Merge branch 'poliveria-ah-identity-08082025' of https://github.com/MicrosoftDocs/defender-docs-pr into poliveria-ah-identity-08082025

poliveria · poliveria · commit 09007c5416f8 · 2025-08-11T11:33:15.000+05:30
diff --git a/defender-endpoint/microsoft-defender-antivirus-updates.md b/defender-endpoint/microsoft-defender-antivirus-updates.md
@@ -99,6 +99,30 @@ Updates contain:
 - Serviceability improvements
 - Integration improvements (Cloud, [Microsoft Defender XDR](/defender-xdr/microsoft-365-defender))
 
+
+### July-2025 (Platform: 4.18.25070.5 | Engine: 1.1.25070.4)
+
+- Security intelligence update version: **1.435.11.0**
+- Release date:  **August 5, 2025 (Engine) / August 6, 2025 (Platform)**
+- Platform: **4.18.25070.5**
+- Engine: **1.1.25070.4**
+- Support phase: **Security and Critical Updates**
+
+#### What's new
+
+- Enhanced Passive Mode Scanning Behavior
+When Microsoft Defender is in Passive mode, an Antivirus scan will not occur after a signature update , unless specifically set in the policy setting DisableScanOnUpdate.
+
+- Improved Tamper Protection Handling
+Optimized the configuration process for Tamper Protection in multi-threaded environments to ensure more reliable behavior.
+
+- Digital Signature Verification Performance Boost
+Enhanced the efficiency of digital signature verification to improve overall system performance.
+
+- Refined ASR Rule Exclusion Processing
+Refined exclusion processing and resolved false positives for the Attack Surface Reduction (ASR) rule: Block Office applications from injecting code into other processes.
+
+
 ### June-2025 (Platform: 4.18.25060.7 | Engine: 1.1.25060.6)
  
 - Security intelligence update version: **1.433.2.0**
diff --git a/defender-office-365/recommended-settings-for-eop-and-office365.md b/defender-office-365/recommended-settings-for-eop-and-office365.md
@@ -19,7 +19,7 @@ ms.collection:
   - tier1
 description: What are best practices for email and collaboration security settings in Microsoft 365? What are the current recommendations for standard protection? What should you use to be more strict? And what extras do you get if you also use Microsoft Defender for Office 365?
 ms.service: defender-office-365
-ms.date: 07/10/2025
+ms.date: 08/09/2025
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/eop-about" target="_blank">Default email protections for cloud mailboxes</a>
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 1 and Plan 2</a>
@@ -334,25 +334,25 @@ To configure Safe Links policy settings, see [Set up Safe Links policies in Micr
 In [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell), you use the [New-SafeLinksPolicy](/powershell/module/exchangepowershell/new-safelinkspolicy) and [Set-SafeLinksPolicy](/powershell/module/exchangepowershell/set-safelinkspolicy) cmdlets for Safe Links policy settings.
 
 > [!NOTE]
-> The **Default in custom** column refers to the default values in new Safe Links policies that you create. The remaining columns indicate (unless otherwise noted) the values that are configured in the corresponding preset security policies.
+> The **Default in custom** column refers to the default values in new Safe Links policies you create. The remaining columns indicate the values configured in the corresponding preset security policies.
 
