Merge branch 'public' into patch-1

Author: diannegali

defender-business/mdb-offboard-devices.md

@@ -9,7 +9,7 @@ audience: Admin
 ms.topic: overview
 ms.service: defender-business
 ms.localizationpriority: medium
-ms.date: 06/19/2024
+ms.date: 07/08/2024
 ms.reviewer: nehabha
 f1.keywords: NOCSH 
 ms.collection: 
@@ -21,21 +21,26 @@ ms.collection:
 
 # Offboard a device from Microsoft Defender for Business
 
-As devices are replaced or retired, or your business needs change, you can offboard devices from Defender for Business. Offboarding a device causes the device to stop sending data to Defender for Business. However, data received prior to offboarding is retained for up to six (6) months.
+As devices are replaced or retired, or your business needs change, you can offboard devices from Defender for Business. Offboarding a device causes the device to stop sending data to Defender for Business, and its status changes to `Inactive` within seven days. You don't have to offboard devices that are already listed as `Inactive`.
+
+Data from a device, such as alerts, vulnerabilities, and detected threats, remains visible in the Microsoft Defender portal until the [configured retention period](/defender-endpoint/data-storage-privacy#how-long-will-microsoft-store-my-data-what-is-microsofts-data-retention-policy) expires (usually 180 days). 
+
+Devices that weren't active within the last 30 days aren't factored into your organization's [exposure score](mdb-view-tvm-dashboard.md). 
 
 > [!IMPORTANT]
 > The procedures in this article describe how to remove a device from monitoring by Defender for Business. If you're using Microsoft Intune to manage devices, and you prefer to remove the device from Intune, see [Remove devices by using wipe, retire, or manually unenrolling the device](/mem/intune/remote-actions/devices-wipe).
 
 ## What to do
 
-1. Select a tab:
+1. Select one of the following tabs:
 
    - **Windows 10 or 11**
    - **Mac**
    - **Servers** (Windows Server or Linux Server)
    - **Mobile** (for iOS/iPadOS or Android devices)
 
 2. Follow the guidance on the selected tab.
+
 3. Proceed to your next steps. 
 
 ## [**Windows 10 or 11**](#tab/Windows1011)

defender-endpoint/linux-preferences.md

@@ -3,7 +3,7 @@ title: Microsoft Defender Antivirus security intelligence and product updates
 description: Manage how Microsoft Defender Antivirus receives protection and product updates.
 ms.service: defender-endpoint
 ms.localizationpriority: high
-ms.date: 06/07/2024
+ms.date: 07/09/2024
 audience: ITPro
 ms.topic: reference
 author: siosulli
@@ -42,8 +42,7 @@ This article also includes:
 - [Platform version included with Windows 10 releases](#platform-version-included-with-windows-10-releases)
 - [Updates for Deployment Image Servicing and Management (DISM)](#updates-for-deployment-image-servicing-and-management-dism)
 
-> [!TIP]
-> To see the most current engine, platform, and signature date, visit the [Security intelligence updates for Microsoft Defender Antivirus and other Microsoft antimalware](https://www.microsoft.com/en-us/wdsi/defenderupdates)
+To see the most current engine, platform, and signature date, see [Security intelligence updates for Microsoft Defender Antivirus and other Microsoft antimalware](https://www.microsoft.com/en-us/wdsi/defenderupdates).
 
 [!INCLUDE [MDE automated setup guide](../includes/security-analyzer-setup-guide.md)]
 
@@ -99,6 +98,25 @@ All our updates contain
 - Serviceability improvements
 - Integration improvements (Cloud, [Microsoft Defender XDR](/defender-xdr/microsoft-365-defender))
 
