Merge branch 'main' into maccruz-unifiedcustom

Author: schmurky

.openpublishing.redirection.defender-cloud-apps.json

@@ -1009,6 +1009,11 @@
       "source_path": "CloudAppSecurityDocs/troubleshooting-api-connectors-using-error-messages.md",
       "redirect_url": "/defender-cloud-apps/troubleshooting-api-connectors-errors",
       "redirect_document_id": true
-    }
+    },
+    {
+      "source_path": "CloudAppSecurityDocs/connector-platform.md",
+      "redirect_url": "/defender-cloud-apps/enable-instant-visibility-protection-and-governance-actions-for-your-apps",
+      "redirect_document_id": true
+    },
   ]
 }

ATPDocs/deploy/remote-calls-sam.md

@@ -10,7 +10,7 @@ ms.topic: how-to
 Microsoft Defender for Identity mapping for [potential lateral movement paths](/defender-for-identity/understand-lateral-movement-paths) relies on queries that identify local admins on specific machines. These queries are performed with the SAM-R protocol, using the Defender for Identity [Directory Service account](directory-service-accounts.md) you configured.
 
 > [!NOTE]
-> This feature can potentially be exploited by an adversary to obtain the Net-NTLM hash of the DSA account due to a Windows limitation in the SAM-R calls that allows downgrading from Kerberos to NTLM.
+> This feature can potentially be exploited by an adversary to obtain the NTLM hash of the DSA account due to a Windows limitation in the SAM-R calls that allows downgrading from Kerberos to NTLM.
 > The new Defender for Identity sensor (version 3.x) is not affected by this issue as it uses different detection methods.
 > 
 > It is recommended to use a [low privileged DSA account](directory-service-accounts.md#grant-required-dsa-permissions). You can also [contact support](../support.md) to open a case and request to completely disable the [Lateral Movement Paths](../security-assessment-riskiest-lmp.md) data collection capability.

CloudAppSecurityDocs/connector-platform.md

@@ -118,6 +118,7 @@ This section provides instructions for connecting Microsoft  Defender for Cloud
       * **Manage Users**
       * **[Query All Files](https://go.microsoft.com/fwlink/?linkid=2106480)**
       * **Modify Metadata Through Metadata API Functions**
+      * **View Setup And Configuration**
 
       If these checkboxes aren't selected, you may need to contact Salesforce to add them to your account.
 

CloudAppSecurityDocs/protect-salesforce.md

@@ -1,7 +1,7 @@
 ---
 title: Protect your ServiceNow environment | Microsoft Defender for Cloud Apps
 description: Learn how about connecting your ServiceNow app to Defender for Cloud Apps using the API connector.
-ms.date: 04/28/2025
+ms.date: 05/05/2025
 ms.topic: how-to
 ---
 
@@ -97,6 +97,7 @@ Defender for Cloud Apps supports the following ServiceNow versions:
         - Kingston
         - London  
         - Utah
+        - Yokohama
     :::column-end:::
     :::column:::
         - Madrid

CloudAppSecurityDocs/protect-servicenow.md

@@ -62,8 +62,6 @@ items:
       - name: Overview
         displayName: connect apps
         href: enable-instant-visibility-protection-and-governance-actions-for-your-apps.md
-      - name: Custom connectors with the open app connector platform
-        href: ./connector-platform.md
       - name: Asana
         href: protect-asana.md
       - name: Atlassian

