Merge branch 'main' into v-smandalika-8894710

v-smandalika · v-smandalika · commit 5a9869155490 · 2024-07-23T10:22:32.000+05:30
diff --git a/defender-endpoint/client-behavioral-blocking.md b/defender-endpoint/client-behavioral-blocking.md
@@ -8,6 +8,7 @@ ms.reviewer: shwetaj
 audience: ITPro
 ms.topic: conceptual
 ms.service: defender-endpoint
+ms.subservice: ngp
 ms.localizationpriority: medium
 ms.custom:
   - next-gen
@@ -16,7 +17,7 @@ ms.collection:
 - m365-security
 - tier2
 search.appverid: met150
-ms.date: 12/18/2020
+ms.date: 07/22/2024
 ---
 
 # Client behavioral blocking
diff --git a/defender-endpoint/defender-endpoint-demonstration-app-reputation.md b/defender-endpoint/defender-endpoint-demonstration-app-reputation.md
@@ -3,6 +3,7 @@ title: Microsoft Defender for Endpoint SmartScreen app reputation demonstration
 description: Test how Microsoft Defender for Endpoint SmartScreen helps you identify phishing and malware websites
 search.appverid: met150
 ms.service: defender-endpoint
+ms.subservice: ngp
 ms.author: siosulli 
 author: siosulli 
 ms.localizationpriority: medium
@@ -13,7 +14,7 @@ ms.collection:
 - tier2
 - demo
 ms.topic: article
-ms.date: 01/15/2024
+ms.date: 07/22/2024
 ---
 
 # SmartScreen app reputation demonstration
diff --git a/defender-endpoint/ios-configure-features.md b/defender-endpoint/ios-configure-features.md
@@ -14,7 +14,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: ios
 search.appverid: met150
-ms.date: 07/18/2024
+ms.date: 07/22/2024
 ---
 
 # Configure Microsoft Defender for Endpoint on iOS features
@@ -97,6 +97,9 @@ Use the following steps to disable web protection for unenrolled devices.
    - Defender for Endpoint sends the heartbeat to the Microsoft Defender portal whenever a user opens the app.
    - Select **Next**, and then assign this profile to targeted devices/users.
 
+> [!NOTE]
+> The `WebProtection` key is not applicable for the Control Filter in the list of supervised devices. If you want to disable web protection for supervised devices, you can remove the Control Filter profile.
+
 ## Configure network protection
 
 Network protection in Microsoft Defender for endpoint is disabled by default. Admins can use the following steps to configure network protection. This configuration is available for both enrolled devices through MDM config and unenrolled devices through MAM config.
@@ -275,8 +278,8 @@ End users install and open the Microsoft Defender app to start onboarding.
 
 Microsoft Defender for Endpoint has the capability of detecting unmanaged and managed devices that are jailbroken. These jailbreak checks are done periodically. If a device is detected as jailbroken, these events occur:
 
-- High-risk alert is reported to the Microsoft Defender portal. If device Compliance and Conditional Access is set up based on device risk score, then the device is blocked from accessing corporate data.
-- User data on app is cleared. When user opens the app after jailbreaking the VPN profile also is deleted and no web protection is offered.
+- A high-risk alert is reported to the Microsoft Defender portal. If device Compliance and Conditional Access is set up based on device risk score, then the device is blocked from accessing corporate data.
+- User data on app is cleared. When user opens the app after jailbreaking, the VPN profile (only Defender for Endpoint loopback VPN Profile) also is deleted, and no web protection is offered. VPN profiles delivered by Intune are not removed.
 
 ### Configure compliance policy against jailbroken devices
 
diff --git a/defender-endpoint/linux-support-offline-security-intelligence-update.md b/defender-endpoint/linux-support-offline-security-intelligence-update.md
@@ -2,6 +2,7 @@
 title: Configure Offline Security Intelligence Update for Microsoft Defender for Endpoint on Linux (preview)
 description: Offline Security Intelligence Update in Microsoft Defender for Endpoint on Linux.
 ms.service: defender-endpoint
+ms.subservice: linux
 ms.author: dansimp
 author: dansimp
 ms.reviewer: gopkr
@@ -14,7 +15,7 @@ ms.collection:
 - mde-linux
 ms.topic: conceptual
 search.appverid: met150
-ms.date: 05/17/2024
+ms.date: 07/22/2024
 ---
 
