Merge branch 'main' into RespComp-chrisda

Author: chrisda

ATPDocs/remove-rbcd-microsoft-entra-seamless-single-sign-on-account.md

@@ -2,7 +2,7 @@
 title: 'Security assessment: Remove Resource Based Constrained Delegation for Microsoft Entra seamless SSO account'
 description: This article describes Microsoft Defender for Identity's Microsoft Entra Seamless Single sign-on (SSO) account with Resource Based Constrained Delegation (RBCD) applied security posture assessment report.
 author: RonitLitinsky
-ms.author: t-rlitinsky
+ms.author: rlitinsky
 ms.service: microsoft-defender-for-identity
 ms.topic: article
 ms.date:     08/22/2024

CloudAppSecurityDocs/discovery-kubernetes.md

@@ -38,7 +38,7 @@ This article describes how to configure automatic log upload for continuous repo
 1. Run the helm command using the following syntax:
 
     ```AzureCLI
-    helm install <release-name> oci://agentspublic.azurecr.io/logcollector-chart --version 1.0.0 --set inputString="<generated id> ",env.PUBLICIP="<public ip>",env.SYSLOG="true",env.COLLECTOR="<collector-name>",env.CONSOLE="<Console-id>",env.INCLUDE_TLS="on" --set-file ca=<absolute path of ca.pem file> --set-file serverkey=<absolute path of server-key.pem file> --set-file servercert=<absolute path of server-cert.pem file> --set replicas=<no of replicas> --set image.tag=0.272.0
+    helm install <release-name> oci://mcr.microsoft.com/mcas/helmchart/logcollector-chart --version 1.0.5 --set inputString="<generated id> ",env.PUBLICIP="<public ip>",env.SYSLOG="true",env.COLLECTOR="<collector-name>",env.CONSOLE="<Console-id>",env.INCLUDE_TLS="on" --set-file ca=<absolute path of ca.pem file> --set-file serverkey=<absolute path of server-key.pem file> --set-file servercert=<absolute path of server-cert.pem file> --set replicas=<no of replicas> -n <namespace>
     ```
 
     Find the values for the helm command using the docker command used when the collector is configured. For example:

defender-endpoint/ios-new-ux.md

@@ -6,7 +6,7 @@ ms.author: ewalsh
 author: emmwalshh
 ms.reviewer: sunasing; denishdonga
 ms.localizationpriority: medium
-ms.date: 03/20/2025
+ms.date: 03/21/2025
 manager: deniseb
 audience: ITPro
 ms.collection: 
@@ -18,58 +18,56 @@ ms.subservice: ios
 search.appverid: met150
 ---
 
-# User experiences in Microsoft Defender for Endpoint on iOS
+# User Experiences in Microsoft Defender for Endpoint on iOS
 
-As part of our ongoing commitment to delivering an exceptional user experience, we're excited to announce a series of upcoming enhancements to the user interface and overall experience of our **Microsoft Defender for Endpoint (MDE)** mobile app.
+As part of our ongoing commitment to delivering an exceptional user experience, we're excited to announce a series of upcoming enhancements to the user interface and overall experience of our **Microsoft Defender for Endpoint** mobile app.
 
 These updates are designed to improve usability, streamline navigation, and ensure that app meets the evolving needs of our users.
 
-## Key Changes
+## Key changes
 
-We're pleased to introduce the Device Protection feature card for our enterprise users which includes **Web Protection**, **Device Health**, and **Jail break** features are designed to be more user-friendly and accessible.
+We're pleased to introduce the Device Protection feature card for our enterprise users, which includes **Web Protection**, **Device Health**, and **Jail break** features that are designed to be more user-friendly and accessible.
 
-The updated cards also include **recommendation cards**, which prominently display any active alerts, keeping you informed. Features are now displayed as tiles on L2 screens to improve user experience and navigation efficiency.
+The updated cards also include **recommendation cards**, which prominently display any active alerts, keeping you informed. Features are now displayed as tiles to improve user experience and navigation efficiency.
 
 **The main changes involved are**:
 
-1. Main Dashboard changes
-2. List the features inside one Feature Card
-3. Detailed Feature Experience
-4. Recommendation Cards for Alerts
+- Main dashboard changes
+- List the features inside one feature card
+- Detailed features experience
+- Recommendation cards for alerts
 
 ### Main Dashboard changes
 
 The main Dashboard screen that appears for enterprise users as per our latest rollout of enhancements to the application.
 
