Merge branch 'main' into docs-editor/fixed-reported-inaccuracies-1738162286

Author: denisebmsft

ATPDocs/privacy-compliance.md

@@ -22,14 +22,13 @@ For more information see: [Microsoft Defender for Identity monitored activities]
 
 Defender for Identity operates in the Microsoft Azure data centers in the following locations:
 
-- European Union
-- United Kingdom
-- United States
-- Australia
-- Switzerland
-- Singapore
-
-- India
+- European Union (West Europe, North Europe)
+- United Kingdom (UK South) 
+- United States (East US, West US, West US2)
+- Australia (Australia East)
+- Switzerland (Switzerland North)
+- Singapore (Southeast Asia)
+- India (Central India, South India)
 
 Customer data collected by the service might be stored as follows:
 

CloudAppSecurityDocs/get-started.md

@@ -160,7 +160,7 @@ Now the risk scores given to discovered apps are configured precisely according
 Some features work best when they're customized to your needs.
 Provide a better experience for your users with your own email templates. Decide what notifications you receive and customize your risk score metric to fit your organization's preferences.
 
-## Step 7: Organize the data according to your needs
+## Step 6: Organize the data according to your needs
 
 **How to page**: [Working with IP ranges and tags](ip-tags.md)
 

CloudAppSecurityDocs/includes/entra-conditional-access-policy.md

@@ -30,7 +30,13 @@ Microsoft Entra ID supports both browser-based and non browser-based policies. W
 
 Repeat this procedure to create a nonbrowser based Conditional Access policy. In the **Client apps** area, toggle the **Configure** option to **Yes**. Then, under **Modern authentication clients**, clear the **Browser** option. Leave all other default selections selected.
 
-Note: The Enterprise application “Microsoft Defender for Cloud Apps – Session Controls” is used internally by the Conditional Access App Control service. 
-Please ensure the CA policy does not restrict access to this application in the **Target resources**. 
-
 For more information, see [Conditional Access policies](/azure/active-directory/conditional-access/overview) and [Building a Conditional Access policy](/entra/identity/conditional-access/concept-conditional-access-policies).
+
+> [!NOTE]
+> Microsoft Defender for Cloud Apps utilizes the application **Microsoft Defender for Cloud Apps - Session Controls** as part of the Conditional Access App Control service for user sign-in. This application is located within the 'Enterprise Applications' section of Entra ID. 
+To protect your SaaS applications with Session Controls, you must allow access to this application. 
+If you block access to this application through an Entra ID Conditional Access policy, end users won't be able to access the protected applications under session controls. <br>
+>
+>It's important to ensure that this application isn't unintentionally restricted by any Conditional Access policies. For policies that restrict all or certain applications, please ensure this application is listed as an exception in the **Target resources** or confirm that the blocking policy is deliberate.<br>  
+>
+>To ensure your location-based conditional access policies function correctly, include the **Microsoft Defender for Cloud Apps – Session Controls** application in those policies.

CloudAppSecurityDocs/ip-tags.md

@@ -40,7 +40,7 @@ In the Microsoft Defender Portal, select **Settings**. Then choose **Cloud Apps*
 
     - **Corporate**: These IPs should be all the public IP addresses of your internal network, your branch offices, and your Wi-Fi roaming addresses.
 
-    - **Risky**: These IPs should be any IP addresses that you consider risky. They can include suspicious IP addresses you've seen in the past, IP addresses in your competitors' networks, and so on.
+    - **Risky**: These IPs should be any IP addresses that you consider risky. They can include suspicious IP addresses you've seen in the past, IP addresses in your competitors' networks, and so on. It is suggested to be cautious with applying automatic governance actions only based on risky IP, since there are some cases when IPs that serve malicious actors are also being in use by legitimate employees, hence our recommendation is to examine each case by itself.
 
     - **VPN**: These IPs should be any IP addresses you use for remote workers. By using this category, you can avoid raising [impossible travel](anomaly-detection-policy.md#impossible-travel) alerts when employees connect from their home locations via the corporate VPN.
 

CloudAppSecurityDocs/policies-threat-protection.md

@@ -88,7 +88,7 @@ You must have at least one app connected using [app connectors](enable-instant-v
 
 ## Detect and alert when Admin activity is detected on risky IP addresses
 
-Detect admin activities performed from and IP address that is considered a risky IP address, and notify the system admin for further investigation or set a governance action on the admin's account.
+Detect admin activities performed from and IP address that is considered a risky IP address, and notify the system admin for further investigation or set a governance action on the admin's account. Learn more [how to work with IP ranges and Risky IP](/defender-cloud-apps/ip-tags).
 
