Merge pull request #796 from MicrosoftDocs/deniseb-globaladmin

deniseb globaladmin

Author: denisebmsft

defender-endpoint/api/device-health-api-methods-properties.md

@@ -50,7 +50,7 @@ Data that is collected using either '_JSON response_ or _via files_' is the curr
 > [!IMPORTANT]
 > For Windows Server 2012 R2 and Windows Server 2016 to appear in device health reports, these devices must be onboarded using the modern unified solution package. For more information, see [New functionality in the modern unified solution for Windows Server 2012 R2 and 2016](../configure-server-endpoints.md#functionality-in-the-modern-unified-solution).
 >
-> For information about using the **Device health and antivirus compliance** reporting tool in the Microsoft 365 Security dashboard, see: [Device health and antivirus report in Microsoft Defender for Endpoint](../device-health-reports.md).
+> For information about using the **Device health and antivirus compliance** reporting tool in the Microsoft Defender portal, see: [Device health and antivirus report in Microsoft Defender for Endpoint](../device-health-reports.md).
 
 ### 1.1 Export device antivirus health details API methods
 

defender-endpoint/api/device-health-export-antivirus-health-report-api.md

@@ -5,7 +5,7 @@ ms.service: defender-endpoint
 ms.author: siosulli
 author: siosulli
 ms.localizationpriority: medium
-ms.date: 11/03/2022
+ms.date: 06/25/2024
 manager: deniseb
 audience: ITPro
 ms.collection: 
@@ -46,19 +46,13 @@ This API has two methods to retrieve Microsoft Defender Antivirus device antivir
 
 Data that is collected using either '_JSON response_ or _via files_' is the current snapshot of the current state. It doesn't contain historic data. To collect historic data, customers must save the data in their own data storages. See [Export device health details API methods and properties](device-health-api-methods-properties.md).
 
-> [!IMPORTANT]
->
-> Currently, only the **Antivirus Health JSON Response** is generally available. **Antivirus Health API via files** is currently only available in public preview.
->
-> **Advanced Hunting custom query** is currently only available in public preview, even if the queries are still visible.
-
 > [!IMPORTANT]
 >
 > For Windows Server 2012 R2 and Windows Server 2016 to appear in device health reports, these devices must be onboarded using the modern unified solution package. For more information, see [New functionality in the modern unified solution for Windows Server 2012 R2 and 2016](../configure-server-endpoints.md#functionality-in-the-modern-unified-solution).
 
 > [!NOTE]
 >
-> For information about using the **Device health and antivirus compliance** reporting tool in the Microsoft 365 Security dashboard, see: [Device health and antivirus compliance report in Microsoft Defender for Endpoint](../device-health-reports.md).
+> For information about using the **Device health and antivirus compliance** reporting tool in the Microsoft Defender portal, see: [Device health and antivirus compliance report in Microsoft Defender for Endpoint](../device-health-reports.md).
 >
 
 ## 1 Export health reporting (JSON response)

defender-endpoint/device-health-reports.md

@@ -6,7 +6,7 @@ ms.service: defender-endpoint
 ms.author: siosulli
 author: siosulli
 ms.localizationpriority: medium
-ms.date: 09/06/2022 
+ms.date: 06/25/2024
 manager: deniseb
 audience: ITPro
 ms.collection: 
@@ -32,9 +32,9 @@ ms.reviewer: mkaminska
 The Device Health report provides information about the devices in your organization. The report includes trending information showing the sensor health state, antivirus status, OS platforms, Windows 10 versions, and Microsoft Defender Antivirus update versions.
 
 > [!IMPORTANT]
-> For Windows Server 2012 R2 and Windows Server 2016 to appear in device health reports, these devices must be onboarded using the modern unified solution package. For more information, see [New functionality in the modern unified solution for Windows Server 2012 R2 and 2016](configure-server-endpoints.md#functionality-in-the-modern-unified-solution).
+> For Windows Server 2012 R2 and Windows Server 2016 to appear in device health reports, these devices must be onboarded using the modern unified solution package. For more information, see [New functionality in the modern unified solution for Windows Server 2012 R2 and 2016](configure-server-endpoints.md#functionality-in-the-modern-unified-solution).
 
