Merge pull request #1072 from MicrosoftDocs/main

Publish main to live, Thursday 3:30PM PDT, 08/01

Author: Stacyrch140

defender-endpoint/edr-detection.md

@@ -15,7 +15,7 @@ ms.custom: admindeeplinkDEFENDER
 ms.topic: conceptual
 ms.subservice: edr
 search.appverid: met150
-ms.date: 01/15/2024
+ms.date: 08/01/2024
 ---
 
 # EDR detection test for verifying device's onboarding and reporting services
@@ -54,11 +54,11 @@ powershell.exe -NoExit -ExecutionPolicy Bypass -WindowStyle Hidden $ErrorActionP
 
 ### Linux
 
-1. Download [script file](https://aka.ms/LinuxDIY) to an onboarded Linux server 
+1. Download [script file](https://aka.ms/MDE-Linux-EDR-DIY) to an onboarded Linux server 
 
 
 ```bash
-curl -o ~/Downloads/MDE Linux DIY.zip https://aka.ms/LinuxDIY
+curl -o ~/Downloads/MDE Linux DIY.zip https://aka.ms/MDE-Linux-EDR-DIY
 ```
 
 1. Extract the zip 

defender-endpoint/linux-install-manually.md

@@ -15,7 +15,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: linux
 search.appverid: met150
-ms.date: 05/01/2024
+ms.date: 08/01/2024
 ---
 
 # Deploy Microsoft Defender for Endpoint on Linux manually
@@ -42,7 +42,7 @@ This article describes how to deploy Microsoft Defender for Endpoint on Linux ma
   - [Ubuntu and Debian systems](#ubuntu-and-debian-systems-1)
   - [Mariner](#mariner)
 - [Application installation](#application-installation)
-  - [RHEL and variants (CentOS, Fedora, Oracle Linux, Amazon Linux 2, Rocky and Alma)](#rhel-and-variants-centos-fedora-oracle-linux-amazon-linux-2-rocky-and-alma)
+  - [RHEL and variants (CentOS, Fedora, Oracle Linux, Amazon Linux 2, Rocky, and Alma)](#rhel-and-variants-centos-fedora-oracle-linux-amazon-linux-2-rocky-and-alma)
   - [SLES and variants](#sles-and-variants)
   - [Ubuntu and Debian systems](#ubuntu-and-debian-systems)
   - [Mariner](#mariner-1)
@@ -58,9 +58,9 @@ Before you get started, see [Microsoft Defender for Endpoint on Linux](microsoft
 
 ## Configure the Linux software repository
 
-Defender for Endpoint on Linux can be deployed from one of the following channels (denoted below as *[channel]*): *insiders-fast*, *insiders-slow*, or *prod*. Each of these channels corresponds to a Linux software repository. The instructions in this article describe configuring your device to use one of these repositories.
+Defender for Endpoint on Linux can be deployed from one of the following channels (denoted as *[channel]*): *insiders-fast*, *insiders-slow*, or `prod`. Each of these channels corresponds to a Linux software repository. The instructions in this article describe configuring your device to use one of these repositories.
 
-The choice of the channel determines the type and frequency of updates that are offered to your device. Devices in *insiders-fast* are the first ones to receive updates and new features, followed later by *insiders-slow* and lastly by *prod*.
+The choice of the channel determines the type and frequency of updates that are offered to your device. Devices in *insiders-fast* are the first ones to receive updates and new features, followed later by *insiders-slow* and lastly by `prod`.
 
 In order to preview new features and provide early feedback, it's recommended that you configure some devices in your enterprise to use either *insiders-fast* or *insiders-slow*.
 
@@ -91,7 +91,7 @@ Options:
 
 Read more [here](https://github.com/microsoft/mdatp-xplat/tree/master/linux/installation).
 
-### RHEL and variants (CentOS, Fedora, Oracle Linux, Amazon Linux 2, Rocky and Alma)
+### RHEL and variants (CentOS, Fedora, Oracle Linux, Amazon Linux 2, Rocky, and Alma)
 
 - Install `yum-utils` if it isn't installed yet:
 
@@ -128,7 +128,7 @@ Read more [here](https://github.com/microsoft/mdatp-xplat/tree/master/linux/inst
   > [!TIP]
   > Use hostnamectl command to identify system related information including release *[version]*.
 
