Updates per TR

chrisda · chrisda · commit 69702cdd625d · 2025-01-13T14:50:58.000-08:00
diff --git a/docset/winserver2022-ps/defender/Add-MpPreference.md b/docset/winserver2022-ps/defender/Add-MpPreference.md
@@ -11,7 +11,9 @@ title: Add-MpPreference
 # Add-MpPreference
 
 ## SYNOPSIS
-Modifies settings for Windows Defender.
+
+Adds values to multi-valued properties (for example, exclusions and protected folders) in Windows
+Defender.
 
 > [!NOTE]
 > You need to run this cmdlet in an elevated PowerShell window (a PowerShell window you opened by
@@ -146,9 +148,13 @@ To add values without affecting existing values, use the following syntax:
 
 `Add-MpPreference -AttackSurfaceReductionRules_Ids Rule1,Rule2,...RuleN Rule1,Rule2,...RuleN -AttackSurfaceReductionRules_Actions Action1,Action2,...ActionN`
 
-To remove values without affecting other existing values, use the **Remove-MPPreference** cmdlet:
+For each ID value, there's a corresponding Action value. The order determines which action goes with
+what ID. The first action goes with the first ID, the second action goes with the second ID,
+and so on.
+
+To remove values without affecting other existing values, use the **Remove-MpPreference** cmdlet:
 
-`Remove-MPPreference -AttackSurfaceReductionRules_Ids Rule1,Rule2,...RuleN -AttackSurfaceReductionRules_Actions Action1,Action2,...ActionN`
+`Remove-MpPreference -AttackSurfaceReductionRules_Ids Rule1,Rule2,...RuleN -AttackSurfaceReductionRules_Actions Action1,Action2,...ActionN`
 
 To replace all existing values with the values you specify, use the **Set-MpPreference** cmdlet:
 
@@ -190,9 +196,13 @@ To add values without affecting existing values, use the following syntax:
 
 `Add-MpPreference -AttackSurfaceReductionRules_Ids Rule1,Rule2,...RuleN Rule1,Rule2,...RuleN -AttackSurfaceReductionRules_Actions Action1,Action2,...ActionN`
 
-To remove values without affecting other existing values, use the **Remove-MPPreference** cmdlet:
+For each ID value, there's a corresponding Action value. The order determines which action goes with
+what ID. The first action goes with the first ID, the second action goes with the second ID,
+and so on.
 
-`Remove-MPPreference -AttackSurfaceReductionRules_Ids Rule1,Rule2,...RuleN -AttackSurfaceReductionRules_Actions Action1,Action2,...ActionN`
+To remove values without affecting other existing values, use the **Remove-MpPreference** cmdlet:
+
+`Remove-MpPreference -AttackSurfaceReductionRules_Ids Rule1,Rule2,...RuleN -AttackSurfaceReductionRules_Actions Action1,Action2,...ActionN`
 
 To replace all existing values with the values you specify, use the **Set-MpPreference** cmdlet:
 
@@ -243,7 +253,7 @@ variables (for example, `%appdata%...`) for path names.
 To add values without affecting other existing values, use the following syntax:
 `"PathAndFileName1","PathAndFileName2",..."PathAndFileNameN"`
 
-To remove values without affecting existing values, use the **Remove-MPPreference** cmdlet:
+To remove values without affecting existing values, use the **Remove-MpPreference** cmdlet:
 
 `Remove-MpPreference -ControlledFolderAccessAllowedApplications "PathAndFileName1","PathAndFileName2",..."PathAndFileNameN"`
 
@@ -281,7 +291,7 @@ To remove values without affecting other existing values, use the **Remove-MpPre
 
 `Remove-MpPreference -ControlledFolderAccessAllowedApplications "Path1","Path2",..."PathN"`
 
-To replace all existing values with the values you specify, use the **Set-MPPreference** cmdlet:
+To replace all existing values with the values you specify, use the **Set-MpPreference** cmdlet:
 
 `Set-MpPreference -ControlledFolderAccessAllowedApplications"Path1","Path2"..."PathN"`.
 
