Merge branch 'public' into patch-5

Author: denisebmsft

defender-for-iot/enterprise-iot-get-started.md

@@ -13,7 +13,7 @@ ms.topic: how-to
 
 Enterprise IoT security improves the monitoring and protection of the IoT devices in your network, such as printers, smart TVs, Voice over Internet Protocol (VoIP) devices, conferencing systems and purpose-built, proprietary devices.
 
-The security monitoring includes IoT related alerts, vulnerabilities, and recommendations that are integrated with your existing Microsoft Defender for Endpoint data. To understand more about the integration between Defender for Endpoint and Defender for IoT, see [enterprise IoT overview](enterprise-iot.md).
+The security monitoring includes IoT related vulnerabilities and recommendations that are integrated with your existing Microsoft Defender for Endpoint data. To understand more about the integration between Defender for Endpoint and Defender for IoT, see [enterprise IoT overview](enterprise-iot.md).
 
 In this article you'll learn how to add enterprise IoT to your Microsoft Defender portal and use the IoT specific security features to protect your IoT environment.
 

defender-for-iot/enterprise-iot-licenses.md

@@ -11,21 +11,21 @@ ms.topic: overview
 
 # Set up and manage enterprise IoT security licenses
 
-Enterprise IoT security improves the monitoring and protection of the IoT devices in your network, such as printers, smart TVs, Voice over Internet Protocol (VoIP) devices, conferencing systems and purpose-built, proprietary devices. The security monitoring includes IoT related alerts, vulnerabilities, and recommendations that are integrated with your existing Microsoft Defender for Endpoint data.
+Enterprise IoT security improves the monitoring and protection of the IoT devices in your network, such as printers, smart TVs, Voice over Internet Protocol (VoIP) devices, conferencing systems and purpose-built, proprietary devices. The security monitoring includes IoT related vulnerabilities and recommendations that are integrated with your existing Microsoft Defender for Endpoint data.
 
 [!INCLUDE [defender-iot-preview](../includes//defender-for-iot-defender-public-preview.md)]
 
 ## Enterprise IoT licenses
 
 To add enterprise IoT security to Defender for Endpoint, there are two options available depending on your existing license:
 
-- Customers with Microsoft 365 E5 (ME5) or E5 Security plans already have enterprise IoT available, but just need to turn on the feature. Each license supports five devices per ME5/ E5 Security license.
+- Customers with Microsoft 365 E5 (ME5) or E5 Security plans have access to enterprise IoT capapbilities as part of their existing subscription, and just need to enable it. Each license supports five devices per ME5/ E5 Security license.
 
     To turn on enterprise IoT, see [ME5/ E5 Security customers](enterprise-iot-get-started.md#me5-e5-security-customers).
 
     To turn off enterprise IoT, see [turn off enterprise IoT security](enterprise-iot-manage.md#turn-off-enterprise-iot-security).
 
-- Customers with a Defender for Endpoint P2 license only can use a trial standalone license for monitoring enterprise IoT devices. A trial license supports 100 devices.
+- Customers with a Defender for Endpoint P2 license only can try out the product for free with a trial standalone license for monitoring enterprise IoT devices. A trial license supports 100 devices.
 
     Start your enterprise IoT trial using the [Microsoft Defender for IoT - EIoT Device License - add-on wizard](https://signup.microsoft.com/get-started/signup?products=b2f91841-252f-4765-94c3-75802d7c0ddb&ali=1&bac=1) or via the [Microsoft 365 admin center](https://portal.office.com/AdminPortal/Home#/catalog).
 

defender-for-iot/enterprise-iot-manage.md

@@ -13,7 +13,7 @@ ms.topic: how-to
 
 Enterprise IoT security improves the monitoring and protection of the IoT devices in your network, such as printers, smart TVs, Voice over Internet Protocol (VoIP) devices, conferencing systems and purpose-built, proprietary devices.
 
-When enterprise IoT is activated, the data for alerts, recommendations, and vulnerabilities is shown in the Microsoft Defender portal.
+When enterprise IoT is activated, the data for recommendations and vulnerabilities is shown in the Microsoft Defender portal.
 
