Merge branch 'main' into diannegali-updateincident

Author: diannegali

defender-endpoint/android-intune.md

@@ -38,7 +38,7 @@ Learn how to deploy Defender for Endpoint on Android on Microsoft Intune Company
 
 ## Deploy on Device Administrator enrolled devices
 
-Intune and Defender for Endpoint are ending support for Device Administrator enrolled devices with access to [Google Mobile Services](/mem/intune/apps/manage-without-gms) (GMS), beginning December 31, 2024. For more information, see [Tech Community blog: Intune ending support for Android device administrator on devices with GMS in December 2024](https://techcommunity.microsoft.com/blog/intunecustomersuccess/intune-ending-support-for-android-device-administrator-on-devices-with-gms-in-de/3915443).
+
 
 Learn how to deploy Defender for Endpoint on Android with Microsoft Intune Company Portal - Device Administrator enrolled devices.
 

defender-endpoint/android-whatsnew.md

@@ -27,18 +27,19 @@ ms.date: 11/15/2024
 
 Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-exposedapis-abovefoldlink)
 
-**Ending support for Device Administrator enrolled devices**
-
-Microsoft Intune and Defender for Endpoint are ending support for Device Administrator enrolled devices with access to [Google Mobile Services](/mem/intune/apps/manage-without-gms) (GMS), beginning December 31, 2024.
-
-**For devices with access to GMS**
-
-After Intune and Defender for Endpoint ends support for Android device administrator, devices with access to GMS will be impacted in the following ways: 
-
-- Intune and Defender for Endpoint won’t make changes or updates to Android device administrator management, such as bug fixes, security fixes, or fixes to address changes in new Android versions.
-- Intune and Defender for Endpoint technical support will no longer support these devices.
+> [!IMPORTANT]
+> **Ending support for Device Administrator enrolled devices**
+> Microsoft Intune and Defender for Endpoint are ending support for Device Administrator enrolled devices with access to [Google Mobile Services](/mem/intune/apps/manage-without-gms) (GMS), beginning December 31, 2024.
+> 
+> **For devices with access to GMS**
+> 
+> After Intune and Defender for Endpoint ends support for Android device administrator, devices with access to GMS will be impacted in the following ways: 
+> 
+> - Intune and Defender for Endpoint won’t make changes or updates to Android device administrator management, such as bug fixes, security fixes, or fixes to address changes in new Android versions.
+> - Intune and Defender for Endpoint technical support will no longer support these devices.
+> 
+> For more information, see [Tech Community blog: Intune ending support for Android device administrator on devices with GMS in December 2024](https://techcommunity.microsoft.com/blog/intunecustomersuccess/intune-ending-support-for-android-device-administrator-on-devices-with-gms-in-de/3915443).
 
-For more information, see [Tech Community blog: Intune ending support for Android device administrator on devices with GMS in December 2024](https://techcommunity.microsoft.com/blog/intunecustomersuccess/intune-ending-support-for-android-device-administrator-on-devices-with-gms-in-de/3915443).
 
 **Aug-2024 (version: 1.0.6812.0101)**
 

defender-endpoint/controlled-folders.md

@@ -3,7 +3,7 @@ title: Protect important folders from ransomware from encrypting your files with
 description: Files in default folders can be protected from being changed by malicious apps. Prevent ransomware from encrypting your files.
 ms.service: defender-endpoint
 ms.localizationpriority: medium
-ms.date: 11/06/2024
+ms.date: 11/19/2024
 author: denisebmsft
 ms.author: deniseb
 audience: ITPro
@@ -40,7 +40,7 @@ search.appverid: met150
 Controlled folder access helps protect your valuable data from malicious apps and threats, such as ransomware. Controlled folder access protects your data by checking apps against a list of known, trusted apps. Controlled folder access can be configured by using the Windows Security App, Microsoft Endpoint Configuration Manager, or Intune (for managed devices). Controlled folder access is supported on Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 2022, Windows 10, and Windows 11, 
 
 > [!NOTE]
-> Scripting engines are not trusted and you cannot allow them access to controlled protected folders. For example, PowerShell is not trusted by controlled folder access, even if you allow with [certificate and file indicators](indicator-certificates.md).
+> Scripting engines like PowerShell are not trusted by controlled folder access, even if you create an "allow" indicator by using [certificate and file indicators](indicator-certificates.md). The only way to allow script engines to modify protected folders is by adding them as an allowed app. See [Allow specific apps to make changes to controlled folders](/defender-endpoint/customize-controlled-folders).  
 
