Merge pull request #3230 from MicrosoftDocs/main

Publish main to live, 03/21/25, 10:30 AM PDT

Author: Ruchika-mittal01

.openpublishing.redirection.defender-endpoint.json

@@ -114,6 +114,11 @@
       "source_path": "defender-endpoint/comprehensive-guidance-on-linux-deployment.md",
       "redirect_url": "/defender-endpoint/linux-installer-script",
       "redirect_document_id": true
+    },
+    {
+      "source_path": "defender-endpoint/linux-schedule-scan-mde.md",
+      "redirect_url": "/defender-endpoint/schedule-antivirus-scan-crontab",
+      "redirect_document_id": true
     } 
   ]
 }

defender-endpoint/TOC.yml

@@ -296,7 +296,7 @@
                 - name: Schedule antivirus scans using Anacron
                   href: schedule-antivirus-scan-anacron.md
                 - name: Schedule antivirus scans using Crontab
-                  href: linux-schedule-scan-mde.md
+                  href: schedule-antivirus-scan-crontab.md
               - name: Network protection for Linux
                 href: network-protection-linux.md
               - name: Configure and validate exclusions on Linux

defender-endpoint/ios-new-ux.md

@@ -6,7 +6,7 @@ ms.author: ewalsh
 author: emmwalshh
 ms.reviewer: sunasing; denishdonga
 ms.localizationpriority: medium
-ms.date: 03/20/2025
+ms.date: 03/21/2025
 manager: deniseb
 audience: ITPro
 ms.collection: 
@@ -18,58 +18,56 @@ ms.subservice: ios
 search.appverid: met150
 ---
 
-# User experiences in Microsoft Defender for Endpoint on iOS
+# User Experiences in Microsoft Defender for Endpoint on iOS
 
-As part of our ongoing commitment to delivering an exceptional user experience, we're excited to announce a series of upcoming enhancements to the user interface and overall experience of our **Microsoft Defender for Endpoint (MDE)** mobile app.
+As part of our ongoing commitment to delivering an exceptional user experience, we're excited to announce a series of upcoming enhancements to the user interface and overall experience of our **Microsoft Defender for Endpoint** mobile app.
 
 These updates are designed to improve usability, streamline navigation, and ensure that app meets the evolving needs of our users.
 
-## Key Changes
+## Key changes
 
-We're pleased to introduce the Device Protection feature card for our enterprise users which includes **Web Protection**, **Device Health**, and **Jail break** features are designed to be more user-friendly and accessible.
+We're pleased to introduce the Device Protection feature card for our enterprise users, which includes **Web Protection**, **Device Health**, and **Jail break** features that are designed to be more user-friendly and accessible.
 
-The updated cards also include **recommendation cards**, which prominently display any active alerts, keeping you informed. Features are now displayed as tiles on L2 screens to improve user experience and navigation efficiency.
+The updated cards also include **recommendation cards**, which prominently display any active alerts, keeping you informed. Features are now displayed as tiles to improve user experience and navigation efficiency.
 
 **The main changes involved are**:
 
-1. Main Dashboard changes
-2. List the features inside one Feature Card
-3. Detailed Feature Experience
-4. Recommendation Cards for Alerts
+- Main dashboard changes
+- List the features inside one feature card
+- Detailed features experience
+- Recommendation cards for alerts
 
 ### Main Dashboard changes
 
 The main Dashboard screen that appears for enterprise users as per our latest rollout of enhancements to the application.
 
 :::image type="content" source="media/mde-ios-main-dash-new.png" alt-text="Screenshot that shows the Microsoft Defender for Endpoint Mobile Dashboard on iOS devices before the new update." lightbox="media/mde-ios-main-dash-new.png":::
 
-### List the features inside one Feature Card
+### List the features inside one feature card
 
-We list the feature Web Protection, Device Health, and Jail Break under one feature Card "Device Protection," which earlier had a new card on Dashboard screen for each functionality.
+One feature card called **Device Protection** lists Web Protection, Device Health, and Jail Break. Previously, the dashboard had one card for each set of capabilities. In the new experience, only the Device Protection card changes.
 
