Merge branch 'main' into defender-criteria

Author: denisebmsft

.openpublishing.publish.config.json

@@ -112,6 +112,18 @@
       },
       "build_entry_point": "docs",
       "template_folder": "_themes"
+    },
+    {
+      "docset_name": "unified-secops-platform",
+      "build_source_folder": "unified-secops-platform",
+      "build_output_subfolder": "unified-secops-platform",
+      "locale": "en-us",
+      "monikers": [],
+      "open_to_public_contributors": false,
+      "type_mapping": {
+        "Conceptual": "Content"
+      },
+      "build_entry_point": "docs"
     }
   ],
   "notification_subscribers": [],

.openpublishing.redirection.defender.json

@@ -1,5 +1,10 @@
 {
   "redirections": [
+    {
+      "source_path": "defender/threat-intelligence/index-backup.md",
+      "redirect_url": "/defender/threat-intelligence/what-is-microsoft-defender-threat-intelligence-defender-ti",
+      "redirect_document_id": false
+    },
     {
       "source_path": "defender/advanced-hunting-overview.md",
       "redirect_url": "/defender-xdr/advanced-hunting-overview",
@@ -214,6 +219,16 @@
       "source_path": "defender-endpoint/defender-endpoint-antivirus-exclusions.md",
       "redirect_url": "/defender-endpoint/navigate-defender-endpoint-antivirus-exclusions",
       "redirect_document_id": false
-    }
+    },
+    {
+      "source_path": "defender-endpoint/defender-endpoint-demonstration-amsi.md",
+      "redirect_url": "/defender-endpoint/mde-demonstration-amsi",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "defender-xdr/device-profile.md",
+      "redirect_url": "/defender-xdr/entity-page-device",
+      "redirect_document_id": true
+    }    
   ]
 }

defender-endpoint/TOC.yml

@@ -59,44 +59,43 @@
     - name: Antivirus solution compatibility with Defender for Endpoint
       href: defender-compatibility.md
 
-  - name: Microsoft Defender for Endpoint demonstrations
+  - name: Microsoft Defender for Endpoint demonstrations and evaluation
     items:
-    - name: Microsoft Defender for Endpoint demonstrations
+    - name: Evaluate Microsoft Defender Antivirus
+      href: evaluate-microsoft-defender-antivirus.md
       items:
-      - name: Overview
-        href: evaluate-microsoft-defender-antivirus.md
       - name: Evaluate Microsoft Defender Antivirus using PowerShell
         href: microsoft-defender-antivirus-using-powershell.md
       - name: Evaluate Microsoft Defender Antivirus using Microsoft Defender Endpoint Security Settings Management
         href: evaluate-mda-using-mde-security-settings-management.md
       - name: Evaluate Microsoft Defender Antivirus using Group Policy 
         href: evaluate-mdav-using-gp.md  
-      - name: Microsoft Defender for Endpoint demonstration scenarios
-        href: defender-endpoint-demonstrations.md
+    - name: Demonstration scenarios
+      href: defender-endpoint-demonstrations.md
+      items:
+      - name: AMSI demonstrations
+        href: mde-demonstration-amsi.md
+      - name: Antimalware validation demonstration
+        href: validate-antimalware.md
+      - name: Attack surface reduction rules demonstration
+        href: defender-endpoint-demonstration-attack-surface-reduction-rules.md
       - name: App reputation demonstration
         href: defender-endpoint-demonstration-app-reputation.md
-      - name: Behavior monitoring demonstrations
+      - name: Behavior monitoring demonstration
         href: demonstration-behavior-monitoring.md
-      - name: Validate antimalware
-        href: validate-antimalware.md
-      - name: AMSI demonstrations
-        href: defender-endpoint-demonstration-amsi.md
-        displayName: Antimalware Scan Interface (AMSI), AMSI
-      - name: Attack surface reduction rules demonstrations
-        href: defender-endpoint-demonstration-attack-surface-reduction-rules.md
-      - name: Cloud-delivered protection demonstration
+      - name: Cloud-delivered protection
         href: defender-endpoint-demonstration-cloud-delivered-protection.md
-      - name: Controlled folder access (CFA) demonstration (block script)
+      - name: Controlled folder access (block script) demonstration
         href: defender-endpoint-demonstration-controlled-folder-access-test-tool.md
-      - name: Controlled folder access (CFA) demonstrations (block ransomware)
+      - name: Controlled folder access (block ransomware) demonstration
         href: defender-endpoint-demonstration-controlled-folder-access.md
-      - name: EDR detections
+      - name: EDR detections demonstration
         href: edr-detection.md
-      - name: Exploit protection (EP) demonstrations
+      - name: Exploit protection demonstration
         href: defender-endpoint-demonstration-exploit-protection.md
-      - name: Network protection demonstrations
+      - name: Network protection demonstration
         href: defender-endpoint-demonstration-network-protection.md
-      - name: Potentially unwanted applications (PUA) demonstration
+      - name: Potentially unwanted applications demonstration
         href: defender-endpoint-demonstration-potentially-unwanted-applications.md
       - name: URL reputation demonstrations
         href: defender-endpoint-demonstration-smartscreen-url-reputation.md

defender-endpoint/android-configure.md

@@ -15,7 +15,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: android
 search.appverid: met150
-ms.date: 08/30/2024
+ms.date: 10/18/2024
 ---
 
