Merge pull request #2043 from MicrosoftDocs/main

Ruchika-mittal01 · web-flow · commit 22e0ac6d21d9 · 2024-11-28T05:17:02.000+05:30
Publish main to live, 11/27/24, 3:30 PM PT
diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json
@@ -6,7 +6,7 @@
       "build_output_subfolder": "ATA-Docs",
       "locale": "en-us",
       "monikers": [],
-      "open_to_public_contributors": false,
+      "open_to_public_contributors": true,
       "type_mapping": {
         "Conceptual": "Content"
       },
@@ -18,7 +18,7 @@
       "build_output_subfolder": "ATP-Docs",
       "locale": "en-us",
       "monikers": [],
-      "open_to_public_contributors": false,
+      "open_to_public_contributors": true,
       "type_mapping": {
         "Conceptual": "Content"
       },
@@ -55,7 +55,7 @@
       "build_output_subfolder": "defender-cloud-apps",
       "locale": "en-us",
       "monikers": [],
-      "open_to_public_contributors": false,
+      "open_to_public_contributors": true,
       "type_mapping": {
         "Conceptual": "Content"
       },
@@ -185,9 +185,9 @@
   "branch_target_mapping": {},
   "targets": {},
   "redirection_files": [
+    ".openpublishing.redirection.ata-atp.json",
     ".openpublishing.redirection.defender.json",
     ".openpublishing.redirection.defender-cloud-apps.json",
-    ".openpublishing.redirection.defender-xdr.json",
-    ".openpublishing.redirection.ata-atp.json"
+    ".openpublishing.redirection.defender-xdr.json"
   ]
 }
diff --git a/CloudAppSecurityDocs/posture-overview.md b/CloudAppSecurityDocs/posture-overview.md
@@ -1,29 +1,28 @@
 ---
-title: SaaS security posture management (SSPM) - overview 
+title: SaaS security posture management (SSPM) - overview
 description: Learn what is SaaS security posture management (SSPM) in Microsoft Defender for cloud apps
 ms.topic: how-to
 ms.date: 11/17/2024
 ---
 
-# SaaS security posture management (SSPM) - overview 
+# SaaS security posture management (SSPM) - overview
 
 > [!NOTE]
 > Microsoft Security Exposure Management data and capabilities are currently unavailable in U.S Government clouds - GCC, GCC High and DoD. For these environments, it is recommended to consume SaaS security posture recommendations via [Microsoft Secure Score](/microsoft-365/security/defender-endpoint/tvm-security-recommendation).
 
-One of Microsoft Defender for Cloud Apps’ core pillars is SaaS Security Posture Management (SSPM), which offers detailed visibility into the security state of your SaaS applications and provides actionable guidance to help you strengthen your security posture efficiently. Your SaaS application environments might be configured with a risky posture, and Defender for Cloud Apps provides risk-based security configuration assessments to help you identify and mitigate potential risks. These recommendations are shown in [Microsoft Security Exposure Management](../exposure-management/microsoft-security-exposure-management.md) once you have a connector to an application. For example:
+One of Microsoft Defender for Cloud Apps’ core pillars is SaaS Security Posture Management (SSPM), which offers detailed visibility into the security state of your SaaS applications and provides actionable guidance to help you strengthen your security posture efficiently. Your SaaS application environments might be configured with a risky posture, and Defender for Cloud Apps provides risk-based security configuration assessments to help you identify and mitigate potential risks. These recommendations are shown in [Microsoft Security Exposure Management](/security-exposure-management/microsoft-security-exposure-management) once you have a connector to an application. For example:
 
 ![Screenshot of the SalesForce recommendations in Secure Score.](media/security-saas-sspm-in-secure-score-salesforce-filter.png)
 
-![Screenshot of the SaaS security initiative.](<media/posture-overview/screenshot-of-the-saas-security-initiative-home-page.png>)
+![Screenshot of the SaaS security initiative.](media/posture-overview/screenshot-of-the-saas-security-initiative-home-page.png)
 
 ## Prerequisites
 
 - Your organization must have Microsoft Defender for Cloud Apps licenses.
 - Your app must be connected to Defender for Cloud Apps. For more information, see:
+  - [Connect apps to get visibility and control with Microsoft Defender for Cloud Apps](enable-instant-visibility-protection-and-governance-actions-for-your-apps.md)
+  - [Learn which of the apps connectors provides security recommendations ](enable-instant-visibility-protection-and-governance-actions-for-your-apps.md#user-app-governance-and-security-configuration-visibility)
 
-    - [Connect apps to get visibility and control with Microsoft Defender for Cloud Apps](enable-instant-visibility-protection-and-governance-actions-for-your-apps.md)
-    - [Learn which of the apps connectors provides security recommendations ](enable-instant-visibility-protection-and-governance-actions-for-your-apps.md#user-app-governance-and-security-configuration-visibility)
- 
 ## Turn on SaaS security recommendations
 
 Follow these steps to ensure that your application connector is set to show data in Microsoft Security Exposure Management.
@@ -33,14 +32,16 @@ Follow these steps to ensure that your application connector is set to show data
 1. Use the filter to locate the application where you want to turn on security recommendations.
 
