MicrosoftDocs
diff --git a/‎defender-endpoint/application-deployment-via-mecm.md‎
Lines changed: 51 additions & 35 deletions b/‎defender-endpoint/application-deployment-via-mecm.md‎
Lines changed: 51 additions & 35 deletions
diff --git a/‎defender-endpoint/comprehensive-guidance-on-linux-deployment.md‎
Lines changed: 13 additions & 8 deletions b/‎defender-endpoint/comprehensive-guidance-on-linux-deployment.md‎
Lines changed: 13 additions & 8 deletions
diff --git a/‎defender-endpoint/configure-endpoints-gp.md‎
Lines changed: 2 additions & 1 deletion b/‎defender-endpoint/configure-endpoints-gp.md‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎defender-endpoint/configure-endpoints-mdm.md‎
Lines changed: 3 additions & 3 deletions b/‎defender-endpoint/configure-endpoints-mdm.md‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎defender-endpoint/configure-endpoints-non-windows.md‎
Lines changed: 3 additions & 3 deletions b/‎defender-endpoint/configure-endpoints-non-windows.md‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎defender-endpoint/configure-endpoints-script.md‎
Lines changed: 3 additions & 3 deletions b/‎defender-endpoint/configure-endpoints-script.md‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎defender-endpoint/configure-endpoints-vdi.md‎
Lines changed: 2 additions & 1 deletion b/‎defender-endpoint/configure-endpoints-vdi.md‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎defender-endpoint/configure-environment.md‎
Lines changed: 3 additions & 3 deletions b/‎defender-endpoint/configure-environment.md‎
Lines changed: 3 additions & 3 deletions
@@ -13,104 +13,120 @@ ms.collection:
 - m365-security
 - tier1
 ms.topic: conceptual
-ms.date: 06/27/2022
+ms.date: 03/14/2025
 ---
 
 # Migrating servers from Microsoft Monitoring Agent to the unified solution
 
 **Applies to:**
 
-- Windows Server 2012 R2
-- Windows Server 2016
+- Microsoft Defender for Endpoint for servers
+- Microsoft Defender for Servers Plan 1 or Plan 2
 
-This article guides you in migrating down-level servers from Microsoft Monitoring Agent (MMA) to the unified solution.
+This article guides you in migrating servers running Windows Server 2016 or Windows Server 2012 R2 from Microsoft Monitoring Agent (MMA) to the modern, unified solution. In this article, the phrase *down-level servers* refers to older versions of Windows Server, such as Windows Server 2016 and Windows Server 2012 R2.
 
 ## Prerequisites
 
-- Microsoft Endpoint Configuration Manager (MECM) higher than 2207.
+- Microsoft Configuration Manager higher than 2207.
 - Down-level OS devices in your environment onboarded with Microsoft Monitoring Agent. To confirm, verify that `MsSenseS.exe` is running in Task Manager.
 - Presence of the MMA agent. You can verify it by checking if the correct Workspace ID is present in the Control Panel> Microsoft Monitoring Agent.
 - Active Microsoft Defender portal with devices onboarded.
-- A **Device Collection** containing down-level servers such as Windows Server 2012 R2 or Windows Server 2016 using MMA agent is set up in your MECM instance.
+- A **Device Collection** containing down-level servers such as Windows Server 2012 R2 or Windows Server 2016 using MMA agent is set up in your Configuration Manager instance.
 
-For more information on installing the listed prerequisites, see [related topics](#related-topics) section.
+For more information on installing the listed prerequisites, see [related articles](#related-articles) section.
 
 ## Gather required files
 
-Copy the unified solution package, onboarding script and migration script to the same content source you deploy other apps with MECM.
+Copy the unified solution package, onboarding script, and migration script to the same content source you deploy other apps with Configuration Manager.
+
+1. Download Onboarding Script and the unified solution from [Microsoft Defender portal settings page](https://sip.security.microsoft.com/preferences2/onboarding).
 