 Controlled folder access works best with [Microsoft Defender for Endpoint](microsoft-defender-endpoint.md), which gives you detailed reporting into controlled folder access events and blocks as part of the usual [alert investigation scenarios](investigate-alerts.md).
 

defender-for-iot/TOC.yml

@@ -44,12 +44,16 @@
         href: device-discovery.md
       - name: Discover and manage devices
         href: manage-devices-inventory.md
+    - name: Review security initiatives       
+      items:      
+      - name: Review security initiatives
+        href: review-security-initiatives.md
     - name: Prioritize and remediate vulnerabilities       
       items:
       - name: Overview
         href: discover-vulnerabilities-overview.md
       - name: Prioritize and remediate vulnerabilities
-        href: prioritize-vulnerabilities.md
+        href: prioritize-vulnerabilities.md    
     - name: Investigate and remediate threats
       items:
       - name: Investigate incidents and alerts

defender-for-iot/media/review-security-initiatives/more-data-required.png

@@ -0,0 +1,80 @@
+---
+title: Review security initiatives with Microsoft Defender for IoT in the Defender portal
+description: This article describes how to review security initiatives with Microsoft Defender for IoT in the Defender portal.
+ms.service: defender-for-iot
+author: limwainstein
+ms.author: lwainstein
+ms.localizationpriority: medium
+ms.date: 11/17/2024
+ms.topic: how-to
+---
+
+# Review security initiatives
+
+[Security initiatives](/security-exposure-management/exposure-insights-overview#security-initiatives) offer a focused, metric-driven way of tracking exposure in specific security areas using security initiatives.
+
+Microsoft Defender for IoT in the Defender portal allows you to review Microsoft Security Exposure Management security initiatives dedicated to OT and enterprise IoT device protection.
+
+In this article, you learn how to review security initiatives so that your security teams can prioritize, discover, and validate OT-related security findings across your sites.
+
+[!INCLUDE [defender-iot-preview](../includes//defender-for-iot-defender-public-preview.md)]
+
+## OT Security initiative
+
+The **OT Security** initiative improves your OT site security posture by monitoring and protecting OT environments in the organization, and employing network layer monitoring. This initiative identifies devices and ensures that systems are working correctly, and data is protected.
+
+Your security teams can use the **OT Security** initiative to:
+
+- Identify unprotected devices.
+- Harden posture across sites through vulnerability assessments, with actionable guidance to help remediate at-risk devices.
+
+## Enterprise IoT Security initiative
+
+The **Enterprise IoT Security** initiative allows you to identify unmanaged IoT devices and enhance your organization's security. With continuous monitoring, vulnerability assessments, and tailored recommendations specifically designed for enterprise IoT devices, you gain comprehensive visibility into the risks posed by these devices. This initiative not only helps you understand the potential threats but also strengthens your organization's resilience in mitigating them.
+
+Review the full [security initiatives catalog](/security-exposure-management/initiatives-list).
+
+## Prerequisites
+
+- Review the Defender for IoT [prerequisites](prerequisites.md).
+- Review the [prerequisites for the **OT Security** initiative](#prerequisites-for-ot-security-initiative).
+    
+### Prerequisites for OT Security initiative
+
+When you view the **OT security** initiative, if you haven't yet onboarded Defender for IoT and set up sites, the **More data is required to support this initiative** section is displayed.
+
+:::image type="content" source="media/review-security-initiatives/more-data-required.png" alt-text="Screenshot showing the **More data is required to support this initiative** section in Microsoft Defender for IoT in the Microsoft Defender portal.":::
+
+If the **More data is required to support this initiative** section is displayed:
+
+1. Review the **Unprotected OT devices** metric to understand the impact on your network. For example, the **Unprotected OT devices** metric shows 24 affected assets.
+
+    :::image type="content" source="media/review-security-initiatives/unprotected-ot-devices.png" alt-text="Screenshot showing the Unprotected OT devices metric **Overview** tab in Microsoft Defender for IoT in the Microsoft Defender portal.":::
+
+1. Select **Get started with Microsoft Defender for IoT** and follow the procedure to [onboard Defender for IoT in the Defender portal](get-started.md).
+
+1. Select **create new sites** to [set up sites](set-up-sites.md).
+
+## Review initiatives
+
+1. Follow the procedure to [open the Initiatives page and review an initiative](/security-exposure-management/initiatives#view-initiatives-page).
+1. For the **OT Security** initiative, if you haven't yet onboarded Defender for IoT and set up sites, the **More data is required to support this initiative** section is displayed. In this case, see the [prerequisites for the OT Security initiative](#prerequisites-for-ot-security-initiative).
+
+1. Review the data in the initiative page, including the initiative score, top metrics, and more (learn more about [initiatives](/security-exposure-management/exposure-insights-overview)). For example, this **OT Security** initiative page shows an initiative score of 83%, and shows that 61.9% of the detected OT devices are protected.
+
+    :::image type="content" source="media/review-security-initiatives/ot-security-initiative.png" alt-text="Screenshot showing the OT Security initiative in Microsoft Defender for IoT in the Microsoft Defender portal." lightbox="media/review-security-initiatives/ot-security-initiative.png":::
+
+1. Select the metric from the **Top metrics** area in the initiative page or from the **Related metrics** area in the small overview. 
+    - Review the **Overview** tab to drill down into additional security data and recommendations, including the weight of the metrics, affected assets, and score impact. For example, the **Unprotected OT devices** metric shows 24 affected assets, and 3.81 score impact.
+
+        :::image type="content" source="media/review-security-initiatives/unprotected-ot-devices.png" alt-text="Screenshot showing the Unprotected OT devices metric **Overview** tab in Microsoft Defender for IoT in the Microsoft Defender portal.":::
+
+    - Review the recommendations in the **Security recommendations** tab. For example, for the **Site-linked devices using insecure protocols** metric, you're recommended to disable the Telnet administration protocol, and remove the SNMP V1 and SNMP V2 administration protocols.
+    
+        :::image type="content" source="media/review-security-initiatives/security-recommendations.png" alt-text="Screenshot showing the **Security recommendations** tab for a metric in Microsoft Defender for IoT in the Microsoft Defender portal.":::
+
+    Learn more about [working with metrics](/security-exposure-management/exposure-insights-overview#working-with-metrics).
+
+## Next steps
+
+[Learn about vulnerabilities](discover-vulnerabilities-overview.md) or proceed to [investigate and remediate vulnerabilities](prioritize-vulnerabilities.md).

