Merge pull request #576 from MicrosoftDocs/main

publish main to live 10:30 AM 5/29/24

Author: American-Dipper

defender-endpoint/attack-surface-reduction-rules-reference.md

@@ -42,9 +42,8 @@ This article provides information about Microsoft Defender for Endpoint attack s
 - [Per-rule-descriptions](#per-rule-descriptions)
 
 [!Include[Prerelease information](../includes/prerelease.md)]
+[!Include [defender-endpoint-setup-guide.md](../includes/mde-automated-setup-guide.md)]
 
-> [!TIP]
-> As a companion to this article, we recommend using the [Microsoft Defender for Endpoint automated setup guide](https://go.microsoft.com/fwlink/?linkid=2268088), which helps you utilize essential tools and automated features such as attack surface reduction and next-generation protection. When signed in to the Microsoft 365 admin center, this guide will customize your experience based on your environment. To review best practices without signing in and activating automated setup features, go to the [Microsoft 365 setup guide](https://go.microsoft.com/fwlink/?linkid=2268087).
 ## Attack surface reduction rules by type
 
 Attack surface reduction rules are categorized as one of two types:

defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md

@@ -64,8 +64,8 @@ Potentially unwanted applications can increase the risk of your network being in
 
 [Learn more about Windows Enterprise subscriptions](https://www.microsoft.com/microsoft-365/windows/windows-11-enterprise).
 
-> [!TIP]
-> As a companion to this article, we recommend using the [Microsoft Defender for Endpoint automated setup guide](https://go.microsoft.com/fwlink/?linkid=2268088), which helps you utilize essential tools and automated features such as attack surface reduction and next-generation protection. When signed in to the Microsoft 365 admin center, this guide will customize your experience based on your environment. To review best practices without signing in and activating automated setup features, go to the [Microsoft 365 setup guide](https://go.microsoft.com/fwlink/?linkid=2268087).
+[!Include [defender-endpoint-setup-guide.md](../includes/mde-automated-setup-guide.md)]
+
 ## Microsoft Edge
 
 The [new Microsoft Edge](https://support.microsoft.com/microsoft-edge/get-to-know-microsoft-edge-3f4bb0ff-58de-2188-55c0-f560b7e20bea), which is Chromium-based, blocks potentially unwanted application downloads and associated resource URLs. This feature is provided via [Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview).

defender-endpoint/device-control-overview.md

@@ -39,6 +39,8 @@ This list is intended to provide some examples. It's not an exhaustive list; the
 
 Device control helps protect your organization from potential data loss, malware, or other cyberthreats by allowing or preventing certain devices to be connected to users' computers. With device control, your security team can determine whether and what peripheral devices users can install and use on their computers. 
 
+[!Include [defender-endpoint-setup-guide.md](../includes/mde-automated-setup-guide.md)]
+
 ## Microsoft device control capabilities
 
 Device control capabilities from Microsoft can be organized into three main categories: device control in Windows, device control in Defender for Endpoint, and Endpoint Data Loss Prevention (Endpoint DLP).

defender-endpoint/linux-whatsnew.md

@@ -31,7 +31,27 @@ This article is updated frequently to let you know what's new in the latest rele
 
 - [What's new in Defender for Endpoint on macOS](mac-whatsnew.md)
 - [What's new in Defender for Endpoint on iOS](ios-whatsnew.md)
+<details>
+<summary> May-2024 (Build: 101.24042.0002 | Release version: 30.24042.0002.0)</summary>
+
+## May-2024 Build: 101.24042.0002 | Release version: 30.124042.0002.0
+
+&ensp;Released: **May 29, 2024**<br/>
+&ensp;Published: **May 29, 2024**<br/>
+&ensp;Build: **101.24042.0002**<br/>
+&ensp;Release version: **30.24042.0002.0**<br/>
+&ensp;Engine version: **1.1.24030.4**<br/>
+&ensp;Signature version: **1.407.521.0**<br/>
 
+**What's new**
+
+There are multiple fixes and new changes in this release:
+
+- In version 24032.0007, there was a known issue where the enrollment of devices to MDE Security Management failed when using the "Device Tagging" mechanism via the mdatp_managed.json file. This issue has been resolved in the current release.
+- Stability and performance improvements.
+- Other bug fixes.
+
+</details>
 <details>
 <summary> May-2024 (Build: 101.24032.0007 | Release version: 30.124032.0007.0)</summary>
 
@@ -67,11 +87,12 @@ There are multiple fixes and new changes in this release:
 
