MicrosoftDocs
diff --git a/‎.acrolinx-config.edn‎
Lines changed: 1 addition & 1 deletion b/‎.acrolinx-config.edn‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎defender-business/TOC.yml‎
Lines changed: 1 addition & 1 deletion b/‎defender-business/TOC.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎defender-business/get-defender-business.md‎
Lines changed: 22 additions & 18 deletions b/‎defender-business/get-defender-business.md‎
Lines changed: 22 additions & 18 deletions
diff --git a/‎defender-endpoint/TOC.yml‎
Lines changed: 6 additions & 1 deletion b/‎defender-endpoint/TOC.yml‎
Lines changed: 6 additions & 1 deletion
diff --git a/‎defender-endpoint/api/api-power-bi.md‎
Lines changed: 29 additions & 19 deletions b/‎defender-endpoint/api/api-power-bi.md‎
Lines changed: 29 additions & 19 deletions
diff --git a/‎defender-endpoint/configure-server-endpoints.md‎
Lines changed: 1 addition & 1 deletion b/‎defender-endpoint/configure-server-endpoints.md‎
Lines changed: 1 addition & 1 deletion
@@ -1,6 +1,6 @@
 {:changed-files-limit 30
  :allowed-branchname-matches ["main" "release-.*"]
- :allowed-filename-matches ["defender-xdr/" "exposure-management/"] ;; Can be overridden in repo-specific edn file. This is an allow list that identifies which folders contain the files Acrolinx will check. Separate multiple folders as follows ["folder/" "folder2"]
+ :allowed-filename-matches ["defender-xdr/" "exposure-management/" "defender/" "defender-business/" "defender-vulnerability-management/" "defender-office-365/"] ;; Can be overridden in repo-specific edn file. This is an allow list that identifies which folders contain the files Acrolinx will check. Separate multiple folders as follows ["folder/" "folder2"]
 
 :use-gh-statuses true
 
 
@@ -102,7 +102,7 @@
     - name: Troubleshooting
       href: mdb-troubleshooting.yml
     - name: API reference information
-      href: /defender-endpoint/api/exposed-apis-create-app-partners.md?bc=%2Fmicrosoft-365%2Fsecurity%2Fdefender-business%2Fbreadcrumb%2Ftoc.json&toc=%2Fmicrosoft-365%2Fsecurity%2Fdefender-business%2Ftoc.json
+      href: /defender-endpoint/api/exposed-apis-create-app-partners?bc=%2Fmicrosoft-365%2Fsecurity%2Fdefender-business%2Fbreadcrumb%2Ftoc.json&toc=%2Fmicrosoft-365%2Fsecurity%2Fdefender-business%2Ftoc.json
     - name: Microsoft 365 Business Premium
       href: /microsoft-365/business-premium/
     - name: Microsoft 365 Lighthouse
 
@@ -4,15 +4,18 @@ description: Find out how to get Microsoft Defender for Business, endpoint prote
 search.appverid: MET150
 author: siosulli
 ms.author: siosulli
-manager: deniseb 
+manager: deniseb
+
 audience: Admin
 ms.topic: overview
 ms.service: defender-business
 ms.localizationpriority: medium
 ms.date: 09/07/2023
 ms.reviewer: efratka
-f1.keywords: NOCSH 
-ms.collection: 
+f1.keywords: NOCSH
+
+ms.collection:
+
 - SMB
 - m365-security
 - tier1
@@ -52,7 +55,7 @@ Defender for Business provides advanced security protection for your company's d
 
    If you're starting a trial, look for your acceptance email, which contains your promo code and a link to sign in. And be sure to see the [Trial user guide for Defender for Business](trial-playbook-defender-business.md).
 
-2. Go to the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), and either sign in using your existing work or school account, or follow the prompts to create a new account. 
+2. Go to the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), and either sign in using your existing work or school account, or follow the prompts to create a new account.
 
