Merge branch 'public' into patch-1

denisebmsft · web-flow · commit 89a260ccd54b · 2024-08-13T11:00:21.000-07:00
diff --git a/defender-endpoint/ios-troubleshoot.md b/defender-endpoint/ios-troubleshoot.md
@@ -32,8 +32,8 @@ ms.date: 06/19/2024
 This article provides troubleshooting information to help you address issues that might arise with Microsoft Defender for Endpoint on iOS.
 
 > [!NOTE]
-> - Defender for Endpoint on iOS would use a VPN in order to provide the Web Protection feature. This is not a regular VPN and is a local/self-looping VPN that does not take traffic outside the device.
-> - For customers who don't want to set up a VPN, there's an option to disable Web Protection and deploy Defender for Endpoint without that feature. In such scenario, Defender sends the heartbeat to the Microsoft Defender portal whenever user opens the app.
+> - Defender for Endpoint on iOS requires configuring its VPN to activate the Web Protection feature and to send periodic status signals while the app operates in the background. This VPN is local and pass-through, meaning it does not route traffic through a remote VPN server.
+> - Customers who opt not to set up a Defender for Endpoint VPN can disable Web Protection and still deploy Defender for Endpoint. In such cases, Defender for Endpoint will only send status signals to the Microsoft Defender portal when the user opens the app. If the app is not opened for 7 days, the device may be marked as inactive in the Microsoft Defender Portal.
 
 ## Apps don't work when VPN is turned on
 
diff --git a/defender-endpoint/microsoft-defender-endpoint-ios.md b/defender-endpoint/microsoft-defender-endpoint-ios.md
@@ -53,6 +53,10 @@ ms.date: 02/22/2024
 
 - For more information on how to assign licenses, see [Assign licenses to users](/azure/active-directory/users-groups-roles/licensing-groups-assign).
 
+> [!NOTE]
+> - Defender for Endpoint on iOS requires configuring its VPN to activate the Web Protection feature and to send periodic status signals while the app operates in the background. This VPN is local and pass-through, meaning it does not route traffic through a remote VPN server.
+> - Customers who opt not to set up a Defender for Endpoint VPN can disable Web Protection and still deploy Defender for Endpoint. In such cases, Defender for Endpoint will only send status signals to the Microsoft Defender portal when the user opens the app. If the app is not opened for 7 days, the device may be marked as inactive in the Microsoft Defender Portal.
+
 ### For Administrators
 
 - Access to the Microsoft Defender portal.
@@ -66,6 +70,8 @@ ms.date: 02/22/2024
     > - Microsoft Defender for Endpoint now extends protection to an organization's data within a managed application for those who aren't using mobile device management (MDM) but are using Intune to manage mobile applications. It also extends this support to customers who use other enterprise mobility management solutions, while still using Intune for [mobile application management (MAM)](/mem/intune/apps/mam-faq).
     > - In addition, Microsoft Defender for Endpoint already supports devices that are enrolled using Intune mobile device management (MDM).
 
+
+
 ### System Requirements
 
 - iOS device running iOS 15.0 and above. iPads are also supported.
diff --git a/defender-office-365/defender-for-office-365-whats-new.md b/defender-office-365/defender-for-office-365-whats-new.md
@@ -41,7 +41,7 @@ For more information on what's new with other Microsoft Defender security produc
 
 ## July 2024
 
-- **Tenant Allow/Block List in Microsoft 365 GCC, GCC High, DoD and and Office 365 operated by 21Vianet environments**: The [Tenant Allow/Block List](tenant-allow-block-list-about.md) is now available these environments. They are on parity with the WW commercial experiences.
+- **Tenant Allow/Block List in Microsoft 365 GCC, GCC High, DoD, and Office 365 operated by 21Vianet environments**: The [Tenant Allow/Block List](tenant-allow-block-list-about.md) is now available these environments. They are on parity with the WW commercial experiences.
 
 - **45 days after last used date**: The value **Remove allow entry after** \> **45 days after last used date** is now the default on new allow entries from submissions and existing allow entries in the [Tenant Allow/Block List](tenant-allow-block-list-about.md). The allow entry is triggered and the **LastUsedDate** property is updated when the entity is encountered and identified as malicious during mail flow or at time of click. After the filtering system determines that the entity is clean, the allow entry is automatically removed after 45 days. By default, allow entries for spoofed senders never expire.
 