 **Known Issues**
 
-- There's a known issue with enrolling devices to MDE Security Management using "Device Tagging" mechanism in 24032.007 using mdatp_managed.json. To mitigate this issue, use the following mdatp CLI command to tag devices:
+- There's a known issue where enrolling devices to MDE Security Management via "Device Tagging" mechanism using mdatp_managed.json is failing in 24032.0007. To mitigate this issue, use the following mdatp CLI command to tag devices:
 
    ```bash
    sudo mdatp edr tag set --name GROUP --value MDE-Management
    ```
+    **The issue has been fixed in Build: 101.24042.0002**
 
 </details>
 

defender-endpoint/mac-support-perf-overview.md

@@ -1,13 +1,15 @@
 ---
 title: Overview for how to troubleshoot performance issues for Microsoft Defender for Endpoint on macOS
-description: Troubleshoot performance issues overview for Microsoft Defender for Endpoint on macOS
+description: Troubleshoot performance issues overview for Microsoft Defender for Endpoint on macOS.
 author: YongRhee-MSFT 
 ms.author: yongrhee 
 ms.service: defender-endpoint
 ms.topic: overview
-ms.date: 03/01/2024
-ms.subservice: ngp
+ms.localizationpriority: medium
+ms.date: 05/29/2024
+ms.subservice: macos
 manager: dansimp
+ms.custom: partner-contribution
 ---
 
 # Overview for how to troubleshoot performance issues for Microsoft Defender for Endpoint on macOS
@@ -23,21 +25,23 @@ This article provides general guidelines to identify performance issues related
 
 Depending on the applications that you're running and your device characteristics, you might experience suboptimal performance when running Microsoft Defender for Endpoint on macOS. In particular, applications or system processes that access many resources over a short timespan can lead to performance issues in Microsoft Defender for Endpoint on macOS.
 
+> [!TIP]
+> As a general best practice, it is recommended to [update the Microsoft Defender for Endpoint agent to latest available version](/defender-endpoint/mac-whatsnew) and confirming that the issue still persists before investigating further.
+
 > [!CAUTION]
 > Running other third-party endpoint protection products alongside Microsoft Defender for Endpoint on MacOS is likely to lead to performance problems and unpredictable side effects. If non-Microsoft endpoint protection is an absolute requirement in your environment, you can configure Microsoft Defender Antivirus to run in **[Passive mode](mac-preferences.md)**. After you configure Passive mode, you can use Defender for Endpoint on Mac EDR functionality.
 
 > [!WARNING]
 > Before starting, make sure that other security products are not currently running on the device. Multiple security products might conflict and impact system performance.
 
 > [!TIP]
-> If you're running other third-party security products, make sure that the Microsoft Defender for Endpoint on macOS processes and paths are excluded from that 3rd party security product and that security product is excluded from Microsoft Defender for Endpoint on macOS.
-
-When troubleshooting performance issues for Microsoft Defender for Endpoint on macOS, you should review the **Activity Monitor** to see which of the three (3) processes is leading the high cpu utilization
+> If you're running other third-party security products, make sure that the Microsoft Defender for Endpoint on macOS processes and paths are excluded from that 3rd party security product and that security product is excluded from Microsoft Defender for Endpoint on macOS.  And vice-versa.
+When troubleshooting performance issues for Microsoft Defender for Endpoint on macOS, you should review the **Activity Monitor** or run **top** to see which of the three (3) processes is leading the high cpu utilization
 
 |Daemon name|Component|Troubleshooting guide|
 | -------- | -------- |-------- |
 |wdavdaemon| Core (privileged)|Open a [Microsoft support case](contact-support.md).|
-|wdavdaemon_unpriviliged| Antimalware (AV, EPP)|Review [Troubleshoot performance issues for Microsoft Defender for Endpoint on macOS](mac-support-perf.md).|
+|wdavdaemon_unprivileged| Antimalware (AV, EPP)|Review [Troubleshoot performance issues for Microsoft Defender for Endpoint on macOS](mac-support-perf.md).|
 |wdavdaemon_enterprise| Endpoint Detection and Response (EDR)|Open a [Microsoft support case](contact-support.md).|
 
 Additionally, gather [Defender for Endpoint Client Analyzer](run-analyzer-macos-linux.md) files while the issue occurs. This will be used by the support team to investigate the issue. 

defender-endpoint/microsoft-defender-endpoint-antivirus-performance-mode.md

@@ -14,7 +14,7 @@ ms.collection:
 - m365-security
 - tier2
 search.appverid: met150
-ms.date: 05/02/2024
+ms.date: 05/29/2024
 ---
 
