Merge branch 'main' into release-note-fornetwork-requirement-updates-feb-2025

DeCohen · web-flow · commit 185f2b706731 · 2025-02-27T15:21:49.000+02:00
diff --git a/ATPDocs/deploy/activate-capabilities.md b/ATPDocs/deploy/activate-capabilities.md
@@ -80,7 +80,7 @@ Set-MDIConfiguration -Mode Domain -Configuration All
 
 ## Activate Defender for Identity capabilities
 
-After ensuring that your environment is completely configured, activate the  Microsoft Defender for Identity capabilities on your domain controller.
+After ensuring that your environment is completely configured, activate the Microsoft Defender for Identity capabilities on your domain controller.
 
 Activate the Defender for Identity from the [Microsoft Defender portal](https://security.microsoft.com).
 
@@ -90,13 +90,10 @@ Activate the Defender for Identity from the [Microsoft Defender portal](https://
 
 2. Select the domain controller where you want to activate the Defender for Identity capabilities and then select **Activate**. Confirm your selection when prompted. 
 
-   ![Activation Defensor.](media/activate-capabilities/1.png)
-   
-> [!NOTE]
-> You can choose to activate eligible domain controllers either automatically, where Defender for Identity activates them as soon as they are discovered, or manually, where you select specific domain controllers from the list of eligible servers.
+    > [!NOTE]
+    > You can choose to activate eligible domain controllers either automatically, where Defender for Identity activates them as soon as they're discovered, or manually, where you select specific domain controllers from the list of eligible servers.
 
-3. When the activation is complete, a green success banner shows. In the banner, select **Click here to see the onboarded servers** to jump to the **Settings > Identities > Sensors** page, where you can check your sensor health.  
-![Sensors page.](media/activate-capabilities/2.png)
+3. When the activation is complete, a green success banner shows. In the banner, select **Click here to see the onboarded servers** to jump to the **Settings > Identities > Sensors** page, where you can check your sensor health.
 
 ## Onboarding Confirmation 
 
@@ -107,7 +104,7 @@ To confirm the sensor has been onboarded:
 2. Check that the onboarded domain controller is listed. 
 
 > [!NOTE]
->  The first time you activate Defender for Identity capabilities on your domain controller, it may take up to an hour for the first sensor to show as **Running** on the **Sensors** page. Subsequent activations are shown within five minutes. 
+>  The activation doesn't require a restart/reboot. The first time you activate Defender for Identity capabilities on your domain controller, it may take up to an hour for the first sensor to show as **Running** on the **Sensors** page. Subsequent activations are shown within five minutes.
 
 ## Test activated capabilities
 
@@ -219,8 +216,7 @@ For more information, see [Remediation actions in Microsoft Defender for Identit
 If you want to deactivate Defender for Identity capabilities on your domain controller, delete it from the **Sensors** page:
 
 1. In the Defender portal, select **Settings > Identities > Sensors**.
-1. Select the domain controller where you want to deactivate Defender for Identity capabilities, select **Delete**, and confirm your selection.  
-![Offboarding defensor.](media/activate-capabilities/3.png)
+1. Select the domain controller where you want to deactivate Defender for Identity capabilities, select **Delete**, and confirm your selection.
 
 Deactivating Defender for Identity capabilities from your domain controller doesn't remove the domain controller from Defender for Endpoint. For more information, see [Defender for Endpoint documentation](/microsoft-365/security/defender-endpoint/).
 
diff --git a/CloudAppSecurityDocs/protect-zoom.md b/CloudAppSecurityDocs/protect-zoom.md
@@ -11,8 +11,6 @@ ms.topic: how-to
 
 Zoom is an online video conferencing and collaboration tool. Zoom holds critical data of your organization, and this makes it a target for malicious actors.
 
