diff --git a/defender-business/mdb-onboard-devices.md b/defender-business/mdb-onboard-devices.md
index a34d8b0ddf..036e72cf76 100644
--- a/defender-business/mdb-onboard-devices.md
+++ b/defender-business/mdb-onboard-devices.md
@@ -9,7 +9,7 @@ audience: Admin
 ms.topic: overview
 ms.service: defender-business
 ms.localizationpriority: medium
-ms.date: 06/19/2024
+ms.date: 12/12/2024
 ms.reviewer: efratka, nehabha, muktaagarwal
 f1.keywords: NOCSH
 ms.collection:
@@ -274,7 +274,7 @@ After a device is enrolled in Intune, you can add it to a device group. [Learn m
 ## Servers
 
 > [!NOTE]
-> If you're planning to onboard an instance of Windows Server or Linux Server, you'll need an additional license, such as [Microsoft Defender for Business servers](get-defender-business.md#how-to-get-microsoft-defender-for-business-servers). Alternately, you could use [Microsoft Defender for Servers Plan 1 or Plan 2](/azure/defender-for-cloud/plan-defender-for-servers). To learn more, see [What happens if I have a mix of Microsoft endpoint security subscriptions](mdb-faq.yml#what-happens-if-i-have-a-mix-of-microsoft-endpoint-security-subscriptions)?
+> If you're planning to onboard an instance of Windows Server or Linux Server, you'll need an additional license, such as [Microsoft Defender for Business servers](get-defender-business.md#how-to-get-microsoft-defender-for-business-servers). 
 
 Choose the operating system for your server:
 
diff --git a/defender-endpoint/TOC.yml b/defender-endpoint/TOC.yml
index 9cb53dd181..da810367ab 100644
--- a/defender-endpoint/TOC.yml
+++ b/defender-endpoint/TOC.yml
@@ -137,9 +137,10 @@
             - name: Migrating devices to streamlined method
               href: migrate-devices-streamlined.md
 
-        - name: Onboarding Windows Client
+        - name: Onboard client devices
+          href: onboard-client.md
           items:
-          - name: Onboarding Windows Client overview
+          - name: Onboarding Windows client overview
             href: onboard-windows-client.md
           - name: Defender for Endpoint plug-in for WSL
             href: mde-plugin-wsl.md
@@ -158,7 +159,8 @@
           - name: Onboard previous versions of Windows
             href: onboard-downlevel.md
 
-        - name: Onboarding Windows Server
+        - name: Onboard server devices
+          href: onboard-server.md
           items:
           - name: Onboarding Windows Server overview
             href: onboard-windows-server.md
diff --git a/defender-endpoint/configure-endpoints-sccm.md b/defender-endpoint/configure-endpoints-sccm.md
index b6b55b832b..96bc431420 100644
--- a/defender-endpoint/configure-endpoints-sccm.md
+++ b/defender-endpoint/configure-endpoints-sccm.md
@@ -12,7 +12,7 @@ ms.collection:
 - tier1
 ms.custom: admindeeplinkDEFENDER
 ms.topic: conceptual
-ms.date: 05/20/2024
+ms.date: 12/13/2024
 ms.subservice: onboard
 search.appverid: met150
 ---
@@ -21,42 +21,30 @@ search.appverid: met150
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
-**Applies to:**
-
-- [Microsoft Defender for Endpoint Plan 1](microsoft-defender-endpoint.md)
-- [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md)
-- [Microsoft Defender XDR](/defender-xdr)
-- Microsoft Configuration Manager current branch
-- System Center 2012 R2 Configuration Manager
-
 > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-configureendpointssccm-abovefoldlink)
 
-## Prerequisites
-- [Endpoint Protection point site system role](/mem/configmgr/protect/deploy-use/endpoint-protection-site-role)
-
-> [!IMPORTANT]
-> The Endpoint Protection point site system role is required so that antivirus and attack surface reduction policies are properly deployed to the targeted endpoints.  Without this role, the endpoints in the device collection won't receive the configured antivirus and attack surface reduction policies.
-
 You can use Configuration Manager to onboard endpoints to the Microsoft Defender for Endpoint service. 
 
 There are several options you can use to onboard devices using Configuration Manager:
+
 - [Onboard devices using System Center Configuration Manager](/mem/configmgr/protect/deploy-use/defender-advanced-threat-protection)
 - [Tenant attach](/mem/configmgr/tenant-attach/endpoint-security-get-started)
 
-
 > [!NOTE]
 > Defender for Endpoint doesn't support onboarding during the [Out-Of-Box Experience (OOBE)](/windows-hardware/test/assessments/out-of-box-experience) phase. Make sure users complete OOBE after running Windows installation or upgrading.
->
-> Note that it's possible to create a detection rule on a Configuration Manager application to continuously check if a device has been onboarded. An application is a different type of object than a package and program.
-> If a device is not yet onboarded (due to pending OOBE completion or any other reason), Configuration Manager will retry to onboard the device until the rule detects the status change.
->
-> This behavior can be accomplished by creating a detection rule checking if the "OnboardingState" registry value (of type REG_DWORD) = 1.
-> This registry value is located under "HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection\Status".
-For more information, see [Configure Detection Methods in System Center 2012 R2 Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682159\(v=technet.10\)#step-4-configure-detection-methods-to-indicate-the-presence-of-the-deployment-type).
 
-### Configure sample collection settings
+You can create a detection rule on a Configuration Manager application to continuously check if a device has been onboarded. An application is a different type of object than a package and program. If a device is not yet onboarded (due to pending OOBE completion or any other reason), Configuration Manager reattempts to onboard the device until the rule detects the status change. For more information, see [Configure Detection Methods in System Center 2012 R2 Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682159\(v=technet.10\)#step-4-configure-detection-methods-to-indicate-the-presence-of-the-deployment-type).
+
+
+## Prerequisites
+
+- See [Minimum requirements for Microsoft Defender for Endpoint](minimum-requirements.md).
+
+- [Endpoint Protection point site system role](/mem/configmgr/protect/deploy-use/endpoint-protection-site-role). This role is required so that antivirus and attack surface reduction policies are properly deployed to the targeted endpoints. Without this role, endpoints in the device collection won't receive the configured antivirus and attack surface reduction policies.
+
+## Configure sample collection settings
 
-For each device, you can set a configuration value to state whether samples can be collected from the device when a request is made through Microsoft Defender XDR to submit a file for deep analysis.
+For each device, you can set a configuration value to state whether samples can be collected from the device when a request is made through the Microsoft Defender portal to submit a file for deep analysis.
 
 > [!NOTE]
 > These configuration settings are typically done through Configuration Manager.
@@ -67,7 +55,7 @@ This rule should be a *remediating* compliance rule configuration item that sets
 
 The configuration is set through the following registry key entry:
 
-```text
+```console
 Path: "HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection"
 Name: "AllowSampleCollection"
 Value: 0 or 1
@@ -82,9 +70,7 @@ The default value in case the registry key doesn't exist is 1.
 
 For more information about System Center Configuration Manager Compliance, see [Introduction to compliance settings in System Center 2012 R2 Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682139\(v=technet.10\)).
 
-### Onboard Windows devices using Microsoft Configuration Manager
-
-### Collection creation
+## Create a collection
 
 To onboard Windows devices with Microsoft Configuration Manager, the deployment can target an existing collection or a new collection can be created for testing.
 
@@ -98,117 +84,106 @@ Follow these steps to onboard endpoints using Microsoft Configuration Manager:
 
 1. In the Microsoft Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Device Collections**.
 
-    :::image type="content" source="media/configmgr-device-collections.png" alt-text="Screenshot of the Microsoft Configuration Manager wizard1." lightbox="media/configmgr-device-collections.png":::
+    :::image type="content" source="media/configmgr-device-collections.png" alt-text="Screenshot of the Microsoft Configuration Manager wizard1.":::
 
 2. Select and hold (or right-click) **Device Collection** and select **Create Device Collection**.
 
-    :::image type="content" source="media/configmgr-create-device-collection.png" alt-text="Screenshot of the Microsoft Configuration Manager wizard2." lightbox="media/configmgr-create-device-collection.png":::
+    :::image type="content" source="media/configmgr-create-device-collection.png" alt-text="Screenshot of the Microsoft Configuration Manager wizard2.":::
 
 3. Provide a **Name** and **Limiting Collection**, then select **Next**.
 
-    :::image type="content" source="media/configmgr-limiting-collection.png" alt-text="Screenshot of the Microsoft Configuration Manager wizard3." lightbox="media/configmgr-limiting-collection.png":::
+    :::image type="content" source="media/configmgr-limiting-collection.png" alt-text="Screenshot of the Microsoft Configuration Manager wizard3.":::
 
 4. Select **Add Rule** and choose **Query Rule**.
 
-    :::image type="content" source="media/configmgr-query-rule.png" alt-text="Screenshot of the Microsoft Configuration Manager wizard4." lightbox="media/configmgr-query-rule.png":::
+    :::image type="content" source="media/configmgr-query-rule.png" alt-text="Screenshot of the Microsoft Configuration Manager wizard4." :::
 
 5. Select **Next** on the **Direct Membership Wizard** and then select **Edit Query Statement**.
 
-    :::image type="content" source="media/configmgr-direct-membership.png" alt-text="Screenshot of the Microsoft Configuration Manager wizard5." lightbox="media/configmgr-direct-membership.png":::
+    :::image type="content" source="media/configmgr-direct-membership.png" alt-text="Screenshot of the Microsoft Configuration Manager wizard5.":::
 
 6. Select **Criteria** and then choose the star icon.
 
-    :::image type="content" source="media/configmgr-criteria.png" alt-text="Screenshot of the Microsoft Configuration Manager wizard6." lightbox="media/configmgr-criteria.png":::
+    :::image type="content" source="media/configmgr-criteria.png" alt-text="Screenshot of the Microsoft Configuration Manager wizard6.":::
 
 7. Keep criterion type as **simple value**, choose whereas **Operating System - build number**, operator as **is greater than or equal to** and value **14393**, and select **OK**.
 
-    :::image type="content" source="media/configmgr-simple-value.png" alt-text="Screenshot of the Microsoft Configuration Manager wizard7." lightbox="media/configmgr-simple-value.png":::
+    :::image type="content" source="media/configmgr-simple-value.png" alt-text="Screenshot of the Microsoft Configuration Manager wizard7.":::
 
 8. Select **Next** and **Close**.
 
-    :::image type="content" source="media/configmgr-membership-rules.png" alt-text="Screenshot of the Microsoft Configuration Manager wizard8." lightbox="media/configmgr-membership-rules.png":::
+    :::image type="content" source="media/configmgr-membership-rules.png" alt-text="Screenshot of the Microsoft Configuration Manager wizard8.":::
 
 9. Select **Next**.
 
-    :::image type="content" source="media/configmgr-confirm.png" alt-text="Screenshot of the Microsoft Configuration Manager wizard9." lightbox="media/configmgr-confirm.png":::
+    :::image type="content" source="media/configmgr-confirm.png" alt-text="Screenshot of the Microsoft Configuration Manager wizard9.":::
 
 After completing this task you have a device collection with all the Windows endpoints in the environment.
 
-## Other recommended configuration settings
-
-After onboarding devices to the service, it's important to take advantage of the included threat protection capabilities by enabling them with the following recommended configuration settings.
-
-### Device collection configuration
-
-If you're using Configuration Manager, version 2002 or later, you can choose to broaden the deployment to include servers or down-level clients.
-
-### Next generation protection configuration
-
-The following configuration settings are recommended:
-
-#### Scan
+## Configure next generation protection
 
-- Scan removable storage devices such as USB drives: Yes
+The configuration settings listed in the following table are recommended:
 
-#### Real-time Protection
+| Setting | Description |
+|--|--|
+| Scan | Scan removable storage devices such as USB drives: Yes |
+| Real-time Protection | Enable Behavioral Monitoring: Yes <br/><br/>Enable protection against Potentially Unwanted Applications at download and prior to installation: Yes |
+| Cloud Protection Service | Cloud Protection Service membership type: Advanced membership |
+| Attack surface reduction | Configure all available rules to Audit. <br/><br/>Blocking these activities may interrupt legitimate business processes. The best approach is setting everything to audit, identifying which ones are safe to turn on, and then enabling those settings on endpoints which do not have false positive detections. |
 
-- Enable Behavioral Monitoring: Yes
-- Enable protection against Potentially Unwanted Applications at download and prior to installation: Yes
+To deploy Microsoft Defender Antivirus and attack surface reduction policies through Microsoft Configuration Manager (SCCM) follow the steps:
 
-#### Cloud Protection Service
+- Enable Endpoint Protection and configure custom client settings.
+- Install the Endpoint Protection client from a command prompt.
+- Verify the Endpoint Protection client installation.
 
-- Cloud Protection Service membership type: Advanced membership
+### Enable Endpoint Protection and configure custom client settings
 
-#### Attack surface reduction
+Follow the steps to enable endpoint protection and configuration of custom client settings:
 
-Configure all available rules to Audit.
+1. In the Configuration Manager console, click **Administration**.
 
-> [!NOTE]
-> Blocking these activities may interrupt legitimate business processes. The best approach is setting everything to audit, identifying which ones are safe to turn on, and then enabling those settings on endpoints which do not have false positive detections.
+1. In the **Administration** workspace, click **Client Settings**.
 
-For deploying Microsoft Defender Antivirus and attack surface reduction policies through Microsoft Configuration Manager (SCCM) follow the steps:
+1. On the **Home** tab, in the **Create** group, click **Create Custom Client Device Settings**.
 
