MicrosoftDocs
diff --git a/‎.github/workflows/AutoLabelAssign.yml‎
Lines changed: 35 additions & 0 deletions b/‎.github/workflows/AutoLabelAssign.yml‎
Lines changed: 35 additions & 0 deletions
diff --git a/‎.github/workflows/AutoLabelMsftContributor.yml‎
Lines changed: 34 additions & 0 deletions b/‎.github/workflows/AutoLabelMsftContributor.yml‎
Lines changed: 34 additions & 0 deletions
diff --git a/‎.github/workflows/BackgroundTasks.yml‎
Lines changed: 26 additions & 0 deletions b/‎.github/workflows/BackgroundTasks.yml‎
Lines changed: 26 additions & 0 deletions
diff --git a/‎.github/workflows/LiveMergeCheck.yml‎
Lines changed: 19 additions & 0 deletions b/‎.github/workflows/LiveMergeCheck.yml‎
Lines changed: 19 additions & 0 deletions
diff --git a/‎.github/workflows/PrFileCount.yml‎
Lines changed: 19 additions & 0 deletions b/‎.github/workflows/PrFileCount.yml‎
Lines changed: 19 additions & 0 deletions
diff --git a/‎.github/workflows/ProtectedFiles.yml‎
Lines changed: 17 additions & 0 deletions b/‎.github/workflows/ProtectedFiles.yml‎
Lines changed: 17 additions & 0 deletions
diff --git a/‎defender-endpoint/cloud-protection-microsoft-antivirus-sample-submission.md‎
Lines changed: 14 additions & 26 deletions b/‎defender-endpoint/cloud-protection-microsoft-antivirus-sample-submission.md‎
Lines changed: 14 additions & 26 deletions
diff --git a/‎defender-endpoint/configure-server-exclusions-microsoft-defender-antivirus.md‎
Lines changed: 2 additions & 2 deletions b/‎defender-endpoint/configure-server-exclusions-microsoft-defender-antivirus.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎defender-endpoint/configure-vulnerability-email-notifications.md‎
Lines changed: 2 additions & 2 deletions b/‎defender-endpoint/configure-vulnerability-email-notifications.md‎
Lines changed: 2 additions & 2 deletions
@@ -0,0 +1,35 @@
+name: Assign and label PR
+
+permissions:
+  pull-requests: write
+  contents: read
+  actions: read
+      
+on: 
+    workflow_run:
+        workflows: [Background tasks]
+        types:
+            - completed
+
+jobs:
+    download-payload:
+        name: Download and extract payload artifact
+        uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-ExtractPayload.yml@workflows-prod
+        with:
+            WorkflowId: ${{ github.event.workflow_run.id }}
+            OrgRepo: ${{ github.repository }}
+        secrets:
+            AccessToken: ${{ secrets.GITHUB_TOKEN }}
+
+    label-assign:
+        name: Run assign and label
+        needs: [download-payload]
+        uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-AutoLabelAssign.yml@workflows-prod
+        with:
+            PayloadJson: ${{ needs.download-payload.outputs.WorkflowPayload }}
+            AutoAssignUsers: 1
+            AutoLabel: 1
+            ExcludedUserList: '["user1", "user2"]'
+            ExcludedBranchList: '["branch1", "branch2"]'
+        secrets:
+            AccessToken: ${{ secrets.GITHUB_TOKEN }}
@@ -0,0 +1,34 @@
+name: Auto label Microsoft contributors
+
+permissions:
+  pull-requests: write
+  contents: read
+  actions: read
+      
+on: 
+    workflow_run:
+        workflows: [Background tasks]
+        types:
+            - completed
+
+jobs:
+    download-payload:
+        if: github.repository_visibility == 'public'
+        name: Download and extract payload artifact
+        uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-ExtractPayload.yml@workflows-prod
+        with:
+            WorkflowId: ${{ github.event.workflow_run.id }}
+            OrgRepo: ${{ github.repository }}
+        secrets:
+            AccessToken: ${{ secrets.GITHUB_TOKEN }}
+
+    label-msft:
+        name: Label Microsoft contributors
+        if: github.repository_visibility == 'public'
+        needs: [download-payload]
+        uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-AutoLabelMsftContributor.yml@workflows-prod
+        with:
+          PayloadJson: ${{ needs.download-payload.outputs.WorkflowPayload }}
+        secrets:
+          AccessToken: ${{ secrets.GITHUB_TOKEN }}
+          TeamReadAccessToken: ${{ secrets.ORG_READTEAMS_TOKEN }}
@@ -0,0 +1,26 @@
+name: Background tasks
+
+permissions:
+  pull-requests: write
+  contents: read
+  
+on:
+  pull_request_target:
+
+jobs:
+  upload:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Save payload data
+        env:
+          PayloadJson: ${{ toJSON(github) }}
+          AccessToken: ${{ github.token }}
+        run: |
+          mkdir -p ./pr
+          echo $PayloadJson > ./pr/PayloadJson.json
+          sed -i -e "s/$AccessToken/XYZ/g" ./pr/PayloadJson.json
+      - uses: actions/upload-artifact@v4
+        with:
+          name: PayloadJson
+          path: pr/
@@ -0,0 +1,19 @@
+name: PR can merge into branch
+
+permissions:
+  pull-requests: write
+  statuses: write
+  contents: read
+      
+on: 
+  pull_request_target:
+    types: [opened, reopened, synchronize, edited]
+
+jobs:
+
+  live-merge:
+    uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-LiveMergeCheck.yml@workflows-prod
+    with:
+      PayloadJson: ${{ toJSON(github) }}
+    secrets:
+      AccessToken: ${{ secrets.GITHUB_TOKEN }}
@@ -0,0 +1,19 @@
+name: PR file count less than limit
+
+permissions:
+  pull-requests: write
+  statuses: write
+  contents: read
+      
+on: 
+  pull_request_target:
+    types: [opened, reopened, synchronize, labeled, unlabeled, edited]
+
+jobs:
+
+  file-count:
+    uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-PrFileCount.yml@workflows-prod
+    with:
+      PayloadJson: ${{ toJSON(github) }}
+    secrets:
+      AccessToken: ${{ secrets.GITHUB_TOKEN }}
@@ -0,0 +1,17 @@
+name: PR has no protected files
+
+permissions:
+  pull-requests: write
+  statuses: write
+  contents: read
+      
+on: [pull_request_target]
+
+jobs:
+
+  protected-files:
+    uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-ProtectedFiles.yml@workflows-prod
+    with:
+      PayloadJson: ${{ toJSON(github) }}
+    secrets:
+      AccessToken: ${{ secrets.GITHUB_TOKEN }}
@@ -9,7 +9,7 @@ ms.reviewer: mkaminska, yongrhee
 manager: deniseb
 ms.subservice: ngp
 ms.topic: conceptual
-ms.date: 02/18/2024
+ms.date: 08/20/2024
 ms.collection: 
 - m365-security
 - tier2
@@ -54,37 +54,25 @@ Microsoft Defender Antivirus and cloud protection automatically block most new,
 
