Merge branch 'main' into Mal-chrisda

Author: chrisda

.acrolinx-config.edn

@@ -1,6 +1,6 @@
-{:changed-files-limit 30
+{:changed-files-limit 60
  :allowed-branchname-matches ["main" "release-.*"]
- :allowed-filename-matches ["defender-xdr/" "exposure-management/" "defender/" "defender-business/" "defender-vulnerability-management/" "defender-office-365/" "defender-endpoint/"] ;; Can be overridden in repo-specific edn file. This is an allow list that identifies which folders contain the files Acrolinx will check. Separate multiple folders as follows ["folder/" "folder2"]
+ :allowed-filename-matches ["defender/" "defender-business/" "defender-endpoint/" "defender-for-cloud/" "defender-for-iot/" "defender-office-365/" "defender-vulnerability-management/" "defender-xdr/" "exposure-management/"] ;; Can be overridden in repo-specific edn file. This is an allow list that identifies which folders contain the files Acrolinx will check. Separate multiple folders as follows ["folder/" "folder2"]
 
 :use-gh-statuses true
 

.openpublishing.redirection.defender.json

@@ -5,11 +5,6 @@
       "redirect_url": "/defender-xdr/advanced-hunting-overview",
       "redirect_document_id": false
     },
-    {
-      "source_path": "defender-xdr/alerts-incidents-correlation.md",
-      "redirect_url": "/defender-xdr/incident-response-overview",
-      "redirect_document_id": false
-    },
     {
       "source_path": "defender-office-365/zero-trust-continuous-access-evaluation-microsoft-365.md",
       "redirect_url": "/security/zero-trust/zero-trust-continuous-access-evaluation-microsoft-365",

defender-business/TOC.yml

@@ -25,7 +25,7 @@
       href: trial-playbook-defender-business.md
     - name: Visit the Microsoft Defender portal
       href: mdb-get-started.md
-    - name: Try tutorials and simulations
+    - name: Find training and learning resources
       href: mdb-tutorials.md
   - name: Set up and configure Defender for Business
     items:

defender-business/index.yml

@@ -56,6 +56,8 @@ landingContent:
             url: trial-playbook-defender-business.md
           - text: Turn on preview features
             url: /defender-xdr/preview
+          - text: Find training and learning resources
+            url: mdb-tutorials.md
 
   # Card
   - title: Setup information

defender-business/mdb-add-users.md

@@ -9,7 +9,7 @@ audience: Admin
 ms.topic: conceptual
 ms.service: defender-business
 ms.localizationpriority: medium
-ms.date: 06/07/2024
+ms.date: 06/19/2024
 ms.collection: 
 - m365-security
 - tier1
@@ -59,8 +59,8 @@ One good way to make sure MFA is enabled for all users is by using [security def
 
 4. On the right side of the screen, in the **Security defaults** pane, see whether security defaults are turned on (**Enabled**) or off (**Disabled**). To turn security defaults on, use the drop-down menu to select **Enabled**. 
 
-   > [!CAUTION]
-   > If your organization is using Conditional Access policies, you won't be able to enable security defaults. You'll see a message that indicates you're using classic policies instead. You can use *either* security defaults *or* Conditional Access, but not both. For most organizations, security defaults offer a good level of sign-in security. But if your organization must meet more stringent requirements, you can use Conditional Access policies instead. To learn more, see the following articles:
+   > [!NOTE]
+   > If your organization is using Conditional Access policies, don't enable security defaults. In this case, you might see a message that indicates you're using classic policies. To learn more, see the following articles:
    > - [Multi-factor authentication](/Microsoft-365/business-premium/m365bp-turn-on-mfa) (in the Microsoft 365 Business Premium documentation)
    > - [Security defaults in Microsoft Entra ID](/azure/active-directory/fundamentals/concept-fundamentals-security-defaults)
 
@@ -69,5 +69,6 @@ One good way to make sure MFA is enabled for all users is by using [security def
 ## Next steps
 
 - [Step 3: Assign security roles and permissions in Microsoft Defender for Business](mdb-roles-permissions.md).
+
 - [Step 4: Set up email notifications for your security team](mdb-email-notifications.md).
 

defender-business/mdb-create-edit-device-groups.md

@@ -10,7 +10,7 @@ ms.topic: how-to
 ms.service: defender-business
 ms.localizationpriority: medium
 ms.reviewer: nehabha
-ms.date: 05/17/2023
+ms.date: 06/19/2024
 f1.keywords: NOCSH 
 ms.collection: 
 - SMB
@@ -30,7 +30,6 @@ In Defender for Business, policies are applied to devices through certain collec
 - [How to view an existing device group](#view-an-existing-device-group)
 - [What the Add All Devices option does](#what-does-the-add-all-devices-option-do)
 
-
 ## What is a device group?
 
