Merge branch 'main' into AttackSim-chrisda

Author: chrisda

defender-endpoint/adv-tech-of-mdav.md

@@ -3,7 +3,7 @@ title: Advanced technologies at the core of Microsoft Defender Antivirus
 description: Microsoft Defender Antivirus engines and advanced technologies
 author: YongRhee-MSFT
 ms.author: yongrhee
-manager: dansimp
+manager: deniseb
 ms.service: defender-endpoint
 ms.topic: overview
 ms.date: 02/28/2024

defender-endpoint/amsi-on-mdav.md

@@ -3,7 +3,7 @@ title: "Anti-malware Scan Interface (AMSI) integration with Microsoft Defender A
 description: Describes fileless malware and how Microsoft Defender Antivirus uses AMSI to protect against hidden threats.
 author: YongRhee-MSFT
 ms.author: yongrhee
-manager: dansimp
+manager: deniseb
 ms.date: 02/27/2024
 ms.topic: conceptual
 ms.service: defender-endpoint

defender-endpoint/behavior-monitor.md

@@ -3,7 +3,7 @@ title: Behavior monitoring in Microsoft Defender Antivirus
 description: Learn about Behavior monitoring in Microsoft Defender Antivirus and Defender for Endpoint.
 author: YongRhee-MSFT
 ms.author: yongrhee
-manager: dansimp
+manager: deniseb
 audience: ITPro
 ms.topic: conceptual
 ms.service: defender-endpoint

defender-endpoint/configure-device-connectivity.md

@@ -14,7 +14,7 @@ ms.collection:
 ms.reviewer: pahuijbr
 search.appverid: MET150
 audience: ITPro
-ms.date: 05/13/2024
+ms.date: 06/14/2024
 ---
 
 # Onboarding devices using streamlined connectivity for Microsoft Defender for Endpoint 
@@ -154,7 +154,7 @@ With streamlined connectivity, IP-based solutions can be used as an alternative
 - Defender for Endpoint Command and Control
 
 > [!IMPORTANT]
-> The EDR Cyber data service must be configured separately if you are using the IP method (this service is only consolidated on a URL level).You must also maintain connectivity with other required services including SmartScreen, CRL, Windows Update, and other services.<br/>
+> The EDR Cyber data service (OneDsCollector) *must* be configured separately if you are using the IP method (this service is only consolidated on a URL level).You must also maintain connectivity with other required services including SmartScreen, CRL, Windows Update, and other services.<br/>
 
 In order to stay up to date on IP ranges, it's recommended to refer to the following Azure service tags for Microsoft Defender for Endpoint services. The latest IP ranges are found in the service tag. For more information, see [Azure IP ranges](https://azureipranges.azurewebsites.net/).
 
@@ -163,7 +163,7 @@ In order to stay up to date on IP ranges, it's recommended to refer to the follo
 | MicrosoftDefenderForEndpoint | MAPS, Malware Sample Submission Storage, Auto-IR Sample Storage,  Command and Control. |
 | OneDsCollector | EDR Cyberdata <br/><br/> Note: The traffic under this service tag isn't limited to Defender for Endpoint and can include diagnostic data traffic for other Microsoft services. |
 
-The following table lists the current static IP ranges. For latest list, refer to the Azure service tags.
+The following table lists the current static IP ranges covered by the MicrosoftDefenderForEndpoint service tag. For latest list, refer to the Azure service tags.
 
 
 |Geo|IP Ranges|
@@ -221,18 +221,4 @@ Before proceeding, confirm devices meet the [prerequisites](#prerequisites) and
 
 For migrating devices already onboarded to Defender for Endpoint, see [Migrating devices to the streamlined connectivity](migrate-devices-streamlined.md). You must reboot your device and follow specific guidance here.  
 