+### June-2024 (Platform: 4.18.24060.xxxx | Engine: 1.1.24060.5)
+
+- Security intelligence update version: **1.415.1.0**
+- Release date: **July 9, 2024** (Engine) / **TBD** (Platform)
+- Platform: **4.18.24060.xxxx**
+- Engine: **1.1.24060.5**
+- Support phase: **Security and Critical Updates**
+
+### What's new
+
+- Fixed issue where Microsoft Defender Antivirus was not properly changing state when non-Microsoft antivirus/antimalware software was installed and [Windows Defender Application Control](/windows/security/application-security/application-control/windows-defender-application-control/wdac) (WDAC) with [Intelligent Security Graph](/windows/security/application-security/application-control/windows-defender-application-control/design/use-wdac-with-intelligent-security-graph) were enabled.
+- Fixed deadlock issue on [VDI](deployment-vdi-microsoft-defender-antivirus.md) that occurred when loading corrupted update files from UNC share.
+- Custom scans started with [Start-MpScan](/powershell/module/defender/start-mpscan) are now reported in the event log.
+- Fixed potential deadlock that occurred on volume mount scanning.
+- Fixed issue where Microsoft Defender Antivirus did not allow applications to clean up temporary files.
+- Fixed potentially packet loss due to [network protection](network-protection.md) shutdown that could lead to deadlock.
+- Implemented performance improvements for scenarios where WDAC is enabled with Intelligent Security Graph.
+- Fixed an issue where an Outlook exclusion for the ASR rule [Block Office applications from injecting code into other processes](/defender-endpoint/attack-surface-reduction-rules-reference#block-office-applications-from-injecting-code-into-other-processes) was not honored.
+
 ### May-2024 (Engine: 1.1.24050.5 | Platform: 4.18.24050.7)
 
 - Security intelligence update version: **1.413.1.0**
@@ -112,7 +130,7 @@ All our updates contain
 - Improved performance when running configuration queries.
 - Optimized how scans are prioritized.
 - Fixed a crash caused by a race condition with a device control driver.
-- Added Event Viewer Logging for scan start event where the scan originates from Powershell.
+- Added Event Viewer Logging for scan start event where the scan originates from PowerShell.
 
 ### April-2024 (Engine: 1.1.24040.1 | Platform: 4.18.24040.4)
 
@@ -127,7 +145,7 @@ All our updates contain
 - Added an opt-out feature for Experimental Configuration Services (ECS) and One collector in the Core Service.
 - Fixed an issue where occasionally exclusions deployed via Intune were not being honored when tamper protection was enabled.
 - After a new engine version is released, support for older versions (N-2) will now reduce to technical support only. Engine versions older than N-2 are no longer supported.
-- Improved health monitoring and telemetry for [Attack Surface Rules](overview-attack-surface-reduction.md) exclusions.
+- Improved health monitoring and telemetry for [attack surface rules](overview-attack-surface-reduction.md) exclusions.
 - Updated inaccurate information in [Configure exclusions for files opened by processes](configure-process-opened-file-exclusions-microsoft-defender-antivirus.md) regarding wildcard usage with contextual exclusions.
 
 ### March-2024 (Engine: 1.1.24030.4 | Platform: 4.18.24030.9)

defender-endpoint/microsoft-defender-antivirus-updates.md

@@ -7,7 +7,7 @@ ms.author: siosulli
 author: siosulli
 ms.reviewer: noamhadash, pahuijbr, yongrhee
 ms.localizationpriority: medium
-ms.date: 06/04/2024
+ms.date: 07/09/2024
 manager: deniseb
 audience: ITPro
 ms.collection:
@@ -50,6 +50,10 @@ For more information on Microsoft Defender for Endpoint on specific operating sy
 - [What's new in Defender for Endpoint on Android](android-whatsnew.md)
 - [What's new in Defender for Endpoint on iOS](ios-whatsnew.md)
 
+## July 2024
+
+- (GA) Learning hub resources, including Microsoft Defender XDR Ninja training, learning paths, and training modules have moved from the Microsoft Defender portal to [learn.microsoft.com](https://go.microsoft.com/fwlink/?linkid=2273118). Browse the [list of learning paths](/training/browse/?products=m365-ems-cloud-app-security%2Cdefender-for-cloud-apps%2Cdefender-identity%2Cm365-information-protection%2Cm365-threat-protection%2Cmdatp%2Cdefender-office365&expanded=m365%2Coffice-365), and filter by product, role, level, and subject. 
+
 ## June 2024
 
