Merge branch 'diannegali-notifsearch' of https://github.com/MicrosoftDocs/defender-docs-pr into diannegali-notifsearch

Author: diannegali

.openpublishing.redirection.defender.json

@@ -4,6 +4,11 @@
         "source_path": "defender/advanced-hunting-overview.md",
         "redirect_url": "/defender-xdr/advanced-hunting-overview",
         "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-endpoint/microsoft-defender-antivirus-using-mde-security-set-mngmnt.md",
+      "redirect_url": "/defender-endpoint/evaluate-mdav-using-gp",
+      "redirect_document_id": true
     }
   ]
 }

defender-endpoint/TOC.yml

@@ -67,8 +67,8 @@
         href: evaluate-microsoft-defender-antivirus.md
       - name: Evaluate Microsoft Defender Antivirus using PowerShell
         href: microsoft-defender-antivirus-using-powershell.md
-      - name: Evaluate Microsoft Defender Antivirus using MDE Security Settings Management 
-        href: microsoft-defender-antivirus-using-mde-security-set-mngmnt.md  
+      - name: Evaluate Microsoft Defender Antivirus using Group Policy 
+        href: evaluate-mdav-using-gp.md  
       - name: Microsoft Defender for Endpoint demonstration scenarios
         href: defender-endpoint-demonstrations.md
       - name: App reputation demonstration

defender-endpoint/configure-device-connectivity.md

@@ -1,6 +1,6 @@
 ---
 title: Configure your network environment to ensure connectivity with Defender for Endpoint service
-description: Learn how to configure your network environment to connect with the Defender for Endpoint service
+description: Learn how to configure your network environment to connect with the Defender for Endpoint service.
 search.appverid: met150
 ms.service: defender-endpoint
 ms.author: siosulli
@@ -14,7 +14,7 @@ ms.collection:
 - tier1
 ms.topic: how-to
 ms.subservice: onboard
-ms.date: 02/01/2024
+ms.date: 05/13/2024
 ---
 
 # STEP 1: Configure your network environment to ensure connectivity with Defender for Endpoint service
@@ -30,27 +30,27 @@ ms.date: 02/01/2024
 Before you onboard devices to Defender for Endpoint, make sure your network is configured to connect to the service. The first step of this process involves adding URLs to the allowed domains list if your proxy server or firewall rules prevent access to Defender for Endpoint. This article also includes information about proxy and firewall requirements for older versions of Windows client and Windows Server.
 
 > [!NOTE]
-> - Tenants created on or before May 8th, 2024 will have the option to select streamlined connectivity (consolidated set of URLs) as the default onboarding method or remain on standard through settings. When you've verified prerequisites have been met and are ready to set the default onboarding package to streamlined, you can turn on the following Advanced Feature setting in the Microsoft Defender portal (**Settings > Endpoints > Advanced Features**). For onboarding through Intune & Microsoft Defender for Cloud, you will need to activate the relevant option. Devices already onboarded will not automatically re-onboard; you will need to create a new policy in Intune, where it is recommended to first assign the policy to a set of test devices to verify connectivity is successful, before expanding the audience. Devices in Defender for Cloud can be re-onboarded using the relevant onboarding script.
-> - If your tenant already had streamlined connectivity enabled as part of the public preview, it will remain enabled.
-> - New tenants created after May 8th, 2024, will default to streamlined connectivity. Read more at [Onboarding devices using streamlined connectivity for Microsoft Defender for Endpoint](configure-device-connectivity.md)
+> - Tenants created on or before May 8, 2024 have the option to select streamlined connectivity ([consolidated set of URLs](https://aka.ms/MDE-streamlined-urls)) as the default onboarding method, or remain on standard connectivity through settings. When you've verified prerequisites have been met and are ready to set the default onboarding package to streamlined, you can turn on the advanced feature setting in the Microsoft Defender portal (**Settings > Endpoints > Advanced Features**). For onboarding through Intune or Microsoft Defender for Cloud, you need to activate the relevant option. Devices already onboarded aren't reonboarded automatically. In such cases, create a new policy in Intune, where it is recommended to first assign the policy to a set of test devices to verify connectivity is successful, and then expand the audience. Devices in Defender for Cloud can be reonboarded using the relevant onboarding script.
+> - If your tenant already had streamlined connectivity enabled as part of the public preview, it remains enabled.
+> - New tenants created after May 8, 2024 default to streamlined connectivity. Read more at [Onboarding devices using streamlined connectivity for Microsoft Defender for Endpoint](configure-device-connectivity.md)
 
