Merge pull request #1193 from MicrosoftDocs/main

Publish main to live, Wednesday 3:30PM PDT, 08/21

Author: Stacyrch140

defender-endpoint/configure-server-exclusions-microsoft-defender-antivirus.md

@@ -6,7 +6,7 @@ description: Windows Server includes automatic exclusions, based on server role.
 ms.service: defender-endpoint
 ms.subservice: ngp
 ms.localizationpriority: medium
-ms.date: 08/07/2023
+ms.date: 08/21/2023
 author: siosulli
 ms.author: siosulli
 ms.topic: conceptual
@@ -29,7 +29,7 @@ search.appverid: met150
 
 **Platforms**
 
-- Windows
+- Windows Server
 
 This article describes types of exclusions that you don't have to define for Microsoft Defender Antivirus: 
 

defender-endpoint/configure-vulnerability-email-notifications.md

@@ -12,7 +12,7 @@ ms.collection:
 - tier2
 ms.topic: conceptual
 search.appverid: met150
-ms.date: 06/25/2024
+ms.date: 08/21/2024
 ---
 
 # Configure vulnerability email notifications in Microsoft Defender for Endpoint
@@ -48,7 +48,7 @@ Create a notification rule to send an email when there are certain exploit or vu
 
 1. Sign in to the [Microsoft Defender portal](https://go.microsoft.com/fwlink/p/?linkid=2077139) and using an account with the Security administrator or Global administrator role assigned.
 
-2. In the navigation pane, go to **Settings** \> **Endpoints** \> **Email notifications** \> **Vulnerabilities**.
+2. In the navigation pane, go to **Settings** \> **Endpoints** \> **General** \> **Email notifications** \> **Vulnerabilities**.
 
 2. Select **Add notification rule**.
 

defender-endpoint/mac-install-with-intune.md

@@ -14,7 +14,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: macos
 search.appverid: met150
-ms.date: 08/20/2024
+ms.date: 08/21/2024
 ---
 
 # Deploy Microsoft Defender for Endpoint on macOS with Microsoft Intune
@@ -144,15 +144,13 @@ To configure Full Disk Access:
 
 1. Under **Profile type**, select **Templates**.
 
-1. Under **Template name**, select **Custom**. Then select **Create**
-
-1. Select **Create**.
+1. Under **Template name**, select **Custom**, and then select **Create**.
 
-1. On the **Basics** tab, **Name** the profile. For example, `Background_Services-prod-macOS-Default-MDE`.
+1. On the **Basics** tab, **Name** the profile. For example, `FullDiskAccess-prod-macOS-Default-MDE`.
 
 1. Select **Next**.
 
-1. On the **Configuration settings** tab, enter a **Custom configuration profile** name. For example, `background_services.mobileconfig`.
+1. On the **Configuration settings** tab, enter a **Custom configuration profile** name. For example, `FullDiskAccess-prod-macOS-Default-MDE`.
 
 1. Choose a **Deployment channel** and then select **Next**.
 

defender-endpoint/mac-whatsnew.md

@@ -53,6 +53,18 @@ Microsoft Defender for Endpoint no longer supports Big Sur (11)
 
 Behavior monitoring monitors process behavior to detect and analyze potential threats based on the behavior of the applications, daemons, and files within the system. As behavior monitoring observes how the software behaves in real-time, it can adapt quickly to new and evolving threats and block them. To learn more, see [Behavior Monitoring in Microsoft Defender for Endpoint on macOS](behavior-monitor-macos.md).
 
+### Jul-2024 (Build: 101.24062.0009  | Release version: )
+
+| Build:             | **101.24062.0009**         |
+|--------------------|-----------------------|
+| Release version:   | 20.124062.9.0 |
+| Engine version:    | 1.1.24050.7       |
+| Signature version: | 1.411.410.0      |
+
+##### What's new
+
+- Bug and performance fixes
+
 ### Jun-2024 (Build: 101.24052.0013  | Release version: 20.124052.13.0)
 
 | Build:             | **101.24052.0013**    |

defender-office-365/defender-for-office-365-whats-new.md

@@ -8,7 +8,7 @@ ms.author: chrisda
 author: chrisda
 manager: deniseb
 ms.localizationpriority: medium
-ms.date: 07/26/2024
+ms.date: 08/21/2024
 audience: ITPro
 ms.collection:
   - m365-security
@@ -39,6 +39,10 @@ For more information on what's new with other Microsoft Defender security produc
 - [What's new in Microsoft Defender for Identity](/defender-for-identity/whats-new)
 - [What's new in Microsoft Defender for Cloud Apps](/cloud-app-security/release-notes)
 
+## August 2024
+
+- [Use the built-in Report button in Outlook](submissions-outlook-report-messages.md#use-the-built-in-report-button-in-outlook): The built-in **Report** button in Outlook for Microsoft 365 and Outlook 2021 now support the [user reported settings](submissions-user-reported-messages-custom-mailbox.md) experience to report messages as Phishing, Junk, and Not Junk.
+
 ## July 2024
 
 - **Tenant Allow/Block List in Microsoft 365 GCC, GCC High, DoD, and Office 365 operated by 21Vianet environments**: The [Tenant Allow/Block List](tenant-allow-block-list-about.md) is now available these environments. They are on parity with the WW commercial experiences.
@@ -160,7 +164,7 @@ For more information on what's new with other Microsoft Defender security produc
 
 - The new Microsoft Defender XDR role-based access control (RBAC) model, with support for Microsoft Defender for Office, is now available in public preview. For more information, see [Microsoft Defender XDR role-based access control (RBAC)](/defender-xdr/manage-rbac).
 