 :::image type="content" source="media/mde-ios-main-dash-new.png" alt-text="Screenshot that shows the Microsoft Defender for Endpoint Mobile Dashboard on iOS devices before the new update." lightbox="media/mde-ios-main-dash-new.png":::
 
-### List the features inside one Feature Card
+### List the features inside one feature card
 
-We list the feature Web Protection, Device Health, and Jail Break under one feature Card "Device Protection," which earlier had a new card on Dashboard screen for each functionality.
+One feature card called **Device Protection** lists Web Protection, Device Health, and Jail Break. Previously, the dashboard had one card for each set of capabilities. In the new experience, only the Device Protection card changes.
 
 :::image type="content" source="media/mde-ios-list-new.png" alt-text="Screenshot that shows the Microsoft Defender for Endpoint Feature Card." lightbox="media/mde-ios-list-new.png":::
 
 ### Detailed Feature Experience
 
-We updated all the subordinating screens associated with the feature
+We updated all the subordinating screens associated with the **Device Protection** feature
 
 1. **Web Protection**
 
-:::image type="content" source="media/mde-ios-web-protection-new.png" alt-text="Screenshot that shows the web protection feature on the MDE iOS app." lightbox="media/mde-ios-web-protection-new.png":::
+   :::image type="content" source="media/mde-ios-web-protection-new.png" alt-text="Screenshot that shows the web protection feature on the Defender for Endpoint on iOS app." lightbox="media/mde-ios-web-protection-new.png":::
 
 2. **Device Health**
 
-:::image type="content" source="media/mde-device-health-new.png" alt-text="Screenshot that shows the new device health feature on the MDE iOS app." lightbox="media/mde-device-health-new.png":::
+   :::image type="content" source="media/mde-device-health-new.png" alt-text="Screenshot that shows the new device health feature on the Defender for Endpoint on iOS app." lightbox="media/mde-device-health-new.png":::
 
 ### Recommendation Cards for Alerts
 
-Hero cards are implemented to provide a more cohesive user experience. These cards are designed to display important alerts and notifications prominently on the dashboard.
- 
-**Both the Recommendation Cards are attached to the Device Protection feature card**:
+The structure of the dashboard is updated to include a recommendation card that contains active alerts (if any). In case there are multiple alerts, resolving the top alert brings forward the next one. Recommendation cards are implemented to provide a more cohesive user experience. These cards are designed to display important alerts and notifications prominently on the dashboard. Here are a few examples:
 
 1. **Web Protection**
 
-    :::image type="content" source="media/mde-ios-web-protection-rec-card.png" alt-text="Screenshot that shows the web protection  recommendation card feature on the MDE iOS app." lightbox="media/mde-ios-web-protection-rec-card.png":::
+    :::image type="content" source="media/mde-ios-web-protection-rec-card.png" alt-text="Screenshot that shows the web protection  recommendation card feature on the Defender for Endpoint on iOS app." lightbox="media/mde-ios-web-protection-rec-card.png":::
 
 2. **Device Health (iOS Update)**
 

defender-endpoint/microsoft-defender-endpoint-ios.md

@@ -3,8 +3,8 @@ title: Microsoft Defender for Endpoint on iOS
 ms.reviewer: 
 description: Describes how to install and use Microsoft Defender for Endpoint on iOS
 ms.service: defender-endpoint
-ms.author: deniseb
-author: denisebmsft
+ms.author: ewalsh
+author: emmwalshh
 ms.localizationpriority: medium
 manager: deniseb
 audience: ITPro
@@ -15,7 +15,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: ios
 search.appverid: met150
-ms.date: 02/12/2025
+ms.date: 03/21/2025
 ---
 
 # Microsoft Defender for Endpoint on iOS
@@ -32,7 +32,7 @@ ms.date: 02/12/2025
 **Microsoft Defender for Endpoint on iOS** offers protection against phishing and unsafe network connections from websites, emails, and apps. All alerts are available through a single pane of glass in the Microsoft Defender portal. The portal gives security teams a centralized view of threats on iOS devices along with other platforms.
 
 > [!CAUTION]
-> Running other third-party endpoint protection products alongside Defender for Endpoint on iOS is likely to cause performance problems and unpredictable system errors.
+> Running other non-Microsoft endpoint protection products alongside Defender for Endpoint on iOS is likely to cause performance problems and unpredictable system errors.
 
 ## Prerequisites
 
@@ -45,7 +45,7 @@ ms.date: 02/12/2025
    Intune Company Portal app can be downloaded from the [Apple App Store](https://apps.apple.com/us/app/intune-company-portal/id719171358).
 
