Merge pull request #2745 from MicrosoftDocs/main

Published main to live, Wednesday 10:30 AM PST, 02/12

Author: padmagit77

defender-endpoint/connected-applications.md

@@ -27,7 +27,7 @@ ms.date: 12/18/2020
 - [Microsoft Defender XDR](/defender-xdr)
 
 
-> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-assignaccess-abovefoldlink)
+> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://go.microsoft.com/fwlink/p/?linkid=2225630)
 
 Connected applications integrates with the Defender for Endpoint platform using APIs.
 

defender-endpoint/contact-support.md

@@ -25,7 +25,7 @@ ms.date: 12/18/2020
 - [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md)
 - [Microsoft Defender XDR](/defender-xdr)
 
-> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-assignaccess-abovefoldlink)
+> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://go.microsoft.com/fwlink/p/?linkid=2225630)
 
 Defender for Endpoint has recently upgraded the support process to offer a more modern and advanced support experience.
 

defender-endpoint/controlled-folders.md

@@ -33,7 +33,7 @@ search.appverid: met150
 **Applies to**
 - Windows
 
-> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-assignaccess-abovefoldlink)
+> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://go.microsoft.com/fwlink/p/?linkid=2225630)
 
 ## What is controlled folder access?
 

defender-endpoint/customize-controlled-folders.md

@@ -31,7 +31,7 @@ ms.date: 10/17/2024
 - Windows
 
 > [!TIP]
-> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-assignaccess-abovefoldlink)
+> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://go.microsoft.com/fwlink/p/?linkid=2225630)
 
 Controlled folder access helps you protect valuable data from malicious apps and threats, such as ransomware. Controlled folder access is supported on Windows Server 2019, Windows Server 2022, Windows 10, and Windows 11 clients.
 

defender-endpoint/customize-exploit-protection.md

@@ -25,15 +25,15 @@ search.appverid: met150
 - [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md)
 - [Microsoft Defender XDR](/defender-xdr)
 
-> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-assignaccess-abovefoldlink)
+> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://go.microsoft.com/fwlink/p/?linkid=2225630)
 
-Exploit protection automatically applies a number of exploit mitigation techniques on both the operating system processes and on individual apps.
+Exploit protection automatically applies many exploit mitigation techniques on both the operating system processes and on individual apps.
 
 Configure these settings using the Windows Security app on an individual device. Then, export the configuration as an XML file so you can deploy to other devices. Use Group Policy to distribute the XML file to multiple devices at once. You can also configure the mitigations with PowerShell.
 
 This article lists each of the mitigations available in exploit protection. It indicates whether the mitigation can be applied system-wide or to individual apps, and provides a brief description of how the mitigation works.
 
-It also describes how to enable or configure the mitigations using Windows Security, PowerShell, and mobile device management (MDM) configuration service providers (CSPs). This is the first step in creating a configuration that you can deploy across your network. The next step involves [generating, exporting, importing, and deploying the configuration to multiple devices](import-export-exploit-protection-emet-xml.md).
+It also describes how to enable or configure the mitigations using Windows Security, PowerShell, and mobile device management (MDM) configuration service providers (CSPs). This configuration is the first step in creating a configuration that you can deploy across your network. The next step involves [generating, exporting, importing, and deploying the configuration to multiple devices](import-export-exploit-protection-emet-xml.md).
 
 > [!WARNING]
 > Some security mitigation technologies may have compatibility issues with some applications. You should test exploit protection in all target use scenarios by using [audit mode](evaluate-exploit-protection.md) before deploying the configuration across a production environment or the rest of your network.
@@ -42,11 +42,11 @@ It also describes how to enable or configure the mitigations using Windows Secur
 
 All mitigations can be configured for individual apps. Some mitigations can also be applied at the operating system level.
 
-You can set each of the mitigations on, off, or to their default value. Some mitigations have additional options that are indicated in the description in the table.
+You can set each of the mitigations on, off, or to their default value. Some mitigations have more options that are indicated in the description in the table.
 
-Default values are always specified in brackets at the **Use default** option for each mitigation. In the following example, the default for Data Execution Prevention is "On".
+Default values are always specified in brackets at the **Use default** option for each mitigation. In the following example, the default for Data Execution Prevention is "On."
 
-The **Use default** configuration for each of the mitigation settings indicates our recommendation for a base level of protection for everyday usage for home users. Enterprise deployments should consider the protection required for their individual needs and may need to modify configuration away from the defaults.
+The **Use default** configuration for each of the mitigation settings indicates our recommendation for a base level of protection for everyday usage for home users. Enterprise deployments should consider the protection required for their individual needs and hence need to modify configuration away from the defaults.
 
 For the associated PowerShell cmdlets for each mitigation, see the [PowerShell reference table](#cmdlets-table) at the bottom of this article.
 
