Merge branch 'main' into WI410649-new-article-identity-security-iniatives

Author: DeCohen

.github/workflows/StaleBranch.yml

@@ -2,12 +2,17 @@ name: (Scheduled) Stale branch removal
 
 permissions:
   contents: write
-      
+
+# This workflow is designed to be run in the days up to, and including, a "deletion day", specified by 'DeleteOnDayOfMonth' in env: in https://github.com/MicrosoftDocs/microsoft-365-docs/blob/workflows-prod/.github/workflows/Shared-StaleBranch.yml.
+# On the days leading up to "deletion day", the workflow will report the branches to be deleted. This lets users see which branches will be deleted. On "deletion day", those branches are deleted.
+# The workflow should not be configured to run after "deletion day" so that users can review the branches were deleted.
+# Recommendation: configure cron to run on days 1,15-31 where 1 is what's configured in 'DeleteOnDayOfMonth'. If 'DeleteOnDayOfMonth' is set to something else, update cron to run the two weeks leading up to it.
+
 on:
   schedule:
-    - cron: "0 9 1 * *"
+    - cron: "0 9 1,15-31 * *"
 
-  # workflow_dispatch:
+  workflow_dispatch:
 
 
 jobs:

.openpublishing.redirection.defender-endpoint.json

@@ -149,6 +149,11 @@
       "source_path": "defender-endpoint/onboard-windows-server-2012r2-2016.md",
       "redirect_url": "/defender-endpoint/onboard-server",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-endpoint/mde-linux-arm.md",
+      "redirect_url": "/defender-endpoint/microsoft-defender-endpoint-linux",
+      "redirect_document_id": false
     } 
   ]
 }

CloudAppSecurityDocs/media/connect-azure-menu.png

@@ -8,9 +8,9 @@ ms.topic: how-to
 
 
 
-Atlassian is an online collaborative and software development platform (including Confluence, Jira and Bitbucket). Along with the benefits of effective collaboration in the cloud, your organization's most critical assets may be exposed to threats. Exposed assets include posts, tasks, and files with potentially sensitive information, collaboration, and partnership details, and more. Preventing exposure of this data requires continuous monitoring to prevent any malicious actors or security-unaware insiders from exfiltrating sensitive information.
+Atlassian is an online collaborative and software development platform (including Confluence, Jira, and Bitbucket). Along with the benefits of effective collaboration in the cloud, your organization's most critical assets might be exposed to threats. Exposed assets include posts, tasks, and files with potentially sensitive information, collaboration, and partnership details, and more. Preventing exposure of this data requires continuous monitoring to prevent any malicious actors or security-unaware insiders from exfiltrating sensitive information.
 
-Connecting Atlassian to Defender for Cloud Apps gives you improved insights into your users' activities and provides threat detection for anomalous behavior. The connector will cover all users in your organization that use the Atlassian platform, and will show activities from Confluence, Jira, and specific Bitbucket activities.
+Connecting Atlassian to Defender for Cloud Apps gives you improved insights into your users' activities and provides threat detection for anomalous behavior. The connector covers all users in your organization that use the Atlassian platform, and shows activities from Confluence, Jira, and specific Bitbucket activities.
 
 Main threats include:
 
@@ -68,7 +68,7 @@ For more information, see:
 This section provides instructions for connecting Microsoft Defender for Cloud Apps to your existing Atlassian products using the App Connector APIs. This connection gives you visibility into and control over your organization's Atlassian use.
 
 >[!NOTE]
->The connector will cover all users in your organization that use the Atlassian platform, and will show activities from Confluence, Jira, and specific Bitbucket activities. For more information about Atlassian activities, see [Atlassian audit log activities](https://support.atlassian.com/security-and-access-policies/docs/track-organization-activities-from-the-audit-log/#Auditlogging-Accessauditlogactivities).
+>The connector covers all users in your organization that use the Atlassian platform, and shows activities from Confluence, Jira, and specific Bitbucket activities. For more information about Atlassian activities, see [Atlassian audit log activities](https://support.atlassian.com/security-and-access-policies/docs/track-organization-activities-from-the-audit-log/#Auditlogging-Accessauditlogactivities).
 
