MicrosoftDocs
diff --git a/‎defender-endpoint/linux-whatsnew.md‎
Lines changed: 4 additions & 2 deletions b/‎defender-endpoint/linux-whatsnew.md‎
Lines changed: 4 additions & 2 deletions
diff --git a/‎defender-endpoint/transient-device-tagging.md‎
Lines changed: 3 additions & 0 deletions b/‎defender-endpoint/transient-device-tagging.md‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎defender-office-365/mdo-portal-permissions.md‎
Lines changed: 4 additions & 2 deletions b/‎defender-office-365/mdo-portal-permissions.md‎
Lines changed: 4 additions & 2 deletions
diff --git a/‎defender-office-365/media/outlook-report-as-not-junk.png‎
30.4 KB b/‎defender-office-365/media/outlook-report-as-not-junk.png‎
30.4 KB
diff --git a/‎defender-office-365/media/outlook-report-junk-phishing.png‎
21.3 KB b/‎defender-office-365/media/outlook-report-junk-phishing.png‎
21.3 KB
diff --git a/‎defender-office-365/media/owa-report-as-not-junk.png‎
-52.5 KB b/‎defender-office-365/media/owa-report-as-not-junk.png‎
-52.5 KB
diff --git a/‎defender-office-365/media/owa-report-junk-phishing.png‎
-50.8 KB b/‎defender-office-365/media/owa-report-junk-phishing.png‎
-50.8 KB
diff --git a/‎defender-office-365/submissions-outlook-report-messages.md‎
Lines changed: 43 additions & 28 deletions b/‎defender-office-365/submissions-outlook-report-messages.md‎
Lines changed: 43 additions & 28 deletions
diff --git a/‎defender-xdr/security-copilot-in-microsoft-365-defender.md‎
Lines changed: 4 additions & 4 deletions b/‎defender-xdr/security-copilot-in-microsoft-365-defender.md‎
Lines changed: 4 additions & 4 deletions
@@ -41,6 +41,9 @@ This article is updated frequently to let you know what's new in the latest rele
 >
 > If you have any concerns or need assistance during this transition, contact support.
 
+> [!NOTE]  
+> Defender for Endpoint on Linux is updated regularly. While security fixes are included as part of monthly releases, the fixes aren't always listed as a separate **Security Patch** item in these notes. If a release contains security-related updates, the updates are listed in this article under [Releases for Defender for Endpoint on Linux](#releases-for-defender-for-endpoint-on-linux) in the specific version section. For detailed information on Microsoft security updates, see the [Microsoft Security Update Guide](https://msrc.microsoft.com/update-guide).
+
 ## Releases for Defender for Endpoint on Linux
 
 ### September-2025 Build: 101.25082.0003 | Release version: 30.125082.0003.0
@@ -1426,8 +1429,7 @@ As an alternative approach, follow the instructions to [uninstall](linux-resourc
 
 #### What's new
 
-- This version contains a security update for [CVE-2022-23278](https://msrc-blog.microsoft.com/2022/03/08/guidance-for-cve-2022-23278-spoofing-in-microsoft-defender-for-endpoint/)
-
+- This version contains a security update for [CVE-2022-23278](https://www.microsoft.com/msrc/blog/2022/03/guidance-for-cve-2022-23278-spoofing-in-microsoft-defender-for-endpoint).
 
 ### Mar-2022 Build: 101.60.05 | Release version: 30.122012.16005.0
 
 
@@ -33,6 +33,9 @@ Transient device tagging uses an internal algorithm to tag transient devices in
 > [!IMPORTANT]
 > Transient tagging doesn't delete any devices from the network. It tags them, and then it filters them out of the device inventory by default.
 
+> [!IMPORTANT]
+> Defender for Endpoint automatically enforces transient device tagging using an internal algorithm. While administrators can't configure or disable tagging, they can define whether transient devices are visible in the inventory by changing the filter settings.
+
 ## How do I work with transient tagging?
 
 Transient devices are filtered out of the inventory by default. You can turn off the filter as needed. Note that turning off the filter doesn't affect tagging. The tag remains on inventory assets identified as transient.
 
