Merge branch 'main' into maccruz-cdadx

Author: schmurky

defender-endpoint/configure-updates.md

@@ -15,7 +15,7 @@ ms.collection:
 - tier2
 ms.topic: conceptual
 search.appverid: met150
-ms.date: 01/12/2024
+ms.date: 02/10/2025
 ---
 
 # Create a custom gradual rollout process for Microsoft Defender updates
@@ -49,19 +49,17 @@ The following table lists the available group policy settings for configuring up
 ## Group Policy
 
 > [!NOTE]
-> An updated Defender ADMX template are published together with the 21H2 release of Windows 10. A non-localized version is available for download at [defender-updatecontrols](https://github.com/microsoft/defender-updatecontrols) on GitHub.
+> An updated Defender ADMX template is published together with the 21H2 release of Windows 10. A non-localized version is available for download at [defender-updatecontrols](https://github.com/microsoft/defender-updatecontrols) on GitHub.
 
-You can use [Group Policy](/windows/win32/srvnodes/group-policy?redirectedfrom=MSDN) to configure and manage Microsoft Defender Antivirus on your endpoints.
-
-In general, you can use the following procedure to configure or change Microsoft Defender Antivirus group policy settings:
+You can use [Group Policy](/windows/win32/srvnodes/group-policy?redirectedfrom=MSDN) to configure and manage Microsoft Defender Antivirus on your endpoints. In general, you can use the following procedure to configure or change Microsoft Defender Antivirus group policy settings:
 
 1. On your Group Policy management machine, open the **Group Policy Management Console**, right-click the **Group Policy Object** (GPO) you want to configure and select **Edit**.
 
 2. Using the Group Policy Management Editor go to **Computer configuration**.
 
 3. Select **Administrative templates**.
 
-4. Expand the tree to **Windows components > Microsoft Defender Antivirus**.
+4. Expand the tree to **Windows components** > **Microsoft Defender Antivirus**.
 
 5. Expand the section (referred to as **Location** in the table in this article) that contains the setting you want to configure, double-click the setting to open it, and make configuration changes.
 
@@ -88,15 +86,22 @@ Set-MpPreference
 -DisableGradualRelease 1|0
 -DefinitionUpdatesChannel Staged|Broad|NotConfigured
 ```
-
 Example:
 
 Use `Set-MpPreference -PlatformUpdatesChannel Beta` to configure platform updates to arrive from the Beta Channel.
 
 For more information on the parameters and how to configure them, see [Set-MpPreference](/powershell/module/defender/set-mppreference) (Microsoft Defender Antivirus).
 
+## Registry
+
+These settings can be confirmed in the registry under `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender`:
+
+- `EngineRing`
+- `PlatformRing`
+- `SignaturesRing`
+
 > [!NOTE]
-> You can also use a management tool such as Microsoft Configuration Manager to run PowerShell scripts. See [Create and run PowerShell scripts from the Configuration Manager console](/mem/configmgr/apps/deploy-use/create-deploy-scripts) for guidance on this topic.
+> You can also use a management tool such as Microsoft Configuration Manager to run PowerShell scripts. See [Create and run PowerShell scripts from the Configuration Manager console](/mem/configmgr/apps/deploy-use/create-deploy-scripts).
 
 > [!TIP]
 > If you're looking for Antivirus related information for other platforms, see:

defender-endpoint/enable-exploit-protection.md

@@ -14,7 +14,7 @@ ms.collection:
 - m365-security
 - tier3
 - mde-asr
-ms.date: 11/15/2024
+ms.date: 02/10/2025
 search.appverid: met150
 ---
 
@@ -48,7 +48,7 @@ This section includes recommendations for you to be successful with deploying ex
 - Use safe deployment practices.
 
 > [!WARNING]
-> If you do not test and do not go thru safe deployment practices, you could contribute to end-user productivity outages.
+> If you do not test and do not go through safe deployment practices, you could contribute to end-user productivity outages.
 
 ### Safe deployment practices
 

defender-endpoint/onboard-windows-multi-session-device.md

@@ -15,7 +15,7 @@ ms.collection:
 - tier3
 ms.subservice: onboard
 search.appverid: met150
-ms.date: 01/18/2024
+ms.date: 02/10/2025
 ---
 
 # Onboard Windows devices in Azure Virtual Desktop
@@ -41,7 +41,7 @@ Familiarize yourself with the [considerations for non-persistent VDI](configure-
 > - Single entry for each virtual desktop
 > - Multiple entries for each virtual desktop
 
-Microsoft recommends onboarding Azure Virtual Desktop as a single entry per virtual desktop. This ensures that the investigation experience in the Microsoft Defender for Endpoint portal is in the context of one device based on the machine name. Organizations that frequently delete and redeploy AVD hosts should strongly consider using this method as it prevents multiple objects for the same machine from being created in the Microsoft Defender for Endpoint portal. This can lead to confusion when investigating incidents. For test or non-volatile environments, you may opt to choose differently.
+Microsoft recommends onboarding Azure Virtual Desktop as a single entry per virtual desktop. This ensures that the investigation experience in the Microsoft Defender for Endpoint portal is in the context of one device based on the machine name. Organizations that frequently delete and redeploy AVD hosts should strongly consider using this method as it prevents multiple objects for the same machine from being created in the Microsoft Defender for Endpoint portal. This can lead to confusion when investigating incidents. For test or non-volatile environments, you may opt to choose differently. When using the single entry per virtual desktop method, it is not necessary to offboard the virtual desktops.
 
 Microsoft recommends adding the Microsoft Defender for Endpoint onboarding script to the AVD golden image. This way, you can be sure that this onboarding script runs immediately at first boot. It's executed as a startup script at first boot on all the AVD machines that are provisioned from the AVD golden image. However, if you're using one of the gallery images without modification, place the script in a shared location and call it from either local or domain group policy.
 

defender-office-365/configuration-analyzer-for-security-policies.md

@@ -189,7 +189,7 @@ To filter the entries, select :::image type="icon" source="media/m365-cc-sc-filt
 
 When you're finished in the **Filters** flyout, select **Apply**. To clear the filters, select :::image type="icon" source="media/m365-cc-sc-clear-filters-icon.png" border="false"::: **Clear filters**.
 
-Use the ::image type="icon" source="media/m365-cc-sc-search-icon.png" border="false"::: **Search** box to filter the entries by a specific **Modified by**, **Setting name**, or **Type** value.
+Use the :::image type="icon" source="media/m365-cc-sc-search-icon.png" border="false"::: **Search** box to filter the entries by a specific **Modified by**, **Setting name**, or **Type** value.
 
 To export the entries shown on the **Configuration drift analysis and history** tab to a .csv file, select :::image type="icon" source="media/m365-cc-sc-download-icon.png" border="false"::: **Export**.
 

defender-vulnerability-management/tvm-certificate-inventory.md

@@ -57,7 +57,7 @@ The **Certificate inventory** page opens with a list of the certificates install
 > [!NOTE]
 > Only certificates found on Windows devices (in the local machine certificate store) will be displayed in certificate inventory list.
 
-   :::image type="content" source="/defender/media/defender-vulnerability-management/certificate_inventory.png" alt-text="Screenshot of the certificate inventory list" lightbox="/defender/media/defender-vulnerability-management/certificate_inventory.png":::::::::
+   :::image type="content" source="/defender/media/defender-vulnerability-management/certificate_inventory.png" alt-text="Screenshot of the certificate inventory list." lightbox="/defender/media/defender-vulnerability-management/certificate_inventory.png":::
 
 ## Gain insights into potentially vulnerable certificates