MicrosoftDocs
diff --git a/‎defender-endpoint/linux-exclusions.md‎
Lines changed: 11 additions & 15 deletions b/‎defender-endpoint/linux-exclusions.md‎
Lines changed: 11 additions & 15 deletions
@@ -15,7 +15,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: linux
 search.appverid: met150
-ms.date: 02/19/2025
+ms.date: 02/21/2025
 ---
 
 # Configure and validate exclusions for Microsoft Defender for Endpoint on Linux
@@ -71,7 +71,7 @@ The following table shows the exclusion types supported by Defender for Endpoint
 |Process|A specific process (specified either by the full path or file name) and all files opened by it.<br/>*We recommend using full and trusted process launch path.*|`/bin/cat`<br/>`cat`<br/>`c?t`|
 
 > [!IMPORTANT]
-> The paths used must be hard links, not symbolic links, in order to be successfully excluded. You can check if a path is a symbolic link by running `file <path-name>`. When implementing global process exclusions, exclude only what is absolutely necessary to ensure system reliability and security. Verify that the process is known and trusted, specify the complete path to the process location, and confirm that the process will consistently launch from the same trusted full path.
+> The paths used must be hard links, not symbolic links, in order to be successfully excluded. You can check if a path is a symbolic link by running `file <path-name>`. When implementing global process exclusions, exclude only what is necessary to ensure system reliability and security. Verify that the process is known and trusted, specify the complete path to the process location, and confirm that the process will consistently launch from the same trusted full path.
 
 ### File, folder, and process exclusions support the following wildcards:
 
@@ -87,11 +87,11 @@ Wildcard|Description|Examples|
 
 ## How to configure the list of exclusions
 
-You can configure exclusions using a management console, Defender for Endpoint security settings management, or the command line.
+You can configure exclusions using a management Json configuration, Defender for Endpoint security settings management, or the command line.
 
 ### Using the management console
 
-To configure exclusions from Puppet, Ansible, or another management console, please refer to the following sample `mdatp_managed.json`.
+In enterprise environments, exclusions can also be managed through a configuration profile. Typically, you would use a configuration management tool like Puppet, Ansible, or another management console to push a file with the name `mdatp_managed.json` at the location `/etc/opt/microsoft/mdatp/managed/`. For more information, see [Set preferences for Defender for Endpoint on Linux](linux-preferences.md). Please refer to the following sample of `mdatp_managed.json`. 
 
 ```JSON
 {
@@ -138,43 +138,39 @@ To configure exclusions from Puppet, Ansible, or another management console, ple
 }
 ```
 
-For more information, see [Set preferences for Defender for Endpoint on Linux](linux-preferences.md).
-
 ### Using Defender for Endpoint security settings management
 
 > [!NOTE]
+> This method is currently in private Preview. To enable this feature, please reach out to [email protected].
 > Make sure to review the prerequisites: [Defender for Endpoint security settings management prerequisites](/mem/intune/protect/mde-security-integration#prerequisites)
 
-As a security administrator, you can configure Defender for Endpoint exclusions using the Microsoft Defender portal. This method is referred to as Defender for Endpoint security settings management. If you're using this method for the first time, make sure to complete the following procedures:
+You can use the Microsoft Intune admin center or the Microsoft Defender portal to manage exclusions as endpoint security policies and assign those policies to Microsoft Entra ID groups. If you're using this method for the first time, make sure to complete the following steps:
 
 #### 1. Configure your tenant to support security settings management
 
 1. In the [Microsoft Defender portal](https://security.microsoft.com), navigate to **Settings** > **Endpoints** > **Configuration Management** > **Enforcement Scope**, and then select the Linux platform. 
 
-2. Tag devices with the `MDE-Management` tag. Most devices enroll and receive the policy within minutes, although some might take up to 24 hours. For more information, see [Learn how to use Intune endpoint security policies to manage Microsoft Defender for Endpoint on devices that are not enrolled with Intune](/mem/intune/protect/mde-security-integration).
+2. Tag devices with the `MDE-Management` tag. Most devices enroll and receive the policy within minutes, although some might take up to 24 hours. For more information, see [Learn how to use Intune endpoint security policies to manage Microsoft Defender for Endpoint on devices that aren't enrolled with Intune](/mem/intune/protect/mde-security-integration).
 
 #### 2. Create a Microsoft Entra group
 
-Create a dynamic Microsoft Entra group that uses the operating system type to ensure that all devices onboarded to Defender for Endpoint receive policies. Using a dynamic group allows devices managed by Defender for Endpoint to be automatically added to the group, eliminating the need for admins to create new policies manually. For more information, see the following articles:
-
-- [Create Microsoft Entra Groups](/mem/intune/protect/mde-security-integration#create-microsoft-entra-groups) 
-- [Microsoft Entra groups overview](/entra/fundamentals/concept-learn-about-groups)
+Create a dynamic Microsoft Entra group based on the operating system type to ensure that all devices onboarded to Defender for Endpoint receive the appropriate policies. This dynamic group automatically includes devices managed by Defender for Endpoint, eliminating the need for admins to manually create new policies. For more information, see the following article: [Create Microsoft Entra Groups](/mem/intune/protect/mde-security-integration#create-microsoft-entra-groups) 
 
 #### 3. Create an endpoint security policy 
 
 1. In the [Microsoft Defender portal](https://security.microsoft.com), go to **Endpoints** > **Configuration management** > **Endpoint security policies**, and then select **Create new Policy**. 
 
 2. For Platform, select **Linux**.
 
-3. Select the required exclusion template (**Microsoft defender global exclusion (AV+EDR) for global exclusions and Microsoft defender antivirus exclusions for antivirus exclusions**), and then select **Create policy**.
+3. Select the required exclusion template (`Microsoft defender global exclusions (AV+EDR)` for global exclusions and `Microsoft defender antivirus exclusions` for antivirus exclusions), and then select **Create policy**.
 
 4. On the **Basics** page, enter a name and description for the profile, then choose **Next**.
 
 5. On the **Settings** page, expand each group of settings, and configure the settings you want to manage with this profile.
 
 6. When you're done configuring settings, select **Next**.
 
-7. On the **Assignments** page, select the groups that will receive this profile. Then select **Next**.
+7. On the **Assignments** page, select the groups that receive this profile. Then select **Next**.
 
 8. On the **Review + create** page, when you're done, select **Save**. The new profile is displayed in the list when you select the policy type for the profile you created.
 
@@ -420,7 +416,7 @@ To get the name of a detected threat, run the following command:
 mdatp threat list
 ```
 
-For example, to add `EICAR-Test-File (not a virus)` to the allow list, run the following command:
+For example, to add `EICAR-Test-File (not a virus)` to the allowlist, run the following command:
 
 ```bash
 mdatp threat allowed add --name "EICAR-Test-File (not a virus)"