-- Enable Endpoint Protection and configure custom client settings.
-- Install the Endpoint Protection client from a command prompt.
-- Verify the Endpoint Protection client installation.
+1. In the **Create Custom Client Device Settings** dialog box, provide a name and a description for the group of settings, and then select **Endpoint Protection**.
 
-##### Enable Endpoint Protection and configure custom client settings
-Follow the steps to enable endpoint protection and configuration of custom client settings:
-
-1. In the Configuration Manager console, click **Administration.**
-1. In the **Administration** workspace, click **Client Settings.**
-1. On the **Home** tab, in the **Create** group, click **Create Custom Client Device Settings.**
-1. In the **Create Custom Client Device Settings** dialog box, provide a name and a description for the group of settings, and then select **Endpoint Protection.**
 1. Configure the Endpoint Protection client settings that you require. For a full list of Endpoint Protection client settings that you can configure, see the Endpoint Protection section in [About client settings.](/mem/configmgr/core/clients/deploy/about-client-settings#endpoint-protection)
 
     > [!IMPORTANT]
     > Install the Endpoint Protection site system role before you configure client settings for Endpoint Protection.
 
+
 1. Click **OK** to close the **Create Custom Client Device Settings** dialog box. The new client settings are displayed in the **Client Settings** node of the **Administration** workspace.
-1. Next, deploy the custom client settings to a collection. Select the custom client settings you want to deploy. In the **Home** tab, in the **Client Settings** group, click **Deploy.**
-1. In the **Select Collection** dialog box, choose the collection to which you want to deploy the client settings and then click **OK.** The new deployment is shown in the **Deployments** tab of the details pane.
+
+1. Next, deploy the custom client settings to a collection. Select the custom client settings you want to deploy. In the **Home** tab, in the **Client Settings** group, click **Deploy**.
+
+1. In the **Select Collection** dialog box, choose the collection to which you want to deploy the client settings and then click **OK**.The new deployment is shown in the **Deployments** tab of the details pane.
 
 Clients are configured with these settings when they next download client policy. For more information, see [Initiate policy retrieval for a Configuration Manager client.](/mem/configmgr/core/clients/manage/manage-clients)
 
 > [!NOTE]
 > For Windows Server 2012 R2 and Windows Server 2016 managed by Configuration Manager 2207 and later versions, onboard using the [Microsoft Defender for Endpoint (MDE) Client (recommended)](/mem/configmgr/protect/deploy-use/defender-advanced-threat-protection#bkmk_2207) setting. Alternatively, you can use older versions of Configuration Manager to perform a migration. For more information, see [Migrating servers from Microsoft Monitoring Agent to the unified solution](application-deployment-via-mecm.md).
      
+### Install the Endpoint Protection client using Command Prompt
 
-##### Installation of Endpoint Protection client from a command prompt
 Follow the steps to complete installation of endpoint protection client from the command prompt.
 
 1. Copy **scepinstall.exe** from the **Client** folder of the Configuration Manager installation folder to the computer on which you want to install the Endpoint Protection client software.
-1. Open a command prompt as an administrator. Change directory to the folder with the installer. Then run ```scepinstall.exe```, adding any extra command-line properties that you require:
 
-     |**Property**  |**Description**  |
+1. Open Command Prompt as an administrator. Change directory to the folder with the installer. Then run `scepinstall.exe`, adding any extra command-line properties that you require:
+
+     |  Property  |  Description  |
      |---------|---------|
-     |```/s```      |Run the installer silently|
-     |```/q```      |Extract the setup files silently|
-     |```/i```      |Run the installer normally|
-     |```/policy``` |Specify an antimalware policy file to configure the client during installation|
-     |```/sqmoptin```|Opt-in to the Microsoft Customer Experience Improvement Program (CEIP)|
+     |  `/s`        |Run the installer silently|
+     |  `/q`        |Extract the setup files silently|
+     |  `/i`        |Run the installer normally|
+     |  `/policy`   |Specify an antimalware policy file to configure the client during installation|
+     |  `/sqmoptin` |Opt-in to the Microsoft Customer Experience Improvement Program (CEIP)|
 
 1. Follow the on-screen instructions to complete the client installation.
+
 1. If you downloaded the latest update definition package, copy the package to the client computer, and then double-click the definition package to install it.
 
      > [!NOTE]
@@ -216,23 +191,27 @@ Follow the steps to complete installation of endpoint protection client from the
 
 **Example: install the client with an antimalware policy**
 
-```scepinstall.exe /policy <full path>\<policy file>```
+`scepinstall.exe /policy <full path>\<policy file>`
+
 
-##### Verify the Endpoint Protection client installation
+### Verify the Endpoint Protection client installation
 
 After you install the Endpoint Protection client on your reference computer, verify that the client is working correctly.
 
 1. On the reference computer, open **System Center Endpoint Protection** from the Windows notification area.
-1. On the **Home** tab of the **System Center Endpoint Protection** dialog box, verify that **Real-time protection** is set to **On.**
-1. Verify that **up to date** is displayed for **Virus and spyware definitions.**
+
+1. On the **Home** tab of the **System Center Endpoint Protection** dialog box, verify that **Real-time protection** is set to **On**.
+
+1. Verify that **up to date** is displayed for **Virus and spyware definitions**.
+
 1. To make sure that your reference computer is ready for imaging, under **Scan options,** select **Full,** and then click **Scan now.**
 
 
-#### Network protection
+## Configure network protection
 
 Prior to enabling network protection in audit or block mode, ensure that you've installed the antimalware platform update, which can be obtained from the [support page](https://support.microsoft.com/help/4560203/windows-defender-anti-malware-platform-binaries-are-missing).
 
-#### Controlled folder access
+## Configure controlled folder access
 
 Enable the feature in audit mode for at least 30 days. After this period, review detections and create a list of applications that are allowed to write to protected directories.
 
@@ -292,7 +271,7 @@ If you're using System Center 2012 R2 Configuration Manager, monitoring consists
 
     If there are failed deployments (devices with **Error**, **Requirements Not Met**, or **Failed statuses**), you may need to  troubleshoot the devices. For more information, see, [Troubleshoot Microsoft Defender for Endpoint onboarding issues](troubleshoot-onboarding.md).
 
-    :::image type="content" source="media/sccm-deployment.png" alt-text="The Configuration Manager showing successful deployment with no errors" lightbox="media/sccm-deployment.png":::
+    :::image type="content" source="media/sccm-deployment.png" alt-text="The Configuration Manager showing successful deployment with no errors":::
 
 ### Check that the devices are compliant with the Microsoft Defender for Endpoint service
 
@@ -310,11 +289,9 @@ Value: "1"
 
 For more information, see [Introduction to compliance settings in System Center 2012 R2 Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682139\(v=technet.10\)).
 
-## Related topics
-- [Onboard Windows devices using Group Policy](configure-endpoints-gp.md)
-- [Onboard Windows devices using Mobile Device Management tools](configure-endpoints-mdm.md)
-- [Onboard Windows devices using a local script](configure-endpoints-script.md)
-- [Onboard non-persistent virtual desktop infrastructure (VDI) devices](configure-endpoints-vdi.md)
-- [Run a detection test on a newly onboarded Microsoft Defender for Endpoint device](run-detection-test.md)
-- [Troubleshoot Microsoft Defender for Endpoint onboarding issues](troubleshoot-onboarding.md)
+## Related articles
+
+- [Onboard servers to Microsoft Defender for Endpoint](onboard-server.md)
+- [Onboard Windows and Mac client devices to Microsoft Defender for Endpoint](onboard-client.md)
+
 [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]
diff --git a/defender-endpoint/configure-server-endpoints.md b/defender-endpoint/configure-server-endpoints.md
index 30a33899c7..e98449396d 100644
--- a/defender-endpoint/configure-server-endpoints.md
+++ b/defender-endpoint/configure-server-endpoints.md
@@ -7,7 +7,7 @@ author: denisebmsft
 ms.author: deniseb
 ms.reviewer: pahuijbr
 ms.localizationpriority: medium
-ms.date: 05/20/2024
+ms.date: 12/13/2024
 manager: deniseb
 audience: ITPro
 ms.collection: 
@@ -23,12 +23,8 @@ ms.subservice: onboard
 
 **Applies to:**
 
-- Windows Server 2016 and Windows Server 2012 R2
-- Windows Server Semi-Annual Enterprise Channel
-- Windows Server 2019 and later
-- Windows Server 2019 core edition
-- Windows Server 2022
-- [Microsoft Defender for Endpoint](microsoft-defender-endpoint.md)
+- Microsoft Defender for Endpoint Server
+- [Microsoft Defender for Servers](/azure/defender-for-cloud/integration-defender-for-endpoint)
 
 > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-configserver-abovefoldlink)
 
@@ -44,7 +40,7 @@ For guidance on how to download and use Windows Security Baselines for Windows s
 
 You'll need to complete the following general steps to successfully onboard servers.
 
-:::image type="content" source="media/server-onboarding-tools-methods.png" alt-text="An illustration of onboarding flow for Windows Servers and Windows 10 devices" lightbox="media/server-onboarding-tools-methods.png":::
+:::image type="content" source="media/server-onboarding-tools-methods.png" alt-text="An illustration of onboarding flow for Windows Servers and Windows 10 devices.":::
 
 > [!NOTE]
 > Windows Hyper-V Server editions are not supported.
@@ -56,7 +52,7 @@ Microsoft Defender for Endpoint integrates seamlessly with Microsoft Defender fo
 > [!NOTE]
 > For Windows Server 2016 and Windows Server 2012 R2, you can either manually install/upgrade the modern, unified solution on these machines, or use the integration to automatically deploy or upgrade servers covered by your respective Microsoft Defender for Server plan. More information about making the switch at [Protect your endpoints with Defender for Cloud's integrated EDR solution: Microsoft Defender for Endpoint](/azure/defender-for-cloud/integration-defender-for-endpoint?tabs=windows#enable-the-integration).
 > 
-- When you use Microsoft Defender for Cloud to monitor servers, a Defender for Endpoint tenant is automatically created (in the US for US users, in the EU for European users, and in the UK for UK users). Data collected by Defender for Endpoint is stored in the geo-location of the tenant as identified during provisioning.
+> - When you use Microsoft Defender for Cloud to monitor servers, a Defender for Endpoint tenant is automatically created (in the US for US users, in the EU for European users, and in the UK for UK users). Data collected by Defender for Endpoint is stored in the geo-location of the tenant as identified during provisioning.
 > 
 > - If you use Defender for Endpoint before using Microsoft Defender for Cloud, your data is stored in the location you specified when you created your tenant even if you integrate with Microsoft Defender for Cloud at a later time.
 > - Once configured, you cannot change the location where your data is stored. If you need to move your data to another location, you need to contact Microsoft Support to reset the tenant.
@@ -235,7 +231,7 @@ This script can be used in various scenarios, including those scenarios describe
 8. Go to the **Actions** tab and select **New...** Ensure that **Start a program** is selected in the **Action** field. The [installer script](server-migration.md#installer-script) handles the installation, and immediately perform the onboarding step after installation completes. Select *C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe* then provide the arguments:
 
     ```powershell
-     -ExecutionPolicy RemoteSigned \\servername-or-dfs-space\share-name\install.ps1 -OnboardingScript \\servername-or-dfs-space\share-name\windowsdefenderatponboardingscript.cmd
+    -ExecutionPolicy RemoteSigned \\servername-or-dfs-space\share-name\install.ps1 -OnboardingScript \\servername-or-dfs-space\share-name\windowsdefenderatponboardingscript.cmd
     ```
 
     > [!NOTE]
@@ -261,7 +257,7 @@ The following steps are only applicable if you're using a third-party anti-malwa
     - Type: `REG_DWORD`
     - Value: `1`
 
-   :::image type="content" source="media/atp-verify-passive-mode.png" alt-text="The passive mode verification result" lightbox="media/atp-verify-passive-mode.png":::
+   :::image type="content" source="media/atp-verify-passive-mode.png" alt-text="Screenshot of the passive mode verification result.":::
 
 #### Known issues and limitations in the new, unified solution package for Windows Server 2016 and Windows Server 2012 R2
 
diff --git a/defender-endpoint/deployment-strategy.md b/defender-endpoint/deployment-strategy.md
index de6e82bfd1..739099861f 100644
--- a/defender-endpoint/deployment-strategy.md
+++ b/defender-endpoint/deployment-strategy.md
@@ -13,7 +13,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: onboard
 search.appverid: met150
-ms.date: 04/03/2024
+ms.date: 12/12/2024
 ---
 
 # Identify Defender for Endpoint architecture and deployment method
@@ -30,7 +30,7 @@ If you're already completed the steps to set up your Microsoft Defender for Endp
 
 We understand that every enterprise environment is unique, so we've provided several options to give you the flexibility in choosing how to deploy the service. Deciding how to onboard endpoints to the Defender for Endpoint service comes down to two important steps:
 
-:::image type="content" source="/defender/media/defender-endpoint/onboarding-architecture-2.png" alt-text="The deployment flow" lightbox="/defender/media/defender-endpoint/onboarding-architecture-2.png":::
+:::image type="content" source="/defender/media/defender-endpoint/onboarding-architecture-2.png" alt-text="The deployment flow":::
 