 A device group is a collection of devices that are grouped together because of certain specified criteria, such as operating system version. Devices that meet the criteria are included in that device group, unless you exclude them. In Defender for Business, policies are applied to devices by using device groups.

defender-business/mdb-email-notifications.md

@@ -10,7 +10,7 @@ ms.topic: overview
 ms.service: defender-business
 ms.localizationpriority: medium
 ms.reviewer: nehabha
-ms.date: 05/01/2023
+ms.date: 06/19/2024
 f1.keywords: NOCSH 
 ms.collection: 
  - m365-security
@@ -45,7 +45,7 @@ When you set up email notifications, you can choose from two types, as described
 > [!TIP]
 > **Email notifications are not the only way your security team can find out about new alerts or vulnerabilities**.
 > 
-> Email notifications are a convenient way to help keep your security team informed, in real time. But there are others! For example, whenever your security team signs into the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), they'll see cards highlighting new threats, alerts, and vulnerabilities. Defender for Business is designed to highlight important information that your security team cares about as soon as they sign in.
+> Email notifications are a convenient way to help keep your security team informed, in real time. But there are other methods you can use as well. For example, whenever your security team signs into the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), they see cards highlighting new threats, alerts, and vulnerabilities. Defender for Business is designed to highlight important information that your security team cares about as soon as they sign in.
 > 
 > Your security team can also choose **Incidents** in the navigation pane to view information. To learn more, see [View and manage incidents in Defender for Business](mdb-view-manage-incidents.md).
 

defender-business/mdb-firewall.md

@@ -9,7 +9,7 @@ audience: Admin
 ms.topic: overview
 ms.service: defender-business
 ms.localizationpriority: medium
-ms.date: 05/04/2023
+ms.date: 06/19/2024
 ms.reviewer: nehabha
 f1.keywords: NOCSH 
 ms.collection: 
@@ -34,10 +34,29 @@ You can use firewall protection to specify whether to allow or to block connecti
 
 Depending on whether you're using the Microsoft Defender portal or Intune to manage your firewall protection, use one of the following procedures.
 
-| Portal | Procedure |
-|:---|:---|
-| Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) |1. Go to the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), and sign in.<br/>2. In the navigation pane, choose **Device configuration**. Policies are organized by operating system and policy type.<br/>3. Select an operating system tab (such as **Windows clients**).<br/>4. Expand **Firewall** to view your list of policies.<br/>5. Select a policy to view the details. <br/><br/>To make changes or to learn more about policy settings, see the following articles:<br/>- [View or edit device policies](mdb-view-edit-create-policies.md)<br/>- [Firewall settings](mdb-firewall.md)<br/>- [Manage your custom rules for firewall policies](mdb-firewall.md)  |
-| Microsoft Intune admin center ([https://intune.microsoft.com](https://intune.microsoft.com)) |1. Go to [https://intune.microsoft.com](https://intune.microsoft.com) and sign in. You're now in the Intune admin center.<br/>2. Select **Endpoint security**.<br/>3. Select **Firewall** to view your policies in that category. Custom rules that are defined for firewall protection are listed as separate policies. <br/><br/>For help with managing your security settings in Intune, start with [Manage endpoint security in Microsoft Intune](/mem/intune/protect/endpoint-security).|
+### Use the Microsoft Defender portal to view or edit firewall policies
+
+1. Go to the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), and sign in.
+
+2. In the navigation pane, choose **Device configuration**. Policies are organized by operating system and policy type.
+
+3. Select an operating system tab (such as **Windows clients**).
+
+4. Expand **Firewall** to view your list of policies.
+
+5. Select a policy to view the details. To make changes or to learn more about policy settings, see the following articles:
+   
+   - [View or edit device policies](mdb-view-edit-create-policies.md)
+   - [Firewall settings](mdb-firewall.md)
+   - [Manage your custom rules for firewall policies](mdb-firewall.md)
+   
+### Use the Intune admin center to view or edit firewall policies
+
+1. Go to [https://intune.microsoft.com](https://intune.microsoft.com) and sign in. You're now in the Intune admin center.
+
+2. Select **Endpoint security**.
+
+3. Select **Firewall** to view your policies in that category. Custom rules that are defined for firewall protection are listed as separate policies. To get help with managing your security settings in Intune, start with [Manage endpoint security in Microsoft Intune](/mem/intune/protect/endpoint-security).
 
