Merge pull request #382 from MicrosoftDocs/main

pushing fixes live

Author: denisebmsft

defender-endpoint/auto-investigation-action-center.md

@@ -50,7 +50,7 @@ You can use the unified Action center if you have appropriate permissions and on
 
 - [Microsoft Defender XDR](/microsoft-365/security/mtp/microsoft-threat-protection)
 - [Defender for Endpoint](microsoft-defender-endpoint.md)
-- [Defender for Office 365]/defender-office-365/mdo-about
+- [Defender for Office 365](/defender-office-365/mdo-about)
 - [Defender for Business](/defender-business/mdb-overview)
 
 ## Using the Action center

defender-endpoint/microsoft-defender-endpoint-linux.md

@@ -85,8 +85,11 @@ In general you need to take the following steps:
   - Red Hat Enterprise Linux 9.x
   - CentOS 6.7 or higher (In preview)
   - CentOS 7.2 or higher
-  - Ubuntu 16.04 LTS or higher LTS
-   - Debian 9 - 12
+  - Ubuntu 16.04 LTS 
+  - Ubuntu 18.04 LTS
+  - Ubuntu 20.04 LTS
+  - Ubuntu 22.04 LTS
+  - Debian 9 - 12
   - SUSE Linux Enterprise Server 12 or higher
   - SUSE Linux Enterprise Server 15 or higher
   - Oracle Linux 7.2 or higher
@@ -105,9 +108,10 @@ In general you need to take the following steps:
     > MDE Linux version 101.23082.0011 is the last MDE Linux release supporting RHEL 6.7 or higher versions (does not expire before June 30, 2024). Customers are advised to plan upgrades to their RHEL 6 infrastructure aligned with guidance from Red Hat. 
 
 - List of supported kernel versions
-  > [!NOTE]
-  > Microsoft Defender for Endpoint on Red Hat Enterprise Linux and CentOS - 6.7 to 6.10 is a Kernel based solution. You must verify that the kernel version is supported before updating to a newer kernel version.
-  > Microsoft Defender for Endpoint for all other supported distributions and versions is kernel-version-agnostic. With a minimal requirement for the kernel version to be at or greater than 3.10.0-327.
+
+   > [!NOTE]
+   > Microsoft Defender for Endpoint on Red Hat Enterprise Linux and CentOS - 6.7 to 6.10 is a Kernel based solution. You must verify that the kernel version is supported before updating to a newer kernel version.
+   > Microsoft Defender for Endpoint for all other supported distributions and versions is kernel-version-agnostic. With a minimal requirement for the kernel version to be at or greater than 3.10.0-327.
 
   - The `fanotify` kernel option must be enabled
   - Red Hat Enterprise Linux 6 and CentOS 6:
@@ -249,5 +253,6 @@ High I/O workloads from certain applications can experience performance issues w
 - [Protect your endpoints with Defender for Cloud's integrated EDR solution: Microsoft Defender for Endpoint](/azure/defender-for-cloud/integration-defender-for-endpoint)
 - [Connect your non-Azure machines to Microsoft Defender for Cloud](/azure/defender-for-cloud/quickstart-onboard-machines)
 - [Turn on network protection for Linux](network-protection-linux.md)
+
 [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]
 

defender-endpoint/migrate-devices-streamlined.md

@@ -13,7 +13,7 @@ ms.collection:
 - tier1
 ms.topic: how-to
 ms.subservice: onboard
-ms.date: 05/08/2024
+ms.date: 05/09/2024
 ---
 
 # Migrate devices to use the streamlined connectivity method
@@ -33,6 +33,7 @@ In most cases, full device offboarding isn't required when reonboarding. You can
 > [!IMPORTANT]
 > Limitations and known issues:
 >
+> - We found a back-end issue with populating the `ConnectivityType` column in the `DeviceInfo table` in advanced hunting so that you can track migration progress. We aim to resolve this issue as soon as possible.
 > - For device migrations (reonboarding): Offboarding is not required to switch over to streamlined connectivity method. Once the updated onboarding package is run, a full device reboot is required for Windows devices and a service restart for macOS and Linux. For more information, see the details included in this article.
 > - Windows 10 versions 1607, 1703, 1709, and 1803 do not support reonboarding. Offboard first and then onboard using the updated package. These versions also require a longer URL list.
 > - Devices running the MMA agent are not supported and must continue using the MMA onboarding method.

defender-endpoint/threat-protection-integration.md

@@ -58,7 +58,7 @@ Suspicious activities are processes running under a user context. The integratio
 
 ### Microsoft Defender for Office
 
-[Defender for Office 365]/defender-office-365/mdo-about helps protect your organization from malware in email messages or files through Safe Links, Safe Attachments, advanced Anti-Phishing, and spoof intelligence capabilities. The integration between Microsoft Defender for Office 365 and Microsoft Defender for Endpoint enables security analysts to go upstream to investigate the entry point of an attack. Through threat intelligence sharing, attacks can be contained and blocked.
+[Defender for Office 365](/defender-office-365/mdo-about) helps protect your organization from malware in email messages or files through Safe Links, Safe Attachments, advanced Anti-Phishing, and spoof intelligence capabilities. The integration between Microsoft Defender for Office 365 and Microsoft Defender for Endpoint enables security analysts to go upstream to investigate the entry point of an attack. Through threat intelligence sharing, attacks can be contained and blocked.
 
