Merge pull request #2573 from MicrosoftDocs/chrisda

Chrisda to Main

Author: chrisda

defender-endpoint/adv-tech-of-mdav.md

@@ -53,7 +53,7 @@ When the client encounters unknown threats, it sends metadata or the file itself
 |**Heuristics engine** <br/> Heuristic rules identify file characteristics that have similarities with known malicious characteristics to catch new threats or modified versions of known threats.|**Detonation-based ML engine** <br/> Suspicious files are detonated in a sandbox. Deep learning classifiers analyze the observed behaviors to block attacks.|
 |**Emulation engine** <br/> The emulation engine dynamically unpacks malware and examines how they would behave at runtime. The dynamic emulation of the content and scanning both the behavior during emulation and the memory content at the end of emulation defeat malware packers and expose the behavior of polymorphic malware.|**Reputation ML engine** <br/> Domain-expert reputation sources and models from across Microsoft are queried to block threats that are linked to malicious or suspicious URLs, domains, emails, and files. Sources include Windows Defender SmartScreen for URL reputation models and Defender for Office 365 for email attachment expert knowledge, among other Microsoft services through the Microsoft Intelligent Security Graph.|
 |**Network engine** <br/> Network activities are inspected to identify and stop malicious activities from threats.|**Smart rules engine** <br/> Expert-written smart rules identify threats based on researcher expertise and collective knowledge of threats.|
-|**CommandLine scanning engine** <br/> This engine scans the commandlines of all processes before they execute. If the commandline for a process is found to be malicious it is blocked from execution.|**CommandLine ML engine** <br/> Multiple advanced ML models scan the suspicious commandlines in the cloud. If a commandline is found to be malicious, cloud sends a signal to the client to block the corresponding process from starting.|
+|**CommandLine scanning engine** <br/> This engine scans the commandlines of all processes before they execute. If the commandline for a process is found to be malicious it is blocked from execution.|**CommandLine ML engine** <br/> Multiple advanced ML models scan the suspicious commandlines in the cloud. If a commandline is found to be malicious, cloud sends a signal to the client to block the corresponding process from starting.|
 
 For more information, see [Microsoft 365 Defender demonstrates 100 percent protection coverage in the 2023 MITRE Engenuity ATT&CK&reg; Evaluations: Enterprise](https://www.microsoft.com/security/blog/2023/09/20/microsoft-365-defender-demonstrates-100-percent-protection-coverage-in-the-2023-mitre-engenuity-attck-evaluations-enterprise/).
 

defender-endpoint/android-configure-mam.md

@@ -181,13 +181,13 @@ Web protection helps to secure devices against web threats and protect users fro
    | `DefenderEndUserTrustFlowEnable` | Integer | 0 | 1 - Enable, 0 - Disable; This setting is used by IT admins to enable or disable the end user in-app experience to trust and untrust the unsecure and suspicious networks. |
    | `DefenderNetworkProtectionAutoRemediation` | Integer | 1 | 1 - Enable, 0 - Disable; This setting is used by IT admins to enable or disable the remediation alerts that are sent when a user performs remediation activities like switching to safer Wi-Fi access points or deleting suspicious certificates detected by Defender. |
    | `DefenderNetworkProtectionPrivacy` | Integer | 1 | 1 - Enable, 0 - Disable; This setting is used by IT admins to enable or disable privacy in network protection. If privacy is disabled with value 0, then user consent is shown to share the malicious wifi or certs data. If its in enabled state with value 1, then no user consent is shown and no app data is collected.|
-   
+
 4. Include or exclude the groups you want the policy to apply to. Proceed to review and submit the policy.
 
 > [!NOTE]
+>
 > - The other config keys of Network Protection will only work if the parent key 'DefenderNetworkProtectionEnable' is enabled.
-> - Users need to enable location permission (which is an optional permission) and need to grant “Allow All the Time” permission to ensure protection against Wi-Fi threat, even when the app is not actively in use. If the location permission is denied by the user, Defender for Endpoint will only be able to provide limited protection against network threats and will only protect the users from rogue certificates.
-
+> - Users need to enable location permission (which is an optional permission) and need to grant "Allow All the Time" permission to ensure protection against Wi-Fi threat, even when the app is not actively in use. If the location permission is denied by the user, Defender for Endpoint will only be able to provide limited protection against network threats and will only protect the users from rogue certificates.
 
