Merge pull request #2620 from MicrosoftDocs/main

Publish main to live, 01/31/25, 3:30 PM PT

Author: Ruchika-mittal01

defender-endpoint/defender-endpoint-false-positives-negatives.md

@@ -6,7 +6,7 @@ ms.subservice: ngp
 ms.author: ewalsh
 author: emmwalshh
 ms.localizationpriority: medium
-ms.date: 11/12/2024
+ms.date: 01/30/2025
 manager: deniseb
 audience: ITPro
 ms.collection:

defender-endpoint/evaluate-microsoft-defender-antivirus.md

@@ -9,7 +9,7 @@ ms.author: ewalsh
 ms.reviewer: yongrhee
 manager: deniseb
 ms.custom: nextgen
-ms.date: 10/18/2018
+ms.date: 01/28/2025
 ms.subservice: ngp
 ms.collection: 
 - m365-security
@@ -39,12 +39,12 @@ You can choose to configure and evaluate each setting independently, or all at o
 
 The guide is available:
 
-- [Evaluate Microsoft Defender Antivirus using PowerShell](microsoft-defender-antivirus-using-powershell.md)
-- in PDF format for offline viewing: [Download the guide in PDF format](https://www.microsoft.com/download/details.aspx?id=54795).
+- [Evaluate Microsoft Defender Antivirus using PowerShell](microsoft-defender-antivirus-using-powershell.md).
+- In PDF format for offline viewing: [Download the guide in PDF format](https://www.microsoft.com/download/details.aspx?id=54795).
 
 You can also download a PowerShell that will enable all the settings described in the guide automatically. You can obtain the script alongside the PDF download above, or individually from PowerShell Gallery:
 
-- [Download the PowerShell script to automatically configure the settings](https://www.powershellgallery.com/packages/WindowsDefender_InternalEvaluationSettings)
+- [Download the PowerShell script to automatically configure the settings](https://aka.ms/wdeppscript).
 
 > [!IMPORTANT]
 > The guide is currently intended for single-machine evaluation of Microsoft Defender Antivirus. Enabling all of the settings in this guide may not be suitable for real-world deployment.
@@ -62,9 +62,22 @@ You can also download a PowerShell that will enable all the settings described i
 > - [Configure Defender for Endpoint on Android features](android-configure.md)
 > - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
 
-## Related topics
+## Related articles
+
+- Evaluate Microsoft Defender Antivirus using [Microsoft Defender Endpoint Security Settings Management (Endpoint security policies) ](/defender-endpoint/evaluate-mda-using-mde-security-settings-management)
+
+- Evaluate Microsoft Defender Antivirus using [Group Policy](/defender-endpoint/evaluate-mdav-using-gp)
+
+- Evaluate Microsoft Defender Antivirus using [Powershell](/defender-endpoint/microsoft-defender-antivirus-using-powershell)
+
+- [Advanced technologies](/defender-endpoint/adv-tech-of-mdav) at the core of Microsoft Defender Antivirus
+
+- [Microsoft Defender Antivirus compatibility with other security products](/defender-endpoint/microsoft-defender-antivirus-compatibility)
+
+- [Microsoft Defender Antivirus and non-Microsoft antivirus solutions without Defender for Endpoint](/defender-endpoint/defender-antivirus-compatibility-without-mde)
 
 - [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-windows.md)
+
 - [Deploy Microsoft Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md)
 
 [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]

defender-endpoint/mac-device-control-jamf.md

@@ -15,7 +15,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: macos
 search.appverid: met150
-ms.date: 04/30/2024
+ms.date: 01/31/2025
 ---
 
 # Deploy and manage Device Control using JAMF
@@ -31,49 +31,65 @@ ms.date: 04/30/2024
 
 > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-exposedapis-abovefoldlink)
 
-Microsoft Defender for Endpoint Device Control feature enables you to audit, allow, or prevent the read, write, or execute access to removable storage, and allows you to manage iOS and Portable device and Bluetooth media with or without exclusions.
+Device control in Microsoft Defender for Endpoint on macOS enables you to audit, allow, or prevent the read, write, or execute access to removable storage. Device control also allows you to manage iOS and portable devices and Bluetooth media, with or without exclusions.
 
 ## Licensing requirements
 
-Before you get started with Removable Storage Access Control, you must confirm your [Microsoft 365 subscription](https://www.microsoft.com/microsoft-365/compare-microsoft-365-enterprise-plans?rtc=3). To access and use Removable Storage Access Control, you must have Microsoft 365 E3.
+Before you begin, confirm your subscription. To access and use device control, your subscription must include Defender for Endpoint Plan 1. For more information, see the following resources:
+
+- [Microsoft 365 Enterprise plans comparison table](https://go.microsoft.com/fwlink/p/?LinkID=2139145&clcid=0x409&culture=&country=us)
+- [Understand subscriptions and licenses in Microsoft 365 for business](/microsoft-365/commerce/licenses/subscriptions-and-licenses)
 
 [!INCLUDE [Microsoft Defender for Endpoint third-party tool support](../includes/support.md)]
 
 ## Deploy policy by using JAMF
 
-### Step 1: Create policy JSON
+### Step 1: Creating a JSON policy
+
+Device Control on Mac is defined through a JSON policy. This policy should have the appropriate groups, rules, and settings defined to tailor specific customer conditions. For example, some enterprise organizations might need to block all removable media devices entirely, while others might have specific exceptions for a vendor or serial number. Microsoft has a [local GitHub repository](https://github.com/microsoft/mdatp-devicecontrol/tree/main/macOS/policy/samples"https://github.com/microsoft/mdatp-devicecontrol/tree/main/macos/policy/samples") that you can use to build your policies.
+
+For more information about settings, rules, and groups, see [Device Control for macOS](mac-device-control-overview.md).
+
+### Step 2: Validating a JSON policy
 