-Connecting Zoom to Defender for Cloud Apps gives you improved insights into your users' activities and provides threat detection using machine learning based anomaly detections.
-
 [!INCLUDE [security-posture-management-connector](includes/security-posture-management-connector.md)]
 
 ## SaaS security posture management
diff --git a/defender-endpoint/aggregated-reporting.md b/defender-endpoint/aggregated-reporting.md
@@ -21,9 +21,6 @@ appliesto:
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
-> [!IMPORTANT]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 Aggregated reporting addresses constraints on event reporting in Microsoft Defender for Endpoint. Aggregated reporting extends signal reporting intervals to significantly reduce the size of reported events while preserving essential event properties.
 
 Defender for Endpoint reduces noise in collected data to improve the signal-to-noise ratio while balancing product performance and efficiency. It limits data collection to maintain this balance. 
diff --git a/defender-endpoint/attack-surface-reduction-rules-reference.md b/defender-endpoint/attack-surface-reduction-rules-reference.md
@@ -15,7 +15,7 @@ ms.collection:
 - m365-security
 - tier2
 - mde-asr
-ms.date: 02/04/2025
+ms.date: 02/26/2025
 search.appverid: met150
 ---
 
@@ -436,7 +436,7 @@ Advanced hunting action type:
 - `AsrObfuscatedScriptAudited`
 - `AsrObfuscatedScriptBlocked`
 
-Dependencies: Microsoft Defender Antivirus, AntiMalware Scan Interface (AMSI)
+Dependencies: Microsoft Defender Antivirus, AntiMalware Scan Interface (AMSI), Cloud Protection
 
 ### Block JavaScript or VBScript from launching downloaded executable content
 
diff --git a/defender-endpoint/device-health-microsoft-defender-antivirus-health.md b/defender-endpoint/device-health-microsoft-defender-antivirus-health.md
@@ -100,7 +100,7 @@ For the three `updates` cards (also known as up-to-date reporting cards), "**No
 - Computer is disconnected from the network.
 - Computer is powered down or in a hibernation state.
 - Microsoft Defender Antivirus is disabled.
-- Device is a non-Windows (Mac or Linux) device.
+- Device is a Mac device.
 - Cloud protection isn't enabled.
 - Device doesn't meet pre-requisites for Antivirus engine or platform version.
 
@@ -115,8 +115,8 @@ Up-to-date reporting generates information for devices that meet the following c
 - Windows OS - Windows 10 1809 or later
 
   > [!NOTE]
-  > \* Currently up to date reporting is only available for Windows devices. Cross platform devices such as Mac and Linux are listed under "No data available"/Unknown.
-
+  > \* Currently up to date reporting is only available for Windows and Linux devices. Mac devices are listed under “no such data available or unknown".
+  
 :::image type="content" source="media/device-health-defender-antivirus-health-tab.png" alt-text="Shows the Microsoft Defender Antivirus Health tab." lightbox="media/device-health-defender-antivirus-health-tab.png":::
 
 ### Card functionality
diff --git a/defender-endpoint/edr-in-block-mode.md b/defender-endpoint/edr-in-block-mode.md
@@ -44,10 +44,12 @@ This article describes EDR in block mode, which helps protect devices that are r
 
 > [!IMPORTANT]
 > EDR in block mode cannot provide all available protection when Microsoft Defender Antivirus real-time protection is in passive mode. Some capabilities that depend on Microsoft Defender Antivirus to be the active antivirus solution will not work, such as the following examples:
-> - Real-time protection, including on-access scanning, and scheduled scan is not available when Microsoft Defender Antivirus is in passive mode. To learn more about real-time protection policy settings, see **[Enable and configure Microsoft Defender Antivirus always-on protection](configure-real-time-protection-microsoft-defender-antivirus.md)**.
+> - Real-time protection, including on-access scanning, is not available when Microsoft Defender Antivirus is in passive mode. To learn more about real-time protection policy settings, see **[Enable and configure Microsoft Defender Antivirus always-on protection](configure-real-time-protection-microsoft-defender-antivirus.md)**.
 > - Features like **[network protection](network-protection.md)** and **[attack surface reduction rules](attack-surface-reduction.md)** and indicators (file hash, ip address, URL, and certificates) are only available when Microsoft Defender Antivirus is running in active mode.
 > It is expected that your non-Microsoft antivirus solution includes these capabilities.
    
