Merge branch 'main' into docs-editor/fixed-reported-inaccuracies-1726657658

Author: denisebmsft

defender-endpoint/mac-whatsnew.md

@@ -6,7 +6,7 @@ author: dansimp
 ms.author: dansimp
 manager: deniseb
 ms.localizationpriority: medium
-ms.date: 08/27/2024
+ms.date: 09/19/2024
 audience: ITPro
 ms.collection:
 - m365-security
@@ -37,10 +37,10 @@ For more information on Microsoft Defender for Endpoint on other operating syste
 
 **Known issues**
 
-Apple fixed an issue on macOS [Ventura upgrade](https://developer.apple.com/documentation/macos-release-notes/macos-13_1-release-notes), and [Sonoma upgrade](https://developer.apple.com/forums/thread/737824#773449022) with the latest OS update. The issue impacts Microsoft Defender for Endpoint security extensions, and might result in losing Full Disk Access Authorization, impacting its ability to function properly.
-
-In macOS Sonoma 14.3.1, Apple made a change to the [handling of Bluetooth devices](https://developer.apple.com/forums/thread/738748) that impacts Defender for Endpoint device controls ability to intercept and block access to Bluetooth devices.  At this time, the recommended mitigation is to use a version of macOS less than 14.3.1.
-
+> [!NOTE]
+> - Apple fixed an issue on macOS [Ventura upgrade](https://developer.apple.com/documentation/macos-release-notes/macos-13_1-release-notes), and [Sonoma upgrade](https://developer.apple.com/forums/thread/737824#773449022) with the latest OS update. The issue impacts Microsoft Defender for Endpoint security extensions, and might result in losing Full Disk Access Authorization, impacting its ability to function properly.
+> - In macOS Sonoma 14.3.1, Apple made a change to the [handling of Bluetooth devices](https://developer.apple.com/forums/thread/738748) that impacts Defender for Endpoint device controls ability to intercept and block access to Bluetooth devices.  At this time, the recommended mitigation is to use a version of macOS less than 14.3.1.
+> - In both macOS Sonoma and Sequoia builds, Network Protection capabilities may be impacted due to changes in Apple's internal networking structure resulting in crashes of the network extension (NetExt). This will result in intermittent network connectivity issues for end users. We are recommending that customers who have Network Protection enabled in their organization refrain from upgrading to Sonoma / Seqouia builds at this time.
 **Sequoia support**
 
 Microsoft Defender supports macOS Sequoia (15) in the current Defender release.
@@ -1022,11 +1022,9 @@ Live Response for macOS is now available for all Mac devices onboarded to Defend
 
 > [!CAUTION]
 > macOS 10.15 (Catalina) contains new security and privacy enhancements. Beginning with this version, by default, applications are not able to access certain locations on disk (such as Documents, Downloads, Desktop, etc.) without explicit consent. In the absence of this consent, Microsoft Defender for Endpoint is not able to fully protect your device.
->
-> The mechanism for granting this consent depends on how you deployed Microsoft Defender for Endpoint:
->
+> > The mechanism for granting this consent depends on how you deployed Microsoft Defender for Endpoint:
 > - For manual deployments, see the updated instructions in the [Manual deployment topic](mac-install-manually.md#allow-full-disk-access).
-> - For managed deployments, see the updated instructions in the [JAMF-based deployment](mac-install-with-jamf.md) and [Microsoft Intune-based deployment](mac-install-with-intune.md#create-system-configuration-profiles) topics.
+- For managed deployments, see the updated instructions in the [JAMF-based deployment](mac-install-with-jamf.md) and [Microsoft Intune-based deployment](mac-install-with-intune.md#create-system-configuration-profiles) topics.
 
 - Performance improvements & bug fixes
 

defender-endpoint/microsoft-defender-antivirus-compatibility.md

@@ -4,10 +4,10 @@ description: Learn about Microsoft Defender Antivirus with other security produc
 ms.service: defender-endpoint
 ms.subservice: ngp
 ms.localizationpriority: medium
-ms.date: 09/07/2024
+ms.date: 09/18/2024
 ms.topic: conceptual
-author: siosulli
-ms.author: siosulli
+author: denisebmsft
+ms.author: deniseb
 ms.custom: 
 - nextgen
 - partner-contribution
@@ -128,7 +128,8 @@ In order for Microsoft Defender Antivirus to run in passive mode, endpoints must
 
 - Operating system: Windows 10 or newer; Windows Server 2022, Windows Server 2019, or Windows Server, version 1803, or newer <br/>(Windows Server 2012 R2 and Windows Server 2016 if onboarded using the [modern, unified solution](configure-server-endpoints.md)). 
 - Microsoft Defender Antivirus must be installed. 
-- Another non-Microsoft antivirus/antimalware product must be installed and used as the primary antivirus solution. 
+- Another non-Microsoft antivirus/antimalware product must be installed and used as the primary antivirus solution. ([Add Microsoft Defender for Endpoint to your exclusion list for your existing solution](/defender-endpoint/switch-to-mde-phase-2)). 
+
 - Endpoints must be onboarded to Defender for Endpoint. 
 