 |Security feature name|Default in custom|Built-in protection|Standard|Strict|Comment|
 |---|:---:|:---:|:---:|:---:|---|
 |**URL & click protection settings**||||||
 |**Email**|||||The settings in this section affect URL rewriting and time of click protection in email messages.|
 |**On: Safe Links checks a list of known, malicious links when users click links in email. URLs are rewritten by default.** (_EnableSafeLinksForEmail_)|Selected (`$true`)|Selected (`$true`)|Selected (`$true`)|Selected (`$true`)||
-|**Apply Safe Links to email messages sent within the organization** (_EnableForInternalSenders_)|Selected (`$true`)|Not selected (`$false`)|Selected (`$true`)|Selected (`$true`)||
+|**Apply Safe Links to email messages sent within the organization** (_EnableForInternalSenders_)|Selected (`$true`)|Selected (`$true`)|Selected (`$true`)|Selected (`$true`)||
 |**Apply real-time URL scanning for suspicious links and links that point to files** (_ScanUrls_)|Selected (`$true`)|Selected (`$true`)|Selected (`$true`)|Selected (`$true`)||
 |**Wait for URL scanning to complete before delivering the message** (_DeliverMessageAfterScan_)|Selected (`$true`)|Selected (`$true`)|Selected (`$true`)|Selected (`$true`)||
-|**Do not rewrite URLs, do checks via Safe Links API only** (_DisableURLRewrite_)|Selected (`$false`)<sup>\*</sup>|Selected (`$true`)|Not selected (`$false`)|Not selected (`$false`)|<sup>\*</sup> In new Safe Links policies that you create in the Defender portal, this setting is selected by default. In new Safe Links policies that you create in PowerShell, the default value of the _DisableURLRewrite_ parameter is `$false`.|
+|**Do not rewrite URLs, do checks via Safe Links API only** (_DisableURLRewrite_)|Selected (`$false`)<sup>\*</sup>|Selected (`$true`)|Not selected (`$false`)|Not selected (`$false`)|<sup>\*</sup> In new policies created in the Defender portal, this setting is selected by default. In new policies created in PowerShell, the default value is `$false`.|
 |**Do not rewrite the following URLs in email** (_DoNotRewriteUrls_)|Blank|Blank|Blank|Blank|We have no specific recommendation for this setting. <br/><br/> **Note**: Safe Links doesn't scan or wrap entries in the "Don't rewrite the following URLs" list during mail flow. Report the URL as **I've confirmed it's clean** and then select **Allow this URL** to add an allow entry to the Tenant Allow/Block List so the URL isn't scanned or wrapped by Safe Links during mail flow _and_ at time of click. For instructions, see [Report good URLs to Microsoft](submissions-admin.md#report-good-urls-to-microsoft).|
 |**Teams**|||||The setting in this section affects time of click protection in Microsoft Teams.|
 |**On: Safe Links checks a list of known, malicious links when users click links in Microsoft Teams. URLs are not rewritten.** (_EnableSafeLinksForTeams_)|Selected (`$true`)|Selected (`$true`)|Selected (`$true`)|Selected (`$true`)||
 |**Office 365 apps**|||||The setting in this section affects time of click protection in Office apps.|
 |**On: Safe Links checks a list of known, malicious links when users click links in Microsoft Office apps. URLs are not rewritten.** (_EnableSafeLinksForOffice_)|Selected (`$true`)|Selected (`$true`)|Selected (`$true`)|Selected (`$true`)|Use Safe Links in supported Office 365 desktop and mobile (iOS and Android) apps. For more information, see [Safe Links settings for Office apps](safe-links-about.md#safe-links-settings-for-office-apps).|
 |**Click protection settings**||||||
 |**Track user clicks** (_TrackClicks_)|Selected (`$true`)|Selected (`$true`)|Selected (`$true`)|Selected (`$true`)||
-|**Let users click through to the original URL** (_AllowClickThrough_)|Selected (`$false`)<sup>\*</sup>|Selected (`$true`)|Not selected (`$false`)|Not selected (`$false`)|<sup>\*</sup> In new Safe Links policies that you create in the Defender portal, this setting is selected by default. In new Safe Links policies that you create in PowerShell, the default value of the _AllowClickThrough_ parameter is `$false`.|
+|**Let users click through to the original URL** (_AllowClickThrough_)|Selected (`$false`)<sup>\*</sup>|Selected (`$true`)|Not selected (`$false`)|Not selected (`$false`)|<sup>\*</sup> In new policies created in the Defender portal, this setting is selected by default. In new policies created in PowerShell, the default value is `$false`.|
 |**Display the organization branding on notification and warning pages** (_EnableOrganizationBranding_)|Not selected (`$false`)|Not selected (`$false`)|Not selected (`$false`)|Not selected (`$false`)|We have no specific recommendation for this setting. <br/><br/> Before you turn on this setting, you need to follow the instructions in [Customize the Microsoft 365 theme for your organization](/microsoft-365/admin/setup/customize-your-organization-theme) to upload your company logo.|
 |**Notification**||||||
 |**How would you like to notify your users?** (_CustomNotificationText_ and _UseTranslatedNotificationText_)|**Use the default notification text** (Blank and `$false`)|**Use the default notification text** (Blank and `$false`)|**Use the default notification text** (Blank and `$false`)|**Use the default notification text** (Blank and `$false`)|We have no specific recommendation for this setting. <br/><br/> You can select **Use custom notification text** (`-CustomNotificationText "<Custom text>"`) to enter and use customized notification text. If you specify custom text, you can also select **Use Microsoft Translator for automatic localization** (`-UseTranslatedNotificationText $true`) to automatically translate the text into the user's language.|
diff --git a/defender-vulnerability-management/fixed-reported-inaccuracies.md b/defender-vulnerability-management/fixed-reported-inaccuracies.md
@@ -47,6 +47,12 @@ The following tables present the relevant vulnerability information organized by
 | - | Updated CVE-2025-20236 with accurate vulnerability details | 14-July-25 |
 | - | Added MDVM support for CVE-2019-0128, CVE-2019-16905, CVE-2019-18278, CVE-2020-24447, CVE-2020-9724, CVE-2021-40776, CVE-2022-31630 | 14-July-25 |
 | 108162 | Updated Kernel Modules Core detection logic to ensure more accurate version identification | 15-July-25 |
+| 105489 | Improved accuracy for Riot | 15-July-25 |
+| - | Improved accuracy for Webex Teams | 15-July-25 |
+| 108711 | Updated CVSS Score and Vector String for CVE-2025-6555 | 21-July-25 |
+| 105707 | Updated Devolutions Remote Desktop Manager vulnerabilities- CVE-2025-2499, CVE-2025-2528, CVE-2025-2562, CVE-2025-2600 and CVE-2025-5334 with accurate vulnerability details | 22-July-25 |
+| 102655 | Updated Netskope vulnerability- CVE-2024-13177 with accurate vulnerability details | 22-July-25 |
+| - | Fixed bad normalization in Erlang OTP | 28-July-25 |
 
 ## June 2025
 
diff --git a/unified-secops-platform/mto-distribution-profiles.md b/unified-secops-platform/mto-distribution-profiles.md
@@ -106,7 +106,7 @@ Common reasons for a sync to fail include:
 
 If the issue is with the target tenant, try creating an identical custom detection rule for further diagnosis. If the issue is with accessing the source data, try accessing the custom detection.
 
-A known issue exists with distribution profile errors. In some scenarios, such as when a user without the required permissions selects **See the assignment** on a policy error, an indefinite loading state might be shown without a clear error message. Users might also encounter generic or unclear error messages if Microsoft Entra is temporarily unavailable.
+A known issue exists with distribution profile errors. In some scenarios, such as when a user without the required permissions selects **See the assignment** on a policy error, an indefinite loading state might be shown without a clear error message. Users might also encounter generic or unclear error messages if Microsoft Entra is temporarily unavailable. In such cases, close the error message and verify your permissions and Microsoft Entra availability.
 
 ## Related content
 