    > [!NOTE]
-   > Apple does not allow redirecting users to download other apps from the app store so this step needs to be done by the user before onboarding to Microsoft Defender for Endpoint app.
+   > Apple doesn't allow redirecting users to download other apps from the app store so this step needs to be done by the user before onboarding to Microsoft Defender for Endpoint app.
 
    Devices are registered with Microsoft Entra ID. This configuration requires the end user to be signed in through [Microsoft Authenticator app](https://apps.apple.com/app/microsoft-authenticator/id983156458).
 
@@ -54,8 +54,8 @@ ms.date: 02/12/2025
 - For more information on how to assign licenses, see [Assign licenses to users](/azure/active-directory/users-groups-roles/licensing-groups-assign).
 
 > [!NOTE]
-> - Defender for Endpoint on iOS requires configuring its VPN to activate the Web Protection feature and to send periodic status signals while the app operates in the background. This VPN is local and pass-through, meaning it does not route traffic through a remote VPN server.
-> - Customers who opt not to set up a Defender for Endpoint VPN can disable Web Protection and still deploy Defender for Endpoint. In such cases, Defender for Endpoint will only send status signals to the Microsoft Defender portal when the user opens the app. If the app is not opened for 7 days, the device may be marked as inactive in the Microsoft Defender Portal.
+> - Defender for Endpoint on iOS requires configuring its VPN to activate the Web Protection feature and to send periodic status signals while the app operates in the background. This VPN is local and pass-through, meaning it doesn't route traffic through a remote VPN server.
+> - Customers who opt not to set up a Defender for Endpoint VPN can disable Web Protection and still deploy Defender for Endpoint. In such cases, Defender for Endpoint will only send status signals to the Microsoft Defender portal when the user opens the app. If the app isn't opened for seven days, the device might be marked as inactive in the Microsoft Defender Portal.
 
 ### For Administrators
 
@@ -90,6 +90,9 @@ Deployment of Microsoft Defender for Endpoint on iOS can be done via Microsoft I
 - For information on deploying on enrolled devices through Microsoft Configuration Manager or Intune, see [Deploy Microsoft Defender for Endpoint on iOS](ios-install.md).
 - For information on using Defender for Endpoint in app protection policy (MAM), see [Configure app protection policy to include Defender for Endpoint risk signals (MAM)](ios-install-unmanaged.md)
 
+> [!NOTE]
+> If a user has a valid MDE license and is registered in the Authenticator App or Company Portal App, and signs in to the Defender App, the device appears in the Defender Portal.
+
 ## Resources
 
 - Stay informed about upcoming releases by visiting [What's new in Microsoft Defender for Endpoint on iOS](ios-whatsnew.md) or our [blog](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/bg-p/MicrosoftDefenderATPBlog/label-name/iOS).

defender-endpoint/microsoft-defender-endpoint.md

@@ -2,8 +2,8 @@
 title: Microsoft Defender for Endpoint
 description: Microsoft Defender for Endpoint is an enterprise endpoint security platform that helps defend against advanced persistent threats.
 ms.service: defender-endpoint
-ms.author: deniseb
-author: denisebmsft
+ms.author: ewalsh
+author: emmwalshh
 ms.localizationpriority: high
 manager: deniseb
 audience: ITPro
@@ -14,7 +14,7 @@ ms.collection:
 ms.custom: intro-overview
 ms.topic: conceptual
 search.appverid: met150
-ms.date: 09/25/2024
+ms.date: 03/21/2025
 ---
 
 # Microsoft Defender for Endpoint
@@ -45,7 +45,7 @@ Watch the following video to learn more about Defender for Endpoint:
 
 Defender for Endpoint uses the following combination of technology built into Windows 10 and Microsoft's robust cloud service:
 
-- **Endpoint behavioral sensors**: Embedded in Windows 10, these sensors collect and process behavioral signals from the operating system and send this sensor data to your private, isolated, cloud instance of Microsoft Defender for Endpoint.
+- **Endpoint behavioral sensors**: These sensors are embedded in Windows 10, collecting and processing behavioral signals from the operating system. The sensor data is then sent to your private, isolated cloud instance of Microsoft Defender for Endpoint.
 
 - **Cloud security analytics**: Using big-data, device learning, and unique Microsoft optics across the Windows ecosystem, enterprise cloud products (such as Office 365), and online assets, behavioral signals are translated into insights, detections, and recommended responses to advanced threats.
 