 > [!IMPORTANT]

defender-endpoint/microsoft-defender-endpoint-mac.md

@@ -3,8 +3,8 @@ title: Microsoft Defender for Endpoint on Mac
 ms.reviewer: yongrhee, pahuijbr
 description: Learn how to install, configure, update, and use Microsoft Defender for Endpoint on Mac.
 ms.service: defender-endpoint
-ms.author: siosulli
-author: siosulli
+ms.author: deniseb
+author: denisebmsft
 ms.localizationpriority: medium
 manager: deniseb
 audience: ITPro
@@ -15,7 +15,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: macos
 search.appverid: met150
-ms.date: 08/06/2024
+ms.date: 09/17/2024
 ---
 
 # Microsoft Defender for Endpoint on Mac
@@ -71,9 +71,13 @@ There are several methods and deployment tools that you can use to install and c
 
 The three most recent major releases of macOS are supported.
 
-- 15 (Sequoia), 14 (Sonoma), 13 (Ventura), 12 (Monterey)
+- 15 (Sequoia)
 
-  > [!IMPORTANT]
+- 14 (Sonoma)
+
+- 13 (Ventura)
+
+    > [!IMPORTANT]
   > On macOS 11 (Big Sur) and above, Microsoft Defender for Endpoint requires additional configuration profiles. If you are an existing customer upgrading from earlier versions of macOS, make sure to deploy the additional configuration profiles listed on [New configuration profiles for macOS Big Sur and newer versions of macOS](mac-sysext-policies.md).
 
 - Supported processors: x64 and ARM64

defender-endpoint/supported-capabilities-by-platform.md

@@ -58,21 +58,19 @@ The following table gives information about the supported Microsoft Defender for
 |[Device response capabilities: collect investigation package ](respond-machine-alerts.md)        | ![Yes.](media/svg/check-yes.svg)        | ![Yes.](media/svg/check-yes.svg)   |  ![Yes.](media/svg/check-yes.svg) <sup>[3]</sup>       |  ![Yes.](media/svg/check-yes.svg) <sup>[3]</sup>        |
 |[Device response capabilities: run antivirus scan](respond-machine-alerts.md)        | ![Yes.](media/svg/check-yes.svg)        | ![Yes.](media/svg/check-yes.svg)   |  ![Yes.](media/svg/check-yes.svg)        |  ![Yes.](media/svg/check-yes.svg)         |
 |[Device isolation](respond-machine-alerts.md)        | ![Yes.](media/svg/check-yes.svg)        | ![Yes.](media/svg/check-yes.svg)   |  ![Yes.](media/svg/check-yes.svg)       |  ![Yes.](media/svg/check-yes.svg)    |
-|File response capabilities: collect file, deep analysis, block file, stop, and quarantine processes        | ![Yes.](media/svg/check-yes.svg)        | ![Yes.](media/svg/check-yes.svg)   |  ![Yes.](media/svg/check-yes.svg) <sup>[6]</sup> |  ![Yes.](media/svg/check-yes.svg) <sup>[6]</sup> |
+|File response capabilities: collect file, deep analysis, block file, stop, and quarantine processes        | ![Yes.](media/svg/check-yes.svg)        | ![Yes.](media/svg/check-yes.svg)   |  ![Yes.](media/svg/check-yes.svg) <sup>[4]</sup> |  ![Yes.](media/svg/check-yes.svg) <sup>[4]</sup> |
 |[Live Response](live-response.md)       | ![Yes.](media/svg/check-yes.svg)        | ![Yes.](media/svg/check-yes.svg) |  ![Yes.](media/svg/check-yes.svg)       |  ![Yes.](media/svg/check-yes.svg)      |
 
 <sup>[1]</sup> Refers to the modern, unified solution for Windows Server 2012 R2 and Windows Server 2016. For more information, see [Onboard Windows Servers to the Defender for Endpoint service](configure-server-endpoints.md).
 