 - (Preview) [BitLocker support for Device control](device-control-overview.md#control-access-to-bitlocker-encrypted-removable-media-preview):  Allows device control to apply policy based on the BitLocker encrypted state of a device.  

defender-endpoint/whats-new-in-microsoft-defender-endpoint.md

@@ -39,6 +39,10 @@ For more information on what's new with other Microsoft Defender security produc
 - [What's new in Microsoft Defender for Identity](/defender-for-identity/whats-new)
 - [What's new in Microsoft Defender for Cloud Apps](/cloud-app-security/release-notes)
 
+## July 2024
+
+- (GA) Learning hub resources, including Microsoft Defender XDR Ninja training, learning paths, and training modules have moved from the Microsoft Defender portal to [learn.microsoft.com](https://go.microsoft.com/fwlink/?linkid=2273118). Browse the [list of learning paths](/training/browse/?products=m365-ems-cloud-app-security%2Cdefender-for-cloud-apps%2Cdefender-identity%2Cm365-information-protection%2Cm365-threat-protection%2Cmdatp%2Cdefender-office365&expanded=m365%2Coffice-365), and filter by product, role, level, and subject. 
+
 ## May 2024
 
 - **Top level domain and subdomain blocking in Tenant Allow/Block List**: You will be able to create block entries under domains & email addresses, using the format `*.TLD`, where `TLD` can be any top-level domain or `*.SD1.TLD, *.SD2.SD1.TLD`, `*.SD3.SD2.SD1.TLD`, and similar patterns for subdomain blocking. The entries block all email received from or sent to any email addresses in the domain or subdomain during mail flow.

defender-office-365/defender-for-office-365-whats-new.md

@@ -11,7 +11,7 @@ audience: ITPro
 ms.collection:
   - m365-security
 ms.topic: conceptual
-ms.date: 02/26/2024
+ms.date: 07/09/2024
 ---
 
 # What's new in Microsoft Defender Vulnerability Management Public Preview
@@ -21,6 +21,10 @@ This article provides information about new features and important product updat
 > [!TIP]
 > Did you know you can try all the features in Microsoft Defender Vulnerability Management for free? Find out how to [sign up for a free trial](defender-vulnerability-management-trial.md).
 
+## July 2024
+
+- (GA) Learning hub resources, including Microsoft Defender XDR Ninja training, learning paths, and training modules have moved from the Microsoft Defender portal to [learn.microsoft.com](https://go.microsoft.com/fwlink/?linkid=2273118). Browse the [list of learning paths](/training/browse/?products=m365-ems-cloud-app-security%2Cdefender-for-cloud-apps%2Cdefender-identity%2Cm365-information-protection%2Cm365-threat-protection%2Cmdatp%2Cdefender-office365&expanded=m365%2Coffice-365), and filter by product, role, level, and subject. 
+
 ## February 2024
 
 ### Vulnerable components

defender-vulnerability-management/whats-new-in-microsoft-defender-vulnerability-management.md

@@ -19,7 +19,7 @@ ms.custom:
   - admindeeplinkDEFENDER
   - intro-overview
 ms.topic: conceptual
-ms.date: 05/14/2024
+ms.date: 07/09/2024
 ---
 
 # Microsoft Defender portal
@@ -47,14 +47,13 @@ The Microsoft Defender portal helps security teams investigate and respond to at
 - Actions & submissions
 - Threat analytics
 - Secure score
-- Learning hub
 - Trials
 - Partner catalog
 
 The Microsoft Defender portal emphasizes *unity, clarity, and common goals*.
 
 > [!NOTE]
-> In the Microsoft Defender portal, customers see only the security features their subscription includes. For example, if you have Defender for Office 365 but not Defender for Endpoint, you see features and capabilities for Defender for Office 365, but not device protection. 
+> In the Microsoft Defender portal, customers see only the security features their subscription includes. For example, if you have Defender for Office 365 but not Defender for Endpoint, you see features and capabilities for Defender for Office 365, but not for device protection. 
 
