Merge branch 'main' into docs-editor/minimum-requirements-1736520250

Author: denisebmsft

defender-endpoint/live-response.md

@@ -14,7 +14,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: edr
 search.appverid: met150
-ms.date: 04/03/2024
+ms.date: 01/10/2025
 ---
 
 # Investigate entities on devices using live response
@@ -229,9 +229,9 @@ Here are some examples:
 
 Live response has a library where you can put files into. The library stores files (such as scripts) that can be run in a live response session at the tenant level.
 
-Live response allows PowerShell scripts to run, however you must first put the files into the library before you can run them.
+Live response allows PowerShell and Bash scripts to run; however, you must first put the files into the library before you can run them.
 
-You can have a collection of PowerShell scripts that can run on devices that you initiate live response sessions with.
+You can have a collection of PowerShell and Bash scripts that can run on devices that you initiate live response sessions with.
 
 #### To upload a file in the library
 
@@ -311,7 +311,7 @@ Live response supports table and JSON format output types. For each command, the
 
 ## Supported output pipes
 
-Live response supports output piping to CLI and file. CLI is the default output behavior. You can pipe the output to a file using the following command: [command] > [filename].txt.
+Live response supports output piping to CLI and file. CLI is the default output behavior. You can pipe the output to a file using the following command: `[command] > [filename].txt`.
 
 Example:
 

defender-endpoint/microsoft-defender-antivirus-compatibility.md

@@ -4,7 +4,7 @@ description: Learn about Microsoft Defender Antivirus with other security produc
 ms.service: defender-endpoint
 ms.subservice: ngp
 ms.localizationpriority: medium
-ms.date: 10/17/2024
+ms.date: 01/10/2025
 ms.topic: conceptual
 author: emmwalshh
 ms.author: ewalsh
@@ -132,6 +132,12 @@ In order for Microsoft Defender Antivirus to run in passive mode, endpoints must
 
 - Endpoints must be onboarded to Defender for Endpoint. 
 
+- Windows Security Center Service must be enabled.
+
+> [!WARNING]
+> If the **Windows Security Center Service** is *disabled* on Windows Clients then Microsoft Defender Antivirus can't detect third-party antivirus installations and will stay **Active**.
+> This could lead to conflicts between the Microsoft Defender Antivirus and the third-party Antivirus, as both will attempt to provide active protection. This will impact performance and is not supported.
+
 > [!IMPORTANT]
 > - Microsoft Defender Antivirus is only available on devices running Windows 10 and 11, Windows Server 2022, Windows Server 2016, Windows Server 2019, Windows Server, version 1803 or newer, Windows Server 2016, and Windows Server 2012 R2.
 > - Passive mode is only supported on Windows Server 2012 R2 & 2016 when the device is onboarded using the [modern, unified solution](configure-server-endpoints.md). 

defender-endpoint/microsoft-defender-endpoint-linux.md

@@ -15,7 +15,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: linux
 search.appverid: met150
-ms.date: 01/07/2025
+ms.date: 01/10/2025
 ---
 
 # Microsoft Defender for Endpoint on Linux
@@ -45,7 +45,7 @@ Microsoft Defender for Endpoint for Linux includes anti-malware and endpoint det
 
 > [!NOTE]
 > Linux distribution using system manager supports both SystemV and Upstart.
-> Microsoft Defender for Endpoint on Linux agent is independent from [OMS agent](/azure/azure-monitor/agents/agents-overview#log-analytics-agent). 
+> Microsoft Defender for Endpoint on Linux agent is independent from [Operation Management Suite (OMS) agent](/azure/azure-monitor/agents/agents-overview#log-analytics-agent). 
 > Microsoft Defender for Endpoint relies on its own independent telemetry pipeline.
 
 ### System requirements
@@ -106,30 +106,30 @@ Microsoft Defender for Endpoint for Linux includes anti-malware and endpoint det
   
 - List of supported filesystems for RTP, Quick, Full, and Custom Scan.
 
-   |RTP, Quick, Full Scan| Custom Scan|
-   |---|---|
-   |`btrfs`|All filesystems supported for RTP, Quick, Full Scan|
-   |`ecryptfs`|`Efs`|
-   |`ext2`|`S3fs`|
-   |`ext3`|`Blobfuse`|
-   |`ext4`|`Lustr`|
-   |`fuse`|`glustrefs`|
-   |`fuseblk`|`Afs`|
-   |`jfs`|`sshfs`|
-   |`nfs` (v3 only)|`cifs`|
-   |`overlay`|`smb`|
-   |`ramfs`|`gcsfuse`|
-   |`reiserfs`|`sysfs`|
-   |`tmpfs`||
-   |`udf`||
-   |`vfat`||
-   |`xfs`||
-    
+ |RTP, Quick, Full Scan| Custom Scan|
+ |---|---|
+ |`btrfs`|All filesystems supported for RTP, Quick, Full Scan|
+ |`ecryptfs`|`Efs`|
+ |`ext2`|`S3fs`|
+ |`ext3`|`Blobfuse`|
+ |`ext4`|`Lustr`|
+ |`fuse`|`glustrefs`|
+ |`fuseblk`|`Afs`|
+ |`jfs`|`sshfs`|
+ |`nfs` (v3 only)|`cifs`|
+ |`overlay`|`smb`|
+ |`ramfs`|`gcsfuse`|
+ |`reiserfs`|`sysfs`|
+ |`tmpfs`||
+ |`udf`||
+ |`vfat`||
+ |`xfs`||
+  
   > [!NOTE]
-  > Starting with version `101.24082.0004`, Defender for Endpoint on Linux no longer supports the `Auditd` event provider. We're transitioning completely to the more efficient eBPF technology.
+  > Starting with version `101.24082.0004`, Defender for Endpoint on Linux no longer supports the `Auditd` event provider. We're transitioning completely to the more efficient extended Berkeley Packet Filter (eBPF) technology.
   > If eBPF isn't supported on your machines, or if there are specific requirements to remain on Auditd, and your machines are using Defender for Endpoint on Linux version `101.24072.0001` or lower, then Audit framework (`auditd`) must be enabled on your system.
   > If you're using Auditd, then system events captured by rules added to `/etc/audit/rules.d/` adds to `audit.log`(s) and might affect host auditing and upstream collection. Events added by Microsoft Defender for Endpoint on Linux are tagged with the `mdatp` key.
-
+  
 - /opt/microsoft/mdatp/sbin/wdavdaemon requires executable permission. For more information, see "Ensure that the daemon has executable permission" in [Troubleshoot installation issues for Microsoft Defender for Endpoint on Linux](linux-support-install.md).
 
 ### Installation instructions