Merge branch 'docs-editor/mac-whatsnew-1715049829' of https://github.com/YongRhee-MSFT/defender-docs-pr into pr/322

denisebmsft · denisebmsft · commit 48eefc278e64 · 2024-05-07T12:24:37.000-07:00
diff --git a/defender-endpoint/microsoft-defender-antivirus-updates.md b/defender-endpoint/microsoft-defender-antivirus-updates.md
@@ -100,6 +100,22 @@ All our updates contain
 - Serviceability improvements
 - Integration improvements (Cloud, [Microsoft Defender XDR](/defender-xdr/microsoft-365-defender))
 
+### April-2024 (Engine: 1.1.24040.1 | Platform: coming soon)
+
+- Security intelligence update version: **1.411.7.0**
+- Release date: **May 07, 2024** (Engine) / **coming soon** (Platform)
+- Engine: **1.1.24040.1**
+- Platform: **coming soon**
+- Support phase: **Security and Critical Updates**
+
+#### What's new
+
+- Added an opt-out feature for Experimental Configuration Services (ECS) and One collector in the Core Service.
+- Fixed an issue where occasionally exclusions deployed via Intune were not being honored when tamper protection was enabled.
+- After a new engine version is released, support for older versions (N-2) will now reduce to technical support only. Engine versions older than N-2 are no longer supported.
+- Improved health monitoring and telemetry for [Attack Surface Rules](overview-attack-surface-reduction.md) exclusions.
+- Updated inaccurate information in [Configure exclusions for files opened by processes](configure-process-opened-file-exclusions-microsoft-defender-antivirus.md) regarding wildcard usage with contextual exclusions.
+
 ### March-2024 (Engine: 1.1.24030.4 | Platform: 4.18.24030.9)
 
 - Security intelligence update version: **1.409.1.0**
diff --git a/defender-vulnerability-management/tvm-vulnerable-components.md b/defender-vulnerability-management/tvm-vulnerable-components.md
@@ -33,6 +33,9 @@ With visibility into which vulnerable components are present on a device, securi
 > [!TIP]
 > Did you know you can try all the features in Microsoft Defender Vulnerability Management for free? Find out how to [sign up for a free trial](defender-vulnerability-management-trial.md).
 
+For an overview of the vulnerable components capability, watch the following video.
+<iframe width="560" height="415" src="https://www.youtube.com/embed/QIwrpjpqrBc?si=OjweAYJo9cP1X-Yo" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>
+
 ## Navigate to the vulnerable components page
 
 1. Go to **Vulnerability management** \> **Inventories** in the [Microsoft Defender portal](https://security.microsoft.com).
diff --git a/defender-xdr/advanced-hunting-deviceinfo-table.md b/defender-xdr/advanced-hunting-deviceinfo-table.md
@@ -74,8 +74,8 @@ For information on other tables in the advanced hunting schema, [see the advance
 | `ConnectivityType` | `string` | Type of connectivity from the device to the cloud |
 | `HostDeviceId` | `string` | Device ID of the device running Windows Subsystem for Linux |
 | `AzureResourceId` | `string` | Unique identifier of the Azure resource associated with the device |
-
-
+| `AwsResourceName` | `string` | Unique identifier specific to Amazon Web Services devices, containing the Amazon resource name |
+| `GcpFullResourceName` | `string` | Unique identifier specific to Google Cloud Platform devices, containing a combination of zone and ID for GCP|
 
 
 
diff --git a/defender-xdr/deploy-configure-m365-defender.md b/defender-xdr/deploy-configure-m365-defender.md
@@ -16,7 +16,7 @@ ms.topic: conceptual
 search.appverid: 
   - MOE150
   - MET150
-ms.date: 03/31/2023
+ms.date: 05/03/2024
 ---
 
 # Setup guides for Microsoft Defender XDR
@@ -28,25 +28,26 @@ ms.date: 03/31/2023
 
 Setup guides for Microsoft Defender XDR deployment give you tailored guidance and resources for planning and deploying security controls for your tenant, apps, and services. 
 
-All deployment guides are available in the [Microsoft 365 admin center](https://go.microsoft.com/fwlink/?linkid=2224913) and in the [Microsoft 365 Setup portal](https://go.microsoft.com/fwlink/?linkid=2230646).
+All setup guides are available in the [Microsoft 365 admin center](https://go.microsoft.com/fwlink/?linkid=2224913) and in the [Microsoft 365 Setup portal](https://go.microsoft.com/fwlink/?linkid=2230646).
 
