Merge pull request #1442 from MicrosoftDocs/main

Publish main to live, Monday 10:30AM PDT, 09/23

Author: Stacyrch140

defender-endpoint/linux-whatsnew.md

@@ -44,6 +44,24 @@ This article is updated frequently to let you know what's new in the latest rele
 >
 > If you have any concerns or need assistance during this transition, contact support.
 
+<details>
+<summary> Sept-2024 (Build: 101.24072.0001 | Release version: 30.124072.0001.0)</summary>
+
+## Sept-2024 Build: 101.24072.0001 | Release version: 30.124072.0001.0
+
+&ensp;Released: **September 23, 2024**<br/>
+&ensp;Published: **September 23, 2024**<br/>
+&ensp;Build: **101.24072.0001**<br/>
+&ensp;Release version: **30.124072.0001.0**<br/>
+&ensp;Engine version: **1.1.24060.6**<br/>
+&ensp;Signature version: **1.415.228.0**<br/>
+
+**What's new**
+
+- Added support for Ubuntu 24.04
+- Updated default engine version to `1.1.24060.6` and default signatures version to `1.415.228.0`.
+
+</details>
 
 <details>
 <summary> July-2024 (Build: 101.24062.0001 | Release version: 30.124062.0001.0)</summary>

defender-endpoint/mde-sdp-strategy.md

@@ -35,7 +35,7 @@ Defender for Endpoint’s kernel drivers capture system-wide signals like proces
 
 The process for rolling out software and driver updates for Defender for Endpoint is shown in this image:
 
-:::image type="content" alt-text="process for rolling out software and driver updates for Defender for Endpoint" source="/defender/media/defender-endpoint/mde-software-driver-updates.png" lightbox="/defender/media/defender-endpoint/mde-software-driver-updates.png":::
+:::image type="content" alt-text="Screenshot that shows the process for rolling out software and driver updates for Defender for Endpoint." source="/defender/media/defender-endpoint/mde-software-driver-updates.png" lightbox="/defender/media/defender-endpoint/mde-software-driver-updates.png":::
 
 ### Microsoft SDP for monthly updates
 

defender-endpoint/navigate-defender-endpoint-antivirus-exclusions.md

@@ -8,7 +8,7 @@ ms.topic: how-to
 author: denisebmsft
 ms.author: deniseb
 ms.custom: nextgen
-ms.date: 09/19/2024
+ms.date: 09/23/2024
 ms.reviewer: joshbregman
 manager: deniseb
 ms.collection: 
@@ -239,6 +239,5 @@ Depending on what you're using, you might need to refer to the documentation for
 - [Submissions, suppressions and exclusions](submissions-suppressions-exclusions.md)
 - [Important points about exclusions](configure-exclusions-microsoft-defender-antivirus.md#important-points-about-exclusions)
 - [Common mistakes to avoid when defining exclusions](common-exclusion-mistakes-microsoft-defender-antivirus.md)
-- [Blog post: The Hitchhiker's Guide to Microsoft Defender for Endpoint exclusions](https://cloudbrothers.info/en/guide-to-defender-exclusions/)
 
 [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]

defender-endpoint/supported-capabilities-by-platform.md

@@ -13,7 +13,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: onboard
 search.appverid: met150
-ms.date: 09/18/2024
+ms.date: 09/23/2024
 ---
 
 # Supported Microsoft Defender for Endpoint capabilities by platform
@@ -63,13 +63,13 @@ The following table gives information about the supported Microsoft Defender for
 
 <sup>[1]</sup> Refers to the modern, unified solution for Windows Server 2012 R2 and Windows Server 2016. For more information, see [Onboard Windows Servers to the Defender for Endpoint service](configure-server-endpoints.md).
 
-<sup>[2]</sup> Feature is currently in preview ([Microsoft Defender for Endpoint preview features](/defender-xdr/preview))
+<sup>[2]</sup> Feature is currently in preview ([Microsoft Defender for Endpoint preview features](/defender-xdr/preview)).
 
-<sup>[3]</sup> Feature is currently in preview ([Microsoft Defender for Endpoint preview features](/defender-xdr/preview)) Or you can also use Live Response [2]
+<sup>[3]</sup> Feature is currently in preview ([Microsoft Defender for Endpoint preview features](/defender-xdr/preview)). Or you can also use Live Response [2].
 
-<sup>[4]</sup> Collect file only, is currently in preview ([Microsoft Defender for Endpoint preview features](/defender-xdr/preview)) Or you can also use Live Response [2]
+<sup>[4]</sup> Collect file only. Or, you can use Live Response [2].
 
-<sup>[5]</sup> Endpoint & network device discovery is supported on Windows Server 2019 or later, Windows 10, and Windows 11
+<sup>[5]</sup> Endpoint & network device discovery is supported on Windows Server 2019 or later, Windows 10, and Windows 11.
 