 ## Configure privacy controls
 

defender-endpoint/android-configure.md

@@ -102,12 +102,13 @@ In the Microsoft Intune admin center, navigate to Apps > App configuration polic
    |Automatic Remediation of Network Protection Alerts|1: Enable (default) <br/> 0: Disable <br/><br/> This setting is used by IT admins to enable or disable the remediation alerts that are sent when a user does remediation activities. For example, the user switches to a safer Wi-Fi access point or deletes suspicious certificates that were detected by Defender.|
    |Manage Network Protection detection for Open Networks| 2:  Enable (default)<br/> 1: Audit Mode <br/> 0: Disable <br/>  Security admins manage this setting to enable or disable open network detection.|
    |Manage Network protection Detection for Certificates|2: Enable <br/> 1: Audit mode<br/> 0: Disable (default)<br/><br/>In audit mode, notification alerts are sent to SOC admins, but no end user notifications are shown when Defender detects a bad certificate. Admins can enable full feature functionality by setting the value 2. When the value is 2, end user notifications are sent to users and alerts are sent to SOC admins when Defender detects a bad certificate.|
-   
+
 6. Add the required groups to which the policy has to be applied. Review and create the policy.
 
 > [!NOTE]
+>
 > - The other config keys of Network Protection will only work if the parent key '**Enable Network Protection in Microsoft Defender'** is enabled.
-> - Users need to enable location permission (which is an optional permission) and need to grant “Allow All the Time” permission to ensure protection against Wi-Fi threat, even when the app is not actively in use. If the location permission is denied by the user, Defender for Endpoint will only be able to provide limited protection against network threats and will only protect the users from rogue certificates.
+> - Users need to enable location permission (which is an optional permission) and need to grant "Allow All the Time" permission to ensure protection against Wi-Fi threat, even when the app is not actively in use. If the location permission is denied by the user, Defender for Endpoint will only be able to provide limited protection against network threats and will only protect the users from rogue certificates.
 
 ## Privacy Controls
 

defender-endpoint/android-support-signin.md

@@ -104,7 +104,7 @@ Enable the required permission on Xiaomi devices.
 
 - **Xiaomi**
 
-Defender App asks for Battery Optimization/Permanent Protection permission on devices as part of app onboarding, and selecting **Allow** returns an error that the permission couldn't be set. It only affects the last permission called "Permanent Protection." 
+Defender App asks for Battery Optimization/Permanent Protection permission on devices as part of app onboarding, and selecting **Allow** returns an error that the permission couldn't be set. It only affects the last permission called "Permanent Protection."
 
 **Cause:**
 
@@ -116,34 +116,33 @@ The Android devices Battery Optimization screen opens automatically as part of t
 
 1. Select Work Profile to see all of the work profile apps
 
-![Image of Battery Optimisation screen](media/android-support-signin/image.png)
-2. Tap on **Not optimised** and select **All Apps**
+   ![Image of Battery Optimization screen](media/android-support-signin/image.png)
 
-![Image of Optimisation dropdown menu](media/android-support-signin/image1.png)
+2. Tap on **Not optimized** and select **All Apps**
 
-![Image of All Apps option in the dropdown](media/android-support-signin/image2.png)
+   ![Image of Optimization dropdown menu](media/android-support-signin/image1.png)
+
+   ![Image of All Apps option in the dropdown](media/android-support-signin/image2.png)
 
 3. Scroll down to find **Microsoft Defender** and tap on it
 
-![Image of All Apps including Microsoft Defender](media/android-support-signin/image3.png)
+   ![Image of All Apps including Microsoft Defender](media/android-support-signin/image3.png)
 
-4. Select **Don’t Optimise** option and tap on **Done**
+4. Select **Don't Optimize** option and tap on **Done**
 
-![Image of the Microsoft Defende Optimise drop down](media/android-support-signin/image4.png)
+   ![Image of the Microsoft Defender Optimize drop down](media/android-support-signin/image4.png)
 
 5. Navigate back to Defender
 
 **Solution 2** (needed in case the Solution 1 does not work):
 
-1. Install MDE app in personal profile. (Sign-in isn't required.) 
- 2. Open the Company Portal and tap on Settings. 
- 3. Go to the Battery Optimization section, tap on the **Turn Off** button, and then select on **Allow** to turn off Battery Optimization for the Company Portal. 
- 4. Again, go to the Battery Optimization section and tap on the **Turn On** button. The battery saver section opens. 
- 5. Find the Defender app and tap on it. 
- 6. Select **No Restriction**. Go back to the Defender app in work profile and tap on **Allow** button.  
- 7. The application shouldn't be uninstalled from personal profile for this to work. 
-
-
+1. Install MDE app in personal profile. (Sign-in isn't required.)
+2. Open the Company Portal and tap on Settings.
+3. Go to the Battery Optimization section, tap on the **Turn Off** button, and then select on **Allow** to turn off Battery Optimization for the Company Portal.
+4. Again, go to the Battery Optimization section and tap on the **Turn On** button. The battery saver section opens. 
+5. Find the Defender app and tap on it.
+6. Select **No Restriction**. Go back to the Defender app in work profile and tap on **Allow** button.  
+7. The application shouldn't be uninstalled from personal profile for this to work.
 