 # Configure Offline Security Intelligence Update for Microsoft Defender for Endpoint on Linux 
diff --git a/defender-endpoint/mde-security-settings-management.md b/defender-endpoint/mde-security-settings-management.md
@@ -5,8 +5,9 @@ author: YongRhee-MSFT
 ms.author: yongrhee
 manager: deniseb
 ms.service: defender-endpoint
+ms.subservice: ngp
 ms.topic: how-to
-ms.date: 06/25/2024
+ms.date: 07/22/2024
 ms.collection: 
 - m365-security
 - tier2
diff --git a/defender-endpoint/whats-new-in-microsoft-defender-endpoint.md b/defender-endpoint/whats-new-in-microsoft-defender-endpoint.md
@@ -41,6 +41,7 @@ For more information on what's new with other Microsoft Defender security produc
 - [What's new in Microsoft Defender for Office 365](/defender-office-365/defender-for-office-365-whats-new)
 - [What's new in Microsoft Defender for Identity](/defender-for-identity/whats-new)
 - [What's new in Microsoft Defender for Cloud Apps](/cloud-app-security/release-notes)
+- [What's new in Microsoft Defender Vulnerability Management](/defender-vulnerability-management/whats-new-in-microsoft-defender-vulnerability-management)
 
 For more information on Microsoft Defender for Endpoint on specific operating systems:
 