@@ -19,7 +19,7 @@ description: Admins can learn how to manage Microsoft Defender for Office 365 (E
 ms.custom: 
 - seo-marvel-apr2020
 ms.service: defender-office-365
-ms.date: 02/20/2025
+ms.date: 09/29/2025
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/eop-about" target="_blank">Default email protections for cloud mailboxes</a>
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 1 and Plan 2</a>
@@ -38,7 +38,9 @@ You need to be member of the **Global Administrator**<sup>\*</sup> role in Micro
 
 - Some Defender for Office 365 features require additional permissions in Exchange Online. For more information, see [Permissions in Exchange Online](/exchange/permissions-exo/permissions-exo).
 - Microsoft Defender XDR has its own Unified role-based access control (RBAC). This model provides a single permissions management experience in one central location where admins can control permissions across different security solutions. These permissions are different from the permissions described in this article. For more information, see [Microsoft Defender XDR role-based access control (RBAC)](/defender-xdr/manage-rbac).
-- **If you activate Defender XDR RBAC for Email & collaboration, the permissions page at <https://security.microsoft.com/emailandcollabpermissions> is no longer available in the Defender portal, so you need to ensure that you configure or import your roles _before_ you activate Defender XDR Unified RBAC.**
+
+  > [!IMPORTANT]
+  > If you activate Defender XDR RBAC for Email & collaboration, the permissions page at <https://security.microsoft.com/emailandcollabpermissions> is no longer available in the Defender portal, so you need to ensure that you configure or import your roles _before_ you activate Defender XDR Unified RBAC.
 
   :::image type="content" source="media/defender-xdr-rbac-permissions-page.png" alt-text="Screenshot of the Permissions page in the Microsoft Defender portal showing Microsoft Defender XDR roles and Email & Collaboration roles." lightbox="media/defender-xdr-rbac-permissions-page.png":::
 
 
@@ -14,7 +14,7 @@ ms.collection:
 description: Learn how to report phishing and suspicious emails in supported versions of Outlook using the built-in Report button.
 ms.service: defender-office-365
 search.appverid: met150
-ms.date: 07/24/2025
+ms.date: 09/28/2025
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/eop-about" target="_blank">Default email protections for cloud mailboxes</a>
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 1 and Plan 2</a>
@@ -31,63 +31,78 @@ Microsoft provides the built-in **Report** button in [supported versions of Outl
 
 For more information about reporting messages to Microsoft, see [Report messages and files to Microsoft](submissions-report-messages-files-to-microsoft.md).
 
-Admins configure user reported messages to go to a specified reporting mailbox, to Microsoft, or both. These user reported messages are available on the **User reported** tab on the **Submissions** page in the Microsoft Defender portal. For more information, see [User reported settings](submissions-user-reported-messages-custom-mailbox.md).
+Admins configure user reported messages to go to a specified reporting mailbox, to Microsoft, or both. These reported messages are available on the **User reported** tab on the **Submissions** page in the Microsoft Defender portal. For more information, see [User reported settings](submissions-user-reported-messages-custom-mailbox.md).
 
 [!INCLUDE [MDO Setup guide](../includes/mdo-setup-guide.md)]
 
 ## Use the built-in Report button in Outlook
 
-- The built-in **Report** button is available in the following versions of Outlook:
-  - Outlook for Microsoft 365:
-    - **Current channel**: Version 16.0.17827.15010 or later.
-    - **Monthly Enterprise Channel**: Version 16.0.18025.20000 or later.
-    - **Semi-Annual Channel (Preview)**: Release 2502, build 16.0.18526.20024 or later.
-    - **Semi-Annual Channel**: Release 2502, build 16.0.18526.20024 or later.
-  - Outlook for Mac version 16.89 (24090815) or later.
-  - Outlook for iOS version 4.2511 or later.
-  - Outlook for Android version 4.2446 or later.
-  - The new Outlook for Windows.
-  - Outlook on the web.
+The built-in **Report** button is available in the following versions of Outlook:
 
-  The **Report** button is available in supported versions of Outlook if both of the following conditions are true:
+- Outlook for Microsoft 365:
+  - **Current channel**: Version 16.0.17827.15010 or later
+  - **Monthly Enterprise Channel**: Version 16.0.18025.20000 or later
+  - **Semi-Annual Channel (Preview)**: Release 2502, build 16.0.18526.20024 or later
+  - **Semi-Annual Channel**: Release 2502, build 16.0.18526.20024 or later
+- Outlook for Mac version 16.89 (24090815) or later<sup>\*</sup>
+- Outlook for iOS version 4.2511 or later<sup>\*</sup>
+- Outlook for Android version 4.2446 or later<sup>\*</sup>
+- The new Outlook for Windows<sup>\*</sup>
+- Outlook on the web<sup>\*</sup>
 
-  - User reporting is turned on.
-  - The built-in **Report** button is configured in the [user reported settings](submissions-user-reported-messages-custom-mailbox.md) at <https://security.microsoft.com/securitysettings/userSubmission>.
+<sup>\*</sup> In this version of Outlook, the built-in **Report** button also supports reporting messages from shared mailboxes or other mailboxes by a delegate.
 