 ## Step 1: Identify your architecture
 
@@ -49,17 +49,18 @@ Once you have determined the architecture of your environment and have created a
 
 |Endpoint|Deployment tool|
 |---|---|
-|**Windows**|[Local script (up to 10 devices)](configure-endpoints-script.md) <br>  [Group Policy](configure-endpoints-gp.md) <br>  [Microsoft Intune/ Mobile Device Manager](configure-endpoints-mdm.md) <br>   [Microsoft Configuration Manager](configure-endpoints-sccm.md) <br> [VDI scripts](configure-endpoints-vdi.md)|
-|**Windows servers<br>Linux servers** | [Integration with Microsoft Defender for Cloud](azure-server-integration.md)
-|**macOS**|[Local script](mac-install-manually.md) <br> [Microsoft Intune](mac-install-with-intune.md) <br> [JAMF Pro](mac-install-with-jamf.md) <br> [Mobile Device Management](mac-install-with-other-mdm.md)|
-|**Linux servers**|[Local script](linux-install-manually.md) <br> [Puppet](linux-install-with-puppet.md) <br> [Ansible](linux-install-with-ansible.md) <br> [Chef](linux-deploy-defender-for-endpoint-with-chef.md)<br> [Saltstack](linux-install-with-saltack.md)|
+|**Windows**|[Local script (up to 10 devices)](configure-endpoints-script.md) <br/>  [Group Policy](configure-endpoints-gp.md) <br/>  [Microsoft Intune/ Mobile Device Manager](configure-endpoints-mdm.md) <br/>   [Microsoft Configuration Manager](configure-endpoints-sccm.md) <br/> [VDI scripts](configure-endpoints-vdi.md)|
+|**Windows servers<br/>Linux servers** <br/>(Requires a server license) | [Onboard Windows devices using a local script](configure-endpoints-script.md)<br/>[Integration with Microsoft Defender for Cloud](azure-server-integration.md) |
+|**macOS**|[Local script](mac-install-manually.md) <br/> [Microsoft Intune](mac-install-with-intune.md) <br/> [JAMF Pro](mac-install-with-jamf.md) <br/> [Mobile Device Management](mac-install-with-other-mdm.md)|
+|**Linux servers**|[Local script](linux-install-manually.md) <br/> [Puppet](linux-install-with-puppet.md) <br/> [Ansible](linux-install-with-ansible.md) <br/> [Chef](linux-deploy-defender-for-endpoint-with-chef.md)<br/> [Saltstack](linux-install-with-saltack.md)<br/>[Defender for Endpoint on Linux for ARM64-based devices (preview)](mde-linux-arm.md)|
 |**Android**|[Microsoft Intune](android-intune.md)|
-|**iOS**|[Microsoft Intune](ios-install.md) <br> [Mobile Application Manager](ios-install-unmanaged.md) |
+|**iOS**|[Microsoft Intune](ios-install.md) <br/> [Mobile Application Manager](ios-install-unmanaged.md) |
 
->[!Note]
+> [!NOTE]
 > For devices that aren't managed by Microsoft Intune or Microsoft Configuration Manager, you can use the Security Management for Microsoft Defender for Endpoint to receive security configurations for Microsoft Defender directly from Intune.
 
 ## Next step
 
 After choosing your Defender for Endpoint architecture and deployment method continue to [Step 4 - Onboard devices](onboarding.md).
+
 [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]
diff --git a/defender-endpoint/linux-deploy-defender-for-endpoint-with-chef.md b/defender-endpoint/linux-deploy-defender-for-endpoint-with-chef.md
index 2b0f43b9f1..ffa1a13d7f 100644
--- a/defender-endpoint/linux-deploy-defender-for-endpoint-with-chef.md
+++ b/defender-endpoint/linux-deploy-defender-for-endpoint-with-chef.md
@@ -22,6 +22,11 @@ ms.date: 10/11/2024
 
 [!INCLUDE [Microsoft Defender for Endpoint third-party tool support](../includes/support.md)]
 
+**Applies to**:
+
+- Microsoft Defender for Endpoint Server
+- [Microsoft Defender for Servers](/azure/defender-for-cloud/integration-defender-for-endpoint)
+
 Before you begin: Install unzip if it's not already installed.
 
 The Chef components are already installed and a Chef repository exists (chef generate repo \<reponame\>) to store the cookbook that's used to deploy to Defender for Endpoint on Chef managed Linux servers.
diff --git a/defender-endpoint/linux-exclusions.md b/defender-endpoint/linux-exclusions.md
index 2e34d7f5a2..28bdc5a470 100644
--- a/defender-endpoint/linux-exclusions.md
+++ b/defender-endpoint/linux-exclusions.md
@@ -22,6 +22,11 @@ ms.date: 10/14/2024
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
+**Applies to**:
+
+- Microsoft Defender for Endpoint Server
+- [Microsoft Defender for Servers](/azure/defender-for-cloud/integration-defender-for-endpoint)
+
 > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-investigateip-abovefoldlink)
 
 This article provides information on how to define antivirus and global exclusions for Microsoft Defender for Endpoint. Antivirus exclusions apply to on-demand scans, real-time protection (RTP), and behavior monitoring (BM). Global exclusions apply to real-time protection (RTP), behavior monitoring (BM), and endpoint detection and response (EDR), thus stopping all the associated antivirus detections, EDR alerts, and visibility for the excluded item.
@@ -76,13 +81,14 @@ Wildcard|Description|Examples|
 ?|Matches any single character|`file?.log` includes `file1.log` and `file2.log`, but not`file123.log`
 
 > [!NOTE]
-For antivirus exclusions, when using the * wildcard at the end of the path, it will match all files and subdirectories under the parent of the wildcard.
+> For antivirus exclusions, when using the * wildcard at the end of the path, it will match all files and subdirectories under the parent of the wildcard.
 
 ## How to configure the list of exclusions
 
 ### Using the management console
 
 To configure exclusions from Puppet, Ansible, or another management console, please refer to the following sample `mdatp_managed.json`.
+
 ```JSON
 {
    "exclusionSettings":{
@@ -161,7 +167,7 @@ Examples:
     mdatp exclusion extension remove --name .txt
     ```
 
-    ```Output
+    ```console
     Extension exclusion removed successfully
     ```
 
@@ -198,6 +204,7 @@ Examples:
     ```console
     File exclusion removed successfully"
     ```
+
 - Add/Remove an exclusion for a folder:
 
     ```bash
@@ -216,7 +223,7 @@ Examples:
     Folder exclusion removed successfully
     ```
 
-  ```bash
+    ```bash
     mdatp exclusion folder add --path /var/log/ --scope global
     ```
 
@@ -259,6 +266,7 @@ Examples:
     mdatp exclusion folder add --path "/var/" --scope epp
     ```
     OR
+
     ```bash
     mdatp exclusion folder add --path "/var/*/" --scope epp
     ```
@@ -284,7 +292,7 @@ Examples:
     mdatp exclusion process remove --name /usr/bin/cat  --scope global
     ```
 
-    ```Output
+    ```console
     Process exclusion removed successfully
     ```
 
@@ -301,7 +309,7 @@ Examples:
     mdatp exclusion process remove --name /usr/bin/cat  --scope epp
     ```
 
-    ```Output
+    ```console
     Process exclusion removed successfully
     ```
 
@@ -357,4 +365,5 @@ For example, to add `EICAR-Test-File (not a virus)` (the threat name associated
 ```bash
 mdatp threat allowed add --name "EICAR-Test-File (not a virus)"
 ```
+
 [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]
diff --git a/defender-endpoint/linux-install-manually.md b/defender-endpoint/linux-install-manually.md
index 137c372b87..e7c31f014c 100644
--- a/defender-endpoint/linux-install-manually.md
+++ b/defender-endpoint/linux-install-manually.md
@@ -22,6 +22,11 @@ ms.date: 12/02/2024
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
+**Applies to**:
+
+- Microsoft Defender for Endpoint Server
+- [Microsoft Defender for Servers](/azure/defender-for-cloud/integration-defender-for-endpoint)
+
 > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-investigateip-abovefoldlink)
 
 > [!TIP]
@@ -223,14 +228,16 @@ Read more [here](https://github.com/microsoft/mdatp-xplat/tree/master/linux/inst
 - Install the Microsoft GPG public key:
   - For Debian 11 and earlier, run the following command.
  
-  ```bash
-  curl -sSL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/microsoft.gpg > /dev/null
-  ```
-For Debian 12 and later, run the following command.
+    ```bash
+    curl -sSL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/microsoft.gpg > /dev/null
+    ```
+
+  - For Debian 12 and later, run the following command.
+
+    ```bash
+    curl -sSL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor | sudo tee /usr/share/keyrings/microsoft-prod.gpg > /dev/null
+    ```
 
-```bash
-curl -sSL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor | sudo tee /usr/share/keyrings/microsoft-prod.gpg > /dev/null
-```
 - Install the HTTPS driver if not already installed:
 
   ```bash
@@ -374,7 +381,7 @@ Download the onboarding package from Microsoft Defender portal.
 2. In the first drop-down menu, select **Linux Server** as the operating system. In the second drop-down menu, select **Local Script** as the deployment method.
 3. Select **Download onboarding package**. Save the file as WindowsDefenderATPOnboardingPackage.zip.
 
-   :::image type="content" source="media/portal-onboarding-linux.png" alt-text="Downloading an onboarding package in the Microsoft Defender portal" lightbox="media/portal-onboarding-linux.png":::
+   :::image type="content" source="media/portal-onboarding-linux.png" alt-text="Downloading an onboarding package in the Microsoft Defender portal":::
 
 4. From a command prompt, verify that you have the file, and extract the contents of the archive:
 
@@ -483,7 +490,7 @@ Download the onboarding package from Microsoft Defender portal.
      
 1. Run an EDR detection test and simulate a detection to verify that the device is properly onboarded and reporting to the service. Perform the following steps on the newly onboarded device:
 
-- Verify that the onboarded Linux server appears in Microsoft Defender XDR. If this is the first onboarding of the machine, it can take up to 20 minutes until it appears.
+   - Verify that the onboarded Linux server appears in Microsoft Defender XDR. If this is the first onboarding of the machine, it can take up to 20 minutes until it appears.
 
    - Download and extract the [script file](https://aka.ms/MDE-Linux-EDR-DIY) to an onboarded Linux server and run the following command: `./mde_linux_edr_diy.sh`
 
diff --git a/defender-endpoint/linux-install-with-ansible.md b/defender-endpoint/linux-install-with-ansible.md
index 724858c37d..2d830cc921 100644
--- a/defender-endpoint/linux-install-with-ansible.md
+++ b/defender-endpoint/linux-install-with-ansible.md
@@ -22,6 +22,11 @@ ms.date: 10/11/2024
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
+**Applies to**:
+
+- Microsoft Defender for Endpoint Server
+- [Microsoft Defender for Servers](/azure/defender-for-cloud/integration-defender-for-endpoint)
+
 > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-investigateip-abovefoldlink)
 
 This article describes how to deploy Defender for Endpoint on Linux using Ansible. A successful deployment requires the completion of all of the following tasks:
@@ -70,21 +75,21 @@ Download the onboarding package from Microsoft Defender portal.
 2. In the first drop-down menu, select **Linux Server** as the operating system. In the second drop-down menu, select **Your preferred Linux configuration management tool** as the deployment method.
 3. Select **Download onboarding package**. Save the file as WindowsDefenderATPOnboardingPackage.zip.
 
-   :::image type="content" source="media/portal-onboarding-linux-2.png" alt-text="The Download onboarding package option" lightbox="media/portal-onboarding-linux-2.png":::
+   :::image type="content" source="media/portal-onboarding-linux-2.png" alt-text="The Download onboarding package option":::
 
 4. From a command prompt, verify that you have the file. Extract the contents of the archive:
 
     ```bash
     ls -l
     ```
-    ```Output
+    ```console
     total 8
     -rw-r--r-- 1 test  staff  4984 Feb 18 11:22 WindowsDefenderATPOnboardingPackage.zip
     ```
     ```bash
     unzip WindowsDefenderATPOnboardingPackage.zip
     ```
-    ```Output
+    ```console
     Archive:  WindowsDefenderATPOnboardingPackage.zip
     inflating: mdatp_onboard.json
     ```
@@ -250,27 +255,27 @@ Now run the tasks files under `/etc/ansible/playbooks/` or relevant directory.
 
 - Installation:
 
-    ```bash
-    ansible-playbook /etc/ansible/playbooks/install_mdatp.yml -i /etc/ansible/hosts
-    ```
+  ```bash
+  ansible-playbook /etc/ansible/playbooks/install_mdatp.yml -i /etc/ansible/hosts
+  ```
 
-> [!IMPORTANT]
-> When the product starts for the first time, it downloads the latest antimalware definitions. Depending on your Internet connection, this can take up to a few minutes.
+  > [!IMPORTANT]
+  > When the product starts for the first time, it downloads the latest antimalware definitions. Depending on your Internet connection, this can take up to a few minutes.
 
 - Validation/configuration:
 
-    ```bash
-    ansible -m shell -a 'mdatp connectivity test' all
-    ```
-    ```bash
-    ansible -m shell -a 'mdatp health' all
-    ```
+  ```bash
+  ansible -m shell -a 'mdatp connectivity test' all
+  ```
+  ```bash
+  ansible -m shell -a 'mdatp health' all
+  ```
 
 - Uninstallation:
 
-    ```bash
-    ansible-playbook /etc/ansible/playbooks/uninstall_mdatp.yml -i /etc/ansible/hosts
-    ```
+  ```bash
+  ansible-playbook /etc/ansible/playbooks/uninstall_mdatp.yml -i /etc/ansible/hosts
+  ```
 
 ## Log installation issues
 
diff --git a/defender-endpoint/linux-install-with-puppet.md b/defender-endpoint/linux-install-with-puppet.md
index ab9abc21a8..5b49b26296 100644
--- a/defender-endpoint/linux-install-with-puppet.md
+++ b/defender-endpoint/linux-install-with-puppet.md
@@ -22,6 +22,11 @@ ms.date: 10/11/2024
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
+**Applies to**:
+
+- Microsoft Defender for Endpoint Server
+- [Microsoft Defender for Servers](/azure/defender-for-cloud/integration-defender-for-endpoint)
+
 > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-investigateip-abovefoldlink)
 
 This article describes how to deploy Defender for Endpoint on Linux using Puppet. A successful deployment requires the completion of all of the following tasks:
@@ -52,7 +57,7 @@ Download the onboarding package from Microsoft Defender portal.
 
 3. Select **Download onboarding package**. Save the file as `WindowsDefenderATPOnboardingPackage.zip`.
 
-   :::image type="content" source="media/portal-onboarding-linux-2.png" alt-text="The option to download the onboarded package" lightbox="media/portal-onboarding-linux-2.png":::
+   :::image type="content" source="media/portal-onboarding-linux-2.png" alt-text="The option to download the onboarded package.":::
 
 4. From a command prompt, verify that you have the file. 
 
@@ -60,7 +65,7 @@ Download the onboarding package from Microsoft Defender portal.
     ls -l
     ```
 
