Merge branch 'main' into user/mavel/whatsnew

Ruchika-mittal01 · web-flow · commit 17cdb0f6746c · 2025-03-24T23:53:02.000+05:30
diff --git a/defender-endpoint/schedule-antivirus-scan-anacron.md b/defender-endpoint/schedule-antivirus-scan-anacron.md
@@ -1,11 +1,11 @@
 ---
-title: Schedule an antivirus scan using Anacron in Microsoft Defender for Endpoint on Linux
+title: Schedule an antivirus scan using Anacron with Microsoft Defender for Endpoint on Linux
 description: Learn how to schedule an antivirus scan in Microsoft Defender for Endpoint on Linux for better protection of your organization's assets.
 ms.service: defender-endpoint
 ms.author: deniseb
 author: denisebmsft
 ms.localizationpriority: medium
-ms.date: 12/02/2023
+ms.date: 03/24/2025
 manager: deniseb
 audience: ITPro
 ms.collection:
@@ -17,18 +17,15 @@ ms.subservice: linux
 search.appverid: met150
 ---
 
-# Schedule an antivirus scan using Anacron in Microsoft Defender for Endpoint on Linux
+# Schedule an antivirus scan using Anacron with Microsoft Defender for Endpoint on Linux
 
 **Applies to:**
 
 - Microsoft Defender for Endpoint for servers
 - Microsoft Defender for Servers Plan 1 or Plan 2
 - Microsoft Defender Antivirus
 
-To run a scan of Microsoft Defender Antivirus for Linux, see [Supported Commands](linux-resources.md#supported-commands).
-
-> [!NOTE]
-> This article supports Microsoft Defender for Endpoint on Linux for Red Hat Enterprise Linux distributions (RHEL).
+To run a scan of Microsoft Defender Antivirus for Linux, see [Supported commands](linux-resources.md#supported-commands).
 
 ## System requirements
 
@@ -37,23 +34,27 @@ See the following system requirements needed to schedule Microsoft Defender Anti
 - Linux distributions and versions: Red Hat Enterprise Linux 7.2 or higher.
 - The **FANOTIFY** option in kernel must be enabled.
 
+Also see [Prerequisites for Microsoft Defender for Endpoint on Linux](mde-linux-prerequisites.md).
+
 ## Scheduling Microsoft Defender Antivirus scan in Red Hat Linux
 
-You can schedule cron jobs to initiate Microsoft Defender Antivirus scans on a schedule. For more information, see [How to schedule scans with Microsoft Defender for Endpoint on Linux](schedule-antivirus-scan-crontab.md). This process works well if the device is always up and running.
+You can [schedule cron jobs to initiate Microsoft Defender Antivirus scans on a schedule](schedule-antivirus-scan-crontab.md). This process works well if the device is always up and running.
 
-But if the Linux devices are shut down or offline during the cron schedule, the scan won't run. In these situations, you can use **anacron** to read the timestamp and find the last executed job. If the device was shut down during the scheduled cron job, it needs to wait until the next scheduled time. By using **anacron**, the system will detect the last time the scan was run. If the device didn't run the cron job, it will automatically start it.
+But if the Linux devices are shut down or offline during the cron schedule, scans don't run. In these situations, you can use **anacron** to read the timestamp and find the last executed job. If the device was shut down during the scheduled cron job, it needs to wait until the next scheduled time. By using **anacron**, the system will detect the last time the scan was run. If the device didn't run the cron job, it will automatically start it.
 
 ### Schedule Microsoft Defender Antivirus scans in Red Hat Linux
 
 Use the following steps to schedule scans:
 
