MicrosoftDocs
diff --git a/‎.openpublishing.redirection.defender.json‎
Lines changed: 15 additions & 0 deletions b/‎.openpublishing.redirection.defender.json‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎defender-business/mdb-asr.md‎
Lines changed: 1 addition & 4 deletions b/‎defender-business/mdb-asr.md‎
Lines changed: 1 addition & 4 deletions
diff --git a/‎defender-business/mdb-mtd.md‎
Lines changed: 5 additions & 5 deletions b/‎defender-business/mdb-mtd.md‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎defender-endpoint/TOC.yml‎
Lines changed: 0 additions & 4 deletions b/‎defender-endpoint/TOC.yml‎
Lines changed: 0 additions & 4 deletions
diff --git a/‎defender-endpoint/access-mssp-portal.md‎
Lines changed: 1 addition & 0 deletions b/‎defender-endpoint/access-mssp-portal.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎defender-endpoint/admin-submissions-mde.md‎
Lines changed: 11 additions & 9 deletions b/‎defender-endpoint/admin-submissions-mde.md‎
Lines changed: 11 additions & 9 deletions
diff --git a/‎defender-endpoint/android-configure-mam.md‎
Lines changed: 2 additions & 2 deletions b/‎defender-endpoint/android-configure-mam.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎defender-endpoint/android-intune.md‎
Lines changed: 2 additions & 2 deletions b/‎defender-endpoint/android-intune.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎defender-endpoint/android-support-signin.md‎
Lines changed: 28 additions & 5 deletions b/‎defender-endpoint/android-support-signin.md‎
Lines changed: 28 additions & 5 deletions
@@ -194,6 +194,21 @@
       "source_path": "defender-endpoint/collect-diagnostic-data-update-compliance.md",
       "redirect_url": "/defender-endpoint/collect-diagnostic-data",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-endpoint/attack-simulations.md",
+      "redirect_url": "/defender-endpoint/defender-endpoint-demonstrations",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "defender-endpoint/mssp-support.md",
+      "redirect_url": "/defender-endpoint/configure-mssp-support",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "defender-endpoint/evaluate-mde.md",
+      "redirect_url": "/defender-endpoint/evaluate-microsoft-defender-antivirus",
+      "redirect_document_id": false
     }
   ]
 }
@@ -4,7 +4,7 @@ description: Get an overview of attack surface reduction capabilities, including
 author: siosulli
 ms.author: siosulli
 manager: deniseb 
-ms.date: 06/07/2024
+ms.date: 07/23/2024
 ms.topic: conceptual
 ms.service: defender-business
 ms.localizationpriority: medium 
@@ -23,9 +23,6 @@ Your attack surfaces are all the places and ways that your organization's networ
 
 To help protect your network and devices, Microsoft Defender for Business includes several attack surface reduction capabilities, including attack surface reduction rules. This article describes how to set up your attack surface reduction rules and describes attack surface reduction capabilities.
 
-> [!NOTE]
-> Intune is not included in the standalone version of Defender for Business, but it can be added on.
-
 ## Standard protection ASR rules
 
 There are lots of attack surface reduction rules available. You don't have to set them all up at once. And, you can set up some rules in audit mode just to see how they work for your organization, and change them to work in block mode later. That said, we recommend enabling the following standard protection rules as soon as possible:
 
@@ -4,7 +4,7 @@ description: Get an overview of mobile threat defense in Defender for Business.
 author: siosulli
 ms.author: siosulli
 manager: deniseb 
-ms.date: 06/19/2024
+ms.date: 07/23/2024
 ms.topic: conceptual
 ms.service: defender-business
 ms.localizationpriority: medium 
@@ -37,17 +37,17 @@ The following table summarizes the capabilities that are included in mobile thre
 | **Microsoft Defender Vulnerability Management**<br/>Vulnerability assessment of onboarded mobile devices. Includes vulnerability assessments for operating systems and apps for Android and iOS. <br/>See [Use your vulnerability management dashboard in Microsoft Defender for Business](mdb-view-tvm-dashboard.md). | :::image type="content" source="/defender/media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included checkmark."::: |  See note 1 (below) |
 | **Network Protection** <br/>Protection against rogue Wi-Fi related threats and rogue certificates. <br/>Network protection is turned on by default with [next-generation protection](mdb-next-generation-protection.md). <br/>As part of mobile threat defense, network protection also includes the ability to allow root certification authority and private root certification authority certificates in Intune. It also establishes trust with endpoints. | See note 2 (below) | See note 2 (below) |
 | **Unified alerting** <br/>Alerts from all platforms are listed in the unified Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)). In the navigation pane, choose **Incidents**). <br/>See [View and manage incidents in Microsoft Defender for Business](mdb-view-manage-incidents.md) | :::image type="content" source="/defender/media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included checkmark."::: | :::image type="content" source="/defender/media/d238e041-6854-4a78-9141-049224df0795.png" alt-text="Included checkmark."::: |
-| **Conditional Access** and **conditional launch** <br/>[Conditional Access](/mem/intune/protect/conditional-access) and [conditional launch](/mem/intune/apps/app-protection-policies-access-actions) block risky devices from accessing corporate resources.<br/>-  Conditional Access policies require certain criteria to be met before a user can access company data on their mobile device. <br/>- Conditional launch policies enable your security team to block access or wipe devices that don't meet certain criteria.<br/>Defender for Business risk signals can also be added to app protection policies. | Requires Intune  | Requires Intune |
+| **Conditional Access** and **conditional launch** <br/>[Conditional Access](/mem/intune/protect/conditional-access) and [conditional launch](/mem/intune/apps/app-protection-policies-access-actions) block risky devices from accessing corporate resources.<br/>-  Conditional Access policies require certain criteria to be met before a user can access company data on their mobile device. <br/>- Conditional launch policies enable your security team to block access or wipe devices that don't meet certain criteria.<br/>- Defender for Business risk signals can also be added to app protection policies. | Requires Intune  | Requires Intune |
 | **Privacy controls** <br/>Configure privacy in threat reports by controlling the data sent by Defender for Business. Privacy controls are available for admin and end users, and for both enrolled and unenrolled devices. | Requires Intune | Requires Intune |
 | **Integration with Microsoft Tunnel** <br/>Integration with [Microsoft Tunnel](/mem/intune/protect/microsoft-tunnel-overview), a VPN gateway solution for Intune. | Requires Intune VPN Tunnel <br/>(see note 3 below) | Requires Intune VPN Tunnel <br/>(see note 3 below) |
 
