Merge branch 'main' into shdyas-workflows

shdyas · web-flow · commit 15c4ce8f8b13 · 2024-08-21T10:04:06.000-07:00
diff --git a/defender-endpoint/device-control-deploy-manage-intune.md b/defender-endpoint/device-control-deploy-manage-intune.md
@@ -55,6 +55,7 @@ If you're using Intune to manage Defender for Endpoint settings, you can use it
    - Under **Connectivity**, see [Allow USB Connection](/windows/client-management/mdm/policy-csp-Connectivity#allowusbconnection)** and [Allow Bluetooth](/windows/client-management/mdm/policy-csp-Connectivity#allowbluetooth) settings.
    - Under **Bluetooth**, see a list of settings that pertain to Bluetooth connections and services. For more details, see [Policy CSP - Bluetooth](/windows/client-management/mdm/policy-csp-Bluetooth?WT.mc_id=Portal-fx).
    - Under **Device Control**, you can configure custom policies with reusable settings. For more details, see [Device control overview: Rules](device-control-policies.md#rules).
+   - Under **System**, see [Allow Storage Card](/windows/client-management/mdm/policy-csp-System#allowstoragecard) settings.
 
 6. After you have configured your settings, proceed to the **Scope tags** tab, where you can specify [scope tags](/mem/intune/fundamentals/scope-tags) for the policy.
 
diff --git a/defender-endpoint/mac-install-with-intune.md b/defender-endpoint/mac-install-with-intune.md
@@ -14,7 +14,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: macos
 search.appverid: met150
-ms.date: 08/01/2024
+ms.date: 08/20/2024
 ---
 
 # Deploy Microsoft Defender for Endpoint on macOS with Microsoft Intune
@@ -100,6 +100,9 @@ As part of the Endpoint Detection and Response capabilities, Microsoft Defender
 
 Download [netfilter.mobileconfig](https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/macos/mobileconfig/profiles/netfilter.mobileconfig) from [GitHub repository](https://github.com/microsoft/mdatp-xplat/tree/master/macos/mobileconfig/profiles).
 
+> [!IMPORTANT]
+> Only one `.mobileconfig` (plist) for Network Filter is supported.  Adding multiple Network Filters leads to network connectivity issues on Mac. This issue is not specific to Defender for Endpoint on macOS.
+
 To configure your network filter:
 
 1. Under **Configuration profiles**, select **Create Profile**.
diff --git a/defender-endpoint/media/device-control-policy-intune.png b/defender-endpoint/media/device-control-policy-intune.png
diff --git a/defender-vulnerability-management/defender-vulnerability-management-capabilities.md b/defender-vulnerability-management/defender-vulnerability-management-capabilities.md
@@ -13,7 +13,7 @@ f1.keywords: NOCSH
 ms.collection: 
 - m365-security
 - Tier1
-ms.date: 04/02/2024
+ms.date: 08/14/2024
 ---
 
 # Compare Microsoft Defender Vulnerability Management plans and capabilities
@@ -30,17 +30,17 @@ This article helps clarify the Defender Vulnerability Management capabilities in
 - [Microsoft Defender Vulnerability Management](defender-vulnerability-management.md)
 - [Microsoft Defender for Servers](/azure/defender-for-cloud/plan-defender-for-servers-select-plan)
 
+> [!NOTE]
+> Microsoft Defender Vulnerability Management isn't currently available to Microsoft Defender for Business customers.
+
 ## Start a trial
 
+> [!NOTE]
+> The Microsoft Defender Vulnerability Management trial isn't currently available to US Government customers using GCC High, and DoD. For more information on purchase options available, see [Microsoft Defender Vulnerability Management](https://www.microsoft.com/security/business/threat-protection/microsoft-defender-vulnerability-management-pricing?msockid=17c438e9b0b8628c22d52cd3b1c763eb).
+
 - If you already have Defender for Endpoint Plan 2 [Try Defender Vulnerability Management Add-on trial for Defender for Endpoint Plan 2 customers](get-defender-vulnerability-management.md#try-defender-vulnerability-management-add-on-trial-for-defender-for-endpoint-plan-2-customers).
 - For new customers or existing Defender for Endpoint P1 or Microsoft 365 E3 customers the **Microsoft Defender Vulnerability Management Standalone is now generally available**. To try it, go to [Try Defender Vulnerability Management Standalone](get-defender-vulnerability-management.md#try-defender-vulnerability-management-standalone).
 
