Merge branch 'main' into repo_sync_working_branch

Author: Stacyrch140

defender-endpoint/comprehensive-guidance-on-linux-deployment.md

@@ -14,7 +14,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: linux
 search.appverid: met150
-ms.date: 04/04/2024
+ms.date: 05/06/2024
 ---
 
 # Advanced deployment guidance for Microsoft Defender for Endpoint on Linux
@@ -521,17 +521,24 @@ For more information, see [New device health reporting for Microsoft Defender an
 
 To ensure that the device is correctly onboarded and reported to the service, run the following detection test:
 
-- Antimalware detections:
+- Open a Terminal window and execute the following command to run an antimalware detection test:
 
   ```bash
-  curl -o /tmp/eicar.com.txt https://www.eicar.org/download/eicar.com.txt
+  curl -o /tmp/eicar.com.txt https://secure.eicar.org/eicar.com.txt
   ```
+  
+- You can run additional detection tests on zip files using either of the following commands:
 
-  If the detection doesn't show up, it could be that you have set "allowedThreats" to allow in preferences via Ansible or Puppet.
+  ```bash
+  curl -o /tmp/eicar_com.zip https://secure.eicar.org/eicar_com.zip
+  curl -o /tmp/eicarcom2.zip https://secure.eicar.org/eicarcom2.zip
+  ```
+
+   > [!NOTE]
+   > If the detections do not show up, it could be that you have set "allowedThreats" to allow in preferences via Ansible or Puppet.
+
+- Endpoint detection and response (EDR) detections, see [Experience Microsoft Defender for Endpoint through simulated attacks](attack-simulations.md). If the detection doesn't show up, then it could be that we're missing event or alerts in portal. For more information, see [Troubleshoot missing events or alerts issues for Microsoft Defender for Endpoint on Linux](linux-support-events.md).
 
-- Endpoint detection and response (EDR) detections:
-  For more information, see [Experience Microsoft Defender for Endpoint through simulated attacks](attack-simulations.md).
-  If the detection doesn't show up, then it could be that we're missing event or alerts in portal. For more information, see [Troubleshoot missing events or alerts issues for Microsoft Defender for Endpoint on Linux](linux-support-events.md).
 - For more information about unified submissions in Microsoft Defender XDR and the ability to submit **False Positives** and **False Negatives** through the portal, see [Unified submissions in Microsoft Defender XDR now Generally Available! - Microsoft Tech Community](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/unified-submissions-in-microsoft-365-defender-now-generally/ba-p/3270770).
 
 ## 20. Troubleshoot missing events or alerts issues for Microsoft Defender for Endpoint on Linux

defender-endpoint/mac-device-control-overview.md

@@ -64,7 +64,7 @@ Example 1: JAMF using [schema.json](https://github.com/microsoft/mdatp-xplat/tre
 
 :::image type="content" source="media/macos-device-control-jamf-json.png" alt-text="Screenshot that shows how to enable Device Control in Microsoft Defender for Endpoint Data Loss Prevention / Features.":::
 
