Merge branch 'main' into chrisda

chrisda · web-flow · commit 638fef84163c · 2025-06-19T14:52:43.000-07:00
diff --git a/defender-endpoint/defender-endpoint-subscription-settings.md b/defender-endpoint/defender-endpoint-subscription-settings.md
@@ -28,19 +28,16 @@ In Defender for Endpoint, a mixed-licensing scenario is a situation in which an
 | *Mixed trial* | Try a premium level subscription for some users. Examples include: <br/>- Defender for Endpoint Plan 1 (purchased for all users), and Defender for Endpoint Plan 2 (a trial subscription has been started for some users)<br/>- Microsoft 365 E3 (purchased for all users), and Microsoft 365 E5 (a trial subscription has been started for some users) |
 | *Phased upgrades* | Upgrade user licenses in phases. Examples include:<br/>- Moving groups of users from Defender for Endpoint Plan 1 to Plan 2<br/>- Moving groups of users from Microsoft 365 E3 to E5  |
 
- Until recently, mixed-licensing scenarios weren't supported; in cases of multiple subscriptions, the highest functional subscription would take precedence for your tenant. Now, you can manage your subscription settings to accommodate mixed licensing scenarios across client devices. These capabilities enable you to:
+You can manage your subscription settings to accommodate mixed licensing scenarios across client devices. These capabilities enable you to:
 
 - **Set your tenant to mixed mode and tag devices** to determine which client devices will receive features and capabilities from each plan (we call this option *mixed mode*); **OR**,
 - **Use the features and capabilities from one plan across all your client devices**. 
 
 You can also use a newly added license usage report to track status.
 
-> [!NOTE]
-> If you're using Microsoft Defender for Business and you want to switch to Defender for Endpoint Plan 2, contact support. For more information, see [Change your endpoint security subscription](/defender-business/mdb-manage-subscription).
-
 ## [**Use mixed mode**](#tab/mixed)
 
-## Set your tenant to mixed mode and tag devices
+To set your tenant to mixed mode and tag devices, follow the guidance on this tab.
 
 > [!IMPORTANT]
 > - **Mixed-mode settings apply to client endpoints only**. Tagging server devices won't change their subscription state. All server devices running Windows Server or Linux should have appropriate licenses, such as [Defender for Servers](/azure/defender-for-cloud/plan-defender-for-servers-select-plan). See [Options for onboarding servers](onboard-windows-server.md).
@@ -96,10 +93,9 @@ For example, suppose that you want to use a tag called `VIP` for all the devices
 
 2. Set up a dynamic rule using the condition operator `Tag Does not contain VIP`. In this case, all devices that do not have the `VIP` tag will receive the `License MDE P1` tag and Defender for Endpoint Plan 1 capabilities. 
 
-
 ## [**Use one plan**](#tab/oneplan)
 
-## Use the features and capabilities from one plan across all your devices
+To use the features and capabilities from one plan across all your devices, follow the guidance on this tab.
 
 > [!IMPORTANT]
 > To access license information, you must have one of the following roles assigned in Microsoft Entra ID:
@@ -123,6 +119,10 @@ For example, suppose that you want to use a tag called `VIP` for all the devices
 
 ---
 
+Microsoft Defender for Business isn't supported for mixed-license scenarios. If you're using Defender for Business and you want to switch to Defender for Endpoint Plan 2, contact support. For more information, see [Change your endpoint security subscription](/defender-business/mdb-manage-subscription).
+
+[!INCLUDE [side-by-side-scenarios](includes/side-by-side-scenarios.md)]
+
 > [!IMPORTANT]
 > Microsoft recommends that you use roles with the fewest permissions. This helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
 
diff --git a/defender-endpoint/defender-endpoint-trial-user-guide.md b/defender-endpoint/defender-endpoint-trial-user-guide.md
@@ -7,7 +7,7 @@ ms.author: deniseb
 manager: deniseb 
 audience: ITPro
 ms.topic: how-to
-ms.date: 11/11/2024
+ms.date: 06/19/2025
 ms.collection: 
 - m365-security
 - tier2
@@ -24,6 +24,8 @@ Welcome to the Microsoft Defender for Endpoint Plan 2 trial user guide!
 
 This playbook is a simple guide to help you make the most of your free trial. Using the suggested steps in this article from the Microsoft Defender team, you learn how Defender for Endpoint can help you to prevent, detect, investigate, and respond to advanced threats.
 