-> [!NOTE]
-> Trial offerings for Microsoft Defender Vulnerability Management aren't currently available to:
->
-> - US Government customers using GCC High, and DoD
-> - Microsoft Defender for Business customers
-
 ## Vulnerability Management capabilities for endpoints
 
 The table below shows the availability of Defender Vulnerability Management capabilities for endpoints:
diff --git a/defender-vulnerability-management/get-defender-vulnerability-management.md b/defender-vulnerability-management/get-defender-vulnerability-management.md
@@ -14,25 +14,30 @@ ms.collection:
 - m365-security
 - tier1
 - essentials-get-started
-ms.date: 08/01/2023
+ms.date: 08/14/2023
 ---
 
 # Sign up for Microsoft Defender Vulnerability Management
 
-Microsoft Defender Vulnerability Management is available as a standalone and as an add-on for Microsoft Defender for Endpoint Plan 2 customers.
+> [!NOTE]
+> Microsoft Defender Vulnerability Management isn't currently available to Microsoft Defender for Business customers.
+
+## Starting a trial
 
 > [!NOTE]
-> The trial offering for Microsoft Defender Vulnerability Management isn't currently available to:
->
-> - US Government customers using GCC High, and DoD
-> - Microsoft Defender for Business customers
+> The Microsoft Defender Vulnerability Management trial isn't currently available to US Government customers using GCC High, and DoD.
+> 
+> For more information on purchase options available, see [Microsoft Defender Vulnerability Management](https://www.microsoft.com/security/business/threat-protection/microsoft-defender-vulnerability-management-pricing?msockid=17c438e9b0b8628c22d52cd3b1c763eb).
+
+Microsoft Defender Vulnerability Management is available as a standalone and as an add-on for Microsoft Defender for Endpoint Plan 2 customers.
 
 - If you're a new customer or an existing Defender for Endpoint P1 or Microsoft 365 E3 customer sign up to try the [Defender Vulnerability Management Standalone Trial](#try-defender-vulnerability-management-standalone)
 - If you already have Defender for Endpoint Plan 2, sign up to try the [Defender Vulnerability Management Add-on Trial](#try-defender-vulnerability-management-add-on-trial-for-defender-for-endpoint-plan-2-customers)
 
 > [!NOTE]
 > Trials will be available to customers using the New Commerce Experience (NCE) for a 30 day period. After the 30 day period customers will be able to purchase Microsoft Defender Vulnerability Management through NCE.
 
+
 ## Required roles for starting the trial
 
 As a Global Administrator, you can start the trial or you can allow to users start the trial on behalf of your organization by enabling this option:
diff --git a/defender-xdr/TOC.yml b/defender-xdr/TOC.yml
@@ -478,9 +478,11 @@
         items:
         - name: SOC optimization overview
           display name: SOC optimization
-          href: https://aka.ms/soc-opt-from-defender
+          href: /azure/sentinel/soc-optimization/soc-optimization-access?toc=/defender-xdr/toc.json&bc=/defender-xdr/breadcrumb/toc.json
+        - name: Use SOC optimizations programmatically
+          href: /azure/sentinel/soc-optimization/soc-optimization-api?toc=/defender-xdr/toc.json&bc=/defender-xdr/breadcrumb/toc.json
         - name: SOC optimization reference
-          href: https://aka.ms/soc-opt-ref
+          href: /azure/sentinel/soc-optimization/soc-optimization-reference?toc=/defender-xdr/toc.json&bc=/defender-xdr/breadcrumb/toc.json
     - name: Manage multitenant environments
       items:
         - name: Overview
diff --git a/defender-xdr/microsoft-threat-actor-naming.md b/defender-xdr/microsoft-threat-actor-naming.md
@@ -6,16 +6,16 @@ ms.service: defender-xdr
 ms.mktglfcycl: secure
 ms.sitesec: library
 ms.localizationpriority: medium
-ms.author: vpattnaik
-author: diannegali
+ms.author: diannegali
+author: vpattnaik
 manager: dansimp
 audience: ITPro
 ms.collection: 
 - m365-security
 - tier2
 ms.topic: conceptual
 search.appverid: met150
-ms.date: 06/12/2024
+ms.date: 08/19/2024
 ---
 
 # How Microsoft names threat actors
@@ -54,6 +54,7 @@ Use the following reference table to understand how our previously publicly disc
 
