Merge branch 'main' into cor1

Author: tarTech23

defender-endpoint/linux-whatsnew.md

@@ -44,6 +44,24 @@ This article is updated frequently to let you know what's new in the latest rele
 >
 > If you have any concerns or need assistance during this transition, contact support.
 
+<details>
+<summary> Sept-2024 (Build: 101.24072.0001 | Release version: 30.124072.0001.0)</summary>
+
+## Sept-2024 Build: 101.24072.0001 | Release version: 30.124072.0001.0
+
+&ensp;Released: **September 23, 2024**<br/>
+&ensp;Published: **September 23, 2024**<br/>
+&ensp;Build: **101.24072.0001**<br/>
+&ensp;Release version: **30.124072.0001.0**<br/>
+&ensp;Engine version: **1.1.24060.6**<br/>
+&ensp;Signature version: **1.415.228.0**<br/>
+
+**What's new**
+
+- Added support for Ubuntu 24.04
+- Updated default engine version to `1.1.24060.6` and default signatures version to `1.415.228.0`.
+
+</details>
 
 <details>
 <summary> July-2024 (Build: 101.24062.0001 | Release version: 30.124062.0001.0)</summary>

defender-endpoint/mde-sdp-strategy.md

@@ -35,7 +35,7 @@ Defender for Endpoint’s kernel drivers capture system-wide signals like proces
 
 The process for rolling out software and driver updates for Defender for Endpoint is shown in this image:
 
-:::image type="content" alt-text="process for rolling out software and driver updates for Defender for Endpoint" source="/defender/media/defender-endpoint/mde-software-driver-updates.png" lightbox="/defender/media/defender-endpoint/mde-software-driver-updates.png":::
+:::image type="content" alt-text="Screenshot that shows the process for rolling out software and driver updates for Defender for Endpoint." source="/defender/media/defender-endpoint/mde-software-driver-updates.png" lightbox="/defender/media/defender-endpoint/mde-software-driver-updates.png":::
 
 ### Microsoft SDP for monthly updates
 

defender-endpoint/navigate-defender-endpoint-antivirus-exclusions.md

@@ -8,7 +8,7 @@ ms.topic: how-to
 author: denisebmsft
 ms.author: deniseb
 ms.custom: nextgen
-ms.date: 09/19/2024
+ms.date: 09/23/2024
 ms.reviewer: joshbregman
 manager: deniseb
 ms.collection: 
@@ -239,6 +239,5 @@ Depending on what you're using, you might need to refer to the documentation for
 - [Submissions, suppressions and exclusions](submissions-suppressions-exclusions.md)
 - [Important points about exclusions](configure-exclusions-microsoft-defender-antivirus.md#important-points-about-exclusions)
 - [Common mistakes to avoid when defining exclusions](common-exclusion-mistakes-microsoft-defender-antivirus.md)
-- [Blog post: The Hitchhiker's Guide to Microsoft Defender for Endpoint exclusions](https://cloudbrothers.info/en/guide-to-defender-exclusions/)
 
 [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]

defender-endpoint/supported-capabilities-by-platform.md

@@ -13,7 +13,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: onboard
 search.appverid: met150
-ms.date: 09/18/2024
+ms.date: 09/23/2024
 ---
 
 # Supported Microsoft Defender for Endpoint capabilities by platform
@@ -63,13 +63,13 @@ The following table gives information about the supported Microsoft Defender for
 
 <sup>[1]</sup> Refers to the modern, unified solution for Windows Server 2012 R2 and Windows Server 2016. For more information, see [Onboard Windows Servers to the Defender for Endpoint service](configure-server-endpoints.md).
 
-<sup>[2]</sup> Feature is currently in preview ([Microsoft Defender for Endpoint preview features](/defender-xdr/preview))
+<sup>[2]</sup> Feature is currently in preview ([Microsoft Defender for Endpoint preview features](/defender-xdr/preview)).
 
-<sup>[3]</sup> Feature is currently in preview ([Microsoft Defender for Endpoint preview features](/defender-xdr/preview)) Or you can also use Live Response [2]
+<sup>[3]</sup> Feature is currently in preview ([Microsoft Defender for Endpoint preview features](/defender-xdr/preview)). Or you can also use Live Response [2].
 