 3. High-precision antivirus, detecting common malware through generic and heuristic techniques.
 
-1. Advanced cloud-based protection is provided for cases when Microsoft Defender Antivirus running on the endpoint needs more intelligence to verify the intent of a suspicious file.
+4. Advanced cloud-based protection is provided for cases when Microsoft Defender Antivirus running on the endpoint needs more intelligence to verify the intent of a suspicious file.
 
    1. In the event Microsoft Defender Antivirus can't make a clear determination, file metadata is sent to the cloud protection service. Often within milliseconds, the cloud protection service can determine based on the metadata as to whether the file is malicious or not a threat.  
 
       - The cloud query of file metadata can be a result of behavior, mark of the web, or other characteristics where a clear verdict isn't determined.
-      - A small metadata payload is sent, with the goal of reaching a verdict of malware or not a threat. The metadata doesn't include personally identifiable information (PII). Information such as filenames, are hashed.
+      - A small metadata payload is sent, with the goal of reaching a verdict of malware or not a threat. The metadata doesn't include personal data, such as personally identifiable information (PII). Information such as filenames, are hashed.
       - Can be synchronous or asynchronous. For synchronous, the file won't open until the cloud renders a verdict. For asynchronous, the file opens while cloud protection performs its analysis.
       - Metadata can include PE attributes, static file attributes, dynamic and contextual attributes, and more (see [Examples of metadata sent to the cloud protection service](#examples-of-metadata-sent-to-the-cloud-protection-service)).
 
