server editions aren't supported.
 
-
 ## Functionality in the modern unified solution
 
-The previous implementation (before April of 2022) of onboarding Windows Server 2016 and Windows Server 2012 R2 required the use of Microsoft Monitoring Agent (MMA). The modern, unified solution package makes it easier to onboard servers by removing dependencies and installation steps. It also provides a much expanded feature set. For more information, see [Tech Community Blog: Defending Windows Server 2012 R2 and 2016](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/defending-windows-server-2012-r2-and-2016/ba-p/2783292).
+The previous implementation (before April of 2022) of onboarding Windows Server 2016 and Windows Server 2012 R2 required the use of Microsoft Monitoring Agent (MMA). The modern, unified solution package makes it easier to onboard servers by removing dependencies and installation steps. It also provides a much expanded feature set. For more information, see the following resources:
+
+- [Server migration scenarios from the previous, MMA-based Microsoft Defender for Endpoint solution](server-migration.md)
+- [Tech Community Blog: Defending Windows Server 2012 R2 and 2016](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/defending-windows-server-2012-r2-and-2016/ba-p/2783292)
 
 Depending on the server that you're onboarding, the unified solution installs Defender for Endpoint and/or the EDR sensor on the server. The following table indicates what component is installed and what is built in by default.
 
-|Server version|AV|EDR|
+|Server version|Microsoft Defender Antivirus|EDR sensor|
 |----|----|----|
 |Windows Server 2012 R2|![Yes](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)|
 |Windows Server 2016|Built-in|![Yes](media/svg/check-yes.svg)|
 |Windows Server 2019 and later|Built-in|Built-in|
 
-If you've previously onboarded your servers using MMA, follow the guidance provided in [Server migration](server-migration.md) to migrate to the new solution.
-
 > [!IMPORTANT]
 > Before proceeding with onboarding, see the section [Known issues and limitations in the new, unified solution package for Windows Server 2012 R2 and Windows Server 2016](#known-issues-and-limitations-in-the-modern-unified-solution).
 
@@ -106,12 +106,6 @@ If you intend to use a non-Microsoft anti-malware solution, you need to run Micr
 > [!NOTE]
 > If you're installing Defender for Endpoint on servers with McAfee Endpoint Security (ENS) or VirusScan Enterprise (VSE), the version of the McAfee platform might need to be updated to ensure Microsoft Defender Antivirus isn't removed or disabled. For more information including the specific version numbers required, see [McAfee Knowledge Center article](https://kcm.trellix.com/corporate/index?page=content&id=KB88214).
 
-## Update packages for Windows Server 2016 or Windows Server 2012 R2
-
-To receive regular product improvements and fixes for the Defender for Endpoint component, ensure Windows Update [KB5005292](https://go.microsoft.com/fwlink/?linkid=2168277) gets applied or approved. In addition, to keep protection components updated, see [Manage Microsoft Defender Antivirus updates and apply baselines](microsoft-defender-antivirus-updates.md#platform-and-engine-releases).
-
-If you're using Windows Server Update Services (WSUS) and/or [Microsoft Endpoint Configuration Manager](/mem/configmgr/core/understand/introduction), this new "Microsoft Defender for Endpoint update for EDR Sensor" is available under the category "Microsoft Defender for Endpoint."
-
 ### Known issues and limitations in the modern unified solution
 
 The following points apply to Windows Server 2016 and Windows Server 2012 R2:
@@ -122,12 +116,19 @@ The following points apply to Windows Server 2016 and Windows Server 2012 R2:
 
 - The user interface on Windows Server 2016 and Windows Server 2012 R2 only allows for basic operations. To perform operations on a device locally, refer to [Manage Defender for Endpoint with PowerShell, WMI, and MPCmdRun.exe](preferences-setup.md). As a result, features that specifically rely on user interaction, such as where the user is prompted to make a decision or perform a specific task, may not work as expected. It's recommended to disable or not enable the user interface nor require user interaction on any managed server as it may impact protection capability.
 
-- Not all Attack Surface Reduction rules are applicable to all operating systems. See [Attack surface reduction rules](attack-surface-reduction-rules-reference.md).
+- Not all attack surface reduction rules are applicable to all operating systems. See [Attack surface reduction rules](attack-surface-reduction-rules-reference.md).
 
 - Operating system upgrades aren't supported. Offboard then uninstall before upgrading. The installer package can only be used to upgrade installations that haven't yet been updated with new antimalware platform or EDR sensor update packages.
 
 - To automatically, deploy and onboard the new solution using Microsoft Endpoint Configuration Manager (MECM) you need to be on [version 2207 or later](/mem/configmgr/core/plan-design/changes/whats-new-in-version-2207#improved-microsoft-defender-for-endpoint-mde-onboarding-for-windows-server-2012-r2-and-windows-server-2016). You can still configure and deploy using version 2107 with the hotfix rollup, but this requires extra deployment steps. See [Microsoft Endpoint Configuration Manager migration scenarios](server-migration.md#microsoft-endpoint-configuration-manager-migration-scenarios) for more information.
 
+## Update packages for Windows Server 2016 or Windows Server 2012 R2
+
+To receive regular product improvements and fixes for the Defender for Endpoint component, ensure Windows Update [KB5005292](https://go.microsoft.com/fwlink/?linkid=2168277) gets applied or approved. In addition, to keep protection components updated, see [Manage Microsoft Defender Antivirus updates and apply baselines](microsoft-defender-antivirus-updates.md#platform-and-engine-releases).
+
+If you're using Windows Server Update Services (WSUS) and/or [Microsoft Endpoint Configuration Manager](/mem/configmgr/core/understand/introduction), this new "Microsoft Defender for Endpoint update for EDR Sensor" is available under the category "Microsoft Defender for Endpoint."
+
+
 ## Verify the onboarding and installation
 
 Verify that Microsoft Defender Antivirus and Defender for Endpoint are running.