 1. Open the instance drawer and note whether 'Security recommendations' are turned on or off. For example, the following example shows that 'Security recommendations' are turned on for **Okta Contoso EU** instance:
-![Screenshot of an instance where Secure Score recommendations are turned on.](<media/posture-overview/screenshot-of-an-instance-where-secure-score-recommendations-are-turned-on.png>)
 
-    If the instance is currently set to **Off**, select the **...** options menu and then select **Turn on 'Security recommendations'**. For example:
-![Screenshot of the Turn on Secure Score or 'Exposure management' recommendations option.](<media/posture-overview/screenshot-of-the-turn-on-secure-score-or-exposure-management-recommendations-option.png>)
+   ![Screenshot of an instance where Secure Score recommendations are turned on.](media/posture-overview/screenshot-of-an-instance-where-secure-score-recommendations-are-turned-on.png)
 
-    > [!NOTE]
-    > If you have multiple instances of the same app, you can send security recommendations for each instance separately.
-Security recommendations for the selected instance are added to Microsoft Security Exposure Management in addition to the current recommendations.
+   If the instance is currently set to **Off**, select the **...** options menu and then select **Turn on 'Security recommendations'**. For example:
+
+   ![Screenshot of the Turn on Secure Score or 'Exposure management' recommendations option.](media/posture-overview/screenshot-of-the-turn-on-secure-score-or-exposure-management-recommendations-option.png)
+
+   > [!NOTE]
+   > If you have multiple instances of the same app, you can send security recommendations for each instance separately.
+   > Security recommendations for the selected instance are added to Microsoft Security Exposure Management in addition to the current recommendations.
 
 Security recommendations are shown automatically in [Microsoft Security Exposure Management](/microsoft-365/security/defender/microsoft-secure-score). Recommendations are based on Microsoft benchmarks, and might take up to 24 hours to update.
 
@@ -57,9 +58,7 @@ For more information, see [Assess your security posture with Microsoft Secure Sc
 > [!IMPORTANT]
 > Since Microsoft Security Exposure Management data and capabilities are currently unavailable in U.S Government clouds - GCC, GCC High and DoD, it is recommended for these environments to consume SaaS security posture recommendations in [Microsoft Secure Score](/microsoft-365/security/defender-endpoint/tvm-security-recommendation) as explained above.
 
-To effectively manage your organization’s SaaS security posture, we recommend beginning with the SaaS Security initiative. This initiative consolidates best practices and measurable metrics specifically for securing SaaS applications, allowing you to prioritize and address the most impactful recommendations for SaaS environments. For more information, see:
-
-- [SaaS Security Initiative](/defender-cloud-apps/saas-security-initiative)
+To effectively manage your organization's SaaS security posture, we recommend beginning with the SaaS Security initiative. This initiative consolidates best practices and measurable metrics specifically for securing SaaS applications, allowing you to prioritize and address the most impactful recommendations for SaaS environments. For more information, see [SaaS Security Initiative](/defender-cloud-apps/saas-security-initiative).
 
 In addition you can find a variety of SSPM recommendations under different initiatives. Key initiatives include:
 
@@ -70,7 +69,6 @@ In addition you can find a variety of SSPM recommendations under different initi
 - Business Email Compromise - Financial fraud
 - Zero Trust (Foundational)
 
-
 ## Next steps
 
 > [!div class="nextstepaction"]
diff --git a/CloudAppSecurityDocs/protect-zendesk.md b/CloudAppSecurityDocs/protect-zendesk.md
@@ -30,9 +30,9 @@ Connecting Zendesk to Defender for Cloud Apps gives you improved insights into y
 