-  If user reporting is turned off and a non-Microsoft add-in button is selected, the **Report** button isn't available in supported versions of Outlook.
+The **Report** button is available in supported versions of Outlook if both of the following conditions are true:
+
+- User reporting is turned on.
+- The built-in **Report** button is configured in the [user reported settings](submissions-user-reported-messages-custom-mailbox.md) at <https://security.microsoft.com/securitysettings/userSubmission>.
+
+If user reporting is turned off and a non-Microsoft add-in button is selected, the **Report** button isn't available in supported versions of Outlook.
 
-- The built-in **Report** button in Outlook on the web, Outlook for Mac, Outlook for iOS, Outlook for Android, and the new Outlook for Windows supports reporting messages from shared mailboxes or other mailboxes by a delegate.
-  
 ### Use the built-in Report button in Outlook to report junk and phishing messages
 
 - Users can report a message as junk from the Inbox or any email folder other than Junk Email folder.
 - Users can report a message as phishing from any email folder.
 
-In a supported version of Outlook, select one or more messages, select **Report**, and then select **Report phishing** or **Report junk** in the dropdown list.
+In a supported version of Outlook, select one or more messages, select **Report**, and then select **Report phishing** or **Report junk** in the dropdown list. For example:
+
+- **Outlook for Microsoft 365**:
+
+  > [!div class="mx-imgBorder"]
+  > :::image type="content" source="media/outlook-report-junk-phishing.png" alt-text="Screenshot of selecting the Report button after selecting a message in Outlook" lightbox="media/outlook-report-junk-phishing.png":::
 
-> [!div class="mx-imgBorder"]
-> :::image type="content" source="media/owa-report-junk-phishing.png" alt-text="The results of selecting the Report button after selecting multiple messages in Outlook on the web." lightbox="media/owa-report-junk-phishing.png":::
+- **Outlook on the web**:
+
+  > [!div class="mx-imgBorder"]
+  > :::image type="content" source="media/owa-report-junk-phishing.png" alt-text="Screenshot of selecting the Report button after selecting multiple messages in Outlook on the web." lightbox="media/owa-report-junk-phishing.png":::
 
 Based on the [User reported settings](submissions-user-reported-messages-custom-mailbox.md) in your organization, the messages are sent to the reporting mailbox, to Microsoft, or both. The following actions are also taken on the reported messages in the mailbox:
 
-- **Reported as junk**: The messages are moved to the Junk Email folder, and the sender is automatically added to the user's Blocked Senders list. 
+- **Reported as junk**: The messages are moved to the Junk Email folder, and the sender is automatically added to the user's Blocked Senders list.
 - **Reported as phishing**: The messages are deleted.
 
 ### Use the built-in Report button in Outlook to report messages that aren't junk
 
-In a supported version of Outlook, select one or more messages in the Junk Email folder, select **Report**, and then select **Not junk** in the dropdown list.
+In a supported version of Outlook, select one or more messages in the Junk Email folder, select **Report**, and then select **Not junk** in the dropdown list. Fo example:
+
+- **Outlook for Microsoft 365**:
+
+  > [!div class="mx-imgBorder"]
+  > :::image type="content" source="media/outlook-report-as-not-junk.png" alt-text="Screenshot of the Not junk selection from the Report button after selecting a message in the Junk Email folder in Outlook on the web." lightbox="media/outlook-report-as-not-junk.png":::
+
+- **Outlook on the web**:
 
-> [!div class="mx-imgBorder"]
-> :::image type="content" source="media/owa-report-as-not-junk.png" alt-text="The results of selecting the Report button after selecting multiple messages in the Junk Email folder in Outlook on the web." lightbox="media/owa-report-as-not-junk.png":::
+  > [!div class="mx-imgBorder"]
+  > :::image type="content" source="media/outlook-report-as-not-junk.png" alt-text="Screenshot of the Not junk selection from the Report button after selecting multiple messages in the Junk Email folder in Outlook on the web." lightbox="media/owa-report-as-not-junk.png":::
 
 Based on the [User reported settings](submissions-user-reported-messages-custom-mailbox.md) in your organization, the messages are sent to the reporting mailbox, to Microsoft, or both. The messages are also moved out of Junk Email to the Inbox.
 
