MicrosoftDocs
diff --git a/‎defender-endpoint/auto-investigation-action-center.md‎
Lines changed: 1 addition & 1 deletion b/‎defender-endpoint/auto-investigation-action-center.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎defender-endpoint/microsoft-defender-endpoint-linux.md‎
Lines changed: 10 additions & 5 deletions b/‎defender-endpoint/microsoft-defender-endpoint-linux.md‎
Lines changed: 10 additions & 5 deletions
diff --git a/‎defender-endpoint/migrate-devices-streamlined.md‎
Lines changed: 2 additions & 1 deletion b/‎defender-endpoint/migrate-devices-streamlined.md‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎defender-endpoint/threat-protection-integration.md‎
Lines changed: 1 addition & 1 deletion b/‎defender-endpoint/threat-protection-integration.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎defender-endpoint/zero-trust-with-microsoft-defender-endpoint.md‎
Lines changed: 1 addition & 0 deletions b/‎defender-endpoint/zero-trust-with-microsoft-defender-endpoint.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎defender-office-365/advanced-delivery-policy-configure.md‎
Lines changed: 1 addition & 1 deletion b/‎defender-office-365/advanced-delivery-policy-configure.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎defender-office-365/air-about.md‎
Lines changed: 1 addition & 1 deletion b/‎defender-office-365/air-about.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎defender-office-365/air-user-automatic-feedback-response.md‎
Lines changed: 0 additions & 3 deletions b/‎defender-office-365/air-user-automatic-feedback-response.md‎
Lines changed: 0 additions & 3 deletions
diff --git a/‎defender-office-365/alert-policies-defender-portal.md‎
Lines changed: 1 addition & 1 deletion b/‎defender-office-365/alert-policies-defender-portal.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎defender-office-365/anti-malware-policies-configure.md‎
Lines changed: 1 addition & 1 deletion b/‎defender-office-365/anti-malware-policies-configure.md‎
Lines changed: 1 addition & 1 deletion
@@ -50,7 +50,7 @@ You can use the unified Action center if you have appropriate permissions and on
 
 - [Microsoft Defender XDR](/microsoft-365/security/mtp/microsoft-threat-protection)
 - [Defender for Endpoint](microsoft-defender-endpoint.md)
-- [Defender for Office 365]/defender-office-365/mdo-about
+- [Defender for Office 365](/defender-office-365/mdo-about)
 - [Defender for Business](/defender-business/mdb-overview)
 
 ## Using the Action center
 
@@ -85,8 +85,11 @@ In general you need to take the following steps:
   - Red Hat Enterprise Linux 9.x
   - CentOS 6.7 or higher (In preview)
   - CentOS 7.2 or higher
-  - Ubuntu 16.04 LTS or higher LTS
-   - Debian 9 - 12
+  - Ubuntu 16.04 LTS 
+  - Ubuntu 18.04 LTS
+  - Ubuntu 20.04 LTS
+  - Ubuntu 22.04 LTS
+  - Debian 9 - 12
   - SUSE Linux Enterprise Server 12 or higher
   - SUSE Linux Enterprise Server 15 or higher
   - Oracle Linux 7.2 or higher
@@ -105,9 +108,10 @@ In general you need to take the following steps:
     > MDE Linux version 101.23082.0011 is the last MDE Linux release supporting RHEL 6.7 or higher versions (does not expire before June 30, 2024). Customers are advised to plan upgrades to their RHEL 6 infrastructure aligned with guidance from Red Hat. 
 
 - List of supported kernel versions
-  > [!NOTE]
-  > Microsoft Defender for Endpoint on Red Hat Enterprise Linux and CentOS - 6.7 to 6.10 is a Kernel based solution. You must verify that the kernel version is supported before updating to a newer kernel version.
-  > Microsoft Defender for Endpoint for all other supported distributions and versions is kernel-version-agnostic. With a minimal requirement for the kernel version to be at or greater than 3.10.0-327.
+
+   > [!NOTE]
+   > Microsoft Defender for Endpoint on Red Hat Enterprise Linux and CentOS - 6.7 to 6.10 is a Kernel based solution. You must verify that the kernel version is supported before updating to a newer kernel version.
+   > Microsoft Defender for Endpoint for all other supported distributions and versions is kernel-version-agnostic. With a minimal requirement for the kernel version to be at or greater than 3.10.0-327.
 