-<sup>[4]</sup> Collect file only, is currently in preview ([Microsoft Defender for Endpoint preview features](/defender-xdr/preview)) Or you can also use Live Response [2]
+<sup>[4]</sup> Collect file only. Or, you can use Live Response [2].
 
-<sup>[5]</sup> Endpoint & network device discovery is supported on Windows Server 2019 or later, Windows 10, and Windows 11
+<sup>[5]</sup> Endpoint & network device discovery is supported on Windows Server 2019 or later, Windows 10, and Windows 11.
 
 > [!NOTE]
 > Windows 7, 8.1, Windows Server 2008 R2 include support for the EDR sensor, and antivirus using System Center Endpoint Protection (SCEP).

defender-for-iot/whats-new.md

@@ -20,13 +20,11 @@ This article describes features available in Microsoft Defender for IoT in the D
 
 |Service area  |Updates  |
 |---------|---------|
-| **OT networks** | - [New Device Category Added – Building Management Systems (BMS)](#new-device-category-added--building-management-systems-bms) |
+| **OT networks** | - [New Building Management Systems (BMS) device category](#new-building-management-systems-bms-device-category) |
 
-### New Device Category Added – Building Management Systems (BMS)
+### New Building Management Systems (BMS) device category
 
-A new BMS device category has been added to the MDIoT license aiming to improve BMS device discovery and security. The BMS category includes a subset of Smart Facility and Surveillance devices (previously under the IoT category) such as fire alarms, humidity sensors, security radars, etc. These devices now require an Microsoft Defender for IoT site-based license for full protection.
-
-Cameras devices will remain under the IoT category.
+We now support the new BMS device category in Defender for IoT that improves BMS device discovery and security. The BMS category includes a subset of Smart Facility and Surveillance devices (previously under the IoT category) such as fire alarms, humidity sensors, security radars, etc. Camera devices remain under the IoT category.
 
 For more information, see [overview of device discovery](device-discovery.md).
 

defender-office-365/attack-simulation-training-faq.md

@@ -19,7 +19,7 @@ ms.custom:
   - seo-marvel-apr2020
 description: Admins can learn about deployment considerations and frequently asked questions regarding Attack simulation and training in Microsoft 365 E5 or Microsoft Defender for Office 365 Plan 2 organizations.
 ms.service: defender-office-365
-ms.date: 06/14/2024
+ms.date: 09/23/2024
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 2</a>
 ---
@@ -361,4 +361,16 @@ A: Yes. First you archive the payload, then you delete the archived payload. For
 
 ### Q: Can I modify the built-in payloads?
 
-A: Not directly. You can copy the payload and then modify the copy. For instructions, see [Copy payloads](attack-simulation-training-payloads.md#copy-payloads).
+A: Not directly. You can copy the built-in payload and then modify the copy. For instructions, see [Copy payloads](attack-simulation-training-payloads.md#copy-payloads).
+
+### Q: I'm trying to run a QR code simulation, but scanning the QR code shows me 'ping successful' instead of the landing page?
+
+A: When you insert a QR code in the payload editor, it maps to the base phishing URL that you selected in the **Phishing link** section \> **Select URL**. The QR code is inserted in the email message as an image. If you switch from the **Text** tab to the **Code** tab, you see the inserted image in Base64 format. The beginning of the image contains `<div id="QRcode"...>`. Make sure to verify that the finished payload contains `<div id="QRcode"...>` before you use it in a simulation.
+
+During simulation creation, if you scan the QR code or you use **Send a Test** to review the payload, the QR code points to the base phishing URL that you selected.
+
+When the payload is used in a simulation, the service replaces the QR code with a dynamically generated QR code to track click and compromise metrics. The size, position, and shape of the QR code matches the configuration options you configured in the payload. Scanning the QR code during an actual simulation takes you to the configured landing page.
+
+### Q: I'm trying to create a payload in HTML, but the payload editor seems to remove certain content from my design?
+
+A: Currently, the following HTML tags aren't supported in the payload editor: `applet, base, basefont, command, embed, frame, frameset, iframe, keygen, link, meta, noframes, noscript, param, script, object, title`.

