Merge pull request #2274 from MicrosoftDocs/main

Ruchika-mittal01 · web-flow · commit 08f2a2c6dea2 · 2024-12-27T05:07:22.000+05:30
Publish main to live, 12/26/24, 3:30 PM PT
diff --git a/ATPDocs/index.yml b/ATPDocs/index.yml
@@ -1,18 +1,18 @@
 ### YamlMime:Landing
 
-title: Microsoft Defender for Identity documentation 
-summary: Microsoft Defender for Identity cloud service helps protect your enterprise hybrid environments from multiple types of advanced targeted cyber attacks and insider threats. 
+title: Microsoft Defender for Identity documentation
+summary: Microsoft Defender for Identity cloud service helps protect your enterprise hybrid environments from multiple types of advanced targeted cyber attacks and insider threats.
 metadata:
   title: Microsoft Defender for Identity documentation
-  description: Microsoft Defender for Identity cloud service helps protect your enterprise hybrid environments from multiple types of advanced targeted cyber attacks and insider threats. 
+  description: Microsoft Defender for Identity cloud service helps protect your enterprise hybrid environments from multiple types of advanced targeted cyber attacks and insider threats.
   services: service
   ms.service: azure-advanced-threat-protection
   ms.subservice: subservice
-  ms.topic: landing-page 
+  ms.topic: landing-page
   ms.collection: M365-security-compliance
-  author: batamig 
-  ms.author: bagol 
-  ms.date: 09/23/2019 
+  author: batamig
+  ms.author: bagol
+  ms.date: 09/23/2019
 
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
 
@@ -32,7 +32,7 @@ landingContent:
         links:
           - text: Releases
             url: whats-new.md
-  - title: Check out Defender for Identity alerts      
+  - title: Check out Defender for Identity alerts
     linkLists:
       - linkListType: get-started
         links:
@@ -47,21 +47,21 @@ landingContent:
       - linkListType: how-to-guide
         links:
           - text: Security posture assessments
-            url: security-assessment.md  
+            url: security-assessment.md
           - text: Configure detection exclusions
             url: exclusions.md
-          - text: Search and filter monitored activities 
+          - text: Search and filter monitored activities
             url: monitored-activities.md
           - text: Set entity tags
             url: entity-tags.md
           - text: Advanced Threat Analytics (ATA) to Defender for Identity migration
             url: migrate-from-ata-overview.md
-  - title: Investigate threats 
+  - title: Investigate threats
     linkLists:
       - linkListType: tutorial
         links:
           - text: Investigate assets
-            url: investigate-assets.md  
+            url: investigate-assets.md
           - text: Investigate lateral movement paths
             url: understand-lateral-movement-paths.md
           - text: Remediation actions
@@ -74,5 +74,5 @@ landingContent:
             url: technical-faq.yml
           - text: Support
             url: support.md
-          - text: Defender for Identity data security and privacy 
+          - text: Defender for Identity data security and privacy
             url: privacy-compliance.md
diff --git a/defender-office-365/scc-permissions.md b/defender-office-365/scc-permissions.md
@@ -80,15 +80,15 @@ Managing permissions in Defender for Office 365 or Microsoft Purview gives users
 |**Data Estate Insights Readers**|Provides read-only access to all insights reports across platforms and providers.|Data Map Reader <br/><br/> Insights Reader|
 |**Data Governance**|Grants access to data governance roles within Microsoft Purview.|Data Governance Administrator|
 |**Data Investigator**|Perform searches on mailboxes, SharePoint Online sites, and OneDrive for Business locations.|Communication <br/><br/> Compliance Search <br/><br/> Custodian <br/><br/> Data Investigation Management <br/><br/> Export <br/><br/> Preview <br/><br/> Review <br/><br/> RMS Decrypt <br/><br/> Search And Purge|
-|**Data Security Management**| View all Data Security Posture Management insights, use CoPilot for Security, and manage Microsoft Purview data security solutions (Data Loss Prevention, Information Protection, and Insider Risk Management).| Case Management <br/><br/> Custodian <br/><br/> Data Classification Content Viewer <br/><br/> Data Classification List Viewer <br/><br/>Data Connector Admin <br/><br/> Data Map Reader <br/><br/> Data Security Viewer <br/><br/> Information Protection Admin <br/><br/> Information Protection Analyst <br/><br/> Information Protection Investigator <br/><br/> Information Protection Reader <br/><br/> Insider Risk Management Admin <br/><br/> Insider Risk Management Analysis <br/><br/> Insider Risk Management Approval <br/><br/> Insider Risk Management Audit <br/><br/> Insider Risk Management Investigation <br/><br/> Insider Risk Management Reports Administrator <br/><br/> Insider Risk Management Sessions <br/><br/> Insights Reader <br/><br/> Purview Evaluation Administrator <br/><br/> Review <br/><br/> Scan Reader <br/><br/> Source Reader <br/><br/> View-Only Case |