+[!INCLUDE [side-by-side-scenarios](includes/side-by-side-scenarios.md)]
+
 ## What is Defender for Endpoint?
 
 [Defender for Endpoint](microsoft-defender-endpoint.md) is an enterprise endpoint security platform that uses the following combination of technology built into Windows and Microsoft's robust cloud service: 
diff --git a/defender-endpoint/deployment-strategy.md b/defender-endpoint/deployment-strategy.md
@@ -32,6 +32,8 @@ We understand that every enterprise environment is unique, so we've provided sev
 
 :::image type="content" source="/defender/media/defender-endpoint/onboarding-architecture-2.png" alt-text="The deployment flow":::
 
+[!INCLUDE [side-by-side-scenarios](includes/side-by-side-scenarios.md)]
+
 ## Step 1: Identify your architecture
 
 Depending on your environment, some tools are better suited for certain architectures. Use the following table to decide which Defender for Endpoint architecture best suits your organization.
diff --git a/defender-endpoint/linux-deploy-defender-for-endpoint-with-chef.md b/defender-endpoint/linux-deploy-defender-for-endpoint-with-chef.md
@@ -36,6 +36,8 @@ You can deploy [Defender for Endpoint on Linux](microsoft-defender-endpoint-linu
 
 To use another method, refer to the [See also](#see-also) section.
 
+[!INCLUDE [side-by-side-scenarios](includes/side-by-side-scenarios.md)]
+
 ## Prerequisites
 
 Before you get started, see [Prerequisites for Defender for Endpoint on Linux](mde-linux-prerequisites.md) for a description of prerequisites and system requirements.
diff --git a/defender-endpoint/linux-exclusions.md b/defender-endpoint/linux-exclusions.md
@@ -41,6 +41,8 @@ Exclusions can be useful to avoid incorrect detections on files or software that
 > [!WARNING]
 > Defining exclusions lowers the protection offered by Defender for Endpoint on Linux. You should always evaluate the risks that are associated with implementing exclusions, and you should only exclude files that you're confident aren't malicious.
 
+[!INCLUDE [side-by-side-scenarios](includes/side-by-side-scenarios.md)]
+
 ## Supported exclusion scopes
 
 As described in an earlier section, we support two exclusion scopes: antivirus (`epp`) and global (`global`) exclusions.
diff --git a/defender-endpoint/linux-install-with-ansible.md b/defender-endpoint/linux-install-with-ansible.md
@@ -31,6 +31,8 @@ ms.date: 04/10/2025
 
 You can deploy [Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md) by using a variety of tools and methods. This article describes how to deploy Defender for Endpoint on Linux using Ansible. To use another method, refer to the [See also](#see-also) section.
 
+[!INCLUDE [side-by-side-scenarios](includes/side-by-side-scenarios.md)]
+
 A successful deployment requires the completion of all of the following tasks:
 
 - [Prerequisites and system requirements](#prerequisites-and-system-requirements-applicable-to-both-the-methods)
diff --git a/defender-endpoint/linux-install-with-puppet.md b/defender-endpoint/linux-install-with-puppet.md
@@ -31,6 +31,7 @@ ms.date: 04/10/2025
 
 You can deploy [Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md) by using a variety of tools and methods. This article describes how to deploy Defender for Endpoint on Linux using Puppet. To use another method, refer to the [See also](#see-also) section. 
 
+[!INCLUDE [side-by-side-scenarios](includes/side-by-side-scenarios.md)]
 
 [!INCLUDE [Microsoft Defender for Endpoint third-party tool support](../includes/support.md)]
 
diff --git a/defender-endpoint/linux-installer-script.md b/defender-endpoint/linux-installer-script.md
@@ -33,6 +33,8 @@ You can deploy [Defender for Endpoint on Linux](microsoft-defender-endpoint-linu
 
 To use another method, refer to the [See also](#see-also) section. 
 