@@ -311,7 +321,7 @@ exclusions from scheduled, custom, and real-time scanning.
 To add values without affecting other existing values, use the following syntax:
 `"Extension1","Extension2"..."ExtensionN"`
 
-To remove values without affecting existing values, use the **Remove-MPPreference** cmdlet:
+To remove values without affecting existing values, use the **Remove-MpPreference** cmdlet:
 
 `Remove-MpPreference -ExclusionExtension "Extension1","Extension2"..."ExtensionN"`
 
@@ -339,7 +349,7 @@ real-time scanning.
 To add values without affecting other existing values, use the following syntax:
 `"IPAddress1","IPAddress2",..."IPAddressN"`
 
-To remove values without affecting existing values, use the **Remove-MPPreference** cmdlet:
+To remove values without affecting existing values, use the **Remove-MpPreference** cmdlet:
 
 `Remove-MpPreference -ExclusionIpAddress "IPAddress1","IPAddress",..."IPAddressN"`
 
@@ -367,7 +377,7 @@ scheduled and real-time scanning.
 To add values without affecting other existing values, use the following syntax:
 `"Value1","Value2",..."ValueN"`
 
-To remove values without affecting existing values, use the **Remove-MPPreference** cmdlet:
+To remove values without affecting existing values, use the **Remove-MpPreference** cmdlet:
 
 `Remove-MpPreference -ExclusionPath "Value1","Value2",..."ValuehN"`
 
@@ -395,7 +405,7 @@ and real-time scanning.
 To add values without affecting other existing values, use the following syntax:
 `"Path1","Path2",..."PathN"`
 
-To remove values without affecting existing values, use the **Remove-MPPreference** cmdlet:
+To remove values without affecting existing values, use the **Remove-MpPreference** cmdlet:
 
 `Remove-MpPreference -ExclusionProcess "Path1","Path2",..."PathhN"`
 
@@ -464,7 +474,11 @@ To add values without affecting other existing values, use the following syntax:
 
 `Add-MpPreference -ThreatIDDefaultAction_Ids ThreatID1,ThreatID2,...ThreatIDN -ThreatIDDefaultAction_Actions Action1,Action2,...ActionN`
 
-To remove values without affecting existing values, use the **Remove-MPPreference** cmdlet:
+For each ID value, there's a corresponding Action value. The order determines which action goes with
+what ID. The first action goes with the first ID, the second action goes with the second ID,
+and so on.
+
+To remove values without affecting existing values, use the **Remove-MpPreference** cmdlet:
 
 `Remove-MpPreference -ThreatIDDefaultAction_Ids ThreatID1,ThreatID2,...ThreatIDN -ThreatIDDefaultAction_Actions Action1,Action2,...ActionN`
 
@@ -519,6 +533,10 @@ To add values without affecting other existing values, use the following syntax:
 
 `Add-MpPreference -ThreatIDDefaultAction_Ids ThreatID1,ThreatID2,...ThreatIDN -ThreatIDDefaultAction_Actions Action1,Action2,...ActionN`
 
+For each ID value, there's a corresponding action value. The order determines which action goes with
+what ID. The first action goes with the first ID, the second action goes with the second ID,
+and so on.
+
 To remove values without affecting existing values, use the **Remove-MpPreference** cmdlet:
 
 `Remove-MpPreference -ThreatIDDefaultAction_Ids ThreatID1,ThreatID2,...ThreatIDN -ThreatIDDefaultAction_Actions Action1,Action2,...ActionN`
diff --git a/docset/winserver2022-ps/defender/Get-MpPreference.md b/docset/winserver2022-ps/defender/Get-MpPreference.md
@@ -11,7 +11,8 @@ title: Get-MpPreference
 # Get-MpPreference
 
 ## SYNOPSIS
-Gets preferences for the Windows Defender scans and updates.
+
+Returns settings and configuration for Windows Defender.
 
 ## SYNTAX
 
@@ -25,23 +26,27 @@ Get-MpPreference
 
 ## DESCRIPTION
 
-The `Get-MpPreference` cmdlet gets preferences for the Windows Defender scans and updates. For more
-information about the preferences that this cmdlet retrieves, see
+The `Get-MpPreference` cmdlet returns settings for Windows Defender. For more
+information about the settings that this cmdlet retrieves, see
 [Windows Defender Preferences Class](/previous-versions/windows/desktop/legacy/dn455323(v=vs.85)).
 