 ## Unable to use banking applications with MDE app
 
@@ -153,16 +152,15 @@ The Android devices Battery Optimization screen opens automatically as part of t
 
 **Solution:**
 Users need to disable MDE VPN from the Settings page. The following steps can be used:
+
 1. Go to Settings on the mobile device.
 2. Search for VPN or open 'Network and Internet' and select on VPN.
 3. Select on Microsoft Defender and select Disconnect.
 
 Users should enable VPN when they're no longer using the banking app to ensure that their devices are protected. 
 
->[!NOTE]
-> This a temporary workaround. We are working on other alternatives to provide users more control over the VPN settings from within the app. 
-
-
+> [!NOTE]
+> This a temporary workaround. We are working on other alternatives to provide users more control over the VPN settings from within the app.
 
 ## Send in-app feedback
 

defender-endpoint/android-whatsnew.md

@@ -28,21 +28,21 @@ ms.date: 01/06/2025
 
 Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-exposedapis-abovefoldlink)
 
-### Upgrading your experience: Upcoming enhancements you should know about
+## Upgrading your experience: Upcoming enhancements you should know about
 
-January 2025
+**January 2025**:
 
-**Key changes**
+**Key changes**:
 
-We are pleased to introduce the new dashboard for our enterprise users, which has been designed to be more user-friendly and accessible. The updated dashboard structure now includes recommendation cards for alerts and feature tiles.
+We are pleased to introduce the new dashboard for our enterprise users, which has been designed to be more user-friendly and accessible. The updated dashboard structure now includes recommendation cards for alerts and feature tiles.
 
-Recommendation cards prominently display any active alerts, ensuring you stay informed. Additionally, features are now presented in the form of tiles, enhancing ease of use and navigation. 
+Recommendation cards prominently display any active alerts, ensuring you stay informed. Additionally, features are now presented in the form of tiles, enhancing ease of use and navigation.
 
 The following screenshot is an example of what the user sees in their dashboard:
 
 :::image type="content" source="media/android-whatsnew/android-dashboard-screen.png" alt-text="Screenshot showing the user's dashboard in the Microsoft Defender app.":::
 
-**Recommendation cards for alerts**
+**Recommendation cards for alerts**:
 
 The structure of the dashboard has been updated to include a recommendation card that contains active alerts (if any). In case there are multiple alerts, resolving the top alert will bring forward the next one. Recommendation cards have been implemented to provide a more cohesive user experience. These cards are designed to display important alerts and notifications prominently on the dashboard, as shown in the following table:
 
@@ -52,8 +52,7 @@ The structure of the dashboard has been updated to include a recommendation card
 | :::image type="content" source="media/android-whatsnew/android-allow-vpn.png" alt-text="Screenshot showing a recommendation to set up a VPN connection."::: | **VPN option** <br/>The user is prompted to set up a VPN connection on their device. |
 | :::image type="content" source="media/android-whatsnew/android-threat-found.png" alt-text="Screenshot showing a recommendation to take action on a detected threat."::: | **Malware detection** <br/>The user is prompted to take action on a detected threat. |
 
-      
-**Feature tiles**
+**Feature tiles**:
 
 The current enterprise dashboard experience now features a tile view for your security team. The following table describes tiles your security team might see.
 
@@ -66,37 +65,37 @@ The current enterprise dashboard experience now features a tile view for your se
 
 ## Android low-touch onboarding is now GA
 
-**December 2024**
+**December 2024**:
 
-**Key benefits**
+**Key benefits**:
 
-1. **Faster setup on Android devices** – Simplified Android onboarding supports silent sign-on and autogranting of certain permissions on a user's device. As such, users are required to grant only the necessary permissions to onboard to Defender for Endpoint.  
+1. **Faster setup on Android devices** – Simplified Android onboarding supports silent sign-on and autogranting of certain permissions on a user's device. As such, users are required to grant only the necessary permissions to onboard to Defender for Endpoint.
 