+[!INCLUDE [side-by-side-scenarios](includes/side-by-side-scenarios.md)]
+
 ## Prerequisites and system requirements
 
 Before you get started, see [Prerequisites for Defender for Endpoint on Linux](mde-linux-prerequisites.md) for a description of prerequisites and system requirements.
diff --git a/defender-endpoint/linux-preferences.md b/defender-endpoint/linux-preferences.md
@@ -44,6 +44,8 @@ Microsoft Defender for Endpoint on Linux includes antivirus, anti-malware protec
 | 7. Deploy updates. | Microsoft regularly publishes software updates to improve performance, security, and to deliver new features. <br/><br/>See [Deploy updates for Microsoft Defender for Endpoint on Linux](linux-updates.md). |
 | 8. Configure network protection (preview) | Network protection helps prevent employees from using any application to access dangerous domains that might host phishing scams, exploits, and other malicious content on the Internet. <br/><br/>See [Network protection for Linux](network-protection-linux.md). |
 
+[!INCLUDE [side-by-side-scenarios](includes/side-by-side-scenarios.md)]
+
 ## Options for configuring security settings
 
 To configure your security settings in Defender for Endpoint on Linux, you have two main options:
diff --git a/defender-endpoint/mac-exclusions.md b/defender-endpoint/mac-exclusions.md
@@ -29,20 +29,17 @@ ms.date: 04/16/2025
 
 > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://go.microsoft.com/fwlink/p/?linkid=2225630)
 
-This article provides information on how to define exclusions that apply to on-demand scans, and real-time protection and monitoring.
+This article provides information on how to define exclusions that apply to on-demand scans, and real-time protection and monitoring. The exclusions described in this article don't apply to other Defender for Endpoint on macOS capabilities, including endpoint detection and response (EDR). Files that you exclude using the methods described in this article can still trigger EDR alerts and other detections.
 
-> [!IMPORTANT]
-> The exclusions described in this article don't apply to other Defender for Endpoint on macOS capabilities, including endpoint detection and response (EDR). Files that you exclude using the methods described in this article can still trigger EDR alerts and other detections.
-
-You can exclude certain files, folders, processes, and process-opened files from Defender for Endpoint on macOS scans.
-
-Exclusions can be useful to avoid incorrect detections on files or software that are unique or customized to your organization. They can also be useful for mitigating performance issues caused by Defender for Endpoint on macOS.
+You can exclude certain files, folders, processes, and process-opened files from Defender for Endpoint on macOS scans. Exclusions can be useful to avoid incorrect detections on files or software that are unique or customized to your organization. They can also be useful for mitigating performance issues caused by Defender for Endpoint on macOS.
 
 To narrow down which process and/or path and/or extension you need to exclude, use [real-time-protection-statistics](mac-support-perf.md).
 
 > [!WARNING]
 > Defining exclusions lowers the protection offered by Defender for Endpoint on macOS. You should always evaluate the risks that are associated with implementing exclusions, and you should only exclude files that you're confident aren't malicious.
 
+[!INCLUDE [side-by-side-scenarios](includes/side-by-side-scenarios.md)]
+
 ## Supported exclusion types
 
 The following table shows the exclusion types supported by Defender for Endpoint on macOS.
diff --git a/defender-endpoint/mac-install-with-intune.md b/defender-endpoint/mac-install-with-intune.md
@@ -33,6 +33,8 @@ This article describes how to deploy Microsoft Defender for Endpoint on macOS th
 
 Before you get started, see [the main Microsoft Defender for Endpoint on macOS page](microsoft-defender-endpoint-mac.md) for an overview of Microsoft Defender for Endpoint on macOS, including its capabilities and features. It also includes links to additional resources for more information. For a description of prerequisites and system requirements for the current software version, see [Microsoft Defender for Endpoint on MacOS prerequisites](/defender-endpoint/microsoft-defender-endpoint-mac-prerequisites).
 
+[!INCLUDE [side-by-side-scenarios](includes/side-by-side-scenarios.md)]
+
 ## Overview
 
 The following table summarizes the steps to deploy and manage Microsoft Defender for Endpoint on macOS via Microsoft Intune. See the following table for more detailed steps:
diff --git a/defender-endpoint/mde-linux-prerequisites.md b/defender-endpoint/mde-linux-prerequisites.md
@@ -31,6 +31,8 @@ This article lists hardware and software requirements for Defender for Endpoint
 
 - [What's new in Defender for Endpoint on Linux](linux-whatsnew.md) 
 
+[!INCLUDE [side-by-side-scenarios](includes/side-by-side-scenarios.md)]
+
 ## License requirements
 
 To onboard servers to Defender for Endpoint, server licenses are required. You can choose from the following options:
diff --git a/defender-endpoint/mde-planning-guide.md b/defender-endpoint/mde-planning-guide.md
@@ -18,7 +18,7 @@ ms.custom: admindeeplinkDEFENDER
 ms.topic: get-started
 ms.subservice: onboard
 search.appverid: met150
-ms.date: 09/25/2024
+ms.date: 06/19/2025
 ---
 
 # Get started with your Microsoft Defender for Endpoint deployment
@@ -47,8 +47,7 @@ The steps to deploy Defender for Endpoint are:
 4. [Step 4 - Onboard devices](onboarding.md): Assess and onboard your devices to Defender for Endpoint.
 5. [Step 5 - Configure capabilities](onboard-configure.md): You're now ready to configure Defender for Endpoint security capabilities to protect your devices.
 
