Merge branch 'main' into docs-editor/mac-install-with-intune-1726076927

Author: denisebmsft

defender-endpoint/defender-endpoint-trial-user-guide.md

@@ -7,7 +7,7 @@ ms.author: siosulli
 manager: deniseb 
 audience: ITPro
 ms.topic: how-to
-ms.date: 06/25/2024
+ms.date: 09/10/2024
 ms.collection: 
 - m365-security
 - tier2
@@ -49,7 +49,7 @@ This playbook is a simple guide to help you make the most of your free trial. Us
 <a href="microsoft-defender-endpoint.md#apis"><center><b>Centralized configuration and administration, APIs</a></b></center></td>
 </tr>
 <tr>
-<td colspan="7"><a href="microsoft-defender-endpoint.md#mtp"><center><b>Microsoft Defender XDR</a></center></b></td>
+<td colspan="7"><a href="microsoft-defender-endpoint.md#mtp"><center><b>Microsoft Defender portal</a></center></b></td>
 </tr>
 </table>
 <br>
@@ -63,7 +63,7 @@ This playbook is a simple guide to help you make the most of your free trial. Us
 3. [Visit the Microsoft Defender portal](#step-3-visit-the-microsoft-365-defender-portal).
 4. [Onboard endpoints using any of the supported management tools](#step-4-onboard-endpoints-using-any-of-the-supported-management-tools).
 5. [Configure capabilities](#step-5-configure-capabilities).
-6. [Set up the Microsoft Defender for Endpoint evaluation lab](#step-6-set-up-the-microsoft-defender-for-endpoint-evaluation-lab).
+6. [Visit the Microsoft Defender portal](#step-6-visit-the-microsoft-defender-portal).
 
 ## Step 1: Confirm your license state
 
@@ -109,14 +109,13 @@ This section outlines the general steps you to onboard devices (endpoints).
 
 After onboarding devices (endpoints), you'll configure the various capabilities, such as endpoint detection and response, next-generation protection, and attack surface reduction.
 
-Use [this table](onboarding.md) to choose components to configure. We recommend configuring all available capabilities, but you're able to skip the ones that don't apply.
+Use [the device onboarding table](onboarding.md) to choose components to configure. We recommend configuring all available capabilities, but you're able to skip the ones that don't apply.
 
-## Step 6: Set up the Microsoft Defender for Endpoint evaluation lab   
+After you have onboarded devices, [run a detection test](run-detection-test.md). 
 
-The Microsoft Defender for Endpoint evaluation lab is designed to eliminate the complexities of device and environment configuration so that you can focus on evaluating the capabilities of the platform, running simulations, and seeing the prevention, detection, and remediation features in action. Using the simplified set-up experience in evaluation lab, you can focus on running your own test scenarios and the pre-made simulations to see how Defender for Endpoint performs.
+## Step 6: Visit the Microsoft Defender portal
 
-- [Watch the video overview](https://www.microsoft.com/videoplayer/embed/RE4qLUM) of the evaluation lab
-- [Get started with the lab](evaluate-microsoft-defender-antivirus.md) 
+The Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) is a central location where you can view onboarded devices, security recommendations, detected threats, alerts, and more. To get started, see [Microsoft Defender portal](/defender-xdr/microsoft-365-defender-portal).   
 
 
 ## See also

defender-endpoint/media/partner-applications/darktrace-logo.svg

@@ -18,7 +18,7 @@ ms.custom:
   - seo-marvel-apr2020
 description: Admins can learn how to view and manage quarantined messages for all users in Exchange Online Protection (EOP). Admins in organizations with Microsoft Defender for Office 365 can also manage quarantined files in SharePoint Online, OneDrive for Business, and Microsoft Teams.
 ms.service: defender-office-365
-ms.date: 08/30/2024
+ms.date: 09/11/2024
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/eop-about" target="_blank">Exchange Online Protection</a>
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 1 and Plan 2</a>
@@ -106,6 +106,10 @@ You can sort the entries by clicking on an available column header. Select :::im
   - **None**
   - **Message sender is blocked by recipient settings**
   - **Message sender is blocked by administrator settings**
+
+  > [!TIP]
+  > If a sender is blocked and **Don't show blocked senders** is selected (default), messages from those senders are shown on the **Quarantine** page and are included in quarantine notifications when the **Sender address override reason** value is **None**. This behavior occurs because the messages were blocked due to reasons other than sender address overrides.
+
 - **Released by**<sup>\*</sup>
 - **Message ID**
 - **Policy name**
@@ -149,6 +153,10 @@ To filter the entries, select :::image type="icon" source="media/m365-cc-sc-filt
 - **Blocked sender**: One of the following values:
   - **Don't show blocked senders** (default)
   - **Show all senders**
+
+  > [!TIP]
+  > If a sender is blocked and **Don't show blocked senders** is selected, messages from those senders are shown on the **Quarantine** page and are included in quarantine notifications when the **Sender address override reason** value is **None**. This behavior occurs because the messages were blocked due to reasons other than sender address overrides.
+
 - **Release status**: Select one or more of the following values
   - **Needs review**
   - **Approved**