-  For example, if you're running CentOS 7 and want to deploy Defender for Endpoint on Linux from the *prod* channel:
+  For example, if you're running CentOS 7 and want to deploy Defender for Endpoint on Linux from the `prod` channel:
 
   ```bash
   sudo yum-config-manager --add-repo=https://packages.microsoft.com/config/rhel/7/prod.repo
@@ -160,7 +160,7 @@ Read more [here](https://github.com/microsoft/mdatp-xplat/tree/master/linux/inst
    > [!TIP]
    > Use SPident command to identify system related information including release *[version]*.
 
-   For example, if you're running SLES 12 and wish to deploy Microsoft Defender for Endpoint on Linux from the *prod* channel:
+   For example, if you're running SLES 12 and wish to deploy Microsoft Defender for Endpoint on Linux from the `prod` channel:
 
    ```bash
    sudo zypper addrepo -c -f -n microsoft-prod https://packages.microsoft.com/config/sles/12/prod.repo
@@ -198,7 +198,7 @@ Read more [here](https://github.com/microsoft/mdatp-xplat/tree/master/linux/inst
   > [!TIP]
   > Use hostnamectl command to identify system related information including release *[version]*.
 
-  For example, if you're running Ubuntu 18.04 and wish to deploy Microsoft Defender for Endpoint on Linux from the *prod* channel:
+  For example, if you're running Ubuntu 18.04 and wish to deploy Microsoft Defender for Endpoint on Linux from the `prod` channel:
 
   ```bash
   curl -o microsoft.list https://packages.microsoft.com/config/ubuntu/18.04/prod.list
@@ -210,7 +210,7 @@ Read more [here](https://github.com/microsoft/mdatp-xplat/tree/master/linux/inst
   sudo mv ./microsoft.list /etc/apt/sources.list.d/microsoft-[channel].list
   ```
 
-  For example, if you chose *prod* channel:
+  For example, if you chose `prod` channel:
 
   ```bash
   sudo mv ./microsoft.list /etc/apt/sources.list.d/microsoft-prod.list
@@ -263,7 +263,7 @@ curl -sSL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor | su
   > [!NOTE]
   > On Mariner, Insider Fast Channel is not available.
 
-  If you want to deploy Defender for Endpoint on Linux from the *prod* channel. Use the following commands
+  If you want to deploy Defender for Endpoint on Linux from the `prod` channel. Use the following commands
 
