MicrosoftDocs
diff --git a/‎defender-endpoint/client-behavioral-blocking.md‎
Lines changed: 2 additions & 1 deletion b/‎defender-endpoint/client-behavioral-blocking.md‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎defender-endpoint/defender-endpoint-demonstration-app-reputation.md‎
Lines changed: 2 additions & 1 deletion b/‎defender-endpoint/defender-endpoint-demonstration-app-reputation.md‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎defender-endpoint/ios-configure-features.md‎
Lines changed: 6 additions & 3 deletions b/‎defender-endpoint/ios-configure-features.md‎
Lines changed: 6 additions & 3 deletions
diff --git a/‎defender-endpoint/linux-support-offline-security-intelligence-update.md‎
Lines changed: 2 additions & 1 deletion b/‎defender-endpoint/linux-support-offline-security-intelligence-update.md‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎defender-endpoint/mde-security-settings-management.md‎
Lines changed: 2 additions & 1 deletion b/‎defender-endpoint/mde-security-settings-management.md‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎defender-endpoint/microsoft-defender-core-service-configurations-and-experimentation.md‎
Lines changed: 12 additions & 11 deletions b/‎defender-endpoint/microsoft-defender-core-service-configurations-and-experimentation.md‎
Lines changed: 12 additions & 11 deletions
diff --git a/‎defender-endpoint/whats-new-in-microsoft-defender-endpoint.md‎
Lines changed: 1 addition & 0 deletions b/‎defender-endpoint/whats-new-in-microsoft-defender-endpoint.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎defender-for-iot/microsoft-defender-iot.md‎
Lines changed: 7 additions & 6 deletions b/‎defender-for-iot/microsoft-defender-iot.md‎
Lines changed: 7 additions & 6 deletions
diff --git a/‎defender-office-365/defender-for-office-365-whats-new.md‎
Lines changed: 1 addition & 1 deletion b/‎defender-office-365/defender-for-office-365-whats-new.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎defender-office-365/safe-attachments-policies-configure.md‎
Lines changed: 1 addition & 3 deletions b/‎defender-office-365/safe-attachments-policies-configure.md‎
Lines changed: 1 addition & 3 deletions
@@ -8,6 +8,7 @@ ms.reviewer: shwetaj
 audience: ITPro
 ms.topic: conceptual
 ms.service: defender-endpoint
+ms.subservice: ngp
 ms.localizationpriority: medium
 ms.custom:
   - next-gen
@@ -16,7 +17,7 @@ ms.collection:
 - m365-security
 - tier2
 search.appverid: met150
-ms.date: 12/18/2020
+ms.date: 07/22/2024
 ---
 
 # Client behavioral blocking
 
@@ -3,6 +3,7 @@ title: Microsoft Defender for Endpoint SmartScreen app reputation demonstration
 description: Test how Microsoft Defender for Endpoint SmartScreen helps you identify phishing and malware websites
 search.appverid: met150
 ms.service: defender-endpoint
+ms.subservice: ngp
 ms.author: siosulli 
 author: siosulli 
 ms.localizationpriority: medium
@@ -13,7 +14,7 @@ ms.collection:
 - tier2
 - demo
 ms.topic: article
-ms.date: 01/15/2024
+ms.date: 07/22/2024
 ---
 
 # SmartScreen app reputation demonstration
 
@@ -14,7 +14,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: ios
 search.appverid: met150
-ms.date: 07/18/2024
+ms.date: 07/22/2024
 ---
 
 # Configure Microsoft Defender for Endpoint on iOS features
@@ -97,6 +97,9 @@ Use the following steps to disable web protection for unenrolled devices.
    - Defender for Endpoint sends the heartbeat to the Microsoft Defender portal whenever a user opens the app.
    - Select **Next**, and then assign this profile to targeted devices/users.
 