-> [!IMPORTANT]
-> Microsoft recommends that you use roles with the fewest permissions. This helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
+[!INCLUDE [side-by-side-scenarios](includes/side-by-side-scenarios.md)]
 
 ## Requirements
 
@@ -58,6 +57,9 @@ Here's a list of prerequisites required to deploy Defender for Endpoint:
 - Your environment meets the [minimum requirements](minimum-requirements.md)
 - You have a full inventory of your environment. The following table provides a starting point to gather information and ensure that stakeholders understand your environment. The inventory helps identify potential dependencies and/or changes required in technologies or processes.
 
+> [!IMPORTANT]
+> Microsoft recommends that you use roles with the fewest permissions. This helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
+
 |What|Description|
 |---|---|
 |Endpoint count|Total count of endpoints by operating system.|
@@ -70,6 +72,4 @@ Here's a list of prerequisites required to deploy Defender for Endpoint:
 
 Start your deployment with [Step 1 - Set up Microsoft Defender for Endpoint deployment](production-deployment.md)
 
-[!INCLUDE [side-by-side-scenarios](includes/side-by-side-scenarios.md)]
-
 [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]
diff --git a/defender-endpoint/onboard-configure.md b/defender-endpoint/onboard-configure.md
@@ -32,6 +32,8 @@ ms.date: 09/30/2024
 
 In this step, you're ready to configure Microsoft Defender for Endpoint capabilities.
 
+[!INCLUDE [side-by-side-scenarios](includes/side-by-side-scenarios.md)]
+
 ## Configure capabilities
 
 In many cases, organizations have existing endpoint security products in place. The bare minimum being an antivirus solution, but in some cases, an organization might have existing endpoint detection and response solution.
diff --git a/defender-endpoint/onboarding.md b/defender-endpoint/onboarding.md
@@ -33,6 +33,8 @@ ms.date: 05/08/2025
 
 > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://go.microsoft.com/fwlink/p/?linkid=2225630)
 
+[!INCLUDE [side-by-side-scenarios](includes/side-by-side-scenarios.md)]
+
 ## Onboard devices using any of the supported management tools
 
 The deployment tool you use influences how you onboard endpoints to the service. Refer to your selected [deployment method](deployment-strategy.md#step-2-select-your-deployment-method).
diff --git a/defender-endpoint/production-deployment.md b/defender-endpoint/production-deployment.md
@@ -17,7 +17,7 @@ ms.custom: admindeeplinkDEFENDER
 ms.topic: how-to
 ms.subservice: onboard
 search.appverid: met150
-ms.date: 04/15/2025
+ms.date: 06/19/2025
 ---
 
 # Prepare to deploy Microsoft Defender for Endpoint deployment
@@ -40,8 +40,9 @@ In this deployment scenario, you're guided through the steps on:
 - Tenant configuration
 - Network configuration
 
-> [!NOTE]
-> For the purpose of guiding you through a typical deployment, this scenario will only cover the use of Microsoft Configuration Manager. Defender for Endpoint supports the use of other onboarding tools but we won't cover those scenarios in the deployment guide. For more information, see [Identify Defender for Endpoint architecture and deployment method](deployment-strategy.md).
+[!INCLUDE [side-by-side-scenarios](includes/side-by-side-scenarios.md)]
+
+For the purpose of guiding you through a typical deployment, this scenario will only cover the use of Microsoft Configuration Manager. Defender for Endpoint supports the use of other onboarding tools but we won't cover those scenarios in the deployment guide. For more information, see [Identify Defender for Endpoint architecture and deployment method](deployment-strategy.md).
 
 [!Include [defender-endpoint-setup-guide.md](../includes/mde-automated-setup-guide.md)]
 
diff --git a/defender-endpoint/switch-to-mde-overview.md b/defender-endpoint/switch-to-mde-overview.md
@@ -35,6 +35,8 @@ If you're ready to move from a non-Microsoft endpoint protection solution to [Mi
 
 When you migrate to Defender for Endpoint, you begin with your non-Microsoft antivirus/antimalware protection in active mode. Then, you configure Microsoft Defender Antivirus in passive mode, and configure Defender for Endpoint features. Then, you onboard your organization's devices, and verify that everything is working correctly. Finally, you remove the non-Microsoft solution from your devices.
 