 ### Prerequisites
 

CloudAppSecurityDocs/troubleshooting-api-connectors-using-error-messages.md

@@ -49,6 +49,7 @@ App connector errors can be seen in the app connector dialog after attempting to
 > |Get Permissions: NoHttpResponseException: `*******.salesforce.com:443` failed to respond|Salesforce|IP restriction on customer ENV.|In the Salesforce portal, under **Setup** > **Session Settings**, clear the **Lock sessions to the IP address from which they originated** check box.|
 > |team_not_authorized|Slack|Slack Discovery API is not enabled.|Contact Slack support and ask to enable Discovery API.|
 > |RuntimeException: com.adallom.adalib.httputils.exceptions.HttpRequestFailure: Server returned: 403 Forbidden|ServiceNow|Permissions are incorrect|Follow the process to connect ServiceNow to Defender for Cloud Apps again using an admin account.|
+> |Operation you are attempting to perform is not supported by your plan|Smartsheet|The Smartsheet Plan is not correct, an enterprise license with the platinum package is required|Upgrade Smartsheet license.|
 > |Get events: {"code":403,"serverResponse"<br />Get users: {"code":403,"serverResponse"<br />…<br />"body":"{"error":"permission denied"}"|Workday|Insufficient permission to access audit logs and/or user endpoints|Verify all permissions are in place. [Learn more](./connect-workday.md#prerequisites)|
 > |"code":400,"serverResponse"<br />…<br />body":"{"error":"invalid_grant"}|Workday|Authentication issue|Account used to set up the instance may be locked or disabled. To verify, view the Workday account and select **View Sign-on History**. You may see an authentication failure message in the report specifying that the System Account is disabled. [Learn more](./connect-workday.md#how-to-connect-workday-to-defender-for-cloud-apps-using-oauth)|
 > |"code":401,"serverResponse":<br />…<br />body":"{"error":"invalid_client"}"|Workday|Client token validity issue|OAuth 2.0 REST API Client token not valid. The token may have expired, or may be incorrect. Generate another token and assign it to the connected instance. [Learn more](./connect-workday.md#how-to-connect-workday-to-defender-for-cloud-apps-using-oauth)|

defender-endpoint/evaluate-microsoft-defender-antivirus.md

@@ -9,7 +9,7 @@ ms.author: ewalsh
 ms.reviewer: yongrhee
 manager: deniseb
 ms.custom: nextgen
-ms.date: 10/18/2018
+ms.date: 01/28/2025
 ms.subservice: ngp
 ms.collection: 
 - m365-security
@@ -39,12 +39,12 @@ You can choose to configure and evaluate each setting independently, or all at o
 
 The guide is available:
 
-- [Evaluate Microsoft Defender Antivirus using PowerShell](microsoft-defender-antivirus-using-powershell.md)
-- in PDF format for offline viewing: [Download the guide in PDF format](https://www.microsoft.com/download/details.aspx?id=54795).
+- [Evaluate Microsoft Defender Antivirus using PowerShell](microsoft-defender-antivirus-using-powershell.md).
+- In PDF format for offline viewing: [Download the guide in PDF format](https://www.microsoft.com/download/details.aspx?id=54795).
 
 You can also download a PowerShell that will enable all the settings described in the guide automatically. You can obtain the script alongside the PDF download above, or individually from PowerShell Gallery:
 
-- [Download the PowerShell script to automatically configure the settings](https://www.powershellgallery.com/packages/WindowsDefender_InternalEvaluationSettings)
+- [Download the PowerShell script to automatically configure the settings](https://aka.ms/wdeppscript).
 
 > [!IMPORTANT]
 > The guide is currently intended for single-machine evaluation of Microsoft Defender Antivirus. Enabling all of the settings in this guide may not be suitable for real-world deployment.
@@ -62,9 +62,22 @@ You can also download a PowerShell that will enable all the settings described i
 > - [Configure Defender for Endpoint on Android features](android-configure.md)
 > - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
 
-## Related topics
+## Related articles
+
+- Evaluate Microsoft Defender Antivirus using [Microsoft Defender Endpoint Security Settings Management (Endpoint security policies) ](/defender-endpoint/evaluate-mda-using-mde-security-settings-management)
+
+- Evaluate Microsoft Defender Antivirus using [Group Policy](/defender-endpoint/evaluate-mdav-using-gp)
+
+- Evaluate Microsoft Defender Antivirus using [Powershell](/defender-endpoint/microsoft-defender-antivirus-using-powershell)
+
+- [Advanced technologies](/defender-endpoint/adv-tech-of-mdav) at the core of Microsoft Defender Antivirus
+
+- [Microsoft Defender Antivirus compatibility with other security products](/defender-endpoint/microsoft-defender-antivirus-compatibility)
+
+- [Microsoft Defender Antivirus and non-Microsoft antivirus solutions without Defender for Endpoint](/defender-endpoint/defender-antivirus-compatibility-without-mde)
 
 - [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-windows.md)
+
 - [Deploy Microsoft Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md)
 
 [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]