 > [!NOTE]
-> 1. Intune is required for software/app vulnerabilities to be reported. Operating system vulnerabilities are included by default.
+> 1. Intune is used for software/app vulnerabilities to be reported. Operating system vulnerabilities are included by default.
 > 
-> 2. Intune is required to configure or manage an allow list of root certification authority and private root certification authority certificates.
+> 1. Use Intune to configure or manage an allow list of root certification authority and private root certification authority certificates.
 > 
 > 3. See [Prerequisites for the Microsoft Tunnel in Intune](/mem/intune/protect/microsoft-tunnel-prerequisites).
->
+
 
 ## How to get mobile threat defense capabilities
 
 
@@ -321,8 +321,6 @@
     items:
     - name: Integration with Microsoft Defender for Cloud
       href: azure-server-integration.md
-    - name: Run simulated attacks on devices
-      href: attack-simulations.md
     - name: Create an onboarding or offboarding notification rule
       href: onboarding-notification.md
     - name: Manage Microsoft Defender for Endpoint configuration settings on devices with Microsoft Intune
@@ -1403,8 +1401,6 @@
         href: api/exposed-apis-create-app-partners.md
       - name: Fetch alerts from customer tenant
         href: api/fetch-alerts-mssp.md
-      - name: Managed security service provider opportunity
-        href: mssp-support.md
     - name: Partner integration scenarios
       items:
       - name: Technical partner opportunities
 
@@ -2,6 +2,7 @@
 title: Access the Microsoft Defender XDR MSSP customer portal
 description: Access the Microsoft Defender XDR MSSP customer portal
 ms.service: defender-endpoint
+ms.subservice: onboard
 ms.author: siosulli
 author: siosulli
 ms.localizationpriority: medium
 
@@ -10,7 +10,7 @@ manager: deniseb
 ms.localizationpriority: medium
 audience: ITPro
 ms.topic: how-to
-ms.collection: 
+ms.collection:
 - m365-security
 - tier3
 ms.custom: FPFN
@@ -35,13 +35,15 @@ The new unified submissions experience is available only in subscriptions that i
 You need to assign permissions before you can perform the procedures in this article. Use one of the following options:
 
 **Microsoft Defender for Endpoint** permissions:
- - Submit files / file hashes: _"Alerts investigation" or "Manage security settings in Security Center"_
- - View submissions: "_View Data - Security operations"_
-                  
-**Microsoft Defender XDR** unified RBAC permissions:
- - Submit files / file hashes: *"Alerts (Manage)" or "Core security settings (manage)"*
- - View submissions: _"Security data basics (read)"_
-                        
+
+- Submit files / file hashes: _"Alerts investigation" or "Manage security settings in Security Center"_
+- View submissions: "_View Data - Security operations"_
+
+**Microsoft Defender XDR Unified RBAC** permissions:
+
+- Submit files / file hashes: _"Alerts (Manage)" or "Core security settings (manage)"_
+- View submissions: _"Security data basics (read)"_
+
 For more information about how you can submit spam, phish, URLs, and email attachments to Microsoft, see [Use the Submissions page to submit suspected spam, phish, URLs, legitimate email getting blocked, and email attachments to Microsoft](/defender-office-365/submissions-admin).
 