-1. Download Onboarding Script and the unified solution from [Microsoft Defender XDR settings page](https://sip.security.microsoft.com/preferences2/onboarding).
    :::image type="content" source="media/onboarding-script.png" alt-text="Screenshot of onboarding script and unified solution download" lightbox="media/onboarding-script.png":::
+
    > [!Note]
    > You must select the Group Policy from the Deployment method dropdown to obtain the .cmd file.
+
 2. Download the migration script from the document: [Server migration scenarios from the previous, MMA-based Microsoft Defender for Endpoint solution](server-migration.md). This script can also be found on GitHub: [GitHub - microsoft/mdefordownlevelserver](https://github.com/microsoft/mdefordownlevelserver).
-3. Save all three files in a shared folder used by MECM as a Software Source.
 
-   :::image type="content" source="media/ua-migration.png" alt-text="Screenshot of saving the shared folder by MECM.":::
+3. Save all three files in a shared folder used by Configuration Manager as a Software Source.
+
+   :::image type="content" source="media/ua-migration.png" alt-text="Screenshot of saving the shared folder by Configuration Manager.":::
 
 ## Create the package as an application
 
-1. In the MECM console, follow these steps: **Software Library>Applications>Create Application**.
+1. In the Configuration Manager console, go to **Software Library** > **Applications** > **Create Application**.
+
 2. Select **Manually specify the application information**.
    :::image type="content" source="media/manual-application-information.png" alt-text="Screenshot of manually specifying the application information selection." lightbox="media/manual-application-information.png":::
+
 3. Select **Next** on the Software Center screen of the wizard.
-4. On the Deployment Types, click **Add**.
+
+4. On the Deployment Types, select **Add**.
+
 5. Select **Manually to specify the deployment type information** and select **Next**.
+
 6. Give a name to your script deployment and select **Next**.
 
    :::image type="content" source="media/manual-deployment-information.png" alt-text="Screenshot specifying the script deployment information.":::
-7. On this step, copy the UNC path that your content is located. Example: `\\ServerName\h$\SOFTWARE_SOURCE\path`.
+
+7. Copy the UNC path that your content is located. Example: `\\ServerName\h$\SOFTWARE_SOURCE\path`.
 
    :::image type="content" source="media/deployment-type-wizard.png" alt-text="Screenshot that shows UNC path copy.":::
 
-8. Additionally, set the following as the installation program:
+8. Set the installation program by using the following command:
 
      ```powershell
       Powershell.exe -ExecutionPolicy ByPass -File install.ps1 -RemoveMMA <workspace ID> -OnboardingScript .\WindowsDefenderATPOnboardingScript.cmd
      ```
 
-      Click **Next** and make sure to add your own Workspace ID in this section.
-9. Click **Next** and click add a clause.
-10. The detection method will be based on the registry key shown below.
-      `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sense`
-
-      Check the option: **This registry setting must exit on the target system to indicate presence of this application.**
+   Select **Next**, and make sure to add your own Workspace ID in this section.
 
-      :::image type="content" source="media/detection-wizard.png" alt-text="Screenshot that shows detection type wizard":::
+9. Select **Next**, and then select **add a clause**.
 
-      > [!TIP]
-      > The registry key value was obtained by running the Powershell command shown below on a device that has the unified solution installed. Other creative methods of detection can also be used. The goal is to identify whether the unified solution has already been installed on a specific device. You can leave the Value and Data Type fields as blank.
+10. The detection method is based on this registry key: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sense`.
 