-- [Use the built-in Report button in Outlook on the web](submissions-outlook-report-messages.md#use-the-built-in-report-button-in-outlook): Use the built-in Report button in Outlook on the web to report messages as phish, junk, and not junk.
+- [Use the built-in Report button on Outlook](submissions-outlook-report-messages.md#use-the-built-in-report-button-in-outlook): Use the built-in Report button in Outlook on the web and new Outlook for Windows client to report messages as phish, junk, and not junk.
 
 ## October 2022
 

defender-xdr/manage-incidents.md

@@ -11,13 +11,14 @@ manager: deniseb
 audience: ITPro
 ms.collection: 
   - m365-security
+  - usx-security
   - tier1
 ms.custom: admindeeplinkDEFENDER
 ms.topic: conceptual
 search.appverid: 
   - MOE150
   - MET150
-ms.date: 08/19/2024
+ms.date: 08/21/2024
 appliesto: 
 - Microsoft Defender XDR
 - Microsoft Sentinel in the Microsoft Defender portal
@@ -149,7 +150,7 @@ You can also add your own comments using the comment box available within the ac
 > [!IMPORTANT]
 > Some information in this article relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 >
-> The export incident data feature is currently available to Microsoft Defender XDR and Microsoft Defender unified security operations center (SOC) platform customers with the Microsoft Copilot for security license.
+> The export incident data feature is currently available to Microsoft Defender XDR and Microsoft unified security operations center (SOC) platform customers with the Microsoft Copilot for security license.
 
 You can export an incident's data to PDF through the **Export incident as PDF** function and save it into PDF format. This function allows security teams to review an incident's details offline at any given time.
 
@@ -163,30 +164,34 @@ The incident data exported includes the following information:
 
 Here's an example of the exported PDF:
 
-:::image type="content" source="/defender/media/incidents-queue/export-incident-results-small.png" alt-text="Screenshot of the exported PDF's first page." lightbox="/defender/media/incidents-queue/export-incident-results.png":::
+:::image type="content" source="/defender/media/incidents-queue/export-results-small.png" alt-text="Screenshot of the exported PDF's first page." lightbox="/defender/media/incidents-queue/export-results.png":::
 
 If you have the [Copilot for Security](/security-copilot/microsoft-security-copilot) license, the exported PDF contains the following additional incident data:
 
 - [Incident summary](security-copilot-m365d-incident-summary.md)
 - [Incident report](security-copilot-m365d-create-incident-report.md)
 
-The export to PDF function is also available in the Copilot side panel of a generated incident report.
+The export to PDF function is also available in the Copilot side panel. When you select the **More actions** ellipsis (...) on the upper right corner of the incident report results card, you can choose **Export incident as PDF**.
 
 ![Screenshot of additional actions in the incident report results card.](/defender/media/incidents-queue/export-incident-more-actions1.png)
 
 To generate the PDF, perform the following steps:
 
-1. Open an incident page. Select the **More actions** ellipsis (...) on the upper right corner and choose **Export incident as PDF**. The function becomes grayed out while the PDF is being generated.
+1. Open an incident page. Select the **More actions** ellipsis (...) on the upper right corner and choose **Export incident as PDF**.
 
-   :::image type="content" source="/defender/media/incidents-queue/export-incident-main-small.png" alt-text="Screenshot highlighting the export incident to PDF option." lightbox="/defender/media/incidents-queue/export-incident-main.png":::
+   :::image type="content" source="/defender/media/incidents-queue/export-ellipsis-small.png" alt-text="Screenshot highlighting the export incident to PDF option." lightbox="/defender/media/incidents-queue/export-ellipsis.png":::
 
-1. A dialog box appears, indicating that the PDF is being generated. Select **Got it** to close the dialog box. Additionally, a status message indicating the current state of the download appears below the incident title. The export process may take a few minutes depending on the incident's complexity and the amount of data to be exported.
+1. In the dialog box that appears next, confirm the incident information that you want to include or exclude in the PDF. All incident information is selected by default. Select **Export PDF** to proceed.
 
-   :::image type="content" source="/defender/media/incidents-queue/export-incident-predownload-small.png" alt-text="Screenshot highlighting export message and status before download." lightbox="/defender/media/incidents-queue/export-incident-predownload.png":::
+   :::image type="content" source="/defender/media/incidents-queue/export-options.png" alt-text="Screenshot highlighting the export incident to PDF option.":::
 
-1. Once the PDF is ready, the status message indicates that the PDF is ready and another dialog box appears. Select **Download** from the dialog box to save the PDF to your device.
+1. A status message indicating the current state of the download appears below the incident title. The export process may take a few minutes depending on the incident's complexity and the amount of data to be exported.
 
-   :::image type="content" source="/defender/media/incidents-queue/export-incident-download-small.png" alt-text="Screenshot highlighting export message and status when download is available." lightbox="/defender/media/incidents-queue/export-incident-download.png":::
+   :::image type="content" source="/defender/media/incidents-queue/export-prepare-small.png" alt-text="Screenshot highlighting export message and status before download." lightbox="/defender/media/incidents-queue/export-prepare.png":::
+
+1. Another dialog box appears indicating that the PDF is ready. Select **Download** from the dialog box to save the PDF to your device. The status message below the incident title also updates to indicate that the download is available.
+
+   :::image type="content" source="/defender/media/incidents-queue/export-download-small.png" alt-text="Screenshot highlighting export message and status when download is available." lightbox="/defender/media/incidents-queue/export-download.png":::
 
 The report is cached for a couple of minutes. The system provides the previously generated PDF if you try to export the same incident again within a short time frame. To generate a newer version of the PDF, wait for a few minutes for the cache to expire.