 ## Submit a file or file hash to Microsoft from the Defender portal
@@ -54,7 +56,7 @@ For more information about how you can submit spam, phish, URLs, and email attac
 
    :::image type="content" source="/defender/media/unified-admin-submission-new.png" alt-text="Screenshot showing how to add a new submission.":::
 
-2. In the **Submit items to Microsoft for review** flyout that opens, select **Files** or **File hash** from the **Select the submission type** dropdown list.
+4. In the **Submit items to Microsoft for review** flyout that opens, select **Files** or **File hash** from the **Select the submission type** dropdown list.
 
    - If you selected **Files**, configure the following options:
      - Select **Browse files**. In the dialog that opens, find and select the file, and then select **Open**. Repeat this step as many times as necessary. To remove an entry from the flyout, select :::image type="icon" source="/defender/media/m365-cc-sc-close-icon.png" border="false"::: next to the entry.
 
@@ -14,7 +14,7 @@ ms.collection:
 - mde-android
 ms.topic: conceptual
 ms.subservice: android
-ms.date: 01/13/2023
+ms.date: 07/25/2024
 ---
 
 # Configure Microsoft Defender for Endpoint on Android risk signals using App Protection Policies (MAM)
@@ -138,7 +138,7 @@ End users also need to take steps to install Microsoft Defender for Endpoint on
 
 ## Configure Web protection
 
-Defender for Endpoint on Android allows IT Administrators to configure web protection. Web protection is available within the [Microsoft Intune admin center](https://endpoint.microsoft.com).
+Defender for Endpoint on Android allows IT Administrators to configure web protection. Web protection is available within the [Microsoft Intune admin center](https://intune.microsoft.com).
 
 Web protection helps to secure devices against web threats and protect users from phishing attacks. Note that anti-phishing and custom indicators (URL and IP addresses) are supported as part of web protection. Web content filtering is currently not supported on mobile platforms.
 
 
@@ -15,7 +15,7 @@ ms.custom: partner-contribution
 ms.topic: conceptual
 ms.subservice: android
 search.appverid: met150
-ms.date: 05/22/2024
+ms.date: 07/25/2024
 ---
 
 # Deploy Microsoft Defender for Endpoint on Android with Microsoft Intune
@@ -293,7 +293,7 @@ Android low touch onboarding is disabled by default. Admins can enable it throug
 
 ### Set up Microsoft Defender in Personal Profile
 
-Admins can go to the [Microsoft Endpoint Management admin center](https://endpoint.microsoft.com) to set up and configure Microsoft Defender support in personal profiles by following these steps:
+Admins can go to the [Microsoft Endpoint Management admin center](https://intune.microsoft.com) to set up and configure Microsoft Defender support in personal profiles by following these steps:
 
 1. Go to **Apps> App configuration policies** and click on **Add**. Select **Managed Devices**.
 
 
@@ -108,19 +108,42 @@ Defender App asks for Battery Optimization/Permanent Protection permission on de
 
 **Cause:**
 
-Xiaomi changed the battery optimization permissions in Android 11. Defender for Endpoint isn't allowed to configure this setting to ignore battery optimizations.
+Xiaomi changed the battery optimization permissions from Android 11 onwards. Defender for Endpoint isn't allowed to configure this setting to ignore battery optimizations.
 
-**Solution:**
- 1. Install MDE app in personal profile. (Sign-in isn't required.) 
+**Solution 1:**
+
+The Android devices Battery Optimization screen opens automatically as part of the onboarding flow where the user needs to give the permissions. The user must then follow these steps to get on-boarded:
+
+1. Select Work Profile to see all of the work profile apps
+
+![Image of Battery Optimisation screen](media/android-support-signin/image.png)
+2. Tap on **Not optimised** and select **All Apps**
+
+![Image of Optimisation dropdown menu](media/android-support-signin/image1.png)
+
+![Image of All Apps option in the dropdown](media/android-support-signin/image2.png)
+
+3. Scroll down to find **Microsoft Defender** and tap on it
+
+![Image of All Apps including Microsoft Defender](media/android-support-signin/image3.png)
+
+4. Select **Don’t Optimise** option and tap on **Done**
+
+![Image of the Microsoft Defende Optimise drop down](media/android-support-signin/image4.png)
+
+5. Navigate back to Defender
+
+**Solution 2** (needed in case the Solution 1 does not work):
+
+1. Install MDE app in personal profile. (Sign-in isn't required.) 
  2. Open the Company Portal and tap on Settings. 
  3. Go to the Battery Optimization section, tap on the **Turn Off** button, and then select on **Allow** to turn off Battery Optimization for the Company Portal. 
  4. Again, go to the Battery Optimization section and tap on the **Turn On** button. The battery saver section opens. 
  5. Find the Defender app and tap on it. 
  6. Select **No Restriction**. Go back to the Defender app in work profile and tap on **Allow** button.  
  7. The application shouldn't be uninstalled from personal profile for this to work. 
 
->[!NOTE]
->This is a temporary workaround. This can be used to unblock onboarding on Xiaomi devices. The Defender team is working on a permanent fix. As the MDE app is not onboarded in the personal profile, it will not have any visibility there.
+
 
 ## Unable to use banking applications with MDE app