Merge pull request #4503 from MicrosoftDocs/main

[AutoPublish] main to live - 07/16 01:36 PDT | 07/16 14:06 IST

Author: m365-skilling-repo-management[bot]

CloudAppSecurityDocs/caac-known-issues.md

@@ -119,27 +119,26 @@ When a session policy is enforced using Edge in-browser protection and the user
 
 Example Scenario:
 
-A user was originally assigned a CA policy for the Salesforce application, along with an Defender for Cloud apps session policy that blocked file downloads. As a result, downloads were blocked when the user accessed Salesforce in Edge.
+A user was originally assigned a CA policy for Salesforce along with a Defender for Cloud Apps session policy to block file downloads. As a result, downloads were blocked when the user accessed Salesforce in Edge.
 
 Although the admin later removed the CA policy, the user still experiences the download block in Edge due to cached policy data.
 
 Mitigation Options:
 
 Option 1: Automatic cleanup
-1.	Reassign the user/app to the CA policy.
-2.	Remove the corresponding Defender for Cloud Apps session policy.
-3.	Have the user access the application using Edge, this will trigger the policy removal automatically.
-4.	Remove the CA policy again.
+1. Add the user/app back into the scope of the CA policy.
+2. Remove the corresponding Defender for Cloud Apps session policy.
+3. Wait for users to access the application using Edge. This will automatically trigger the policy removal.
+4. Remove the user/app from the scope of the CA policy.
 
-Option 2: Manual cleanup
-1.	Delete the cached policy file
-     - Go to: C:\Users\<username>\AppData\Local\Microsoft\Edge\
-     - Delete the file: mda_store.txt
-
-2.	Remove the work profile in Edge
-    - Open Microsoft Edge.
-    - Navigate to Profile Settings.
-    - Delete the work profile associated with the outdated session policy.
+Option 2: Delete the cached policy file (Manual cleanup)
+1. Go to: C:\Users\<username>\AppData\Local\Microsoft\Edge\
+2. Delete the file: mda_store.txt
+
+Option 3: Remove the work profile in Edge (Manual cleanup)
+1. Open Edge.
+2. Navigate to Profile Settings.
+3. Delete the work profile associated with the outdated session policy.
 
 These steps will force a policy refresh and resolve enforcement issues related to outdated session policies.
 

defender-endpoint/android-configure.md

@@ -179,29 +179,6 @@ From version 1.0.3425.0303 of Microsoft Defender for Endpoint on Android, you're
 - For Android Enterprise with a work profile, only apps installed on the work profile will be supported.
 - For other BYOD modes, by default, vulnerability assessment of apps will **not** be enabled. However, when the device is on administrator mode, admins can explicitly enable this feature through Microsoft Intune to get the list of apps installed on the device. For more information, see details below.
 
-### Configure privacy for device administrator mode
-
-Use the following steps to **enable vulnerability assessment of apps** from devices in **device administrator** mode for targeted users.
-
-> [!NOTE]
-> By default, this is turned off for devices enrolled with device admin mode.
-
-1. In [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) , go to **Devices** > **Configuration profiles** > **Create profile** and enter the following settings:
-
-   - **Platform**: Select Android device administrator
-   - **Profile**: Select "Custom" and select Create.
-
-2. In the **Basics** section, specify a name and description of the profile.
-
-3. In the **Configuration settings**, select Add **OMA-URI** setting:
-
-   - **Name**: Enter a unique name and description for this OMA-URI setting so you can find it easily later.
-   - OMA-URI: **./Vendor/MSFT/DefenderATP/DefenderTVMPrivacyMode**
-   - Data type: Select Integer in the drop-down list.
-   - Value: Enter 0 to disable privacy setting (By default, the value is 1)
-
-4. Select **Next** and assign this profile to targeted devices/users.
-
 ### Configure privacy for Android Enterprise work profile
 
 Defender for Endpoint supports vulnerability assessment of apps in the work profile. However, in case you want to turn off this feature for targeted users, you can use the following steps:
@@ -222,28 +199,6 @@ Turning the above privacy controls on or off won't affect the device compliance
 
 Privacy control for phish report can be used to disable the collection of domain name or website information in the phish threat report. This setting gives organizations the flexibility to choose whether they want to collect the domain name when a malicious or phish website is detected and blocked by Defender for Endpoint.
 
