Merge pull request #2524 from MicrosoftDocs/main

Published main to live, Thursday 10:30 AM PST, 01/23

Author: padmagit77

defender-endpoint/api/export-firmware-hardware-assessment.md

@@ -15,7 +15,7 @@ ms.topic: reference
 ms.subservice: reference
 ms.custom: api
 search.appverid: met150
-ms.date: 01/08/2025
+ms.date: 01/22/2025
 ---
 
 # Export Hardware and firmware assessment inventory per device
@@ -153,12 +153,16 @@ Delegated (work or school account)|Software.Read|'Read Threat and Vulnerability
 GET /api/machines/HardwareFirmwareInventoryExport
 ```
 
-### 2.4 Properties (JSON response)
+### 2.4 Parameters
+
+- `sasValidHours`: The number of hours that the download URLs are valid for. Maximum is 6 hours.
+
+### 2.5 Properties (JSON response)
 
 > [!NOTE]
 >
-> - The files are gzip compressed & in multiline Json format.
-> - The download URLs are only valid for 1 hour.
+> - The files are GZIP compressed & in multiline JSON format.
+> - The download URLs are valid for 6 hours.
 > - To maximize download speeds, make sure you are downloading the data from the same Azure region where your data resides.
 > - Each record is approximately 1KB of data. You should take this into account when choosing the pageSize parameter that works for you.
 > - Some additional columns might be returned in the response. These columns are temporary and might be removed. Only use the documented columns.
@@ -169,15 +173,15 @@ Property (ID)|Data type|Description
 |GeneratedTime|DateTime|The time the export was generated.
 
 
-## 2.5 Examples
+## 2.6 Examples
 
-### 2.5.1 Request example
+### 2.6.1 Request example
 
 ```http
 GET https://api.security.microsoft.com/api/machines/HardwareFirmwareInventoryExport
 ```
 
-### 2.5.2 Response example
+### 2.6.2 Response example
 
 ```json
     {

defender-endpoint/api/export-security-baseline-assessment.md

@@ -15,7 +15,7 @@ ms.topic: reference
 ms.subservice: reference
 ms.custom: api
 search.appverid: met150
-ms.date: 01/08/2025
+ms.date: 01/22/2025
 ---
 
 # Export security baselines assessment per device
@@ -158,12 +158,16 @@ Returns all security baselines assessments for all devices, on a per-device basi
 GET /api/machines/BaselineComplianceAssessmentExport
 ```
 
-### 2.4 Properties (via files)
+### 2.4 Parameters
+
+- `sasValidHours`: The number of hours that the download URLs are valid for. Maximum is 6 hours.
+
+### 2.5 Properties (via files)
 
 > [!NOTE]
 > 
-> - The files are gzip compressed & in multiline Json format.
-> - The download URLs are only valid for 1 hours.
+> - The files are GZIP compressed & in multiline JSON format.
+> - The download URLs are valid for 6 hours.
 > - To maximize download speeds, make sure you are downloading the data from the same Azure region where your data resides.
 > - Some additional columns might be returned in the response. These columns are temporary and might be removed. Only use the documented columns.
 
@@ -172,15 +176,15 @@ Property (ID)|Data type|Description
 |Export files|array[string]|A list of download URLs for files holding the current snapshot of the organization.
 |GeneratedTime|String|The time that the export was generated.
 
-## 2.5 Examples
+## 2.6 Examples
 
-### 2.5.1 Request example
+### 2.6.1 Request example
 
 ```http
 GET https://api.securitycenter.microsoft.com/api/machines/BaselineComplianceAssessmentExport
 ```
 
-### 2.5.2 Response example
+### 2.6.2 Response example
 
 ```json
 {

defender-endpoint/api/get-assessment-browser-extensions.md

@@ -15,7 +15,7 @@ ms.topic: reference
 ms.subservice: reference
 ms.custom: api
 search.appverid: met150
-ms.date: 01/08/2025
+ms.date: 01/22/2025
 ---
 
 # Export browser extensions assessment per device
@@ -182,12 +182,16 @@ Delegated (work or school account)|Software.Read|'Read Threat and Vulnerability
 GET /api/machines/browserextensionsinventoryExport
 ```
 
-### 2.4 Properties
+### 2.4 Parameters
+
+- `sasValidHours`: The number of hours that the download URLs are valid for. Maximum is 6 hours.
+
+### 2.5 Properties
 
 > [!NOTE]
 >
-> - The files are gzip compressed & in multiline JSON format.
-> - The download URLs are only valid for 1 hour.
+> - The files are GZIP compressed & in multiline JSON format.
+> - The download URLs are valid for 6 hours.
 > - For maximum download speed of your data, you can make sure you're downloading from the same Azure region that your data resides.
 
 <br>

defender-endpoint/api/get-assessment-information-gathering.md

@@ -15,7 +15,7 @@ ms.topic: reference
 ms.subservice: reference
 ms.custom: api
 search.appverid: met150
-ms.date: 01/08/2025
+ms.date: 01/22/2025
 ---
 
 # Information gathering assessment per device
@@ -69,12 +69,16 @@ Delegated (work or school account)|Vulnerability.Read|\'Read Threat and Vulnerab
 GET /api/Machines/InfoGatheringExport
 ```
 