@@ -51,14 +51,14 @@ For more information on what's new with other Microsoft Defender security produc
 
 ## May 2024
 
-- **Top level domain and subdomain blocking in Tenant Allow/Block List**: You will be able to create block entries under domains & email addresses, using the format `*.TLD`, where `TLD` can be any top-level domain or `*.SD1.TLD, *.SD2.SD1.TLD`, `*.SD3.SD2.SD1.TLD`, and similar patterns for subdomain blocking. The entries block all email received from or sent to any email addresses in the domain or subdomain during mail flow.
+- **Top level domain and subdomain blocking in Tenant Allow/Block List**: You can create block entries under domains & email addresses, using the format `*.TLD`, where `TLD` can be any top-level domain or `*.SD1.TLD, *.SD2.SD1.TLD`, `*.SD3.SD2.SD1.TLD`, and similar patterns for subdomain blocking. The entries block all email received from or sent to any email addresses in the domain or subdomain during mail flow.
 
 - **Automated end user feedback**: The user submission automatic feedback response capability in Microsoft Defender for Office 365 enables organizations to automatically respond to end user submissions of phishing based on the verdict from the automated investigation. [Learn more](air-user-automatic-feedback-response.md).
 
-- We are introducing **Sender's copy clean-up features** in Threat Explorer, email entity, Summary Panel, and Advanced hunting. These new features will streamline the process of managing Sent items, particularly for admins who use the actions **Move to mailbox folder** \> **Soft delete** and **Move to mailbox folder** \> **Inbox**. For more information, see [Threat hunting: The Take action wizard](threat-explorer-threat-hunting.md#the-take-action-wizard). Key highlights:
-- Integration with Soft delete: Sender's copy clean-up will be incorporated as part of the Soft delete action.
-  - Wide support: This action will be supported across various Defender XDR platforms including Threat Explorer, Take Action wizard from the email entity, Summary Panel, Advanced hunting, and through Microsoft Graph API.
-  - Undo capability: An undo action will be available, allowing you to reverse the clean-up by moving items back to the Sent folder.
+- We're introducing **Sender's copy clean-up features** in Threat Explorer, email entity, Summary Panel, and Advanced hunting. These new features streamline the process of managing Sent items, particularly for admins who use the actions **Move to mailbox folder** \> **Soft delete** and **Move to mailbox folder** \> **Inbox**. For more information, see [Threat hunting: The Take action wizard](threat-explorer-threat-hunting.md#the-take-action-wizard). Key highlights:
+- Integration with Soft delete: Sender's copy clean-up is incorporated as part of the Soft delete action.
+  - Wide support: This action is supported across various Defender XDR platforms including Threat Explorer, Take Action wizard from the email entity, Summary Panel, Advanced hunting, and through Microsoft Graph API.
+  - Undo capability: An undo action is available, allowing you to reverse the clean-up by moving items back to the Sent folder.
 
 ## April 2024
 
@@ -192,7 +192,7 @@ For more information on what's new with other Microsoft Defender security produc
       - From Office 365 Security & Compliance Center URL: scc.protection.apps.mil
       - To Microsoft Defender XDR URL: security.apps.mil
 - Items in the Office 365 Security & Compliance Center that aren't related to security aren't redirected to Microsoft Defender XDR. For compliance solutions redirection to Microsoft 365 Compliance Center, see Message Center post 244886.
-- This change is a continuation of [Microsoft Defender XDR delivers unified XDR experience to GCC, GCC High and DoD customers - Microsoft Tech Community](https://techcommunity.microsoft.com/t5/public-sector-blog/microsoft-365-defender-delivers-unified-xdr-experience-to-gcc/ba-p/3263702), announced in March 2022.
+- This change is a continuation of [Microsoft Defender XDR delivers unified XDR experience to GCC, GCC High, and DoD customers - Microsoft Tech Community](https://techcommunity.microsoft.com/t5/public-sector-blog/microsoft-365-defender-delivers-unified-xdr-experience-to-gcc/ba-p/3263702), announced in March 2022.
 - This change enables users to view and manage additional Microsoft Defender XDR security solutions in one portal.
 - This change impacts all customers who use the Office 365 Security & Compliance Center (protection.office.com), including Microsoft Defender for Office (Plan 1 or Plan 2), Microsoft 365 E3 / E5, Office 365 E3/ E5, and Exchange Online Protection. For the full list, see [Microsoft 365 guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance)
 - This change impacts all users who sign in to the Office 365 Security and Compliance portal (protection.office.com), including security teams and end-users who access the Email Quarantine experience, at the **Microsoft Defender Portal** \> **Review** \> **Quarantine**.
@@ -258,7 +258,7 @@ For more information on what's new with other Microsoft Defender security produc
 ## August 2021
 