-Example 2: [demo.mobileconfig](https://github.com/microsoft/mdatp-devicecontrol/blob/main/Removable%20Storage%20Access%20Control%20Samples/macOS/mobileconfig/demo.mobileconfig)
+Example 2: [demo.mobileconfig](https://github.com/microsoft/mdatp-devicecontrol/blob/main/macOS/mobileconfig/demo.mobileconfig)
 
 ```xml
 <key>dlp</key>

exposure-management/TOC.yml

@@ -1,18 +1,18 @@
-- name: Microsoft Security Exposure Management (public preview)
+- name: Microsoft Security Exposure Management (preview)
   href: index.yml
   expanded: true
   items: 
     - name: Overview
       items:
       - name: What is Microsoft Security Exposure Management?
         href: microsoft-security-exposure-management.md
-      - name: Compare secure score and Security Exposure Management
+      - name: Compare Secure Score and Security Exposure Management
         href: compare-secure-score-security-exposure-management.md      
     - name: Get started
       items:
       - name: Prerequisites and support
         href: prerequisites.md
-      - name: Start using Microsoft Security Exposure Management
+      - name: Start using Security Exposure Management
         href: get-started-exposure-management.md
     - name: Explore cross-workload attack surfaces
       items:

exposure-management/classify-critical-assets.md

@@ -20,7 +20,8 @@ Security Exposure Management is currently in public preview.
 ## Prerequisites
 
 - Before you start, learn about [critical asset management](critical-asset-management.md) in Security Exposure Management.
-- To manage critical assets, you need one of these roles: Global Administrator, Security Administrator, Security Operator, Global Reader, Security Reader.
+- [Review required permissions](prerequisites.md#permissions) for working with the critical assets.
+
 
 ## Review critical assets
 

exposure-management/compare-secure-score-security-exposure-management.md

@@ -11,22 +11,22 @@ ms.date: 03/12/2024
 
 # Compare Microsoft Security Exposure Management with secure score
 
-This article discusses the differences between Microsoft [secure score](/defender-xdr/microsoft-secure-score) and [Microsoft Security Exposure Management](microsoft-security-exposure-management.md).
+This article discusses the differences between Microsoft [Secure Score](/defender-xdr/microsoft-secure-score) and [Microsoft Security Exposure Management](microsoft-security-exposure-management.md).
 
 Security Exposure Management is currently in public preview.
 
 [!INCLUDE [prerelease](../includes//prerelease.md)]
 
 ## Comparison
 
-**Area** | **Security Exposure Management** | **Secure score**
+**Area** | **Security Exposure Management** | **Secure Score**
 --- | --- | ---
 **Business goal** | Provides a unified view of organizational security posture, and tools for identifying and exploring attack surfaces, and reducing security risk exposure. | Acts as an industry baseline and benchmark to measure organizational security posture.
-**Recommendations** | Includes secure score recommendations, and recommendations from other sources, such as Microsoft Defender for Cloud. | Recommendations focus mostly on posture assessment of Microsoft Defender products.
+**Recommendations** | Includes Secure Score recommendations, and recommendations from other sources, such as Microsoft Defender for Cloud. | Recommendations focus mostly on posture assessment of Microsoft Defender products.
 **Recommendation measurements** | Views adherence to recommendations from a compliance/non-compliance perspective. | Measures recommendations in terms of points achieved out of a total number of points, and whether points regress or are gained based on specific actions.
 **Metrics** | Gathers recommendations for similar assets together into metrics. </br></br>Metrics enable you to quickly gauge exposure levels for groups of similar assets. | Uses security control metrics.
 **Initiatives** | Metrics are gathered into predefined initiatives. For instance, the ransomware initiative gathers and defines multiple metrics/recommendations related to ransomware risk. |  Not available.
-**Additional tools** |  Security insights help you to manage security exposure, and tools such as the enterprise exposure graph and the attack surface map enable you to query, review, analyze, and visualize cross-organizational attack surfaces.</br></br> Security Exposure Management also generates and provides visibility into potential attack paths across the organization. | Secure score metrics only.
+**Additional tools** |  Security insights help you to manage security exposure. Tools such as the enterprise exposure graph and the attack surface map enable you to query, review, analyze, and visualize cross-organizational attack surfaces.</br></br> Security Exposure Management also generates and provides visibility into potential attack paths across the organization. | Secure Score metrics only.
 
 ## Next steps
 

exposure-management/enterprise-exposure-map.md

@@ -17,6 +17,11 @@ Security Exposure Management is currently in public preview.
 
 [!INCLUDE [prerelease](../includes//prerelease.md)]
 
+## Prerequisites
+
+- [Read about](cross-workload-attack-surfaces.md) attack surface management.
+- [Review required permissions](prerequisites.md#permissions) for working with the graph.
+
 ## Access the map
 
 1. In the device inventory, select a device.
@@ -35,7 +40,7 @@ The exposure map gives you visibility into asset connections.
     - **Hovering**: Hover over nodes and edges to get additional information.
     - **Explore assets and their edges**. To explore assets and edge, select the plus sign. Or select the option to explore connected assets from the contextual menu.
     - **Asset details**: To view details, select the asset icon.
-    - **Focus on asset**: Provides a way to refocus the graph visualization on the specific node you want to explore, similar to the Graph view when selecting an individual [attack path](review-attack-paths.md).
+    - **Focus on asset**: Provides a way to refocus the graph visualization on the specific node you want to explore, similar to the **Graph** view when selecting an individual [attack path](review-attack-paths.md).
     - **Search**: Helps you to discover items by node type. By selecting **all results**, search the particular type for specific results. You can also filter your search by devices, identity, or cloud assets from the initial screen.
 
 

exposure-management/microsoft-security-exposure-management.md

@@ -12,7 +12,7 @@ ms.date: 03/11/2024
 
 # What is Microsoft Security Exposure Management?
 
-Microsoft Security Exposure Management is a security solution that provides a unified view of security posture across company assets and workloads. Security Exposure Management enriches asset information with security context that helps you to manage attack surfaces, protect critical assets, and explore and mitigate exposure risk.
+Microsoft Security Exposure Management is a security solution that provides a unified view of security posture across company assets and workloads. Security Exposure Management enriches asset information with security context that helps you to proactively manage attack surfaces, protect critical assets, and explore and mitigate exposure risk.
 
 Security Exposure Management is currently in public preview.
 

exposure-management/query-enterprise-exposure-graph.md

@@ -19,7 +19,10 @@ Security Exposure Management is currently in public preview.
 
 [!INCLUDE [prerelease](../includes//prerelease.md)]
 
+## Prerequisites
 
+- [Read about](cross-workload-attack-surfaces.md) attack surface management.
+- [Review required permissions](prerequisites.md#permissions) for working with the graph.
 
 ## Build advanced hunting queries
 

exposure-management/review-attack-paths.md

@@ -20,7 +20,7 @@ Security Exposure Management is currently in public preview.
 ## Prerequisites
 
 - [Read about attack paths](work-attack-paths-overview.md) before you start.
-- [Review prerequisites and permissions](prerequisites.md) for working with Security Exposure Management.
+-- [Review required permissions](prerequisites.md#permissions) for working with attack paths.
 - The value of attack paths increases based on the data used as a source. If no data is available or the data doesn't reflect your organization's environment, attack paths might not appear. Attack paths might not be fully representative:
   - If you don't have licenses defined for workloads integrated and represented in the attack path.
   - If you don't fully define critical assets.