diff --git a/defender-office-365/safe-attachments-policies-configure.md b/defender-office-365/safe-attachments-policies-configure.md
@@ -18,7 +18,7 @@ ms.collection:
 description: Learn about how to define Safe Attachments policies to protect your organization from malicious files in email.
 ms.custom: seo-marvel-apr2020
 ms.service: defender-office-365
-ms.date: 4/26/2024
+ms.date: 07/22/2024
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 1 and Plan 2</a>
   - ✅ <a href="https://learn.microsoft.com/defender-xdr/microsoft-365-defender" target="_blank">Microsoft Defender XDR</a>
@@ -511,6 +511,4 @@ To verify that you've successfully created, modified, or removed Safe Attachment
   Get-SafeAttachmentRule -Identity "<Name>" | Format-List
   ```
 
-- Add the URL `http://spamlink.contoso.com` to a file (for example, a Word document), and attach that file in an email message to test Safe Attachments protection. This URL is similar to the GTUBE text string for testing anti-spam solutions. This URL isn't harmful, but when it's included in an email attachment, it triggers a Safe Attachments protection response.
-
 - To verify that Safe Attachments is scanning messages, check the available Defender for Office 365 reports. For more information, see [View reports for Defender for Office 365](reports-defender-for-office-365.md) and [Use Explorer in the Microsoft Defender portal](threat-explorer-real-time-detections-about.md).
diff --git a/defender-vulnerability-management/whats-new-in-microsoft-defender-vulnerability-management.md b/defender-vulnerability-management/whats-new-in-microsoft-defender-vulnerability-management.md
@@ -14,9 +14,9 @@ ms.topic: conceptual
 ms.date: 07/09/2024
 ---
 
-# What's new in Microsoft Defender Vulnerability Management Public Preview
+# What's new in Microsoft Defender Vulnerability Management
 
-This article provides information about new features and important product updates for the latest release of Microsoft Defender Vulnerability Management public preview.
+This article provides information about new features and important product updates for the latest release of Microsoft Defender Vulnerability Management.
 
 > [!TIP]
 > Did you know you can try all the features in Microsoft Defender Vulnerability Management for free? Find out how to [sign up for a free trial](defender-vulnerability-management-trial.md).
diff --git a/defender-xdr/incident-queue.md b/defender-xdr/incident-queue.md
@@ -18,7 +18,7 @@ ms.topic: conceptual
 search.appverid: 
   - MOE150
   - MET150
-ms.date: 07/02/2024
+ms.date: 07/18/2024
 appliesto: 
 - Microsoft Defender XDR 
 - Microsoft Sentinel in the Microsoft Defender portal
@@ -107,6 +107,9 @@ You can also create filter sets within the incidents page by selecting **Saved f
 
 :::image type="content" source="/defender/media/incidents-queue/fig2-newfilters.png" alt-text="The create filter sets option for the incident queue in the Microsoft Defender portal." lightbox="/defender/media/incidents-queue/fig2-newfilters.png":::
 
+> [!NOTE]
+> Microsoft Defender XDR customers can now filter incidents with alerts where a compromised device communicated with operational technology (OT) devices connected to the enterprise network through the [device discovery integration of Microsoft Defender for IoT and Microsoft Defender for Endpoint](/defender-endpoint/device-discovery#device-discovery-integration). To filter these incidents, select **Any** in the Service/detection sources, then select **Microsoft Defender for IoT** in the Product name or see [Investigate incidents and alerts in Microsoft Defender for IoT in the Defender portal](/defender-for-iot/investigate-threats/). You can also use device groups to filter for site-specific alerts. For more information about Defender for IoT prerequisites, see [Get started with enterprise IoT monitoring in Microsoft Defender XDR](/azure/defender-for-iot/organizations/eiot-defender-for-endpoint/).
+
 ### Save custom filters as URLs
 
 Once you've configured a useful filter in the incidents queue, you can bookmark the URL of the browser tab or otherwise save it as a link on a Web page, a Word document, or a place of your choice. Bookmarking gives you single-click access to key views of the incident queue, such as:
diff --git a/defender-xdr/investigate-alerts.md b/defender-xdr/investigate-alerts.md
@@ -22,7 +22,7 @@ ms.topic: conceptual
 search.appverid:
   - MOE150
   - met150
-ms.date: 07/02/2024
+ms.date: 07/18/2024
 ---
 
 # Investigate alerts in Microsoft Defender XDR
@@ -64,6 +64,9 @@ You can filter alerts according to these criteria:
 - Automated investigation state
 - Alert subscription IDs
 
+> [!NOTE]
+> Microsoft Defender XDR customers can now filter incidents with alerts where a compromised device communicated with operational technology (OT) devices connected to the enterprise network through the [device discovery integration of Microsoft Defender for IoT and Microsoft Defender for Endpoint](/defender-endpoint/device-discovery#device-discovery-integration). To filter these incidents, select **Any** in the Service/detection sources, then select **Microsoft Defender for IoT** in the Product name or see [Investigate incidents and alerts in Microsoft Defender for IoT in the Defender portal](/defender-for-iot/investigate-threats/). You can also use device groups to filter for site-specific alerts. For more information about Defender for IoT prerequisites, see [Get started with enterprise IoT monitoring in Microsoft Defender XDR](/azure/defender-for-iot/organizations/eiot-defender-for-endpoint/).
+
 An alert can have system tags and/or custom tags with certain color backgrounds. Custom tags use the white background while system tags typically use red or black background colors. System tags identify the following in an incident: 
 
 - A **type of attack**, like ransomware or credential phishing
diff --git a/defender-xdr/microsoft-365-security-center-defender-cloud.md b/defender-xdr/microsoft-365-security-center-defender-cloud.md
@@ -8,7 +8,7 @@ f1.keywords:
 ms.author: diannegali
 author: diannegali
 manager: deniseb
-ms.date: 06/05/2024
+ms.date: 07/22/2024
 audience: ITPro
 ms.topic: conceptual
 search.appverid: 
@@ -41,11 +41,14 @@ To ensure access to Defender for Cloud alerts in the Microsoft Defender portal,
 