-### Stage 5. Set the default onboarding package to streamlined connectivity
-
-When you're ready to set the default onboarding package to streamlined, you can turn on the following Advanced Feature setting in the Microsoft Defender portal (**Settings > Endpoints > Advanced Features**). 
-
-<img width="593" alt="image" src="https://github.com/MicrosoftDocs/defender-docs-pr/assets/30799281/3509aeec-bbab-4efd-a328-0608a11cc6d1">
-
-This setting sets the default onboarding package to 'streamlined' for applicable operating systems.  You can still use the standard onboarding package within the onboarding page but you must specifically select it in the drop-down.  
-
-For onboarding through Intune & Microsoft Defender for Cloud, you need to activate the relevant option. Devices already onboarded don't automatically reonboard; you need to create a new policy in Intune, where it's recommended to first assign the policy to a set of test devices to verify connectivity is successful, before expanding the audience. Devices in Defender for Cloud can be reonboarded using the relevant onboarding script.
-
-> [!NOTE]
-> - Only tenants created on or before May 8th, 2024 have the option to switch between standard and streamlined connectivity. Newer tenants will only support streamlined connectivity.
-> - Before moving forward with this option, validate that your environment is ready and all devices meet prerequisites.
-
 

defender-endpoint/configure-environment.md

@@ -5,7 +5,7 @@ search.appverid: met150
 ms.service: defender-endpoint
 ms.author: siosulli
 author: siosulli
-ms.reviewer: mkaminska
+ms.reviewer: pahuijbr
 ms.localizationpriority: medium
 manager: deniseb
 audience: ITPro
@@ -14,7 +14,7 @@ ms.collection:
 - tier1
 ms.topic: how-to
 ms.subservice: onboard
-ms.date: 06/06/2024
+ms.date: 06/14/2024
 ---
 
 # STEP 1: Configure your network environment to ensure connectivity with Defender for Endpoint service
@@ -59,6 +59,8 @@ The following destinations are required to allow Defender for Endpoint communica
 |`*.blob.core.windows.net`|Port 443|Outbound|Yes|
 |`*.azure-automation.net`|Port 443|Outbound|Yes|
 
+To determine the exact destinations in use for your subscription within the domains listed above, see [Microsoft Monitoring Agent (MMA) Service URL connections](verify-connectivity.md#microsoft-monitoring-agent-mma-service-url-connections).
+
 > [!NOTE]
 > Services using MMA-based solutions are not able to leverage the new streamlined connectivity solution (consolidated URL and option to use static IPs). For Windows Server 2016 and Windows Server 2012 R2, you will need to update to the new unified solution. Instructions to onboard these operating systems with the new unified solution are at [Onboard Windows servers](configure-server-endpoints.md), or migrate already onboarded devices to the new unified solution at [Server migration scenarios in Microsoft Defender for Endpoint](server-migration.md).
 

defender-endpoint/elam-on-mdav.md

@@ -3,7 +3,7 @@ title: Early Launch Antimalware (ELAM) and Microsoft Defender Antivirus
 description: How Microsoft Defender Antivirus incorporates Early Launch Antimalware (ELAM) for preventing rootkit and drivers with malware from loading before the antivirus service and drivers are loaded.
 author: YongRhee-MSFT
 ms.author: yongrhee
-manager: dansimp
+manager: deniseb
 ms.service: defender-endpoint
 ms.topic: overview
 ms.date: 02/26/2024

defender-endpoint/evaluate-microsoft-defender-antivirus.md

@@ -6,7 +6,7 @@ ms.localizationpriority: medium
 ms.topic: conceptual
 author: YongRhee-MSFT
 ms.author: yongrhee
-manager: dansimp
+manager: deniseb
 ms.custom: nextgen
 ms.date: 10/18/2018
 ms.subservice: ngp

defender-endpoint/hardware-acceleration-and-mdav.md

@@ -3,7 +3,7 @@ title: Hardware acceleration and Microsoft Defender Antivirus.
 description: How Microsoft Defender Antivirus incorporates hardware acceleration and Microsoft Defender Antivirus.
 author: YongRhee-MSFT
 ms.author: yongrhee
-manager: dansimp
+manager: deniseb
 ms.service: defender-endpoint
 ms.topic: overview
 ms.date: 02/26/2024

defender-endpoint/linux-deploy-defender-for-endpoint-with-chef.md

@@ -6,7 +6,7 @@ ms.author: dansimp
 author: dansimp
 ms.reviewer: gopkr
 ms.localizationpriority: medium
-manager: dansimp
+manager: deniseb
 audience: ITPro
 ms.collection: 
 - m365-security

defender-endpoint/linux-exclusions.md

@@ -6,7 +6,7 @@ ms.author: dansimp
 author: dansimp
 ms.reviewer: gopkr
 ms.localizationpriority: medium
-manager: dansimp
+manager: deniseb
 audience: ITPro
 ms.collection: 
 - m365-security