 ### Prerequisites
 
@@ -116,19 +116,17 @@ This section provides instructions for connecting Microsoft Defender for Cloud A
 >[!NOTE]
 >
 > - The first connection can take up to four hours to get all users and their activities.
-> - The activities that will display are the activities that were generated from the moment the connector is connected.
+> - The activities displayed are the activities that were generated from the moment the connector is connected.
 > - Activities from the "Atlassian Access" audit log are fetched by Defender for Cloud apps. Other activities aren't fetched currently. See [Product Audit Logs](https://support.atlassian.com/security-and-access-policies/docs/track-organization-activities-from-the-audit-log/).
 > - After the connector’s **Status** is marked as **Connected**, the connector is live and works.
 
 ### Revoke and renew API keys
 
 1. Microsoft recommends using short lived keys or tokens for connecting apps as a security best practice.
 1. We recommend refreshing the Atlassian API key every 6 months as a best practice. To refresh the key, revoke the existing API key and generate a new key.
-1. To revoke API key, navigate to **admin.atlassian.com** > **Settings** > **API keys**, determine the API key used for integration and select **Revoke**.
+1. To revoke API key, navigate to **admin.atlassian.com** > **Settings** > **API keys**, determine the API key used for integration, and select **Revoke**.
 1. Recreate an API key in the Atlassian admin portal with the steps described above.
-1. Afterwards, go to the **App Connectors** page in the Microsoft Defender Portal and edit the connector:
-
-    ![Edit connector.](media/atlassian-edit-connector.png)
+1. Afterwards, go to the **App Connectors** page in the Microsoft Defender Portal and edit the connector.
 
 1. Enter the new generated new **API key** and select **Connect Atlassian**.
 1. In the Microsoft Defender Portal, select **Settings**. Then choose **Cloud Apps**. Under **Connected apps**, select **App Connectors**. Make sure the status of the connected App Connector is **Connected**.
@@ -148,13 +146,13 @@ This section provides instructions for connecting Microsoft Defender for Cloud A
 
 ## Rate limits and limitations
 
-- **Rate limits** include 1000 requests per minute (per API key/connector instance).
+- **Rate limits** include 1,000 requests per minute (per API key/connector instance).
 
     For more information about the Atlassian API limitation, see [Atlassian admin REST APIs](https://developer.atlassian.com/cloud/admin/about/#about-the-cloud-admin-rest-apis).
 
 - **Limitations** include:
 
-    - Activities will be shown in Defender for Cloud Apps only for users with a verified domain.
+    - Activities are shown in Defender for Cloud Apps only for users with a verified domain.
 
     - The API key has a maximum expiration period of one year. After one year, you'll need to create another API key from the Atlassian Admin portal and replace it for the old API Key in the Defender for Cloud Apps console.
 

CloudAppSecurityDocs/protect-atlassian.md

@@ -8,7 +8,7 @@ ms.topic: how-to
 
 
 
-Azure is an IaaS provider that enables your organization to host and manage their entire workloads in the cloud. Along with the benefits of leveraging infrastructure in the cloud, your organization's most critical assets may be exposed to threats. Exposed assets include storage instances with potentially sensitive information, compute resources that operate some of your most critical applications, ports, and virtual private networks that enable access to your organization.
+Azure is an IaaS provider that enables your organization to host and manage their entire workloads in the cloud. Along with the benefits of leveraging infrastructure in the cloud, your organization's most critical assets might be exposed to threats. Exposed assets include storage instances with potentially sensitive information, compute resources that operate some of your most critical applications, ports, and virtual private networks that enable access to your organization.
 
 Connecting Azure to Defender for Cloud Apps helps you secure your assets and detect potential threats by monitoring administrative and sign-in activities, notifying on possible brute force attacks, malicious use of a privileged user account, and unusual deletions of VMs.
 