 # Protect Dev Drive using performance mode
@@ -32,8 +32,8 @@ ms.date: 05/02/2024
 
 - Windows 11
 
-> [!TIP]
-> As a companion to this article, we recommend using the [Microsoft Defender for Endpoint automated setup guide](https://go.microsoft.com/fwlink/?linkid=2268088), which helps you utilize essential tools and automated features such as attack surface reduction and next-generation protection. When signed in to the Microsoft 365 admin center, this guide will customize your experience based on your environment. To review best practices without signing in and activating automated setup features, go to the [Microsoft 365 setup guide](https://go.microsoft.com/fwlink/?linkid=2268087).
+[!Include [defender-endpoint-setup-guide.md](../includes/mde-automated-setup-guide.md)]
+
 ## What is performance mode
 
 Performance mode is now available on Windows 11 as a new Microsoft Defender Antivirus capability. Performance mode reduces the performance impact of Microsoft Defender Antivirus scans for files stored on designated _Dev Drive_. The goal of performance mode is to improve functional performance for developers who use Windows 11 devices. 

defender-endpoint/review-detected-threats.md

@@ -12,7 +12,7 @@ ms.collection:
 - tier2
 - mde-edr
 ms.topic: conceptual
-ms.date: 02/02/2024
+ms.date: 05/29/2024
 ms.subservice: edr
 search.appverid: met150
 ---
@@ -101,8 +101,8 @@ DeviceInfo
 AlertEvidence
 | where Timestamp > ago(15d)
 | where ServiceSource == "Microsoft Defender for Endpoint"
-| where DetectionSource == "Antivirus"
-DeviceName
+| where DetectionSource == "Antivirus")
+on DeviceName
 | distinct DeviceName, DeviceId, Title, AlertId, Timestamp
 ```
 

defender-endpoint/troubleshoot-onboarding.md

@@ -36,8 +36,7 @@ This page provides detailed steps to troubleshoot onboarding issues that might o
 
 Before you start troubleshooting issues with onboarding tools, it's important to check if the minimum requirements are met for onboarding devices to the services. [Learn about the licensing, hardware, and software requirements to onboard devices to the service](minimum-requirements.md).
 
-> [!TIP]
-> As a companion to this article, we recommend using the [Microsoft Defender for Endpoint automated setup guide](https://go.microsoft.com/fwlink/?linkid=2268088) when signed in to the Microsoft 365 admin center. This guide will customize your experience based on your environment. To review best practices without signing in and activating automated setup features, go to the [Microsoft 365 setup guide](https://go.microsoft.com/fwlink/?linkid=2268087).
+[!Include [defender-endpoint-setup-guide.md](../includes/mde-automated-setup-guide.md)]
 
 ## Troubleshoot issues with onboarding tools
 

defender-for-cloud/breadcrumb/defender-for-cloud/toc.yml

@@ -4,4 +4,4 @@
   items:
     - name: 'Microsoft Defender for Cloud'
       tocHref: /defender-for-cloud/
-      topicHref: /defender-for-cloud/index
+      topicHref: /defender-for-cloud/index

defender-for-cloud/docfx.json

@@ -25,7 +25,9 @@
       {
         "files": [
           "**/*.png",
-          "**/*.jpg"
+          "**/*.jpg",
+          "**/*.gif",
+          "**/*.svg"
         ],
         "exclude": [
           "**/obj/**",
@@ -40,11 +42,30 @@
     "overwrite": [],
     "externalReference": [],
     "globalMetadata": {
-      "breadcrumb_path": "~/breadcrumb/defender-for-cloud/toc.yml",
+      "breadcrumb_path": "/breadcrumb/defender-for-cloud/toc.json",
       "feedback_system": "Standard",
-      "permissioned-type": "public"
+      "permissioned-type": "public",
+      "feedback_product_url": "https://techcommunity.microsoft.com/t5/security-compliance-and-identity/ct-p/MicrosoftSecurityandCompliance",
+      "uhfHeaderId": "MSDocsHeader-MicrosoftDefender",
+      "titleSuffix": "Microsoft Defender for Cloud",
+      "searchScope": [
+        "Microsoft Defender for Cloud"
+      ],
+      "contributors_to_exclude": [
+        "dstrome",
+        "shdyas",
+        "rjagiewich",
+        "American-Dipper",
+        "claydetels19",
+        "jborsecnik",
+        "v-stchambers",
+        "Stacyrch140",
+        "garycentric",
+        "alekyaj"
+      ]
     },
     "fileMetadata": {},
-    "template": []
+    "template": [],
+    "dest": "defender-for-cloud"
   }
 }