 > [!NOTE]
 > Windows 7, 8.1, Windows Server 2008 R2 include support for the EDR sensor, and antivirus using System Center Endpoint Protection (SCEP).

defender-xdr/security-copilot-defender-identity-summary.md

@@ -0,0 +1,84 @@
+---
+title: Summarize identity information with Microsoft Copilot in Microsoft Defender
+description: Summarize an identity information with Microsoft Copilot in Microsoft Defender to investigate identities.
+ms.service: defender-xdr
+f1.keywords:
+  - NOCSH
+ms.author: diannegali
+author: diannegali
+ms.localizationpriority: medium
+manager: deniseb
+audience: ITPro
+ms.collection:
+  - m365-security
+  - tier1
+  - security-copilot
+ms.topic: conceptual
+search.appverid:
+  - MOE150
+  - MET150
+ms.date: 09/23/2024
+appliiesto:
+- Microsoft Defender XDR
+- Microsoft Sentinel in the unified security operations center (SOC) platform
+---
+
+# Summarize identity information with Microsoft Copilot in Microsoft Defender
+
+[!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
+
+Security operations teams investigating users can easily understand identity information with the identity summary capability in [Microsoft Copilot for Security](/security-copilot/microsoft-security-copilot) in Microsoft Defender. Through generative AI and harnessing the power of Microsoft Defender for Identity, Copilot creates contextual insights about an identity in an organization, helping analysts quickly understand important data to speed up their investigation.
+
+With the identity summary capability, analysts can immediately identify suspicious or risky identity-related changes and actions that can negatively impact an organization. The summary also includes potential misconfigurations that affects an identity. Using natural language, Copilot delivers clear and actionable user information that analysts can use in their incident investigation activities. The capability currently focuses on users and will include service accounts in its next iteration.
+
+The identity summary contains essential information about an identity, including:
+
+- The date when a user account is created, and whether the user account is of high, medium, or low criticality
+- Any unusual behavioral patterns related to sign in locations, sign in frequency, or frequency of failed sign in attempts
+- A user’s current role, including their department and position, and whether there are notable role changes compared to the user’s job title and department to highlight inconsistencies
+- Data about a user’s last sign in to a device, whether or not the device is associated to the user, in the last 30 days
+- Authentication methods and applications used
+- Risks associated with a user based on Microsoft Entra ID
+- General information like a user’s professional title and contact information, department, and their manager’s contact information
+
+The identity summary capability is available in the Microsoft Defender portal for customers who have provisioned access to Copilot for Security. Users who access the Copilot for Security standalone portal can use this capability through the Microsoft Defender XDR plugin. Know more about [preinstalled plugins in Copilot for Security](/security-copilot/manage-plugins#preinstalled-plugins).
+
+This guide describes what the script analysis capability is and how it works, including how you can provide feedback on the results generated.
+
+## Summarize identity information
+
+You can access the identity summary capability in the following ways:
+
+- From an incident page, choose an identity on the incident graph and then (1) select **User details**. In the user details pane, (2) select **Summarize**. The results are displayed in the Copilot side panel.
+
+   :::image type="content" source="/defender/media/copilot-in-defender/identity-summary/identity-incident-graph-small.png" alt-text="Screenshot showing the Summarize option in the user details pane." lightbox="/defender/media/copilot-in-defender/identity-summary/identity-incident-graph.png":::
+
+- Alternatively, you can select **Go to user page** on the bottom of the user details pane to open the user page. Copilot automatically generates the identity summary and displays the side panel upon opening the user page.
+
+- You can also access the identity summary capability by choosing a user in the **Assets** tab of an incident. Select **Summarize** in the user details pane to generate the identity summary.
+
+   :::image type="content" source="/defender/media/copilot-in-defender/identity-summary/identity-assets-small.png" alt-text="Screenshot showing the Assets tab and a user account highlighted." lightbox="/defender/media/copilot-in-defender/identity-summary/identity-assets.png":::
+
+- From the main menu, navigate to **Assets > Identities**. Select a username from the list, then select **View user page** to open the user page. Copilot automatically generates the identity summary and displays the side panel upon opening the user page.
+
+   :::image type="content" source="/defender/media/copilot-in-defender/identity-summary/identity-identities-small.png" alt-text="Screenshot highlighting the view user page option in an username search within Identities." lightbox="/defender/media/copilot-in-defender/identity-summary/identity-identities.png":::
+
+- Type a username in the Microsoft Defender portal’s **search box** then select the username from the search results. In the user details side panel, select **Summarize** to generate the identity summary.
+
+Review the identity summary results. You can copy the results to clipboard, regenerate the results, or open Security Copilot by selecting the More actions ellipsis (...) on top of the identity summary card. You can extend your investigation of identity using prompts and other plugins in the Copilot for Security portal.
+
+> [!TIP]
+> When investigating users in the Copilot for Security portal, Microsoft recommends including the word ***Defender*** in your prompts to ensure that the identity summary capability delivers the results. For example, you can use the prompt *Show the Defender summary of this user in the last {time frame}* to generate the identity summary of a user account within the time frame indicated. You can specify up to 120 days on the time frame, with the default being 30 days when you don’t indicate one.
+
+Microsoft highly encourages you to provide feedback to Copilot, as it’s crucial for a capability’s continuous improvement. To provide feedback, navigate to the bottom of the Copilot side panel and select the feedback icon ![Screenshot of the feedback icon for Copilot in Defender cards](/defender/media/copilot-in-defender/create-report/copilot-defender-feedback.png).
+
+  :::image type="content" source="/defender/media/copilot-in-defender/identity-summary/feedback-textbox.png" alt-text="Screenshot that shows the Feedback text box where you can share your feedback.":::
+
+Fill in the dedicated text box to share your thoughts, experiences, and requests. Microsoft values your feedback and takes it seriously in our commitment to enhance Copilot’s performance and user experience.
+
+## See also
+
+- [Get started with Microsoft Copilot for Security](/security-copilot/get-started-security-copilot)
+- [Learn about other Copilot for Security embedded experiences](/security-copilot/experiences-security-copilot)
+
+[!INCLUDE [Microsoft Defender XDR rebranding](../includes/defender-m3d-techcommunity.md)]