 ## Review reported messages
 
-To review messages that users have reported to Microsoft, admins can use the **User reported** tab on the **Submissions** page in the Microsoft Defender portal at <https://security.microsoft.com/reportsubmission>. For more information, see [View user reported messages to Microsoft](submissions-admin.md#view-user-reported-messages-to-microsoft).
+To review messages that users reported to Microsoft, admins can use the **User reported** tab on the **Submissions** page in the Microsoft Defender portal at <https://security.microsoft.com/reportsubmission>. For more information, see [View user reported messages to Microsoft](submissions-admin.md#view-user-reported-messages-to-microsoft).
 
 > [!NOTE]
-> If the [User reported settings](submissions-user-reported-messages-custom-mailbox.md) in the organization send user reported messages (email and [Microsoft Teams](submissions-teams.md)) to Microsoft (exclusively or in addition to the reporting mailbox), we do the same checks as when admins submit messages to Microsoft for analysis from the **Submissions** page. So, submitting or resubmitting messages to Microsoft is useful to admins only for messages that have never been submitted to Microsoft, or when you disagree with the original verdict.
+> If the [User reported settings](submissions-user-reported-messages-custom-mailbox.md) in the organization send user reported messages (email and [Microsoft Teams](submissions-teams.md)) to Microsoft (exclusively or in addition to the reporting mailbox), we do the same checks as when admins submit messages to Microsoft for analysis from the **Submissions** page. So, submitting or resubmitting messages to Microsoft is useful to admins only for messages that were never submitted to Microsoft, or when you disagree with the original verdict.
 
 ## More information
 
 
@@ -1,5 +1,5 @@
 ---
-title: Microsoft Copilot in Microsoft Defender
+title: Microsoft Security Copilot in Microsoft Defender
 description: Learn about Microsoft Security Copilot capabilities embedded in Microsoft Defender.
 ms.service: defender-xdr
 f1.keywords:
@@ -26,14 +26,14 @@ appliesto:
 #customer intent: As a security analyst, I want to learn about Microsoft Security Copilot capabilities embedded in Microsoft Defender so that I can use them to perform my security tasks efficiently.
 ---
 
-# Microsoft Copilot in Microsoft Defender
+# Microsoft Security Copilot in Microsoft Defender
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
 > [!NOTE]
 > Microsoft Defender XDR provides a unified XDR experience for Microsoft Defender for Endpoint, Microsoft Defender for Identity, Microsoft Defender for Office 365, Microsoft Defender for Cloud Apps, and Microsoft Defender for Vulnerability Management. Learn more about this pre- and post-breach defense suite in [What is Microsoft Defender XDR?](microsoft-365-defender.md)
 
-This article provides an overview for users of Microsoft Copilot in Microsoft Defender, including steps to access, key capabilities, and links to the details of these capabilities.
+This article provides an overview for users of Microsoft Security Copilot in Microsoft Defender, including steps to access, key capabilities, and links to the details of these capabilities.
 
 ## Know before you begin
 
@@ -46,7 +46,7 @@ If you're new to Security Copilot, you should familiarize yourself with it by re
 - [Prompting in Security Copilot](/security-copilot/prompting-security-copilot)
 - [Responsible AI FAQs](responsible-ai-copilot-defender.md)
 
-## Microsoft Copilot integration in Microsoft Defender
+## Microsoft Security Copilot integration in Microsoft Defender
 
 [Microsoft Security Copilot](/security-copilot/microsoft-security-copilot) brings together the power of AI and human expertise to help security teams respond to attacks faster and more effectively. Security Copilot is embedded in the Microsoft Defender portal to help provide security teams with enhanced capabilities to investigate and respond to incidents, hunt for threats, and protect their organization with relevant threat intelligence. Copilot in Defender is available to users who have provisioned access to Security Copilot.