 ## Incident and alert investigations
 
@@ -111,7 +110,6 @@ For Microsoft Sentinel, after you connect Microsoft Sentinel to the Defender por
 - [Roles and permissions in Microsoft Sentinel | Microsoft Learn](/azure/sentinel/roles)
 - [Manage access to Microsoft Sentinel data by resource | Microsoft Learn](/azure/sentinel/resource-context-rbac)
 
-
 ### Integrated reports
 
 Reports are also unified in Microsoft Defender XDR. Admins can start with a general security report, and branch into specific reports about endpoints, email & collaboration. The links here are dynamically generated based upon workload configuration.

defender-xdr/microsoft-365-defender-portal.md

@@ -16,7 +16,7 @@ ms.topic: conceptual
 search.appverid: 
   - MOE150
   - MET150
-ms.date: 01/03/2022
+ms.date: 07/09/2024
 ---
 
 # Train your security staff for Microsoft Defender XDR
@@ -50,14 +50,15 @@ Use these learning paths and their modules to build an understanding of Microsof
 
 ## Learning paths in the Microsoft Defender portal learning hub
 
-The [Microsoft Defender portal learning hub](https://security.microsoft.com/learning) includes these learning paths:
+Learning paths and training modules are available at [learn.microsoft.com](https://go.microsoft.com/fwlink/?linkid=2273118). You can access resources like these:
 
-- Getting started with the Microsoft 365 security center
-- How to Investigate Using Microsoft Defender XDR
-- Microsoft Defender XDR Basic Training
-- Microsoft Defender for Endpoint Basic Training
-- Microsoft Defender for Office 365 Best Practices
-- Setup
+- Defender XDR learning paths
+- Microsoft Defender XDR Ninja training
+- Virtual training sessions
+- Microsoft Tech Community
+- Microsoft Copilot for Security
+
+Browse the [list of learning paths](/training/browse/?products=m365-ems-cloud-app-security%2Cdefender-for-cloud-apps%2Cdefender-identity%2Cm365-information-protection%2Cm365-threat-protection%2Cmdatp%2Cdefender-office365&expanded=m365%2Coffice-365), and filter by product/service, role, level, and more.
 
 ## Hands-on with a trial environment
 

defender-xdr/microsoft-365-defender-train-security-staff.md

@@ -6,7 +6,7 @@ ms.service: defender-xdr
 ms.author: diannegali
 author: diannegali
 ms.localizationpriority: medium
-ms.date: 07/02/2024
+ms.date: 07/09/2024
 manager: dansimp
 audience: ITPro
 ms.collection:
@@ -37,6 +37,8 @@ You can also get product updates and important notifications through the [messag
 
 - (Preview) Incidents are now arranged according to the latest automatic or manual updates made to an incident. Read about the **last update time** column in the [incident queue](incident-queue.md#incident-queue).
 
+- (GA) Learning hub resources, including Microsoft Defender XDR Ninja training, learning paths, and training modules have moved from the Microsoft Defender portal to [learn.microsoft.com](https://go.microsoft.com/fwlink/?linkid=2273118). Browse the [list of learning paths](/training/browse/?products=m365-ems-cloud-app-security%2Cdefender-for-cloud-apps%2Cdefender-identity%2Cm365-information-protection%2Cm365-threat-protection%2Cmdatp%2Cdefender-office365&expanded=m365%2Coffice-365), and filter by product, role, level, and subject. 
+
 ## June 2024
 
 - (Preview) **[Content distribution through tenant groups in multitenant management](mto-tenantgroups.md)** is now available. Content distribution helps you manage content at scale across tenants in multitenant management in Microsoft Defender XDR. In content distribution, you can create tenant groups to copy existing content, like custom detection rules, from the source tenant to the target tenants you assign during tenant group creation. The content then runs on the target tenant's devices or device groups that you set in the tenant group scope.