Merge pull request #980 from YongRhee-MSFT/docs-editor/microsoft-defender-core-servic-1721342983

Update microsoft-defender-core-service-configurations-and-experimentation.md

Author: denisebmsft

defender-endpoint/microsoft-defender-core-service-configurations-and-experimentation.md

@@ -7,7 +7,7 @@ author: YongRhee-MSFT
 ms.author: yongrhee
 manager: deniseb
 ms.localizationpriority: medium
-ms.date: 03/26/2024
+ms.date: 07/19/2024
 audience: ITPro
 ms.topic: troubleshooting
 ms.subservice: ngp
@@ -21,6 +21,9 @@ ms.collection:
 
 This article describes the interaction between Microsoft Defender Core Service and the Experimentation and Configuration Service (ECS). Microsoft Defender Core Service is a part of Microsoft Defender Antivirus and communicates with ECS to request and receive different kinds of payloads. These payloads include configurations, feature rollouts, and experiments. 
 
+> [!CAUTION]
+> If you disable communications with the service, this will affect Microsoft's ability to respond to a severe bug in a timely manner. 
+
 > [!IMPORTANT]
 > Make sure clients can access the following URLs so payloads can be received:
 >
@@ -31,27 +34,25 @@ This article describes the interaction between Microsoft Defender Core Service a
 >
 >Enterprise U.S. Government customers should allow the following URLs: 
 > - `*.events.data.microsoft.com` 
-> - `*.endpoint.security.microsoft.us (GCC-H & DoD)` 
-> - `*.gccmod.ecs.office.com (GCC-M) *.config.ecs.gov.teams.microsoft.us (GCC-H)` 
-> - `*.config.ecs.dod.teams.microsoft.us (DoD)` 
+> - `*.endpoint.security.microsoft.us (GCC-H & DoD)`
+> - `*.gccmod.ecs.office.com (GCC-M)` 
+>- `*.config.ecs.gov.teams.microsoft.us (GCC-H)`
+> - `*.config.ecs.dod.teams.microsoft.us (DoD)`
 
 > [!NOTE]
-> This applies to Microsoft Defender Antivirus platform update version [4.18.24030](microsoft-defender-antivirus-updates.md) or later. 
+> The information in this article applies to Microsoft Defender Antivirus platform update version [4.18.24030](microsoft-defender-antivirus-updates.md) or later. 
 
 ## Configurations
 
 Configurations are the payload meant to ensure product health, security, and privacy compliance, and are intended to have the same value for all the users (based on platforms and channels.) This could be to enable a feature flag for a domain action, and can also be used to disable a feature flag in the event of a bug. 
 
-## Controlled Feature Rollout
+## Controlled feature rollout
 
-Controlled Feature Rollout (CFR) is a procedure for slowly increasing the size of the user group that receives a feature. By distributing a new feature to a randomly selected subset of the user population, it's possible to compare user feedback to an equally sized control group without the feature to measure the impact of the feature. 
+Controlled feature rollout (CFR) is a procedure for slowly increasing the size of the user group that receives a feature. By distributing a new feature to a randomly selected subset of the user population, it's possible to compare user feedback to an equally sized control group without the feature to measure the impact of the feature. 
 
 ## Experiments 
 
-Microsoft Defender Core Service builds have features and functionality that are still in development or are experimental. Experiments are like CFR, but the size of the user group is much smaller for testing the new concept. These features are hidden by default until the feature's rolled out or the experiment's finished. Experiment flags are used to enable and disable these features. 
-
-> [!CAUTION]
-> If you disable communications with the service, this will affect Microsoft's ability to respond to a severe bug in a timely manner. 
+Microsoft Defender Core service follows the [gradual rollout](/defender-endpoint/configure-updates) (based on channels) of engine and platform updates.  Any major changes are announced in [Message Center posts](https://admin.microsoft.com/AdminPortal/Home#/MessageCenter).
 
 ## See also