+> [!NOTE]
+> The `WebProtection` key is not applicable for the Control Filter in the list of supervised devices. If you want to disable web protection for supervised devices, you can remove the Control Filter profile.
+
 ## Configure network protection
 
 Network protection in Microsoft Defender for endpoint is disabled by default. Admins can use the following steps to configure network protection. This configuration is available for both enrolled devices through MDM config and unenrolled devices through MAM config.
@@ -275,8 +278,8 @@ End users install and open the Microsoft Defender app to start onboarding.
 
 Microsoft Defender for Endpoint has the capability of detecting unmanaged and managed devices that are jailbroken. These jailbreak checks are done periodically. If a device is detected as jailbroken, these events occur:
 
-- High-risk alert is reported to the Microsoft Defender portal. If device Compliance and Conditional Access is set up based on device risk score, then the device is blocked from accessing corporate data.
-- User data on app is cleared. When user opens the app after jailbreaking the VPN profile also is deleted and no web protection is offered.
+- A high-risk alert is reported to the Microsoft Defender portal. If device Compliance and Conditional Access is set up based on device risk score, then the device is blocked from accessing corporate data.
+- User data on app is cleared. When user opens the app after jailbreaking, the VPN profile (only Defender for Endpoint loopback VPN Profile) also is deleted, and no web protection is offered. VPN profiles delivered by Intune are not removed.
 
 ### Configure compliance policy against jailbroken devices
 
 
@@ -2,6 +2,7 @@
 title: Configure Offline Security Intelligence Update for Microsoft Defender for Endpoint on Linux (preview)
 description: Offline Security Intelligence Update in Microsoft Defender for Endpoint on Linux.
 ms.service: defender-endpoint
+ms.subservice: linux
 ms.author: dansimp
 author: dansimp
 ms.reviewer: gopkr
@@ -14,7 +15,7 @@ ms.collection:
 - mde-linux
 ms.topic: conceptual
 search.appverid: met150
-ms.date: 05/17/2024
+ms.date: 07/22/2024
 ---
 
 # Configure Offline Security Intelligence Update for Microsoft Defender for Endpoint on Linux 
 
@@ -5,8 +5,9 @@ author: YongRhee-MSFT
 ms.author: yongrhee
 manager: deniseb
 ms.service: defender-endpoint
+ms.subservice: ngp
 ms.topic: how-to
-ms.date: 06/25/2024
+ms.date: 07/22/2024
 ms.collection: 
 - m365-security
 - tier2
 
@@ -7,7 +7,7 @@ author: YongRhee-MSFT
 ms.author: yongrhee
 manager: deniseb
 ms.localizationpriority: medium
-ms.date: 03/26/2024
+ms.date: 07/19/2024
 audience: ITPro
 ms.topic: troubleshooting
 ms.subservice: ngp
@@ -21,6 +21,9 @@ ms.collection:
 
 This article describes the interaction between Microsoft Defender Core Service and the Experimentation and Configuration Service (ECS). Microsoft Defender Core Service is a part of Microsoft Defender Antivirus and communicates with ECS to request and receive different kinds of payloads. These payloads include configurations, feature rollouts, and experiments. 
 
+> [!CAUTION]
+> If you disable communications with the service, this will affect Microsoft's ability to respond to a severe bug in a timely manner. 
+
 > [!IMPORTANT]
 > Make sure clients can access the following URLs so payloads can be received:
 >
@@ -31,27 +34,25 @@ This article describes the interaction between Microsoft Defender Core Service a
 >
 >Enterprise U.S. Government customers should allow the following URLs: 
 > - `*.events.data.microsoft.com` 
-> - `*.endpoint.security.microsoft.us (GCC-H & DoD)` 
-> - `*.gccmod.ecs.office.com (GCC-M) *.config.ecs.gov.teams.microsoft.us (GCC-H)` 
-> - `*.config.ecs.dod.teams.microsoft.us (DoD)` 
+> - `*.endpoint.security.microsoft.us (GCC-H & DoD)`
+> - `*.gccmod.ecs.office.com (GCC-M)` 
+>- `*.config.ecs.gov.teams.microsoft.us (GCC-H)`
+> - `*.config.ecs.dod.teams.microsoft.us (DoD)`
 
 > [!NOTE]
-> This applies to Microsoft Defender Antivirus platform update version [4.18.24030](microsoft-defender-antivirus-updates.md) or later. 
+> The information in this article applies to Microsoft Defender Antivirus platform update version [4.18.24030](microsoft-defender-antivirus-updates.md) or later. 
 
