Merge pull request #3310 from MicrosoftDocs/main

Publish main to live, 03/28/25, 3:30 PM PDT

Author: Ruchika-mittal01

.openpublishing.redirection.defender-endpoint.json

@@ -119,6 +119,11 @@
       "source_path": "defender-endpoint/linux-schedule-scan-mde.md",
       "redirect_url": "/defender-endpoint/schedule-antivirus-scan-crontab",
       "redirect_document_id": true
+    },
+    {
+      "source_path": "defender-endpoint/non-windows.md",
+      "redirect_url": "/defender-endpoint/microsoft-defender-endpoint",
+      "redirect_document_id": true
     } 
   ]
 }

defender-endpoint/TOC.yml

@@ -6,16 +6,35 @@
     items:
     - name: What is Microsoft Defender for Endpoint?
       href: microsoft-defender-endpoint.md
-    - name: Zero Trust for Microsoft Defender for Endpoint
+      items: 
+      - name: Defender for Endpoint on macOS
+        href: microsoft-defender-endpoint-mac.md
+      - name: Defender for Endpoint on Linux
+        href: microsoft-defender-endpoint-linux.md
+      - name: Defender for Endpoint on Android
+        href: microsoft-defender-endpoint-android.md
+      - name: Defender for Endpoint on iOS
+        href: microsoft-defender-endpoint-ios.md
+      - name: Defender for Endpoint for US Government customers
+        href: gov.md
+      - name: Supported Microsoft Defender for Endpoint capabilities by platform
+        href: supported-capabilities-by-platform.md
+      - name: Defender for Endpoint Plan 1
+        items:
+        - name: Overview of Defender for Endpoint Plan 1
+          href: defender-endpoint-plan-1.md
+        - name: Setup and configuration
+          href: mde-p1-setup-configuration.md
+        - name: Get started
+          href: mde-plan1-getting-started.md
+    - name: Minimum requirements
+      href: minimum-requirements.md
+    - name: Zero Trust with Defender for Endpoint
       href: zero-trust-with-microsoft-defender-endpoint.md
-    - name: Trial user guide - Microsoft Defender for Endpoint
+    - name: Trial user guide - Defender for Endpoint
       href: defender-endpoint-trial-user-guide.md
     - name: Pilot and deploy Defender for Endpoint
       href: /defender-xdr/pilot-deploy-defender-endpoint?toc=/defender-endpoint/TOC.json&bc=/defender-endpoint/breadcrumb/toc.json
-    - name: Minimum requirements
-      href: minimum-requirements.md
-    - name: Supported Microsoft Defender for Endpoint capabilities by platform
-      href: supported-capabilities-by-platform.md
     - name: What's new in Defender for Endpoint
       href: whats-new-in-microsoft-defender-endpoint.md
       items: 
@@ -36,28 +55,6 @@
       href: /defender-xdr/preview
     - name: Data storage and privacy
       href: data-storage-privacy.md
-    - name: Defender for Endpoint Plan 1
-      items:
-      - name: Overview
-        href: defender-endpoint-plan-1.md
-      - name: Setup and configuration
-        href: mde-p1-setup-configuration.md
-      - name: Get started
-        href: mde-plan1-getting-started.md
-    - name: Microsoft Defender for Endpoint for US Government customers
-      href: gov.md
-    - name: Microsoft Defender for Endpoint on other platforms
-      href: non-windows.md
-      items: 
-      - name: macOS
-        href: microsoft-defender-endpoint-mac.md
-      - name: Linux
-        href: microsoft-defender-endpoint-linux.md
-      - name: Android
-        href: microsoft-defender-endpoint-android.md
-      - name: iOS
-        href: microsoft-defender-endpoint-ios.md
-
     - name: Antivirus solution compatibility with Defender for Endpoint
       href: defender-compatibility.md
 

defender-endpoint/configure-server-exclusions-microsoft-defender-antivirus.md

@@ -6,7 +6,7 @@ description: Windows Server includes automatic exclusions, based on server role.
 ms.service: defender-endpoint
 ms.subservice: ngp
 ms.localizationpriority: medium
-ms.date: 03/14/2025
+ms.date: 03/28/2025
 author: emmwalshh
 ms.author: ewalsh
 ms.topic: conceptual
@@ -30,36 +30,47 @@ search.appverid: met150
 