+     Select the option: **This registry setting must exit on the target system to indicate presence of this application.**
+  
+     :::image type="content" source="media/detection-wizard.png" alt-text="Screenshot that shows detection type wizard":::
+  
+     > [!TIP]
+     > The registry key value was obtained by running the following PowerShell command on a device that has the unified solution installed. Other creative methods of detection can also be used. The goal is to identify whether the unified solution has already been installed on a specific device. You can leave the Value and Data Type fields as blank.
+  
      ```powershell
-      get-wmiobject Win32_Product | Sort-Object -Property Name |Format-Table IdentifyingNumber, Name, LocalPackage -AutoSize
+     get-wmiobject Win32_Product | Sort-Object -Property Name |Format-Table IdentifyingNumber, Name, LocalPackage -AutoSize
      ```
 
-11. In the **User Experience** section, check the recommended settings shown in the screenshot. You can choose what suits your environment and click **Next**. For **Installation program visibility**, it's advisable to install with **Normal** during phase testing then change it to **Minimized** for general deployment.
+11. In the **User Experience** section, check the recommended settings shown in the screenshot. You can choose what suits your environment, and then select **Next**. 
 
+     For **Installation program visibility**, it's advisable to install with **Normal** during phase testing then change it to **Minimized** for general deployment.
+  
      > [!TIP]
      > The maximum allowed runtime can be lowered from (default) 120 minutes to 60 minutes.
+  
+     :::image type="content" source="media/user-experience-in-deployment-type-wizard.png" alt-text="Screenshot that shows user experience in deployment-type wizard." lightbox="media/user-experience-in-deployment-type-wizard.png":::
 
-     :::image type="content" source="media/user-experience-in-deployment-type-wizard.png" alt-text="Screenshot that shows user experience in deployment-type wizard.":::
+12. Add any additional requirements, and then select **Next**.
 
-12. Add any additional requirements then select **Next**.
 13. Under the Dependencies section, select **Next**.
-14. Select **Next** until completion screen comes up, then **Close**.
-15. Keep select **Next** until the completion of Application Wizard. Verify all have been green checked.
+
+14. Select **Next** until completion screen comes up, and then select **Close**.
+
+15. Keep selecting **Next** until the completion of Application Wizard. Verify all have been green checked.
+
 16. Close the wizard, right-click on the recently created application and deploy it to your down-level-server collection. Locally, the installation can be confirmed at Software Center. For details, check the CM logs at `C:\Windows\CCM\Logs\AppEnforce.log`.
 
     :::image type="content" source="media/deploy-application.png" alt-text="Screenshot that shows deployment of created application." lightbox="media/deploy-application.png":::
 
-17. Verify the status of the migration at MECM > Monitoring > Deployments.
+17. Verify the status of the migration in Configuration Manager by going to **Monitoring** > **Deployments**.
 
-    :::image type="content" source="media/deployment-status.png" alt-text="Screenshot that shows deployment status check." lightbox="media/deployment-status.png":::
+18. Troubleshooting .ETL files are created and automatically saved locally in each server at this location `C:\Windows\ccmcache\#\`. These files can be leveraged by support to troubleshoot onboarding issues.
 
-18. Troubleshooting .ETL files will be created and automatically saved locally in each server at this location `C:\Windows\ccmcache\#\`. These files can be leveraged by support to troubleshoot onboarding issues.
-
-## Related topics
+## Related articles
 
 - [Microsoft Monitoring Agent Setup](/services-hub/health/mma-setup)
 - [Deploy applications - Configuration Manager](/mem/configmgr/apps/deploy-use/deploy-applications)
 - [Microsoft Defender for Endpoint - Configuration Manager](/mem/configmgr/protect/deploy-use/defender-advanced-threat-protection)
 - [Onboard Windows servers to the Microsoft Defender for Endpoint service](configure-server-endpoints.md)
 - [Microsoft Defender for Endpoint: Defending Windows Server 2012 R2 and 2016](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/defending-windows-server-2012-r2-and-2016/ba-p/2783292)
+
 [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]
@@ -19,6 +19,11 @@ ms.date: 12/10/2024
 
 # Advanced deployment guidance for Microsoft Defender for Endpoint on Linux
 
+**Applies to:**
+
+- Microsoft Defender for Endpoint for servers
+- Microsoft Defender for Servers Plan 1 or Plan 2
+
 > [!TIP]
 > We are excited to share that Microsoft Defender for Endpoint on Linux now extends support for ARM64-based Linux servers in preview! For more information, see [Microsoft Defender for Endpoint on Linux for ARM64-based devices (preview)](mde-linux-arm.md).
 
@@ -176,7 +181,7 @@ This step of the setup process involves adding Defender for Endpoint to the excl
 
   :::image type="content" source="media/mdatp-health-result.png" alt-text="Image of mdatp health result":::
 
-  Under "conflicting_applications", if you see a result other than "unavailable", uninstall the non-Microsoft antimalware.
+  Under "conflicting_applications", if you see a result other than "unavailable," uninstall the non-Microsoft antimalware.
 
 - If you don't uninstall the non-Microsoft antimalware product, you might encounter unexpected behaviors such as performance issues, stability issues such as systems hanging, or kernel panics.
 
@@ -456,13 +461,13 @@ To verify Microsoft Defender for Endpoint on Linux platform updates, run the fol
 sudo yum update mdatp
 ```
 