 ## Enable access to Microsoft Defender for Endpoint service URLs in the proxy server
 
-The following downloadable spreadsheet lists the services and their associated URLs that devices in your network must be able to connect to. Ensure there are no firewall or network filtering rules to deny access for these URLs. Optionally, you may need to create an *allow* rule specifically for them.
+The following downloadable spreadsheet lists the services and their associated URLs that devices in your network must be able to connect to. Ensure there are no firewall or network filtering rules to deny access for these URLs. Optionally, you might need to create an *allow* rule specifically for them.
 
 |Spreadsheet of domains list| Description|
 |--|--|
-| Microsoft Defender for Endpoint consolidated URL list (Streamlined) <br> | Spreadsheet of consolidated URLs. <br>[Download the spreadsheet here.](https://go.microsoft.com/fwlink/?linkid=2248278)<br><br> **Applicable OS:** <br/>For complete list, see [streamlined connectivity](configure-device-connectivity.md#prerequisites). <br>- Windows 10 1809+<br>- Windows 11<br>- Windows Server 2019<br>- Windows Server 2022<br>- Windows Server 2012 R2, Windows Server 2016 R2  running [Defender for Endpoint modern unified solution](configure-server-endpoints.md) (requires installation through MSI). <br>- macOS supported versions running 101.23102.* +  <br/>- Linux supported versions running 101.23102.* + <br><br> **Minimum component versions:**<br/>- Antimalware client: 4.18.2211.5<br/>- Engine: 1.1.19900.2<br/>- Security intelligence: 1.391.345.0<br/> - Xplat version: 101.23102.* +<br/>- Sensor/ KB version: >10.8040.*/ March 8, 2022+<br><br>If you are moving previously onboarded devices to the streamlined approach, see [Migrating device connectivity](migrate-devices-streamlined.md)<br><br>Windows 10 version 1607, 1703, 1709, 1803 (RS1-RS4) are supported through the streamlined onboarding package but require a longer URL list (see updated URL sheet). These versions do not support reonboarding (must be fully offboarded first). <br><br>Devices running on Windows 7, Windows 8.1, Windows Server 2008 R2 MMA, Servers not upgraded to Unified Agent (MMA) will need to continue using MMA onboarding method.  
-|Microsoft Defender for Endpoint URL list for commercial customers (Standard)| Spreadsheet of specific DNS records for service locations, geographic locations, and OS for commercial customers. <p> [Download the spreadsheet here.](https://download.microsoft.com/download/6/b/f/6bfff670-47c3-4e45-b01b-64a2610eaefa/mde-urls-commercial.xlsx) <p> Microsoft Defender for Endpoint Plan 1 and Plan 2 share the same proxy service URLs. In your firewall, open all the URLs where the geography column is WW. For rows where the geography column isn't WW, open the URLs to your specific data location. To verify your data location setting, see [Verify data storage location and update data retention settings for Microsoft Defender for Endpoint](preferences-setup.md). Don't exclude the URL `*.blob.core.windows.net` from any kind of network inspection. Instead, exclude only the blob URLs that are specific to MDE and listed in the spreadsheet of domains list.
-| Microsoft Defender for Endpoint URL list for Gov/GCC/DoD | Spreadsheet of specific DNS records for service locations, geographic locations, and OS for Gov/GCC/DoD customers. <br> [Download the spreadsheet here.](https://download.microsoft.com/download/6/a/0/6a041da5-c43b-4f17-8167-79dfdc10507f/mde-urls-gov.xlsx) |
+| Microsoft Defender for Endpoint consolidated URL list (Streamlined) | Spreadsheet of consolidated URLs. <br/>[Download the spreadsheet here](https://aka.ms/MDE-streamlined-urls).<br><br> **Applicable OS:** <br/>For complete list, see [streamlined connectivity](configure-device-connectivity.md#prerequisites). <br>- Windows 10 1809+<br>- Windows 11<br>- Windows Server 2019<br>- Windows Server 2022<br>- Windows Server 2012 R2, Windows Server 2016 R2  running [Defender for Endpoint modern unified solution](configure-server-endpoints.md) (requires installation through MSI). <br>- macOS supported versions running 101.23102.* +  <br/>- Linux supported versions running 101.23102.* + <br><br> **Minimum component versions:**<br/>- Antimalware client: 4.18.2211.5<br/>- Engine: 1.1.19900.2<br/>- Security intelligence: 1.391.345.0<br/> - Xplat version: 101.23102.* +<br/>- Sensor/ KB version: >10.8040.*/ March 8, 2022+<br><br>If you're moving previously onboarded devices to the streamlined approach, see [Migrating device connectivity](migrate-devices-streamlined.md)<br><br>Windows 10 versions 1607, 1703, 1709, 1803 (RS1-RS4) are supported through the streamlined onboarding package but require a longer URL list (see updated URL sheet). These versions don't support reonboarding (must be fully offboarded first). <br><br>Devices running on Windows 7, Windows 8.1, Windows Server 2008 R2 MMA, Servers not upgraded to Unified Agent (MMA) must continue using MMA onboarding method.  
+|Microsoft Defender for Endpoint URL list for commercial customers (Standard)| Spreadsheet of specific DNS records for service locations, geographic locations, and OS for commercial customers. <p> [Download the spreadsheet here.](https://aka.ms/MDE-standard-urls) <p> Microsoft Defender for Endpoint Plan 1 and Plan 2 share the same proxy service URLs. In your firewall, open all the URLs where the geography column is WW. For rows where the geography column isn't WW, open the URLs to your specific data location. To verify your data location setting, see [Verify data storage location and update data retention settings for Microsoft Defender for Endpoint](preferences-setup.md). Don't exclude the URL `*.blob.core.windows.net` from any kind of network inspection. Instead, exclude only the blob URLs that are specific to MDE and listed in the spreadsheet of domains list.
+| Microsoft Defender for Endpoint URL list for Gov/GCC/DoD | Spreadsheet of specific DNS records for service locations, geographic locations, and OS for Gov/GCC/DoD customers. <br> [Download the spreadsheet here.](https://aka.ms/MDE-gov-urls) |
 