 |Threat actor name|Previous name|Origin/Threat|Other names|
 |:---:|:---:|:---:|:---:|
+|Antique Typhoon|Storm-0558|China||
 |Aqua Blizzard|ACTINIUM|Russia|UNC530, Primitive Bear, Gamaredon|
 |Blue Tsunami||Private sector offensive actor|Black Cube|
 |Brass Typhoon|BARIUM|China|APT41|
@@ -97,7 +98,7 @@ Use the following reference table to understand how our previously publicly disc
 |Night Tsunami|DEV-0336|Private sector offensive actor|NSO Group|
 |Nylon Typhoon|NICKEL|China|ke3chang, APT15, Vixen Panda|
 |Octo Tempest|Storm-0875|Financially motivated|0ktapus, Scattered Spider, UNC3944|
-|Onyx Sleet|PLUTONIUM|North Korea|Silent Chollima, Andariel, DarkSeoul|
+|Onyx Sleet|PLUTONIUM|North Korea|APT45, Silent Chollima, Andariel, DarkSeoul|
 |Opal Sleet|OSMIUM|North Korea|Konni|
 |Peach Sandstorm|HOLMIUM|Iran|APT33, Refined Kitten|
 |Pearl Sleet|DEV-0215 (LAWRENCIUM)|North Korea||
@@ -110,13 +111,15 @@ Use the following reference table to understand how our previously publicly disc
 |Purple Typhoon|POTASSIUM|China|APT10, Cloudhopper, MenuPass|
 |Raspberry Typhoon|RADIUM|China|APT30, LotusBlossom|
 |Ruby Sleet|CERIUM|North Korea||
+|Ruza Flood|Storm-1099|Russia, Influence operations||
 |Salmon Typhoon|SODIUM|China|APT4, Maverick Panda|
 |Sangria Tempest|ELBRUS|Financially motivated|Carbon Spider, FIN7|
 |Sapphire Sleet|COPERNICIUM|North Korea|Genie Spider, BlueNoroff|
 |Seashell Blizzard|IRIDIUM|Russia|APT44, Sandworm|
 |Secret Blizzard|KRYPTON|Russia|Venomous Bear, Turla, Snake|
+|Sefid Flood|Storm-1364|Iran, Influence operations||
 |Silk Typhoon|HAFNIUM|China||
-|Smoke Sandstorm|BOHRIUM|Iran||
+|Smoke Sandstorm|BOHRIUM|Iran|UNC1549|
 |Spandex Tempest|CHIMBORAZO|Financially motivated|TA505|
 |Star Blizzard|SEABORGIUM|Russia|Callisto, Reuse Team|
 |Storm-0062||China|DarkShadow, Oro0lxy|
@@ -125,23 +128,24 @@ Use the following reference table to understand how our previously publicly disc
 |Storm-0257||Group in development|UNC1151|
 |Storm-0324||Financially motivated|TA543, Sagrid|
 |Storm-0381||Financially motivated||
+|Storm-0501||Group in development||
+|Storm-0506||Group in development||
 |Storm-0530||North Korea|H0lyGh0st|
 |Storm-0539||Financially motivated|Atlas Lion|
-|Storm-0558||China||
 |Storm-0569||Financially motivated||
 |Storm-0587||Russia|SaintBot, Saint Bear, TA471|
 |Storm-0744||Financially motivated||
 |Storm-0784||Iran||
 |Storm-0829||Group in development|Nwgen Team|
 |Storm-0835||Group in development|EvilProxy|
 |Storm-0842||Iran||
+|Storm-0844||Group in development||
 |Storm-0861||Iran||
 |Storm-0867||Egypt|Caffeine|
 |Storm-0971||Financially motivated|(Merged into Octo Tempest)|
 |Storm-0978||Group in development|RomCom, Underground Team|
 |Storm-1044||Financially motivated|Danabot|
 |Storm-1084||Iran|DarkBit|
-|Storm-1099||Russia||
 |Storm-1101||Group in development|NakedPages|
 |Storm-1113||Financially motivated||
 |Storm-1133||Palestinian Authority||
@@ -151,17 +155,22 @@ Use the following reference table to understand how our previously publicly disc
 |Storm-1283||Group in development||
 |Storm-1286||Group in development||
 |Storm-1295||Group in development|Greatness|
-|Storm-1364||Iran||
-|Storm-1376||China, Influence operations||
 |Storm-1516||Russia, Influence operations||
 |Storm-1567||Financially motivated|Akira|
 |Storm-1575||Group in development|Dadsec|
+|Storm-1660||Iran, Influence operations||
 |Storm-1674||Financially motivated||
 |Storm-1679||Russia, Influence operations||
+|Storm-1804||Iran, Influence operations||
+|Storm-1805||Iran, Influence operations||
 |Storm-1811||Financially motivated||
+|Storm-1841||Russia, Influence operations||
 |Storm-1849||China|UAT4356|
+|Storm-1852||Group in development||
+|Storm-2035||Iran, Influence operations||
 |Strawberry Tempest||Financially motivated|LAPSUS$|
 |Sunglow Blizzard||Russia||
+|Taizi Flood|Storm-1376|China, Influence operations|Spamouflage, Dragonbridge|
 |Tomato Tempest|SPURR|Financially motivated|Vatet|
 |Vanilla Tempest|DEV-0832|Financially motivated||
 |Velvet Tempest|DEV-0504|Financially motivated||
diff --git a/defender-xdr/whats-new.md b/defender-xdr/whats-new.md
@@ -31,6 +31,7 @@ You can also get product updates and important notifications through the [messag
 
 ## August 2024
 
+- (Preview) Microsoft Sentinel data is now available with Defender XDR data in Microsoft Defender multitenant management. Only one Microsoft Sentinel workspace per tenant is currently supported in the Microsoft unified security operations platform. So, Microsoft Defender multitenant management shows security information and event management (SIEM) data from one Microsoft Sentinel workspace per tenant. For more information, see [Microsoft Defender multitenant management](mto-overview.md) and [Microsoft Sentinel in the Microsoft Defender portal](/azure/sentinel/microsoft-sentinel-defender-portal).
 - To ensure a smooth experience while navigating the Microsoft Defender portal, configure your network firewall by adding the appropriate addresses to your allow list. For more information, see [Network firewall configuration for Microsoft Defender XDR](m365d-enable.md#configure-your-network-firewall).
 
 ## July 2024