CloudAppSecurityDocs/toc.yml

@@ -252,14 +252,14 @@
                 href: manage-sys-extensions-using-jamf.md
               - name: Manual deployment
                 href: manage-sys-extensions-manual-deployment.md
-            
+           
         - name: Defender for Endpoint on Linux
           items:
           - name: Deploy Defender for Endpoint on Linux
             items:
-            - name: 1 - Prerequisites
+            - name: Prerequisites
               href: mde-linux-prerequisites.md
-            - name: 2 - Choose a deployment method
+            - name: Choose a deployment method
               items:
               - name: Installer script based deployment
                 href: linux-installer-script.md
@@ -277,28 +277,28 @@
                 href: /azure/defender-for-cloud/onboard-machines-with-defender-for-endpoint?toc=/defender-endpoint/toc.json&bc=/defender-endpoint/breadcrumb/toc.json
               - name: Deployment guidance for Defender for Endpoint on Linux for SAP
                 href: mde-linux-deployment-on-sap.md
-            - name: 3 - Configuration
+          - name: Configure Defender for Endpoint on Linux
+            items:
+            - name: Configure security policies and settings
+              href: linux-preferences.md
+            - name: Static proxy configuration
+              href: linux-static-proxy-configuration.md
+            - name: Configure antivirus scans
               items:
-              - name: Configure security policies and settings
-                href: linux-preferences.md
-              - name: Static proxy configuration
-                href: linux-static-proxy-configuration.md
-              - name: Configure antivirus scans
-                items:
-                - name: Schedule antivirus scans using Anacron
-                  href: schedule-antivirus-scan-anacron.md
-                - name: Schedule antivirus scans using Crontab
-                  href: schedule-antivirus-scan-crontab.md
-              - name: Network protection for Linux
-                href: network-protection-linux.md
-              - name: Configure and validate exclusions on Linux
-                href: linux-exclusions.md
-              - name: Configure eBPF-based sensor
-                href: linux-support-ebpf.md 
-              - name: Detect and block Potentially Unwanted Applications
-                href: linux-pua.md
-              - name: Configure Offline Security Intelligence Update
-                href: linux-support-offline-security-intelligence-update.md
+              - name: Schedule antivirus scans using Anacron
+                href: schedule-antivirus-scan-anacron.md
+              - name: Schedule antivirus scans using Crontab
+                href: schedule-antivirus-scan-crontab.md
+            - name: Network protection for Linux
+              href: network-protection-linux.md
+            - name: Configure and validate exclusions on Linux
+              href: linux-exclusions.md
+            - name: Configure eBPF-based sensor
+              href: linux-support-ebpf.md 
+            - name: Detect and block Potentially Unwanted Applications
+              href: linux-pua.md
+            - name: Configure Offline Security Intelligence Update
+              href: linux-support-offline-security-intelligence-update.md
           - name: Update Defender for Endpoint on Linux
             items: 
             - name: Update Defender for Endpoint on Linux
@@ -307,7 +307,7 @@
               href: linux-update-mde-linux.md
           - name: Privacy for Defender for Endpoint on Linux
             href: linux-privacy.md
-          - name: Resources for Microsoft Defender for Endpoint on Linux
+          - name: Additional resources for Defender for Endpoint on Linux
             href: linux-resources.md
         - name: Mobile Threat Defense
           items:

defender-endpoint/TOC.yml

@@ -10,7 +10,7 @@ ms.topic: overview
 ms.service: defender-endpoint
 ms.subservice: onboard
 ms.localizationpriority: medium
-ms.date: 02/13/2025
+ms.date: 05/02/2025
 ms.reviewer: shlomiakirav
 f1.keywords: NOCSH
 ms.collection: 
@@ -83,23 +83,13 @@ To learn more, see the following articles:
 
 Your organization's attack surfaces are all the places where you're vulnerable to cyberattacks. With Defender for Endpoint Plan 1, you can reduce your attack surfaces by protecting the devices and applications that your organization uses. The attack surface reduction capabilities that are included in Defender for Endpoint Plan 1 are described in the following sections.
 
-- [Overview of Microsoft Defender for Endpoint Plan 1](#overview-of-microsoft-defender-for-endpoint-plan-1)
-  - [Defender for Endpoint Plan 1 capabilities](#defender-for-endpoint-plan-1-capabilities)
-  - [Next-generation protection](#next-generation-protection)
-  - [Manual response actions](#manual-response-actions)
-  - [Attack surface reduction](#attack-surface-reduction)
-    - [Attack surface reduction rules](#attack-surface-reduction-rules)
-    - [Ransomware mitigation](#ransomware-mitigation)
-    - [Device control](#device-control)
-    - [Web protection](#web-protection)
-    - [Network protection](#network-protection)
-    - [Network firewall](#network-firewall)
-    - [Application control](#application-control)
-  - [Centralized management](#centralized-management)
-    - [Role-based access control](#role-based-access-control)
-    - [Reporting](#reporting)
-    - [APIs](#apis)
-  - [Next steps](#next-steps)
+- [Attack surface reduction rules](#attack-surface-reduction-rules)
+- [Ransomware mitigation](#ransomware-mitigation)
+- [Device control](#device-control)
+- [Web protection](#web-protection)
+- [Network protection](#network-protection)
+- [Network firewall](#network-firewall)
+- [Application control](#application-control)
 
 To learn more about attack surface reduction capabilities in Defender for Endpoint, see [Overview of attack surface reduction](overview-attack-surface-reduction.md).
 
@@ -191,17 +181,17 @@ With the Defender for Endpoint APIs, you can automate workflows and integrate wi
 
 To learn more, see [Defender for Endpoint APIs](api/management-apis.md). 
 