-    ```Output
+    ```console
     total 8
     -rw-r--r-- 1 test  staff  4984 Feb 18 11:22 WindowsDefenderATPOnboardingPackage.zip
     ```
@@ -71,7 +76,7 @@ Download the onboarding package from Microsoft Defender portal.
     unzip WindowsDefenderATPOnboardingPackage.zip
     ```
 
-    ```Output
+    ```console
     Archive:  WindowsDefenderATPOnboardingPackage.zip
     inflating: mdatp_onboard.json
     ```
@@ -90,7 +95,7 @@ You need to create a Puppet manifest for deploying Defender for Endpoint on Linu
    pwd
    ```
    
-   ```Output
+   ```console
    /etc/puppetlabs/code/environments/production/modules
    ```
    
@@ -98,7 +103,7 @@ You need to create a Puppet manifest for deploying Defender for Endpoint on Linu
    tree install_mdatp
    ```
    
-   ```Output
+   ```console
    install_mdatp
    ├── files
    │   └── mdatp_onboard.json
@@ -205,7 +210,7 @@ Include the above manifest in your `site.pp` file:
 cat /etc/puppetlabs/code/environments/production/manifests/site.pp
 ```
 
-```Output
+```console
 node "default" {
     include install_mdatp
 }
@@ -221,7 +226,7 @@ On the agent device, you can also check the onboarding status by running:
 mdatp health
 ```
 
-```Output
+```console
 ...
 licensed                                : true
 org_id                                  : "[your organization identifier]"
diff --git a/defender-endpoint/linux-install-with-saltack.md b/defender-endpoint/linux-install-with-saltack.md
index 84b14103e2..1bca83a70d 100644
--- a/defender-endpoint/linux-install-with-saltack.md
+++ b/defender-endpoint/linux-install-with-saltack.md
@@ -22,6 +22,11 @@ ms.date: 12/04/2024
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
+**Applies to**:
+
+- Microsoft Defender for Endpoint Server
+- [Microsoft Defender for Servers](/azure/defender-for-cloud/integration-defender-for-endpoint)
+
 > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-investigateip-abovefoldlink)
 
 This article describes how to deploy Defender for Endpoint on Linux using Saltstack. A successful deployment requires the completion of all of the following tasks:
@@ -57,7 +62,7 @@ Here are a few important points:
 
 3. Select **Download onboarding package**. Save the file as `WindowsDefenderATPOnboardingPackage.zip`.
 
-   :::image type="content" source="media/portal-onboarding-linux-2.png" alt-text="The Download onboarding package option" lightbox="media/portal-onboarding-linux-2.png":::
+   :::image type="content" source="media/portal-onboarding-linux-2.png" alt-text="The Download onboarding package option":::
 
 4. On the SaltStack Master, extract the contents of the archive to the SaltStack Server's folder (typically `/srv/salt`):
 
@@ -65,7 +70,7 @@ Here are a few important points:
     ls -l
     ```
 
-    ```Output
+    ```console
     total 8
     -rw-r--r-- 1 test  staff  4984 Feb 18 11:22 WindowsDefenderATPOnboardingPackage.zip
     ```
@@ -74,7 +79,7 @@ Here are a few important points:
     unzip WindowsDefenderATPOnboardingPackage.zip -d /srv/salt/mde
     ```
 
-    ```Output
+    ```console
     Archive:  WindowsDefenderATPOnboardingPackage.zip
     inflating: /srv/salt/mde/mdatp_onboard.json
     ```
@@ -110,7 +115,7 @@ In this step, you create a SaltState state file in your configuration repository
    cat /srv/salt/install_mdatp.sls
    ```
 
-   ```output
+   ```console
    add_ms_repo:
      pkgrepo.managed:
        - humanname: Microsoft Defender Repository
@@ -131,7 +136,7 @@ In this step, you create a SaltState state file in your configuration repository
 
 2. Add the package installed state to `install_mdatp.sls` after the `add_ms_repo` state as previously defined.
 
-   ```Output
+   ```console
    install_mdatp_package:
      pkg.installed:
        - name: matp
@@ -140,7 +145,7 @@ In this step, you create a SaltState state file in your configuration repository
 
 4. Add the onboarding file deployment to `install_mdatp.sls` after the `install_mdatp_package` as previously defined.
 
-   ```Output
+   ```console
    copy_mde_onboarding_file:
      file.managed:
        - name: /etc/opt/microsoft/mdatp/mdatp_onboard.json
@@ -150,7 +155,7 @@ In this step, you create a SaltState state file in your configuration repository
 
    The completed install state file should look similar to this output:
 
-   ```Output
+   ```console
    add_ms_repo:
    pkgrepo.managed:
    - humanname: Microsoft Defender Repository
@@ -188,7 +193,7 @@ In this step, you create a SaltState state file in your configuration repository
    cat /srv/salt/uninstall_mdatp.sls
    ```
 
-   ```Output
+   ```console
    remove_mde_onboarding_file:
      file.absent:
        - name: /etc/opt/microsoft/mdatp/mdatp_onboard.json
@@ -196,7 +201,7 @@ In this step, you create a SaltState state file in your configuration repository
 
 6. Add the offboarding file deployment to the `uninstall_mdatp.sls` file after the `remove_mde_onboarding_file` state defined in the previous section.
 
-   ```Output
+   ```console
     offboard_mde:
      file.managed:
        - name: /etc/opt/microsoft/mdatp/mdatp_offboard.json
@@ -205,7 +210,7 @@ In this step, you create a SaltState state file in your configuration repository
 
 7. Add the removal of the MDATP package to the `uninstall_mdatp.sls` file after the `offboard_mde` state defined in the previous section.
 
-   ```Output
+   ```console
    remove_mde_packages:
      pkg.removed:
        - name: mdatp
@@ -213,7 +218,7 @@ In this step, you create a SaltState state file in your configuration repository
 
    The complete uninstall state file should look similar to the following output:
 
-   ```Output
+   ```console
    remove_mde_onboarding_file:
      file.absent:
        - name: /etc/opt/microsoft/mdatp/mdatp_onboard.json
diff --git a/defender-endpoint/linux-preferences.md b/defender-endpoint/linux-preferences.md
index c560baeaf1..d1e900a4c5 100644
--- a/defender-endpoint/linux-preferences.md
+++ b/defender-endpoint/linux-preferences.md
@@ -22,6 +22,11 @@ search.appverid: met150
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
+**Applies to**:
+
+- Microsoft Defender for Endpoint Server
+- [Microsoft Defender for Servers](/azure/defender-for-cloud/integration-defender-for-endpoint)
+
 > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-investigateip-abovefoldlink)
 
 > [!IMPORTANT]
@@ -1003,8 +1008,8 @@ When you run the `mdatp health` command for the first time, the value for the ta
    }
    ```
 
-> [!NOTE]
-> Add the comma after the closing curly bracket at the end of the `cloudService` block. Also, make sure that there are two closing curly brackets after adding Tag or Group ID block (please see the above example). At the moment, the only supported key name for tags is `GROUP`.
+   > [!NOTE]
+   > Add the comma after the closing curly bracket at the end of the `cloudService` block. Also, make sure that there are two closing curly brackets after adding Tag or Group ID block (please see the above example). At the moment, the only supported key name for tags is `GROUP`.
  
 ## Configuration profile validation
 
@@ -1034,6 +1039,6 @@ To verify that your /etc/opt/microsoft/mdatp/managed/mdatp_managed.json is worki
 
 ## Configuration profile deployment
 
-Once you've built the configuration profile for your enterprise, you can deploy it through the management tool that your enterprise is using. Defender for Endpoint on Linux reads the managed configuration from the `/etc/opt/microsoft/mdatp/managed/mdatp_managed.json` file.
+Once you've built the configuration profile for your enterprise, you can deploy it through the management tool that your enterprise is using. Defender for Endpoint on Linux reads the managed configuration from `/etc/opt/microsoft/mdatp/managed/mdatp_managed.json`.
 
 [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]
diff --git a/defender-endpoint/linux-privacy.md b/defender-endpoint/linux-privacy.md
index 58dcbbb5ce..e3c514ad7e 100644
--- a/defender-endpoint/linux-privacy.md
+++ b/defender-endpoint/linux-privacy.md
@@ -22,6 +22,11 @@ ms.date: 10/11/2024
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
+**Applies to**:
+
+- Microsoft Defender for Endpoint Server
+- [Microsoft Defender for Servers](/azure/defender-for-cloud/integration-defender-for-endpoint)
+
 > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-investigateip-abovefoldlink)
 
 Microsoft is committed to provide you with the information and controls you need to make choices about how your data is collected and used when you're using Defender for Endpoint on Linux.
diff --git a/defender-endpoint/linux-pua.md b/defender-endpoint/linux-pua.md
index d228ffa8c8..80417069c3 100644
--- a/defender-endpoint/linux-pua.md
+++ b/defender-endpoint/linux-pua.md
@@ -22,6 +22,11 @@ ms.date: 10/11/2024
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
+**Applies to**:
+
+- Microsoft Defender for Endpoint Server
+- [Microsoft Defender for Servers](/azure/defender-for-cloud/integration-defender-for-endpoint)
+
 > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-investigateip-abovefoldlink)
 
 The potentially unwanted application (PUA) protection feature in Defender for Endpoint on Linux can detect and block PUA files on endpoints in your network.
@@ -59,7 +64,7 @@ mdatp threat policy set --type potentially_unwanted_application --action [off|au
 
 ### Use the management console to configure PUA protection:
 
-In your enterprise, you can configure PUA protection from a management console, such as Puppet or Ansible, similarly to how other product settings are configured. For more information, see the [Threat type settings](linux-preferences.md#threat-type-settings) section of the [Set preferences for Defender for Endpoint on Linux](linux-preferences.md) article.
+In your enterprise, you can configure PUA protection from a management console, such as Puppet or Ansible, similarly to how other product settings are configured. For more information, see [Threat type settings](linux-preferences.md#threat-type-settings) in [Set preferences for Defender for Endpoint on Linux](linux-preferences.md).
 
 ## Related articles
 
diff --git a/defender-endpoint/linux-resources.md b/defender-endpoint/linux-resources.md
index 2ca53a2e3b..78d91cffc0 100644
--- a/defender-endpoint/linux-resources.md
+++ b/defender-endpoint/linux-resources.md
@@ -22,6 +22,11 @@ ms.date: 10/11/2024
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
+**Applies to**:
+
+- Microsoft Defender for Endpoint Server
+- [Microsoft Defender for Servers](/azure/defender-for-cloud/integration-defender-for-endpoint)
+
 > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-investigateip-abovefoldlink)
 
 ## Collect diagnostic information
@@ -34,7 +39,7 @@ If you can reproduce a problem, first increase the logging level, run the system
    mdatp log level set --level debug
    ```
 
-   ```Output
+   ```console
    Log level configured successfully
    ```
 
@@ -48,7 +53,7 @@ If you can reproduce a problem, first increase the logging level, run the system
 
     This command will also print out the file path to the backup after the operation succeeds:
 
-   ```Output
+   ```console
    Diagnostic file created: <path to file>
    ```
 
@@ -58,7 +63,7 @@ If you can reproduce a problem, first increase the logging level, run the system
    mdatp log level set --level info
    ```
 
-   ```Output
+   ```console
    Log level configured successfully
    ```
 
diff --git a/defender-endpoint/linux-schedule-scan-mde.md b/defender-endpoint/linux-schedule-scan-mde.md
index 57d57309da..09817923cf 100644
--- a/defender-endpoint/linux-schedule-scan-mde.md
+++ b/defender-endpoint/linux-schedule-scan-mde.md
@@ -20,6 +20,11 @@ ms.date: 10/11/2024
 
 # Schedule scans with Microsoft Defender for Endpoint (Linux)
 
+**Applies to**:
+
+- Microsoft Defender for Endpoint Server
+- [Microsoft Defender for Servers](/azure/defender-for-cloud/integration-defender-for-endpoint)
+
 To run a scan for Linux, see [Supported Commands](linux-resources.md#supported-commands).
 
 For Linux (and Unix), you can use a tool called **crontab** (similar to Task Scheduler in Windows) to run scheduled tasks.
@@ -63,7 +68,7 @@ sudo crontab -e
 
 You might see:
 
-```outbou
+```console
 0 * * * * /etc/opt/microsoft/mdatp/logrorate.sh
 ```
 
@@ -89,7 +94,7 @@ Type "`:wq`" without the double quotes.
 
