MicrosoftDocs
diff --git a/‎.openpublishing.redirection.defender.json‎
Lines changed: 15 additions & 0 deletions b/‎.openpublishing.redirection.defender.json‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎defender-business/TOC.yml‎
Lines changed: 6 additions & 6 deletions b/‎defender-business/TOC.yml‎
Lines changed: 6 additions & 6 deletions
diff --git a/‎defender-business/index.yml‎
Lines changed: 1 addition & 3 deletions b/‎defender-business/index.yml‎
Lines changed: 1 addition & 3 deletions
diff --git a/‎defender-business/mdb-add-users.md‎
Lines changed: 6 additions & 7 deletions b/‎defender-business/mdb-add-users.md‎
Lines changed: 6 additions & 7 deletions
diff --git a/‎defender-business/mdb-asr.md‎
Lines changed: 17 additions & 21 deletions b/‎defender-business/mdb-asr.md‎
Lines changed: 17 additions & 21 deletions
diff --git a/‎defender-business/mdb-attack-disruption.md‎
Lines changed: 13 additions & 12 deletions b/‎defender-business/mdb-attack-disruption.md‎
Lines changed: 13 additions & 12 deletions
@@ -194,6 +194,21 @@
       "source_path": "defender-endpoint/collect-diagnostic-data-update-compliance.md",
       "redirect_url": "/defender-endpoint/collect-diagnostic-data",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-endpoint/attack-simulations.md",
+      "redirect_url": "/defender-endpoint/defender-endpoint-demonstrations",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "defender-endpoint/mssp-support.md",
+      "redirect_url": "/defender-endpoint/configure-mssp-support",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "defender-endpoint/evaluate-mde.md",
+      "redirect_url": "/defender-endpoint/evaluate-microsoft-defender-antivirus",
+      "redirect_document_id": false
     }
   ]
 }
@@ -1,6 +1,6 @@
 - name: Microsoft Defender for Business
   href: index.yml
-  items: 
+  items:
   - name: Overview
     items:
     - name: What is Microsoft Defender for Business?
@@ -42,7 +42,7 @@
     - name: Step 5 - Onboard devices
       href: mdb-onboard-devices.md
     - name: Step 6 - Set up and review your security policies
-      items: 
+      items:
       - name: Security policies and settings
         href: mdb-configure-security-settings.md
       - name: Next-generation protection
@@ -60,7 +60,7 @@
       - name: Change your endpoint security subscription
         href: mdb-manage-subscription.md
   - name: Monitor or manage devices
-    items: 
+    items:
     - name: Get an overview of mobile threat defense
       href: mdb-mtd.md
     - name: View and manage devices
@@ -70,7 +70,7 @@
     - name: Offboard devices
       href: mdb-offboard-devices.md
   - name: View and respond to detected threats
-    items: 
+    items:
     - name: Use your vulnerability management dashboard
       href: mdb-view-tvm-dashboard.md
     - name: View and manage incidents
@@ -92,7 +92,7 @@
   - name: Maintain your environment
     href: /Microsoft-365/business-premium/m365bp-mdb-maintain-environment?bc=%2defender-business%2Fbreadcrumb%2Ftoc.json&toc=%2Fdefender-business%2Ftoc.json
   - name: Reference information
-    items: 
+    items:
     - name: Security, privacy, and compliance
       href: mdb-security-privacy-compliance.md
     - name: Top 10 ways to secure your business data
@@ -108,4 +108,4 @@
     - name: Microsoft 365 Business Premium
       href: /microsoft-365/business-premium/
     - name: Microsoft 365 Lighthouse
-      href: /microsoft-365/lighthouse/m365-lighthouse-overview
+      href: /microsoft-365/lighthouse/m365-lighthouse-overview
@@ -8,7 +8,7 @@ metadata:
   ms.service: defender-business
   ms.topic: landing-page
   ms.date: 09/07/2023
-  ms.collection: 
+  ms.collection:
   - SMB
   - m365-security
   - m365-initiative-defender-business
@@ -92,5 +92,3 @@ landingContent:
             url: mdb-faq.yml
           - text: Microsoft Security Intelligence
             url: https://www.microsoft.com/wdsi/threats
-
- 
@@ -4,22 +4,22 @@ description: Add users and assign Defender for Business licenses to protect thei
 search.appverid: MET150
 author: siosulli
 ms.author: siosulli
-manager: deniseb 
+manager: deniseb
 audience: Admin
 ms.topic: conceptual
 ms.service: defender-business
 ms.localizationpriority: medium
 ms.date: 06/19/2024
-ms.collection: 
+ms.collection:
 - m365-security
 - tier1
 ms.reviewer: efratka
-f1.keywords: NOCSH 
+f1.keywords: NOCSH
 ---
 
