Merge branch 'main' of https://github.com/MicrosoftDocs/defender-docs-pr into permli

Author: tarTech23

defender-endpoint/microsoft-defender-antivirus-updates.md

@@ -3,7 +3,7 @@ title: Microsoft Defender Antivirus security intelligence and product updates
 description: Manage how Microsoft Defender Antivirus receives protection and product updates.
 ms.service: defender-endpoint
 ms.localizationpriority: high
-ms.date: 07/25/2024
+ms.date: 08/08/2024
 audience: ITPro
 ms.topic: reference
 author: siosulli
@@ -98,6 +98,23 @@ All our updates contain:
 - Serviceability improvements
 - Integration improvements (Cloud, [Microsoft Defender XDR](/defender-xdr/microsoft-365-defender))
 
+### July-2024 (Platform: 4.18.24070.5 | Engine: 1.1.24070.3)
+
+- Security intelligence update version: **1.417.14.0**
+- Release date: **August 7, 2024** (Engine and Platform)
+- Platform: **4.18.24070.5**
+- Engine: **1.1.24070.3**
+- Support phase: **Security and Critical Updates**
+
+### What's new
+
+- False positive detections are no longer reported as `ThreatNotFound` in the Microsoft Defender portal. 
+- Optimized Network Protection calls to the backend that occur as a result of suspicious connection checks.
+- Fixed the [PerformanceModeStatus](/windows/client-management/mdm/defender-csp#configurationperformancemodestatus) configuration key in Defender CSP so changing this value in the console takes effect on the endpoint. 
+- Resolved an issue where File Evidence Location was not always captured in scenarios where the Remote Location is inaccessible. 
+- New event log added (5016) to report Microsoft Defender Antivirus self-healed when a deadlock is detected during shutdown. 
+- Fixed a prioritization issue with full scans initiated from the portal that resulted in longer than expected full scan duration.
+
 ### June-2024 (Platform: 4.18.24060.7 | Engine: 1.1.24060.5)
 
 - Security intelligence update version: **1.415.1.0**
@@ -133,22 +150,6 @@ All our updates contain:
 - Fixed a crash caused by a race condition with a device control driver.
 - Added Event Viewer Logging for scan start event where the scan originates from PowerShell.
 
-### April-2024 (Engine: 1.1.24040.1 | Platform: 4.18.24040.4)
-
-- Security intelligence update version: **1.411.7.0**
-- Release date: **May 07, 2024** (Engine) / **May 16, 2024** (Platform)
-- Engine: **1.1.24040.1**
-- Platform: **4.18.24040.4**
-- Support phase: **Security and Critical Updates**
-
-#### What's new
-
-- Added an opt-out feature for Experimental Configuration Services (ECS) and One collector in the Core Service.
-- Fixed an issue where occasionally exclusions deployed via Intune were not being honored when tamper protection was enabled.
-- After a new engine version is released, support for older versions (N-2) will now reduce to technical support only. Engine versions older than N-2 are no longer supported.
-- Improved health monitoring and telemetry for [attack surface rules](overview-attack-surface-reduction.md) exclusions.
-- Updated inaccurate information in [Configure exclusions for files opened by processes](configure-process-opened-file-exclusions-microsoft-defender-antivirus.md) regarding wildcard usage with contextual exclusions.
-
 ### Previous version updates: Technical upgrade support only
 
 After a new package version is released, support for the previous two versions is reduced to technical support only. For more information about previous versions, see [Microsoft Defender Antivirus updates: Previous versions for technical upgrade support](msda-updates-previous-versions-technical-upgrade-support.md).

defender-endpoint/msda-updates-previous-versions-technical-upgrade-support.md

@@ -6,7 +6,7 @@ ms.author: siosulli
 author: siosulli
 ms.localizationpriority: medium
 ms.reviewer: pahuijbr
-ms.date: 07/25/2024
+ms.date: 08/07/2024
 manager: deniseb
 audience: ITPro
 ms.collection:
@@ -29,6 +29,22 @@ Microsoft regularly releases [security intelligence updates and product updates
 