 To view your cron jobs, type `sudo crontab -l`
 
-:::image type="content" source="/defender/media/linux-mdatp-1.png" alt-text="The linux mdatp page" lightbox="/defender/media/linux-mdatp-1.png":::
+:::image type="content" source="/defender/media/linux-mdatp-1.png" alt-text="Screenshot of the linux mdatp page.":::
 
 #### To inspect cron job runs
 
@@ -143,7 +148,7 @@ Resource Type: salt.states.cron
 
 **Example:**
 
-```yml
+```yaml
 mdatp scan quick > /tmp/mdatp_scan_log.log:
   cron.present:
     - special: '@hourly'
@@ -218,7 +223,7 @@ crontab -u username -r
 
 ### Explanation
 
-```
+```console
 +—————- minute (values: 0 - 59) (special characters: , \- \* /)  <br>
 | +————- hour (values: 0 - 23) (special characters: , \- \* /) <br>
 | | +———- day of month (values: 1 - 31) (special characters: , \- \* / L W C)  <br>
diff --git a/defender-endpoint/linux-static-proxy-configuration.md b/defender-endpoint/linux-static-proxy-configuration.md
index 5f6efad756..154f76be82 100644
--- a/defender-endpoint/linux-static-proxy-configuration.md
+++ b/defender-endpoint/linux-static-proxy-configuration.md
@@ -22,6 +22,11 @@ ms.date: 10/11/2024
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
+**Applies to**:
+
+- Microsoft Defender for Endpoint Server
+- [Microsoft Defender for Servers](/azure/defender-for-cloud/integration-defender-for-endpoint)
+
 > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-investigateip-abovefoldlink)
 
 Microsoft Defender for Endpoint can discover a proxy server using the `HTTPS_PROXY` environment variable. This setting must be configured **both** at installation time and after the product has been installed.
@@ -64,7 +69,8 @@ After installation, configure Defender for Endpoint with a static proxy. This ca
 
 ### 1. Using mdatp command-line tool
 
-Run  the following command on the endpoint to configure proxy for Defender for Endpoint
+Run the following command on the endpoint to configure proxy for Defender for Endpoint.
+
 ```bash
 mdatp config proxy set --value http://address:port
 ```
@@ -72,7 +78,8 @@ mdatp config proxy set --value http://address:port
 ### 2. Using managed configuration
 
 Set the proxy in the managed configuration at `/etc/opt/microsoft/mdatp/managed/mdatp_managed.json`. This is an example of the json schema:
-```
+
+```json
 {
   "cloudService":{
     "proxy": "http://proxy.server:port/"
diff --git a/defender-endpoint/linux-support-connectivity.md b/defender-endpoint/linux-support-connectivity.md
index d3859a1773..6d8a8b6f0b 100644
--- a/defender-endpoint/linux-support-connectivity.md
+++ b/defender-endpoint/linux-support-connectivity.md
@@ -22,6 +22,11 @@ ms.date: 10/11/2024
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
+**Applies to**:
+
+- Microsoft Defender for Endpoint Server
+- [Microsoft Defender for Servers](/azure/defender-for-cloud/integration-defender-for-endpoint)
+
 > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-investigateip-abovefoldlink)
 
 ## Run the connectivity test
@@ -34,7 +39,7 @@ mdatp connectivity test
 
 Expected output:
 
-```output
+```console
 Testing connection with https://cdn.x.cp.wd.microsoft.com/ping ... [OK]
 Testing connection with https://eu-cdn.x.cp.wd.microsoft.com/ping ... [OK]
 Testing connection with https://wu-cdn.x.cp.wd.microsoft.com/ping ... [OK]
@@ -65,7 +70,7 @@ curl -w ' %{url_effective}\n' 'https://x.cp.wd.microsoft.com/api/report' 'https:
 
 The output from this command should be similar to:
 
-```Output
+```console
 OK https://x.cp.wd.microsoft.com/api/report
 OK https://cdn.x.cp.wd.microsoft.com/ping
 ```
@@ -102,5 +107,6 @@ If the problem persists, contact customer support.
 
 ## Resources
 
-- For more information about how to configure the product to use a static proxy, see [Configure Microsoft Defender for Endpoint for static proxy discovery](linux-static-proxy-configuration.md).
+For more information about how to configure the product to use a static proxy, see [Configure Microsoft Defender for Endpoint for static proxy discovery](linux-static-proxy-configuration.md).
+
 [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]
diff --git a/defender-endpoint/linux-support-ebpf.md b/defender-endpoint/linux-support-ebpf.md
index 320d8c0e7b..9af725932f 100644
--- a/defender-endpoint/linux-support-ebpf.md
+++ b/defender-endpoint/linux-support-ebpf.md
@@ -22,6 +22,11 @@ ms.date: 12/02/2024
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../includes/microsoft-defender.md)]
 
+**Applies to**:
+
+- Microsoft Defender for Endpoint Server
+- [Microsoft Defender for Servers](/azure/defender-for-cloud/integration-defender-for-endpoint)
+
 > [!NOTE]
 > Starting with Defender for Endpoint on Linux, version `101.2408.0000`, AuditD is no longer be supported as a supplementary event provider. For more information, see the FAQs at the end of this article.
 
@@ -161,11 +166,11 @@ uname -a
 
 If you see increased resource consumption by Microsoft Defender on your endpoints, it's important to identify the process/mount-point/files that are causing most of the CPU/Memory utilization. You can then apply the necessary exclusions. After applying possible antivirus exclusions, if `wdavdaemon` (parent process) is still consuming the resources, use the ebpf-statistics command to get the top system call count:
 
-```Bash
+```bash
 sudo mdatp diagnostic  ebpf-statistics
 ```
 
-```Output
+```console
 Output
 Monitor 20 seconds
 Top file paths:
diff --git a/defender-endpoint/linux-support-events.md b/defender-endpoint/linux-support-events.md
index 1f8caf3786..181be52d08 100644
--- a/defender-endpoint/linux-support-events.md
+++ b/defender-endpoint/linux-support-events.md
@@ -23,6 +23,11 @@ ms.date: 10/11/2024
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
+**Applies to**:
+
+- Microsoft Defender for Endpoint Server
+- [Microsoft Defender for Servers](/azure/defender-for-cloud/integration-defender-for-endpoint)
+
 This article provides some general steps to mitigate missing events or alerts in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft Defender portal</a>.
 
 Once **Microsoft Defender for Endpoint** has been installed properly on a device, a _device page_ will be generated in the portal. You can review all recorded events in the timeline tab in the device page, or in advanced hunting page. This section troubleshoots the case of some or all expected events are missing.
@@ -40,7 +45,7 @@ Microsoft Defender for Endpoint utilized `audit` framework from linux to track n
 
     expected output:
 
-    ```output
+    ```console
     ● auditd.service - Security Auditing Service
     Loaded: loaded (/usr/lib/systemd/system/auditd.service; enabled; vendor preset: enabled)
     Active: active (running) since Mon 2020-12-21 10:48:02 IST; 2 weeks 0 days ago
@@ -73,7 +78,7 @@ Microsoft Defender for Endpoint utilized `audit` framework from linux to track n
 
     if the following line is present, remove it or edit it to enable Microsoft Defender for Endpoint to track specific SYSCALLs.
 
-    ```output
+    ```console
     -a task, never
     ```
 
@@ -88,4 +93,5 @@ List the filesystems on the machine with:
 ```bash
 df -Th
 ```
+
 [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]
diff --git a/defender-endpoint/linux-support-install.md b/defender-endpoint/linux-support-install.md
index 51f5585ab4..c3e0500326 100644
--- a/defender-endpoint/linux-support-install.md
+++ b/defender-endpoint/linux-support-install.md
@@ -22,6 +22,11 @@ ms.date: 10/11/2024
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
+**Applies to**:
+
+- Microsoft Defender for Endpoint Server
+- [Microsoft Defender for Servers](/azure/defender-for-cloud/integration-defender-for-endpoint)
+
 > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-investigateip-abovefoldlink)
 
 ## Verify that the installation succeeded
@@ -29,15 +34,15 @@ ms.date: 10/11/2024
 An error in installation might or might not result in a meaningful error message by the package manager. To verify if the installation succeeded, obtain and check the installation logs using:
 
 ```bash
- sudo journalctl --no-pager|grep 'microsoft-mdatp' > installation.log
+sudo journalctl --no-pager|grep 'microsoft-mdatp' > installation.log
 ```
 
 ```bash
- grep 'postinstall end' installation.log
+grep 'postinstall end' installation.log
 ```
 
-```Output
- microsoft-mdatp-installer[102243]: postinstall end [2020-03-26 07:04:43OURCE +0000] 102216
+```console
+microsoft-mdatp-installer[102243]: postinstall end [2020-03-26 07:04:43OURCE +0000] 102216
 ```
 
 An output from the previous command with correct date and time of installation indicates success.
@@ -88,7 +93,7 @@ Check if the Defender for Endpoint service is running:
 service mdatp status
 ```
 
-```Output
+```console
  ● mdatp.service - Microsoft Defender for Endpoint
    Loaded: loaded (/lib/systemd/system/mdatp.service; enabled; vendor preset: enabled)
    Active: active (running) since Thu 2020-03-26 10:37:30 IST; 23h ago
@@ -133,7 +138,8 @@ service mdatp status
     where `<systemd_path>` is `/lib/systemd/system` for Ubuntu and Debian distributions and /usr/lib/systemd/system` for Rhel, CentOS, Oracle, and SLES. Then rerun step 2.
 
 4. If the above steps don't work, check if SELinux is installed and in enforcing mode. If so, try setting it to permissive (preferably) or disabled mode. It can be done by setting the parameter `SELINUX` to `permissive` or `disabled` in `/etc/selinux/config` file, followed by reboot. Check the man-page of selinux for more details.
-Now try restarting the mdatp service using step 2. Revert the configuration change immediately though for security reasons after trying it and reboot.
+
+   Now try restarting the mdatp service using step 2. Revert the configuration change immediately though for security reasons after trying it and reboot.
 
 5. If `/opt` directory is a symbolic link, create a bind mount for `/opt/microsoft`.
 
@@ -143,7 +149,7 @@ Now try restarting the mdatp service using step 2. Revert the configuration chan
     ls -l /opt/microsoft/mdatp/sbin/wdavdaemon
     ```
 
-    ```Output
+    ```console
     -rwxr-xr-x 2 root root 15502160 Mar  3 04:47 /opt/microsoft/mdatp/sbin/wdavdaemon
     ```
 
@@ -183,9 +189,10 @@ Now try restarting the mdatp service using step 2. Revert the configuration chan
     sudo mdatp diagnostic create
     ```
 
-    ```Output
+    ```console
     Diagnostic file created: <path to file>
     ```
 
     Path to a zip file that contains the logs are displayed as an output. Reach out to our customer support with these logs.
+
 [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]
diff --git a/defender-endpoint/linux-support-offline-security-intelligence-update.md b/defender-endpoint/linux-support-offline-security-intelligence-update.md
index ace972404b..b52ef9958e 100644
--- a/defender-endpoint/linux-support-offline-security-intelligence-update.md
+++ b/defender-endpoint/linux-support-offline-security-intelligence-update.md
@@ -22,6 +22,11 @@ ms.date: 12/02/2024
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../includes/microsoft-defender.md)]
 
+**Applies to**:
+
+- Microsoft Defender for Endpoint Server
+- [Microsoft Defender for Servers](/azure/defender-for-cloud/integration-defender-for-endpoint)
+
 This document describes the Offline Security Intelligence Update feature of Microsoft Defender for Endpoint on Linux.
 
 This feature enables an organization to update the security intelligence (also referred to as definitions or signatures in this document) on Linux endpoints with limited or no exposure to the internet using a local hosting server (termed as *Mirror Server* in this document).
@@ -48,6 +53,7 @@ Key benefits include:
 - The status of the update can be seen on the mdatp CLI.
 
 :::image type="content" source="./media/offline-update-diag-1.png" alt-text="Process flow diagram on the Mirror Server for downloading the security intelligence updates" lightbox="./media/offline-update-diag-2.png":::
+
 Fig. 1: Process flow diagram on the Mirror Server for downloading the security intelligence updates
 
 :::image type="content" source="./media/offline-update-diag-2.png" alt-text="Process flow diagram on the Linux endpoint for security intelligence updates" lightbox="./media/offline-update-diag-2.png":::
@@ -80,10 +86,8 @@ Fig. 2: Process flow diagram on the Linux endpoint for security intelligence upd
 ## Configuring the Mirror Server
 
 > [!NOTE]
-> The management and ownership of the Mirror Server lies solely with the customer as it resides in the customer's private environment.
-
-> [!NOTE]
-> The Mirror Server does not need to have Defender for Endpoint installed.
+> - The management and ownership of the Mirror Server lies solely with the customer as it resides in the customer's private environment.
+> - The Mirror Server does not need to have Defender for Endpoint installed.
 