-or
+Or
 
 ```bash
 apt-get update mdatp
 ```
 
-depending on your package manager.
+Depending on your package manager.
 
 For more information, see [Device health and Microsoft Defender antimalware health report](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/new-device-health-reporting-for-microsoft-defender-for-endpoint/bc-p/3616205#M1963).
 
@@ -483,7 +488,7 @@ Microsoft regularly publishes software updates to improve performance, security,
 With macOS and Linux, you could take a couple of systems and run in the Beta channel.
 
 > [!NOTE]
-> Ideally you should include one of each type of Linux system you are running in the Preview channel so that you are able to find compatibility, performance and reliability issues before the build makes it into the Current channel.
+> Ideally you should include one of each type of Linux system you're running in the Preview channel so that you're able to find compatibility, performance, and reliability issues before the build makes it into the Current channel.
 
 The choice of the channel determines the type and frequency of updates that are offered to your device. Devices in Beta are the first ones to receive updates and new features, followed later by Preview and lastly by Current.
 
@@ -492,7 +497,7 @@ The choice of the channel determines the type and frequency of updates that are
 In order to preview new features and provide early feedback, it's recommended that you configure some devices in your enterprise to use either Beta or Preview.
 
 > [!WARNING]
-> Switching the channel after the initial installation requires the product to be reinstalled. To switch the product channel: uninstall the existing package, re-configure your device to use the new channel, and follow the steps in this document to install the package from the new location.
+> Switching the channel after the initial installation requires the product to be reinstalled. To switch the product channel: uninstall the existing package, reconfigure your device to use the new channel, and follow the steps in this document to install the package from the new location.
 