-- **Microsoft Defender for Servers Plan 1 or Plan 2** (*recommended for enterprise customers*) as part of the [Defender for Cloud](/azure/defender-for-cloud/defender-for-cloud-introduction) offering. To learn more. see [Overview of Microsoft Defender for Servers](/azure/defender-for-cloud/defender-for-servers-introduction).
-- **Microsoft Defender for Endpoint Server** (*recommended for enterprise customers*). To learn more, see [Defender for Endpoint onboarding Windows Server](onboard-windows-server.md).
-- **Microsoft Defender for Business servers** (*for small and medium-sized businesses who have [Microsoft Defender for Business](/defender-business/mdb-overview)*). To learn more, see [How to get Microsoft Defender for Business servers](/defender-business/get-defender-business#how-to-get-microsoft-defender-for-business-servers).
-
-See [Microsoft licensing and product terms](https://www.microsoft.com/en-us/licensing/product-licensing/products).
-
 ## Next steps
 
 - [Set up and configure Defender for Endpoint Plan 1](mde-p1-setup-configuration.md)
+
+## Related content
+
 - [Get started with Defender for Endpoint Plan 1](mde-plan1-getting-started.md)
 - [Manage Defender for Endpoint Plan 1](preferences-setup.md)
 - [Learn about exclusions for Microsoft Defender for Endpoint and Microsoft Defender Antivirus](defender-endpoint-antivirus-exclusions.md)
+- [Onboard client devices running Windows or macOS to Microsoft Defender for Endpoint](onboard-client.md)
+- [Onboard servers through Microsoft Defender for Endpoint's onboarding experience](onboard-server.md)
+- [Microsoft Defender for Endpoint - Mobile Threat Defense](mtd.md) (for iOS and Android devices)
 
 [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]

defender-endpoint/defender-endpoint-plan-1.md

@@ -16,7 +16,7 @@ ms.custom: admindeeplinkDEFENDER
 ms.topic: conceptual
 ms.subservice: macos
 search.appverid: met150
-ms.date: 04/16/2025
+ms.date: 05/01/2025
 ---
 
 # Manual deployment for Microsoft Defender for Endpoint on macOS
@@ -33,7 +33,7 @@ ms.date: 04/16/2025
 This article describes how to deploy Microsoft Defender for Endpoint on macOS manually. A successful deployment requires the completion of all of the following steps:
 
 - [Download installation and onboarding packages](#download-installation-and-onboarding-packages)
-- [Application installation (macOS 11 and newer versions)](#application-installation-macos-11-and-newer-versions)
+- [Application installation (macOS 13 and newer versions)](#application-installation-macos-13-and-newer-versions)
 - [Onboarding Package](#onboarding-package)
 - [Grant Full Disk Access](#allow-full-disk-access)
 - [Ensure Background Execution](#background-execution)
@@ -64,23 +64,23 @@ Download the installation and onboarding packages from Microsoft Defender portal
 
 6. Copy the *wdav.pkg* and *MicrosoftDefenderATPOnboardingMacOs.sh* to the device where you want to deploy the Microsoft Defender for Endpoint on macOS.
 
-## Application installation (macOS 11 and newer versions)
+## Application installation (macOS 13 and newer versions)
 
 To complete this process, you must have admin privileges on the device.
 
 1. Do one of the following steps:
 
-   - Navigate to the downloaded *wdav.pkg* in **Finder** and open it.
+- Navigate to the downloaded *wdav.pkg* in **Finder** and open it.
 
    Or
 
-   - You can download the *wdav.pkg*- from **Terminal**
-
+   - You can download the *wdav.pkg*- from **Terminal**.
+   
      ```console
-     sudo installer -store -pkg /Users/admin/Downloads/wdav.pkg -target /
+     sudo installer -pkg /Users/admin/Downloads/wdav.pkg -target /
      ```
-
-   :::image type="content" source="media/monterey-install-1.png" alt-text="Screenshot that shows the installation process for the application":::
+     
+      :::image type="content" source="media/monterey-install-1.png" alt-text="Screenshot that shows the installation process for the application.":::
 
 2. Select **Continue**.
 
@@ -111,7 +111,7 @@ To complete this process, you must have admin privileges on the device.
 
 9. Select **Install Software**.
 
-10. At the end of the installation process, for macOS Big Sur (11.0) or latest version, you're prompted to approve the system extensions used by the product. Select **Open Security Preferences**.
+10. At the end of the installation process, for macOS Ventura (13.0) or latest version, you're prompted to approve the system extensions used by the product. Select **Open Security Preferences**.
 
     :::image type="content" source="media/monterey-install-2.png" alt-text="Screenshot that shows the system extension approval":::