   ```bash
   sudo dnf install mariner-repos-extras
@@ -476,7 +476,7 @@ Download the onboarding package from Microsoft Defender portal.
      curl -o /tmp/eicar.com.txt https://secure.eicar.org/eicar.com.txt
      ```
      
-   - You can run additional detection tests on zip files using either of the following commands:
+   - You can run more detection tests on zip files using either of the following commands:
       
       ```bash
       curl -o /tmp/eicar_com.zip https://secure.eicar.org/eicar_com.zip
@@ -493,7 +493,7 @@ Download the onboarding package from Microsoft Defender portal.
 
 - Verify that the onboarded Linux server appears in Microsoft Defender XDR. If this is the first onboarding of the machine, it can take up to 20 minutes until it appears.
 
-   - Download and extract the [script file](https://aka.ms/LinuxDIY) to an onboarded Linux server and run the following command: `./mde_linux_edr_diy.sh`
+   - Download and extract the [script file](https://aka.ms/MDE-Linux-EDR-DIY) to an onboarded Linux server and run the following command: `./mde_linux_edr_diy.sh`
 
    - After a few minutes, a detection should be raised in Microsoft Defender XDR.
 
@@ -503,16 +503,16 @@ Download the onboarding package from Microsoft Defender portal.
 
 The following external package dependencies exist for the mdatp package:
 
-- The mdatp RPM package requires "glibc >= 2.17", "audit", "policycoreutils", "semanage" "selinux-policy-targeted", "mde-netfilter"
-- For RHEL6 the mdatp RPM package requires "audit", "policycoreutils", "libselinux", "mde-netfilter"
-- For DEBIAN the mdatp package requires "libc6 >= 2.23", "uuid-runtime", "auditd", "mde-netfilter"
-- For Mariner the mdatp package requires "attr", "audit", "diffutils", "libacl", "libattr", "libselinux-utils", "selinux-policy", "policycoreutils", "mde-netfilter"
+- The mdatp RPM package requires `glibc >= 2.17`, `audit`, `policycoreutils`, `semanage` `selinux-policy-targeted`, `mde-netfilter`
+- For RHEL6 the mdatp RPM package requires `audit`, `policycoreutils`, `libselinux`, `mde-netfilter`
+- For DEBIAN the mdatp package requires `libc6 >= 2.23`, `uuid-runtime`, `auditd`, `mde-netfilter`
+- For Mariner the mdatp package requires `attr`, `audit`, `diffutils`, `libacl`, `libattr`, `libselinux-utils`, `selinux-policy`, `policycoreutils`, `mde-netfilter`
 
 The mde-netfilter package also has the following package dependencies:
 
-- For DEBIAN, the mde-netfilter package requires "libnetfilter-queue1", "libglib2.0-0"
-- For RPM, the mde-netfilter package requires "libmnl", "libnfnetlink", "libnetfilter_queue", "glib2"
-- For Mariner, the mde-netfilter package requires "libnfnetlink", "libnetfilter_queue"
+- For DEBIAN, the mde-netfilter package requires `libnetfilter-queue1`, `libglib2.0-0`
+- For RPM, the mde-netfilter package requires `libmnl`, `libnfnetlink`, `libnetfilter_queue`, `glib2`
+- For Mariner, the mde-netfilter package requires `libnfnetlink`, `libnetfilter_queue`
 
 If the Microsoft Defender for Endpoint installation fails due to missing dependencies errors, you can manually download the prerequisite dependencies.
 
@@ -523,7 +523,7 @@ See [Log installation issues](linux-resources.md#log-installation-issues) for mo
 
 ## How to migrate from Insiders-Fast to Production channel
 
-1. Uninstall the "Insiders-Fast channel" version of Defender for Endpoint on Linux.
+1. Uninstall the `Insiders-Fast channel` version of Defender for Endpoint on Linux.
 
    ```bash
    sudo yum remove mdatp
@@ -536,13 +536,13 @@ See [Log installation issues](linux-resources.md#log-installation-issues) for mo
    ```
 
    > [!NOTE]
-   > The output should show "packages-microsoft-com-fast-prod".
+   > The output should show `packages-microsoft-com-fast-prod`.
 
    ```bash
    sudo yum-config-manager --disable packages-microsoft-com-fast-prod
    ```
 
-1. Redeploy Microsoft Defender for Endpoint on Linux using the "Production channel".
+1. Redeploy Microsoft Defender for Endpoint on Linux using the Production channel.
 
 ## Uninstallation
 

defender-endpoint/mac-install-with-intune.md

@@ -14,7 +14,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: macos
 search.appverid: met150
-ms.date: 05/20/2024
+ms.date: 08/01/2024
 ---
 
 # Deploy Microsoft Defender for Endpoint on macOS with Microsoft Intune
@@ -65,7 +65,7 @@ In the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2
 
 1. Under **Configuration profiles**, select **Create Profile**.
 
-   This profile is needed for Big Sur (11) or later. It is ignored on older versions of macOS, because they use the kernel extension.
+   This profile is needed for Big Sur (11) or later. It's ignored on older versions of macOS, because they use the kernel extension.
 
 1. On the **Policies** tab, select **Create** > **New Policy**. 
 