 ## EXAMPLES
 
-### Example 1: View the scheduled scan day
+### Example 1: View all settings
 
 ```powershell
-PS C:\> $Preferences = Get-MpPreference
-PS C:\> $Preferences.ScanScheduleDay
+Get-MpPreference
 ```
 
-The first command gets the preferences, and then stores them in the **$Preferences** variable.
+This example returns all settings for Windows Defender.
+
+### Example 2: View the scheduled scan day
+
+```powershell
+Get-MpPreference | Format-List ScanScheduleDay
+```
 
-The second command uses standard dot syntax to display the **ScanScheduleDay** property of the
-object stored in the **$Preferences** variable.
+This example returns the current value of the **ScanScheduleDay** setting.
 
 ## PARAMETERS
 
@@ -92,7 +97,7 @@ Accept wildcard characters: False
 ### -ThrottleLimit
 
 Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If
-this parameter is omitted or a value of `0` is entered, then Windows PowerShell® calculates an
+this parameter is omitted or a value of `0` is entered, then Windows PowerShell calculates an
 optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the
 computer. The throttle limit applies only to the current cmdlet, not to the session or to the
 computer.
diff --git a/docset/winserver2022-ps/defender/Remove-MpPreference.md b/docset/winserver2022-ps/defender/Remove-MpPreference.md
@@ -11,7 +11,9 @@ title: Remove-MpPreference
 # Remove-MpPreference
 
 ## SYNOPSIS
-Removes exclusions or default actions.
+
+Removes values from multi-valued properties (for example, exclusions and protected folders) and
+returns settings in Windows Defender to their default values.
 
 > [!NOTE]
 > You need to run this cmdlet in an elevated PowerShell window (a PowerShell window you opened by
@@ -137,8 +139,8 @@ Remove-MpPreference
 
 ## DESCRIPTION
 
-The **Remove-MpPreference** cmdlet removes exclusions for file name extensions, paths, and processes
-, or default actions for high, moderate, and low threats.
+The **Remove-MpPreference** cmdlet removes values from multi-valued properties (for example,
+exclusions and protected folders) and returns settings in Windows Defender to their default values.
 
 ## EXAMPLES
 
@@ -287,7 +289,7 @@ Reduction (ASR) rules. Enter a folder path or a fully qualified resource name. F
 To remove values without affecting other existing values, use the following syntax:
 `"Value1","Value2",..."ValueN"`
 
-To add values without affecting existing values, use the **Add-MPPreference** cmdlet:
+To add values without affecting existing values, use the **Add-MpPreference** cmdlet:
 
 `Add-MpPreference -AttackSurfaceReductionOnlyExclusions "Value1","Value2",..."ValueN"`
 
@@ -333,7 +335,11 @@ To remove values without affecting other existing values, use the following synt
 
 `Remove-MpPreference -AttackSurfaceReductionRules_IdsRule1,Rule2,...RuleN -AttackSurfaceReductionRules_Actions Action1,Action2,...ActionN`
 
-To add values without affecting existing values, use the **Add-MPPreference** cmdlet:
+For each ID value, there's a corresponding action value. The order determines which action goes with
+what ID. The first action goes with the first ID, the second action goes with the second ID,
+and so on.
+
+To add values without affecting existing values, use the **Add-MpPreference** cmdlet:
 
 `Add-MpPreference -AttackSurfaceReductionRules_Ids Rule1,Rule2,...RuleN -AttackSurfaceReductionRules_Actions Action1,Action2,...ActionN`
 
@@ -379,7 +385,11 @@ To remove values without affecting other existing values, use the following synt
 
 `Remove-MpPreference -AttackSurfaceReductionRules_IdsRule1,Rule2,...RuleN -AttackSurfaceReductionRules_Actions Action1,Action2,...ActionN`
 