 ## 18. Verify that you're able to get security intelligence updates (signatures/definition updates)
 
@@ -512,15 +517,15 @@ To ensure that the device is correctly onboarded and reported to the service, ru
   curl -o /tmp/eicar.com.txt https://secure.eicar.org/eicar.com.txt
   ```
 
-- You can run additional detection tests on zip files using either of the following commands:
+- You can run more detection tests on zip files using either of the following commands:
 
   ```bash
   curl -o /tmp/eicar_com.zip https://secure.eicar.org/eicar_com.zip
   curl -o /tmp/eicarcom2.zip https://secure.eicar.org/eicarcom2.zip
   ```
 
    > [!NOTE]
-   > If the detections do not show up, it could be that you have set "allowedThreats" to allow in preferences via Ansible or Puppet.
+   > If the detections don't show up, it could be that you have set "allowedThreats" to allow in preferences via Ansible or Puppet.
 
 - Endpoint detection and response (EDR) detections, see [Experience Microsoft Defender for Endpoint through simulated attacks](attack-simulations.md). If the detection doesn't show up, then it could be that we're missing event or alerts in portal. For more information, see [Troubleshoot missing events or alerts issues for Microsoft Defender for Endpoint on Linux](linux-support-events.md).
 
@@ -612,7 +617,7 @@ Then your next step is to uninstall your non-Microsoft antivirus, antimalware, a
 - [Boost protection of Linux estate with behavior monitoring](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/boost-protection-of-your-linux-estate-with-behavior-monitoring/ba-p/2909320)
 
   > [!NOTE]
-  > The behavior monitoring functionality complements existing strong content-based capabilities, however you should carefully evaluate this feature in your environment before deploying it broadly since enabling behavioral monitoring consumes more resources and may cause performance issues.
+  > The behavior monitoring functionality complements existing strong content-based capabilities. However you should carefully evaluate this feature in your environment before deploying it broadly since enabling behavioral monitoring consumes more resources and may cause performance issues.
 
 - [Unified submissions in Microsoft Defender XDR](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/unified-submissions-in-microsoft-365-defender-now-generally/ba-p/3270770)
 
 
@@ -27,7 +27,8 @@ search.appverid: met150
 
 - Group Policy
 - [Microsoft Defender for Endpoint Plan 1 and Plan 2](microsoft-defender-endpoint.md)
-- [Microsoft Defender XDR](/defender-xdr)
+- Microsoft Defender for Endpoint for servers
+- Microsoft Defender for Servers Plan 1 or Plan 2
 
 > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://go.microsoft.com/fwlink/p/?linkid=2225630)
 
 
@@ -22,9 +22,9 @@ ms.date: 10/31/2024
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
 **Applies to:**
-- [Microsoft Defender for Endpoint Plan 1](microsoft-defender-endpoint.md)
-- [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md)
-- [Microsoft Defender XDR](/defender-xdr)
+- [Microsoft Defender for Endpoint Plan 1 and Plan 2](microsoft-defender-endpoint.md)
+- Microsoft Defender for Endpoint for servers
+- Microsoft Defender for Servers Plan 1 or Plan 2
 
 > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://go.microsoft.com/fwlink/p/?linkid=2225630)
 
 
@@ -22,9 +22,9 @@ ms.date: 06/25/2024
 
 **Applies to:**
 
-- [Microsoft Defender XDR](/defender-xdr)
-- [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md)
-- [Microsoft Defender for Endpoint Plan 1](microsoft-defender-endpoint.md)
+- [Microsoft Defender for Endpoint Plan 1 and Plan 2](microsoft-defender-endpoint.md)
+- Microsoft Defender for Endpoint for servers
+- Microsoft Defender for Servers Plan 1 or Plan 2
 
 **Platforms**
 - macOS
 
@@ -23,9 +23,9 @@ ms.date: 02/29/2024
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
 **Applies to:**
-- [Microsoft Defender for Endpoint Plan 1](microsoft-defender-endpoint.md)
-- [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md)
-- [Microsoft Defender XDR](/defender-xdr)
+- [Microsoft Defender for Endpoint Plan 1 and Plan 2](microsoft-defender-endpoint.md)
+- Microsoft Defender for Endpoint for servers
+- Microsoft Defender for Servers Plan 1 or Plan 2
 
 > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://go.microsoft.com/fwlink/p/?linkid=2225630)
 
 
@@ -23,7 +23,8 @@ ms.subservice: onboard
 **Applies to:**
 
 - [Microsoft Defender for Endpoint Plan 1 and Plan 2](microsoft-defender-endpoint.md)
-- [Microsoft Defender XDR](/defender-xdr)
+- Microsoft Defender for Endpoint for servers
+- Microsoft Defender for Servers Plan 1 or Plan 2
 - Virtual desktop infrastructure (VDI) devices
 - Windows 11
 - Windows 10
 
@@ -21,9 +21,9 @@ ms.date: 02/04/2025
 
 **Applies to:**
 
-- [Microsoft Defender for Endpoint Plan 1](microsoft-defender-endpoint.md)
-- [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md)
-- [Microsoft Defender XDR](/defender-xdr)
+- [Microsoft Defender for Endpoint Plan 1 and Plan 2](microsoft-defender-endpoint.md)
+- Microsoft Defender for Endpoint for servers
+- Microsoft Defender for Servers Plan 1 or Plan 2
 
 > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://go.microsoft.com/fwlink/p/?linkid=2225630)