 ### Get the offline security intelligence downloader script
 
@@ -171,24 +175,24 @@ Once the Mirror Server is set up, we need to propagate this URL to the Linux end
 
 ## Configure the Endpoints
 
-- Use the following sample `mdatp_managed.json` and update the parameters as per the configuration and copy the file to the location `/etc/opt/microsoft/mdatp/managed/mdatp_managed.json`.
-
-    ```json
-    {
-      "cloudService": {
-        "automaticDefinitionUpdateEnabled": true,
-        "definitionUpdatesInterval": 1202
-      },
-      "antivirusEngine": {
-        "offlineDefinitionUpdateUrl": "http://172.22.199.67:8000/linux/production/",
-        "offlineDefintionUpdateFallbackToCloud":false,
-        "offlineDefinitionUpdate": "enabled"
-      },
-      "features": {
-        "offlineDefinitionUpdateVerifySig": "enabled"
-      }
-    }
-    ```
+Use the following sample `mdatp_managed.json` and update the parameters as per the configuration and copy the file to the location `/etc/opt/microsoft/mdatp/managed/mdatp_managed.json`.
+
+```json
+{
+  "cloudService": {
+    "automaticDefinitionUpdateEnabled": true,
+    "definitionUpdatesInterval": 1202
+  },
+  "antivirusEngine": {
+    "offlineDefinitionUpdateUrl": "http://172.22.199.67:8000/linux/production/",
+    "offlineDefintionUpdateFallbackToCloud":false,
+    "offlineDefinitionUpdate": "enabled"
+  },
+  "features": {
+    "offlineDefinitionUpdateVerifySig": "enabled"
+  }
+}
+```
 
 | Field Name                                | Values               | Comments                                            |
 |-------------------------------------------|----------------------|-----------------------------------------------------|
@@ -212,7 +216,7 @@ mdatp health --details definitions
 
 A sample output would look like the following code snippet:
 
-```output
+```console
 user@vm:~$ mdatp health --details definitions
 automatic_definition_update_enabled         : true [managed]
 definitions_updated                         : Mar 14, 2024 at 12:13:17 PM
diff --git a/defender-endpoint/linux-support-perf.md b/defender-endpoint/linux-support-perf.md
index 8f648b19f3..912ae6d0da 100644
--- a/defender-endpoint/linux-support-perf.md
+++ b/defender-endpoint/linux-support-perf.md
@@ -22,6 +22,11 @@ search.appverid: met150
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
+**Applies to**:
+
+- Microsoft Defender for Endpoint Server
+- [Microsoft Defender for Servers](/azure/defender-for-cloud/integration-defender-for-endpoint)
+
 > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-investigateip-abovefoldlink)
 
 This document provides instructions on how to narrow down performance issues related to Defender for Endpoint on Linux using the available diagnostic tools to be able to understand and mitigate the existing resource shortages and the processes that are making the system into such situations. Performance problems are mainly caused by bottlenecks in one or more hardware subsystems, depending on the profile of resource utilization on the system. Sometimes applications are sensitive to disk I/O resources and may need more CPU capacity, and sometimes some configurations are not sustainable, and may trigger too many new processes, and open too many file descriptors.
@@ -46,7 +51,7 @@ The following steps can be used to troubleshoot and mitigate these issues:
    mdatp config real-time-protection --value disabled
    ```
 
-   ```Output
+   ```console
    Configuration property updated
    ```
 
@@ -78,7 +83,7 @@ The following steps can be used to troubleshoot and mitigate these issues:
    mdatp config real-time-protection --value enabled
    ```
 
-   ```Output
+   ```console
    Configuration property updated
    ```
 
@@ -101,7 +106,7 @@ The following steps can be used to troubleshoot and mitigate these issues:
 
    The output of this command should be similar to the following:
 
-   ```Output
+   ```console
    --2020-11-14 11:27:27-- https://raw.githubusercontent.com/microsoft.mdatp-xplat/master/linus/diagnostic/high_cpu_parser.py
    Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.xxx.xxx
    Connecting to raw.githubusercontent.com (raw.githubusercontent.com)| 151.101.xxx.xxx| :443... connected.
@@ -119,7 +124,7 @@ The following steps can be used to troubleshoot and mitigate these issues:
 
    The output of the above is a list of the top contributors to performance issues. The first column is the process identifier (PID), the second column is the process name, and the last column is the number of scanned files, sorted by impact. For example, the output of the command will be something like the below:
 
-   ```Output
+   ```console
    ... > mdatp diagnostic real-time-protection-statistics --output json | python high_cpu_parser.py | head
    27432 None 76703
    73467 actool    1249
@@ -222,7 +227,7 @@ The XMDEClientAnalyzer support tool contains syntax that can be used to add Audi
 
 AuditD exclusion – support tool syntax help:
 
-:::image type="content" source="media/auditd-exclusion-support-tool-syntax-help.png" alt-text="syntax that can be used to add AuditD exclusion configuration rules" lightbox="media/auditd-exclusion-support-tool-syntax-help.png":::
+:::image type="content" source="media/auditd-exclusion-support-tool-syntax-help.png" alt-text="Screenshot of the syntax that can be used to add AuditD exclusion configuration rules.":::
 
 **By initiator**
 
diff --git a/defender-endpoint/linux-update-mde-linux.md b/defender-endpoint/linux-update-mde-linux.md
index 1635594552..406fff03fa 100644
--- a/defender-endpoint/linux-update-mde-linux.md
+++ b/defender-endpoint/linux-update-mde-linux.md
@@ -20,6 +20,11 @@ ms.date: 10/11/2024
 
 # Schedule an update of the Microsoft Defender for Endpoint (Linux)
 
+**Applies to**:
+
+- Microsoft Defender for Endpoint Server
+- [Microsoft Defender for Servers](/azure/defender-for-cloud/integration-defender-for-endpoint)
+
 To run an update on Microsoft Defender for Endpoint on Linux, see [Deploy updates for Microsoft Defender for Endpoint on Linux](linux-updates.md).
 
 Linux (and Unix) have a tool called **crontab** (similar to Task Scheduler) to be able to run scheduled tasks.
@@ -64,13 +69,13 @@ sudo crontab -e
 
 You might see:
 
-```output
+```console
 0 * * * * /etc/opt/microsoft/mdatp/logrorate.sh
 ```
 
 And
 
-```output
+```console
 0 2 * * sat /bin/mdatp scan quick>~/mdatp_cron_job.log
 ```
 
diff --git a/defender-endpoint/linux-updates.md b/defender-endpoint/linux-updates.md
index e587c7dba0..6ce421ef99 100644
--- a/defender-endpoint/linux-updates.md
+++ b/defender-endpoint/linux-updates.md
@@ -22,6 +22,11 @@ ms.date: 10/11/2024
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
+**Applies to**:
+
+- Microsoft Defender for Endpoint Server
+- [Microsoft Defender for Servers](/azure/defender-for-cloud/integration-defender-for-endpoint)
+
 > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-investigateip-abovefoldlink)
 
 Microsoft regularly publishes software updates to improve performance, security, and to deliver new features.
@@ -29,14 +34,19 @@ Microsoft regularly publishes software updates to improve performance, security,
 > [!WARNING]
 > Each version of Defender for Endpoint on Linux is set to expire automatically after 9 months. While expired versions continue to receive security intelligence updates, install the latest version to get all available fixes and enhancements.
 > To check the expiration date, run the following command:
+>
 > ```bash
 > mdatp health --field product_expiration
 > ```
+>
 > Expired clients report a health issue and warning message when you run the following command:
+>
 > ```bash
 > mdatp health
 > ```
+>
 > Indicators of an expired client include the message, "**ATTENTION: No license found. Contact your administrator for help**." with the following attributes:
+>
 > ```bash
 > ATTENTION: No license found. Contact your administrator for help.
 > healthy                                     : false
@@ -69,6 +79,6 @@ sudo apt-get install --only-upgrade mdatp
 > [!IMPORTANT]
 > When Defender for Cloud is provisioning the Microsoft Defender for Endpoint agent to Linux servers, it keeps the client updated automatically.
 
-To schedule an update of Microsoft Defender for Endpoint on Linux, see [Schedule an update of the Microsoft Defender for Endpoint (Linux)](linux-update-mde-linux.md)
+To schedule an update of Microsoft Defender for Endpoint on Linux, see [Schedule an update of the Microsoft Defender for Endpoint (Linux)](linux-update-mde-linux.md).
 
 [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]
diff --git a/defender-endpoint/linux-whatsnew.md b/defender-endpoint/linux-whatsnew.md
index e83b473a4a..6cb6e39ee5 100644
--- a/defender-endpoint/linux-whatsnew.md
+++ b/defender-endpoint/linux-whatsnew.md
@@ -23,6 +23,11 @@ search.appverid: met150
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
+**Applies to**:
+
+- Microsoft Defender for Endpoint Server
+- [Microsoft Defender for Servers](/azure/defender-for-cloud/integration-defender-for-endpoint)
+
 This article is updated frequently to let you know what's new in the latest releases of Microsoft Defender for Endpoint on Linux.
 
 - [What's new in Defender for Endpoint on macOS](mac-whatsnew.md)
@@ -349,9 +354,9 @@ There are multiple fixes and new changes in this release:
 
 - Support added to restore threat based on original path using the following command:
   
- ```bash
- sudo mdatp threat quarantine restore threat-path --path [threat-original-path] --destination-path [destination-folder]
-```
+  ```bash
+  sudo mdatp threat quarantine restore threat-path --path [threat-original-path] --destination-path [destination-folder]
+  ```
 - Starting with this release, Microsoft Defender for Endpoint on Linux will no longer be shipping a solution for RHEL 6.
   
     RHEL 6 'Extended end of life support' is poised to end by June 30, 2024 and customers are advised to plan their RHEL upgrades accordingly aligned with guidance from Red Hat. Customers who need to run Defender for Endpoint on RHEL 6 servers can continue to leverage version 101.23082.0011 (does not expire before June 30, 2024) supported on kernel versions 2.6.32-754.49.1.el6.x86_64 or prior.
@@ -392,18 +397,19 @@ There are two ways to mitigate this upgrade issue:
 
 1. Use your package manager to uninstall the `101.75.43` or `101.78.13` mdatp version.
 
-Example:
-```bash
-sudo apt purge mdatp
-sudo apt-get install mdatp
-```
+   Example:
+
+   ```bash
+   sudo apt purge mdatp
+   sudo apt-get install mdatp
+   ```
 
 2. As an alternative you can follow the instructions to [uninstall](linux-resources.md#uninstall-defender-for-endpoint-on-linux), then [install](linux-install-manually.md#application-installation) the latest version of the package.
 
 If you don't want to uninstall mdatp, you can disable rtp and mdatp in sequence before upgrading.
 Some customers (<1%) experience issues with this method.
 
- ```bash
+```bash
 sudo mdatp config real-time-protection --value=disabled
 sudo systemctl disable mdatp
 ```
@@ -448,18 +454,19 @@ There are two ways to mitigate this upgrade issue:
 
 1. Use your package manager to uninstall the `101.75.43` or `101.78.13` mdatp version.
 
-Example:
-```bash
-sudo apt purge mdatp
-sudo apt-get install mdatp
-```
+   Example:
+
+   ```bash
+   sudo apt purge mdatp
+   sudo apt-get install mdatp
+   ```
 
 2. As an alternative you can follow the instructions to [uninstall](linux-resources.md#uninstall-defender-for-endpoint-on-linux), then [install](linux-install-manually.md#application-installation) the latest version of the package.
 
 If you don't want to uninstall mdatp, you can disable rtp and mdatp in sequence before upgrading.
 Some customers (<1%) experience issues with this method.
 
- ```bash
+```bash
 sudo mdatp config real-time-protection --value=disabled
 sudo systemctl disable mdatp
 ```
@@ -536,11 +543,12 @@ There are two ways to mitigate this upgrade issue:
 
 1. Use your package manager to uninstall the `101.75.43` or `101.78.13` mdatp version.
 
-Example:
-```bash
-sudo apt purge mdatp
-sudo apt-get install mdatp
-```
+   Example:
+
+   ```bash
+   sudo apt purge mdatp
+   sudo apt-get install mdatp
+   ```
 
 2. As an alternative you can follow the instructions to [uninstall](linux-resources.md#uninstall-defender-for-endpoint-on-linux), then [install](linux-install-manually.md#application-installation) the latest version of the package.
 
@@ -597,11 +605,12 @@ There are two ways to mitigate this upgrade issue:
 
 1. Use your package manager to uninstall the `101.75.43` or `101.78.13` mdatp version.
 
-Example:
-```bash
-sudo apt purge mdatp
-sudo apt-get install mdatp
-```
+   Example:
+
+   ```bash
+   sudo apt purge mdatp
+   sudo apt-get install mdatp
+   ```
 
 2. As an alternative you can follow the instructions to [uninstall](linux-resources.md#uninstall-defender-for-endpoint-on-linux), then [install](linux-install-manually.md#application-installation) the latest version of the package.
 
@@ -667,18 +676,19 @@ There are two ways to mitigate this upgrade issue:
 
 1. Use your package manager to uninstall the `101.75.43` or `101.78.13` mdatp version.
 
-Example:
-```bash
-sudo apt purge mdatp
-sudo apt-get install mdatp
-```
+   Example:
+
+   ```bash
+   sudo apt purge mdatp
+   sudo apt-get install mdatp
+   ```
 
 2. As an alternative you can follow the instructions to [uninstall](linux-resources.md#uninstall-defender-for-endpoint-on-linux), then [install](linux-install-manually.md#application-installation) the latest version of the package.
 
 If you don't want to uninstall mdatp, you can disable rtp and mdatp in sequence before upgrading.
 Some customers (<1%) experience issues with this method.
 
- ```bash
+```bash
 sudo mdatp config real-time-protection --value=disabled
 sudo systemctl disable mdatp
 ```
@@ -728,18 +738,19 @@ There are two ways to mitigate this upgrade issue:
 
 1. Use your package manager to uninstall the `101.75.43` or `101.78.13` mdatp version.
 
-Example:
-```bash
-sudo apt purge mdatp
-sudo apt-get install mdatp
-```
+   Example:
+
+   ```bash
+   sudo apt purge mdatp
+   sudo apt-get install mdatp
+   ```
 
 2. As an alternative you can follow the instructions to [uninstall](linux-resources.md#uninstall-defender-for-endpoint-on-linux), then [install](linux-install-manually.md#application-installation) the latest version of the package.
 
 If you don't want to uninstall mdatp, you can disable rtp and mdatp in sequence before upgrading.
 Some customers (<1%) experience issues with this method.
 