 ## Engine and platform updates
 
+### April-2024 (Engine: 1.1.24040.1 | Platform: 4.18.24040.4)
+
+- Security intelligence update version: **1.411.7.0**
+- Release date: **May 07, 2024** (Engine) / **May 16, 2024** (Platform)
+- Engine: **1.1.24040.1**
+- Platform: **4.18.24040.4**
+- Support phase: **Technical upgrade support (only)**
+
+#### What's new
+
+- Added an opt-out feature for Experimental Configuration Services (ECS) and One collector in the Core Service.
+- Fixed an issue where occasionally exclusions deployed via Intune were not being honored when tamper protection was enabled.
+- After a new engine version is released, support for older versions (N-2) will now reduce to technical support only. Engine versions older than N-2 are no longer supported.
+- Improved health monitoring and telemetry for [attack surface rules](overview-attack-surface-reduction.md) exclusions.
+- Updated inaccurate information in [Configure exclusions for files opened by processes](configure-process-opened-file-exclusions-microsoft-defender-antivirus.md) regarding wildcard usage with contextual exclusions.
+
 ### March-2024 (Engine: 1.1.24030.4 | Platform: 4.18.24030.9)
 
 - Security intelligence update version: **1.409.1.0**

defender-endpoint/onboard-windows-multi-session-device.md

@@ -128,7 +128,15 @@ Also, if you're using FSlogix user profiles, we recommend you follow the guidanc
 
 #### Licensing requirements
 
-Note on licensing: When using Windows Enterprise multi-session, depending on your requirements, you can choose to either have all users licensed through Microsoft Defender for Endpoint (per user), Windows Enterprise E5, Microsoft 365 E5 Security, or Microsoft 365 E5, or have the VM licensed through Microsoft Defender for Cloud.
+When using Windows Enterprise multi-session, per our security best practices the virtual machine can be licensed through Microsoft Defender for Servers or you can choose to have all Azure Virtual Desktop virtual machine users licensed through one of the following licenses:
+
+- Microsoft Defender for Endpoint Plan 1 or Plan 2 (per user)
+- Windows Enterprise E3
+- Windows Enterprise E5
+- Microsoft 365 E3
+- Microsoft 365 E5 Security
+- Microsoft 365 E5
+
 Licensing requirements for Microsoft Defender for Endpoint can be found at: [Licensing requirements](minimum-requirements.md#licensing-requirements).
 
 #### Related Links

defender-endpoint/update-agent-mma-windows.md

@@ -70,7 +70,7 @@ A new agent was released in April 2022 for Windows Server 2012 R2 and Windows Se
 - If you are, however, still using MMA for other purposes (such as Log Analytics), MMA is currently set to retire in August 2024. See [We're retiring the Log Analytics agent in Azure Monitor on 31 August 2024](https://azure.microsoft.com/updates/were-retiring-the-log-analytics-agent-in-azure-monitor-on-31-august-2024/). Depending on your particular scenario, now might be a good time to upgrade to [Azure Monitoring Agent, the successor of MMA](/azure/azure-monitor/agents/azure-monitor-agent-migration). 
 
 > [!IMPORTANT]
-> Devices running Windows 7 SP1, Windows 8.1, or Windows Server 2008 R2 remain dependent on MMA.
+> Defender for Endpoint devices running Windows 7 SP1, Windows 8.1, or Windows Server 2008 R2 are still supported and remain dependent on MMA.
 >
 > Devices running Windows Server 2012 R2 or Windows Server 2016 should be upgraded to the [new, unified solution](application-deployment-via-mecm.md) so that they no longer require the use of MMA. 
 >

defender-for-iot/discover-vulnerabilities-overview.md

@@ -1,6 +1,6 @@
 ---
-title: Overview of vulnerability management with Microsoft Defender for IoT in the Defender portal
-description: This article describes the features and benefits of Microsoft Defender for IoT vulnerability management.
+title: Overview of vulnerability management and weaknesses with Microsoft Defender for IoT in the Defender portal
+description: This article describes the vulnerability management and weaknesses features of Microsoft Defender for IoT in the Defender portal.
 ms.service: defender-for-iot
 author: limwainstein
 ms.author: lwainstein

defender-for-iot/get-started.md

@@ -1,6 +1,6 @@
 ---
-title: Get started with Microsoft Defender for IoT in the Defender portal
-description: This article describes how to set up Microsoft Defender for IoT in the Defender portal.
+title: Get started and set up a license for Microsoft Defender for IoT in the Defender portal
+description: This article describes how to get started and set up a license got Microsoft Defender for IoT in the Defender portal.
 ms.service: defender-for-iot
 author: lwainstein
 ms.author: lwainstein
@@ -13,7 +13,7 @@ ms.topic: how-to
 
 Microsoft Defender for IoT in the Microsoft Defender portal allows you to analyze OT data, generate alerts, and identify network risks. This article explains how to create a trial license for Defender for IoT in the Defender portal using your Microsoft tenant.
 