 3. In the [Microsoft Defender portal](https://security.microsoft.com), in the navigation bar, go to **Assets** > **Devices**. This action initiates the provisioning of Defender for Business for your tenant. You know this process has started when you see a message like what's displayed in the following screenshot:
 
@@ -73,7 +76,7 @@ Microsoft 365 Business Premium includes Defender for Business, Microsoft Defende
 
 3. After you've signed up for Microsoft 365 Business Premium, you'll receive an email with a link to sign in and get started. Proceed to [Set up Microsoft 365 Business Premium](/Microsoft-365/business-premium/m365-business-premium-setup).
 
-4. Go to the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), where you view and manage security settings and devices for your organization. In the navigation bar, go to **Assets** > **Devices**. This action initiates the provisioning of Defender for Business for your tenant. 
+4. Go to the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), where you view and manage security settings and devices for your organization. In the navigation bar, go to **Assets** > **Devices**. This action initiates the provisioning of Defender for Business for your tenant.
 
 5. Follow the guidance in [Boost your security protection](/Microsoft-365/business-premium/m365bp-security-overview) to set up your security capabilities.
 
@@ -84,13 +87,14 @@ Microsoft 365 Business Premium includes Defender for Business, Microsoft Defende
 
 Microsoft has a list of solution providers who are authorized to sell offerings, including Microsoft 365 Business Premium and Microsoft Defender for Business. If you'd prefer to work with a Microsoft partner, you can follow these steps to find a solution provider in your area:
 
-1. Go to the [Browse Partners](https:/appsource.microsoft.com/marketplace/partner-dir).
+1. Go to the [Browse Partners](https://appsource.microsoft.com/marketplace/partner-dir).
 
 2. In the **Filters** pane, specify search criteria, such as:
 
    - Your location
    - Your organization's size
-   - **Focus areas**, such as **Security** and/or **Threat Protection** 
+   - **Focus areas**, such as **Security** and/or **Threat Protection**
+
    - **Services**, such as **Licensing** or **Managed Services (MSP)**
 
    As soon as you select one or more criteria, the list of partners updates.
@@ -101,38 +105,38 @@ Microsoft has a list of solution providers who are authorized to sell offerings,
 
 ## How to get Microsoft Defender for Business servers
 
-Microsoft Defender for Business servers is an add-on to Defender for Business that enables you to secure your server operating systems with the same protection that you get for client devices in Defender for Business. 
+Microsoft Defender for Business servers is an add-on to Defender for Business that enables you to secure your server operating systems with the same protection that you get for client devices in Defender for Business.
 
 1. Go to the Microsoft 365 admin center ([https://admin.microsoft.com/](https://admin.microsoft.com/)), and sign in.
 
 2. In the navigation pane, choose **Billing** > **Purchase services**.
 
 3. In the list of results, select the **Details** box for **Microsoft Defender for Business servers**.
 
-4. Review the information, and complete the purchase process. You need one Microsoft Defender for Business servers license for each instance of Windows Server or Linux, and you don't assign that license to users or devices. 
+4. Review the information, and complete the purchase process. You need one Microsoft Defender for Business servers license for each instance of Windows Server or Linux, and you don't assign that license to users or devices.
 
 > [!IMPORTANT]
-> - In order to add on Microsoft Defender for Business servers, you'll need at least one paid license for [Defender for Business](mdb-overview.md) (standalone) or [Microsoft 365 Business Premium](/Microsoft-365/business-premium/m365bp-overview). 
+>
+> - In order to add on Microsoft Defender for Business servers, you'll need at least one paid license for [Defender for Business](mdb-overview.md) (standalone) or [Microsoft 365 Business Premium](/Microsoft-365/business-premium/m365bp-overview).
+>
 > - There's a limit of 60 Microsoft Defender for Business servers licenses per subscription to Microsoft 365 Business Premium or Defender for Business.
 > - If preferred, you could use [Microsoft Defender for Servers Plan 1 or Plan 2](/azure/defender-for-cloud/plan-defender-for-servers) instead to onboard your servers. To learn more, see [What happens if I have a mix of Microsoft endpoint security subscriptions](mdb-faq.yml#what-happens-if-i-have-a-mix-of-microsoft-endpoint-security-subscriptions)?
-   
 
 ## Portals you use for setup and management
 
-When you use Defender for Business, you work with two main portals: 
+When you use Defender for Business, you work with two main portals:
 
 - The Microsoft 365 admin center ([https://admin.microsoft.com](https://admin.microsoft.com))
 - The Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com))
 
 If your subscription also includes Microsoft Intune, you use the Intune admin center ([https://intune.microsoft.com](https://intune.microsoft.com)) as well. The following table summarizes these portals and how you use them.
 