@@ -100,7 +100,7 @@ As part of the Endpoint Detection and Response capabilities, Microsoft Defender
 
 Download [netfilter.mobileconfig](https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/macos/mobileconfig/profiles/netfilter.mobileconfig) from [GitHub repository](https://github.com/microsoft/mdatp-xplat/tree/master/macos/mobileconfig/profiles).
 
-To configure network filter:
+To configure your network filter:
 
 1. Under **Configuration profiles**, select **Create Profile**.
 
@@ -160,7 +160,7 @@ To configure Full Disk Access:
 1. Review the configuration profile. Select **Create**.
 
 > [!NOTE]
-> Full Disk Access granted through Apple MDM Configuration Profile is not reflected in System Settings => Privacy & Security => Full Disk Access.
+> Full Disk Access granted through Apple MDM Configuration Profile is not reflected in **System Settings** > **Privacy & Security** > **Full Disk Access**.
 
 ### Step 4: Background services
 
@@ -267,10 +267,10 @@ Download [accessibility.mobileconfig](https://github.com/microsoft/mdatp-xplat/b
 
 ### Step 7: Bluetooth permissions
 
-   > [!CAUTION]
-   > macOS 14 (Sonoma) contains new privacy enhancements. Beginning with this version, by default, applications cannot access Bluetooth without explicit consent. Microsoft Defender for Endpoint uses it if you configure Bluetooth policies for Device Control.
+> [!CAUTION]
+> macOS 14 (Sonoma) contains new privacy enhancements. Beginning with this version, by default, applications cannot access Bluetooth without explicit consent. Microsoft Defender for Endpoint uses it if you configure Bluetooth policies for Device Control.
 
-Download [bluetooth.mobileconfig](https://github.com/microsoft/mdatp-xplat/blob/master/macos/mobileconfig/profiles/bluetooth.mobileconfig) from [GitHub repository](https://github.com/microsoft/mdatp-xplat/tree/master/macos/mobileconfig/profiles) and use the same workflow as for the Accessibility settings above to enable Bluetooth access.
+Download [bluetooth.mobileconfig](https://github.com/microsoft/mdatp-xplat/blob/master/macos/mobileconfig/profiles/bluetooth.mobileconfig) from [GitHub repository](https://github.com/microsoft/mdatp-xplat/tree/master/macos/mobileconfig/profiles) and use the same workflow as for the Accessibility settings mentioned earlier in this article to enable Bluetooth access.
 
 > [!NOTE]
 > Bluetooth granted through Apple MDM Configuration Profile is not reflected in System Settings => Privacy & Security => Bluetooth.
@@ -288,7 +288,7 @@ For more information, see [Deploy updates for Microsoft Defender for Endpoint on
 Download [AutoUpdate2.mobileconfig](https://github.com/microsoft/mdatp-xplat/blob/master/macos/settings/microsoft_auto_update/com.microsoft.autoupdate2.mobileconfig) from [GitHub repository](https://github.com/microsoft/mdatp-xplat/tree/master/macos/settings/microsoft_auto_update).
 
 > [!NOTE]
-> The sample AutoUpdate2.mobileconfig from the GitHub repository has it set to Current Channel (Production).
+> The sample `AutoUpdate2.mobileconfig` from the GitHub repository has it set to Current Channel (Production).
 
 1. Under **Configuration profiles**, select **Create Profile**.
 
@@ -316,31 +316,15 @@ Download [AutoUpdate2.mobileconfig](https://github.com/microsoft/mdatp-xplat/blo
 
 ### Step 9: Microsoft Defender for Endpoint configuration settings
 
-In this step, we go over *Preferences* that enables you to configure anti-malware and EDR policies using Microsoft Defender XDR portal ([https://security.microsoft.com](https://security.microsoft.com)) **or** Microsoft Intune ([https://intune.microsoft.com](https://intune.microsoft.com)).
+In this step, we go over *Preferences* that enables you to configure anti-malware and EDR policies using Microsoft Intune ([https://intune.microsoft.com](https://intune.microsoft.com)).
 
-#### 9a. Set policies using Microsoft Defender portal
-
-1. Go through [Configure Microsoft Defender for Endpoint in Intune](/mem/intune/protect/advanced-threat-protection-configure) before setting the security policies using Microsoft Defender for Endpoint Security Settings Management.
-
-2. In the [Microsoft Defender portal](https://sip.security.microsoft.com/homepage?tid=72f988bf-86f1-41af-91ab-2d7cd011db47), go to **Configuration management** > **Endpoint security policies** > **Mac policies** > **Create new policy**.
-
-3. Under **Select Platform**, select **macOS**.
-
-4. Under **Select Template**, choose a template and select **Create Policy**.
-
-5. Specify a name and description for the policy, and then select **Next**.
-
-6. On the **Assignments** tab, assign the profile to a group where the macOS devices and/or users are located, or **All Users** and **All devices**.
-
-For more information about managing security settings, see:
-