 - Windows Server
 
+
+> [!IMPORTANT]
+> ## Important notes about automatic exclusions on Windows Server
+>
+> - [Custom exclusions](configure-exclusions-microsoft-defender-antivirus.md) take precedence over automatic exclusions. When a custom exclusion is set for a path that also has a duplicate automatic or built-in exclusion, the custom exclusion will always apply.
+> - Automatic exclusions only apply to [real-time protection (RTP)](configure-protection-features-microsoft-defender-antivirus.md) scanning. Other scan activity, for example [Network Inspection](network-protection.md) and [Behavior Monitoring](behavior-monitor.md), will not be excluded. To exclude other scan types, please use custom exclusions.
+> - Automatic exclusions aren't honored during a [quick scan, full scan, and custom scan](schedule-antivirus-scans.md#comparing-the-quick-scan-full-scan-and-custom-scan). To exclude other scan types, please use custom exclusions.
+> - Built-in exclusions and automatic server role exclusions don't appear in the standard exclusion lists that are shown in the [Windows Security app](microsoft-defender-security-center-antivirus.md).
+> - Microsoft Defender Antivirus uses the Deployment Image Servicing and Management (DISM) tools to determine which roles are installed on your computer.
+> - Appropriate exclusions must be set for software that isn't included with the operating system.
+> - The list of built-in exclusions applied by Microsoft Defender Antivirus is kept up to date as the threat landscape changes. This article lists some, but not all, of the built-in and automatic exclusions. 
+
+## Overview
+
 This article describes types of exclusions that you don't have to define for Microsoft Defender Antivirus: 
 
-- [Built-in exclusions](#built-in-exclusions) for operating system files on all versions of Windows. 
 - [Automatic exclusions](#automatic-server-role-exclusions) for roles on Windows Server 2016 and later. 
+- [Built-in exclusions](#built-in-exclusions) for operating system files on all versions of Windows. 
 
 For a more detailed overview of exclusions, see [Manage exclusions for Microsoft Defender for Endpoint and Microsoft Defender Antivirus](defender-endpoint-antivirus-exclusions.md).
 
-## A few important points about exclusions on Windows Server
+## Automatic server role exclusions
 
-- Custom exclusions take precedence over automatic exclusions.
-- Automatic exclusions only apply to [real-time protection (RTP)](configure-protection-features-microsoft-defender-antivirus.md) scanning. 
-- Automatic exclusions aren't honored during a [quick scan, full scan, and custom scan](schedule-antivirus-scans.md#comparing-the-quick-scan-full-scan-and-custom-scan).
-- Custom and duplicate exclusions don't conflict with automatic exclusions.
-- Microsoft Defender Antivirus uses the Deployment Image Servicing and Management (DISM) tools to determine which roles are installed on your computer.
-- Appropriate exclusions must be set for software that isn't included with the operating system.
-- Windows Server 2012 R2 doesn't have Microsoft Defender Antivirus as an installable feature. When you onboard those servers to Defender for Endpoint, you'll install Microsoft Defender Antivirus, and default exclusions for operating system files are applied. However, exclusions for server roles (as specified below) don't apply automatically, and you should configure these exclusions as appropriate. To learn more, see [Onboard Windows servers to the Microsoft Defender for Endpoint service](configure-server-endpoints.md).
-- Built-in exclusions and automatic server role exclusions don't appear in the standard exclusion lists that are shown in the [Windows Security app](microsoft-defender-security-center-antivirus.md).
-- The list of built-in exclusions in Windows is kept up to date as the threat landscape changes. This article lists some, but not all, of the built-in and automatic exclusions. 
+Automatic server role exclusions will apply specific sets of automatic path and process exclusions based on the roles that you select for the server. 
 
-## Automatic server role exclusions
+> [!NOTE]
+> - Please see [Important Notes](#important-notes-about-automatic-exclusions-on-windows-server)
+> - Default locations could be different than the locations that are described in this article.
+> - The list of built-in exclusions applied by Microsoft Defender Antivirus is kept up to date as the threat landscape changes. This article lists some, but not all, of the automatic server role exclusions. 
+> - To set exclusions for software that isn't included as a Windows feature or server role, refer to the software manufacturer's documentation.
+
+### Windows Server 2016 or later
 
 On Windows Server 2016 or later, you shouldn't need to define exclusions for server roles. When you install a role on Windows Server 2016 or later, Microsoft Defender Antivirus includes automatic exclusions for the server role and any files that are added while installing the role.
 