-2. **Intuitive guidance** - A clear and intuitive flow to guide users through each step. 
+2. **Intuitive guidance** - A clear and intuitive flow to guide users through each step.
 
-3. **Broad coverage with support across multiple Android profiles** – Android enterprise BYOD, COPE, and fully managed. 
+3. **Broad coverage with support across multiple Android profiles** – Android enterprise BYOD, COPE, and fully managed.
 
-**Configuring low-touch onboarding** 
+**Configuring low-touch onboarding**:
 
 Although low-touch onboarding is disabled by default, security administrators can enable it through app configuration policies in Intune. See [Android low-touch onboarding](/defender-endpoint/android-intune).
 
 > [!IMPORTANT]
-> **Ending support for device administrator enrolled devices**
-> 
+> **Ending support for device administrator enrolled devices**:
+>
 > Microsoft Intune and Defender for Endpoint are ending support for device administrator enrolled devices with access to [Google Mobile Services](/mem/intune/apps/manage-without-gms) (GMS), beginning December 31, 2024.
-> 
-> **For devices with access to GMS**
-> 
-> After support ends for device administrator enrolled devices, devices with access to GMS will be affected in the following ways: 
-> 
+>
+> **For devices with access to GMS**:
+>
+> After support ends for device administrator enrolled devices, devices with access to GMS will be affected in the following ways:
+>
 > - Intune and Defender for Endpoint won't make changes or updates to Android device administrator management, such as bug fixes, security fixes, or fixes to address changes in new Android versions.
 > - Intune and Defender for Endpoint technical support will no longer support devices with access to GMS.
-> 
+>
 > For more information, see [Tech Community blog: Intune ending support for Android device administrator on devices with GMS in December 2024](https://techcommunity.microsoft.com/blog/intunecustomersuccess/intune-ending-support-for-android-device-administrator-on-devices-with-gms-in-de/3915443).
 
 ## Network protection
 
-**Aug-2024 (version: 1.0.6812.0101)**
+**Aug-2024 (version: 1.0.6812.0101)**:
 
 - Network Protection feature is enabled by default for all users
 
@@ -163,25 +162,25 @@ Release Build: `1.0.3501.0301`
 Release month: Nov 2021
 Microsoft Defender for Endpoint has released this update required by [Google](https://developer.android.com/distribute/play-policies#APILevel30) to upgrade to Android API 30. This change prompts users seeking access to [new storage permission](https://developer.android.com/training/data-storage/manage-all-files#all-files-access-google-play), for devices running Android 11 or later. Users need to accept this new storage permission once they update Defender app with the release build 1.0.3501.0301 or later. This update ensures that Defender for Endpoint's app security feature to function without any disruption. For more information, review the following sections.
 
-**How this affects your organization:** These changes take effect if you're using Microsoft Defender for Endpoint on devices running Android 11 or later and updated Defender for Endpoint to release build 1.0.3501.0301 or later.
+**How this affects your organization**: These changes take effect if you're using Microsoft Defender for Endpoint on devices running Android 11 or later and updated Defender for Endpoint to release build 1.0.3501.0301 or later.
 
 > [!NOTE]
 > The new storage permissions cannot be configured by administrators to auto approve through Microsoft Intune. Users must take action to provide access to this permission.
 
-**User experience:** Users receive a notification indicating a missing permission for app security. If the user denies this permission, app security functionality is turned off on the device. If user doesn't accept or deny permission, they continue to receive the prompt when unlocking their device or opening the app, until it's approved.
+**User experience**: Users receive a notification indicating a missing permission for app security. If the user denies this permission, app security functionality is turned off on the device. If user doesn't accept or deny permission, they continue to receive the prompt when unlocking their device or opening the app, until it's approved.
 
 > [!NOTE]
 > If your organization is previewing the tamper protection feature and if the new storage permissions are not granted by the user within seven days of updating to the latest version, the user might lose access to corporate resources.
 
-**What you need to do to prepare:**
+**What you need to do to prepare**:
 
 Notify your users and help desk (as applicable) that end users must accept the new permissions when prompted after they update Defender for Endpoint to build `1.0.3501.0301` or later. To accept the permissions, users should follow these steps:
 
 1. Tap on the Defender for Endpoint in-app notification or open the Defender for Endpoint app. Users see a screen that lists the permissions needed. A green check mark is missing next to **Storage permission**.
 
-1. Tap **Begin**.
+2. Tap **Begin**.
 
-3. Tap the toggle for **Allow access to manage all files.** 
+3. Tap the toggle for **Allow access to manage all files**.
 
    The device is now protected.