-### Configure privacy for phishing alert report on Android Device Administrator enrolled devices:
-
-Use the following steps to turn it on for targeted users:
-
-1. In [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) , go to **Devices** > **Configuration profiles** > **Create profile** and enter the following settings:
-
-   - **Platform**: Select Android device administrator.
-   - **Profile**: Select "Custom" and select **Create**.
-
-2. In the **Basics** section, specify a name and description of the profile.
-
-3. In the **Configuration settings**, select Add **OMA-URI** setting:
-
-   - **Name**: Enter a unique name and description for this OMA-URI setting so you can find it easily later.
-   - OMA-URI: **./Vendor/MSFT/DefenderATP/DefenderExcludeURLInReport**
-   - Data type: Select Integer in the drop-down list.
-   - Value: Enter 1 to enable privacy setting. The default value is 0.
-
-4. Select **Next** and assign this profile to targeted devices/users.
-
-Using this privacy control won't affect the device compliance check or conditional access.
-
 ### Configure privacy for phishing alert report on Android Enterprise work profile
 
 Use the following steps to turn on privacy for targeted users in the work profile:
@@ -263,28 +218,6 @@ Turning the above privacy controls on or off won't affect the device compliance
 
 Privacy control for malware threat report can be used to disable the collection of app details (name and package information) from the malware threat report. This setting gives organizations the flexibility to choose whether they want to collect the app name when a malicious app is detected.
 
-### Configure privacy for malware alert report on Android Device Administrator enrolled devices:
-
-Use the following steps to turn it on for targeted users:
-
-1. In [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) , go to **Devices** > **Configuration profiles** > **Create profile** and enter the following settings:
-
-   - **Platform**: Select Android device administrator.
-   - **Profile**: Select "Custom" and select **Create**.
-
-2. In the **Basics** section, specify a name and description of the profile.
-
-3. In the **Configuration settings**, select Add **OMA-URI** setting:
-
-   - **Name**: Enter a unique name and description for this OMA-URI setting so you can find it easily later.
-   - OMA-URI: **./Vendor/MSFT/DefenderATP/DefenderExcludeAppInReport**
-   - Data type: Select Integer in the drop-down list.
-   - Value: Enter 1 to enable privacy setting. The default value is 0.
-
-4. Select **Next** and assign this profile to targeted devices/users.
-
-Using this privacy control won't affect the device compliance check or conditional access. For example, devices with a malicious app will always have a risk level of "Medium".
-
 ### Configure privacy for malware alert report on Android Enterprise work profile
 
 Use the following steps to turn on privacy for targeted users in the work profile:
@@ -308,9 +241,10 @@ Use the following steps to configure Disable out sign:
 1. In [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Apps** > **App configuration policies** > **Add** > **Managed devices**.
 2. Give the policy a name, select **Platform > Android Enterprise**, and select the profile type.
 3. Select **Microsoft Defender for Endpoint** as the target app.
-4. In the Settings page, select **Use configuration designer** and add **Disable Sign Out** as the key and **Integer** as the value type.
+1. In the Settings page, select **Use configuration designer** and add **Disable Sign Out** as the key and **Integer** as the value type.
 
-   - By default, Disable Sign Out = 1 for Android Enterprise personally owned work profiles, fully managed, company owned personally enabled profiles and 0 for device administrator mode.
+   - By default, Disable Sign Out = 1 for Android Enterprise personally owned work profiles, fully managed, company owned personally enabled profiles.
+      
    - Admins need to make Disable Sign Out = 0 to enable the sign out button in the app. Users are able to see the sign out button once the policy is pushed.
 
