Merge pull request #1059 from MicrosoftDocs/main

Stacyrch140 · web-flow · commit 4ae47a19da52 · 2024-07-31T18:41:20.000-04:00
Publish main to live, Wednesday 3:30PM PDT, 07/31
diff --git a/defender-endpoint/indicator-certificates.md b/defender-endpoint/indicator-certificates.md
@@ -15,7 +15,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: asr
 search.appverid: met150
-ms.date: 12/18/2020
+ms.date: 07/31/2024
 ---
 
 # Create indicators based on certificates
@@ -33,7 +33,7 @@ ms.date: 12/18/2020
 
 You can create indicators for certificates. Some common use cases include:
 
-- Scenarios when you need to deploy blocking technologies, such as [attack surface reduction rules](attack-surface-reduction.md) and [controlled folder access](controlled-folders.md) but need to allow behaviors from signed applications by adding the certificate in the allow list.
+- Scenarios when you need to deploy blocking technologies, such as [attack surface reduction rules](attack-surface-reduction.md) but need to allow behaviors from signed applications by adding the certificate in the allow list.
 - Blocking the use of a specific signed application across your organization. By creating an indicator to block the certificate of the application, Windows Defender AV will prevent file executions (block and remediate) and the Automated Investigation and Remediation behave the same.
 
 ## Before you begin
diff --git a/defender-office-365/outbound-spam-restore-restricted-users.md b/defender-office-365/outbound-spam-restore-restricted-users.md
@@ -70,7 +70,7 @@ For more information about compromised _connectors_ and how to remove them from
 
 ## Remove a user from the Restricted entities page in the Microsoft Defender portal
 
-In the Microsoft Defender portal at <https://security.microsoft.com>, go to **Email & collaboration** \> **Review** \> **Restricted entities**. Or, to go directly to the **Restricted entities** page, use <https://security.microsoft.com/restrictedentities>.
+1. In the Microsoft Defender portal at <https://security.microsoft.com>, go to **Email & collaboration** \> **Review** \> **Restricted entities**. Or, to go directly to the **Restricted entities** page, use <https://security.microsoft.com/restrictedentities>.
 
 2. On the **Restricted entities** page, identify the user account to unblock. The **Entity** value is **Mailbox**.
 
diff --git a/defender-xdr/edit-delete-rbac-roles.md b/defender-xdr/edit-delete-rbac-roles.md
@@ -77,7 +77,7 @@ The Export feature enables you to export the following roles data:
 
 When a role has multiple assignments, each assignment will be represented as a separate row in the CSV file.
 
-The CSV also includes a snapshot of the Unified RBAC activation status for each workload available on the tenant.
+The CSV also includes a snapshot of the Defender XDR Unified RBAC activation status for each workload available on the tenant.
 
 The following steps guide you on how to export roles in Microsoft Defender XDR Unified RBAC:
 
diff --git a/defender-xdr/faq-managed-response.md b/defender-xdr/faq-managed-response.md
@@ -14,7 +14,7 @@ ms.collection:
   - tier1
 ms.topic: conceptual
 search.appverid: met150
-ms.date: 01/30/2024
+ms.date: 07/31/2024
 ---
 
 # Understanding Managed response
@@ -28,7 +28,7 @@ The following section lists down questions you or your SOC team might have regar
 | Questions | Answers |
 |---------|---------|
 |**What is Managed response?** | Microsoft Defender Experts for XDR offers **Managed response** where our experts manage the entire remediation process for incidents that require them. This process includes investigating the incident to identify the root cause, determining the required response actions, and taking those actions on your behalf.|
-|**What actions are in scope for Managed response?** | All actions found below are in scope for Managed response for any device and user that isn't excluded.<br><br>*For devices* *(Available now)*<ul><li>Isolate machine<br><li>Release machine from isolation<br><li>Stop and quarantine file<br><li>Restrict app execution<br><li>Remove app restriction</ul><br>*For users (Coming soon)*<ul><li>Force password reset<br><li>Disable user<br><li>Enable user<br><li>Soft delete emails </ul> |
+|**What actions are in scope for Managed response?** | All actions found below are in scope for Managed response for any device and user that isn't excluded.<br><br>*For devices* *(Available now)*<ul><li>Isolate machine<br><li>Release machine from isolation<br><li>Stop and quarantine file<br><li>Restrict app execution<br><li>Remove app restriction<br><li>Disable user<br><li>Enable user</ul><br>*For users (Coming soon)*<ul><li>Revoke refresh token<br><li>Soft delete emails</ul> |
 |**Can I customize the extent of Managed response?** | You can configure the extent to which our experts do Managed response actions on your behalf by excluding certain devices and users (individually or by groups) either during onboarding or later by modifying your service's settings. [Read more about excluding device groups](get-started-xdr.md#exclude-devices-from-remediation) |
 |**What support do Defender Experts offer for excluded assets?** | If our experts determine that you need to perform response actions on excluded devices or users, we notify you through various customizable methods and direct you to your Microsoft Defender XDR portal. From your portal, you can then view a detailed summary of our investigation process and the required response actions in the portal and perform these required actions directly. Similar capabilities are also available through Defender APIs, in case you prefer using a security information and event management (SIEM), IT service management (ITSM), or any other third-party tool. |
 |**How am I going to be informed about the response actions?** | Response actions that our experts have completed on your behalf and any pending ones that you need to perform on your excluded assets are displayed in the **Managed response** panel in your Defender portal's **Incidents** page. <br><br>In addition, you'll also receive an email containing a link to the incident and instructions to view the Managed response in the portal. Moreover, if you have integration with Microsoft Sentinel or APIs, you'll also be notified within those tools by looking for Defender Experts statuses. For more information, see [FAQs related to Microsoft Defender Experts for XDR incident notifications](faq-incident-notifications-xdr.md).|
diff --git a/defender-xdr/managed-detection-and-response-xdr.md b/defender-xdr/managed-detection-and-response-xdr.md
@@ -15,7 +15,7 @@ ms.collection:
   - essentials-manage
 ms.topic: conceptual
 search.appverid: met150
-ms.date: 06/20/2024
+ms.date: 07/31/2024
 ---
 
 # Managed detection and response
@@ -98,6 +98,7 @@ Defender Experts for XDR currently supports the following one-click managed resp
 |[Restrict app execution](/defender-endpoint/respond-machine-alerts##restrict-app-execution)| Restricts the execution of potentially malicious programs and locks down the device to prevent further attempts.|
 |[Release from isolation](/defender-endpoint/respond-machine-alerts#isolate-devices-from-the-network)| Undoes isolation of a device.|
 |[Remove app restriction](/defender-endpoint/respond-machine-alerts#restrict-app-execution)| Undoes release from isolation.|
+|[Disable user](/defender-for-identity/remediation-actions#supported-actions) | Disable an identity from accessing the network and different endpoints.| 
 
 Apart from these one-click actions, you can also receive managed responses from our experts that you need to perform manually.
 
