Merge pull request #1289 from MicrosoftDocs/main

Stacyrch140 · web-flow · commit 6262ee872c00 · 2024-09-06T13:44:10.000-04:00
Publish main to live, Friday 10:30AM PDT, 09/06/2024
diff --git a/defender-endpoint/edr-block-mode-faqs.yml b/defender-endpoint/edr-block-mode-faqs.yml
@@ -15,7 +15,7 @@ metadata:
   - partner-contribution
   ms.topic: faq
   ms.collection: m365-security
-  ms.date: 04/26/2024
+  ms.date: 09/07/2024
 
 title: Endpoint detection and response (EDR) in block mode frequently asked questions (FAQ)
 summary: |
@@ -38,9 +38,9 @@ sections:
       - question: |
           Do I need to turn EDR in block mode on if I have Microsoft Defender Antivirus running on devices?
         answer: |
-          Yes, Microsoft recommends enabling EDR in block mode, even when primary antivirus software on the system is Microsoft Defender Antivirus. EDR detections can be automatically remediated by [PUA protection](detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md) or by [automated investigation & remediation capabilities](automated-investigations.md) in block mode.
+          Yes, Microsoft recommends enabling EDR in block mode, even when primary antivirus software on the system is Microsoft Defender Antivirus. EDR detections can be automatically remediated by [PUA protection](detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md) in block mode.
 
-          The primary purpose of EDR in block mode is to remediate post-breach detections that were missed by a non-Microsoft antivirus product.
+          The primary purpose of EDR in block mode is to remediate post-breach detections that were missed by a non-Microsoft antivirus product. There is a scenario where EDR in block mode enablement might be beneficial, even when the primary antivirus solution is Microsoft Defender Antivirus. If Microsoft Defender Antivirus is misconfigured, such as if PUA protection is not enabled, EDR in block mode can automatically remediate PUA.
 
       - question: |
           Will EDR in block mode affect a user's antivirus protection?
diff --git a/defender-endpoint/schedule-antivirus-scans-group-policy.md b/defender-endpoint/schedule-antivirus-scans-group-policy.md
@@ -6,7 +6,7 @@ ms.localizationpriority: medium
 author: siosulli
 ms.author: siosulli
 ms.custom: nextgen
-ms.date: 03/06/2023
+ms.date: 09/07/2024
 ms.reviewer: pauhijbr, ksarens
 manager: deniseb
 ms.subservice: ngp
@@ -80,7 +80,7 @@ For more information, see the [Manage when protection updates should be download
 | Location | Setting | Description | Default setting (if not configured) |
 |:---|:---|:---|:---|
 | Scan | Specify the interval to run quick scans per day | Specify how many hours should elapse before the next quick scan. For example, to run every two hours, enter **2**, for once a day, enter **24**. Enter **0** to never run a daily quick scan. | Never |
-| Scan | Specify the time for a daily quick scan | Specify the number of minutes after midnight (for example, enter **60** for 1 a.m.) | 2 a.m. |
+| Scan | Specify the time for a daily quick scan | Specify the number of minutes after midnight (for example, enter **60** for 1 a.m.)  Note that if this setting is set to 0, daily quick scans do not run.| 2 a.m. |
 
 ## Group Policy settings for scheduling scans after protection updates
 
@@ -97,4 +97,5 @@ For more information, see the [Manage when protection updates should be download
 > - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
 > - [Configure Defender for Endpoint on Android features](android-configure.md)
 > - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
+
 [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]
diff --git a/defender-for-iot/media/set-up-sites/site-security-associate-group.png b/defender-for-iot/media/set-up-sites/site-security-associate-group.png
diff --git a/defender-for-iot/set-up-sites.md b/defender-for-iot/set-up-sites.md
@@ -5,7 +5,7 @@ ms.service: defender-for-iot
 author: limwainstein
 ms.author: lwainstein
 ms.localizationpriority: medium
-ms.date: 06/26/2024
+ms.date: 08/26/2024
 ms.topic: how-to
 ---
 
@@ -61,10 +61,12 @@ In this stage, you configure Defender for IoT to associate OT devices to the sit
 
         Check each location, because Defender for IoT might list your OT devices in more than one suggested location. If this happens, select all of the suggested locations that include an identified OT device. You can select any number of locations. However, you can't edit the list of devices that appear at a specific location.
 
-1. Review the devices and select the suggested sites to add. You might need to select more than one suggested site.
+1. Review the devices and select the suggested sites to associate with the site. You might need to select more than one suggested site.
 
-    :::image type="content" source="media/set-up-sites/site-security-associate-devices-new.png" alt-text="Screenshot showing the associate devices screen and the suggested list of OT devices per location in the site set-up page of Microsoft Defender for IoT in the Microsoft Defender portal.":::
+    Use the **Group** column to check the ID for each suggested site. Sites with the same ID indicate that the devices are likely located at the same physical location. As these suggested sites are expected to belong to the same site, review and confirm that the devices listed are correct before making your selections and associating the suggested sites.
 
+    :::image type="content" source="media/set-up-sites/site-security-associate-group.png" alt-text="Screenshot showing the associate devices screen and the suggested list of OT devices per location with the Group column in the site set-up page of Microsoft Defender for IoT in the Microsoft Defender portal." lightbox="media/set-up-sites/site-security-associate-group.png":::
+  
 1. Select **Next** to review the site details.
 
 ## Review site details