 > [!IMPORTANT]
 > - Connections are made from the context of the operating system or the Defender client services and as such, proxies should not require authentication for these destinations or perform inspection (HTTPS scanning / SSL inspection) that breaks the secure channel.
 > - Microsoft does not provide a proxy server. These URLs are accessible via the proxy server that you configure.
 > - In compliance with Defender for Endpoint security and compliance standards, your data will be processed and stored in accordance with your tenant's physical location. Based on client location, traffic may flow through any of the associated IP regions (which correspond to Azure datacenter regions). For more information, see [Data storage and privacy](data-storage-privacy.md). 
 
 ## Microsoft Monitoring Agent (MMA) - additional proxy and firewall requirements for older versions of Windows client or Windows Server
-The follwoing additional destinations are required to allow Defender for Endpoint communications through the Log Analytics agent (often referred to as Microsoft Monitoring Agent) on Windows 7 SP1, Windows 8.1, and Windows Server 2008 R2.
+The following destinations are required to allow Defender for Endpoint communications through the Log Analytics agent (often referred to as Microsoft Monitoring Agent) on Windows 7 SP1, Windows 8.1, and Windows Server 2008 R2.
 
 |Agent Resource|Ports|Direction|Bypass HTTPS inspection|
 |--|--|--|--|
@@ -64,7 +64,7 @@ The follwoing additional destinations are required to allow Defender for Endpoin
 
 ## For devices without Internet access / without a proxy
 
-For devices with no direct internet connection, the use of a proxy solution is the recommended approach. In specific cases, you can leverage firewall or gateway devices that allow access to IP ranges. For more information, see: [Streamlined device connectivity](configure-device-connectivity.md).
+For devices with no direct internet connection, the use of a proxy solution is the recommended approach. In specific cases, you can use firewall or gateway devices that allow access to IP ranges. For more information, see: [Streamlined device connectivity](configure-device-connectivity.md).
 
 > [!IMPORTANT]
 >
@@ -74,4 +74,4 @@ For devices with no direct internet connection, the use of a proxy solution is t
 
 ## Next step
 
-[STEP 2: Configure your devices to connect to the Defender for Endpoint service using a proxy](configure-proxy-internet.md)
+[STEP 2: Configure your devices to connect to the Defender for Endpoint service using a proxy](configure-proxy-internet.md).

defender-endpoint/configure-environment.md

@@ -150,7 +150,7 @@ You'll need to download both the **installation** and **onboarding** packages fr
 > [!NOTE]
 > On Windows Server 2012R2, Microsoft Defender Antivirus will get installed by the installation package and will be active unless you set it to passive mode. On Windows Server 2016, Microsoft Defender Antivirus must be installed as a feature (see [Switch to MDE](switch-to-mde-phase-2.md#are-you-using-windows-server-2012-r2-or-windows-server-2016)) first and fully updated before proceeding with the installation.
 >
-> If you are running a non-Microsoft anti-malware solution ensure you add exclusions for Microsoft Defender Antivirus ([from this list of Microsoft Defender Processes on the Defender Processes tab](https://download.microsoft.com/download/6/b/f/6bfff670-47c3-4e45-b01b-64a2610eaefa/mde-urls-commercial.xlsx
+> If you are running a non-Microsoft anti-malware solution ensure you add exclusions for Microsoft Defender Antivirus ([from this list of Microsoft Defender Processes on the Defender Processes tab](https://aka.ms/MDE-standard-urls
 )) to the non-Microsoft solution before installation.  It is also recommended to add non-Microsoft security solutions to the Defender Antivirus exclusion list.
 
 The **installation package** contains an MSI file that installs the Microsoft Defender for Endpoint agent.