Merge pull request #976 from MicrosoftDocs/main

American-Dipper · web-flow · commit 1ed2cb952034 · 2024-07-18T11:01:38.000-07:00
publish main to live, 10:30 AM 7/18/2024
diff --git a/defender-xdr/advanced-hunting-take-action.md b/defender-xdr/advanced-hunting-take-action.md
@@ -81,7 +81,9 @@ Apart from device-focused remediation steps, you can also take some actions on e
 
 - `Move to mailbox folder` - select this action to move the email messages to Junk, Inbox, or Deleted items folder
 
-   :::image type="content" source="media/advanced-hunting-take-actions-email.png" alt-text="Screenshot of the option Take actions in the Microsoft Defender portal." lightbox="media/advanced-hunting-take-actions-email.png":::
+     Note that you can move email results consisting of quarantined items (for instance, in the case of false positives) by selecting the **Inbox** option.
+   
+   :::image type="content" source="media/advanced-hunting-quarantine-results.png" alt-text="Screenshot of the Inbox option under take actions pane in the Microsoft Defender portal." lightbox="media/advanced-hunting-quarantine-results.png":::
 
 - `Delete email` - select this action to move email messages to the Deleted items folder (**Soft delete**) or delete them permanently (**Hard delete**)
 
diff --git a/defender-xdr/custom-detection-rules.md b/defender-xdr/custom-detection-rules.md
@@ -223,7 +223,9 @@ For more details on user actions, read [Remediation actions in Microsoft Defende
 
 #### Actions on emails
 
-- If the custom detection yields email messages, you can select **Move to mailbox folder** to move the email to  a selected folder (any of **Junk**, **Inbox**, or **Deleted items** folders).
+- If the custom detection yields email messages, you can select **Move to mailbox folder** to move the email to  a selected folder (any of **Junk**, **Inbox**, or **Deleted items** folders). Specifically, you can move email results from quarantined items (for instance, in the case of false positives) by selecting the **Inbox** option.
+
+   :::image type="content" source="media/advanced-hunting-custom-quarantine-results.png" alt-text="Screenshot of the Inbox option under custom detections in the Microsoft Defender portal." lightbox="media/advanced-hunting-custom-quarantine-results.png":::
 
 - Alternatively, you can select **Delete email** and then choose to either move the emails to Deleted Items (**Soft delete**) or delete the selected emails permanently (**Hard delete**).
 
diff --git a/defender-xdr/media/advanced-hunting-custom-quarantine-results.png b/defender-xdr/media/advanced-hunting-custom-quarantine-results.png
diff --git a/defender-xdr/media/advanced-hunting-quarantine-results.png b/defender-xdr/media/advanced-hunting-quarantine-results.png
diff --git a/defender-xdr/microsoft-365-defender.md b/defender-xdr/microsoft-365-defender.md
@@ -4,22 +4,22 @@ description: Microsoft Defender XDR is a coordinated threat protection solution
 search.appverid: met150
 ms.service: defender-xdr
 f1.keywords:
-  - NOCSH
+- NOCSH
 ms.author: diannegali
 author: diannegali
 ms.localizationpriority: medium
 audience: ITPro
 ms.custom: 
-  - admindeeplinkDEFENDER
-  - intro-overview
+- admindeeplinkDEFENDER
+- intro-overview
 ms.collection:
 - essentials-overview
 - tier1
 ms.topic: conceptual
 adobe-target: true
-ms.date: 03/28/2024
+ms.date: 07/18/2024
 appliesto:
-  - ✅ <a href="https://learn.microsoft.com/defender-xdr/microsoft-365-defender" target="_blank">Microsoft Defender XDR</a>
+- ✅ <a href="https://learn.microsoft.com/defender-xdr/microsoft-365-defender" target="_blank">Microsoft Defender XDR</a>
 manager: deniseb
 ---
 
@@ -36,11 +36,11 @@ Microsoft Defender XDR helps security teams protect and detect their organizatio
 - [**Microsoft Defender for Identity**](/defender-for-identity/what-is)
 - [**Microsoft Defender for Cloud Apps**](/defender-cloud-apps/what-is-defender-for-cloud-apps)
 - [**Microsoft Defender Vulnerability Management**](/defender-vulnerability-management/defender-vulnerability-management)
+- [**Microsoft Defender for Cloud**](/azure/defender-for-cloud/defender-for-cloud-introduction)
 - [**Microsoft Entra ID Protection**](/azure/active-directory/identity-protection/overview-identity-protection)
 - [**Microsoft Data Loss Prevention**](/microsoft-365/compliance/dlp-learn-about-dlp)
 - [**App Governance**](/defender-cloud-apps/app-governance-manage-app-governance)
 
-
 With the integrated Microsoft Defender XDR solution, security professionals can stitch together the threat signals that each of these products receive and determine the full scope and impact of the threat; how it entered the environment, what it's affected, and how it's currently impacting the organization. Microsoft Defender XDR takes automatic action to prevent or stop the attack and self-heal affected mailboxes, endpoints, and user identities.
 