@@ -74,7 +74,7 @@ This section provides instructions for connecting Microsoft Defender for Cloud A
 1. In the Microsoft Defender Portal, select **Settings**. Then choose **Cloud Apps**. Under **Connected apps**, select **App Connectors**. Make sure the status of the connected App Connector is **Connected**.
 
 > [!NOTE]
-> After connecting Azure, data will be pulled. You will see data from then onwards.
+> After connecting to Azure, data will be pulled. You'll see data from then onwards.
 
 If you have any problems connecting the app, see [Troubleshooting App Connectors](troubleshooting-api-connectors-using-error-messages.md).
 

CloudAppSecurityDocs/protect-azure.md

@@ -275,8 +275,6 @@
                 href: linux-install-manually.md
               - name: Direct onboarding with Defender for Cloud
                 href: /azure/defender-for-cloud/onboard-machines-with-defender-for-endpoint?toc=/defender-endpoint/toc.json&bc=/defender-endpoint/breadcrumb/toc.json
-              - name: Defender for Endpoint on Linux for ARM64-based devices (preview)
-                href: mde-linux-arm.md
               - name: Deployment guidance for Defender for Endpoint on Linux for SAP
                 href: mde-linux-deployment-on-sap.md
             - name: 3 - Configuration
@@ -552,6 +550,8 @@
       href: onboarding-endpoint-configuration-manager.md
     - name: Onboarding using Microsoft Intune
       href: onboarding-endpoint-manager.md
+    - name: Deploy Microsoft Defender for Endpoint prerelease builds on Android devices
+      href: mobile-pretest-android.md   
 
   - name: Migration guides
     items:

defender-endpoint/TOC.yml

@@ -15,7 +15,7 @@ ms.collection:
 ms.topic: reference
 ms.subservice: android
 search.appverid: met150
-ms.date: 03/21/2025
+ms.date: 04/18/2025
 ---
 
 # What's new in Microsoft Defender for Endpoint on Android
@@ -28,6 +28,17 @@ ms.date: 03/21/2025
 
 Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://go.microsoft.com/fwlink/p/?linkid=2225630)
 
+#### Deploy Defender for Endpoint prerelease builds on Android devices using Google Play preproduction tracks
+
+April 2025
+
+**Setup a secure environment to test prerelease builds of Defender for Endpoint on Android**. Learn the steps on how to set up your environment for prerelease testing of Defender for Endpoint on Android. These steps are for Android devices that are onboarded to Microsoft Defender for Endpoint through the following methods:
+
+- Android Enterprise scenarios
+- Mobile Application Mangement (MAM) enrollment scenarios
+
+For more information, see [Deploy Defender for Endpoint prerelease builds on Android devices using Google Play preproduction tracks](mobile-pretest-android.md).
+
 #### Defender for Endpoint on Android now supports Android 10 as the minimum version
 
 February 2025

defender-endpoint/android-whatsnew.md

@@ -13,7 +13,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: onboard
 search.appverid: met150
-ms.date: 04/15/2025
+ms.date: 04/17/2025
 ---
 
