Merge pull request #5536 from MicrosoftDocs/main

[AutoPublish] main to live - 11/09 04:38 PST | 11/09 18:08 IST

Author: m365-skilling-repo-management[bot]

defender-endpoint/indicators-overview.md

@@ -119,6 +119,11 @@ When your security team creates a new indicator (IoC), the following actions are
 > [!NOTE]
 > Using Warn mode prompts users with a warning if they open a risky app or website. The prompt doesn't block them from allowing the application or website to run, but you can provide a custom message and links to a company page that describes appropriate usage of the app. Users can still bypass the warning and continue to use the app if necessary. For more information, see [Govern apps discovered by Microsoft Defender for Endpoint](/defender-cloud-apps/mde-govern).
 
+> [!NOTE]
+> For Warn action, To receive the toast notification to be able to bypass the IoC, make sure the **“Files or activities are blocked”** option is enabled under **Virus & Threat Protection notifications**. The corresponding registry key should be set as follows: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender Security Center\Virus and threat protection\FilesBlockedNotificationDisabled = 0.  
+>   
+>  More details see **[Windows Security app settings](https://support.microsoft.com/windows/windows-security-app-settings-1ec98620-4e41-4b6b-b055-3c4bb115d4ee#bkmk_notifications)**.
+
 You can create an indicator for:
 
 - [Files](indicator-file.md)

defender-endpoint/mac-device-control-overview.md

@@ -1,4 +1,4 @@
----
+---
 title: Device control for macOS
 description: Learn how to configure Microsoft Defender for Endpoint on Mac to reduce threats from removable storage such as USB devices.
 ms.service: defender-endpoint
@@ -27,11 +27,7 @@ appliesto:
 
 ## Requirements
 
-Device control for macOS has the following prerequisites:
-
-- Defender for Endpoint or Defender for Business licenses (can be a trial subscription)
-- Minimum OS version: macOS 11 or higher
-- Minimum product version: `101.34.20`
+Device control for macOS is available on the versions listed in the [System requirements](/defender-endpoint/microsoft-defender-endpoint-mac) section of Defender for Endpoint on macOS documentation.
 
 ## Overview
 

defender-endpoint/network-protection.md

@@ -147,14 +147,19 @@ When an end user attempts to visit a website in an environment in which network
 A user visits a website. If the url has an unknown or uncertain reputation, a toast notification presents the user with the following options:
 
 - **Ok**: The toast notification is released (removed), and the attempt to access the site is ended.
-- **Unblock**: The user has access to the site for 24 hours; at which point the block is reenabled. The user can continue to use **Unblock** to access the site until such time that the administrator prohibits (blocks) the site, thus removing the option to **Unblock**.
+- **Unblock**: The user has access to the site for 24 hours; at which point the block is re-enabled. The user can continue to use **Unblock** to access the site until such time that the administrator prohibits (blocks) the site, thus removing the option to **Unblock**.
 - **Feedback**: The toast notification presents the user with a link to submit a ticket, which the user can use to submit feedback to the administrator in an attempt to justify access to the site.
 
 :::image type="content" source="media/network-protection-phishing-warn-2.png" alt-text="Shows a network protection phishing content warn notification.":::
 
 > [!NOTE]
 > The images shown in this article for both the `warn` experience and `block` experience use "blocked url" as example placeholder text. In a functioning environment, the actual url or domain is listed.  
 
+> [!NOTE]
+> To receive this toast notification, make sure the **“Files or activities are blocked”** option is enabled under **Virus & Threat Protection notifications**. The corresponding registry key should be set as follows:
+> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender Security Center\Virus and threat protection\FilesBlockedNotificationDisabled = 0
+> More details see [Windows Security app settings](https://support.microsoft.com/windows/windows-security-app-settings-1ec98620-4e41-4b6b-b055-3c4bb115d4ee#bkmk_notifications). 
+
 #### Use CSP to enable `Convert warn verdict to block`
 By default, SmartScreen verdicts for malicious sites result in a warning that can be overridden by the user. A policy can be set to convert the warning to blocks, preventing such overrides.