 ## Control Zendesk with policies
 
-| **Type**                           | **Name**                                                     |
+|   Type                             |   Name                                                       |
 | ---------------------------------- | ------------------------------------------------------------ |
-| Built-in  anomaly detection policy | [Activity from   anonymous IP addresses](anomaly-detection-policy.md#activity-from-anonymous-ip-addresses)  <br /> [Activity from   infrequent country](anomaly-detection-policy.md#activity-from-infrequent-country) <br /> [Activity from   suspicious IP addresses](anomaly-detection-policy.md#activity-from-suspicious-ip-addresses)  <br /> [Impossible travel](anomaly-detection-policy.md#impossible-travel)  <br /> [Activity   performed by terminated user](anomaly-detection-policy.md#activity-performed-by-terminated-user) (requires Microsoft Entra ID as IdP)   <br />[Multiple failed   login attempts](anomaly-detection-policy.md#multiple-failed-login-attempts)  <br /> [Unusual   administrative activities](anomaly-detection-policy.md#unusual-activities-by-user)<br />   [Unusual impersonated activities](anomaly-detection-policy.md#unusual-activities-by-user) |
+| Built-in  anomaly detection policy | [Activity from anonymous IP addresses](anomaly-detection-policy.md#activity-from-anonymous-ip-addresses)  <br /> [Activity from   infrequent country](anomaly-detection-policy.md#activity-from-infrequent-country) <br /> [Activity from   suspicious IP addresses](anomaly-detection-policy.md#activity-from-suspicious-ip-addresses)  <br /> [Impossible travel](anomaly-detection-policy.md#impossible-travel)  <br /> [Activity   performed by terminated user](anomaly-detection-policy.md#activity-performed-by-terminated-user) (requires Microsoft Entra ID as IdP)   <br />[Multiple failed   login attempts](anomaly-detection-policy.md#multiple-failed-login-attempts)  <br /> [Unusual   administrative activities](anomaly-detection-policy.md#unusual-activities-by-user)<br />   [Unusual impersonated activities](anomaly-detection-policy.md#unusual-activities-by-user) |
 | Activity  policy                   | Built a customized policy by the Zendesk audit log |
 
 For more information about creating policies, see [Create a policy](control-cloud-apps-with-policies.md#create-a-policy).
@@ -41,7 +41,7 @@ For more information about creating policies, see [Create a policy](control-clou
 
 In addition to monitoring for potential threats, you can apply and automate the following Zendesk governance actions to remediate detected threats:
 
-| **Type**        | **Action**                                                   |
+|   Type          |   Action                                                     |
 | --------------- | ------------------------------------------------------------ |
 | User governance | Notify user on  alert (via Microsoft Entra ID)<br />  Require user to sign in again (via Microsoft Entra ID)   <br /> Suspend user (via Microsoft Entra ID) |
 
diff --git a/CloudAppSecurityDocs/saas-security-initiative.md b/CloudAppSecurityDocs/saas-security-initiative.md
@@ -4,13 +4,14 @@ description: Learn how to use the "SaaS security initiative" in Microsoft XDR
 ms.topic: how-to
 ms.date: 10/31/2024
 ---
-# SaaS Security Initiative 
+# SaaS Security Initiative
 
 > [!NOTE]
 > Microsoft Security Exposure Management data and capabilities are currently unavailable in U.S Government clouds - GCC, GCC High and DoD.
 
 The SaaS Security Initiative provides a centralized place for SaaS security best practices, enabling organizations to manage and prioritize security recommendations effectively. By focusing on the most impactful metrics, organizations can enhance their SaaS security posture efficiently.
-![Screenshot of the SaaS security initiative home page.](<media\saas-securty-initiative\screenshot-of-the-saas-security-initiative-home-page.png>)
+
+![Screenshot of the SaaS security initiative home page.](media\saas-securty-initiative\screenshot-of-the-saas-security-initiative-home-page.png)
 
 
 ## What is the SaaS Security Initiative?
@@ -22,24 +23,24 @@ The SaaS Security Initiative serves as the main hub for SaaS Security Posture Ma
 - Your organization must have Microsoft Defender for Cloud Apps licenses.
 - The app which you wish to see security recommendations for, must be connected.
 - For more information, see:
-
-    - [Connect apps to get visibility and control with Microsoft Defender for Cloud Apps](enable-instant-visibility-protection-and-governance-actions-for-your-apps.md)
-    - [Learn which of the apps connectors provides security recommendations ](enable-instant-visibility-protection-and-governance-actions-for-your-apps.md#user-app-governance-and-security-configuration-visibility)
+  - [Connect apps to get visibility and control with Microsoft Defender for Cloud Apps](enable-instant-visibility-protection-and-governance-actions-for-your-apps.md)
+  - [Learn which of the apps connectors provides security recommendations ](enable-instant-visibility-protection-and-governance-actions-for-your-apps.md#user-app-governance-and-security-configuration-visibility)
 
 ## Operational Guidelines
+
 To initiate the process, navigate to the **Exposure Management** blade and select **Initiatives**. Click on the **SaaS Security** initiative and then select **Open Initiative Page**.
 