 1. Connect to the RedHat server using PuTTY.
-1. Edit the anacron file:
+
+2. Edit the anacron file as follows:
+
    ```shell
    vi /etc/anacron
    ```
 
-1.  :::image type="content" source="media/vi-etc-anacron.png" alt-text="Sample Anacron Job Linux." lightbox="media/vi-etc-anacron.png" link="media/vi-etc-anacron.png":::
+3. Review and edit your Anacron file, which contains the following information:
 
    ```shell
    # /etc/anacrontab: configuration file for anacron
@@ -66,19 +67,24 @@ Use the following steps to schedule scans:
    # delay will be 5 minutes + RANDOM_DELAY for cron.daily
    ```
 
-1. Note the following items in the file.
-   1. **Shell:** Shell is referred as `/bin/sh`, and not as `/bin/bash`. Remember when writing the jobs.
-   1. **RANDOM_DELAY:** Describes the maximum time in minutes for the job. This value is used to offset the jobs so there wouldn't be too many jobs running at the same time. Using this delay is ideal for VDI solutions.
-   1. **START_HOURS_RANGE:** Describes the time range to run the job.
-   1. **cron.daily:** Describes 1 as the period of days required for the frequency of job executions. 5 is the delay in minutes that anacron waits after the device restarts.
+   Notice the following items in the file:
+
+   - **Shell** is referred as `/bin/sh`, and not as `/bin/bash`. Remember this when you're configuring jobs.
+   - **RANDOM_DELAY** describes the maximum time in minutes for the job. This value is used to offset the jobs so there aren't too many jobs running at the same time. Using this delay is ideal for VDI solutions.
+   - **START_HOURS_RANGE** describes the time range to run the job.
+   - **cron.daily** describes `1` as the period of days required for the frequency of job executions. `5 is the delay in minutes that anacron waits after the device restarts.
 
-1. Review look at the anacron jobs:
+4. Review your anacron jobs by using the following command:
 
    ```shell
    ls -lh /etc/cron*
    ```
 
-    :::image type="content" source="media/vi-etc-anacron.png" alt-text="Sample Anacron Job Linux." lightbox="media/vi-etc-anacron.png" link="media/vi-etc-anacron.png":::
+   You should see information similar to what's shown in the following screenshot:
+
+   :::image type="content" source="media/vi-etc-anacron.png" alt-text="Sample Anacron Job Linux." lightbox="media/vi-etc-anacron.png" link="media/vi-etc-anacron.png":::
+
+   The following code example provides a more detailed view:
 
    ```shell
    [root@redhat7 /] # ls -lh /etc/cron*
@@ -117,9 +123,9 @@ Use the following steps to schedule scans:
    total 0
    ```
 
-1. Ignore the `/etc/cron.d` directory, you will see `/etc/cron.daily, hourly, monthly, and weekly`.
+   Ignore the `/etc/cron.d` directory; instead, review `/etc/cron.daily, hourly, monthly, and weekly`.
 
-1. To schedule a weekly antivirus scan, you can create a file (Job) under the ```/etc/cron.weekly``` directory.
+5. To schedule a weekly antivirus scan, you can create a file (Job) under the ```/etc/cron.weekly``` directory.
 
    ```shell
    cd /etc/cron.weekly
@@ -145,7 +151,7 @@ Use the following steps to schedule scans:
    Type: wq!
    ```
 
-1. Change the file permissions to allow the file to be executed.
+6. Change the file permissions to allow the file to be executed by using this command: 
 
    ```shell
    Chmod 755 mdavfullscan
@@ -168,13 +174,13 @@ Use the following steps to schedule scans:
    [root@redhat7 cron.weekly] #
    ```
 
-1. Use the command to test the weekly anacron job.
+7. Use the following command to test the weekly anacron job:
 
    ```shell
    ./mdavfullscan
    ```
 
-1. Use the command to verify the job ran successfully.
+8. Use the following command to verify the job ran successfully:
 
    ```shell
    cat /logs/mdav_avacron_full_scan.log
@@ -192,5 +198,10 @@ Use the following steps to schedule scans:
     [root@redhat7 cron.weekly] #
     ```
 
-[!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]
+## See also
 
+- [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+- [Prerequisites for Microsoft Defender for Endpoint on Linux](mde-linux-prerequisites.md)
+- [Configure security settings and policies for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+
+[!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]
diff --git a/defender-endpoint/schedule-antivirus-scan-crontab.md b/defender-endpoint/schedule-antivirus-scan-crontab.md
@@ -1,5 +1,5 @@
 ---
-title: How to schedule scans with Microsoft Defender for Endpoint (Linux)
+title: Schedule an antivirus scan using crontab with Microsoft Defender for Endpoint on Linux
 description: Learn how to schedule an automatic scanning time for Microsoft Defender for Endpoint (Linux) to better protect your organization's assets.
 ms.service: defender-endpoint
 ms.author: deniseb
@@ -15,17 +15,17 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: linux
 search.appverid: met150
-ms.date: 10/11/2024
+ms.date: 03/24/2025
 ---
 
-# Schedule scans with Microsoft Defender for Endpoint (Linux)
+# Schedule an antivirus scan using crontab with Microsoft Defender for Endpoint on Linux
 
 **Applies to:**
 
 - Microsoft Defender for Endpoint for servers
 - Microsoft Defender for Servers Plan 1 or Plan 2
 
-To run a scan for Linux, see [Supported Commands](linux-resources.md#supported-commands).
+To run a scan for Linux, see [Supported commands](linux-resources.md#supported-commands).
 
 For Linux (and Unix), you can use a tool called **crontab** (similar to Task Scheduler in Windows) to run scheduled tasks.
 
@@ -41,9 +41,9 @@ For Linux (and Unix), you can use a tool called **crontab** (similar to Task Sch
 > - `America/Chicago`
 > - `America/Denver`
 
-## To set the Cron job
+## Set the Cron job
 
-Use the following commands:
+To set the cron job, use the commands in this article.
 
 ### Backup crontab entries
 
@@ -72,9 +72,7 @@ You might see:
 0 * * * * /etc/opt/microsoft/mdatp/logrorate.sh
 ```
 