-One trial license is available per tenant. The trial license is limited to a maximum of 1,000 OT devices and lasts for 90 days. After you set up the trial license, you can access the Defender for IoT security insights available for your network.
+One trial license is available per tenant. The trial license is limited to a maximum of 1,000 OT devices. After you set up the trial license, you can access the Defender for IoT security insights available for your network.
 
 When you finish setting up the trial license, you can continue to [set up a site](set-up-sites.md) to monitor your OT devices at the production site level.
 
@@ -25,7 +25,7 @@ To add a trial license for Microsoft Defender for IoT:
 
 1. Open the [Microsoft Defender for IoT - OT Site License (1000 max devices per site) Trial wizard](https://signup.microsoft.com/get-started/signup?products=d2bdd05f-4856-4569-8474-2f9ec298923b).
 
-    :::image type="content" source="media/get-started/trial-license-get-started.png" alt-text="Screenshot of the set up page for the Microsoft Defender for IoT trial license.":::
+    :::image type="content" source="media/get-started/trial-license-get-started.png" alt-text="Screenshot to get started and set up page for the Microsoft Defender for IoT trial license.":::
 
 1. In the **Email** field, type the email address you want to associate with the trial license, and select **Next**.
 

defender-for-iot/manage-devices-inventory.md

@@ -1,5 +1,5 @@
 ---
-title: Discover and manage devices for Microsoft Defender for IoT in the Defender portal
+title: Discover and manage devices in the device inventory for Microsoft Defender for IoT in the Defender portal
 description: This article describes how to discover and manage devices in the device inventory for Microsoft Defender for IoT in the Defender portal.
 ms.service: defender-for-iot
 author: limwainstein
@@ -10,7 +10,7 @@ ms.topic: how-to
 ---
 
 # Discover and manage devices
-
+<!-- possibly add to h1 in the device inventory-->
 Microsoft Defender for IoT in the Microsoft Defender portal includes the device inventory, which helps you identify details about specific OT devices. Gathering details about your devices helps your teams proactively investigate vulnerabilities that can compromise your most critical assets. This article describes how to discover and manage your devices in the device inventory. You can filter data in the inventory, explore the inventory, investigate device details, and more.
 
 Learn more about the benefits of OT [device discovery](device-discovery.md).
@@ -28,7 +28,7 @@ Review the [Defender for IoT prerequisites](prerequisites.md).
 > [!NOTE]
 >
 > If you don't yet have a Defender for IoT license, the **Device inventory** page lists OT devices without security data. For example, the device name, IP, and category are visible, while the risk level isn't visible. The device inventory also displays a note at the top of the page that indicates the number of unprotected OT devices.
-> 
+>
 > In this case, [onboard Defender for IoT](get-started.md) to get security value for your OT devices.
 
 ## View OT devices

defender-for-iot/prerequisites.md

@@ -1,6 +1,6 @@
 ---
-title: Prerequisites for Microsoft Defender for IoT in the Defender portal
-description: This article describes the prerequisites for Microsoft Defender for IoT in the Microsoft Defender portal.
+title: Prerequisites for a license or setting up a site for Microsoft Defender for IoT in the Defender portal
+description: This article describes the prerequisites for a license or setting up a site for Microsoft Defender for IoT in the Microsoft Defender portal.
 ms.service: defender-for-iot
 author: lwainstein
 ms.author: lwainstein
@@ -13,7 +13,7 @@ ms.topic: get-started
 
 Microsoft Defender for IoT in the Microsoft Defender portal monitors and secures network traffic across your operational technology (OT) networks and allows you to analyze OT data, generate alerts, identify network risks, and more.
 
-To see how Defender for IoT can help and protect your network sign up to a free, 90 day, trial version. This article describes the prerequisites needed to set up a trial license for Microsoft Defender for IoT.
+To see how Defender for IoT can help and protect your network sign up to a free trial version. This article describes the prerequisites needed to set up a trial license for Microsoft Defender for IoT.
 