-In the Microsoft 365 Security dashboard navigation panel, select **Reports**, and then open **Device health and compliance**.
+In the Microsoft Defender portal navigation panel, select **Reports**, and then open **Device health and compliance**.
 The Device health and compliance dashboard is structured in two tabs:
 
 - The [**Sensor health & OS** tab](device-health-sensor-health-os.md#sensor-health--os-tab) provides general operating system information, divided into three cards that display the following device attributes:
@@ -54,20 +54,30 @@ The Device health and compliance dashboard is structured in two tabs:
 
 ## Report access permissions
 
-To access the Device health and antivirus compliance report in the Microsoft 365 Security dashboard, the following permissions are required:
+To access the Device health and antivirus compliance report in the Microsoft Defender portal, the following permissions are required:
 
 | Permission name | Permission type |
 |:---|:---|
 | View Data | Threat and vulnerability management (TVM) |
 
+> [!IMPORTANT]
+> Microsoft recommends that you use roles with the fewest permissions. This helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
+
+
 To Assign these permissions:
 
-1. Sign in to <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft Defender XDR</a> using account with Security administrator or Global administrator role assigned.
+1. Sign in to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft Defender portal</a> using account with Security administrator or Global administrator role assigned.
+
 1. In the navigation pane, select **Settings** \> **Endpoints** \> **Roles** (under **Permissions**).
+
 1. Select the role you'd like to edit.
+
 1. Select **Edit**.
+
 1. In **Edit role**, on the **General** tab, in **Role name**, type a name for the role.
+
 1. In **Description** type a brief summary of the role.
+
 1. In **Permissions**, select **View Data**, and under **View Data** select **Threat and vulnerability management** (TVM).
 
 ## See also
@@ -92,4 +102,5 @@ To Assign these permissions:
 
 - [Create and manage roles for role-based access control](user-roles.md).
 - [Export device antivirus health details API methods and properties](api/device-health-api-methods-properties.md)
+
 [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]

defender-endpoint/device-health-sensor-health-os.md

@@ -32,9 +32,9 @@ ms.reviewer: mkaminska
 The Device Health report provides information about the devices in your organization. The report includes trending information showing the sensor health state, antivirus status, OS platforms, Windows 10 versions, and Microsoft Defender Antivirus update versions.
 
 > [!IMPORTANT]
-> For Windows Server 2012 R2 and Windows Server 2016 to appear in device health reports, these devices must be onboarded using the modern unified solution package. For more information, see [New functionality in the modern unified solution for Windows Server 2012 R2 and 2016](configure-server-endpoints.md#functionality-in-the-modern-unified-solution).
+> For Windows Server 2012 R2 and Windows Server 2016 to appear in device health reports, these devices must be onboarded using the modern unified solution package. For more information, see [New functionality in the modern unified solution for Windows Server 2012 R2 and 2016](configure-server-endpoints.md#functionality-in-the-modern-unified-solution).
 
-In the Microsoft 365 Security dashboard navigation panel, select **Reports**, and then open **Device health and compliance**.
+In the Microsoft Defender portalnel, select **Reports**, and then open **Device health and compliance**.
 
 - The [**Sensor health & OS** tab](#sensor-health--os-tab) provides general operating system information, divided into three cards that display the following device attributes:
   - [Sensor health card](#sensor-health-card)
@@ -43,20 +43,29 @@ In the Microsoft 365 Security dashboard navigation panel, select **Reports**, an
 
 ## Report access permissions
 
-To access the Device health and antivirus compliance report in the Microsoft 365 Security dashboard, the following permissions are required:
+To access the Device health and antivirus compliance report in the Microsoft Defender portal, the following permissions are required:
 
 | Permission name | Permission type |
 |:---|:---|
 | View Data | Threat and vulnerability management (TVM) |
 
-To Assign these permissions:
+> [!IMPORTANT]
+> Microsoft recommends that you use roles with the fewest permissions. This helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
+
+To assign these permissions:
+
+1. Sign in to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft Defender portal</a> using account with Security administrator or Global administrator role assigned.
 
-1. Sign in to <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft Defender XDR</a> using account with Security administrator or Global administrator role assigned.
 1. In the navigation pane, select **Settings** \> **Endpoints** \> **Roles** (under **Permissions**).
+
 1. Select the role you'd like to edit.
+
 1. Select **Edit**.
+
 1. In **Edit role**, on the **General** tab, in **Role name**, type a name for the role.
+
 1. In **Description** type a brief summary of the role.
+
 1. In **Permissions**, select **View Data**, and under **View Data** select **Threat and vulnerability management** (TVM).
 
 For more information about user role management, see [Create and manage roles for role-based access control](user-roles.md).
@@ -89,7 +98,9 @@ Use the provided filters to include or exclude devices with certain attributes.
 For example, to show data about Windows 10 devices with Active sensor health state:
 
 1. Under **Filters** > **Sensor health state** > **Active**.
+
 2. Then select **OS platforms** > **Windows 10**.
+
 3. Select **Apply**.
 