-   1. After examining the metadata, if Microsoft Defender Antivirus cloud protection can't reach a conclusive verdict, it can request a sample of the file for further inspection. This request honors the settings configuration for sample submission:
-   
-      1. **Send safe samples automatically** 
-         - Safe samples are samples considered to not commonly contain PII data like: .bat, .scr, .dll, .exe.
-         - If file is likely to contain PII, the user gets a request to allow file sample submission.
-         - This option is the default on Windows, macOS, and Linux.
-
-      1. **Always Prompt**
-         - If configured, the user is always prompted for consent before file submission
-         - This setting isn't available in macOS and Linux cloud protection
-                  
-      3. **Send all samples automatically**
-         - If configured, all samples are sent automatically
-         - If you would like sample submission to include macros embedded in Word docs, you must choose "Send all samples automatically"
-         - This setting isn't available on macOS cloud protection
-
-      1. **Do not send**
-         - Prevents "block at first sight" based on file sample analysis
-         - "Don't send" is the equivalent to the "Disabled" setting in macOS policy and "None" setting in Linux policy.
-         - Metadata is sent for detections even when sample submission is disabled
-
-   1. After files are submitted to cloud protection, the submitted files can be **scanned**, **detonated**, and processed through **big data analysis** **machine-learning** models to reach a verdict. Turning off cloud-delivered protection limits analysis to only what the client can provide through local machine-learning models, and similar functions.
+   2. After examining the metadata, if Microsoft Defender Antivirus cloud protection can't reach a conclusive verdict, it can request a sample of the file for further inspection. This request honors the setting configuration for sample submission, as described in the following table:
+
+      | Setting | Description |
+      |---|---|
+      | **Send safe samples automatically** | - Safe samples are samples considered to not commonly contain PII data. Examples include `.bat`, `.scr`, `.dll`, and `.exe`. <br/>- If file is likely to contain PII, the user gets a request to allow file sample submission.<br/>- This option is the default configuration on Windows, macOS, and Linux. |
+      | **Always Prompt** | - If configured, the user is always prompted for consent before file submission<br/>- This setting isn't available in macOS and Linux cloud protection |
+      | **Send all samples automatically** | - If configured, all samples are sent automatically<br/>- If you would like sample submission to include macros embedded in Word docs, you must choose **Send all samples automatically**<br/>- This setting isn't available on macOS cloud protection |
+      | **Do not send** | - Prevents "block at first sight" based on file sample analysis<br/>- "Don't send" is the equivalent to the "Disabled" setting in macOS policy and "None" setting in Linux policy.<br/>- Metadata is sent for detections even when sample submission is disabled |
+
+   3. After files are submitted to cloud protection, the submitted files can be **scanned**, **detonated**, and processed through **big data analysis** **machine-learning** models to reach a verdict. Turning off cloud-delivered protection limits analysis to only what the client can provide through local machine-learning models, and similar functions.
 
 > [!IMPORTANT]
 > [Block at first sight (BAFS)](configure-block-at-first-sight-microsoft-defender-antivirus.md) provides detonation and analysis to determine whether a file or process is safe. BAFS can delay the opening of a file momentarily until a verdict is reached. If you disable sample submission, BAFS is also disabled, and file analysis is limited to metadata only. We recommend keeping sample submission and BAFS enabled. To learn more, see [What is "block at first sight"?](configure-block-at-first-sight-microsoft-defender-antivirus.md#what-is-block-at-first-sight)
@@ -132,7 +120,7 @@ For more information, see the following resources:
 
 - [Azure Compliance Offerings](/azure/storage/common/storage-compliance-offerings) 
 - [Service Trust Portal](https://servicetrust.microsoft.com)
-- [Microsoft Defender for Endpoint data storage and privacy](data-storage-privacy.md#data-storage-location)
+- [Microsoft Defender for Endpoint data storage and privacy](data-storage-privacy.md)
 
 ## Other file sample submission scenarios
 
 
@@ -6,7 +6,7 @@ description: Windows Server includes automatic exclusions, based on server role.
 ms.service: defender-endpoint
 ms.subservice: ngp
 ms.localizationpriority: medium
-ms.date: 08/07/2023
+ms.date: 08/21/2023
 author: siosulli
 ms.author: siosulli
 ms.topic: conceptual
@@ -29,7 +29,7 @@ search.appverid: met150
 
 **Platforms**
 
-- Windows
+- Windows Server
 
 This article describes types of exclusions that you don't have to define for Microsoft Defender Antivirus: 
 
 
@@ -12,7 +12,7 @@ ms.collection:
 - tier2
 ms.topic: conceptual
 search.appverid: met150
-ms.date: 06/25/2024
+ms.date: 08/21/2024
 ---
 
 # Configure vulnerability email notifications in Microsoft Defender for Endpoint
@@ -48,7 +48,7 @@ Create a notification rule to send an email when there are certain exploit or vu
 
 1. Sign in to the [Microsoft Defender portal](https://go.microsoft.com/fwlink/p/?linkid=2077139) and using an account with the Security administrator or Global administrator role assigned.
 
-2. In the navigation pane, go to **Settings** \> **Endpoints** \> **Email notifications** \> **Vulnerabilities**.
+2. In the navigation pane, go to **Settings** \> **Endpoints** \> **General** \> **Email notifications** \> **Vulnerabilities**.
 
 2. Select **Add notification rule**.