- ```bash
+```bash
 sudo mdatp config real-time-protection --value=disabled
 sudo systemctl disable mdatp
 ```
@@ -791,18 +802,19 @@ There are two ways to mitigate this upgrade issue:
 
 1. Use your package manager to uninstall the `101.75.43` or `101.78.13` mdatp version.
 
-Example:
-```bash
-sudo apt purge mdatp
-sudo apt-get install mdatp
-```
+   Example:
+
+   ```bash
+   sudo apt purge mdatp
+   sudo apt-get install mdatp
+   ```
 
 2. As an alternative you can follow the instructions to [uninstall](linux-resources.md#uninstall-defender-for-endpoint-on-linux), then [install](linux-install-manually.md#application-installation) the latest version of the package.
 
 If you don't want to uninstall mdatp, you can disable rtp and mdatp in sequence before upgrading. 
 Some customers (<1%) experience issues with this method. 
 
- ```bash
+```bash
 sudo mdatp config real-time-protection --value=disabled
 sudo systemctl disable mdatp
 ```
@@ -857,18 +869,19 @@ There are two ways to mitigate this upgrade issue:
 
 1. Use your package manager to uninstall the `101.75.43` or `101.78.13` mdatp version.
 
-Example:
-```bash
-sudo apt purge mdatp
-sudo apt-get install mdatp
-```
+   Example:
+
+   ```bash
+   sudo apt purge mdatp
+   sudo apt-get install mdatp
+   ```
 
 2. As an alternative you can follow the instructions to [uninstall](linux-resources.md#uninstall-defender-for-endpoint-on-linux), then [install](linux-install-manually.md#application-installation) the latest version of the package.
 
 If you don't want to uninstall mdatp, you can disable rtp and mdatp in sequence before upgrading. 
 Caution: Some customers (<1%) experience issues with this method. 
 
- ```bash
+```bash
 sudo mdatp config real-time-protection --value=disabled
 sudo systemctl disable mdatp
 ```
@@ -916,10 +929,10 @@ sudo systemctl disable mdatp
 
 - While upgrading mdatp to version `101.94.13` or later, you might notice that health is false, with health_issues as "no active supplementary event provider". This can happen due to misconfigured/conflicting auditd rules on existing machines. To mitigate the issue, the auditd rules on the existing machines need to be fixed. The following commands can help you to identify such auditd rules (commands need to be run as super user). Take a backup of following file: /etc/audit/rules.d/audit.rules as these steps are only to identify failures.
 
-```bash
-echo -c >> /etc/audit/rules.d/audit.rules
-augenrules --load
-```
+  ```bash
+  echo -c >> /etc/audit/rules.d/audit.rules
+  augenrules --load
+  ```
 
 - While upgrading from mdatp version `101.75.43` or `101.78.13`, you could encounter a kernel hang. Run the following commands before attempting to upgrade to version `101.98.05`. For more information, see [System hang due to blocked tasks in fanotify code](https://access.redhat.com/solutions/2838901).
 
@@ -927,17 +940,19 @@ There are two ways to mitigate this upgrade issue:
 
 1. Use your package manager to uninstall the `101.75.43` or `101.78.13` mdatp version.
     
-Example:
-```bash
-sudo apt purge mdatp
-sudo apt-get install mdatp
-```
+   Example:
+
+   ```bash
+   sudo apt purge mdatp
+   sudo apt-get install mdatp
+   ```
+
 2. As an alternative you can follow the instructions to [uninstall](linux-resources.md#uninstall-defender-for-endpoint-on-linux), then [install](linux-install-manually.md#application-installation) the latest version of the package.
 
 If you don't want to uninstall mdatp, you can disable rtp and mdatp in sequence before upgrading. 
 Caution: Some customers (<1%) experience issues with this method. 
 
- ```bash
+```bash
 sudo mdatp config real-time-protection --value=disabled
 sudo systemctl disable mdatp
 ```
@@ -981,14 +996,14 @@ sudo systemctl disable mdatp
 
 The issue could be mitigated by running the following commands.
 
-```
+```bash
 sudo ausearch -c 'mdatp_audisp_pl' --raw | sudo audit2allow -M my-mdatpaudisppl_v1
 sudo semodule -i my-mdatpaudisppl_v1.pp
 ```
 
 Here, my-mdatpaudisppl_v1 represents the policy module name. After you run the commands, either wait for 24 hours or clear/archive the audit logs. The audit logs could be archived by running the following command
 
-```
+```bash
 sudo service auditd stop
 sudo systemctl stop mdatp
 cd /var/log/audit
@@ -1037,27 +1052,30 @@ There are multiple fixes and new changes in this release.
 
 - While upgrading mdatp to version 101.94.13, you might notice that health is false, with health_issues as "no active supplementary event provider". This can happen due to misconfigured/conflicting auditd rules on existing machines. To mitigate the issue, the auditd rules on the existing machines need to be fixed. The following steps can help you to identify such auditd rules (these commands need to be run as super user). Make sure to back up following file: `/etc/audit/rules.d/audit.rules`` as these steps are only to identify failures.
 
-```bash
-echo -c >> /etc/audit/rules.d/audit.rules
-augenrules --load
-```
+  ```bash
+  echo -c >> /etc/audit/rules.d/audit.rules
+  augenrules --load
+  ```
 
 - While upgrading from mdatp version `101.75.43` or `101.78.13`, you might encounter a kernel hang. Run the following commands before attempting to upgrade to version `101.98.05`. For more information, see [System hang due to blocked tasks in fanotify code](https://access.redhat.com/solutions/2838901)
 
 There are two ways to mitigate the problem in upgrading.
 
 Use your package manager to uninstall the `101.75.43` or `101.78.13` mdatp version.
+
 Example:
+
 ```bash
 sudo apt purge mdatp
 sudo apt-get install mdatp
 ```
+
 As an alternative, you can follow the instructions to [uninstall](linux-resources.md#uninstall-defender-for-endpoint-on-linux), then [install](linux-install-manually.md#application-installation) the latest version of the package.
 
 In case you don't want to uninstall mdatp you can disable rtp and mdatp in sequence before upgrade. 
 Caution: Some customers(<1%) are experiencing issues with this method. 
 
- ```bash
+```bash
 sudo mdatp config real-time-protection --value=disabled
 sudo systemctl disable mdatp
 ```
@@ -1094,10 +1112,10 @@ sudo systemctl disable mdatp
 
 - While upgrading mdatp to version `101.94.13`, you might notice that health is false, with health_issues as "no active supplementary event provider". This can happen due to misconfigured/conflicting auditd rules on existing machines. To mitigate the issue, the auditd rules on the existing machines need to be fixed. The following steps can help you to identify such auditd rules (these commands need to be run as super user). Take a backup of following file: `/etc/audit/rules.d/audit.rules` as these steps are only to identify failures.
 
-```bash
-echo -c >> /etc/audit/rules.d/audit.rules
-augenrules --load
-```
+  ```bash
+  echo -c >> /etc/audit/rules.d/audit.rules
+  augenrules --load
+  ```
 
 - While upgrading from mdatp version `101.75.43` or `101.78.13`, you might encounter a kernel hang. Run the following commands before attempting to upgrade to version 101.94.13. For more information, see [System hang due to blocked tasks in fanotify code](https://access.redhat.com/solutions/2838901)
 
@@ -1117,7 +1135,7 @@ As an alternative to the above, you can follow the instructions to [uninstall](l
 In case you don't want to uninstall mdatp you can disable rtp and mdatp in sequence before upgrade.
 Caution: Some customers(<1%) are experiencing issues with this method.
 
- ```bash
+```bash
 sudo mdatp config real-time-protection --value=disabled
 sudo systemctl disable mdatp
 ```
@@ -1167,7 +1185,7 @@ As an alternative approach, follow the instructions to [uninstall](linux-resourc
 In case you don't want to uninstall mdatp you can disable rtp and mdatp in sequence before upgrade.
 Caution: Some customers(<1%) are experiencing issues with this method.
 
- ```bash
+```bash
 sudo mdatp config real-time-protection --value=disabled
 sudo systemctl disable mdatp
 ```
@@ -1194,10 +1212,10 @@ sudo systemctl disable mdatp
 
 - When upgrading from mdatp version `101.75.43` or `101.78.13`, you might encounter a kernel hang. Run the following commands before attempting to upgrade to version `101.80.97`. This action should prevent the issue from occurring.
 
-```
-sudo mdatp config real-time-protection --value=disabled
-sudo systemctl disable mdatp
-```
+  ```bash
+  sudo mdatp config real-time-protection --value=disabled
+  sudo systemctl disable mdatp
+  ```
 
 After executing the commands, use your package manager to perform the upgrade.
 
@@ -1257,7 +1275,6 @@ As an alternative approach, follow the instructions to [uninstall](linux-resourc
 - Addressed a product bug where multiple detections of the same content could lead to duplicate entries in the threat history
 - Addressed an issue where one of the processes spawned by the product (`mdatp_audisp_plugin`) was sometimes not properly terminated when the service was stopped
 - Other bug fixes
-</br>
 
 <br/><br/>
 <br/><br/>
@@ -1285,7 +1302,6 @@ As an alternative approach, follow the instructions to [uninstall](linux-resourc
 - From this build onwards, the product has the new antimalware engine by default
 - Performance improvements for file copy operations
 - Bug fixes
-</br>
 
 <br/><br/>
 <br/><br/>
@@ -1340,7 +1356,6 @@ As an alternative approach, follow the instructions to [uninstall](linux-resourc
 - Fixed a bug where the product sometimes was incorrectly detecting files inside the quarantine folder
 - Fixed an issue where the `mdatp` command-line tool wasn't working when `/opt` was mounted as a soft-link
 - Performance improvements & bug fixes
-</br>
 
 <br/><br/>
 <br/><br/>
@@ -1470,8 +1485,7 @@ As an alternative approach, follow the instructions to [uninstall](linux-resourc
 <details><summary> 2021 releases</summary>
   <details><summary>(Build: 101.52.57 | Release version: 30.121092.15257.0)</summary>
 
-  <p><b>
-  Build: 101.52.57 <br>
+  <p><b>Build: 101.52.57 <br>
   Release version: 30.121092.15257.0</b></p>
 
   <p><b> What's new </b></p>
@@ -1496,8 +1510,7 @@ As an alternative approach, follow the instructions to [uninstall](linux-resourc
 
    <details><summary>(Build: 101.45.13 | Release version: 30.121082.14513.0)</summary>
 
-  <p>
-  Build: <b>101.45.13 </b>  <br>
+  <p>Build: <b>101.45.13 </b>  <br>
   Release version:<b> 30.121082.14513.0 </b></p>
 
   <p><b>What's new</b></p>
@@ -1514,8 +1527,7 @@ As an alternative approach, follow the instructions to [uninstall](linux-resourc
 
    <details><summary>(Build: 101.45.00 | Release version: 30.121072.14500.0)</summary>
 
-   <p>
-   Build:<b> 101.45.00</b> <br>
+   <p>Build:<b> 101.45.00</b> <br>
    Release version: <b>30.121072.14500.0</b></p>
 
    <p><b>What's new</b></p>
@@ -1530,8 +1542,7 @@ As an alternative approach, follow the instructions to [uninstall](linux-resourc
 
    <details><summary>(Build: 101.39.98 | Release version: 30.121062.13998.0)</summary>
 
-   <p>
-   Build: <b>101.39.98 </b><br>
+   <p>Build: <b>101.39.98 </b><br>
    Release version: <b>30.121062.13998.0</b></p>
 
    <p><b>What's new</b></p>
@@ -1542,8 +1553,7 @@ As an alternative approach, follow the instructions to [uninstall](linux-resourc
 
    <details><summary>(Build: 101.34.27 | Release version: 30.121052.13427.0)</summary>
 
-   <p>
-   Build:<b> 101.34.27</b> <br>
+   <p>Build:<b> 101.34.27</b> <br>
    Release version: <b>30.121052.13427.0</b></p>
 
    <p><b>What's new</b></p>
@@ -1554,8 +1564,7 @@ As an alternative approach, follow the instructions to [uninstall](linux-resourc
 
    <details><summary>(Build: 101.29.64 | Release version: 30.121042.12964.0)</summary>
 
-   <p>
-   Build:<b> 101.29.64 </b><br>
+   <p>Build:<b> 101.29.64 </b><br>
    Release version:<b> 30.121042.12964.0</b></p>
 
    <p><b>What's new</b></p>
@@ -1570,8 +1579,7 @@ As an alternative approach, follow the instructions to [uninstall](linux-resourc
 
    <details><summary>(Build: 101.25.72 | Release version: 30.121022.12563.0)</summary>
 
-   <p>
-   Build:<b> 101.25.72</b> <br>
+   <p>Build:<b> 101.25.72</b> <br>
    Release version: <b>30.121022.12563.0</b></p>
 
    <p><b>What's new</b></p>
@@ -1584,8 +1592,7 @@ As an alternative approach, follow the instructions to [uninstall](linux-resourc
 
    <details><summary>(Build: 101.25.63 | Release version: 30.121022.12563.0)</summary>
 
-   <p>
-   Build:<b> 101.25.63</b> <br>
+   <p>Build:<b> 101.25.63</b> <br>
    Release version: <b>30.121022.12563.0</b></p>
 
    <p><b>What's new</b></p>
@@ -1596,8 +1603,7 @@ As an alternative approach, follow the instructions to [uninstall](linux-resourc
 
    <details><summary>(Build: 101.23.64 | Release version: 30.121021.12364.0)</summary>
 
-   <p>
-   Build:<b> 101.23.64 </b><br>
+   <p>Build:<b> 101.23.64 </b><br>
    Release version: 30.121021.12364.0</b></p>
 
    <p><b>What's new</b></p>
@@ -1610,8 +1616,7 @@ As an alternative approach, follow the instructions to [uninstall](linux-resourc
 
    <details><summary>(Build: 101.18.53)</summary>
 
-  <p>
-  Build:<b> 101.18.53 </b><br>
+  <p>Build:<b> 101.18.53 </b><br>
 
   <p>What's new</b></p>
 
diff --git a/defender-endpoint/mde-linux-arm.md b/defender-endpoint/mde-linux-arm.md
index a15472dc9b..272313391a 100644
--- a/defender-endpoint/mde-linux-arm.md
+++ b/defender-endpoint/mde-linux-arm.md
@@ -24,6 +24,9 @@ ai-usage: human-only
 
 # Microsoft Defender for Endpoint on Linux for ARM64-based devices (preview)
 
+- Microsoft Defender for Endpoint Server
+- [Microsoft Defender for Servers](/azure/defender-for-cloud/integration-defender-for-endpoint)
+
 ## Overview of Defender for Endpoint on Linux for ARM64-based devices
 
 As you might already know, [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md) is a unified endpoint security solution that helps you protect your server devices from advanced threats. Defender for Endpoint on Linux is now extending support for ARM64-based Linux servers in preview. Similar to x64-based Linux servers (including Intel and AMD 64-bit platform), the following capabilities are included: 
diff --git a/defender-endpoint/mde-linux-deployment-on-sap.md b/defender-endpoint/mde-linux-deployment-on-sap.md
index 448378b340..981d569135 100644
--- a/defender-endpoint/mde-linux-deployment-on-sap.md
+++ b/defender-endpoint/mde-linux-deployment-on-sap.md
@@ -22,6 +22,11 @@ ms.custom:
 
 # Deployment guidance for Microsoft Defender for Endpoint on Linux for SAP
 
+**Applies to**:
+
+- Microsoft Defender for Endpoint Server
+- [Microsoft Defender for Servers](/azure/defender-for-cloud/integration-defender-for-endpoint)
+
 This article provides deployment guidance for Microsoft Defender for Endpoint on Linux for SAP. This article includes recommended SAP OSS (Online Services System) notes, the system requirements, prerequisites, important configuration settings, recommended antivirus exclusions, and guidance on scheduling antivirus scans.
 