 ## View enterprise IoT data in the Defender portal
 

defender-for-iot/enterprise-iot.md

@@ -19,7 +19,7 @@ While the number of IoT devices continues to grow, they often lack the security
 
 ## Enterprise IoT monitoring in the Defender portal
 
-Extend Microsoft Defender for IoT's security features to include enterprise IoT devices. Add the enterprise IoT security feature to your existing Microsoft Defender for Endpoint license, and view related alerts, vulnerabilities, and recommendations for IoT devices that are seemlessly integrated into the Microsoft Defender portal.
+Extend Microsoft Defender for IoT's security features to include enterprise IoT devices. Add the enterprise IoT security feature to your existing Microsoft Defender for Endpoint license, and view related vulnerabilities and recommendations for IoT devices that are seemlessly integrated into the Microsoft Defender portal.
 
 :::image type="content" source="media/enterprise-iot/eiot-architecture.png" alt-text="The architecture showing the use of enterprise IoT":::
 
@@ -31,13 +31,7 @@ Extend Microsoft Defender for IoT's security features to include enterprise IoT
 
 ## Enterprise IoT data in the Defender portal
 
-Enterprise IoT data for features such as alerts, recommendations and vulnerabilities, seamlessly integrates with other data in the Defender portal.
-
-### Alerts
-
-Most Defender for Endpoint alerts are also relevant for enterprise IoT devices, such as alerts for scans involving managed endpoints. Alerts for enterprise IoT devices detected by Defender for Endpoint are only available in Defender for Endpoint.
-
-For more information, see [Alerts queue in Microsoft 365 Defender](/defender-endpoint/alerts-queue).
+Enterprise IoT data for features such as recommendations and vulnerabilities, seamlessly integrates with other data in the Defender portal.
 
 ### Recommendations
 

defender-for-iot/media/enterprise-iot/eiot-architecture.png

@@ -27,7 +27,7 @@ You can work with these different management portals:
 |Defender for IoT in the Defender portal (Preview)|Microsoft Defender customers can use this portal for a unified IT/OT experience, extending Defender XDR protection to OT environments. [Learn about the main use cases](#what-are-the-main-defender-for-iot-use-cases).|[Get started](get-started.md) with Defender for IoT in the Defender portal.|
 |Defender for IoT in the classic, Azure portal|All customers can use this portal to identify OT devices, vulnerabilities, and threats in the Azure portal.|See the [Defender for IoT on Azure overview](/azure/defender-for-iot/organizations/overview).|
 
-Protection for enterprise IoT devices is available for Microsoft Defender customers. These customers can enable protection for enterprise IoT devices, like printers, smart TVs, and conferencing systems and purpose-built, proprietary devices. [Get started](/azure/defender-for-iot/organizations/eiot-sensor) with enterprise IoT monitoring.
+Protection for enterprise IoT devices is available for Microsoft Defender customers. These customers can enable protection for enterprise IoT devices, like printers, smart TVs, and conferencing systems and purpose-built, proprietary devices. [Get started](/defender-for-iot/enterprise-iot-get-started) with enterprise IoT monitoring.
 