   - The `fanotify` kernel option must be enabled
   - Red Hat Enterprise Linux 6 and CentOS 6:
@@ -249,5 +253,6 @@ High I/O workloads from certain applications can experience performance issues w
 - [Protect your endpoints with Defender for Cloud's integrated EDR solution: Microsoft Defender for Endpoint](/azure/defender-for-cloud/integration-defender-for-endpoint)
 - [Connect your non-Azure machines to Microsoft Defender for Cloud](/azure/defender-for-cloud/quickstart-onboard-machines)
 - [Turn on network protection for Linux](network-protection-linux.md)
+
 [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]
 
@@ -13,7 +13,7 @@ ms.collection:
 - tier1
 ms.topic: how-to
 ms.subservice: onboard
-ms.date: 05/08/2024
+ms.date: 05/09/2024
 ---
 
 # Migrate devices to use the streamlined connectivity method
@@ -33,6 +33,7 @@ In most cases, full device offboarding isn't required when reonboarding. You can
 > [!IMPORTANT]
 > Limitations and known issues:
 >
+> - We found a back-end issue with populating the `ConnectivityType` column in the `DeviceInfo table` in advanced hunting so that you can track migration progress. We aim to resolve this issue as soon as possible.
 > - For device migrations (reonboarding): Offboarding is not required to switch over to streamlined connectivity method. Once the updated onboarding package is run, a full device reboot is required for Windows devices and a service restart for macOS and Linux. For more information, see the details included in this article.
 > - Windows 10 versions 1607, 1703, 1709, and 1803 do not support reonboarding. Offboard first and then onboard using the updated package. These versions also require a longer URL list.
 > - Devices running the MMA agent are not supported and must continue using the MMA onboarding method.
 
@@ -58,7 +58,7 @@ Suspicious activities are processes running under a user context. The integratio
 
 ### Microsoft Defender for Office
 
-[Defender for Office 365]/defender-office-365/mdo-about helps protect your organization from malware in email messages or files through Safe Links, Safe Attachments, advanced Anti-Phishing, and spoof intelligence capabilities. The integration between Microsoft Defender for Office 365 and Microsoft Defender for Endpoint enables security analysts to go upstream to investigate the entry point of an attack. Through threat intelligence sharing, attacks can be contained and blocked.
+[Defender for Office 365](/defender-office-365/mdo-about) helps protect your organization from malware in email messages or files through Safe Links, Safe Attachments, advanced Anti-Phishing, and spoof intelligence capabilities. The integration between Microsoft Defender for Office 365 and Microsoft Defender for Endpoint enables security analysts to go upstream to investigate the entry point of an attack. Through threat intelligence sharing, attacks can be contained and blocked.
 
 > [!NOTE]
 > Defender for Office 365 data is displayed for events within the last 30 days. For alerts, Defender for Office 365 data is displayed based on first activity time. After that, the data is no longer available in Defender for Office 365.
 
@@ -8,6 +8,7 @@ f1.keywords:
 ms.author: siosulli
 author: siosulli
 ms.localizationpriority: medium
+ms.date: 05/10/2024
 manager: deniseb
 audience: ITPro
 ms.collection:
 
@@ -59,7 +59,7 @@ Messages that are identified by the advanced delivery policy aren't security thr
 - To connect to Exchange Online PowerShell, see [Connect to Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell).
 
 - You need to be assigned permissions before you can do the procedures in this article. You have the following options:
-  - [Microsoft Defender XDR Unified role based access control (RBAC)](/defender-xdr/manage-rbac) (Affects the Defender portal only, not PowerShell): **Authorization and settings/Security settings/Core Security settings (manage)** or **Authorization and settings/Security settings/Core Security settings (read)**.
+  - [Microsoft Defender XDR Unified role based access control (RBAC)](/defender-xdr/manage-rbac) (If **Email & collaboration** \> **Defender for Office 365** permissions is :::image type="icon" source="media/scc-toggle-on.png" border="false"::: **Active**. Affects the Defender portal only, not PowerShell): **Authorization and settings/Security settings/Core Security settings (manage)** or **Authorization and settings/Security settings/Core Security settings (read)**.
   - [Email & collaboration permissions in the Microsoft Defender portal](mdo-portal-permissions.md) and [Exchange Online permissions](/exchange/permissions-exo/permissions-exo):
     - _Create, modify, or remove configured settings in the advanced delivery policy_: Membership in the **Security Administrator** role groups in Email & collaboration RBAC <u>and</u> membership in the **Organization Management** role group in Exchange Online RBAC.
     - _Read-only access to the advanced delivery policy_: Membership in the **Global Reader** or **Security Reader** role groups in Email & collaboration RBAC.
 