+|**Data Security Management**| View all Data Security Posture Management insights, use CoPilot for Security, and manage Microsoft Purview data security solutions (Data Loss Prevention, Information Protection, and Insider Risk Management).| Case Management <br/><br/> Custodian <br/><br/> Data Classification Content Download <br/><br/> Data Classification Content Viewer <br/><br/> Data Classification List Viewer <br/><br/>Data Connector Admin <br/><br/> Data Map Reader <br/><br/> Data Security Viewer <br/><br/> Information Protection Admin <br/><br/> Information Protection Analyst <br/><br/> Information Protection Investigator <br/><br/> Information Protection Reader <br/><br/> Insider Risk Management Admin <br/><br/> Insider Risk Management Analysis <br/><br/> Insider Risk Management Approval <br/><br/> Insider Risk Management Audit <br/><br/> Insider Risk Management Investigation <br/><br/> Insider Risk Management Reports Administrator <br/><br/> Insider Risk Management Sessions <br/><br/> Insights Reader <br/><br/> Purview Evaluation Administrator <br/><br/> Review <br/><br/> Scan Reader <br/><br/> Source Reader <br/><br/> View-Only Case |
 |**Data Source Administrators**|Manage data sources and data scans.|Credential Reader <br/><br/> Credential Writer <br/><br/> Scan Reader <br/><br/> Scan Writer <br/><br/> Source Reader <br/><br/> Source Writer|
 |**eDiscovery Manager**|Members can perform searches and place holds on mailboxes, SharePoint Online sites, and OneDrive for Business locations. Members can also create and manage eDiscovery cases, add and remove members to a case, create and edit Content Searches associated with a case, and access case data in eDiscovery (Premium). <br/><br/> An eDiscovery Administrator is a member of the eDiscovery Manager role group who has been assigned additional permissions. In addition to the tasks that an eDiscovery Manager can perform, an eDiscovery Administrator can:<ul><li>View all eDiscovery cases in the organization.</li><li>Manage any eDiscovery case after they add themselves as a member of the case.</li></ul> <br/><br/> The primary difference between an eDiscovery Manager and an eDiscovery Administrator is that an eDiscovery Administrator can access all cases that are listed on the **eDiscovery cases** page in the compliance portal. An eDiscovery manager can only access the cases they created or cases they're a member of. For more information about making a user an eDiscovery Administrator, see [Assign eDiscovery permissions in the compliance portal](/purview/ediscovery-assign-permissions).|Case Management <br/><br/> Communication <br/><br/> Compliance Search <br/><br/> Custodian <br/><br/> Export <br/><br/> Hold <br/><br/> Manage Review Set Tags <br/><br/> Preview <br/><br/> Review <br/><br/> RMS Decrypt|
 |**Exact Data Match Upload Admins**|Upload data for Exact Data Match.|Exact Data Match Upload Admin|
 |**Global Reader**|Members have read-only access to reports, alerts, and can see all the configuration and settings. <br/><br/> The primary difference between Global Reader and Security Reader is that a Global Reader can access **configuration and settings**.|Compliance Manager Reader <br/><br/> Security Reader <br/><br/> Sensitivity Label Reader <br/><br/> Service Assurance View <br/><br/> View-Only Audit Logs <br/><br/> View-Only Device Management <br/><br/> View-Only DLP Compliance Management <br/><br/> View-Only IB Compliance Management <br/><br/> View-Only Manage Alerts <br/><br/> View-Only Recipients <br/><br/> View-Only Record Management <br/><br/> View-Only Retention Management|
-|**Information Protection**|Full control over all information protection features, including sensitivity labels and their policies, DLP, all classifier types, activity and content explorers, and all related reports.|Data Classification Content Viewer <br/><br/> Data Classification List Viewer <br/><br/> Data Map Reader <br/><br/> Information Protection Admin <br/><br/> Information Protection Analyst <br/><br/> Information Protection Investigator <br/><br/> Information Protection Reader <br/><br/> Insights Reader <br/><br/> Purview Evaluation Administrator <br/><br/> Scan Reader <br/><br/> Source Reader|
+|**Information Protection**|Full control over all information protection features, including sensitivity labels and their policies, DLP, all classifier types, activity and content explorers, and all related reports.|Data Classification Content Viewer <br/><br/> Data Classification Content Download <br/><br/> Data Classification List Viewer <br/><br/> Data Map Reader <br/><br/> Information Protection Admin <br/><br/> Information Protection Analyst <br/><br/> Information Protection Investigator <br/><br/> Information Protection Reader <br/><br/> Insights Reader <br/><br/> Purview Evaluation Administrator <br/><br/> Scan Reader <br/><br/> Source Reader|
 |**Information Protection Admins**|Create, edit, and delete DLP policies, sensitivity labels and their policies, and all classifier types. Manage endpoint DLP settings and simulation mode for auto-labeling policies.|Data Map Reader <br/><br/> Information Protection Admin <br/><br/> Insights Reader <br/><br/> Purview Evaluation Administrator <br/><br/> Scan Reader <br/><br/> Source Reader|