 # Add users and assign licenses in Microsoft Defender for Business
 
-As soon as you have signed up for Defender for Business, your first step is to add users and assign licenses. This article describes how to add users and assign licenses, and how to make sure multifactor authentication (MFA) is enabled. 
+As soon as you have signed up for Defender for Business, your first step is to add users and assign licenses. This article describes how to add users and assign licenses, and how to make sure multifactor authentication (MFA) is enabled.
 
 :::image type="content" source="media/mdb-setup-step2.png" alt-text="Visual depicting step 2 - add users and assign licenses in Defender for Business.":::
 
@@ -35,7 +35,7 @@ As soon as you have signed up for Defender for Business, your first step is to a
    - **Domain** Choose the domain for the user's account. For example, if the user's username is `Pat`, and the domain is `contoso.com`, they'll sign in by using `[email protected]`.
    - **Password settings**: Choose whether to use the autogenerated password or to create your own strong password for the user. The user must change their password after 90 days. Or you can choose the option to **Require this user to change their password when they first sign in**. You can also choose whether you want to send the user's password in email when the user is added.
 
-4. On the **Assign product licenses** page, select Defender for Business (or Microsoft 365 Business Premium). Then choose **Next**. 
+4. On the **Assign product licenses** page, select Defender for Business (or Microsoft 365 Business Premium). Then choose **Next**.
 
    If you don't have any licenses available, you can still add a user and buy additional licenses. For more information about adding users, see [Add users and assign licenses at the same time](/Microsoft-365/admin/add-users/add-users).
 
@@ -57,7 +57,7 @@ One good way to make sure MFA is enabled for all users is by using [security def
 
    :::image type="content" source="media/mdb-azuread-properties.png" alt-text="Screenshot showing Properties and Manage Security Defaults for Microsoft Entra ID." lightbox="media/mdb-azuread-properties.png":::
 
-4. On the right side of the screen, in the **Security defaults** pane, see whether security defaults are turned on (**Enabled**) or off (**Disabled**). To turn security defaults on, use the drop-down menu to select **Enabled**. 
+4. On the right side of the screen, in the **Security defaults** pane, see whether security defaults are turned on (**Enabled**) or off (**Disabled**). To turn security defaults on, use the drop-down menu to select **Enabled**.
 
    > [!NOTE]
    > If your organization is using Conditional Access policies, don't enable security defaults. In this case, you might see a message that indicates you're using classic policies. To learn more, see the following articles:
@@ -71,4 +71,3 @@ One good way to make sure MFA is enabled for all users is by using [security def
 - [Step 3: Assign security roles and permissions in Microsoft Defender for Business](mdb-roles-permissions.md).
 
 - [Step 4: Set up email notifications for your security team](mdb-email-notifications.md).
-
@@ -1,31 +1,28 @@
 ---
-title: Enable your attack surface reduction rules in Microsoft Defender for Business           
-description: Get an overview of attack surface reduction capabilities, including attack surface reduction rules, in Microsoft Defender for Business            
+title: Enable your attack surface reduction rules in Microsoft Defender for Business
+description: Get an overview of attack surface reduction capabilities, including attack surface reduction rules, in Microsoft Defender for Business
 author: siosulli
 ms.author: siosulli
-manager: deniseb 
-ms.date: 06/07/2024
+manager: deniseb
+ms.date: 07/23/2024
 ms.topic: conceptual
 ms.service: defender-business
-ms.localizationpriority: medium 
-ms.collection: 
+ms.localizationpriority: medium
+ms.collection:
 - m365-security
 - tier1
-ms.reviewer: efratka 
+ms.reviewer: efratka
 search.appverid: MET150
-f1.keywords: NOCSH 
+f1.keywords: NOCSH
 audience: Admin
 ---
 
 # Enable your attack surface reduction rules in Microsoft Defender for Business
 
-Your attack surfaces are all the places and ways that your organization's network and devices are vulnerable to cyberthreats and attacks. Unsecured devices, unrestricted access to any URL on a company device, and allowing any type of app or script to run on company devices are all examples of attack surfaces. They leave your company vulnerable to cyberattacks. 
+Your attack surfaces are all the places and ways that your organization's network and devices are vulnerable to cyberthreats and attacks. Unsecured devices, unrestricted access to any URL on a company device, and allowing any type of app or script to run on company devices are all examples of attack surfaces. They leave your company vulnerable to cyberattacks.
 
 To help protect your network and devices, Microsoft Defender for Business includes several attack surface reduction capabilities, including attack surface reduction rules. This article describes how to set up your attack surface reduction rules and describes attack surface reduction capabilities.
 
-> [!NOTE]
-> Intune is not included in the standalone version of Defender for Business, but it can be added on.
-
 ## Standard protection ASR rules
 
 There are lots of attack surface reduction rules available. You don't have to set them all up at once. And, you can set up some rules in audit mode just to see how they work for your organization, and change them to work in block mode later. That said, we recommend enabling the following standard protection rules as soon as possible:
@@ -48,7 +45,7 @@ These rules help protect your network and devices but shouldn't cause disruption
 3. Set up your policy as follows:
 
    1. Specify a name and description, and then choose **Next**.
-   
+
    2. For at least the following three rules, set each one to **Block**:
 
       - **Block credential stealing from the Windows local security authority subsystem**
@@ -89,18 +86,17 @@ To learn more about attack surface reduction rules, see the following articles:
 
 Attack surface reduction rules are available in Defender for Business. The following table summarizes attack surface reduction capabilities in Defender for Business. Notice how other capabilities, such as next-generation protection and web content filtering, work together with your attack surface reduction capabilities.
 
-| Capability | How to set it up |
-|:---|:---|
-| **Attack surface reduction rules** <br/> Prevent specific actions that are commonly associated with malicious activity to run on Windows devices. | [Enable your standard protection attack surface reduction rules](#standard-protection-asr-rules) (section in this article). |
-| **Controlled folder access** <br/>Controlled folder access allows only trusted apps to access protected folders on Windows devices. Think of this capability as ransomware mitigation. | [Set up controlled folder access policy in Microsoft Defender for Business](mdb-controlled-folder-access.md). |
-| **Network protection** <br/>Network protection prevents people from accessing dangerous domains through applications on their Windows and Mac devices. Network protection is also a key component of [Web content filtering in Microsoft Defender for Business](mdb-web-content-filtering.md). | Network protection is already enabled by default when devices are onboarded to Defender for Business and [next-generation protection policies in Defender for Business](mdb-next-generation-protection.md) are applied. Your default policies are configured to use recommended security settings. |
-| **Web protection** <br/>Web protection integrates with web browsers and works with network protection to protect against web threats and unwanted content. Web protection includes web content filtering and web threat reports. | [Set up Web content filtering in Microsoft Defender for Business](mdb-web-content-filtering.md).  |
-| **Firewall protection** <br/>Firewall protection determines what network traffic is permitted to flow to or from your organization's devices. | Firewall protection is already enabled by default when devices are onboarded to Defender for Business and [firewall policies in Defender for Business](mdb-firewall.md) are applied. |
+|Capability|How to set it up|
+|---|---|
+|**Attack surface reduction rules** <br/> Prevent specific actions that are commonly associated with malicious activity to run on Windows devices.|[Enable your standard protection attack surface reduction rules](#standard-protection-asr-rules) (section in this article).|
+|**Controlled folder access** <br/>Controlled folder access allows only trusted apps to access protected folders on Windows devices. Think of this capability as ransomware mitigation.|[Set up controlled folder access policy in Microsoft Defender for Business](mdb-controlled-folder-access.md).|
+|**Network protection** <br/>Network protection prevents people from accessing dangerous domains through applications on their Windows and Mac devices. Network protection is also a key component of [Web content filtering in Microsoft Defender for Business](mdb-web-content-filtering.md).|Network protection is already enabled by default when devices are onboarded to Defender for Business and [next-generation protection policies in Defender for Business](mdb-next-generation-protection.md) are applied. Your default policies are configured to use recommended security settings.|
+|**Web protection** <br/>Web protection integrates with web browsers and works with network protection to protect against web threats and unwanted content. Web protection includes web content filtering and web threat reports.|[Set up Web content filtering in Microsoft Defender for Business](mdb-web-content-filtering.md).|
+|**Firewall protection** <br/>Firewall protection determines what network traffic is permitted to flow to or from your organization's devices.|Firewall protection is already enabled by default when devices are onboarded to Defender for Business and [firewall policies in Defender for Business](mdb-firewall.md) are applied.|
 
 ## Next steps
 
 - [Review settings for advanced features and the Microsoft Defender portal](mdb-portal-advanced-feature-settings.md).
 - [Use your vulnerability management dashboard](mdb-view-tvm-dashboard.md)
 - [View and manage incidents](mdb-view-manage-incidents.md)
 - [View reports](mdb-reports.md)
-
@@ -1,19 +1,19 @@
 ---
-title: Automatic attack disruption in Microsoft Defender for Business           
-description: Learn about automatic attack disruption in Microsoft Defender for Business            
+title: Automatic attack disruption in Microsoft Defender for Business
+description: Learn about automatic attack disruption in Microsoft Defender for Business
 author: siosulli
 ms.author: siosulli
-manager: deniseb 
+manager: deniseb
 ms.date: 06/07/2024
 ms.topic: conceptual
 ms.service: defender-business
-ms.localizationpriority: medium 
-ms.collection: 
+ms.localizationpriority: medium
+ms.collection:
 - m365-security
 - tier1
-ms.reviewer: efratka 
+ms.reviewer: efratka
 search.appverid: MET150
-f1.keywords: NOCSH 
+f1.keywords: NOCSH
 audience: Admin
 ---
 
@@ -29,18 +29,19 @@ Automatic attack disruption is designed to:
 
 - Contain advanced attacks that are in progress;
 - Limit the impact and progression of attacks on your business assets (like devices); and
-- Provide more time for your IT/security team to remediate an attack fully. 
+- Provide more time for your IT/security team to remediate an attack fully.
 
 Automatic attack disruption uses insights from Microsoft security researchers and advanced AI models to counteract the complexities of advanced attacks. It limits a threat actor's progress early on and dramatically reduces the overall impact of an attack, from associated costs to loss of productivity. See some examples at the [Microsoft Security Blog](https://aka.ms/ContainUserSecBlog).
 
-With automatic attack disruption, as soon as a human-operated attack is detected on a device, steps are taken immediately to contain the affected device and user accounts on the device. An incident is created in the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)). There, your IT/security team can view details about the risk and containment status of compromised assets during and after the process. An **Incident** page provides details about the attack and up-to-date status of affected assets. 
+With automatic attack disruption, as soon as a human-operated attack is detected on a device, steps are taken immediately to contain the affected device and user accounts on the device. An incident is created in the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)). There, your IT/security team can view details about the risk and containment status of compromised assets during and after the process. An **Incident** page provides details about the attack and up-to-date status of affected assets.
 
 Automated response actions include:
 
 - Containing a device by blocking incoming/outgoing communication
 - Containing a user account by disconnecting current user connections at the device level
 
 > [!IMPORTANT]
+>
 > - To view information about a detected advanced attack, you must have an appropriate role, such as Security Reader or Security Administrator assigned.
 > - To take remediation actions, release a contained device/user, or re-enable a user account, you must have the Security Administrator role assigned.
 > - See [Security roles and permissions in Defender for Business](mdb-roles-permissions.md).
@@ -62,7 +63,7 @@ Automated response actions include:
 
 Disrupted incidents include a tag for `Attack Disruption` and the specific threat type identified (such as ransomware). If your IT/security team receives [incident email notifications](mdb-email-notifications.md), these tags also appear in the emails.
 
-When an incident is disrupted, highlighted text appears below the incident title. Contained devices or user accounts are listed with a label that indicates their status. 
+When an incident is disrupted, highlighted text appears below the incident title. Contained devices or user accounts are listed with a label that indicates their status.
 
 ## Track attack disruption actions in the Action center
 
@@ -78,6 +79,6 @@ For more information, see [Review remediation actions in the Action center](mdb-
 
 ## How to get automatic attack disruption
 
-Automatic attack disruption is built into Defender for Business; you don't have to explicitly turn on these capabilities. It's important to [onboard all your organization's devices](mdb-onboard-devices.md) (computers, phones, and tablets) to Defender for Business so that they're protected as soon as possible. 
+Automatic attack disruption is built into Defender for Business; you don't have to explicitly turn on these capabilities. It's important to [onboard all your organization's devices](mdb-onboard-devices.md) (computers, phones, and tablets) to Defender for Business so that they're protected as soon as possible.
 
-Additionally, sign up to receive [preview features](/defender-xdr/preview) so that you get the latest and greatest capabilities as soon as they're available. 
+Additionally, sign up to receive [preview features](/defender-xdr/preview) so that you get the latest and greatest capabilities as soon as they're available.