-Windows Server 2012 R2 does not support the automatic exclusions feature. You'll need to define explicit exclusions for any server role and any software that's added after installing the operating system.
+### Windows Server 2012 R2
+
+Windows Server 2012 R2 does not support the automatic server role exclusions feature. Windows Server 2012 R2 also does not have Microsoft Defender Antivirus as an installable feature. When you onboard those servers to Defender for Endpoint, you'll install Microsoft Defender Antivirus, and default built-in exclusions for operating system files are applied. However, automatic server role exclusions (as specified below) will not be automatically applied. If these exclusions are desired, you should add custom exclusions for these paths and processes as appropriate. To learn more about onboarding Microsoft Defender Antivirus on Windows Server 2012 R2, see [Onboard Windows servers to the Microsoft Defender for Endpoint service](configure-server-endpoints.md).
 
-> [!IMPORTANT]
-> - Default locations could be different than the locations that are described in this article.
-> - To set exclusions for software that isn't included as a Windows feature or server role, refer to the software manufacturer's documentation.
 
-Automatic exclusions include:
+### Automatic exclusions include:
 
 - [Hyper-V exclusions](#hyper-v-exclusions)
 - [SYSVOL files](#sysvol-files)
@@ -229,9 +240,14 @@ This section lists the folder exclusions that are delivered automatically when y
 
 ## Built-in exclusions
 
+> [!NOTE]
+> - Please see [Important Notes](#important-notes-about-automatic-exclusions-on-windows-server)
+> - Default locations could be different than the locations that are described in this article.
+> - The list of built-in exclusions applied by Microsoft Defender Antivirus is kept up to date as the threat landscape changes. This article lists some, but not all, of the built-in exclusions. 
+
 Because Microsoft Defender Antivirus is built into Windows, it doesn't require exclusions for operating system files on any version of Windows. 
 
-Built-in exclusions include:
+### Built-in exclusions include:
 
 - [Windows "temp.edb" files](#windows-tempedb-files)
 - [Windows Update files or Automatic Update files](#windows-update-files-or-automatic-update-files)
@@ -241,7 +257,6 @@ Built-in exclusions include:
 - [File Replication Service (FRS) exclusions](#file-replication-service-frs-exclusions)
 - [Process exclusions for built-in operating system files](#process-exclusions-for-built-in-operating-system-files)
 
-The list of built-in exclusions in Windows is kept up to date as the threat landscape changes.
 
 ### Windows "temp.edb" files
 

defender-endpoint/microsoft-defender-endpoint-linux.md

@@ -15,7 +15,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: linux
 search.appverid: met150
-ms.date: 03/20/2025
+ms.date: 03/28/2025
 ---
 
 # Microsoft Defender for Endpoint on Linux
@@ -74,21 +74,7 @@ There are several methods and tools that you can use to deploy Microsoft Defende
 > [!IMPORTANT]
 > Installing Microsoft Defender for Endpoint in any location other than the default install path isn't supported. On Linux, Microsoft Defender for Endpoint creates an mdatp user with random UID and GID values. If you want to control these values, create an mdatp user before installation using the /usr/sbin/nologin shell option. Here's an example: `mdatp:x:UID:GID::/home/mdatp:/usr/sbin/nologin`.
 
-### Troubleshoot installation issues
-
-If you experience any installation issues, for self-troubleshooting, follow these steps:
-
-1. For information on how to find the log that's generated automatically when an installation error occurs, see [Log installation issues](linux-resources.md#log-installation-issues).
-
-2. For information about common installation issues, see [Installation issues](/defender-endpoint/linux-support-install).
-
-3. If health of the device is `false`, see [Defender for Endpoint agent health issues](/defender-endpoint/health-status).
-
-4. For product performance issues, see [Troubleshoot performance issues](/defender-endpoint/linux-support-perf).
-
-5. For proxy and connectivity issues, see [Troubleshoot cloud connectivity issues](/defender-endpoint/linux-support-connectivity).
-
-To get support from Microsoft, open a support ticket, and provide the log files created by using the [client analyzer](/defender-endpoint/overview-client-analyzer).
+If you experience any installation issues, self-troubleshooting resources are available. See the ilnks in the [See also](#see-also) section.
 
 ### Configure policies for Defender for Endpoint on Linux