Merge pull request #1244 from MicrosoftDocs/main

Publish main to live, Wednesday 3:30PM PDT, 08/28

Author: Stacyrch140

defender-endpoint/device-control-overview.md

@@ -4,7 +4,7 @@ description: Get an overview of device control, including removable storage acce
 author: siosulli
 ms.author: siosulli
 manager: deniseb
-ms.date: 08/27/2024
+ms.date: 08/28/2024
 ms.topic: overview
 ms.service: defender-endpoint
 ms.subservice: asr
@@ -57,7 +57,6 @@ Device control capabilities from Microsoft can be organized into three main cate
 
 - **Device control in Defender for Endpoint**. Device control in Defender for Endpoint provides more advanced capabilities and is cross platform.
   - Granular access control - create policies to control access by device, device type, operation (read, write, execute), user group, network location, or file type.
-  - File evidence - store the file information and contents to audit files copied or accessed on devices.
   - Reporting and advanced hunting - complete visibility into add device related activities.
   - Device control in Microsoft Defender can be managed using Intune or [Group Policy](device-control-deploy-manage-gpo.md).
   - **Device control in Microsoft Defender and Intune**. Intune provides a rich experience for managing complex device control policies for organizations. You can configure and deploy device restriction settings in Defender for Endpoint, for example. See [Deploy and manage device control with Microsoft Intune](device-control-deploy-manage-intune.md).

defender-endpoint/linux-preferences.md

@@ -6,7 +6,7 @@ ms.service: defender-endpoint
 ms.author: dansimp
 author: dansimp
 ms.localizationpriority: medium
-ms.date: 07/31/2024
+ms.date: 08/28/2024
 manager: deniseb
 audience: ITPro
 ms.collection: 
@@ -63,12 +63,13 @@ Specifies the enforcement preference of antivirus engine. There are three values
 - Real-time (`real_time`): Real-time protection (scan files as they're modified) is enabled.
 - On-demand (`on_demand`): Files are scanned only on demand. In this:
   - Real-time protection is turned off.
-- Passive (`passive`): Runs the antivirus engine in passive mode. In this:
+- Passive (`passive`): Runs the antivirus engine in passive mode. In this case, all of the following apply:
   - Real-time protection is turned off: Threats are not remediated by Microsoft Defender Antivirus.
   - On-demand scanning is turned on: Still use the scan capabilities on the endpoint.
-  - Automatic threat remediation is turned off: No files will be moved and security admin is expected to take required action.
-  - Security intelligence updates are turned on: Alerts will be available on security admins tenant.
-
+  - Automatic threat remediation is turned off: No files are moved and your security administrator is expected to take required action.
+  - Security intelligence updates are turned on: Alerts are available in the security administrator's tenant.
+  - Definition updates occur only when a scan starts, even if `automaticDefinitionUpdateEnabled` is set to `true` in passive mode.
+    
 |Description|JSON Value|Defender Portal Value|
 |---|---|---|
 |**Key**|enforcementLevel|Enforcement Level|