defender-for-iot/media/review-security-initiatives/ot-security-initiative.png

@@ -16,6 +16,25 @@ This article describes features available in Microsoft Defender for IoT in the D
 
 [!INCLUDE [defender-iot-preview](../includes//defender-for-iot-defender-public-preview.md)]
 
+## November 2024
+
+|Service area  |Updates  |
+|---------|---------|
+| **OT networks** | - [Secure site-linked devices in Microsoft Security Exposure Management Initiatives page](#secure-site-linked-devices-in-microsoft-security-exposure-management-initiatives-page) |
+
+### Secure site-linked devices in Microsoft Security Exposure Management Initiatives page
+
+You can now review the new **OT Security** initiative in the Microsoft Security Exposure Management **Initiatives** page. This new initiative provides a metric-driven way of tracking exposure about unmanaged OT devices.
+
+:::image type="content" source="media/review-security-initiatives/ot-security-initiative.png" alt-text="Screenshot showing the OT Security initiative in Microsoft Defender for IoT in the Microsoft Defender portal." lightbox="media/review-security-initiatives/ot-security-initiative.png":::
+
+This new initiative serves as a powerful tool to improve your OT site security posture. The initiative aims to monitor and safeguard OT environments within the organization by employing network layer monitoring. This initiative identifies devices and ensures that systems are working correctly, and data is protected.
+
+For more information, see: 
+
+- [Review security initiatives](review-security-initiatives.md)
+- [Microsoft Security Exposure Management release notes](/security-exposure-management/whats-new#ot-security-initiative).
+
 ## September 2024
 
 |Service area  |Updates  |
@@ -24,7 +43,7 @@ This article describes features available in Microsoft Defender for IoT in the D
 
 ### Review unmanaged enterprise IoT devices in Microsoft Security Exposure Management Initiatives page
 
-You can now review the new Enterprise IoT Security initiative in the Microsoft Security Exposure Management Initiatives page. This new initiative provides a metric-driven way of tracking exposure about unmanaged enterprise IoT devices.
+You can now review the new **Enterprise IoT Security** initiative in the Microsoft Security Exposure Management **Initiatives** page. This new initiative provides a metric-driven way of tracking exposure about unmanaged enterprise IoT devices.
 
 For more information, see the [Microsoft Security Exposure Management release notes](/security-exposure-management/whats-new#new-enterprise-iot-security-initiative).