 :::image type="content" source="media/mde-ios-list-new.png" alt-text="Screenshot that shows the Microsoft Defender for Endpoint Feature Card." lightbox="media/mde-ios-list-new.png":::
 
 ### Detailed Feature Experience
 
-We updated all the subordinating screens associated with the feature
+We updated all the subordinating screens associated with the **Device Protection** feature
 
 1. **Web Protection**
 
-:::image type="content" source="media/mde-ios-web-protection-new.png" alt-text="Screenshot that shows the web protection feature on the MDE iOS app." lightbox="media/mde-ios-web-protection-new.png":::
+   :::image type="content" source="media/mde-ios-web-protection-new.png" alt-text="Screenshot that shows the web protection feature on the Defender for Endpoint on iOS app." lightbox="media/mde-ios-web-protection-new.png":::
 
 2. **Device Health**
 
-:::image type="content" source="media/mde-device-health-new.png" alt-text="Screenshot that shows the new device health feature on the MDE iOS app." lightbox="media/mde-device-health-new.png":::
+   :::image type="content" source="media/mde-device-health-new.png" alt-text="Screenshot that shows the new device health feature on the Defender for Endpoint on iOS app." lightbox="media/mde-device-health-new.png":::
 
 ### Recommendation Cards for Alerts
 
-Hero cards are implemented to provide a more cohesive user experience. These cards are designed to display important alerts and notifications prominently on the dashboard.
- 
-**Both the Recommendation Cards are attached to the Device Protection feature card**:
+The structure of the dashboard is updated to include a recommendation card that contains active alerts (if any). In case there are multiple alerts, resolving the top alert brings forward the next one. Recommendation cards are implemented to provide a more cohesive user experience. These cards are designed to display important alerts and notifications prominently on the dashboard. Here are a few examples:
 
 1. **Web Protection**
 
-    :::image type="content" source="media/mde-ios-web-protection-rec-card.png" alt-text="Screenshot that shows the web protection  recommendation card feature on the MDE iOS app." lightbox="media/mde-ios-web-protection-rec-card.png":::
+    :::image type="content" source="media/mde-ios-web-protection-rec-card.png" alt-text="Screenshot that shows the web protection  recommendation card feature on the Defender for Endpoint on iOS app." lightbox="media/mde-ios-web-protection-rec-card.png":::
 
 2. **Device Health (iOS Update)**
 

defender-endpoint/linux-preferences.md

@@ -36,7 +36,7 @@ Microsoft Defender for Endpoint on Linux includes antivirus, anti-malware protec
 | Settings | Description| 
 |--|--|
 | 1. Configure static proxy discovery. | Configuring a static proxy helps ensure that telemetry is submitted and helps avoid network time-outs. Perform this task during and after your Defender for Endpoint installation. <br/><br/> See [Configure Microsoft Defender for Endpoint on Linux for static proxy discovery](linux-static-proxy-configuration.md). |
-| 2. Configure your antivirus scans. | You can schedule automatic antivirus scans by using either Anacron or Crontab. <br/><br/>See the following articles: <br/>- [Use Anacron to schedule an antivirus scan in Microsoft Defender for Endpoint on Linux](/defender-endpoint/schedule-antivirus-scan-anacron)<br/>- [Use Crontab to schedule an antivirus scan in Microsoft Defender for Endpoint on Linux](/defender-endpoint/linux-schedule-scan-mde) | 
+| 2. Configure your antivirus scans. | You can schedule automatic antivirus scans by using either Anacron or Crontab. <br/><br/>See the following articles: <br/>- [Use Anacron to schedule an antivirus scan in Microsoft Defender for Endpoint on Linux](/defender-endpoint/schedule-antivirus-scan-anacron)<br/>- [Use Crontab to schedule an antivirus scan in Microsoft Defender for Endpoint on Linux](/defender-endpoint/schedule-antivirus-scan-crontab) | 
 | 3. Configure your security settings and policies. | You can use the Microsoft Defender portal (Defender for Endpoint Security Settings Management) or a configuration profile (`.json` file) to configure Defender for Endpoint on Linux. Or, if you prefer, you can use command line to configure certain settings. <br/><br/> See the following articles:<br/>- [Defender for Endpoint Security Settings Management](linux-preferences.md#defender-for-endpoint-security-settings-management) <br/>- [Configuration profile](linux-preferences.md#configuration-profile)<br/>- [Command line](linux-resources.md#configure-from-the-command-line) |
 | 4. Configure and validate exclusions (as appropriate) | You can exclude certain files, folders, processes, and process-opened files from Defender for Endpoint on Linux. Global exclusions apply to real-time protection (RTP), behavior monitoring (BM), and endpoint detection and response (EDR), thus stopping all the associated antivirus detections, EDR alerts, and visibility for the excluded item.<br/><br/>See [Configure and validate exclusions for Microsoft Defender for Endpoint on Linux](linux-exclusions.md).| 
 | 5. Configure the eBPF-based sensor. | The extended Berkeley Packet Filter (eBPF) for Microsoft Defender for Endpoint on Linux is automatically enabled for all customers by default for agent versions `101.23082.0006` and later. It provides supplementary event data for Linux operating systems and helps reduce the possibility of conflicts between applications. <br/><br/>See [Use eBPF-based sensor for Microsoft Defender for Endpoint on Linux](linux-support-ebpf.md). |
@@ -274,7 +274,7 @@ Specifies the enforcement preference of antivirus engine. There are three values
 
 > [!NOTE]
 > Available in Defender for Endpoint version `101.10.72` or later. Default is changed from `real_time` to `passive` in Defender for Endpoint version `101.23062.0001` or later.
-> It is recommended to also use [scheduled scans](/defender-endpoint/linux-schedule-scan-mde) as per requirement.
+> It is recommended to also use [scheduled scans](/defender-endpoint/schedule-antivirus-scan-crontab) as per requirement.
 