-To add values without affecting existing values, use the **Add-MPPreference** cmdlet:
+For each ID value, there's a corresponding action value. The order determines which action goes with
+what ID. The first action goes with the first ID, the second action goes with the second ID,
+and so on.
+
+To add values without affecting existing values, use the **Add-MpPreference** cmdlet:
 
 `Add-MpPreference -AttackSurfaceReductionRules_Ids Rule1,Rule2,...RuleN -AttackSurfaceReductionRules_Actions Action1,Action2,...ActionN`
 
@@ -496,7 +506,7 @@ variables (for example, `%appdata%...`) for path names.
 To remove values without affecting other existing values, use the following syntax:
 `"PathAndFileName1","PathAndFileName2",..."PathAndFileNameN"`
 
-To add values without affecting existing values, use the **Add-MPPreference** cmdlet:
+To add values without affecting existing values, use the **Add-MpPreference** cmdlet:
 
 `Add-MpPreference -ControlledFolderAccessAllowedApplications "PathAndFileName1","PathAndFileName2",..."PathAndFileNameN"`
 
@@ -530,11 +540,11 @@ for path names.
 To remove values without affecting other existing values, use the following syntax:
 `"Path1","Path2",..."PathN"`
 
-To add values without affecting existing values, use the **Add-MPPreference** cmdlet:
+To add values without affecting existing values, use the **Add-MpPreference** cmdlet:
 
 `Add-MpPreference -ControlledFolderAccessAllowedApplications "Path1","Path2",..."PathN"`
 
-To replace all existing values with the values you specify, use the **Set-MPPreference** cmdlet:
+To replace all existing values with the values you specify, use the **Set-MpPreference** cmdlet:
 
 `Set-MpPreference -ControlledFolderAccessAllowedApplications"Path1","Path2"..."PathN"`.
 
@@ -588,6 +598,9 @@ malicious and unwanted software. You don't need to specify a value with this swi
 **Tip**: This switch works only if the current value of the DisableArchiveScanning
 property is True (disabled). If the value is already False (enabled), this switch does nothing.
 
+The value True for the DisableArchiveScanning property is available only if Tamper Protection is
+disabled. For more information, see [How do I configure or manage Tamper Protection?](https://learn.microsoft.com/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection#how-do-i-configure-or-manage-tamper-protection).
+
 ```yaml
 Type: SwitchParameter
 Parameter Sets: (All)
@@ -628,6 +641,9 @@ specify a value with this switch.
 **Tip**: This switch works only if the current value of the DisableBehaviorMonitoring
 property is True (disabled). If the value is already False (enabled), this switch does nothing.
 
+The value True for the DisableBehaviorMonitoring property is available only if Tamper Protection is
+disabled. For more information, see [How do I configure or manage Tamper Protection?](https://learn.microsoft.com/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection#how-do-i-configure-or-manage-tamper-protection).
+
 ```yaml
 Type: SwitchParameter
 Parameter Sets: (All)
@@ -960,12 +976,15 @@ Accept wildcard characters: False
 
 ### -DisableIOAVProtection
 
-Specifies whether to enable the scanning of all downloaded files and attachments. You don't need to
+Specifies whether to enable the automatic scanning of all downloaded files and attachments. You don't need to
 specify a value with this switch.
 
 **Tip**: This switch works only if the current value of the DisableIOAVProtection
 property is True (disabled). If the value is already False (enabled), this switch does nothing.
 
+The value True for the DisableIOAVProtection property is available only if Tamper Protection is
+disabled. For more information, see [How do I configure or manage Tamper Protection?](https://learn.microsoft.com/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection#how-do-i-configure-or-manage-tamper-protection).
+
 ```yaml
 Type: SwitchParameter
 Parameter Sets: (All)
@@ -1048,6 +1067,9 @@ property is True (disabled). If the value is already False (enabled), this switc
 
 The default and recommended value for this setting is enabled (False).
 
+The value True for the DisableRealtimeMonitoring property is available only if Tamper Protection is
+disabled. For more information, see [How do I configure or manage Tamper Protection?](https://learn.microsoft.com/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection#how-do-i-configure-or-manage-tamper-protection).
+
 ```yaml
 Type: SwitchParameter
 Parameter Sets: (All)
@@ -1149,6 +1171,9 @@ a value with this switch.
 **Tip**: This switch works only if the current value of the DisableScriptScanning
 property is True (disabled). If the value is already False (enabled), this switch does nothing.
 