@@ -101,7 +101,7 @@ Microsoft 365 provides many built-in alert policies that help identify Exchange
 
 You need to be assigned permissions to use AIR. You have the following options:
 
-- [Microsoft Defender XDR Unified role based access control (RBAC)](/defender-xdr/manage-rbac) (Affects the Defender portal only, not PowerShell):
+- [Microsoft Defender XDR Unified role based access control (RBAC)](/defender-xdr/manage-rbac) (If **Email & collaboration** \> **Defender for Office 365** permissions is :::image type="icon" source="media/scc-toggle-on.png" border="false"::: **Active**. Affects the Defender portal only, not PowerShell):
   - _Start an automated investigation_ or _Approve or reject recommended actions_: **Security Operator/Email advanced remediation actions (manage)**.
 - [Email & collaboration permissions in the Microsoft Defender portal](mdo-portal-permissions.md):
   - _Set up AIR features_: Membership in the **Organization Management** or **Security Administrator** role groups.
 
@@ -15,9 +15,6 @@ appliesto:
 
 # Automatic user notifications for user reported phishing results in AIR
 
-> [!NOTE]
-> The features described in this article are currently in Public Preview, aren't available in all organizations, and are subject to change.
-
 In Microsoft 365 organizations with Exchange Online mailboxes, admins can configure the backend for messages that users report as malicious or not malicious in Outlook (send to Microsoft, send to a reporting mailbox, or both), and configure the various notification options for user reported messages. For more information, see [User reported settings](submissions-user-reported-messages-custom-mailbox.md).
 
 In Microsoft 365 organizations with Microsoft Defender for Office 365 Plan 2, when a user reports a message as phishing, an investigation is automatically created in [automated investigation and response (AIR)](air-about.md). Admins can configure the user reported message settings to send an email notification to the user who reported the message based on the verdict from AIR. This notification is also known as _automatic feedback response_.
 
@@ -35,7 +35,7 @@ In Microsoft 365 organizations with mailboxes in Exchange Online, alert policies
 ## What do you need to know before you begin?
 
 - You need to be assigned permissions before you can do the procedures in this article. You have the following options:
-  - [Microsoft Defender XDR Unified role based access control (RBAC)](/defender-xdr/manage-rbac) (Affects the Defender portal only, not PowerShell):
+  - [Microsoft Defender XDR Unified role based access control (RBAC)](/defender-xdr/manage-rbac) (If **Email & collaboration** \> **Defender for Office 365** permissions is :::image type="icon" source="media/scc-toggle-on.png" border="false"::: **Active**. Affects the Defender portal only, not PowerShell):
     - _Read only access to the Alert policies page_: **Security operations / Security data / Security data basics (read)**.
     - _Manage alert policies_: **Authorization and settings / Security settings / Detection tuning (manage)**.
   - [Email & collaboration permissions in the Microsoft Defender portal](mdo-portal-permissions.md):
 
@@ -47,7 +47,7 @@ You can configure anti-malware policies in the Microsoft Defender portal or in P
 - To connect to Exchange Online PowerShell, see [Connect to Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell). To connect to standalone EOP PowerShell, see [Connect to Exchange Online Protection PowerShell](/powershell/exchange/connect-to-exchange-online-protection-powershell).
 
 - You need to be assigned permissions before you can do the procedures in this article. You have the following options:
-  - [Microsoft Defender XDR Unified role based access control (RBAC)](/defender-xdr/manage-rbac) (Affects the Defender portal only, not PowerShell): **Authorization and settings/Security settings/Core Security settings (manage)** or **Authorization and settings/Security settings/Core Security settings (read)**.
+  - [Microsoft Defender XDR Unified role based access control (RBAC)](/defender-xdr/manage-rbac) (If **Email & collaboration** \> **Defender for Office 365** permissions is :::image type="icon" source="media/scc-toggle-on.png" border="false"::: **Active**. Affects the Defender portal only, not PowerShell): **Authorization and settings/Security settings/Core Security settings (manage)** or **Authorization and settings/Security settings/Core Security settings (read)**.
   - [Exchange Online permissions](/exchange/permissions-exo/permissions-exo):
     - _Add, modify, and delete policies_: Membership in the **Organization Management** or **Security Administrator** role groups.
     - _Read-only access to policies_: Membership in the **Global Reader**, **Security Reader**, or **View-Only Organization Management** role groups.