Merge branch 'main' into fix-a-staging-issue

Author: padmagit77

CloudAppSecurityDocs/includes/entra-conditional-access-policy.md

@@ -14,21 +14,22 @@ ms.custom: include file
 
 This procedure provides a high-level example of how to create a Conditional Access policy for use with Defender for Cloud Apps.
 
-1. In Microsoft Entra ID Conditional Access, select **Create new policy**.
-
-1. Enter a meaningful name for your policy, and then select the link under **Session** to add controls to your policy.
-
-1. In the **Session** area, select **Use Conditional Access App Control**.
-
-1. In the **Users** area, select to include all users, or specific users and groups only.
-
-1. In the **Conditions** and **Client apps** areas, select the conditions and client apps that you want to include in your policy.
-
-1. Save the policy by toggling **Report-only** to **On**, and then selecting **Create**.
-
-Microsoft Entra ID supports both browser-based and non browser-based policies. We recommend that you create both types for increased security coverage.
-
-Repeat this procedure to create a nonbrowser based Conditional Access policy. In the **Client apps** area, toggle the **Configure** option to **Yes**. Then, under **Modern authentication clients**, clear the **Browser** option. Leave all other default selections selected.
+1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Conditional Access Administrator](/entra/identity/role-based-access-control/permissions-reference#conditional-access-administrator).
+1. Browse to **Entra ID** > **Conditional Access** > **Policies**.
+1. Select **New policy**.
+1. Give your policy a name. We recommend that organizations create a meaningful standard for the names of their policies.
+1. Under **Assignments**, select **Users or workload identities**.
+   1. Under **Include**, select **All users**
+   1. Under **Exclude**, select **Users and groups** and choose your organization's emergency access or break-glass accounts.
+1. Under **Target resources** > **Resources (formerly cloud apps)**, select the following options:
+   1. Under **Include**, choose **Select resources**.
+   1. Select the client apps that you want to include in your policy.
+1. Under **Conditions**, select any conditions that you want to include in your policy.
+1. Under **Access controls** > **Session**, select **Use app enforced restrictions**, then select **Select**.
+1. Confirm your settings and set **Enable policy** to **Report-only**.
+1. Select **Create** to create to enable your policy.
+
+After confirming your settings using [policy impact or report-only mode](/entra/identity/conditional-access/concept-conditional-access-report-only#reviewing-results), move the **Enable policy** toggle from **Report-only** to **On**.
 
 For more information, see [Conditional Access policies](/azure/active-directory/conditional-access/overview) and [Building a Conditional Access policy](/entra/identity/conditional-access/concept-conditional-access-policies).
 

defender-business/get-defender-business.md

@@ -80,7 +80,7 @@ Defender for Business provides advanced security protection for your company's d
 
 ## [Get Microsoft 365 Business Premium](#tab/getpremium)
 
-Microsoft 365 Business Premium includes Defender for Business, Microsoft Defender for Office 365 Plan 1, and Microsoft 365 Apps (formerly referred to as Office apps). For more information, see [Productivity and security for small and medium-sized businesses](/Microsoft-365/business-premium/why-choose-microsoft-365-business-premium).
+Microsoft 365 Business Premium includes Defender for Business, Microsoft Defender for Office 365 Plan 1, and Microsoft 365 Apps (formerly referred to as Office apps). For more information, see [Why should I choose Microsoft 365 Business Premium?](/microsoft-365/admin/security-and-compliance/m365bp-security-benefits).
 
 1. Visit the [Microsoft 365 Business Premium product page](https://www.microsoft.com/microsoft-365/business/microsoft-365-business-premium?activetab=pivot%3aoverviewtab).
 
@@ -90,10 +90,7 @@ Microsoft 365 Business Premium includes Defender for Business, Microsoft Defende
 
 4. Go to the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), where you view and manage security settings and devices for your organization. In the navigation bar, go to **Assets** > **Devices**. This action initiates the provisioning of Defender for Business for your tenant.
 