 <sup>[2]</sup> Feature is currently in preview ([Microsoft Defender for Endpoint preview features](/defender-xdr/preview))
 
-<sup>[3]</sup> Response capabilities using Live Response [2]
+<sup>[3]</sup> Feature is currently in preview ([Microsoft Defender for Endpoint preview features](/defender-xdr/preview)) Or you can also use Live Response [2]
 
-<sup>[4]</sup> Collect file only, using Live Response [2]
+<sup>[4]</sup> Collect file only, is currently in preview ([Microsoft Defender for Endpoint preview features](/defender-xdr/preview)) Or you can also use Live Response [2]
 
 <sup>[5]</sup> Endpoint & network device discovery is supported on Windows Server 2019 or later, Windows 10, and Windows 11
 
-<sup>[6]</sup> Collect file feature is currently in preview ([Microsoft Defender for Endpoint preview features](/defender-xdr/preview)).  Currently does not support "Deep analysis" or "Block file, stop, and quarantine process".
-
 > [!NOTE]
 > Windows 7, 8.1, Windows Server 2008 R2 include support for the EDR sensor, and antivirus using System Center Endpoint Protection (SCEP).
 

defender-for-iot/includes/site-association.md

@@ -0,0 +1,12 @@
+---
+author: limwainstein
+ms.author: lwainstein
+ms.date: 06/24/2024
+ms.topic: include
+ms.service: microsoft-defender-iot
+---
+
+>[!NOTE]
+>
+>Currently, devices discovered in the Defender XDR portal aren't synchronized with Azure, and therefore the list of devices discovered could be different in each portal.
+>

defender-for-iot/manage-devices-inventory.md

@@ -40,6 +40,8 @@ To customize the device inventory views:
 - [Use filters](/defender-endpoint/machines-view-overview#use-filters-to-customize-the-device-inventory-views)
 - [Use columns](/defender-endpoint/machines-view-overview#use-columns-to-customize-the-device-inventory-views)
 
+[!INCLUDE [defender-iot-site-association](includes/site-association.md)]
+
 ## Manage OT devices
 
 - [Explore the device inventory](/defender-endpoint/machines-view-overview#explore-the-device-inventory) including search, export to CSV, and more.

defender-for-iot/set-up-sites.md

@@ -69,6 +69,8 @@ In this stage, you configure Defender for IoT to associate OT devices to the sit
 
 1. Select **Next** to review the site details.
 
+[!INCLUDE [defender-iot-site-association](includes/site-association.md)]
+
 ## Review site details
 
 Review that information for the site you want to create:

exposure-management/predefined-classification-rules-and-levels.md

@@ -40,6 +40,7 @@ Current asset types are:
 | Network Admin Device         | Device     | Medium                    | Critical devices used to configure, manage, and monitor the network assets within the organization are vital for network administration and are at high risk of cyber threats. They require top-level security to prevent unauthorized access. |
 | VMware ESXi                | Device     | High                      | The VMware ESXi hypervisor is essential for running and managing virtual machines within your infrastructure. As a bare-metal hypervisor, it's providing the foundation for creating and managing virtual resources. |
 | VMware vCenter             | Device     | High                      | The VMware vCenter Server is crucial for managing virtual environments. It provides centralized management of virtual machines and ESXi hosts. If it fails, it could disrupt the administration and control of your virtual infrastructure, including provisioning, migration, load balancing of virtual machines, and datacenter automation. However, as there are often redundant vCenter Servers and High Availability configurations, the immediate halt of all operations might not occur. Its failure could still cause significant inconvenience and potential performance issues |
+| Hyper-V Server             | Device     | High                      | The Hyper-V hypervisor is essential for running and managing virtual machines within your infrastructure, serving as the core platform for their creation and management. If the Hyper-V host fails, it can lead to the unavailability of hosted virtual machines, potentially causing downtime and disrupting business operations. Moreover, it can result in significant performance degradation and operational challenges. Ensuring the reliability and stability of Hyper-V hosts is therefore critical for maintaining seamless operations in a virtual environment. |
 
 ##### Identity
 

exposure-management/whats-new.md

@@ -27,6 +27,14 @@ Security Exposure Management is currently in public preview.
 
 ## September 2024
 
+### New predefined classifications
+
+The following predefined classification rule was added to the critical assets list:
+
+| Classification                                               | Description                                                  |
+| ------------------------------------------------------------ | ------------------------------------------------------------ |
+| **Hyper-V Server**                                                 | This rule applies to devices identified as Hyper-V servers within a domain. These servers are essential for running and managing virtual machines within your infrastructure, serving as the core platform for their creation and management. |
+
 ### Enhanced visibility for scoped users
 
 This change now allows users who have been granted access to only some of the organization's devices to see the list of affected assets in metrics, recommendations, events, and initiative history within their specific scope.