 ## Who uses Defender for IoT?
 

defender-for-iot/microsoft-defender-iot.md

@@ -136,7 +136,7 @@ If your MX record doesn't point to Microsoft 365, the IP address in the `Authent
 > - Configure the phishing simulation to bypass the Exchange Server infrastructure and route mail directly to your Microsoft 365 MX record (for example, contoso-com.mail.protection.outlook.com).
 > - Although you can set intra-organization message scanning to None in [anti-spam policies](anti-spam-policies-configure.md#use-the-microsoft-defender-portal-to-create-anti-spam-policies) we don't recommend this option because it affects other email messages.
 >
-> If you're using the [Built-in protection preset security policy](preset-security-policies.md#profiles-in-preset-security-policies) or your custom Safe Links policies have the setting **Do not rewrite URLs, do checks via SafeLinks API only** enabled, time of click protection doesn't treat phishing simulation links in email as threats in Outlook on the web, Outlook for iOS and Android, Outlook for Windows v16.0.15317.10000 or later, and Outlook for Mac v16.74.23061100 or later. If you're using older versions of Outlook, consider disabling the **Do not rewrite URLs, do checks via SafeLinks API only** setting in custom Safe Links policies.
+> If you're using the [Built-in protection preset security policy](preset-security-policies.md#profiles-in-preset-security-policies) or your custom Safe Links policies have the setting **Do not rewrite URLs, do checks via SafeLinks API only** enabled, time of click protection doesn't treat phishing simulation links in email as threats in Outlook on the web, Outlook for iOS and Android, Outlook for Windows v16.0.15317.10000 or later, and Outlook for Mac v16.74 (23061100) or later. If you're using older versions of Outlook, consider disabling the **Do not rewrite URLs, do checks via SafeLinks API only** setting in custom Safe Links policies.
 >
 > Adding phishing simulation URLs to the **Do not rewrite the following URLs in email** section in Safe Links policies might result in unwanted alerts for URL clicks. Phishing simulation URLs in email messages are automatically allowed both during mail flow and at time of click.
 >

defender-office-365/advanced-delivery-policy-configure.md

@@ -172,11 +172,11 @@ You can also create custom payloads that use QR codes as phishing links as descr
 3. On the **Select technique** page, the available options are the same as on the **Select technique** page in the new simulation wizard:
    - **Credential Harvest**<sup>\*</sup>
    - **Malware Attachment**
-   - **Link in Attachment**
+   - **Link in Attachment**<sup>\*</sup>
    - **Link to Malware**<sup>\*</sup>
-   - **Drive-by URL**
+   - **Drive-by URL**<sup>\*</sup>
    - **OAuth Consent Grant**<sup>\*</sup>
-   - **How-to Guide**<sup>\*</sup>
+   - **How-to Guide**
 
    <sup>\*</sup> This social engineering technique allows you to use QR codes (currently in Preview).
 

defender-office-365/attack-simulation-training-payloads.md

@@ -45,8 +45,7 @@ For more information on what's new with other Microsoft Defender security produc
 
 ## September 2024
 
-- [Use the built-in Report button in Outlook](submissions-outlook-report-messages.md#use-the-built-in-report-button-in-outlook): The built-in **Report** button in Outlook for Mac now support the [user reported settings](submissions-user-reported-messages-custom-mailbox.md) experience to report messages as Phishing, Junk, and Not Junk.
-
+- [Use the built-in Report button in Outlook](submissions-outlook-report-messages.md#use-the-built-in-report-button-in-outlook): The built-in **Report** button in Outlook for Mac v16.89 (24090815) or later now supports the [user reported settings](submissions-user-reported-messages-custom-mailbox.md) experience to report messages as Phishing, Junk, and Not Junk.
 