-### 1.4 Properties
+### 1.4 Parameters
+
+- `sasValidHours`: The number of hours that the download URLs are valid for Maximum is 6 hours.
+
+### 1.5 Properties
 
 > [!NOTE]
 > 
-> - The files are gzip compressed & in multiline Json format.
-> - The download URLs are only valid for 1 hour.
+> - The files are GZIP compressed & in multiline JSON format.
+> - The download URLs are valid for 6 hours.
 > - To maximize download speeds, make sure you are downloading the data from the same Azure region where your data resides.
 > - Some additional columns might be returned in the response. These columns are temporary and might be removed. Only use the documented columns.
 
@@ -83,15 +87,15 @@ Property (ID)|Data type|Description
 |Export files|String[array]|A list of download URLs for files holding the current snapshot of the organization.
 |GeneratedTime|DateTime|The time the export was generated.
 
-### 1.5 Examples
+### 1.6 Examples
 
-#### 1.5.1 Request example
+#### 1.6.1 Request example
 
 ```http
 GET https://api.securitycenter.microsoft.com/api/machines/InfoGatheringExport?$sasValidHours=1
 ```
 
-#### 1.5.2 Response example
+#### 1.6.2 Response example
 
 ```json
 {

defender-endpoint/api/get-assessment-non-cpe-software-inventory.md

@@ -15,7 +15,7 @@ ms.topic: reference
 ms.subservice: reference
 ms.custom: api
 search.appverid: met150
-ms.date: 01/08/2025
+ms.date: 01/23/2025
 ---
 
 # Export non product code software inventory assessment per device
@@ -180,12 +180,16 @@ Delegated (work or school account)|Software.Read|\'Read Threat and Vulnerability
 GET /api/machines/SoftwareInventoryNonCpeExport
 ```
 
-### 2.4 Properties
+### 2.4 Parameters
+
+- `sasValidHours`: The number of hours that the download URLs are valid for. Maximum is 6 hours.
+
+### 2.5 Properties
 
 > [!NOTE]
 >
-> - The files are gzip compressed & in multiline JSON format.
-> - The download URLs are only valid for 1 hour.
+> - The files are GZIP compressed & in multiline JSON format.
+> - The download URLs are valid for 6 hours.
 > - For maximum download speed of your data, you can make sure you're downloading from the same Azure region that your data resides.
 
 <br>
@@ -198,15 +202,15 @@ Export files|array\[string\]|A list of download URLs for files holding the curre
 GeneratedTime|string|The time that the export was generated.|2021-05-20T08:00:00Z
 |
 
-### 2.5 Examples
+### 2.6 Examples
 
-#### 2.5.1 Request example
+#### 2.6.1 Request example
 
 ```http
 GET https://api.securitycenter.microsoft.com/api/machines/SoftwareInventoryNonCpeExport
 ```
 
-#### 2.5.2 Response example
+#### 2.6.2 Response example
 
 ```json
 {

defender-endpoint/api/get-assessment-secure-config.md

@@ -15,7 +15,7 @@ ms.topic: reference
 ms.subservice: reference
 ms.custom: api
 search.appverid: met150
-ms.date: 01/06/2025
+ms.date: 01/23/2025
 ---
 
 # Export secure configuration assessment per device
@@ -238,12 +238,16 @@ Delegated (work or school account)|Vulnerability.Read|\'Read Threat and Vulnerab
 GET /api/machines/SecureConfigurationsAssessmentExport
 ```
 
-### 2.4 Properties
+### 2.4 Parameters
+
+- `sasValidHours`: The number of hours that the download URLs are valid for. Maximum is 6 hours.
+
+### 2.5 Properties
 
 > [!NOTE]
 >
 > - The files are GZIP compressed & in multiline JSON format.
-> - The download URLs are only valid for 1 hour.
+> - The download URLs are valid for 6 hours.
 > - For maximum download speed of your data, you can make sure you are downloading from the same Azure region in which your data resides.
 