-Press "Insert"
-
-Add the following entries:
+Press **Insert**, and then add the following entries:
 
 ```bash
 CRON_TZ=America/Los_Angeles
@@ -85,9 +83,7 @@ CRON_TZ=America/Los_Angeles
 > [!NOTE]
 > In this example, we have  set it to 00 minutes, 2 a.m. (hour in 24 hour format), any day of the month, any month, on Saturdays. Meaning it will run Saturdays at 2:00 a.m. Pacific (UTC -8).
 
-Press "Esc"
-
-Type "`:wq`" without the double quotes.
+Press **Esc**, and then type "`:wq`" without the double quotes.
 
 > [!NOTE]
 > w == write, q == quit
@@ -134,7 +130,7 @@ For more information, see [Chef documentation](https://docs.chef.io/resources/cr
 Resource Type: cron
 ```
 
-See <https://puppet.com/docs/puppet/5.5/types/cron.html> for more information.
+For more information, see [Puppet documentation: Resource Type: cron](https://puppet.com/docs/puppet/5.5/types/cron.html). 
 
 **Automating with Puppet: Cron jobs and scheduled tasks**
 
@@ -231,4 +227,11 @@ crontab -u username -r
 | | | | +—- day of week (values: 0 - 6) (Sunday=0 or 7) (special characters: , \- \* / L W C) <br>
 | | | | |*****command to be executed
 ```
+
+## See also
+
+- [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+- [Prerequisites for Microsoft Defender for Endpoint on Linux](mde-linux-prerequisites.md)
+- [Configure security settings and policies for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+
 [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]
diff --git a/defender-office-365/preset-security-policies.md b/defender-office-365/preset-security-policies.md
@@ -16,7 +16,7 @@ ms.custom:
 description: Admins can learn how to apply Standard and Strict policy settings across the protection features of Exchange Online Protection (EOP) and Microsoft Defender for Office 365
 ms.service: defender-office-365
 search.appverid: met150
-ms.date: 03/21/2025
+ms.date: 03/24/2025
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/eop-about" target="_blank">Exchange Online Protection</a>
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 1 and Plan 2</a>
@@ -33,9 +33,9 @@ Depending on your organization, preset security policies provide many of the pro
 
 The following preset security policies are available:
 
-- **Standard** preset security policy
-- **Strict** preset security policy
-- **Built-in protection** preset security policy (default policies for Safe Attachments and Safe Links protection in Defender for Office 365)
+- **Standard** preset security policy.
+- **Strict** preset security policy.
+- **Built-in protection** preset security policy (default policies for Safe Attachments and Safe Links protection in Defender for Office 365; applied to all users who aren't specifically excluded, or who aren't included in the **Standard** or **Strict** preset security policies, or in custom Safe Attachments or Safe Links policies).
 
 For details about these preset security policies, see the [Appendix](#appendix) section at the end of this article.
 
@@ -190,7 +190,7 @@ To disable the **Standard protection** or **Strict protection** preset security
 > [!TIP]
 > The **Built-in protection** preset security policy is applied to all users in organizations with any amount of licenses for Defender for Office 365. Application of this protection is in the spirit of securing the broadest set of users until admins specifically configure Defender for Office 365 protections. Because **Built-in protection** is enabled by default, customers don't need to worry about violating product licensing terms. However, we recommend purchasing enough Defender for Office 365 licenses to ensure **Built-in protection** continues for all users.
 >
-> The **Built-in protection** preset security policy doesn't affect recipients who are defined in the **Standard** or **Strict** preset security policies, or in custom Safe Links or Safe Attachments policies. Therefore, we typically don't recommend exceptions to the **Built-in protection** preset security policy, unless you want to exclude users who aren't eligible for Safe Links and Safe Attachments protections (users who lack Defender for Office 365 licenses).
+> <u>The **Built-in protection** preset security policy doesn't affect recipients who are defined in the **Standard** or **Strict** preset security policies, or in custom Safe Links or Safe Attachments policies</u>. Therefore, we typically don't recommend exceptions to the **Built-in protection** preset security policy, unless you want to exclude users who aren't eligible for Safe Links and Safe Attachments protections (users who lack Defender for Office 365 licenses).
 
 1. In the Microsoft Defender portal at <https://security.microsoft.com>, go to **Email & Collaboration** \> **Policies & Rules** \> **Threat policies** \> **Preset Security Policies** in the **Templated policies** section. Or, to go directly to the **Preset security policies** page, use <https://security.microsoft.com/presetSecurityPolicies>.
 