 ## Configurations
 
 Configurations are the payload meant to ensure product health, security, and privacy compliance, and are intended to have the same value for all the users (based on platforms and channels.) This could be to enable a feature flag for a domain action, and can also be used to disable a feature flag in the event of a bug. 
 
-## Controlled Feature Rollout
+## Controlled feature rollout
 
-Controlled Feature Rollout (CFR) is a procedure for slowly increasing the size of the user group that receives a feature. By distributing a new feature to a randomly selected subset of the user population, it's possible to compare user feedback to an equally sized control group without the feature to measure the impact of the feature. 
+Controlled feature rollout (CFR) is a procedure for slowly increasing the size of the user group that receives a feature. By distributing a new feature to a randomly selected subset of the user population, it's possible to compare user feedback to an equally sized control group without the feature to measure the impact of the feature. 
 
 ## Experiments 
 
-Microsoft Defender Core Service builds have features and functionality that are still in development or are experimental. Experiments are like CFR, but the size of the user group is much smaller for testing the new concept. These features are hidden by default until the feature's rolled out or the experiment's finished. Experiment flags are used to enable and disable these features. 
-
-> [!CAUTION]
-> If you disable communications with the service, this will affect Microsoft's ability to respond to a severe bug in a timely manner. 
+Currently, Microsoft Defender Core service doesn't do any experimental testing. Development is carried out via the [Gradual Rollout process](/defender-endpoint/manage-gradual-rollout#microsoft-gradual-rollout-model). If this changes, an announcement will be posted in the [Message Center](/microsoft-365/admin/manage/message-center). 
 
 ## See also 
 
 
@@ -41,6 +41,7 @@ For more information on what's new with other Microsoft Defender security produc
 - [What's new in Microsoft Defender for Office 365](/defender-office-365/defender-for-office-365-whats-new)
 - [What's new in Microsoft Defender for Identity](/defender-for-identity/whats-new)
 - [What's new in Microsoft Defender for Cloud Apps](/cloud-app-security/release-notes)
+- [What's new in Microsoft Defender Vulnerability Management](/defender-vulnerability-management/whats-new-in-microsoft-defender-vulnerability-management)
 
 For more information on Microsoft Defender for Endpoint on specific operating systems:
 
 
@@ -18,15 +18,16 @@ In this article, you learn how Microsoft Defender customers can extend their pro
 
 [!INCLUDE [defender-iot-preview](../includes//defender-for-iot-defender-public-preview.md)]
 
-## What are the different flavors for Microsoft Defender for IoT?
+## What are the different management portals for Microsoft Defender for IoT?
 
-You can work with these different flavors of Defender for IoT:
+You can work with these different management portals:
 