 
@@ -257,15 +261,15 @@ Export files|array[string]|A list of download URLs for files holding the current
 GeneratedTime|string|The time that the export was generated.|2021-05-20T08:00:00Z
 |
 
-### 2.5 Examples
+### 2.6 Examples
 
-#### 2.5.1 Request example
+#### 2.6.1 Request example
 
 ```http
 GET https://api.securitycenter.microsoft.com/api/machines/SecureConfigurationsAssessmentExport
 ```
 
-#### 2.5.2 Response example
+#### 2.6.2 Response example
 
 ```json
 {

defender-endpoint/api/get-assessment-software-inventory.md

@@ -15,7 +15,7 @@ ms.topic: reference
 ms.subservice: reference
 ms.custom: api
 search.appverid: met150
-ms.date: 01/08/2025
+ms.date: 01/23/2025
 ---
 
 # Export software inventory assessment per device
@@ -236,12 +236,16 @@ Delegated (work or school account)|Software.Read|\'Read Threat and Vulnerability
 GET /api/machines/SoftwareInventoryExport
 ```
 
-### 2.4 Properties
+### 2.4 Parameters
+
+- `sasValidHours`: The number of hours that the download URLs are valid for. Maximum is 6 hours.
+
+### 2.5 Properties
 
 > [!NOTE]
 >
-> - The files are gzip compressed & in multiline JSON format.
-> - The download URLs are only valid for 1 hour.
+> - The files are GZIP compressed & in multiline JSON format.
+> - The download URLs are valid for 6 hours.
 > - For maximum download speed of your data, you can make sure you're downloading from the same Azure region that your data resides.
 
 <br>
@@ -254,15 +258,15 @@ Export files|array\[string\]|A list of download URLs for files holding the curre
 GeneratedTime|string|The time that the export was generated.|2021-05-20T08:00:00Z
 |
 
-### 2.5 Examples
+### 2.6 Examples
 
-#### 2.5.1 Request example
+#### 2.6.1 Request example
 
 ```http
 GET https://api.securitycenter.microsoft.com/api/machines/SoftwareInventoryExport
 ```
 
-#### 2.5.2 Response example
+#### 2.6.2 Response example
 
 ```json
 {

defender-endpoint/api/get-assessment-software-vulnerabilities.md

@@ -15,7 +15,7 @@ ms.topic: reference
 ms.subservice: reference
 ms.custom: api
 search.appverid: met150
-ms.date: 01/08/2025
+ms.date: 01/23/2025
 ---
 
 # Export software vulnerabilities assessment per device
@@ -288,12 +288,16 @@ Delegated (work or school account)|Vulnerability.Read|\'Read Threat and Vulnerab
 GET /api/machines/SoftwareVulnerabilitiesExport
 ```
 
-### 2.4 Properties
+### 2.4 Parameters
+
+- `sasValidHours`: The number of hours that the download URLs are valid for. Maximum is 6 hours.
+
+### 2.5 Properties
 
 > [!NOTE]
 >
-> - The files are gzip compressed & in multiline Json format.
-> - The download URLs are only valid for 1 hour.
+> - The files are GZIP compressed & in multiline JSON format.
+> - The download URLs are valid for 6 hours.
 > - For maximum download speed of your data, you can make sure you're downloading from the same Azure region that your data resides.
 >
 > - Each record is approximately 1KB of data. You should take this into account when choosing the correct pageSize parameter for you.
@@ -309,15 +313,15 @@ Export files|array\[string\]|A list of download URLs for files holding the curre
 GeneratedTime|String|The time that the export was generated.|2021-05-20T08:00:00Z
 |
 
-### 2.5 Examples
+### 2.6 Examples
 
-#### 2.5.1 Request example
+#### 2.6.1 Request example
 
 ```http
 GET https://api-us.securitycenter.contoso.com/api/machines/SoftwareVulnerabilitiesExport
 ```
 
-#### 2.5.2 Response example
+#### 2.6.2 Response example
 
 ```json
 {

defender-endpoint/defender-endpoint-false-positives-negatives.md

@@ -212,9 +212,11 @@ To define exclusions across Microsoft Defender for Endpoint, perform the followi
 
 - [Create "allow" indicators for Microsoft Defender for Endpoint](#indicators-for-defender-for-endpoint)
 - [Define exclusions for Microsoft Defender Antivirus](#exclusions-for-microsoft-defender-antivirus)
+- For Attack Surface Reduction Rule exclusions [Configure attack surface reduction per-rule exclusions](/defender-endpoint/attack-surface-reduction-rules-deployment-test#configure-attack-surface-reduction-per-rule-exclusions) or you can leverage [ASR rule only exclusions](/defender-endpoint/enable-attack-surface-reduction#exclude-files-and-folders-from-attack-surface-reduction-rules)
 
 > [!NOTE]
 > Microsoft Defender Antivirus exclusions apply only to antivirus protection, not across other Microsoft Defender for Endpoint capabilities. To exclude files broadly, use [custom indicators](indicators-overview.md) for Microsoft Defender for Endpoint and exclusions for Microsoft Defender Antivirus.
+> ASR Rules can leverage ASR Rule Exclusions - where the exclusions apply to all ASR Rules; ASR per Rule Exclusions; Defender AV exclusions; as well as allow indicators defined in Custom Indicators.
 
 The procedures in this section describe how to define indicators and exclusions.