 - [Admin review for reported messages](submissions-admin-review-user-reported-messages.md): Admins can now send templated messages back to end users after they review reported messages. The templates can be customized for your organization and based on your admin's verdict as well.
-- You can now add allow entries to the Tenant Allow/Block List if the blocked message was submitted as part of the admin submission process. Depending on the nature of the block, the submitted URL, file, and/or sender allow will be added to the Tenant Allow/Block List. In most cases, the allows are added to give the system some time and allow it naturally if warranted. In some cases, Microsoft manages the allow for you. For more information, see:
+- You can now add allow entries to the Tenant Allow/Block List if the blocked message was submitted as part of the admin submission process. Depending on the nature of the block, the submitted URL, file, and/or sender allow entries are added to the Tenant Allow/Block List. In most cases, the allows are added to give the system some time and allow it naturally, if warranted. In some cases, Microsoft manages the allow for you. For more information, see:
   - [Report good URLs to Microsoft](submissions-admin.md#report-good-urls-to-microsoft)
   - [Report good email attachments to Microsoft](submissions-admin.md#report-good-email-attachments-to-microsoft)
   - [Report good email to Microsoft](submissions-admin.md#report-good-email-to-microsoft)
@@ -289,7 +289,7 @@ For more information on what's new with other Microsoft Defender security produc
 
 - [Email entity page](mdo-email-entity-page.md): A unified 360-degree view of an email with enriched information around threats, authentication and detections, detonation details, and a brand-new email preview experience.
 - [Office 365 Management API](/office/office-365-management-api/office-365-management-activity-api-schema#email-message-events): Updates to EmailEvents (RecordType 28) to add delivery action, original and latest delivery locations, and updated detection details.
-- [Threat Analytics for Defender for Office 365](/defender-xdr/threat-analytics): View active threat actors, popular techniques and attack surfaces, along with extensive reporting from Microsoft researchers around ongoing campaigns.
+- [Threat Analytics for Defender for Office 365](/defender-xdr/threat-analytics): View active threat actors, popular techniques, and attack surfaces, along with extensive reporting from Microsoft researchers around ongoing campaigns.
 
 ## February/March 2021
 
diff --git a/defender-office-365/reports-email-security.md b/defender-office-365/reports-email-security.md
@@ -19,7 +19,7 @@ description: "Admins can learn how to find and use the email security reports th
 ms.custom: 
 - seo-marvel-apr2020
 ms.service: defender-office-365
-ms.date: 05/29/2024
+ms.date: 08/12/2024
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/eop-about" target="_blank">Exchange Online Protection</a>
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 1 and Plan 2</a>
@@ -830,8 +830,8 @@ In the **View data by System override** and **Chart breakdown by Reason** view,
 - **Exclusive setting (Outlook)**
 - **IP Allow**
 - **On-premises skip**
-- **Organization allowed domains**
-- **Organization allowed senders**
+- **Organization allowed domains**: The domain is specified in the [allowed domains list in an anti-spam policy](anti-spam-protection-about.md#allow-and-block-lists-in-anti-spam-policies).
+- **Organization allowed senders**: The sender is specified in the [allowed senders list in an anti-spam policy](anti-spam-protection-about.md#allow-and-block-lists-in-anti-spam-policies).
 - **Phishing simulation**: For more information, see [Configure the delivery of third-party phishing simulations to users and unfiltered messages to SecOps mailboxes](advanced-delivery-policy-configure.md).
 - **Sender Domain List**
 - **TABL - Both URL and file allowed**
diff --git a/defender-office-365/submissions-admin.md b/defender-office-365/submissions-admin.md
@@ -95,7 +95,7 @@ For other ways that **admins** can report messages to Microsoft in the Defender
    - **Select the submission type**: Verify the value **Email** is selected.
 
    - **Add the network message ID or upload the email file**: Select one of the following options:
-     - **Add the email network message ID**: The GUID value is available in the **X-MS-Exchange-Organization-Network-Message-Id** header in the message or in the **X-MS-Office365-Filtering-Correlation-Id** header in quarantined messages.
+     - **Add the email network message ID**: The GUID value is available in the **X-MS-Exchange-Organization-Network-Message-Id** header or in the **X-MS-Office365-Filtering-Correlation-Id** header in messages.
      - **Upload the email file (.msg or .eml)**: Select **Browse files**. In the dialog that opens, find and select the .eml or .msg file, and then select **Open**.
 
    - **Choose at least one recipient who had an issue**: Specify the recipients to run a policy check against. The policy check determines if the email bypassed scanning due to user or organization policies or override.
diff --git a/defender/docfx.json b/defender/docfx.json
@@ -59,11 +59,13 @@
         "v-stchambers",
         "Stacyrch140",
         "garycentric",
-        "alekyaj"
+        "alekyaj",
+        "padmagit77",
+        "aditisrivastava07"
       ]
     },
     "fileMetadata": {},
     "template": [],
     "dest": "defender"
   }
-}
+}