-## Deployment Guides
+## Setup guides
 
-Deployment guides in the admin center require authentication to a Microsoft 365 tenant as an administrator or other role with access to the admin center, but guides in the Microsoft 365 Setup portal can be accessed by anyone. We have provided links to both locations for each guide, where available, in the tables below.
+Setup guides in the admin center require authentication to a Microsoft 365 tenant as an administrator or other role with access to the admin center, but guides in the Microsoft 365 Setup portal can be accessed by anyone. The following table provides links to both locations for each guide, where available.
 
-|**Guide - [Setup Portal](https://go.microsoft.com/fwlink/?linkid=2220880)**  |**Guide - [Admin Center](https://go.microsoft.com/fwlink/?linkid=2224913)** |**Description** |
-|---------|---------|---------|
-| [Microsoft Defender for Endpoint setup guide](https://go.microsoft.com/fwlink/?linkid=2223155)   | [Microsoft Defender for Endpoint setup guide](https://go.microsoft.com/fwlink/?linkid=2224785)        |The **Microsoft Defender for Endpoint setup guide** provides instructions that will help your enterprise network prevent, detect, investigate, and respond to advanced threats. Make an informed assessment of your organization's vulnerability and decide which deployment package and configuration methods are best. <br> **Note**: A Microsoft Volume License is required for Microsoft Defender for Endpoint.         |
-|[Microsoft Defender for Office 365 setup guide ](https://go.microsoft.com/fwlink/?linkid=2222971)   | [Microsoft Defender for Office 365 setup guide ](https://go.microsoft.com/fwlink/?linkid=2224784)       | The **Microsoft Defender for Office 365 setup guide** safeguards your organization against malicious threats that your environment might come across through email messages, links, and third party collaboration tools. This guide provides you with the resources and information to help you prepare and identify the Defender for Office 365 plan to fit your organization's needs.            |
-|[Microsoft Defender for Cloud Apps setup guide](https://go.microsoft.com/fwlink/?linkid=2222969)     | [Microsoft Defender for Cloud Apps setup guide](https://go.microsoft.com/fwlink/?linkid=2224814)        | The **Microsoft Defender for Cloud Apps setup guide** provides easy to follow deployment and management guidance to set up your Cloud Discovery solution. With Cloud Discovery, you'll integrate your supported security apps, and then you'll use traffic logs to dynamically discover and analyze the cloud apps that your organization uses. You'll also set up features available through the Defender for Cloud Apps solution, including threat detection policies to identify high-risk use, information protection policies to define access, and real-time session controls to monitor activity. With these features, your environment gets enhanced visibility, control over data movement, and analytics to identify and combat cyberthreats across all your Microsoft and third party cloud services.        |
-|[Microsoft Defender for Identity setup guide](https://go.microsoft.com/fwlink/?linkid=2222970)|[Microsoft Defender for Identity setup guide](https://go.microsoft.com/fwlink/?linkid=2224783)|The **Microsoft Defender for Identity setup guide** provides security solution set-up guidance to identify, detect, and investigate advanced threats that might compromise user identities. These include detecting suspicious user activities and malicious insider actions directed at your organization. You'll create a Defender for Identity instance, connect to your organization's Active Directory, and then set up sensors, alerts, notifications, and configure your unique portal preferences.|
+| Defender | Deployment guide description | Link in the [Setup Portal](https://go.microsoft.com/fwlink/?linkid=2220880) | Link in the [Admin Center](https://go.microsoft.com/fwlink/?linkid=2224913) |
+|---------|---------|---------|---------|
+| Microsoft Defender for Endpoint | Provides instructions that will help your enterprise network prevent, detect, investigate, and respond to advanced threats. Make an informed assessment of your organization's vulnerability and decide which deployment package and configuration methods are best. <br><br> **Note**: A Microsoft Volume License is required for Microsoft Defender for Endpoint. | [Link](https://go.microsoft.com/fwlink/?linkid=2223155) | [Link](https://go.microsoft.com/fwlink/?linkid=2224785) (may require sign-in) |
+| Microsoft Defender for Office 365 | Provides you with the resources and information to help you prepare and identify the Defender for Office 365 plan to fit your organization's needs. | [Link](https://go.microsoft.com/fwlink/?linkid=2222971) | [Link](https://go.microsoft.com/fwlink/?linkid=2224784) (may require sign-in) |
+| Microsoft Defender for Cloud Apps | Provides easy to follow deployment and management guidance to set up your Cloud Discovery solution. With Cloud Discovery, you'll integrate your supported security apps, and then you'll use traffic logs to dynamically discover and analyze the cloud apps that your organization uses. You'll also set up features available through the Defender for Cloud Apps solution, including threat detection policies to identify high-risk use, information protection policies to define access, and real-time session controls to monitor activity. With these features, your environment gets enhanced visibility, control over data movement, and analytics to identify and combat cyberthreats across all your Microsoft and third-party cloud services. | [Link](https://go.microsoft.com/fwlink/?linkid=2222969) | [Link](https://go.microsoft.com/fwlink/?linkid=2224814) (may require sign-in) |
+| Microsoft Defender for Identity | Provides security solution set-up guidance to identify, detect, and investigate advanced threats that might compromise your on-premises user identities. These include detecting suspicious user activities and malicious insider actions directed at your organization. You'll create a Defender for Identity instance, connect to your organization's on-premises Active Directory, and then set up sensors, alerts, notifications, and configure your unique portal preferences. | [Link](https://go.microsoft.com/fwlink/?linkid=2222970) | [Link](https://go.microsoft.com/fwlink/?linkid=2224783) (may require sign-in) |
 