-|Flavor|Details|Next steps|
+|Portal|Details|Next steps|
 |---|---|---|
-|Defender for IoT in the Defender portal (Preview)|Microsoft Defender customers can use this flavor for a unified IT/OT experience, extending Defender XDR protection to OT environments. [Learn about the main use cases](#what-are-the-main-defender-for-iot-use-cases).|[Get started](get-started.md) with Defender for IoT in the Defender portal.|
-|Defender for IoT in the classic, Azure portal|All customers can use this flavor to identify OT devices, vulnerabilities, and threats in the Azure portal.|See the [Defender for IoT on Azure overview](/azure/defender-for-iot/organizations/overview).|
-|Protection for enterprise IoT devices|Microsoft Defender customers can enable protection for enterprise IoT devices, like printers, smart TVs, and conferencing systems and purpose-built, proprietary devices.|[Get started](/azure/defender-for-iot/organizations/eiot-sensor) with enterprise IoT monitoring.|
+|Defender for IoT in the Defender portal (Preview)|Microsoft Defender customers can use this portal for a unified IT/OT experience, extending Defender XDR protection to OT environments. [Learn about the main use cases](#what-are-the-main-defender-for-iot-use-cases).|[Get started](get-started.md) with Defender for IoT in the Defender portal.|
+|Defender for IoT in the classic, Azure portal|All customers can use this portal to identify OT devices, vulnerabilities, and threats in the Azure portal.|See the [Defender for IoT on Azure overview](/azure/defender-for-iot/organizations/overview).|
+
+Protection for enterprise IoT devices is available for Microsoft Defender customers. These customers can enable protection for enterprise IoT devices, like printers, smart TVs, and conferencing systems and purpose-built, proprietary devices. [Get started](/azure/defender-for-iot/organizations/eiot-sensor) with enterprise IoT monitoring.
 
 ## Who uses Defender for IoT?
 
 
@@ -41,7 +41,7 @@ For more information on what's new with other Microsoft Defender security produc
 
 ## July 2024
 
-- **45 days after last used date**: The value **Remove allow entry after** \> **45 days after last used date** is now the default on new allow entries from submissions and existing allow entries in the [Tenant Allow/Block List](tenant-allow-block-list-about.md). The allow entry is triggered and the **LastUsedDate** property is updated when the entity is encountered and identified as malicious during mail flow or at time of click. After the filtering system determines that the entity is clean, and if the entity isn't submitted again, the allow entry is automatically removed after 45 days. By default, allow entries for spoofed senders never expire.
+- **45 days after last used date**: The value **Remove allow entry after** \> **45 days after last used date** is now the default on new allow entries from submissions and existing allow entries in the [Tenant Allow/Block List](tenant-allow-block-list-about.md). The allow entry is triggered and the **LastUsedDate** property is updated when the entity is encountered and identified as malicious during mail flow or at time of click. After the filtering system determines that the entity is clean, the allow entry is automatically removed after 45 days. By default, allow entries for spoofed senders never expire.
 
 - (GA) Learning hub resources have moved from the Microsoft Defender portal to [learn.microsoft.com](https://go.microsoft.com/fwlink/?linkid=2273118). Access Microsoft Defender XDR Ninja training, learning paths, training modules and more. Browse the [list of learning paths](/training/browse/?products=m365-ems-cloud-app-security%2Cdefender-for-cloud-apps%2Cdefender-identity%2Cm365-information-protection%2Cm365-threat-protection%2Cmdatp%2Cdefender-office365&expanded=m365%2Coffice-365), and filter by product, role, level, and subject. 
 
 
@@ -18,7 +18,7 @@ ms.collection:
 description: Learn about how to define Safe Attachments policies to protect your organization from malicious files in email.
 ms.custom: seo-marvel-apr2020
 ms.service: defender-office-365
-ms.date: 4/26/2024
+ms.date: 07/22/2024
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 1 and Plan 2</a>
   - ✅ <a href="https://learn.microsoft.com/defender-xdr/microsoft-365-defender" target="_blank">Microsoft Defender XDR</a>
@@ -511,6 +511,4 @@ To verify that you've successfully created, modified, or removed Safe Attachment
   Get-SafeAttachmentRule -Identity "<Name>" | Format-List
   ```
 
-- Add the URL `http://spamlink.contoso.com` to a file (for example, a Word document), and attach that file in an email message to test Safe Attachments protection. This URL is similar to the GTUBE text string for testing anti-spam solutions. This URL isn't harmful, but when it's included in an email attachment, it triggers a Safe Attachments protection response.
-
 - To verify that Safe Attachments is scanning messages, check the available Defender for Office 365 reports. For more information, see [View reports for Defender for Office 365](reports-defender-for-office-365.md) and [Use Explorer in the Microsoft Defender portal](threat-explorer-real-time-detections-about.md).