+
+
 EDR in block mode works behind the scenes to remediate malicious artifacts that were detected by EDR capabilities. Such artifacts might have been missed by the primary, non-Microsoft antivirus product. EDR in block mode allows Microsoft Defender Antivirus to take actions on post-breach, behavioral EDR detections.
 
 EDR in block mode is integrated with [threat & vulnerability management](/defender-vulnerability-management/defender-vulnerability-management) capabilities. Your organization's security team gets a [security recommendation](api/ti-indicator.md) to turn EDR in block mode on if it isn't already enabled. 
diff --git a/defender-endpoint/mac-device-control-jamf.md b/defender-endpoint/mac-device-control-jamf.md
@@ -15,7 +15,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: macos
 search.appverid: met150
-ms.date: 01/31/2025
+ms.date: 02/25/2025
 ---
 
 # Deploy and manage Device Control using JAMF
@@ -52,7 +52,7 @@ For more information about settings, rules, and groups, see [Device Control for
 
 ### Step 2: Validating a JSON policy
 
-You must validate your JSON policy after it's created to ensure there are no syntax or configuration errors. A schema for device control policies is available in [our GitHub repository](https://github.com/microsoft/mdatp-devicecontrol/blob/main/macOS/policy/device_control_policy_schema.json"https://github.com/microsoft/mdatp-devicecontrol/blob/main/macos/policy/device_control_policy_schema.json"). The Defender for Endpoint application has built-in functionality to compare your JSON to the defined schema. 
+You must validate your JSON policy after it's created to ensure there are no syntax or configuration errors. A schema for device control policies is available in [our GitHub repository](https://github.com/microsoft/mdatp-devicecontrol/blob/main/macOS/policy/device_control_policy_schema.json). The Defender for Endpoint application has built-in functionality to compare your JSON to the defined schema. 
 
 1. Save your configuration on a local device as a `.json` file.
 
diff --git a/defender-endpoint/minimum-requirements.md b/defender-endpoint/minimum-requirements.md
@@ -6,7 +6,7 @@ ms.author: deniseb
 author: denisebmsft
 ms.reviewer: pahuijbr
 ms.localizationpriority: medium
-ms.date: 01/13/2025
+ms.date: 02/26/2025
 manager: deniseb
 audience: ITPro
 ms.collection: 
@@ -97,7 +97,7 @@ Supported versions of Windows include:
 - Azure Virtual Desktop
 - Windows 365 running one of the previously listed operating systems/versions
 
-The following operating systems require the use of the [Log Analytics](/azure/azure-monitor/agents/log-analytics-agent) / [Microsoft Monitoring Agent](update-agent-mma-windows.md) (MMA) to work with Defender for Endpoint:
+The following operating systems work with Defender for Endpoint, provided you're using the [Log Analytics](/azure/azure-monitor/agents/log-analytics-agent) / [Microsoft Monitoring Agent](update-agent-mma-windows.md) (MMA):
 
 - Windows 8.1 Enterprise
 - Windows 8.1 Pro
diff --git a/defender-endpoint/onboard-windows-server.md b/defender-endpoint/onboard-windows-server.md
@@ -13,7 +13,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: onboard
 search.appverid: met150
-ms.date: 01/29/2025
+ms.date: 02/25/2025
 ---
 
 # Defender for Endpoint onboarding Windows Server
@@ -69,7 +69,7 @@ For other Windows server versions, you have two options to offboard Windows serv
 - Remove the Defender for Endpoint workspace configuration
 
 > [!NOTE]
-> These offboarding instructions for other Windows server versions also apply if you are running the previous Microsoft Defender for Endpoint for Windows Server 2016 and Windows Server 2012 R2 that requires the MMA. Instructions to migrate to the new unified solution are at [Server migration scenarios in Microsoft Defender for Endpoint](server-migration.md).
+> The offboarding instructions in this article apply to previous versions of Windows Server, such as Windows Server 2016 and Windows Server 2012 R2 using the MMA. To migrate to the new, unified solution, see [Server migration scenarios in Microsoft Defender for Endpoint](server-migration.md).
 