 <a name='microsoft-365-defender-protection'></a>
@@ -49,15 +49,17 @@ With the integrated Microsoft Defender XDR solution, security professionals can
 
 Microsoft Defender XDR services protect:
 
-- **Endpoints with Defender for Endpoint** - Defender for Endpoint is a unified endpoint platform for preventative protection, post-breach detection, automated investigation, and response.
+- **Endpoints with Defender for Endpoint** - Microsoft Defender for Endpoint is a unified endpoint platform for preventative protection, post-breach detection, automated investigation, and response.
 
 - **Assets with Defender Vulnerability Management** - Microsoft Defender Vulnerability Management delivers continuous asset visibility, intelligent risk-based assessments, and built-in remediation tools to help your security and IT teams prioritize and address critical vulnerabilities and misconfigurations across your organization.
 
 - **Email and collaboration with Defender for Office 365** - Defender for Office 365 safeguards your organization against malicious threats posed by email messages, links (URLs) and collaboration tools.
 
 - **Identities with  Defender for Identity and Microsoft Entra ID Protection** - Microsoft Defender for Identity is a cloud-based security solution that uses your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. Microsoft Entra ID Protection uses the learnings Microsoft acquired from their position in organizations with Microsoft Entra ID, the consumer space with Microsoft Accounts, and in gaming with Xbox to protect your users.
 
-- **Applications with Microsoft Defender for Cloud Apps** - Microsoft Defender for Cloud Apps is a comprehensive cross-SaaS solution bringing deep visibility, strong data controls, and enhanced threat protection to your cloud apps.
+- **Applications with Defender for Cloud Apps** - Microsoft Defender for Cloud Apps is a comprehensive cross-SaaS solution bringing deep visibility, strong data controls, and enhanced threat protection to your cloud apps.
+
+- **Cloud workloads and applications** **with Defender for Cloud** - Microsoft Defender for Cloud is a cloud-native application protection platform (CNAPP) combining capabilities of a development security operations (DevSecOps), a cloud security posture (CPSM), and a cloud workload protection platform (CWPP) to protect cloud-based applications from threats and vulnerabilities.
 
 Microsoft Defender XDR's unique cross-product layer augments the individual service components to:
 
diff --git a/defender-xdr/whats-new.md b/defender-xdr/whats-new.md
@@ -50,13 +50,19 @@ You can also get product updates and important notifications through the [messag
 
 - (GA) The **[UrlClickEvents](advanced-hunting-urlclickevents-table.md)** table in advanced hunting is now generally available. Use this table to get information about [Safe Links](/defender-office-365/safe-links-about) clicks from email messages, Microsoft Teams, and Office 365 apps in supported desktop, mobile, and web apps.
 
+- (GA) You can now **release or move email messages from quarantine** back to the user's inbox directly from [Take actions in advanced hunting](advanced-hunting-take-action.md#take-various-actions-on-emails) and in [custom detections](custom-detection-rules.md#actions-on-emails). This allows security operators to manage false positives more efficiently and without losing context. 
+
+
 
 ## June 2024
 
 - (Preview) **[Content distribution through tenant groups in multitenant management](mto-tenantgroups.md)** is now available. Content distribution helps you manage content at scale across tenants in multitenant management in Microsoft Defender XDR. In content distribution, you can create tenant groups to copy existing content, like custom detection rules, from the source tenant to the target tenants you assign during tenant group creation. The content then runs on the target tenant's devices or device groups that you set in the tenant group scope.
 
 - (Preview) You can now filter your Microsoft Defender for Cloud alerts by the associated **alert subscription ID** in the Incidents and Alerts queues. For more information, see [Microsoft Defender for Cloud in Microsoft Defender XDR](microsoft-365-security-center-defender-cloud.md).
 
+
+
+
 ## May 2024
 
 - (GA) The endpoint security policies page is now available in multitenant management in Microsoft Defender XDR. Create, edit, and delete security policies for your tenants' devices from the **Endpoint security policies** page. For more information, see [Endpoint security policies in multitenant management](mto-endpoint-security-policy.md).