 > [!NOTE]
 > Defender for Office 365 data is displayed for events within the last 30 days. For alerts, Defender for Office 365 data is displayed based on first activity time. After that, the data is no longer available in Defender for Office 365.

defender-office-365/air-user-automatic-feedback-response.md

@@ -15,9 +15,6 @@ appliesto:
 
 # Automatic user notifications for user reported phishing results in AIR
 
-> [!NOTE]
-> The features described in this article are currently in Public Preview, aren't available in all organizations, and are subject to change.
-
 In Microsoft 365 organizations with Exchange Online mailboxes, admins can configure the backend for messages that users report as malicious or not malicious in Outlook (send to Microsoft, send to a reporting mailbox, or both), and configure the various notification options for user reported messages. For more information, see [User reported settings](submissions-user-reported-messages-custom-mailbox.md).
 
 In Microsoft 365 organizations with Microsoft Defender for Office 365 Plan 2, when a user reports a message as phishing, an investigation is automatically created in [automated investigation and response (AIR)](air-about.md). Admins can configure the user reported message settings to send an email notification to the user who reported the message based on the verdict from AIR. This notification is also known as _automatic feedback response_.

defender-xdr/deploy-supported-services.md

@@ -88,7 +88,7 @@ Once you've deployed the supported services, [turn on Microsoft Defender XDR](m3
 - [Turn on Microsoft Defender XDR](m365d-enable.md)
 - [Setup guides for Microsoft Defender XDR](deploy-configure-m365-defender.md)
 - [Microsoft Defender for Endpoint overview](/defender-endpoint/microsoft-defender-endpoint)
-- [Microsoft Defender for Office 365 overview]/defender-office-365/mdo-about
+- [Microsoft Defender for Office 365 overview](/defender-office-365/mdo-about)
 - [Microsoft Defender for Cloud Apps overview](/cloud-app-security/what-is-cloud-app-security)
 - [Microsoft Defender for Identity overview](/azure-advanced-threat-protection/what-is-atp)
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/defender-m3d-techcommunity.md)]

defender-xdr/m365d-action-center.md

@@ -50,7 +50,7 @@ The unified Action center brings together remediation actions across Defender fo
 You can use the unified Action center if you have appropriate permissions and one or more of the following subscriptions:
 
 - [Defender for Endpoint](/defender-endpoint/microsoft-defender-endpoint)
-- [Defender for Office 365]/defender-office-365/mdo-about
+- [Defender for Office 365](/defender-office-365/mdo-about)
 - [Microsoft Defender XDR](microsoft-365-defender.md)
 
 > [!TIP]

defender-xdr/m365d-autoir.md

@@ -80,7 +80,7 @@ In Microsoft Defender XDR, each automated investigation correlates signals acros
 |:---------|:---------|
 |Devices (also referred to as endpoints or machines) |[Defender for Endpoint](/defender-endpoint/automated-investigations) |      
 |On-premises Active Directory users, entity behavior, and activities     |[Defender for Identity](/azure-advanced-threat-protection/what-is-atp) |      
-|Email content (email messages that can contain files and URLs)     |[Defender for Office 365]/defender-office-365/mdo-about |
+|Email content (email messages that can contain files and URLs)     |[Defender for Office 365](/defender-office-365/mdo-about) |
 
 > [!NOTE]
 > Not every alert triggers an automated investigation, and not every investigation results in automated remediation actions. It depends on how automated investigation and response is configured for your organization. See [Configure automated investigation and response capabilities](m365d-configure-auto-investigation-response.md).

defender-xdr/m365d-configure-auto-investigation-response.md

@@ -61,7 +61,7 @@ Whether automated investigations run, and whether remediation actions are taken
 
 ## Review your security and alert policies in Office 365
 
-Microsoft provides built-in [alert policies](/defender-office-365/alert-policies-defender-portal) that help identify certain risks. These risks include Exchange admin permissions abuse, malware activity, potential external and internal threats, and data lifecycle management risks. Some alerts can trigger [automated investigation and response in Office 365](/defender-office-365/air-about). Make sure your [Defender for Office 365]/defender-office-365/mdo-about features are configured correctly.
+Microsoft provides built-in [alert policies](/defender-office-365/alert-policies-defender-portal) that help identify certain risks. These risks include Exchange admin permissions abuse, malware activity, potential external and internal threats, and data lifecycle management risks. Some alerts can trigger [automated investigation and response in Office 365](/defender-office-365/air-about). Make sure your [Defender for Office 365](/defender-office-365/mdo-about) features are configured correctly.
 
 Although certain alerts and security policies can trigger automated investigations, *no remediation actions are taken automatically for email and content*. Instead, all remediation actions for email and email content await approval by your security operations team in the [Action center](m365d-action-center.md).
 

defender-xdr/m365d-enable.md

@@ -105,7 +105,7 @@ Microsoft support staff can help provision or deprovision the service and relate
 - [Setup guides for Microsoft Defender XDR](deploy-configure-m365-defender.md)
 - [Microsoft Defender XDR overview](microsoft-365-defender.md)
 - [Microsoft Defender for Endpoint overview](/defender-endpoint/microsoft-defender-endpoint)
-- [Defender for Office 365 overview]/defender-office-365/mdo-about
+- [Defender for Office 365 overview](/defender-office-365/mdo-about)
 - [Microsoft Defender for Cloud Apps overview](/cloud-app-security/what-is-cloud-app-security)
 - [Microsoft Defender for Identity overview](/azure-advanced-threat-protection/what-is-atp)
 - [Microsoft Defender for Endpoint data storage](/defender-endpoint/data-storage-privacy)