 ## Related topics
 
 - [Microsoft Defender XDR overview](microsoft-365-defender.md)
 - [Turn on Microsoft Defender XDR](m365d-enable.md)
 - [Deploy supported services](deploy-supported-services.md)
 - [Microsoft Defender for Endpoint overview](/defender-endpoint/microsoft-defender-endpoint)
-- [Microsoft Defender for Office 365 overview]/defender-office-365/mdo-about
+- [Microsoft Defender for Office 365 overview](/defender-office-365/mdo-about)
 - [Microsoft Defender for Cloud Apps overview](/cloud-app-security/what-is-cloud-app-security)
+- [Microsoft Defender for Identity overview](/defender-for-identity/what-is)
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/defender-m3d-techcommunity.md)]
diff --git a/defender-xdr/eval-defender-identity-architecture.md b/defender-xdr/eval-defender-identity-architecture.md
@@ -42,16 +42,22 @@ The following diagram illustrates the baseline architecture for Defender for Ide
 
 In this illustration:
 
-- Sensors installed on Active Directory Domain Services (AD DS) domain controllers parse logs and network traffic and send them to Microsoft Defender for Identity for analysis and reporting.
-- Sensors can also parse Active Directory Federation Services (AD FS) when Microsoft Entra ID is configured to use federated authentication (dotted line in illustration).
+- Sensors installed on Active Directory Domain Services (AD DS) domain controllers and Active Directory Certificate Services (AD CS) servers parse logs and network traffic and send them to Microsoft Defender for Identity for analysis and reporting.
+- Sensors can also parse Active Directory Federation Services (AD FS) authentications for third-party identity providers and when Microsoft Entra ID is configured to use federated authentication (the dotted lines in the illustration).
 - Microsoft Defender for Identity shares signals to Microsoft Defender XDR for extended detection and response (XDR).
 
 Defender for Identity sensors can be directly installed on the following servers:
 
-- Domain controllers: The sensor directly monitors domain controller traffic, without the need for a dedicated server, or configuration of port mirroring.
-- AD FS: The sensor directly monitors network traffic and authentication events.
+- AD DS domain controllers
 
-For a deeper look into the architecture of Defender for Identity, including integration with Defender for Cloud Apps, see [Microsoft Defender for Identity architecture](/defender-for-identity/architecture).
+  The sensor directly monitors domain controller traffic, without the need for a dedicated server or the configuration of port mirroring.
+
+- AD CS servers
+- AD FS servers
+
+  The sensor directly monitors network traffic and authentication events.
+
+For a deeper look into the architecture of Defender for Identity, see [Microsoft Defender for Identity architecture](/defender-for-identity/architecture).
 
 ## Understand key concepts
 
diff --git a/defender-xdr/media/eval-defender-xdr/m365-defender-eval-architecture.svg b/defender-xdr/media/eval-defender-xdr/m365-defender-eval-architecture.svg
diff --git a/defender-xdr/media/eval-defender-xdr/m365-defender-identity-architecture.svg b/defender-xdr/media/eval-defender-xdr/m365-defender-identity-architecture.svg