 5. Select **Next** and assign this profile to targeted devices and users.

defender-endpoint/android-whatsnew.md

@@ -28,6 +28,18 @@ ms.date: 05/15/2025
 
 Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://go.microsoft.com/fwlink/p/?linkid=2225630)
 
+### Releases for Defender for Endpoint on Android
+
+#### July 2025
+
+|Build|1.0.7901.0101|
+| -------- | -------- |
+|Release Date|July 10, 2025|
+
+**What's New**
+
+UX Improvement for home page and tiles screens, for more details please visit this link - [Android UX Enhancement](/defender-endpoint/android-new-ux)
+
 #### Alerts for activities related to open wireless connection and certificates are now detected as events
 
 May 2025

defender-endpoint/ios-configure-features.md

@@ -384,6 +384,8 @@ Once the client versions are deployed to target iOS devices, processing starts.
 
 > [!NOTE]
 > If you're using SSL inspection solution within your iOS device, add the domain names `securitycenter.windows.com` (in commercial environments) and `securitycenter.windows.us` (in GCC environments) for threat and vulnerability management features to work.
+> 
+> The TVM Privacy permission approval screen will only appear for Unsupervised and Non-Zero touch enabled devices. Even For Non-Zero touch enabled devices approval is __not required only on supervised devices__ where the `issupervised` key is configured
 
 ## Disable sign out
 

defender-endpoint/ios-whatsnew.md

@@ -29,6 +29,18 @@ search.appverid: met150
 
 Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://go.microsoft.com/fwlink/p/?linkid=2225630)
 
+## Releases for Defender for Endpoint on iOS
+
+### July-2025 
+
+| Build| 1.1.67040101|
+| -------- | -------- |
+| Release Date| July 8, 2025|
+
+**What's New**
+
+- UX Improvement, please visit the attached link for more details - [iOS UX Experience](/defender-endpoint/ios-new-ux)
+
 #### Alerts for activities related to open wireless connections are now detected as events
 
 **May 2025**

defender-endpoint/linux-install-manually.md

@@ -488,7 +488,7 @@ Download the onboarding package from the [Microsoft Defender portal](https://sec
 The following external package dependencies exist for the `mdatp` package:
 
 - The mdatp RPM package requires `glibc >= 2.17`
-- For DEBIAN the mdatp package requires `libc6 >= 2.23`, `uuid-runtime`
+- For DEBIAN the mdatp package requires `libc6 >= 2.23`
 - For Mariner the mdatp package requires `attr`,  `diffutils`, `libacl`, `libattr`, `libselinux-utils`, `selinux-policy`, `policycoreutils`
 
 > [!NOTE]
@@ -503,6 +503,7 @@ The following external package dependencies exist for the `mdatp` package:
 > - The `mde-netfilter` package also has the following package dependencies:
     - For DEBIAN, the mde-netfilter package requires `libnetfilter-queue1` and `libglib2.0-0`
     - For RPM, the mde-netfilter package requires `libmnl`, `libnfnetlink`, `libnetfilter_queue`, and `glib2`
+> Beginning with version `101.25042.0003`, uuid-runtime is no longer required as an external-dependency.
 
 If the Microsoft Defender for Endpoint installation fails due to missing dependencies errors, you can manually download the prerequisite dependencies.
 

defender-endpoint/linux-installer-script.md

@@ -193,7 +193,7 @@ If the Microsoft Defender for Endpoint installation fails due to missing depende
 The following external package dependencies exist for the `mdatp` package:
 
 - The `mdatp RPM` package requires - `glibc >= 2.17`
-- For DEBIAN the `mdatp` package requires `libc6 >= 2.23`,`uuid-runtime`
+- For DEBIAN the `mdatp` package requires `libc6 >= 2.23`
 - For Mariner the `mdatp` package requires `attr`,`diffutils`, `libacl`, `libattr`,`libselinux-utils`, `selinux-policy`, `policycoreutils`
 
 > [!NOTE]
@@ -205,6 +205,7 @@ The following external package dependencies exist for the `mdatp` package:
 > - The `mde-netfilter` package also has the following package dependencies:
     - For DEBIAN, the mde-netfilter package requires `libnetfilter-queue1` and `libglib2.0-0`
     - For RPM, the mde-netfilter package requires `libmnl`, `libnfnetlink`, `libnetfilter_queue`, and `glib2`
+> Beginning with version `101.25042.0003`, uuid-runtime is no longer required as an external-dependency.
 