 ### Required permissions
 
-You must be a global administrator or a security administrator in Azure Active Directory to view Defender for Cloud alerts and correlations. For users that don't have these roles, the integration is available only by applying [unified role-based access control (RBAC) roles](manage-rbac.md) for Defender for Cloud.
-
 > [!NOTE]
 > The permission to view Defender for Cloud alerts and correlations is automatic for the entire tenant. Viewing for specific subscriptions is not supported. You can use the **alert subscription ID** filter to view Defender for Cloud alerts associated with a specific Defender for Cloud subscription in the alert and incident queues. Learn more about [filters](incident-queue.md#filters-).
 
+The integration is available only by applying the appropriate [unified role-based access control (RBAC)](manage-rbac.md) for Defender for Cloud. To view Defender for Cloud alerts and correlations without unified RBAC, you must be a Global Administrator or Security Administrator in Azure Active Directory.
+
+> [!IMPORTANT]
+> Global Administrator is a highly privileged role that should be limited to scenarios when you can't use an existing role. Microsoft recommends that you use roles with the fewest permissions. Using lower permissioned accounts helps improve security for your organization.
+
 ## Investigation experience in the Microsoft Defender portal
 
 > [!IMPORTANT]
@@ -54,11 +57,6 @@ You must be a global administrator or a security administrator in Azure Active D
 
 The following section describes the detection and investigation experience in the Microsoft Defender portal with Defender for Cloud alerts.
 
-> [!NOTE]
-> Informational alerts from Defender for Cloud are not integrated to the Microsoft Defender portal to allow focus on the relevant and high severity alerts. This strategy streamlines management of incidents and reduces alert fatigue.
-
-
-
 > [!div class="mx-tdCol2BreakAl"]
 > |Area   |Description   |
 > |----------|-----------|
@@ -69,6 +67,9 @@ The following section describes the detection and investigation experience in th
 > |Unified API|Defender for Cloud alerts and incidents are now included in [Microsoft Defender XDR's public API](api-overview.md), allowing customers to export their security alerts data into other systems using one API.|
 > |Advanced hunting (Preview)| Information about cloud audit events for various cloud platforms protected by the organization's Defender for Cloud is available through the [CloudAuditEvents](advanced-hunting-cloudauditevents-table.md) table in [advanced hunting](advanced-hunting-overview.md).|
 
+> [!NOTE]
+> Informational alerts from Defender for Cloud are not integrated to the Microsoft Defender portal to allow focus on the relevant and high severity alerts. This strategy streamlines management of incidents and reduces alert fatigue.
+
 ## Impact to Microsoft Sentinel users
 
 Microsoft Sentinel customers [integrating Microsoft Defender XDR incidents](/azure/sentinel/microsoft-365-defender-sentinel-integration) *and* ingesting Defender for Cloud alerts are required to make the following configuration changes to ensure that duplicate alerts and incidents aren't created:
diff --git a/defender-xdr/prerequisites.md b/defender-xdr/prerequisites.md
@@ -40,7 +40,7 @@ Any of these licenses gives you access to Microsoft Defender XDR features via th
 - Windows 11 Enterprise E5 or A5
 - Enterprise Mobility + Security (EMS) E5 or A5
 - Office 365 E5 or A5
-- Microsoft Defender for Endpoint (Plan 2)
+- Microsoft Defender for Endpoint
 - Microsoft Defender for Identity
 - Microsoft Defender for Cloud Apps or [Cloud App Discovery](/defender-cloud-apps/editions-cloud-app-security-aad)
 - Microsoft Defender for Office 365 (Plan 2)
diff --git a/defender-xdr/virus-initiative-criteria.md b/defender-xdr/virus-initiative-criteria.md
@@ -41,7 +41,7 @@ To be considered for the MVI program, your organization must meet all the follow
 |[SKD Labs](http://www.skdlabs.com)|Certification Requirements Product: Anti-virus or Antimalware.|Score >= 98.5% with On Demand, On Access and Total Detection tests|
 |[VB 100](https://www.virusbulletin.com/testing/vb100/vb100-methodology/vb100-methodology-ver1-1)|VB100 Certification Test V1.1|VB100 Certification|
 |[West Coast Labs](https://www.westcoastlabs.com/wclvalid)|West Coast Labs Verified|Product rating of A or higher with both Malware Detection and Malware Remediation|
-|[SE Labs](https://selabs.uk/en/reports/consumers)|Protection, Small Business, or Enterprise EP Protection Test.|- Protection A rating <br/>- Small Business EP A rating<br/>- Enterprise EP Protection A rating |
+|[SE Labs](https://selabs.uk/en/reports/)|Protection, Small Business, or Enterprise EP Protection Test.|- Protection A rating <br/>- Small Business EP A rating<br/>- Enterprise EP Protection A rating |
 
 ## Apply now
 
diff --git a/defender-xdr/whats-new.md b/defender-xdr/whats-new.md
@@ -31,6 +31,8 @@ You can also get product updates and important notifications through the [messag
 
 ## July 2024
 
+- Incidents with alerts where a compromised device communicated with an operational technology (OT) device are now visible in the Microsoft Defender portal through the [Microsoft Defender for IoT license and Defender for Endpoint’s device discovery capabilities](/defender-endpoint/device-discovery#device-discovery-integration). Using Defender for Endpoint data, Defender XDR automatically correlates these new OT alerts to incidents to provide a comprehensive attack story. To filter related incidents, see [Prioritize incidents in the Microsoft Defender portal](incident-queue.md#filters-).  
+
 - (GA) Filtering Microsoft Defender for Cloud alerts by the associated **alert subscription ID** in the Incidents and Alerts queues is now generally available. For more information, see [Microsoft Defender for Cloud in Microsoft Defender XDR](microsoft-365-security-center-defender-cloud.md).
 
 - (GA) The **Microsoft unified security operations platform** in the Microsoft Defender portal is generally available. This release brings together the full capabilities of Microsoft Sentinel, Microsoft Defender XDR, and Microsoft Copilot in Microsoft Defender. For more information, see the following resources:
