Merge pull request #3351 from MicrosoftDocs/main

Published main to live, Wednesday 10:30 AM PST, 04/02

Author: padmagit77

CloudAppSecurityDocs/get-started.md

@@ -61,7 +61,11 @@ After you connect an app, you can gain deeper visibility so you can investigate
 
 **How to page**: [Protect sensitive information with DLP policies](policies-information-protection.md)
 
-**Recommended task**: Enable file monitoring and create file policies
+**Recommended tasks**
+
+-  Enable file monitoring and create file policies
+
+- To enable File monitoring of Microsoft 365 files, you are required to use a relevant Entra Admin ID, such as Application Administrator or Cloud Application Administrator. For more details, see [Microsoft Entra built-in roles](/entra/identity/role-based-access-control/permissions-reference).
 
 1. In the Microsoft Defender Portal, select **Settings**. Then choose **Cloud Apps**.
 1. Under **Information Protection**, select **Files**.
@@ -70,8 +74,6 @@ After you connect an app, you can gain deeper visibility so you can investigate
 1. Select the required settings and then select **Save**.
 1. In [Step 3](#step-3-control-cloud-apps-with-policies), create [File policies](data-protection-policies.md) to meet your organizational requirements.
 
-> [!TIP]
-> You can view files from your connected apps by browsing to **Cloud Apps** > **Files** in the Microsoft Defender Portal.
 
 **Migration recommendation**  
 We recommend using Defender for Cloud Apps sensitive information protection in parallel with your current Cloud Access Security Broker (CASB) solution. Start by [connecting the apps you want to protect](enable-instant-visibility-protection-and-governance-actions-for-your-apps.md) to Microsoft Defender for Cloud Apps. Since API connectors use out-of-band connectivity, no conflict will occur. Then progressively migrate your [policies](control-cloud-apps-with-policies.md) from your current CASB solution to Defender for Cloud Apps.

CloudAppSecurityDocs/manage-admins.md

@@ -20,6 +20,7 @@ Microsoft Defender for Cloud Apps supports role-based access control. This artic
 >
 > - Microsoft 365 and Microsoft Entra roles aren't listed in the Defender for Cloud Apps **Manage admin access** page. To assign roles in Microsoft 365 or Microsoft Entra ID, go to the relevant RBAC settings for that service.
 > - Defender for Cloud Apps uses Microsoft Entra ID to determine the user's [directory level inactivity timeout setting](/azure/azure-portal/set-preferences#change-the-directory-timeout-setting-admin). If a user is configured in Microsoft Entra ID to never sign out when inactive, the same setting will apply in Defender for Cloud Apps as well.
+> - Defender for Cloud Apps Information Protection enablement requires an Entra Admin ID, such as: Application Administrator or Cloud Application Administrator. For more details, see [Microsoft Entra built-in roles](/entra/identity/role-based-access-control/permissions-reference) and [Protect your Microsoft 365 environment](/defender-cloud-apps/protect-office-365)
 
 By default, the following Microsoft 365 and [Microsoft Entra ID](/azure/active-directory/roles/permissions-reference) admin roles have access to Defender for Cloud Apps:
 

CloudAppSecurityDocs/release-notes.md

@@ -19,16 +19,25 @@ For more information on what's new with other Microsoft Defender security produc
 
 For news about earlier releases, see [Archive of past updates for Microsoft Defender for Cloud Apps](release-note-archive.md).
 
+
 ## April 2025
 
-### New Applications page in Defender XDR
+
+### OAuthAppInfo table added to Defender XDR advanced hunting (Preview)
+
+The [OAuthAppInfo](/defender-xdr/advanced-hunting-oauthappinfo-table) table is now available in Defender XDR advanced hunting, enabling security teams to explore and analyze OAuth app-related metadata with enhanced visibility.
+
+This table provides details on Microsoft 365-connected OAuth applications that are registered with Microsoft Entra ID and accessible through the Defender for Cloud Apps app governance capability.
+
+### New Applications page in Defender XDR (Preview)
 
 The new Applications page consolidates all SaaS and connected OAuth applications into a single, unified inventory. This centralized view streamlines application discovery, monitoring, and management, providing greater visibility and control across your environment.
 
 The page surfaces key insights such as risk scores, usage patterns, publisher verification status, and privilege levels. These insights help you quickly identify and address high-risk or untagged applications.
 
 For more information, see [Application inventory overview](applications-inventory.md)
 
+
 ## March 2025
 
 ### Enhanced Identity Inventory (Preview)

defender-endpoint/linux-preferences.md

@@ -1,12 +1,12 @@
 ---
-title: Set preferences for Microsoft Defender for Endpoint on Linux
+title: Configure security settings in Microsoft Defender for Endpoint on Linux
 ms.reviewer: gopkr, ardeshmukh
 description: Describes how to configure Microsoft Defender for Endpoint on Linux in enterprises.
 ms.service: defender-endpoint
 ms.author: deniseb
 author: denisebmsft
 ms.localizationpriority: medium
-ms.date: 03/12/2025
+ms.date: 03/28/2025
 manager: deniseb
 audience: ITPro
 ms.collection: 
@@ -18,7 +18,7 @@ ms.subservice: linux
 search.appverid: met150
 ---
 
-# Configure security settings and policies for Microsoft Defender for Endpoint on Linux
+# Configure security settings in Microsoft Defender for Endpoint on Linux
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
@@ -29,9 +29,9 @@ search.appverid: met150
 
 > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://go.microsoft.com/fwlink/p/?linkid=2225630)
 
-## Overview of settings and policies to configure
+## Configure your security settings
 
-Microsoft Defender for Endpoint on Linux includes antivirus, anti-malware protection, endpoint detection, and response capabilities. This article summarizes important settings to configure, with links to additional resources.
+Microsoft Defender for Endpoint on Linux includes antivirus, anti-malware protection, endpoint detection, and response capabilities. This article summarizes important security settings to configure and includes links to additional resources.
 
 | Settings | Description| 
 |--|--|
@@ -44,22 +44,22 @@ Microsoft Defender for Endpoint on Linux includes antivirus, anti-malware protec
 | 7. Deploy updates. | Microsoft regularly publishes software updates to improve performance, security, and to deliver new features. <br/><br/>See [Deploy updates for Microsoft Defender for Endpoint on Linux](linux-updates.md). |
 | 8. Configure network protection (preview) | Network protection helps prevent employees from using any application to access dangerous domains that might host phishing scams, exploits, and other malicious content on the Internet. <br/><br/>See [Network protection for Linux](network-protection-linux.md). |
 
-## Options for configuring security policies and settings
+## Options for configuring security settings
 
-To configure your security policies and settings for Defender for Endpoint on Linux, you have two main options:
+To configure your security settings in Defender for Endpoint on Linux, you have two main options:
 
 - Use the Microsoft Defender portal (Defender for Endpoint Security Settings Management); or
 - Use a configuration profile
 
-If you prefer to use command line to configure your security settings, you can use that to configure certain settings, gather diagnostics, run scans, and more. See [Resources](linux-resources.md#configure-from-the-command-line).
+If you prefer to use command line, you can use that to configure certain settings, gather diagnostics, run scans, and more. See [Linux resources: Configure using command line](linux-resources.md#configure-from-the-command-line).
 
 ### Defender for Endpoint Security Settings Management
 
-You can configure Defender for Endpoint on Linux in the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) through functionality known as Security Settings Management. For more information, including how to create, edit, and verify your security policies, see [Use Microsoft Defender for Endpoint Security Settings Management to manage Microsoft Defender Antivirus](mde-security-settings-management.md).
+You can configure Defender for Endpoint on Linux in the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) through functionality known as Defender for Endpoint Security Settings Management. For more information, including how to create, edit, and verify security policies, see [Use Microsoft Defender for Endpoint Security Settings Management to manage Microsoft Defender Antivirus](mde-security-settings-management.md).
 
 ### Configuration profile
 
-You can configure Defender for Endpoint on Linux through a configuration profile that uses a `.json` file. After you have set up your profile, you can deploy it by using your management tool of choice. Preferences managed by the enterprise take precedence over the ones set locally on the device. In other words, users in your enterprise aren't able to change preferences that are set through this configuration profile. If exclusions were added through the managed configuration profile, they can only be removed through the managed configuration profile. The command line works for exclusions that were added locally.
+You can configure settings in Defender for Endpoint on Linux through a configuration profile that uses a `.json` file. After you have set up your profile, you can deploy it by using your management tool of choice. Preferences managed by the enterprise take precedence over the ones set locally on the device. In other words, users in your enterprise aren't able to change preferences that are set through this configuration profile. If exclusions were added through the managed configuration profile, they can only be removed through the managed configuration profile. The command line works for exclusions that were added locally.
 
 This article describes the structure of this profile (including a recommended profile that you can use to get started) and instructions on how to deploy the profile.
 
@@ -456,6 +456,7 @@ By default, NFS and Fuse are unmonitored from RTP, Quick, and Full scans. Howeve
   }
 }
 ```
+
 To remove both NFS and Fuse from unmonitored list of filesystems, use the following snippet:
 
 ```JSON

defender-endpoint/linux-support-connectivity.md

@@ -15,7 +15,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: linux
 search.appverid: met150
-ms.date: 03/12/2025
+ms.date: 03/28/2025
 ---
 
 # Troubleshoot cloud connectivity issues for Microsoft Defender for Endpoint on Linux
@@ -56,7 +56,7 @@ Testing connection with https://uk-v20.events.data.microsoft.com/ping ... [OK]
 Testing connection with https://v20.events.data.microsoft.com/ping ... [OK]
 ```
 
-If the connectivity test fails, check if the device has Internet access and if [network connections](mde-linux-prerequisites.md#network-connections) are blocked by a proxy or firewall.
+If the connectivity test fails, check if the device has Internet access. Also check to see if network connections are blocked by a proxy or firewall. For more information, see [Verify that devices can connect to Defender for Endpoint cloud services](mde-linux-prerequisites.md#verify-that-devices-can-connect-to-defender-for-endpoint-cloud-services).
 
 Failures with curl error 35 or 60, indicate certificate pinning rejection. Check to see if the connection is under SSL or HTTPS inspection. If so, add Microsoft Defender for Endpoint to the allowlist.
 
@@ -96,7 +96,6 @@ To set the proxy for mdatp, use the following command:
 mdatp config proxy set --value http://address:port 
 ```
 
-
 Upon success, attempt another connectivity test from the command line:
 
 ```bash

defender-endpoint/mde-linux-deployment-on-sap.md

@@ -15,7 +15,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: linux
 search.appverid: met150
-ms.date: 02/04/2025
+ms.date: 03/28/2025
 ms.custom: 
 - partner-contribution
 ---
@@ -65,7 +65,7 @@ Here are some important point about SAP applications on Linux Server:
 
 - Microsoft Defender for Endpoint [Build: 101.24082.0004 | Release version: 30.124082.0004.0](/defender-endpoint/linux-whatsnew#oct-2024-build-101240820004--release-version-3012408200040) or later must be deployed.
 - Microsoft Defender for Endpoint on Linux supports [Linux releases](/defender-endpoint/mde-linux-prerequisites) used by SAP applications.
-- Microsoft Defender for Endpoint on Linux requires connectivity to specific Internet endpoints from VMs to update antivirus definitions. For more information, see [Network connections](mde-linux-prerequisites.md#network-connections).
+- Microsoft Defender for Endpoint on Linux requires connectivity to specific Internet endpoints from VMs to update antivirus definitions. For more information, see [Verify that devices can connect to Defender for Endpoint cloud services](mde-linux-prerequisites.md#verify-that-devices-can-connect-to-defender-for-endpoint-cloud-services).
 - Microsoft Defender for Endpoint on Linux requires some `crontab` (or other task scheduler) entries to schedule scans, log rotation, and Microsoft Defender for Endpoint updates. Enterprise security teams normally manage these entries. For more information, see [How to schedule an update for Microsoft Defender for Endpoint on Linux](linux-update-mde-linux.md).
 
 As of December  2024, Defender for Endpoint on Linux can safely be configured with real-time protection enabled.