-Now, you have 'groups' and 'rules' and 'settings', combine 'settings' and 'groups' and rules into one JSON, here's the demo file: [https://github.com/microsoft/mdatp-devicecontrol/blob/main/macOS/policy/samples/deny_removable_media_except_kingston.json](https://github.com/microsoft/mdatp-devicecontrol/blob/main/macOS/policy/samples/deny_removable_media_except_kingston.json). Make sure to validate your policy with the JSON schema so your policy format is correct: [https://github.com/microsoft/mdatp-devicecontrol/blob/main/macOS/policy/device_control_policy_schema.json](https://github.com/microsoft/mdatp-devicecontrol/blob/main/macOS/policy/device_control_policy_schema.json).
+You must validate your JSON policy after it's created to ensure there are no syntax or configuration errors. A schema for device control policies is available in [our GitHub repository](https://github.com/microsoft/mdatp-devicecontrol/blob/main/macOS/policy/device_control_policy_schema.json"https://github.com/microsoft/mdatp-devicecontrol/blob/main/macos/policy/device_control_policy_schema.json"). The Defender for Endpoint application has built-in functionality to compare your JSON to the defined schema. 
 
-See [Device Control for macOS](mac-device-control-overview.md) for information about settings, rules, and groups.
+1. Save your configuration on a local device as a `.json` file.
 
-### Step 2: Update MDE Preferences Schema
+2. Ensure you have access to `mdatp` commands. If your device is already onboarded, then you should have this functionality.
 
-The [MDE Preferences schema](https://github.com/microsoft/mdatp-xplat/blob/master/macos/schema/schema.json) is updated to include the new `deviceControl/policy` key. The existing MDE Preferences configuration profile should be updated to use the new schema file's content.
+3. Run `mdatp device-control policy validate --path <pathtojson>`.
+
+### Step 3: Update your Defender for Endpoint preferences Schema
+
+The [Defender for Endpoint preferences schema](https://github.com/microsoft/mdatp-xplat/blob/master/macos/schema/schema.json) includes the new `deviceControl/policy` key. The existing Defender for Endpoint preferences configuration profile should be updated to use the new schema file's content.
 
 :::image type="content" source="media/macos-device-control-jamf-mde-preferences-schema.png" alt-text="Shows where to edit the Microsoft Defender for Endpoint Preferences Schema to update." lightbox="media/macos-device-control-jamf-mde-preferences-schema.png":::
 
-### Step 3: Add Device Control Policy to MDE Preferences
+### Step 4: Add the device control policy to Defender for Endpoint preferences
 
-A new 'Device Control' property is now available to add to the UX.  
+A new device control property is now available to add to the user experience.  
 
-1. Select the topmost **Add/Remove properties** button, then select **Device Control** and press **Apply**.
+1. In your Jamf console, select **Add/Remove properties**, select **Device Control**, and then select **Apply**.
 
-:::image type="content" source="media/macos-device-control-jamf-device-control-property.png" alt-text="Shows how to add Device Control in Microsoft Defender for Endpoint" lightbox="media/macos-device-control-jamf-device-control-property.png":::
+    :::image type="content" source="media/macos-device-control-jamf-device-control-property.png" alt-text="Shows how to add Device Control in Microsoft Defender for Endpoint" lightbox="media/macos-device-control-jamf-device-control-property.png":::
 
-2. Next, scroll down until you see the **Device Control** property (it's the bottommost entry), and select **Add/Remove properties** directly underneath it.
+2. Scroll down until you see the **Device Control** property (it's at the bottom of the list), and then select **Add/Remove properties**.
 
 3. Select **Device Control Policy**, and then select **Apply**.  
 
-:::image type="content" source="media/macos-device-control-jamf-device-control-add-remove-property.png" alt-text="Shows how to apply Device Control Policy in Microsoft Defender for Endpoint." lightbox="media/macos-device-control-jamf-device-control-add-remove-property.png":::
+    :::image type="content" source="media/macos-device-control-jamf-device-control-add-remove-property.png" alt-text="Shows how to apply Device Control Policy in Microsoft Defender for Endpoint." lightbox="media/macos-device-control-jamf-device-control-add-remove-property.png":::
 
-4. To finish, copy and paste the Device Control policy JSON into the text box, and save your changes to the configuration profile.
+4. Copy and paste your device control policy JSON into the text box.
 
-:::image type="content" source="media/macos-device-control-jamf-device-control-policy-json.png" alt-text="Shows where to add the Device Control policy JSON in Microsoft Defender for Endpoint." lightbox="media/macos-device-control-jamf-device-control-policy-json.png":::
+    :::image type="content" source="media/macos-device-control-jamf-device-control-policy-json.png" alt-text="Shows where to add the Device Control policy JSON in Microsoft Defender for Endpoint." lightbox="media/macos-device-control-jamf-device-control-policy-json.png":::
+
+5. Save your changes.
 
 ## See also
 
 - [Device Control for macOS](mac-device-control-overview.md)
 - [Deploy and manage Device Control using Intune](mac-device-control-intune.md)
 - [macOS Device Control frequently asked questions (FAQ)](mac-device-control-faq.md)
+
 [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]