 ### Enable or disable behavior monitoring (if RTP is enabled)
 

defender-endpoint/linux-update-mde-linux.md

@@ -79,7 +79,7 @@ And
 0 2 * * sat /bin/mdatp scan quick>~/mdatp_cron_job.log
 ```
 
-See [Schedule scans with Microsoft Defender for Endpoint (Linux)](linux-schedule-scan-mde.md)
+See [Schedule scans with Microsoft Defender for Endpoint (Linux)](schedule-antivirus-scan-crontab.md)
 
 Press "Insert"
 

defender-endpoint/mde-linux-deployment-on-sap.md

@@ -79,7 +79,7 @@ The default configuration option for deployment as an Azure Extension for Antivi
 
 Online Kernel patching tools, such as Ksplice or similar, can lead to unpredictable OS stability if Defender for Endpoint is running. It's recommended to temporarily stop the Defender for Endpoint daemon before performing online Kernel patching. After the Kernel is updated, Defender for Endpoint on Linux can be safely restarted. This action is especially important on large SAP HANA VMs with huge memory contexts.
 
-When Microsoft Defender Antivirus is running with real-time protection, it's no longer required to schedule scans. You should run a scan at least once to set a baseline. Then, if necessary, the Linux crontab is typically used to schedule Microsoft Defender Antivirus scans and log rotation tasks. For more information, see [How to schedule scans with Microsoft Defender for Endpoint (Linux)](linux-schedule-scan-mde.md).
+When Microsoft Defender Antivirus is running with real-time protection, it's no longer required to schedule scans. You should run a scan at least once to set a baseline. Then, if necessary, the Linux crontab is typically used to schedule Microsoft Defender Antivirus scans and log rotation tasks. For more information, see [How to schedule scans with Microsoft Defender for Endpoint (Linux)](schedule-antivirus-scan-crontab.md).
 
 [Endpoint detection and response](overview-endpoint-detection-response.md) (EDR) functionality is active whenever Microsoft Defender for Endpoint on Linux is installed. EDR functionality can be disabled through command line or configuration by using [global exclusions](/defender-endpoint/linux-exclusions#supported-exclusion-scopes). For more information on troubleshooting EDR, see the sections [Useful Commands](#useful-commands) and [Useful Links](#useful-links) (in this article).
 
@@ -173,7 +173,7 @@ The recommended configuration for SAP applications enables real-time interceptio
 
 SAP applications running on older versions of Linux or on hardware that's overloaded might consider using `real_time_protection_enabled = false`. In this case, antivirus scans should be scheduled.
 
-For more information, see [How to schedule scans with Microsoft Defender for Endpoint (Linux)](linux-schedule-scan-mde.md).
+For more information, see [How to schedule scans with Microsoft Defender for Endpoint (Linux)](schedule-antivirus-scan-crontab.md).
 
 Large SAP systems might have more than 20 SAP application servers, each with a connection to the SAPMNT NFS share. Twenty or more application servers simultaneously scanning the same NFS server will likely overload the NFS server. By default, Defender for Endpoint on Linux doesn't scan NFS sources.
 

defender-endpoint/mde-sap-windows-server.md

@@ -266,7 +266,7 @@ Here's a list of what to check:
 
    [EDR in Defender for Endpoint](overview-endpoint-detection-response.md) on Windows might scan SMB shared network file systems. The EDR sensor scans certain files that are identified as interesting for EDR analysis during file modification, delete, and move operations.
 
-   Defender for Endpoint on Linux doesn't scan NFS file systems during [scheduled scans](linux-schedule-scan-mde.md).
+   Defender for Endpoint on Linux doesn't scan NFS file systems during [scheduled scans](schedule-antivirus-scan-crontab.md).
 
 8. **Troubleshoot sense health or reliability issues**. To troubleshoot such issues, use the [Defender for Endpoint client analyzer tool](overview-client-analyzer.md). The Defender for Endpoint client analyzer can be useful when diagnosing sensor health or reliability issues on onboarded Windows, Linux, or Mac devices. Get the latest version of the Defender for Endpoint client analyzer here: [https://aka.ms/MDEClientAnalyzer](https://aka.ms/MDEClientAnalyzer).
 

defender-endpoint/microsoft-defender-endpoint-android.md

@@ -14,7 +14,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: android
 search.appverid: met150
-ms.date: 02/28/2025
+ms.date: 03/21/2025
 ---
 
 # Microsoft Defender for Endpoint on Android
@@ -65,7 +65,7 @@ This article describes how to install, configure, update, and use Defender for E
 