defender-endpoint/media/partner-applications/darktrace.png

@@ -20,7 +20,7 @@ ms.custom:
 description: Users can learn how to view and manage quarantined messages in Exchange Online Protection (EOP) that should have been delivered to them.
 ms.service: defender-office-365
 adobe-target: true
-ms.date: 08/30/2024
+ms.date: 09/11/2024
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/eop-about" target="_blank">Exchange Online Protection</a>
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 1 and Plan 2</a>
@@ -97,6 +97,10 @@ You can sort the entries by clicking on an available column header. Select :::im
   - **None**
   - **Message sender is blocked by recipient settings**
   - **Message sender is blocked by administrator settings**
+
+  > [!TIP]
+  > If a sender is blocked and **Don't show blocked senders** is selected (default), messages from those senders are shown on the **Quarantine** page and are included in quarantine notifications when the **Sender address override reason** value is **None**. This behavior occurs because the messages were blocked due to reasons other than sender address overrides.
+
 - **Released by**<sup>\*</sup>
 - **Message ID**
 - **Policy name**
@@ -130,6 +134,10 @@ To filter the entries, select :::image type="icon" source="media/m365-cc-sc-filt
 - **Blocked sender**: One of the following values:
   - **Don't show blocked senders** (default)
   - **Show all senders**
+
+  > [!TIP]
+  > If a sender is blocked and **Don't show blocked senders** is selected, messages from those senders are shown on the **Quarantine** page and are included in quarantine notifications when the **Sender address override reason** value is **None**. This behavior occurs because the messages were blocked due to reasons other than sender address overrides.
+
 - **Release status**: Any of the following values:
   - **Needs review**
   - **Approved**

defender-endpoint/partner-applications.md

@@ -6,7 +6,7 @@ metadata:
   ms.author: chrisda
   author: chrisda
   manager: deniseb
-  ms.date: 08/07/2024
+  ms.date: 09/11/2024
   audience: ITPro
   ms.topic: faq
 
@@ -118,6 +118,9 @@ sections:
 
           By default, messages from blocked senders are hidden from view in quarantine (quarantine is filtered by **Don't show blocked senders**). To see messages from all senders, select :::image type="icon" source="media/m365-cc-sc-filter-icon.png" border="false"::: **Filter** and then select **Show all senders**.
 
+          > [!TIP]
+          > If a sender is blocked and **Don't show blocked senders** is selected (default), messages from those senders are shown on the **Quarantine** page and are included in quarantine notifications when the **Sender address override reason** value is **None**. This behavior occurs because the messages were blocked due to reasons other than sender address overrides.
+
       - question: |
           A message was released from quarantine, but the original recipient can't find it. How can I determine what happened to the message?
         answer: |

defender-office-365/quarantine-admin-manage-messages-files.md

@@ -5,7 +5,7 @@ f1.keywords:
 ms.author: chrisda
 author: chrisda
 manager: deniseb
-ms.date: 07/31/2024
+ms.date: 09/12/2024
 audience: ITPro
 ms.topic: conceptual
 ms.localizationpriority: medium
@@ -79,4 +79,5 @@ You should only consider using overrides in the following scenarios:
   - [Exchange mail flow rules to bypass spam filtering](/exchange/security-and-compliance/mail-flow-rules/use-rules-to-set-scl).
   - Senders identified in the [Safe Senders list](configure-junk-email-settings-on-exo-mailboxes.md) in user mailboxes.
   - [Allow entries in the Tenant Allow/Block List](tenant-allow-block-list-about.md#allow-entries-in-the-tenant-allowblock-list).
+  - Senders identified in the [allowed senders list and allowed domains list in anti-spam policies](anti-spam-protection-about.md#allow-and-block-lists-in-anti-spam-policies).
 - False positives: To temporarily allow certain messages that are still being blocked by Microsoft, use [admin submissions](submissions-admin.md#report-good-email-to-microsoft). By default, allow entries for domains and email addresses, files, and URLs exist for 30 days. During those 30 days, Microsoft learns from the allow entries and [removes them or automatically extends them](https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/automatic-tenant-allow-block-list-expiration-management-is-now/ba-p/3723447). By default, allow entries for spoofed senders never expire.

defender-office-365/quarantine-end-user.md

@@ -12,7 +12,6 @@ audience: ITPro
 ms.collection:
   - m365-security
   - tier1
-  - essentials-overview
 ms.topic: conceptual
 search.appverid: met150
 ms.date: 08/14/2024

defender-office-365/quarantine-faq.yml

@@ -12,7 +12,7 @@ audience: ITPro
 ms.collection:
   - m365-security
   - tier1
-  - essentials-compliance
+  - essentials-manage
 ms.topic: conceptual
 search.appverid: met150
 ms.date: 05/29/2023