 # Configure Defender for Endpoint on Android features
@@ -197,9 +197,9 @@ Defender for Endpoint supports vulnerability assessment of apps in the work prof
 1. In [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Apps** \> **App configuration policies** \\> **Add** > **Managed devices**.
 2. Give the policy a name; **Platform \> Android Enterprise**; select the profile type.
 3. Select **Microsoft Defender for Endpoint** as the target app.
-4. In Settings page, select **Use configuration designer** and add **DefenderTVMPrivacyMode** as the key and value type as **Integer**
+1. In Settings page, select **Use configuration designer** and add **Enable TVM Privacy** as the key and value type as **Integer**
 
-   - To disable vulnerability of apps in the work profile, enter value as `1` and assign this policy to users. By default, this value is set to `0`.
+- To disable vulnerability of apps in the work profile, enter value as `1` and assign this policy to users. By default, this value is set to `0`.
    - For users with key set as `0`, Defender for Endpoint sends the list of apps from the work profile to the backend service for vulnerability assessment.
 
 5. Select **Next** and assign this profile to targeted devices/users.

defender-endpoint/android-intune.md

@@ -15,7 +15,7 @@ ms.custom: partner-contribution
 ms.topic: conceptual
 ms.subservice: android
 search.appverid: met150
-ms.date: 07/25/2024
+ms.date: 10/11/2024
 ---
 
 # Deploy Microsoft Defender for Endpoint on Android with Microsoft Intune
@@ -284,7 +284,10 @@ Android low touch onboarding is disabled by default. Admins can enable it throug
 
       > [!div class="mx-imgBorder"]
    > ![Screenshot showing a low touch onboarding configuration policy.](media/low-touch-user-upn.png)
-   
+
+> [!Note]
+> Once the policy is created, these value types will show as string.
+ 
 8. Assign the policy to the target user group.
 
 9. Review and create the policy.

defender-endpoint/configure-environment.md

@@ -14,7 +14,7 @@ ms.collection:
 - tier1
 ms.topic: how-to
 ms.subservice: onboard
-ms.date: 06/14/2024
+ms.date: 10/18/2024
 ---
 
 # STEP 1: Configure your network environment to ensure connectivity with Defender for Endpoint service
@@ -27,7 +27,7 @@ ms.date: 06/14/2024
 
 > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-configureendpointsscript-abovefoldlink)
 
-Before you onboard devices to Defender for Endpoint, make sure your network is configured to connect to the service. The first step of this process involves adding URLs to the allowed domains list if your proxy server or firewall rules prevent access to Defender for Endpoint. This article also includes information about proxy and firewall requirements for older versions of Windows client and Windows Server.
+Before you onboard devices to Defender for Endpoint, make sure your network is configured to connect to the service, by allowing outbound connection and bypassings HTTPS inspection for the service URLs. The first step of this process involves adding URLs to the allowed domains list if your proxy server or firewall rules prevent access to Defender for Endpoint. This article also includes information about proxy and firewall requirements for older versions of Windows client and Windows Server.
 
 > [!NOTE]
 > - After May 8, 2024, you have the option to keep streamlined connectivity ([consolidated set of URLs](https://aka.ms/MDE-streamlined-urls)) as the default onboarding method, or downgrade to standard connectivity through (**Settings > Endpoints > Advanced Features**). For onboarding through Intune or Microsoft Defender for Cloud, you need to activate the relevant option. Devices already onboarded aren't reonboarded automatically. In such cases, create a new policy in Intune, where it is recommended to first assign the policy to a set of test devices to verify connectivity is successful, and then expand the audience. Devices in Defender for Cloud can be reonboarded using the relevant onboarding script, while newly onboarded devices will automatically receive streamlined onboarding.

defender-endpoint/customize-controlled-folders.md

@@ -15,7 +15,7 @@ ms.collection:
 - tier2
 - mde-asr
 search.appverid: met150
-ms.date: 10/27/2023
+ms.date: 10/17/2024
 ---
 
 # Customize controlled folder access
@@ -33,8 +33,12 @@ ms.date: 10/27/2023
 > [!TIP]
 > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-assignaccess-abovefoldlink)
 
-Controlled folder access helps you protect valuable data from malicious apps and threats, such as ransomware. Controlled folder access is supported on Windows Server 2019, Windows Server 2022, Windows 10, and Windows 11 clients. This article describes how to customize controlled folder access capabilities, and includes the following sections:
+Controlled folder access helps you protect valuable data from malicious apps and threats, such as ransomware. Controlled folder access is supported on Windows Server 2019, Windows Server 2022, Windows 10, and Windows 11 clients.
 
+> [!IMPORTANT]
+> Controlled folder access is not supported on Linux servers.
+
+This article describes how to customize controlled folder access capabilities, and includes the following sections:
 - [Protect additional folders](#protect-additional-folders)
 - [Add apps that should be allowed to access protected folders](#allow-specific-apps-to-make-changes-to-controlled-folders)
 - [Allow signed executable files to access protected folders](#allow-signed-executable-files-to-access-protected-folders)