 **What does it mean devices running on unsupported Android version?** 
 
-**New users**: The application is longer available for new installations on devices running on unsupported versions. When users with unsupported versions attempt to download the Microsoft Defender app, the Google Play store notifies them that the device is incompatible.
+**New users**: The application is no longer available for new installations on devices running on unsupported versions. When users with unsupported versions attempt to download the Microsoft Defender app, the Google Play store notifies them that the device is incompatible.
 
 **Existing users**: The Microsoft Defender app continues to function for existing users on unsupported versions, but they don't receive updates from the Google Play store because they don't meet the minimum SDK version requirements. Therefore, any new updates on the app aren't available to devices running unsupported versions. Microsoft no longer addresses bugs or provides maintenance for unsupported operating system versions. Any issues occurring on devices running on unsupported versions aren't investigated. 
 
@@ -80,10 +80,12 @@ Microsoft Defender for Endpoint on Android supports installation on both modes o
 
 - Installation of Microsoft Defender for Endpoint on devices that aren't enrolled using Intune mobile device management (MDM), see [Configure Microsoft Defender for Endpoint risk signals in app protection policy (MAM)](android-configure-mam.md).
 
+> [!NOTE]
+> If a user has a valid MDE license and is registered in the Authenticator App or Company Portal App, and has signed in to the Defender App, the device appears in the Defender Portal.
+
 > [!NOTE]
 > **Microsoft Defender for Endpoint on Android is available on [Google Play](https://play.google.com/store/apps/details?id=com.microsoft.scmx) now.**
->
-> You can connect to Google Play from Intune to deploy Microsoft Defender for Endpoint app, across Device Administrator and Android Enterprise enrollment modes.
+> > You can connect to Google Play from Intune to deploy the Microsoft Defender for Endpoint app across Device Administrator and Android Enterprise enrollment modes.
 
 ### Required permissions
 
@@ -103,17 +105,23 @@ To ensure optimal protection for your device, Microsoft Defender requests access
 
 #### How to resolve the noncompliance state due to silent auth failures
 
-Microsoft Defender for Endpoint has a feature to let the user sign-in according to a set of policies called [Conditional Access policies](/defender-endpoint/configure-conditional-access). If a policy is violated, the Microsoft Defender app autosigns out and starts failing in silent auth (sign-in attempts in background). This process results in the devices being shown as non-compliant in the Intune portal. A user can get the device to compliant status by signing in again.
+- Microsoft Defender for Endpoint has a feature to let the user sign-in according to a set of policies called [Conditional Access policies](/defender-endpoint/configure-conditional-access).
+
+- If a policy is violated, the Microsoft Defender app autosigns out and starts failing in silent auth (sign-in attempts in background).
+
+- This process results in the devices being shown as noncompliant in the Intune portal. A user can get the device to compliant status by signing in again.
+
+- Users receive a notification (as shown in the following scenarios) prompting them to sign in.
 
-The user receives a notification (as shown in the following scenarios) asking them to sign in. The user can tap the notification or open the Microsoft Defender app and sign in. Signing in results in a successful, interactive authentication and causes the Intune portal to show the device as compliant.
+- They can tap the notification or open the Microsoft Defender app and sign in, which results in a successful, interactive authentication and causes the Intune portal to show the device as compliant.
 
 **Scenario 1:** The following experience occurs when MFA is configured by the admin through a Conditional Access policy:
 
 :::image type="content" source="media/ca-policy-user-flow.png" alt-text="Series of images showing the user flow when a Conditional Access policy is configured by the security team." lightbox="media/ca-policy-user-flow.png":::
 
 **Scenario 2:** The following experience occurs when **MFA is not configured** by the admin through a Conditional Access policy:
 
-:::image type="content" source="media/mfa-not-cong-user-flow.png" alt-text="Screenshot showing the user flow when MFA is not configured by your security team." lightbox="media/mfa-not-cong-user-flow.png":::
+:::image type="content" source="media/mfa-not-cong-user-flow.png" alt-text="Screenshot showing the user flow when MFA isn't configured by your security team." lightbox="media/mfa-not-cong-user-flow.png":::
 
 ## How to configure Microsoft Defender for Endpoint on Android