 # Identify your architecture and select a deployment method for Defender for Endpoint
@@ -52,7 +52,7 @@ Once you have determined the architecture of your environment and have created a
 | **Windows client devices** |[Microsoft Intune / Mobile Device Management (MDM)](configure-endpoints-mdm.md) <br/>[Microsoft Configuration Manager](configure-endpoints-sccm.md)<br/>[Local script (up to 10 devices)](configure-endpoints-script.md)<br/>[Group Policy](configure-endpoints-gp.md)<br/>[Non-persistent virtual desktop infrastructure (VDI) devices](configure-endpoints-vdi.md)<br/>[Azure Virtual Desktop](onboard-windows-multi-session-device.md)<br/>[System Center Endpoint Protection and Microsoft Monitoring Agent](onboard-downlevel.md) (for previous versions of Windows) |
 |**Windows Server** <br/>(Requires a server plan) | [Local script](configure-endpoints-script.md)<br/>[Integration with Microsoft Defender for Cloud](azure-server-integration.md)<br/>[Guidance for Windows Server with SAP](mde-sap-windows-server.md) |
 |**macOS**| [Intune](mac-install-with-intune.md)<br/>[JAMF Pro](mac-install-with-jamf.md) <br/>[Local script](mac-install-manually.md)(manual deployment) <br/>[MDM tools](mac-install-with-other-mdm.md)|
-|**Linux server**<br/>(Requires a server plan)|[Installer script based deployment](linux-installer-script.md)<br/>[Ansible](linux-install-with-ansible.md)<br/>[Chef](linux-deploy-defender-for-endpoint-with-chef.md)<br/>[Puppet](linux-install-with-puppet.md) <br/>[Saltstack](linux-install-with-saltack.md)<br/>[Manual deployment](linux-install-manually.md)<br/>[Direct onboarding with Defender for Cloud](/azure/defender-for-cloud/onboard-machines-with-defender-for-endpoint)<br/>[Guidance for ARM64-based devices (preview)](mde-linux-arm.md)<br/>[Guidance for Linux with SAP](mde-linux-deployment-on-sap.md)|
+|**Linux server**<br/>(Requires a server plan)|[Installer script based deployment](linux-installer-script.md)<br/>[Ansible](linux-install-with-ansible.md)<br/>[Chef](linux-deploy-defender-for-endpoint-with-chef.md)<br/>[Puppet](linux-install-with-puppet.md) <br/>[Saltstack](linux-install-with-saltack.md)<br/>[Manual deployment](linux-install-manually.md)<br/>[Direct onboarding with Defender for Cloud](/azure/defender-for-cloud/onboard-machines-with-defender-for-endpoint)<br/>[Guidance for Linux with SAP](mde-linux-deployment-on-sap.md)|
 |**Android**|[Microsoft Intune](android-intune.md)|
 |**iOS**|[Microsoft Intune](ios-install.md) <br/> [Mobile Application Manager](ios-install-unmanaged.md) |
 

defender-endpoint/deployment-strategy.md

@@ -78,7 +78,7 @@ By default, all onboarded devices running on Windows 10 version 1809 or later, W
 - `DHCPv6`
 - `IP` (headers)
 - `LLDP`
-- LL`MNR
+- `LLMNR`
 - `mDNS`
 - `MNDP`
 - `MSSQL`

defender-endpoint/device-discovery-faq.md

@@ -2,8 +2,8 @@
 title: How to Deploy Defender for Endpoint on Linux with Chef
 description: Learn how to deploy Defender for Endpoint on Linux with Chef.
 ms.service: defender-endpoint
-ms.author: deniseb
-author: denisebmsft
+ms.author: ewalsh
+author: emmwalshh
 ms.reviewer: gopkr
 ms.localizationpriority: medium
 manager: deniseb
@@ -15,7 +15,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: linux
 search.appverid: met150
-ms.date: 04/10/2025
+ms.date: 04/17/2025
 ---
 
 # Deploy Defender for Endpoint on Linux with Chef
@@ -243,7 +243,6 @@ To include this step as part of the recipe, add `include_recipe ':: uninstall_md
 - [Deploy Defender for Endpoint on Linux with Saltstack](linux-install-with-saltack.md)
 - [Deploy Defender for Endpoint on Linux manually](linux-install-manually.md)
 - [Connect your non-Azure machines to Microsoft Defender for Cloud with Defender for Endpoint](/azure/defender-for-cloud/onboard-machines-with-defender-for-endpoint) (direct onboarding using Defender for Cloud)
-- [Defender for Endpoint on Linux for ARM64-based devices (preview)](mde-linux-arm.md)
 - [Deployment guidance for Defender for Endpoint on Linux for SAP](mde-linux-deployment-on-sap.md)
 
 [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]