+[!INCLUDE [side-by-side-scenarios](includes/side-by-side-scenarios.md)]
+
 ## The migration process
 
 :::image type="content" source="media/phase-diagrams/migration-phases.png" alt-text="The MDE migration process" lightbox="media/phase-diagrams/migration-phases.png":::
diff --git a/defender-endpoint/switch-to-mde-phase-1.md b/defender-endpoint/switch-to-mde-phase-1.md
@@ -37,11 +37,13 @@ search.appverid: met150
 
 This migration phase includes the following steps:
 
-1. [Get and deploy updates across your organization's devices](#step-1-get-and-deploy-updates-across-your-organizations-devices).
-2. [Get Microsoft Defender for Endpoint Plan 1 or Plan 2](#step-2-get-microsoft-defender-for-endpoint-plan-1-or-plan-2).
-3. [Grant access to the Microsoft Defender portal](#step-3-grant-access-to-the-microsoft-365-defender-portal).
-4. [Review more information about device proxy and internet connectivity settings](#step-4-view-information-about-device-proxy-and-internet-connectivity-settings).
-5. [Capture performance baseline data from the endpoint](#step-5-capture-performance-baseline-data-from-the-endpoint) 
+1. Get and deploy updates across your organization's devices.
+2. Get Microsoft Defender for Endpoint Plan 1 or Plan 2.
+3. Grant access to the Microsoft Defender portal.
+4. Review more information about device proxy and internet connectivity settings.
+5. Capture performance baseline data from the endpoint. 
+
+[!INCLUDE [side-by-side-scenarios](includes/side-by-side-scenarios.md)]
 
 ## Step 1: Get and deploy updates across your organization's devices
 
diff --git a/defender-endpoint/switch-to-mde-phase-3.md b/defender-endpoint/switch-to-mde-phase-3.md
@@ -35,12 +35,14 @@ search.appverid: met150
 
 **Welcome to Phase 3 of [migrating to Defender for Endpoint](switch-to-mde-overview.md#the-migration-process)**. This migration phase includes the following steps:
 
-1. [Onboard devices to Defender for Endpoint](#step-1-onboard-devices-to-microsoft-defender-for-endpoint).
-2. [Run a detection test](#step-2-run-a-detection-test).
-3. [Confirm that Microsoft Defender Antivirus is in passive mode on your endpoints](#step-3-confirm-that-microsoft-defender-antivirus-is-in-passive-mode-on-your-endpoints).
-4. [Get updates for Microsoft Defender Antivirus](#step-4-get-updates-for-microsoft-defender-antivirus).
-5. [Uninstall your non-Microsoft solution](#step-5-uninstall-your-non-microsoft-solution).
-6. [Make sure Defender for Endpoint is working correctly](#step-6-make-sure-defender-for-endpoint-is-working-correctly).
+1. Onboard devices to Defender for Endpoint.
+2. Run a detection test.
+3. Confirm that Microsoft Defender Antivirus is in passive mode on your endpoints.
+4. Get updates for Microsoft Defender Antivirus.
+5. Uninstall your non-Microsoft solution.
+6. Make sure Defender for Endpoint is working correctly.
+
+[!INCLUDE [side-by-side-scenarios](includes/side-by-side-scenarios.md)]
 
 ## Step 1: Onboard devices to Microsoft Defender for Endpoint
 
diff --git a/defender-xdr/pilot-deploy-defender-endpoint.md b/defender-xdr/pilot-deploy-defender-endpoint.md

Original file line number	Diff line number	Diff line change
`@@ -31,6 +31,7 @@ ms.date: 04/10/2025`
`31`	`31`
`32`	`32`	`You can deploy [Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md) by using a variety of tools and methods. This article describes how to deploy Defender for Endpoint on Linux using Puppet. To use another method, refer to the [See also](#see-also) section.`
`33`	`33`
	`34`	`+[!INCLUDE [side-by-side-scenarios](includes/side-by-side-scenarios.md)]`
`34`	`35`
`35`	`36`	`[!INCLUDE [Microsoft Defender for Endpoint third-party tool support](../includes/support.md)]`
`36`	`37`