 ## August 2024
 

defender-office-365/defender-for-office-365-whats-new.md

@@ -77,6 +77,7 @@ Managing permissions in Defender for Office 365 or Microsoft Purview gives users
 |**Data Estate Insights Readers**|Provides read-only access to all insights reports across platforms and providers.|Data Map Reader <br/><br/> Insights Reader|
 |**Data Governance**|Grants access to data governance roles within Microsoft Purview.|Data Governance Administrator|
 |**Data Investigator**|Perform searches on mailboxes, SharePoint Online sites, and OneDrive for Business locations.|Communication <br/><br/> Compliance Search <br/><br/> Custodian <br/><br/> Data Investigation Management <br/><br/> Export <br/><br/> Preview <br/><br/> Review <br/><br/> RMS Decrypt <br/><br/> Search And Purge|
+|**Data Security Management**| View all Data Security Analytics insights, use CoPilot for Security, and manage Microsoft Purview data security solutions (Data Loss Prevention, Information Protection, and Insider Risk Management).| Case Management <br/><br/> Custodian <br/><br/> Data Classification Content Viewer <br/><br/> Data Classification List Viewer <br/><br/>Data Connector Admin <br/><br/> Data Map Reader <br/><br/> Data Security Viewer <br/><br/> Information Protection Admin <br/><br/> Information Protection Analyst <br/><br/> Information Protection Investigator <br/><br/> Information Protection Reader <br/><br/> Insider Risk Management Admin <br/><br/> Insider Risk Management Analysis <br/><br/> Insider Risk Management Approval <br/><br/> Insider Risk Management Audit <br/><br/> Insider Risk Management Investigation <br/><br/> Insider Risk Management Reports Administrator <br/><br/> Insider Risk Management Sessions <br/><br/> Insights Reader <br/><br/> Purview Evaluation Administrator <br/><br/> Review <br/><br/> Scan Reader <br/><br/> Source Reader <br/><br/> View-Only Case |
 |**Data Source Administrators**|Manage data sources and data scans.|Credential Reader <br/><br/> Credential Writer <br/><br/> Scan Reader <br/><br/> Scan Writer <br/><br/> Source Reader <br/><br/> Source Writer|
 |**eDiscovery Manager**|Members can perform searches and place holds on mailboxes, SharePoint Online sites, and OneDrive for Business locations. Members can also create and manage eDiscovery cases, add and remove members to a case, create and edit Content Searches associated with a case, and access case data in eDiscovery (Premium). <br/><br/> An eDiscovery Administrator is a member of the eDiscovery Manager role group who has been assigned additional permissions. In addition to the tasks that an eDiscovery Manager can perform, an eDiscovery Administrator can:<ul><li>View all eDiscovery cases in the organization.</li><li>Manage any eDiscovery case after they add themselves as a member of the case.</li></ul> <br/><br/> The primary difference between an eDiscovery Manager and an eDiscovery Administrator is that an eDiscovery Administrator can access all cases that are listed on the **eDiscovery cases** page in the compliance portal. An eDiscovery manager can only access the cases they created or cases they're a member of. For more information about making a user an eDiscovery Administrator, see [Assign eDiscovery permissions in the compliance portal](/purview/ediscovery-assign-permissions).|Case Management <br/><br/> Communication <br/><br/> Compliance Search <br/><br/> Custodian <br/><br/> Export <br/><br/> Hold <br/><br/> Manage Review Set Tags <br/><br/> Preview <br/><br/> Review <br/><br/> RMS Decrypt|
 |**Exact Data Match Upload Admins**|Upload data for Exact Data Match.|Exact Data Match Upload Admin|
@@ -159,6 +160,7 @@ Roles that aren't assigned to the Organization Management role group by default
 |<sup>\*</sup>**Data Investigation Management**|Create, edit, delete, and control access to data investigation.|Compliance Administrator <br/><br/> Data Investigator|
 |<sup>\*</sup>**Data Map Reader**|Read actions on data map objects.|Compliance Administrator <br/><br/> Data Catalog Curators <br/><br/> Data Estate Insights Readers <br/><br/> Information Protection <br/><br/> Information Protection Admins <br/><br/> Information Protection Analysts <br/><br/> Information Protection Investigators|
 |<sup>\*</sup>**Data Map Writer**|Create, read, modify, and delete actions on data map objects and establish relationships between objects.|Data Catalog Curators|
+| **Data Security Viewer** | View access to Data Security Analytics dashboard insights. Allows users to use Copilot for Security to view details.| Data Security Management |
 |**Device Management**|View and edit settings and reports for device management features.|Compliance Administrator <br/><br/> Compliance Data Administrator <br/><br/> Organization Management <br/><br/> Security Administrator|
 |<sup>\*</sup>**Disposition Management**|Control permissions for accessing Manual Disposition in the Defender and compliance portals.|Compliance Administrator <br/><br/> Compliance Data Administrator <br/><br/> Records Management|
 |**DLP Compliance Management**|View and edit settings and reports for data loss prevention (DLP) policies.|Compliance Administrator <br/><br/> Compliance Data Administrator <br/><br/> Organization Management <br/><br/> Security Administrator|