-On this page, you'll find 12 measurable metrics that categorize hundreds of best practice recommendations. 
+On this page, you'll find 12 measurable metrics that categorize hundreds of best practice recommendations.
 
-It's recommended to prioritize metrics with the highest **Impact on Initiative Score**, which is a composite measure that considers both the **Weight** of each recommendation and the percentage of **Non-Compliant** recommendations. To effectively monitor progress, it's advisable to set a **target score** for your organization’s security posture. This target will serve as a benchmark for improvement and help track advancements over time.
+It's recommended to prioritize metrics with the highest **Impact on Initiative Score**, which is a composite measure that considers both the **Weight** of each recommendation and the percentage of **Non-Compliant** recommendations. To effectively monitor progress, it's advisable to set a **target score** for your organization's security posture. This target will serve as a benchmark for improvement and help track advancements over time.
 
 For instance, to gain visibility into all best practice recommendations pertaining to privileged access within SaaS applications, select the metric labeled **Missing Best Practices to Secure Privileged Access in SaaS Apps**.
 
 Once selected, you can click on any of the **Non-Compliant** recommendations to access the associated remediation steps.
 
 ## Additional Information
 
-- Each metric includes a list of associated app connectors, encouraging organizations to enable more connectors for enhanced visibility. If you're interested in recommendations for specific applications, navigate to the **Security Recommendations** tab and filter by the relevant application.
-- To learn more about Exposure Management initiatives visit [here](../exposure-management/initiatives.md).
+Each metric includes a list of associated app connectors, encouraging organizations to enable more connectors for enhanced visibility. If you're interested in recommendations for specific applications, navigate to the **Security Recommendations** tab and filter by the relevant application.
 
+To learn more about Exposure Management initiatives, see [Review security initiatives](/security-exposure-management/initiatives).
 
diff --git a/defender-office-365/scc-permissions.md b/defender-office-365/scc-permissions.md
@@ -20,7 +20,7 @@ description: Admins can learn about the roles and role groups in Microsoft Defen
 ms.custom: 
 - seo-marvel-apr2020
 ms.service: defender-office-365
-ms.date: 06/24/2024
+ms.date: 11/27/2024
 ---
 
 # Roles and role groups in Microsoft Defender for Office 365 and Microsoft Purview
@@ -30,6 +30,7 @@ ms.date: 06/24/2024
 The [Microsoft Defender portal](/defender-xdr/microsoft-365-defender-portal), [Microsoft Purview portal](/purview/purview-portal), and the classic Microsoft Purview [compliance](/purview/microsoft-365-compliance-center) and [governance](/purview/use-microsoft-purview-governance-portal) portals have replaced the Security & Compliance Center as the places to manage Microsoft Defender for Office 365 and Microsoft Purview roles and role groups for your organization. For more information about permissions within these portals, see the following articles:
 
 - [Email & collaboration permissions in the Microsoft Defender portal](mdo-portal-permissions.md)
+- [Microsoft Defender XDR Unified role-based access control (RBAC)](/defender-xdr/manage-rbac)
 - [Permissions in the Microsoft Purview portal](/purview/purview-portal)
 - [Permissions in the Microsoft Purview compliance portal](/purview/microsoft-365-compliance-center-permissions)
 - [Permissions in the Microsoft Purview governance portal](/purview/roles-permissions)
@@ -42,6 +43,8 @@ This article contains the inventory of Defender for Office 365 and Microsoft Pur
 
 > [!NOTE]
 > In the Microsoft Defender XDR preview program, a different Microsoft Defender 365 RBAC model is also available. The permissions in this RBAC model are different from the Defender for Office 365 permissions as described in this article. For more information, see [Microsoft Defender XDR role-based access control (RBAC)](/defender-xdr/manage-rbac).
+> 
+> **If you activate Defender XDR RBAC for Email & collaboration, the permissions page at <https://security.microsoft.com/emailandcollabpermissions> is no longer available in the Defender portal**.
 
 ## Role groups in Microsoft Defender for Office 365 and Microsoft Purview
 
diff --git a/defender-office-365/tenant-allow-block-list-email-spoof-configure.md b/defender-office-365/tenant-allow-block-list-email-spoof-configure.md