-|Portal  |Description  |
-|---------|---------|
-| The Microsoft 365 admin center ([https://admin.microsoft.com/](https://admin.microsoft.com/))      | Use the Microsoft 365 admin center to activate your trial and sign in for the first time. You can also use the Microsoft 365 admin center to: <br/>- Add or remove users.<br/>- Assign user licenses.<br/>- View your products and services.<br/>- Complete setup tasks for your Microsoft 365 subscription.<br/><br/>To learn more, see [Overview of the Microsoft 365 admin center](/Microsoft-365/admin/admin-overview/admin-center-overview).      |
-| The Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com))     | Use the Microsoft Defender portal to set up and configure Defender for Business, and to monitor your devices and threat detections. You use the Microsoft Defender portal to: <br/>- View your devices and device protection policies.<br/>- View detected threats and take action.<br/>- View security recommendations and manage your security settings.<br/><br/>To learn more, see [Get started using the Microsoft Defender portal](mdb-get-started.md).        |
-| The Intune admin center ([https://intune.microsoft.com/](https://intune.microsoft.com/)) | Use the Intune admin center to set up multifactor authentication (MFA), onboard iOS and Android devices, and configure certain capabilities, such as [attack surface reduction rules](mdb-asr.md).<br/><br/>To learn more about Intune, see [Microsoft Intune is an MDM and MAM provider for your devices](/mem/intune/fundamentals/what-is-intune). |
+|Portal|Description|
+|---|---|
+|The Microsoft 365 admin center ([https://admin.microsoft.com/](https://admin.microsoft.com/))|Use the Microsoft 365 admin center to activate your trial and sign in for the first time. You can also use the Microsoft 365 admin center to: <br/>- Add or remove users.<br/>- Assign user licenses.<br/>- View your products and services.<br/>- Complete setup tasks for your Microsoft 365 subscription.<br/><br/>To learn more, see [Overview of the Microsoft 365 admin center](/Microsoft-365/admin/admin-overview/admin-center-overview).|
+|The Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com))|Use the Microsoft Defender portal to set up and configure Defender for Business, and to monitor your devices and threat detections. You use the Microsoft Defender portal to: <br/>- View your devices and device protection policies.<br/>- View detected threats and take action.<br/>- View security recommendations and manage your security settings.<br/><br/>To learn more, see [Get started using the Microsoft Defender portal](mdb-get-started.md).|
+|The Intune admin center ([https://intune.microsoft.com/](https://intune.microsoft.com/))|Use the Intune admin center to set up multifactor authentication (MFA), onboard iOS and Android devices, and configure certain capabilities, such as [attack surface reduction rules](mdb-asr.md).<br/><br/>To learn more about Intune, see [Microsoft Intune is an MDM and MAM provider for your devices](/mem/intune/fundamentals/what-is-intune).|
 
 ## Next step
 
 - Proceed to [Step 2: Add users and assign licenses in Microsoft Defender for Business](mdb-add-users.md).
-
 
@@ -694,6 +694,11 @@
         items:
         - name: Use Microsoft Intune to manage Microsoft Defender Antivirus
           href: use-intune-config-manager-microsoft-defender-antivirus.md
+        - name: Use Microsoft Defender for Endpoint Security Settings Management to manage
+            Microsoft Defender Antivirus
+          href: mde-security-settings-management.md
+          displayName: Use Microsoft Defender for Endpoint Security Settings Management to
+            manage Microsoft Defender Antivirus MDE Attach MDE Attach v2
         - name: Use Group Policy settings to manage Microsoft Defender Antivirus
           href: use-group-policy-microsoft-defender-antivirus.md
         - name: Use PowerShell cmdlets to manage Microsoft Defender Antivirus
@@ -970,7 +975,7 @@
         - name: How Microsoft identifies malware and PUA
           href: /defender/criteria
         - name: Submit files for analysis
-          href: /defender/submission-guide
+          href: /defender-xdr/submission-guide
         - name: Troubleshoot MSI portal errors caused by admin block
           href: /defender/portal-submission-troubleshooting
         - name: Microsoft virus initiative
 