defender-xdr/TOC.yml

@@ -444,6 +444,8 @@
                 href: copilot-in-defender-file-analysis.md
               - name: Generate device summaries
                 href: copilot-in-defender-device-summary.md
+              - name: Summarize identities
+                href: security-copilot-defender-identity-summary.md                
               - name: Use guided responses
                 href: security-copilot-m365d-guided-response.md
               - name: Generate KQL queries

defender-xdr/advanced-hunting-deviceevents-table.md

@@ -68,7 +68,7 @@ For information on other tables in the advanced hunting schema, [see the advance
 | `InitiatingProcessSHA1` | `string` | SHA-1 of the process (image file) that initiated the event |
 | `InitiatingProcessSHA256` | `string` | SHA-256 of the process (image file) that initiated the event. This field is usually not populated — use the SHA1 column when available. |
 | `InitiatingProcessMD5` | `string` | MD5 hash of the process (image file) that initiated the event |
-| `InitiatingProcessFileName` | `string` | Name of the process file name that initiated the event; if unavailable, the name of the process that initiated the event might be shown instead |
+| `InitiatingProcessFileName` | `string` | Name of the process file that initiated the event; if unavailable, the name of the process that initiated the event might be shown instead |
 | `InitiatingProcessFileSize` | `long` | Size of the file that ran the process responsible for the event |
 | `InitiatingProcessFolderPath` | `string` | Folder containing the process (image file) that initiated the event |
 | `InitiatingProcessId` | `long` | Process ID (PID) of the process that initiated the event |

defender-xdr/advanced-hunting-devicefileevents-table.md

@@ -60,7 +60,7 @@ For information on other tables in the advanced hunting schema, [see the advance
 | `InitiatingProcessSHA1` | `string` | SHA-1 of the process (image file) that initiated the event |
 | `InitiatingProcessSHA256` | `string` | SHA-256 of the process (image file) that initiated the event. This field is usually not populated — use the SHA1 column when available. |
 | `InitiatingProcessFolderPath` | `string` | Folder containing the process (image file) that initiated the event |
-| `InitiatingProcessFileName` | `string` | Name of the process file name that initiated the event; if unavailable, the name of the process that initiated the event might be shown instead |
+| `InitiatingProcessFileName` | `string` | Name of the process file that initiated the event; if unavailable, the name of the process that initiated the event might be shown instead |
 | `InitiatingProcessFileSize` | `long` | Size of the process (image file) that initiated the event |
 | `InitiatingProcessVersionInfoCompanyName` | `string` | Company name from the version information of the process (image file) responsible for the event |
 | `InitiatingProcessVersionInfoProductName` | `string` | Product name from the version information of the process (image file) responsible for the event |

defender-xdr/advanced-hunting-deviceimageloadevents-table.md

@@ -56,7 +56,7 @@ For information on other tables in the advanced hunting schema, [see the advance
 | `InitiatingProcessSHA1` | `string` | SHA-1 of the process (image file) that initiated the event |
 | `InitiatingProcessSHA256` | `string` | SHA-256 of the process (image file) that initiated the event. This field is usually not populated — use the SHA1 column when available. |
 | `InitiatingProcessMD5` | `string` | MD5 hash of the process (image file) that initiated the event |
-| `InitiatingProcessFileName` | `string` | Name of the process file name that initiated the event; if unavailable, the name of the process that initiated the event might be shown instead |
+| `InitiatingProcessFileName` | `string` | Name of the process file that initiated the event; if unavailable, the name of the process that initiated the event might be shown instead |
 | `InitiatingProcessFileSize` | `long` | Size of the file that ran the process responsible for the event |
 | `InitiatingProcessVersionInfoCompanyName` | `string` | Company name from the version information of the process (image file) responsible for the event |
 | `InitiatingProcessVersionInfoProductName` | `string` | Product name from the version information of the process (image file) responsible for the event |