Merge branch 'main' into maccruz-privroles

Author: schmurky

.openpublishing.redirection.defender-xdr.json

@@ -180,6 +180,11 @@
       "source_path": "defender-xdr/portal-submission-troubleshooting.md",
       "redirect_url": "/defender-xdr/troubleshoot",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-xdr/microsoft-sentinel-onboard.md",
+      "redirect_url": "/unified-secops-platform/microsoft-sentinel-onboard",
+      "redirect_document_id": false
     }
   ]
 }

ATADocs/docfx.json

@@ -48,7 +48,13 @@
       "uhfHeaderId": "MSDocsHeader-M365-IT",
       "searchScope": ["ATA"],
       "contributors_to_exclude": [
-        "beccarobins"
+        "beccarobins",
+        "rjagiewich",
+        "claydetels19",
+        "garycentric",
+        "padmagit77",
+        "aditisrivastava07",
+        "Ruchika-mittal01"
       ]
     },
     "markdownEngineName": "markdig"

CloudAppSecurityDocs/app-governance-app-policies-create.md

@@ -13,6 +13,9 @@ Microsoft Defender for Cloud Apps enables you to natively use the Microsoft Data
 >[!NOTE]
 > This feature is currently available in the US, Europe, Australia, India, Canada, Japan, and APAC.
 
+>[!NOTE]
+> To enable the Data Classification Service option in File Policies, the "Microsoft 365" App Connector is required.
+
 ## Enable content inspection with Data Classification Services
 
 You can set the **Inspection method** to use the **Microsoft Data Classification Service** with no additional configuration required. This option is useful when creating a data leak prevention policy for your files in Microsoft Defender for Cloud Apps.

CloudAppSecurityDocs/dcs-inspection.md

@@ -44,7 +44,13 @@
       "ms.service": "defender-for-cloud-apps",
       "ms.suite": "ems",
       "contributors_to_exclude": [
-        "beccarobins"
+        "beccarobins",
+        "rjagiewich",
+        "claydetels19",
+        "garycentric",
+        "padmagit77",
+        "aditisrivastava07",
+        "Ruchika-mittal01"
       ]
     },
     "fileMetadata": {},

CloudAppSecurityDocs/docfx.json

@@ -34,11 +34,11 @@ The following governance actions can be taken for connected apps either on a spe
     - **Apply label** - Ability to add a Microsoft Purview Information Protection sensitivity label.
     - **Remove label** - Ability to remove a Microsoft Purview Information Protection sensitivity label.
   - **Change sharing**
-
+  
     - **Remove public sharing** – Allow access only to named collaborators, for example: *Remove public access* for Google Workspace, and *Remove direct shared link* for Box and Dropbox.
 
-    - **Remove external users** – Allow access only to company users.
-
+    - **Remove external users** – Allow access only to company users. When a group, containing both internal and external members, is added as a collaborator, the action removes members at the group level instead of individually. 
+        
     - **Make private** – Only Site Admins can access the file, all shares are removed.
 
     - **Remove a collaborator** – Remove a specific collaborator from the file.
@@ -60,7 +60,7 @@ The following governance actions can be taken for connected apps either on a spe
   - **Trash** – Move the file to the trash folder. (Box, Dropbox, Google Drive, OneDrive, SharePoint, Cisco Webex)
 
    ![policy_create alerts.](media/policy_create-alerts.png)
-
+  
 ## Malware governance actions (Preview)
 
 The following governance actions can be taken for connected apps either on a specific file, user or from a specific policy. For security reasons, this list is limited only to malware related actions that don't imply risk for the user or the tenant.
@@ -104,7 +104,7 @@ The following governance actions can be taken for connected apps either on a spe
 
 - **Governance actions in apps** - Granular actions can be enforced per app, specific actions vary depending on app terminology.
 
-  - **Suspend user** – Suspend the user from the application.
+- **Suspend user** – Suspend the user from the application.
     > [!NOTE]
     > If your Microsoft Entra ID is set to automatically sync with the users in your Active Directory on-premises environment the settings in the on-premises environment will override the Microsoft Entra settings and this governance action will be reverted.
 
@@ -113,7 +113,7 @@ The following governance actions can be taken for connected apps either on a spe
   - **Confirm user compromised** - Set the user's risk level to high. This causes the relevant policy actions defined in Microsoft Entra ID to be enforced. For more information How Microsoft Entra ID works with risk levels, see [How does Microsoft Entra ID use my risk feedback](/azure/active-directory/identity-protection/howto-identity-protection-risk-feedback#how-does-azure-ad-use-my-risk-feedback).
 
   ![Defender for Cloud Apps activity policy governance actions.](media/activity-policy-ref6.png)
-
+  
 ## Revoke an OAuth app and notify user
 
 For Google Workspace and Salesforce, it's possible to revoke permission to an OAuth app or to notify the user that they should change the permission. When you revoke permission it removes all permissions that were granted to the application under "Enterprise Applications" in Microsoft Entra ID.

CloudAppSecurityDocs/governance-actions.md

@@ -34,9 +34,9 @@ For more information, see [Conditional Access policies](/azure/active-directory/
 
 > [!NOTE]
 > Microsoft Defender for Cloud Apps utilizes the application **Microsoft Defender for Cloud Apps - Session Controls** as part of the Conditional Access App Control service for user sign-in. This application is located within the 'Enterprise Applications' section of Entra ID. 
-To protect your SaaS applications with Session Controls, you must allow access to this application. 
-If you block access to this application through an Entra ID Conditional Access policy, end users won't be able to access the protected applications under session controls. <br>
->
+To protect your SaaS applications with Session Controls, you must allow access to this application.
+> 
+>If you have any Conditional Access policies that have **“Block Access”** selected in the **“Grant Access”** Control under a Microsoft Entra ID Conditional Access policy scoped to this app, end users will not be able to access the protected applications under session controls. <br><br>
 >It's important to ensure that this application isn't unintentionally restricted by any Conditional Access policies. For policies that restrict all or certain applications, please ensure this application is listed as an exception in the **Target resources** or confirm that the blocking policy is deliberate.<br>  
 >
 >To ensure your location-based conditional access policies function correctly, include the **Microsoft Defender for Cloud Apps – Session Controls** application in those policies.