-5. Follow the guidance in [Boost your security protection](/Microsoft-365/business-premium/m365bp-security-overview) to set up your security capabilities.
-
-> [!IMPORTANT]
-> Make sure to complete all the steps described in [Microsoft 365 Business Premium – productivity and cybersecurity for small business](/Microsoft-365/business-premium/m365bp-overview).
+5. Follow the guidance in [Microsoft 365 for business security best practices](/microsoft-365/admin/security-and-compliance/m365b-security-best-practices) to set up your security capabilities.
 
 ---
 

defender-business/mdb-add-users.md

@@ -61,7 +61,7 @@ One good way to make sure MFA is enabled for all users is by using [security def
 
    > [!NOTE]
    > If your organization is using Conditional Access policies, don't enable security defaults. In this case, you might see a message that indicates you're using classic policies. To learn more, see the following articles:
-   > - [Multi-factor authentication](/Microsoft-365/business-premium/m365bp-turn-on-mfa) (in the Microsoft 365 Business Premium documentation)
+   > - [Multifactor authentication in Microsoft 365](/microsoft-365/admin/security-and-compliance/multi-factor-authentication-microsoft-365)
    > - [Security defaults in Microsoft Entra ID](/azure/active-directory/fundamentals/concept-fundamentals-security-defaults)
 
 5. Save your changes.

defender-business/mdb-onboard-devices.md

@@ -9,7 +9,7 @@ audience: Admin
 ms.topic: overview
 ms.service: defender-business
 ms.localizationpriority: medium
-ms.date: 12/12/2024
+ms.date: 09/12/2025
 ms.reviewer: efratka, nehabha, muktaagarwal
 f1.keywords: NOCSH
 ms.collection:
@@ -187,7 +187,7 @@ When you run the local script on Mac, it creates a trust with Microsoft Entra ID
    ```bash
    /usr/bin/unzip WindowsDefenderATPOnboardingPackage.zip \
    && /bin/chmod +x MicrosoftDefenderATPOnboardingMacOs.sh \
-   && /bin/bash -c MicrosoftDefenderATPOnboardingMacOs.sh
+   && Sudo bash -x MicrosoftDefenderATPOnboardingMacOs.sh
    ```
 
 After Mac is enrolled in Intune, you can add it to a device group. [Learn more about device groups in Defender for Business](mdb-create-edit-device-groups.md).

defender-business/mdb-requirements.md

@@ -53,7 +53,7 @@ The following table lists the basic requirements you need to configure and use D
 >    - If you don't have a Microsoft 365 subscription before you start your trial, Microsoft Entra ID will be provisioned for you during the activation process.
 >    - If you do have another Microsoft 365 subscription when you start your Defender for Business trial, you can use your existing Microsoft Entra service.
 >
-> 3. Security defaults are included in Defender for Business. If you prefer to use Conditional Access policies instead, you'll need Microsoft Entra ID P1 or P2 Plan 1 (included in [Microsoft 365 Business Premium](/Microsoft-365/business-premium/m365bp-overview)). To learn more, see [Multi-factor authentication](/Microsoft-365/business-premium/m365bp-turn-on-mfa).
+> 3. Security defaults are included in Defender for Business. If you prefer to use Conditional Access policies instead, you'll need Microsoft Entra ID P1 or P2 Plan 1 (included in [Microsoft 365 Business Premium](/Microsoft-365/business-premium/m365bp-overview)). To learn more, see [Multifactor authentication in Microsoft 365](/microsoft-365/admin/security-and-compliance/multi-factor-authentication-microsoft-365).
 
 ## Next steps
 

defender-endpoint/TOC.yml

@@ -1157,7 +1157,7 @@
           href: api/api-power-bi.md                         
     - name: Configure integration with other Microsoft solutions
       items:
-      - name: Configure conditional access
+      - name: Configure Conditional Access
         href: configure-conditional-access.md
       - name: Configure Microsoft Defender for Cloud Apps integration
         href: microsoft-cloud-app-security-config.md
@@ -1553,7 +1553,7 @@
       items:
       - name: Microsoft Defender for Endpoint integrations
         href: threat-protection-integration.md
-      - name: Protect users, data, and devices with conditional access
+      - name: Protect users, data, and devices with Conditional Access
         href: conditional-access.md
       - name: Microsoft Defender for Cloud Apps integration overview
         href: microsoft-cloud-app-security-integration.md