@@ -56,7 +56,7 @@ For the associated PowerShell cmdlets for each mitigation, see the [PowerShell r
 |Data Execution Prevention (DEP)|Prevents code from being run from data-only memory pages such as the heap and stacks. Only configurable for 32-bit (x86) apps, permanently enabled for all other architectures. Can optionally enable ATL thunk emulation.|System and app-level|No|
 |Force randomization for images (Mandatory ASLR)|Forcibly relocates images not compiled with /DYNAMICBASE. Can optionally fail loading images that don't have relocation information.|System and app-level|No|
 |Randomize memory allocations (Bottom-Up ASLR)|Randomizes locations for virtual memory allocations. It includes system structure heaps, stacks, TEBs, and PEBs. Can optionally use a wider randomization variance for 64-bit processes.|System and app-level|No|
-|Validate exception chains (SEHOP)|Ensures the integrity of an exception chain during exception dispatch. Only configurable for 32-bit (x86) applications.|System and app-level|No|
+|Validate exception chains (SEHOP)|Ensures the integrity of an exception chain during exception dispatches. Only configurable for 32-bit (x86) applications.|System and app-level|No|
 |Validate heap integrity|Terminates a process when heap corruption is detected.|System and app-level|No|
 |Arbitrary code guard (ACG)|Prevents the introduction of non-image-backed executable code and prevents code pages from being modified. Can optionally allow thread opt-out and allow remote downgrade (configurable only with PowerShell).|App-level only|Yes|
 |Block low integrity images|Prevents the loading of images marked with Low Integrity.|App-level only|Yes|
@@ -66,16 +66,16 @@ For the associated PowerShell cmdlets for each mitigation, see the [PowerShell r
 |Disable extension points|Disables various extensibility mechanisms that allow DLL injection into all processes, such as AppInit DLLs, window hooks, and Winsock service providers.|App-level only|No|
 |Disable Win32k system calls|Prevents an app from using the Win32k system call table.|App-level only|Yes|
 |Don't allow child processes|Prevents an app from creating child processes.|App-level only|Yes|
-|Export address filtering (EAF)|Detects dangerous operations being resolved by malicious code. Can optionally validate access by modules commonly used by exploits.|App-level only|Yes|
-|Import address filtering (IAF)|Detects dangerous operations being resolved by malicious code.|App-level only|Yes|
+|Export address filtering (EAF)|Detects dangerous operations that are resolved by malicious code. Can optionally validate access by modules commonly used by exploits.|App-level only|Yes|
+|Import address filtering (IAF)|Detects dangerous operations that are resolved by a malicious code.|App-level only|Yes|
 |Simulate execution (SimExec)|Ensures that calls to sensitive APIs return to legitimate callers. Only configurable for 32-bit (x86) applications. Not compatible with ACG.|App-level only|Yes|
-|Validate API invocation (CallerCheck)|Ensures that sensitive APIs are invoked by legitimate callers. Only configurable for 32-bit (x86) applications. Not compatible with ACG|App-level only|Yes|
+|Validate API invocation (CallerCheck)|Ensures that legitimate callers invoke sensitive APIs. Only configurable for 32-bit (x86) applications. Not compatible with ACG|App-level only|Yes|
 |Validate handle usage|Causes an exception to be raised on any invalid handle references.|App-level only|No|
 |Validate image dependency integrity|Enforces code signing for Windows image dependency loading.|App-level only|No|
 |Validate stack integrity (StackPivot)|Ensures that the stack hasn't been redirected for sensitive APIs. Not compatible with ACG.|App-level only|Yes|
 
 > [!IMPORTANT]
-> If you add an app to the **Program settings** section and configure individual mitigation settings there, they will be honored above the configuration for the same mitigations specified in the **System settings** section. The following matrix and examples help to illustrate how defaults work:
+> If you add an app to the **Program settings** section and configure individual mitigation settings there, they'll be honored above the configuration for the same mitigations specified in the **System settings** section. The following matrix and examples help to illustrate how defaults work:
 >
 > |Enabled in **Program settings**|Enabled in **System settings**|Behavior|
 > |---|---|---|

defender-endpoint/data-storage-privacy.md

@@ -30,7 +30,7 @@ ms.date: 08/20/2024
 - [Microsoft Defender XDR](/defender-xdr)
 - [Microsoft Defender for Business](/defender-business/mdb-overview)
 
-> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-assignaccess-abovefoldlink)
+> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://go.microsoft.com/fwlink/p/?linkid=2225630)
 
 This section covers some of the most frequently asked questions regarding privacy and data handling for Defender for Endpoint.
 

defender-endpoint/defender-compatibility.md

@@ -27,7 +27,7 @@ ms.subservice: ngp
 - [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md)
 - [Microsoft Defender XDR](/defender-xdr)
 
-> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-defendercompat-abovefoldlink)
+> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://go.microsoft.com/fwlink/p/?linkid=2225630)
 
 The Microsoft Defender for Endpoint agent depends on Microsoft Defender Antivirus for some capabilities such as file scanning.
 

defender-endpoint/deployment-strategy.md

@@ -24,7 +24,7 @@ ms.date: 12/12/2024
 - [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md)
 - [Microsoft Defender XDR](/defender-xdr)
 
-> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-secopsdashboard-abovefoldlink)
+> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://go.microsoft.com/fwlink/p/?linkid=2225630)
 
 If you're already completed the steps to set up your Microsoft Defender for Endpoint deployment, and you have assigned roles and permissions for Defender for Endpoint, your next step is to create a plan for onboarding. Your plan begins with identifying your architecture and choosing your deployment method.
 

defender-endpoint/device-timeline-event-flag.md

@@ -27,7 +27,7 @@ ms.date: 11/06/2023
 
 
 > [!NOTE]
-> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-assignaccess-abovefoldlink)
+> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://go.microsoft.com/fwlink/p/?linkid=2225630)
 
 The Defender for Endpoint device timeline helps you research and investigate anomalous behavior on your devices more quickly. You can explore specific events and endpoints to review potential attacks in your organization. You can review specific times of each event, set flags to follow up for potentially connected events, and filter to specific date ranges. 
 

defender-endpoint/edr-in-block-mode.md

@@ -34,7 +34,7 @@ search.appverid: met150
 
 - Windows
 
-> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-assignaccess-abovefoldlink)
+> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://go.microsoft.com/fwlink/p/?linkid=2225630)
 
 This article describes EDR in block mode, which helps protect devices that are running a non-Microsoft antivirus solution (with Microsoft Defender Antivirus in passive mode).