 Conventional security defenses that have been commonly used to protect SAP systems, such as isolating infrastructure behind firewalls and limiting interactive operating system logons, are no longer considered sufficient to mitigate modern sophisticated threats. It's essential to deploy modern defenses to detect and contain threats in real-time. SAP applications unlike most other workloads require basic assessment and validation before deploying Microsoft Defender for Endpoint. The enterprise security administrators should contact the SAP Basis team prior to deploying Defender for Endpoint. The SAP Basis Team should be cross trained with a basic level of knowledge about Defender for Endpoint.
diff --git a/defender-endpoint/mde-sap-windows-server.md b/defender-endpoint/mde-sap-windows-server.md
index b92f68b33a..3e3e778614 100644
--- a/defender-endpoint/mde-sap-windows-server.md
+++ b/defender-endpoint/mde-sap-windows-server.md
@@ -20,9 +20,10 @@ audience: ITPro
 
 # Microsoft Defender for Endpoint on Windows Server with SAP
 
-**Applies to:**
+**Applies to**:
 
-- [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md)
+- Microsoft Defender for Endpoint Server
+- [Microsoft Defender for Servers](/azure/defender-for-cloud/integration-defender-for-endpoint)
 
 If your organization uses SAP, it's essential to understand the compatibility and support between [antivirus](microsoft-defender-antivirus-on-windows-server.md) and [EDR](overview-endpoint-detection-response.md) in Microsoft Defender for Endpoint and your SAP applications. This article helps you understand the support provided by SAP for endpoint protection security solutions like Defender for Endpoint and how they interact with SAP applications.
 
diff --git a/defender-endpoint/migrating-mde-server-to-cloud.md b/defender-endpoint/migrating-mde-server-to-cloud.md
index 615318a06a..edbf7fbcb3 100644
--- a/defender-endpoint/migrating-mde-server-to-cloud.md
+++ b/defender-endpoint/migrating-mde-server-to-cloud.md
@@ -19,15 +19,14 @@ search.appverid: met150
 
 # Migrating servers from Microsoft Defender for Endpoint to Microsoft Defender for Cloud
 
-**Applies to:**
+**Applies to**:
 
-- [Microsoft Defender for Endpoint Plan 1](microsoft-defender-endpoint.md)
-- [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md)
-- [Microsoft Defender XDR](/defender-xdr)
+- Microsoft Defender for Endpoint Server
+- [Microsoft Defender for Servers](/azure/defender-for-cloud/integration-defender-for-endpoint)
 
-This article guides you in migrating servers from Microsoft Defender for Endpoint to Defender for Cloud.
+This article guides you in migrating servers from Microsoft Defender for Endpoint Server to Defender for Servers (part of Defender for Cloud).
 
-[Microsoft Defender for Endpoint](https://www.microsoft.com/security/business/endpoint-security/microsoft-defender-endpoint) is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.
+[Microsoft Defender for Endpoint](https://www.microsoft.com/security/business/endpoint-security/microsoft-defender-endpoint) is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats. The Microsoft Defender for Endpoint Server license enables you to onboard servers to Defender for Endpoint.
 
 [Microsoft Defender for Cloud](https://azure.microsoft.com/services/defender-for-cloud/) is a solution for cloud security posture management (CSPM) and cloud workload protection (CWP) that finds weak spots across your cloud configuration. It also helps strengthen the overall security posture of your environment, and can protect workloads across multicloud and hybrid environments from evolving threats.
 
diff --git a/defender-endpoint/minimum-requirements.md b/defender-endpoint/minimum-requirements.md
index b92148ec8d..b5e6aa0b00 100644
--- a/defender-endpoint/minimum-requirements.md
+++ b/defender-endpoint/minimum-requirements.md
@@ -6,7 +6,7 @@ ms.author: deniseb
 author: denisebmsft
 ms.reviewer: pahuijbr
 ms.localizationpriority: medium
-ms.date: 12/10/2024
+ms.date: 12/12/2024
 manager: deniseb
 audience: ITPro
 ms.collection: 
@@ -110,8 +110,8 @@ To add antimalware protection to these older operating systems, you can use [Sys
 
 ### Other supported operating systems
 
-- [macOS](microsoft-defender-endpoint-mac.md)
-- [Linux](microsoft-defender-endpoint-linux.md)
+- [Mac](microsoft-defender-endpoint-mac.md) (client devices)
+- [Linux Server](microsoft-defender-endpoint-linux.md)
 - [Windows Subsystem for Linux](mde-plugin-wsl.md)
 - [Android](microsoft-defender-endpoint-android.md)
 - [iOS](microsoft-defender-endpoint-ios.md)
diff --git a/defender-endpoint/onboard-client.md b/defender-endpoint/onboard-client.md
new file mode 100644
index 0000000000..ddb10b478e
--- /dev/null
+++ b/defender-endpoint/onboard-client.md
@@ -0,0 +1,41 @@
+---
+title: Onboard client devices (Windows or Mac) to Microsoft Defender for Endpoint
+description: Find out how to onboard client devices, such as Windows and Mac PCs to Defender for Endpoint.
+ms.service: defender-endpoint
+ms.author: deniseb
+author: denisebmsft
+ms.localizationpriority: medium
+manager: deniseb
+ms.reviewer: pahuijbr
+audience: ITPro
+ms.collection:
+- m365-security
+- tier2
+ms.topic: conceptual
+ms.subservice: onboard
+search.appverid: met150
+ms.date: 12/12/2024
+---
+
+# Onboard Windows and Mac client devices to Microsoft Defender for Endpoint
+
+[!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
+
+**Applies to:**
+
+- [Microsoft Defender for Endpoint Plan 1](microsoft-defender-endpoint.md)
+- [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md)
+- [Microsoft Defender XDR](/defender-xdr)
+
+You can choose from several options to onboard client devices running Windows or Mac. Make sure to review the [Minimum requirements for Microsoft Defender for Endpoint](minimum-requirements.md), and then select a deployment method in the following table:
+
+|Operating system | Deployment method |
+|---|---|
+| Windows 11<br/>Windows 10 <br/>Windows 365| [Local script (up to 10 devices)](configure-endpoints-script.md) <br/>[Microsoft Intune / Mobile Device Management](configure-endpoints-mdm.md) <br/> [Microsoft Configuration Manager](configure-endpoints-sccm.md)<br/>[Group Policy](configure-endpoints-gp.md)<br/> [VDI scripts](configure-endpoints-vdi.md)|
+| Windows 8.1 Enterprise or Pro<br/>Windows 7 SP1 Enterprise or Pro| [Microsoft Monitoring Agent](update-agent-mma-windows.md) |
+|Mac<br/>(see [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md))|[Local script](mac-install-manually.md) (also referred to as manual deployment) <br/> [Microsoft Intune](mac-install-with-intune.md) <br/> [JAMF Pro](mac-install-with-jamf.md) <br/> [Mobile Device Management](mac-install-with-other-mdm.md)|
+
+## See also
+
+- [Microsoft Defender for Endpoint - Mobile Threat Defense](mtd.md) (for iOS and Android devices)
+- [Onboard servers to Microsoft Defender for Endpoint](onboard-server.md)
diff --git a/defender-endpoint/onboard-server.md b/defender-endpoint/onboard-server.md
new file mode 100644
index 0000000000..7c08663d28
--- /dev/null
+++ b/defender-endpoint/onboard-server.md
@@ -0,0 +1,47 @@
+---
+title: Onboard Windows or Linux server devices to Microsoft Defender for Endpoint
+description: Learn how to onboard servers running Windows Server or Linux Server to Microsoft Defender for Endpoint.
+ms.service: defender-endpoint
+ms.author: deniseb
+author: denisebmsft
+ms.localizationpriority: medium
+manager: deniseb
+ms.reviewer: pahuijbr
+audience: ITPro
+ms.collection:
+- m365-security
+- tier2
+ms.topic: conceptual
+ms.subservice: onboard
+search.appverid: met150
+ms.date: 12/13/2024
+---
+
+# Onboard servers to Microsoft Defender for Endpoint
+
+[!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
+
+**Applies to:**
+
+- Microsoft Defender for Endpoint Server
+- [Microsoft Defender for Servers](/azure/defender-for-cloud/integration-defender-for-endpoint)
+
+You can choose from several options to onboard a server to Microsoft Defender for Endpoint. Make sure to review the [Minimum requirements for Microsoft Defender for Endpoint](minimum-requirements.md). 
+
+To onboard servers to Defender for Endpoint, [server licenses](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#microsoft-defender-for-endpoint) are required. You can choose from these options:
+
+- Microsoft Defender for Servers Plan 1 or Plan 2 (as part of the [Defender for Cloud](/azure/defender-for-cloud/defender-for-cloud-introduction)) offering; or
+- Microsoft Defender for Endpoint Server
+
+The following table lists deployment methods for onboarding servers:
+
+|Operating system|Deployment method|
+|---|---|
+| Windows Server 2022 <br/>Windows Server 2019<br/>Windows Server, version 1803 | [Local script](configure-endpoints-script.md) (uses an onboarding package)<br/>[Defender for Cloud](/azure/defender-for-cloud/plan-defender-for-servers), which [integrates with Defender for Endpoint](azure-server-integration.md)<br/> [Microsoft Configuration Manager](/mem/configmgr/protect/deploy-use/defender-advanced-threat-protection) <br/> [Group Policy](configure-endpoints-gp.md) <br/>[VDI scripts](configure-endpoints-vdi.md) |
+| Windows Server 2016 <br/>Windows Server 2012 R2 | [Modern unified solution in Defender for Endpoint](/defender-endpoint/configure-server-endpoints#windows-server-2016-and-windows-server-2012-r2) |
+|Linux Server <br/>(see [System requirements](microsoft-defender-endpoint-linux.md#system-requirements)) |[Local script](linux-install-manually.md) (manual deployment) <br/> [Puppet](linux-install-with-puppet.md) <br/> [Ansible](linux-install-with-ansible.md) <br/> [Chef](linux-deploy-defender-for-endpoint-with-chef.md)<br/> [Saltstack](linux-install-with-saltack.md)<br/>[Defender for Endpoint on Linux for ARM64-based devices (preview)](mde-linux-arm.md)<br/>[Deployment guidance for Defender for Endpoint on Linux for SAP](mde-linux-deployment-on-sap.md) <br/>[Advanced deployment guidance for Microsoft Defender for Endpoint on Linux](comprehensive-guidance-on-linux-deployment.md)|
+
+## See also
+
+- [Microsoft Defender for Endpoint - Mobile Threat Defense](mtd.md) (for iOS and Android devices)
+- [Onboard Windows and Mac client devices to Microsoft Defender for Endpoint](onboard-client.md)
\ No newline at end of file
diff --git a/defender-endpoint/onboard-windows-server.md b/defender-endpoint/onboard-windows-server.md
index 13dc471064..ff766e4402 100644
--- a/defender-endpoint/onboard-windows-server.md
+++ b/defender-endpoint/onboard-windows-server.md
@@ -20,18 +20,10 @@ ms.date: 05/19/2022
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
-**Applies to:**
-
-- Windows Server 2008 R2
-- Windows Server 2012 R2
-- Windows Server 2016
-- Windows Server Semi-Annual Enterprise Channel
-- Windows Server 2019 and later
-- Windows Server 2019 core edition
-- Windows Server 2022
-- [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)
-- [Microsoft Defender for Endpoint Plan 1](microsoft-defender-endpoint.md)
-- [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md)
+**Applies to**:
+
+- Microsoft Defender for Endpoint Server
+- [Microsoft Defender for Servers](/azure/defender-for-cloud/integration-defender-for-endpoint)
 
 > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https:%2F%2Faka.ms%2FMDEp2OpenTrial)