@@ -76,12 +76,12 @@ Defender for Endpoint uses the following combination of technology built into Wi
 > [!VIDEO https://learn-video.azurefd.net/vod/player?id=95c63786-0382-413d-8a75-eb373e825fa6]
 
 > [!TIP]
-> - Learn about the latest enhancements in Defender for Endpoint: [What's new in Microsoft Defender for Endpoint](whats-new-in-microsoft-defender-endpoint.md).
+> - Learn about the latest enhancements in Defender for Endpoint: [What's new in Microsoft Defender for Endpoint](whats-new-in-microsoft-defender-endpoint.md)?
 > - Microsoft Defender for Endpoint demonstrated industry-leading optics and detection capabilities in the recent MITRE evaluation. Read: [Insights from the MITRE ATT&CK-based evaluation](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp/).
 
 
 > [!IMPORTANT]
-> The capabilities on non-Windows platforms may be different from the ones for Windows. For more information on what capabilities are available for non-Windows platforms, see [Microsoft Defender for Endpoint for non-Windows platforms](non-windows.md).
+> The capabilities on non-Windows platforms might be different from the ones for Windows. For more information on what capabilities are available for non-Windows platforms, see [Microsoft Defender for Endpoint for non-Windows platforms](non-windows.md).
 
 <a name="tvm"></a>
 
@@ -95,7 +95,7 @@ For more information on the different vulnerability management capabilities avai
 
 **[Attack surface reduction](overview-attack-surface-reduction.md)**
 
-The attack surface reduction set of capabilities provides the first line of defense in the stack. By ensuring configuration settings are properly set and exploit mitigation techniques are applied, the capabilities resist attacks and exploitation. This set of capabilities also includes [network protection](network-protection.md) and [web protection](web-protection-overview.md), which regulate access to malicious IP addresses, domains, and URLs.
+The attack surface reduction set of capabilities provides the frontline of defense in the stack. By ensuring configuration settings are properly set and exploit mitigation techniques are applied, the capabilities resist attacks and exploitation. This set of capabilities also includes [network protection](network-protection.md) and [web protection](web-protection-overview.md), which regulate access to malicious IP addresses, domains, and URLs.
 
 <a name="ngp"></a>
 
@@ -113,7 +113,7 @@ Endpoint detection and response capabilities are put in place to detect, investi
 
 **[Automated investigation and remediation](automated-investigations.md)**
 
-In conjunction with being able to quickly respond to advanced attacks, Microsoft Defender for Endpoint offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale.
+With being able to quickly, respond to advanced attacks. Microsoft Defender for Endpoint offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale.
 
 <a name="ss"></a>
 
@@ -123,14 +123,14 @@ Defender for Endpoint includes Microsoft Secure Score for Devices to help you dy
 
 <a name="mte"></a>
 
-**[Microsoft Threat Experts](endpoint-attack-notifications.md)**
+**[Microsoft Defender Experts](endpoint-attack-notifications.md)**
 
-Microsoft Defender for Endpoint's new managed threat hunting service provides proactive hunting, prioritization, and more context and insights that further empower Security operation centers (SOCs) to identify and respond to threats quickly and accurately.
+Microsoft Defender for Endpoint's managed threat hunting service provides proactive hunting, prioritization, and more context and insights that further empower security operation centers (SOCs) to identify and respond to threats quickly and accurately.
 
 > [!IMPORTANT]
-> Defender for Endpoint customers need to apply for the Microsoft Threat Experts managed threat hunting service to get proactive Targeted Attack Notifications and to collaborate with experts on demand. Experts on Demand is an add-on service. Targeted Attack Notifications are always included after you have been accepted into Microsoft Threat Experts managed threat hunting service.
+> Defenders for Endpoint customers need to apply for the Microsoft's managed threat hunting service to get proactive Endpoint Attack Notifications and to collaborate with experts on demand. Experts on Demand are an add-on service. Endpoint Attack Notifications are always included after you have been accepted into Microsoft Defender Experts managed threat hunting service.
 >
-> If you aren't enrolled yet and would like to experience its benefits, go to **Settings** \> **General** \> **Advanced features** \> **Microsoft Threat Experts** to apply. Once accepted, you'll get the benefits of Targeted Attack Notifications, and start a 90-day trial of Experts on Demand. Contact your Microsoft representative to get a full Experts on Demand subscription.
+> If you aren't enrolled yet and would like to experience its benefits, go to **Settings** \> **Endpoints** \> **Advanced features** \> **Endpoint Attack Notifications** to apply. Once accepted, you get the benefits of Endpoint Attack Notifications, and start a 90-day trial of Experts on Demand. Contact your Microsoft representative to get a full Expert on Demand subscription.
 
 <a name="apis"></a>