 [!INCLUDE [defender-iot-preview](../includes//defender-for-iot-defender-public-preview.md)]
 

defender-for-iot/prioritize-vulnerabilities.md

@@ -1,6 +1,6 @@
 ---
-title: Prioritize and remediate vulnerabilities with Microsoft Defender for IoT in the Defender portal
-description: This article describes how to prioritize and remediate vulnerabilities with Microsoft Defender for IoT in the Defender portal.
+title: Prioritize, investigate and remediate vulnerabilities with Microsoft Defender for IoT in the Defender portal
+description: This article describes how to prioritize, investigate and remediate vulnerabilities with Microsoft Defender for IoT in the Defender portal.
 ms.service: defender-for-iot
 author: limwainstein
 ms.author: lwainstein

defender-for-iot/set-up-sites.md

@@ -1,6 +1,6 @@
 ---
-title: Set up sites with Microsoft Defender for IoT in the Defender portal
-description: This article describes how to set up a site as part of the site security feature included in Microsoft Defender for IoT in the Microsoft Defender portal.
+title: Set up and create sites for site security with Microsoft Defender for IoT in the Defender portal
+description: This article describes how to set up and create a site as part of the site security feature included in Microsoft Defender for IoT in the Microsoft Defender portal.
 ms.service: defender-for-iot
 author: limwainstein
 ms.author: lwainstein
@@ -11,9 +11,9 @@ ms.topic: how-to
 
 # Set up sites
 
-Microsoft Defender for IoT in the Microsoft Defender portal includes the **Site security** page, which offers an overview of the security state of your entire operational technology (OT) environment. Your organization's security team can use this page to regularly monitor the security status of your production sites.
+Microsoft Defender for IoT in the Microsoft Defender portal includes the **Site security** page, which offers an overview of the security state of your entire operational technology (OT) environment. Your organization's security team use this page to regularly monitor the security status of your production sites.
 
-In this article, you learn how to set up a site in the **Site security** page. 
+In this article, you learn how to set up a site in the **Site security** page.
 
 Learn more about the [site security benefits and use cases](site-security-overview.md).
 
@@ -39,7 +39,7 @@ To set up a site and associate the OT devices in your network to it:
     - **Site description**: Describe the purpose of the site, what activities occur there, the types and number of devices used, and other important information about the site.
     - **Owners**: The contact emails of any users administering the site who must be contacted when problems occur.
 
-    :::image type="content" source="media/set-up-sites/site-security-set-up-details-new.png" alt-text="Screenshot showing the details for a new site in the Site security page of Microsoft Defender for IoT in the Microsoft Defender portal.":::
+    :::image type="content" source="media/set-up-sites/site-security-set-up-details-new.png" alt-text="Screenshot showing the details for creating a new site in the Site security page of Microsoft Defender for IoT in the Microsoft Defender portal.":::
 
 1. When completed, select **Next** to associate devices to the site.
 
@@ -74,7 +74,7 @@ Review that information for the site you want to create:
 1. Review the selected OT devices. If needed, select **Edit devices** to return to the **Associate devices** screen.
 1. Select **Complete**.
 
-    The site is now set up and appears in the **Site security** page. 
+    The site is now set up and appears in the **Site security** page.
 
     Regarding device data:
 
@@ -87,21 +87,21 @@ Review that information for the site you want to create:
 
 Use a device group to make sure that the correct users have access to the site. To create a device group:
 
-1. Select **Create device group**. 
+1. Select **Create device group**.
 
     The **Settings > Endpoints > Device groups** page opens.
 
 1. Select **Add device group** and type a device group name.
-1. Select the remediation level, type a description, and select **Next**. 
+1. Select the remediation level, type a description, and select **Next**.
 
     The **Devices** page opens.
 
 1. Type the value for the **Tag** condition in the format: *Site: \<Site name\>*. For example, *Site: San Francisco*.
-1. Select **Next**. 
+1. Select **Next**.
 
-    The **Preview devices** page opens with a list of devices in the group. 
+    The **Preview devices** page opens with a list of devices in the group.
 
-1. Select **Next**. 
+1. Select **Next**.
 
     The **User access** page opens.