 ### Sensor health card
@@ -144,4 +155,5 @@ The Windows version trend graph can help you quickly determine whether your orga
 >
 
 [Microsoft Defender Antivirus health](device-health-microsoft-defender-antivirus-health.md#microsoft-defender-antivirus-health-tab)
+
 [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]

defender-endpoint/manage-security-policies.md

@@ -12,7 +12,7 @@ ms.collection:
 - tier2
 ms.topic: how-to
 search.appverid: met150
-ms.date: 05/06/2024
+ms.date: 06/25/2024
 ---
 
 # Manage endpoint security policies in Microsoft Defender for Endpoint
@@ -26,12 +26,15 @@ ms.date: 05/06/2024
 - [Microsoft Defender XDR](/defender-xdr)
 
 
-Use security policies to manage security settings on devices. As a security administrator, you can configure security policy settings in Microsoft Defender XDR. 
+Use security policies to manage security settings on devices. As a Security Administrator, you can configure security policy settings in the Microsoft Defender portal. 
 
-You'll find endpoint security policies under **Endpoints > Configuration management > Endpoint security policies**.
+> [!IMPORTANT]
+> Microsoft recommends that you use roles with the fewest permissions. This helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
+
+You'll find endpoint security policies under **Endpoints** > **Configuration management** > **Endpoint security policies**.
 
 > [!NOTE]
-> The **Endpoint Security Policies** page in Microsoft Defender XDR is available only for [users with the security administrator role in Microsoft Defender XDR](assign-portal-access.md). Any other user role, such as Security Reader, cannot access the portal. When a user has the required permissions to view policies in the Microsoft Defender portal, the data is presented based on Intune permissions. If the user is in scope for Intune role-based access control, it applies to the list of policies presented in the Microsoft Defender portal. We recommend granting security administrators with the [Intune built-in role, "Endpoint Security Manager"](/mem/intune/fundamentals/role-based-access-control#built-in-roles) to effectively align the level of permissions between Intune and Microsoft Defender XDR.
+> The **Endpoint Security Policies** page in the Microsoft Defender portal is available only for [users with the Security Administrator role assigned](assign-portal-access.md). Any other user role, such as Security Reader, cannot access the portal. When a user has the required permissions to view policies in the Microsoft Defender portal, the data is presented based on Intune permissions. If the user is in scope for Intune role-based access control, it applies to the list of policies presented in the Microsoft Defender portal. We recommend granting security administrators with the [Intune built-in role, "Endpoint Security Manager"](/mem/intune/fundamentals/role-based-access-control#built-in-roles) to effectively align the level of permissions between Intune and the Microsoft Defender portal.
 
 :::image type="content" source="./media/endpoint-security-policies.png" alt-text="Managing Endpoint security policies in the Microsoft Defender portal":::
 
@@ -50,14 +53,10 @@ The following list provides a brief description of each endpoint security policy
 
 ## Create an endpoint security policy
 
->[!NOTE]
->Currently, only antivirus policies are supported. 
-
-1. Sign in to <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft Defender XDR</a> using at least a security admin role.
+1. Sign in to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft Defender portal</a> using at least a Security Administrator role.
 
 2. Select **Endpoints > Configuration management > Endpoint security policies** and then select **Create new Policy**. 
 
-
 3. Select a platform from the dropdown list.
 
 4. Select a template, then select **Create policy**.
@@ -75,10 +74,8 @@ The following list provides a brief description of each endpoint security policy
 
 8. On the **Review + create** page, when you're done, select **Save**. The new profile is displayed in the list when you select the policy type for the profile you created.
 
-
->[!NOTE]
->To edit the scope tags, you'll need to go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-
+> [!NOTE]
+> To edit the scope tags, you'll need to go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 
 ## To edit an endpoint security policy
 
@@ -93,25 +90,19 @@ The following list provides a brief description of each endpoint security policy
 
 4. After you've made changes, select **Save** to save your edits.  Edits to one category must be saved before you can introduce edits to additional categories.
 
-
-
-
 ## Verify endpoint security policies
 
 To verify that you have successfully created a policy, select a policy name from the list of endpoint security policies.
 
->[!NOTE]
->It can take up to 90 minutes for a policy to reach a device. To expedite the process, for devices Managed by Defender for Endpoint, you can select **Policy sync** from the actions menu so that it is applied in approximately 10 minutes.
+> [!NOTE]
+> It can take up to 90 minutes for a policy to reach a device. To expedite the process, for devices Managed by Defender for Endpoint, you can select **Policy sync** from the actions menu so that it is applied in approximately 10 minutes.
 > :::image type="content" source="./media/policy-sync.png" alt-text="Image showing policy sync button":::
 
 The policy page displays details that summarize the status of the policy. You can view a policy's status, which devices it has been applied to, and assigned groups.
 
 During an investigation, you can also view the **Security policies** tab in the device page to view the list of policies that are being applied to a particular device. For more information, see [Investigating devices](investigate-machines.md#security-policies).
 
-
 :::image type="content" source="./media/security-policies-list.png" alt-text="Security policies tab with list of policies":::
 
 
-
-
 [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]