 |**Information Protection Analysts**|Access and manage DLP alerts and activity explorer. View-only access to DLP policies, sensitivity labels and their policies, and all classifier types.|Data Classification List Viewer <br/><br/> Data Map Reader <br/><br/> Information Protection Analyst <br/><br/> Insights Reader <br/><br/> Purview Evaluation Administrator|
-|**Information Protection Investigators**|Access and manage DLP alerts, activity explorer, and content explorer. View-only access to DLP policies, sensitivity labels and their policies, and all classifier types.|Data Classification Content Viewer <br/><br/> Data Classification List Viewer <br/><br/> Data Map Reader <br/><br/> Information Protection Analyst <br/><br/> Information Protection Investigator <br/><br/> Insights Reader <br/><br/> Purview Evaluation Administrator <br/><br/> Scan Reader <br/><br/> Source Reader|
+|**Information Protection Investigators**|Access and manage DLP alerts, activity explorer, and content explorer. View-only access to DLP policies, sensitivity labels and their policies, and all classifier types.|Data Classification Content Viewer <br/><br/> Data Classification Content Download <br/><br/> Data Classification List Viewer <br/><br/> Data Map Reader <br/><br/> Information Protection Analyst <br/><br/> Information Protection Investigator <br/><br/> Insights Reader <br/><br/> Purview Evaluation Administrator <br/><br/> Scan Reader <br/><br/> Source Reader|
 |**Information Protection Readers**|View-only access to reports for DLP policies and sensitivity labels and their policies.|Information Protection Reader|
 |**Insider Risk Management**|Use this role group to manage insider risk management for your organization in a single group. By adding all user accounts for designated administrators, analysts, and investigators, you can configure insider risk management permissions in a single group. This role group contains all the insider risk management permission roles. This role group is the easiest way to quickly get started with insider risk management and is a good fit for organizations that don't need separate permissions defined for separate groups of users.|Case Management <br/><br/> Custodian <br/><br/> Data Connector Admin <br/><br/> Insider Risk Management Admin <br/><br/> Insider Risk Management Analysis <br/><br/> Insider Risk Management Approval <br/><br/> Insider Risk Management Audit <br/><br/> Insider Risk Management Investigation <br/><br/> Insider Risk Management Reports Administrator <br/><br/> Insider Risk Management Sessions <br/><br/> Review <br/><br/> View-Only Case|
 |**Insider Risk Management Admins**|Use this role group to initially configure insider risk management and later to segregate insider risk administrators into a defined group. Users in this role group can create, read, update, and delete insider risk management policies, global settings, and role group assignments.|Case Management <br/><br/> Data Connector Admin <br/><br/> Insider Risk Management Admin <br/><br/> View-Only Case|
@@ -154,6 +154,7 @@ Roles that aren't assigned to the Organization Management role group by default
 |<sup>\*</sup>**Credential Reader**|Read the different credentials created in the tenant.|Compliance Administrator <br/><br/> Data Source Administrators|
 |<sup>\*</sup>**Credential Writer**|Create and edit credentials.|Compliance Administrator <br/><br/> Data Source Administrators|
 |<sup>\*</sup>**Custodian**|Identify and manage custodians for eDiscovery (Premium) cases and use the information from Microsoft Entra ID and other sources to find data sources associated with custodians. Associate other data sources such as mailboxes, SharePoint sites, and Teams with custodians in a case.  Place a legal hold on the data sources associated with custodians to preserve content in the context of a case.|Data Investigator <br/><br/> eDiscovery Manager <br/><br/> Insider Risk Management <br/><br/> Insider Risk Management Investigators|
+|<sup>\*</sup>**Data Classification Content Download**|When evidence collection is turned on from Endpoint DLP settings, this role lets admins download endpoint-related evidence files from activity explorer and DLP alerts.|Data Security Management <br/><br/> Information Protection <br/><br/> Information Protection Investigators|
 |<sup>\*</sup>**Data Classification Content Viewer**|View in-place rendering of files in Content explorer.|Content Explorer Content Viewer <br/><br/> Information Protection <br/><br/> Information Protection Investigators <br/><br/> Privacy Management <br/><br/> Privacy Management Investigators|
 |<sup>\*</sup>**Data Classification Feedback Provider**|Allows providing feedback to classifiers in content explorer.|Communication Compliance <br/><br/> Communication Compliance Investigators <br/><br/> Compliance Administrator|
 |<sup>\*</sup>**Data Classification Feedback Reviewer**|Allows reviewing feedback from classifiers in feedback explorer.|Compliance Administrator|