@@ -1,6 +1,6 @@
 ---
 title: Microsoft Defender for Endpoint APIs connection to Power BI
-ms.reviewer:
+ms.reviewer: yongrhee
 description: Create a Power Business Intelligence (BI) report on top of Microsoft Defender for Endpoint APIs.
 ms.service: defender-endpoint
 ms.author: siosulli
@@ -16,14 +16,15 @@ ms.topic: conceptual
 ms.subservice: reference
 ms.custom: api
 search.appverid: met150
-ms.date: 12/18/2020
+ms.date: 04/24/2024
 ---
 
 # Create custom reports using Power BI
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../../includes/microsoft-defender.md)]
 
 **Applies to:**
+
 - ../microsoft-defender-endpoint.md
 - [Microsoft Defender XDR](/defender-xdr)
 
@@ -42,12 +43,14 @@ The first example demonstrates how to connect Power BI to Advanced Hunting API,
 1. Open Microsoft Power BI.
 
 2. Select **Get Data** \> **Blank Query**.
+
    :::image type="content" source="../media/power-bi-create-blank-query.png" alt-text="The Blank Query option under the Get Data menu item" lightbox="../media/power-bi-create-blank-query.png":::
 
 3. Select **Advanced Editor**.
+
    :::image type="content" source="../media/power-bi-open-advanced-editor.png" alt-text="The Advanced Editor menu item" lightbox="../media/power-bi-open-advanced-editor.png":::
 
-4. Copy the below and paste it in the editor:
+4. Copy the code snippet below and paste it in the editor:
 
    ```
        let
@@ -103,36 +106,43 @@ The first example demonstrates how to connect Power BI to Advanced Hunting API,
 
    :::image type="content" source="../media/power-bi-set-credentials-organizational-cont.png" alt-text="The sign-in confirmation message in the Organizational account menu item" lightbox="../media/power-bi-set-credentials-organizational-cont.png":::
 
-Now the results of your query appear as a table and you can start to build visualizations on top of it!
-
-You can duplicate this table, rename it, and edit the Advanced Hunting query inside to get any data you would like.
+Now the results of your query appear as a table and you can start to build visualizations on top of it! You can duplicate this table, rename it, and edit the Advanced Hunting query inside to get any data you would like.
 
 ## Connect Power BI to OData APIs
 
-The only difference from the previous example is the query inside the editor. Follow steps 1-3 above.
+The only difference from the previous example and this example is the query inside the editor. 
 
-At step 4, instead of the code in that example, copy the following code, and paste it in the editor to pull all **Machine Actions** from your organization:
+1. Open Microsoft Power BI.
 
-```
-    let
+2. Select **Get Data** \> **Blank Query**.
+
+   :::image type="content" source="../media/power-bi-create-blank-query.png" alt-text="The Blank Query option under the Get Data menu item" lightbox="../media/power-bi-create-blank-query.png":::
 
-        Query = "MachineActions",
+3. Select **Advanced Editor**.
 
-        Source = OData.Feed("https://api.securitycenter.microsoft.com/api/" & Query, null, [Implementation="2.0", MoreColumns=true])
-    in
-        Source
-```
+   :::image type="content" source="../media/power-bi-open-advanced-editor.png" alt-text="The Advanced Editor menu item" lightbox="../media/power-bi-open-advanced-editor.png":::
+
+4. Copy the following code, and paste it in the editor to pull all **Machine Actions** from your organization:
+
+   ```
+       let
+
+           Query = "MachineActions",
+
+           Source = OData.Feed("https://api.securitycenter.microsoft.com/api/" & Query, null, [Implementation="2.0", MoreColumns=true])
+       in
+           Source
+   ```
 
-You can do the same for **Alerts** and **Machines**.
-You also can use OData queries for queries filters. See [Using OData Queries](exposed-apis-odata-samples.md).
+   You can do the same for **Alerts** and **Machines**. You also can use OData queries for queries filters. See [Using OData Queries](exposed-apis-odata-samples.md).
 