-- [Manage Microsoft Defender for Endpoint on devices with Microsoft Intune](/mem/intune/protect/mde-security-integration?pivots=mdssc-ga)
-- [Manage security settings for Windows, macOS, and Linux natively in Defender for Endpoint](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/manage-security-settings-for-windows-macos-and-linux-natively-in/ba-p/3870617)
+> [!NOTE]
+> If managed via Intune, it will not allow for the device to register via the Microsoft Defender for Endpoint Security Settings Management ([Microsoft Defender XDR portal (https://security.microsoft.com)](Microsoft Defender XDR portal (https://security.microsoft.com) or)).
 
 > [!IMPORTANT]
-> The policies set via Intune will take precedence over the Microsoft Defender for Endpoint Security Settings Management.
-
-#### Set policies using Microsoft Intune
+> Important
+> Only the policies set via Intune will take effect, and the Microsoft Defender for Endpoint Security Settings Management will not be used.
+#### **Set policies using Microsoft Intune**
 
 You can manage the security settings for Microsoft Defender for Endpoint on macOS under **Setting Preferences** in Microsoft Intune.
 
@@ -372,9 +356,8 @@ In the [Microsoft Defender portal](https://sip.security.microsoft.com/homepage?t
 
 1. Review the policy in **Review+Create** and select **Save**. 
 
-
 > [!TIP]
-> You can also configure network protection by appending the information from [**Network protection to help prevent macOS connections to bad sites**](network-protection-macos.md) to the .mobileconig from step 8.
+> You can also configure network protection by appending the information from [**Network protection to help prevent macOS connections to bad sites**](network-protection-macos.md) to the `.mobileconfig` from step 8.
 
 ### Step 11: Device Control for Microsoft Defender for Endpoint on macOS
 
@@ -463,7 +446,7 @@ You can visit **Apps** > **By platform** > **macOS** to see it on the list of al
 For more information, see [Add Microsoft Defender for Endpoint to macOS devices using Microsoft Intune](/mem/intune/apps/apps-advanced-threat-protection-macos).
 
 > [!IMPORTANT]
-> You should create and deploy the configuration profiles in the above order (step 1-13) for a successful system configuration.
+> You should create and deploy the configuration profiles in the order specified (steps 1-13) for a successful system configuration.
 
 #### Step 15: Download the onboarding package
 

defender-endpoint/mde-plugin-wsl.md

@@ -15,7 +15,7 @@ ms.collection:
 ms.custom:
 - partner-contribution
 audience: ITPro
-ms.date: 07/26/2024
+ms.date: 08/01/2024
 search.appverid: MET150
 ---
 
@@ -192,7 +192,7 @@ To test the plug-in after installation, follow these steps:
 
 2. Run the command `wsl`.
 
-3. Download and extract the script file from [https://aka.ms/LinuxDIY](https://aka.ms/LinuxDIY).
+3. Download and extract the script file from [https://aka.ms/MDE-Linux-EDR-DIY](https://aka.ms/MDE-Linux-EDR-DIY).
 
 4. At the Linux prompt, run the command `./mde_linux_edr_diy.sh`.
 

defender-endpoint/network-protection-macos.md

@@ -3,7 +3,7 @@ title: Use network protection to help prevent macOS connections to bad sites
 description: Protect your network by preventing macOS users from accessing known malicious and suspicious network addresses
 ms.service: defender-endpoint
 ms.localizationpriority: medium
-ms.date: 12/08/2023
+ms.date: 08/01/2024
 audience: ITPro
 author: siosulli
 ms.author: siosulli
@@ -128,9 +128,10 @@ To confirm that network protection has been started successfully, run the follow
 mdatp health --field network_protection_status
 ```
 
-#### JAMF deployment
+#### JAMF Pro deployment
+
+A successful JAMF Pro deployment requires a configuration profile to set the enforcement level of network protection.
 
-A successful JAMF deployment requires a configuration profile to set the enforcement level of network protection.
 After you create this configuration profile, assign it to the devices where you want to enable network protection.
 
 ##### Configure the enforcement level

defender-endpoint/tamperprotection-macos.md

@@ -14,7 +14,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: macos
 search.appverid: met150
-ms.date: 01/29/2024
+ms.date: 08/01/2024
 ---
 
 # Protect macOS security settings with tamper protection
@@ -298,7 +298,7 @@ Tampering alert is raised in the Microsoft Defender portal
 - Try to stop the Defender for Endpoint process (kill).
 - Try to delete, rename, modify, move Defender for Endpoint files (similar to what a malicious user would do), for example:
 
-  - /Applications/Microsoft Defender ATP.app/
+  - /Applications/Microsoft Defender.app/
   - /Library/LaunchDaemons/com.microsoft.fresno.plist
   - /Library/LaunchDaemons/com.microsoft.fresno.uninstall.plist
   - /Library/LaunchAgents/com.microsoft.wdav.tray.plist