 ## Manage your custom rules for firewall policies in Microsoft Defender for Business
 
@@ -56,10 +75,15 @@ You can use custom rules to define exceptions for your firewall policies. That i
 5. To create a custom rule, follow these steps: 
 
    1. Under **Custom rules**, choose **+ Add rule**. (You can have up to 150 custom rules.)
+
    2. On the **Create new rule** flyout, specify a name and description for the rule.
+
    3. Select a profile. (Your options include **Domain network**, **Public network**, or **Private network**.)
+
    4. In the **Remote address type** list, select either **IP** or **Application file path**.
+
    5. In the **Value** box, specify an appropriate value. Depending on what you selected in step 6d, you might specify an IP address, an IP address range, or an application file path. (See [Firewall settings](mdb-firewall.md).)
+
    6. On the **Create new rule** flyout, select **Create rule**. 
 
 6. On the **Configuration settings** screen, choose **Next**.
@@ -81,10 +105,15 @@ You can use custom rules to define exceptions for your firewall policies. That i
 6. To edit your custom rule, follow these steps:
 
    1. On the **Edit rule** flyout, review and edit the rule's name and description.
+
    2. Review and if necessary, edit the rule's profile. (Your options include **Domain network**, **Public network**, or **Private network**.)
+   
    3. In the **Remote address type** list, select either **IP** or **Application file path**.
+   
    4. In the **Value** box, specify an appropriate value. Depending on what you selected in step 6c, you might specify an IP address, an IP address range, or an application file path. (See [Firewall settings](mdb-firewall.md).)
+   
    5. Set **Enable rule** to **On** to make the rule active. Or, to disable the rule, set the switch to **Off**.
+   
    6. On the **Edit rule** flyout, select **Update rule**. 
 
 7. On the **Configuration settings** screen, choose **Next**.

defender-business/mdb-get-started.md

@@ -9,7 +9,7 @@ audience: Admin
 ms.topic: conceptual
 ms.service: defender-business
 ms.localizationpriority: medium
-ms.date: 04/10/2024
+ms.date: 06/19/2024
 ms.reviewer: nehabha
 f1.keywords: NOCSH 
 ms.collection: 
@@ -43,7 +43,6 @@ Use the navigation bar on the left side of the screen to access your incidents,
 | **Partner catalog** | Lists Microsoft partners who provide technical and professional services. |
 | **Assets** > **Devices** | Enables you to view devices, such as computers and mobile devices that are enrolled in [Microsoft Intune](/mem/intune/fundamentals/what-is-intune). |
 | **Endpoints** > **Vulnerability management** | Enables you to access your [Microsoft Defender Vulnerability Management](/defender-vulnerability-management/defender-vulnerability-management) capabilities. Provides a dashboard, recommendations, remediation activities, a software inventory, and a list of potential weaknesses within your company. |
-| **Endpoints** > **Tutorials** | Provides access to walkthroughs and simulations to help you learn more about how your threat protection features work. Select the **Read the walkthrough** link before attempting to get the simulation file for each tutorial. Some simulations require Office apps, such as Microsoft Word, to read the walkthrough. |
 | **Endpoints** > **Configuration management** > **Device configuration** | Lists your security policies by operating system and by type. To learn more about your security policies, see [View or edit policies in Defender for Business](mdb-view-edit-create-policies.md). |
 | **Endpoints** > **Configuration management** > **Device management reporting** | Lists devices that are onboarded to Defender for Business, along with their operating system version, sensor health state, and when they were last updated. |
 | **Email & collaboration** > **Policies & rules** | If your subscription includes Exchange Online Protection or Microsoft Defender for Office 365, this section is where you'll manage your security policies and settings for email and collaboration services. [Learn more about Office 365 security](/defender-office-365/mdo-about). *The standalone version of Defender for Business does not include email & collaboration policies, but Microsoft 365 Business Premium does include Exchange Online Protection and Defender for Office 365 Plan 1*. |

defender-business/mdb-lighthouse-integration.md

@@ -9,7 +9,7 @@ audience: Admin
 ms.topic: overview
 ms.service: defender-business
 ms.localizationpriority: medium
-ms.date: 09/28/2022
+ms.date: 06/19/2024
 ms.reviewer: nehabha
 f1.keywords: NOCSH 
 ms.collection: 
@@ -34,7 +34,7 @@ If you're a Microsoft Cloud Solution Provider (CSP) or Managed Service Provider
 
 ## Learn more about Microsoft 365 Lighthouse
 
-Microsoft 365 Lighthouse enables Microsoft CSPs and MSPs to secure and manage devices, data, and users at scale.
+Microsoft 365 Lighthouse enables Microsoft CSPs and MSPs to secure and manage devices, data, and users for customers.
 
 To learn more, see: