Merge branch 'main' into docs-editor/fixed-reported-inaccuracies-1730799503

denisebmsft · web-flow · commit 56d841a5e179 · 2024-11-11T09:37:38.000-08:00
diff --git a/defender-endpoint/enable-cloud-protection-microsoft-defender-antivirus.md b/defender-endpoint/enable-cloud-protection-microsoft-defender-antivirus.md
@@ -6,7 +6,7 @@ ms.localizationpriority: medium
 ms.topic: how-to
 author: denisebmsft
 ms.author: deniseb
-ms.date: 04/03/2024
+ms.date: 11/10/2024
 ms.reviewer: pahuijbr
 manager: deniseb
 ms.custom: nextgen
@@ -81,7 +81,7 @@ For more information about the specific network-connectivity requirements to ens
 
    | Task  | Steps  |
    |---------|---------|
-   | Create a new policy     | 1. For **Platform**, select **Windows 10, Windows 11, and Windows Server**. <br/><br/>2. For **Profile**, select **Microsoft Defender Antivirus**.<br/><br/>3. On the **Basics** page, specify a name and description for the policy, and then choose **Next**.<br/><br/>4. In the **Defender** section, find **Allow Cloud Protection**, and set it to **Allowed**. Then choose **Next**. <br/><br/>5. Scroll down to **Submit Samples Consent**, and select one of the following settings:<br/>- **Send all samples automatically**<br/>- **Send safe samples automatically**<br/><br/>6. On the **Scope tags** step, if your organization is using [scope tags](/mem/intune/fundamentals/scope-tags), select the tags you want to use, and then choose **Next**.<br/><br/>7. On the **Assignments** step, select the groups, users, or devices that you want to apply this policy to, and then choose **Next**.<br/><br/>8. On the **Review + create** step, review the settings for your policy, and then choose **Create**.          |
+   | Create a new policy     | 1. For **Platform**, select **Windows**. <br/><br/>2. For **Profile**, select **Microsoft Defender Antivirus**.<br/><br/>3. On the **Basics** page, specify a name and description for the policy, and then choose **Next**.<br/><br/>4. In the **Defender** section, find **Allow Cloud Protection**, and set it to **Allowed**.<br/><br/>5. Scroll down to **Submit Samples Consent**, and select one of the following settings:<br/>- **Send all samples automatically**<br/>- **Send safe samples automatically**<br/><br/>6. On the **Scope tags** step, if your organization is using [scope tags](/mem/intune/fundamentals/scope-tags), select the tags you want to use, and then choose **Next**.<br/><br/>7. On the **Assignments** step, select the groups, users, or devices that you want to apply this policy to, and then choose **Next**.<br/><br/>8. On the **Review + create** step, review the settings for your policy, and then choose **Create**.          |
    | Edit an existing policy     | 1. Select the policy that you want to edit.<br/><br/>2. Under **Configuration settings**, choose **Edit**.<br/><br/>3. In the **Defender** section, find **Allow Cloud Protection**, and set it to **Allowed**.<br/><br/>4. Scroll down to **Submit Samples Consent**, and select one of the following settings:<br/>- **Send all samples automatically**<br/>- **Send safe samples automatically**<br/><br/>5. Select **Review + save**.        |
 
 > [!TIP]
diff --git a/defender-endpoint/specify-cloud-protection-level-microsoft-defender-antivirus.md b/defender-endpoint/specify-cloud-protection-level-microsoft-defender-antivirus.md
@@ -6,7 +6,7 @@ ms.localizationpriority: medium
 ms.topic: how-to
 author: denisebmsft
 ms.author: deniseb
-ms.date: 07/25/2024
+ms.date: 11/10/2024
 manager: deniseb
 ms.custom: nextgen
 ms.subservice: ngp
@@ -38,16 +38,16 @@ Cloud protection works together with Microsoft Defender Antivirus to deliver pro
 
 3. Select an antivirus profile. If you don't have one yet, or if you want to create a new profile, see [Configure device restriction settings in Microsoft Intune](/mem/intune/configuration/device-restrictions-configure).
 
-4. Select **Properties**. Then, next to **Configuration settings**, choose **Edit**.
+4. Next to **Configuration settings**, choose **Edit**.
 
-5. Expand **Cloud protection**, and then in the **Cloud-delivered protection level** list, select one of the following:
+5. Scroll down to **Cloud Block Level**, and select one of the following:
 
     - **Not configured**: Default state.
     - **High**: Applies a strong level of detection.
-    - **High plus**: Uses the **High** level and applies extra protection measures (might affect client performance).
-    - **Zero tolerance**: Blocks all unknown executables.
+    - **High Plus**: Uses the **High** level and applies extra protection measures (might affect client performance).
+    - **Zero Tolerance**: Blocks all unknown executables.
 
-6. Choose **Review + save**, and then choose **Save**.
+6. Choose **Next**, and then choose **Save**.
 
 > [!TIP]
 > Need some help? See the following resources:
diff --git a/defender-xdr/advanced-hunting-defender-use-custom-rules.md b/defender-xdr/advanced-hunting-defender-use-custom-rules.md
@@ -48,7 +48,7 @@ The *arg()* operator can be used to query across deployed Azure resources like s
 
 This feature was previously only available in log analytics in Microsoft Sentinel. In the Microsoft Defender portal, the `arg()` operator works over Microsoft Sentinel data (that is, Defender XDR tables are not supported). This allows users to use the operator in advanced hunting without needing to manually open a Microsoft Sentinel window. 
 
-Read [Query data in Azure Resource Graph by using arg()](/azure/azure-monitor/logs/azure-monitor-data-explorer-proxy#query-data-in-azure-resource-graph-by-using-arg-preview) for more details.
+Note that queries using the `arg()` operator return the first 1,000 records only. Read [Query data in Azure Resource Graph by using arg()](/azure/azure-monitor/logs/azure-monitor-data-explorer-proxy#query-data-in-azure-resource-graph-by-using-arg-preview) for more details.
 
 In the query editor, enter *arg("").* followed by the Azure Resource Graph table name. 
 