+The value True for the DisableScriptScanning property is available only if Tamper Protection is
+disabled. For more information, see [How do I configure or manage Tamper Protection?](https://learn.microsoft.com/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection#how-do-i-configure-or-manage-tamper-protection).
+
 ```yaml
 Type: SwitchParameter
 Parameter Sets: (All)
@@ -1470,7 +1495,7 @@ exclusions from scheduled, custom, and real-time scanning.
 To remove values without affecting other existing values, use the following syntax:
 `"Extension1","Extension2"..."ExtensionN"`
 
-To add values without affecting existing values, use the **Add-MPPreference** cmdlet:
+To add values without affecting existing values, use the **Add-MpPreference** cmdlet:
 
 `Add-MpPreference -ExclusionExtension "Extension1","Extension2"..."ExtensionN"`
 
@@ -1497,7 +1522,7 @@ real-time scanning.
 To remove values without affecting other existing values, use the following syntax:
 `"IPAddress1","IPAddress2",..."IPAddressN"`
 
-To add values without affecting existing values, use the **Add-MPPreference** cmdlet:
+To add values without affecting existing values, use the **Add-MpPreference** cmdlet:
 
 `Add-MpPreference -ExclusionIpAddress "IPAddress1","IPAddress",..."IPAddressN"`
 
@@ -1525,7 +1550,7 @@ scheduled and real-time scanning.
 To remove values without affecting other existing values, use the following syntax:
 `"Value1","Value2",..."ValueN"`
 
-To add values without affecting existing values, use the **Add-MPPreference** cmdlet:
+To add values without affecting existing values, use the **Add-MpPreference** cmdlet:
 
 `Add-MpPreference -ExclusionPath "Value1","Value2",..."ValuehN"`
 
@@ -1553,7 +1578,7 @@ and real-time scanning.
 To remove values without affecting other existing values, use the following syntax:
 `"Path1","Path2",..."PathN"`
 
-To add values without affecting existing values, use the **Add-MPPreference** cmdlet:
+To add values without affecting existing values, use the **Add-MpPreference** cmdlet:
 
 `Add-MpPreference -ExclusionProcess "Path1","Path2",..."PathhN"`
 
@@ -2640,7 +2665,11 @@ To remove values without affecting other existing values, use the following synt
 
 `Remove-MpPreference -ThreatIDDefaultAction_Ids ThreatID1,ThreatID2,...ThreatIDN -ThreatIDDefaultAction_Actions Action1,Action2,...ActionN`
 
-To add values without affecting existing values, use the **Add-MPPreference** cmdlet:
+For each ID value, there's a corresponding action value. The order determines which action goes with
+what ID. The first action goes with the first ID, the second action goes with the second ID,
+and so on.
+
+To add values without affecting existing values, use the **Add-MpPreference** cmdlet:
 
 `Add-MpPreference -ThreatIDDefaultAction_Ids ThreatID1,ThreatID2,...ThreatIDN -ThreatIDDefaultAction_Actions Action1,Action2,...ActionN`
 
@@ -2694,6 +2723,10 @@ To remove values without affecting other existing values, use the following synt
 
 `Remove-MpPreference -ThreatIDDefaultAction_Ids ThreatID1,ThreatID2,...ThreatIDN -ThreatIDDefaultAction_Actions Action1,Action2,...ActionN`
 
+For each ID value, there's a corresponding action value. The order determines which action goes with
+what ID. The first action goes with the first ID, the second action goes with the second ID,
+and so on.
+
 To add values without affecting existing values, use the **Add-MpPreference** cmdlet:
 
 `Add-MpPreference -ThreatIDDefaultAction_Ids ThreatID1,ThreatID2,...ThreatIDN -ThreatIDDefaultAction_Actions Action1,Action2,...ActionN`
diff --git a/docset/winserver2022-ps/defender/Set-MpPreference.md b/docset/winserver2022-ps/defender/Set-MpPreference.md