 ## Power BI dashboard samples in GitHub
 
-For more information, see the [Power BI report templates](https://github.com/microsoft/MicrosoftDefenderATP-PowerBI).
+See the [Power BI report templates](https://github.com/microsoft/MicrosoftDefenderATP-PowerBI).
 
 ## Sample reports
 
-View the Microsoft Defender for Endpoint Power BI report samples. For more information, see [Browse code samples](/samples/browse/?products=mdatp).
+View the [Microsoft Defender for Endpoint Power BI report samples](/samples/browse/?products=mdatp).
 
 ## Related articles
 
 
@@ -281,7 +281,7 @@ The following steps are only applicable if you're using a third-party anti-malwa
 - An operating system update can introduce an installation issue on machines with slower disks due to a timeout with service installation. Installation fails with the message "Could not find c:\program files\windows defender\mpasdesc.dll, - 310 WinDefend". Use the latest installation package, and the latest [install.ps1](https://github.com/microsoft/mdefordownlevelserver) script to help clear the failed installation if necessary.
 - We've identified an issue with Windows Server 2012 R2 connectivity to cloud when static TelemetryProxyServer is used **and** the certificate revocation list (CRL) URLs aren't reachable from the SYSTEM account context. Ensure the EDR sensor is updated to version 10.8210.* or later (using [KB5005292](https://support.microsoft.com/topic/microsoft-defender-for-endpoint-update-for-edr-sensor-f8f69773-f17f-420f-91f4-a8e5167284ac)) to resolve the issue. Alternatively, use a different proxy option ("system-wide") that provides such connectivity, or configure the same proxy via the WinInet setting on the SYSTEM account context.
 - On Windows Server 2012 R2, there's no user interface for Microsoft Defender Antivirus. In addition, the user interface on Windows Server 2016 only allows for basic operations. To perform operations on a device locally, refer to [Manage Microsoft Defender for Endpoint with PowerShell, WMI, and MPCmdRun.exe](preferences-setup.md). As a result, features that specifically rely on user interaction, such as where the user is prompted to make a decision or perform a specific task, may not work as expected. It's recommended to disable or not enable the user interface nor require user interaction on any managed server as it may impact protection capability.
-- Not all Attack Surface Reduction rules are applicable to all operating systems. See [Attack surface reduction rules](/defender-endpoint/attack-surface-reduction-rules).
+- Not all Attack Surface Reduction rules are applicable to all operating systems. See [Attack surface reduction rules](attack-surface-reduction-rules-reference.md).
 - Operating system upgrades aren't supported. Offboard then uninstall before upgrading. The installer package can only be used to upgrade installations that have not yet been updated with new antimalware platform or EDR sensor update packages.
 - Automatic exclusions for **server roles** aren't supported on Windows Server 2012 R2; however, built-in exclusions for operating system files are. For more information about adding exclusions, see [Configure Microsoft Defender Antivirus exclusions on Windows Server](configure-server-exclusions-microsoft-defender-antivirus.md).
 - To automatically deploy and onboard the new solution using Microsoft Endpoint Configuration Manager (MECM) you need to be on [version 2207 or later](/mem/configmgr/core/plan-design/changes/whats-new-in-version-2207#improved-microsoft-defender-for-endpoint-mde-onboarding-for-windows-server-2012-r2-and-windows-server-2016). You can still configure and deploy using version 2107 with the hotfix rollup, but this requires additional deployment steps. See [Microsoft Endpoint Configuration Manager migration scenarios](/defender-endpoint/server-migration#microsoft-endpoint-configuration-manager-migration-scenarios) for more information.