 ## Related articles
 
diff --git a/defender-endpoint/whats-new-in-microsoft-defender-endpoint.md b/defender-endpoint/whats-new-in-microsoft-defender-endpoint.md
@@ -46,6 +46,9 @@ For more information on what's new with other Microsoft Defender security produc
 - [What's new in Microsoft Defender for Cloud Apps](/cloud-app-security/release-notes)
 - [What's new in Microsoft Defender Vulnerability Management](/defender-vulnerability-management/whats-new-in-microsoft-defender-vulnerability-management)
 
+## February 2025
+
+- (GA) **Aggregated reporting in Microsoft Defender for Endpoint** is now generally available. For more information, see [Aggregated reporting in Microsoft Defender for Endpoint](aggregated-reporting.md).
 
 ## January 2025
 
diff --git a/defender-office-365/connection-filter-policies-configure.md b/defender-office-365/connection-filter-policies-configure.md
@@ -18,7 +18,7 @@ ms.custom:
   - seo-marvel-apr2020
 description: Admins can learn how to configure connection filtering in Exchange Online Protection (EOP) to allow or block emails from email servers.
 ms.service: defender-office-365
-ms.date: 02/20/2025
+ms.date: 02/26/2025
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/eop-about" target="_blank">Exchange Online Protection</a>
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 1 and Plan 2</a>
@@ -42,7 +42,7 @@ This article describes how to configure the default connection filter policy in
 > [!NOTE]
 > The IP Allow List, safe list, and the IP Block List are one part of your overall strategy to allow or block email in your organization. For more information, see [Create safe sender lists](create-safe-sender-lists-in-office-365.md) and [Create blocked sender lists](create-block-sender-lists-in-office-365.md).
 >
-> IPv6 ranges aren't supported.
+> IPv6 ranges aren't supported. You can create and manage entries for IPv6 addresses in the [Tenant Allow/Block List](tenant-allow-block-list-ip-addresses-configure.md).
 >
 > Messages from blocked sources in the IP Block List aren't available in [message trace](/exchange/monitoring/trace-an-email-message/message-trace-modern-eac).
 
diff --git a/defender-office-365/tenant-allow-block-list-ip-addresses-configure.md b/defender-office-365/tenant-allow-block-list-ip-addresses-configure.md
@@ -15,7 +15,7 @@ ms.collection:
   - tier1
 description: Admins can learn how to allow or block IPv6 addresses in the Tenant Allow/Block List.
 ms.service: defender-office-365
-ms.date: 09/20/2024
+ms.date: 02/26/2025
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/eop-about" target="_blank">Exchange Online Protection</a>
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 1 and Plan 2</a>
@@ -30,6 +30,9 @@ In Microsoft 365 organizations with mailboxes in Exchange Online or standalone E
 
 This article describes how admins can manage entries for IPv6 addresses in the Microsoft Defender portal and in Exchange Online PowerShell.
 
+> [!NOTE]
+> IPv4 ranges aren't supported yet. Admins can create and manage entries for IPv4 addresses in the [Connection filter policy](connection-filter-policies-configure.md).
+
 ## What do you need to know before you begin?
 
 - You open the Microsoft Defender portal at <https://security.microsoft.com>. To go directly to the **Tenant Allow/Block Lists** page, use <https://security.microsoft.com/tenantAllowBlockList>. To go directly to the **Submissions** page, use <https://security.microsoft.com/reportsubmission>.