 ## Troubleshoot installation issues
 

defender-endpoint/linux-support-install.md

@@ -78,13 +78,14 @@ If the Microsoft Defender for Endpoint installation fails due to missing depende
 The following external package dependencies exist for the mdatp package:
 
 - The mdatp RPM package requires `glibc >= 2.17`
-- For DEBIAN the mdatp package requires `libc6 >= 2.23`, `uuid-runtime`
+- For DEBIAN the mdatp package requires `libc6 >= 2.23`
 > For version older than `101.25032.0000`:
 > - RPM package needs: `mde-netfilter`, `pcre`
 > - DEBIAN package needs: `mde-netfilter`, `libpcre3`
 > - The `mde-netfilter` package also has the following package dependencies:
     - For DEBIAN, the mde-netfilter package requires `libnetfilter-queue1` and `libglib2.0-0`
     - For RPM, the mde-netfilter package requires `libmnl`, `libnfnetlink`, `libnetfilter_queue`, and `glib2`
+> Beginning with version `101.25042.0003`, uuid-runtime is no longer required as an external-dependency.
 
 ## Installation failed
 

defender-endpoint/mde-linux-prerequisites.md

@@ -176,7 +176,7 @@ For troubleshooting steps, see [Troubleshoot cloud connectivity issues for Micro
 If the Microsoft Defender for Endpoint installation fails due to missing dependencies errors, you can manually download the prerequisite dependencies. The following external package dependencies exist for the mdatp package:
 
 - The mdatp RPM package requires `glibc >= 2.17`.
-- For DEBIAN the mdatp package requires `libc6 >= 2.23`, `uuid-runtime`.
+- For DEBIAN the mdatp package requires `libc6 >= 2.23`.
 
 > [!NOTE]
 > Beginning with version `101.24082.0004`, Defender for Endpoint on Linux no longer supports the `Auditd` event provider. We're transitioning completely to the more efficient eBPF technology.
@@ -188,7 +188,8 @@ If the Microsoft Defender for Endpoint installation fails due to missing depende
 > For versions older than `101.25032.0000`, the following requirements apply:
 > - RPM package needs: `mde-netfilter` and `pcre`
 > - DEBIAN package needs: `mde-netfilter` and `libpcre3`
-> 
+>
+> Beginning with version `101.25042.0003`, uuid-runtime is no longer required as an external-dependency.
 > The `mde-netfilter` package also has the following package dependencies:
 > - For DEBIAN, the `mde-netfilter` package requires `libnetfilter-queue1` and `libglib2.0-0`
 > - For RPM, the `mde-netfilter` package requires `libmnl`, `libnfnetlink`, `libnetfilter_queue`, and `glib2`

defender-endpoint/microsoft-defender-antivirus-using-powershell.md

@@ -48,7 +48,7 @@ This guide provides the [Microsoft Defender Antivirus cmdlets](/powershell/modul
 
 To use these cmdlets, open PowerShell as an administrator, run a command, and then press **Enter**.
 
-You can check the status of all settings before you begin, or during your evaluation, by using the [Get-MpPreference PowerShell cmdlet](/powershell/module/defender/get-mppreference).
+You can check the status of all settings before you begin, or during your evaluation, by using the [Get-MpPreference PowerShell cmdlet](/powershell/module/defender/get-mppreference), or by installing the [DefenderEval](https://www.powershellgallery.com/packages/DefenderEval/) module from the PowerShell Gallery and then using the `Get-DefenderEvaluationReport` command.
 
 Microsoft Defender Antivirus indicates a detection through [standard Windows notifications](configure-notifications-microsoft-defender-antivirus.md). You can also [review detections in the Microsoft Defender Antivirus app](review-scan-results-microsoft-defender-antivirus.md).