Merge pull request #2454 from MicrosoftDocs/main

Published main to live, Wednesday 10:30 AM PST, 01/15

Author: padmagit77

defender-endpoint/manage-alerts.md

@@ -14,7 +14,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: edr
 search.appverid: met150
-ms.date: 12/18/2020
+ms.date: 01/15/2025
 ---
 
 # Manage Microsoft Defender for Endpoint alerts
@@ -38,6 +38,7 @@ Selecting an alert in either of those places brings up the **Alert management pa
 :::image type="content" source="media/atp-alerts-selected.png" alt-text="The Alert management pane and the Alerts queue" lightbox="media/atp-alerts-selected.png":::
 
 Watch this video to learn how to use the new Microsoft Defender for Endpoint alert page.
+
 > [!VIDEO https://learn-video.azurefd.net/vod/player?id=8a9c08a6-558c-47a8-a336-d748acbdaa80]
 
 ## Link to another incident
@@ -99,6 +100,9 @@ Create custom rules to control when alerts are suppressed, or resolved. You can
 
 6. Click **Save**.
 
+> [!NOTE]
+> Alert suppression is not compatible for custom detections. Make sure to fine-tune your custom detections to avoid [false positives](/defender-endpoint/defender-endpoint-false-positives-negatives).
+
 #### View the list of suppression rules
 
 1. In the navigation pane, select **Settings** \> **Endpoints** \> **Rules** \> **Alert suppression**.

defender-endpoint/run-analyzer-linux.md

@@ -44,8 +44,8 @@ The XMDE Client Analyzer tool can be downloaded as a [binary](https://go.microso
 
 Download and extract the XMDE Client Analyzer. You can use either the binary or Python version, as follows:
 
-- [Binary version of the Client Analyzer](/defender-endpoint/run-analyzer-macos-linux)
-- [Python version of the Client Analyzer](/defender-endpoint/run-analyzer-macos-linux)
+- [Binary version of the Client Analyzer](run-analyzer-linux.md#run-the-binary-version-of-the-client-analyzer)
+- [Python version of the Client Analyzer](run-analyzer-linux.md#run-the-python-based-client-analyzer)
 
 Due to the limited commands available in live response, the steps detailed must be executed in a bash script. By splitting the installation and execution portion of these commands, it's possible to run the install script once, and run the execution script multiple times.
 
@@ -54,7 +54,7 @@ Due to the limited commands available in live response, the steps detailed must
 
 #### Binary client analyzer install script
 
-The following script performs the first six steps of the [Running the Binary version of the Client Analyzer](/defender-endpoint/run-analyzer-macos-linux). When complete, the XMDE Client Analyzer binary is available from the `/tmp/XMDEClientAnalyzerBinary/ClientAnalyzer` directory.
+The following script performs the first six steps of the [Running the Binary version of the Client Analyzer](run-analyzer-linux.md#details). When complete, the XMDE Client Analyzer binary is available from the `/tmp/XMDEClientAnalyzerBinary/ClientAnalyzer` directory.
 
 1. Create a bash file `InstallXMDEClientAnalyzer.sh` and paste the following content into it.
 
@@ -80,7 +80,7 @@ The following script performs the first six steps of the [Running the Binary ver
 
 #### Python client analyzer install script
 
-The following script performs the first six steps of the [Running the Python version of the Client Analyzer](/defender-endpoint/run-analyzer-macos-linux). When complete, the XMDE Client Analyzer Python scripts are available from the `/tmp/XMDEClientAnalyzer` directory.
+The following script performs the first six steps of the [Running the Python version of the Client Analyzer](run-analyzer-linux.md#run-the-python-based-client-analyzer). When complete, the XMDE Client Analyzer Python scripts are available from the `/tmp/XMDEClientAnalyzer` directory.
 
 1. Create a bash file `InstallXMDEClientAnalyzer.sh` and paste the following content into it.
 

defender-endpoint/supported-capabilities-by-platform.md

@@ -36,7 +36,7 @@ The following table gives information about the supported Microsoft Defender for
 |---|:---:|:---:|:---:|:---:|
 |**Prevention**|||||
 |[Attack Surface Reduction](attack-surface-reduction.md)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![No](media/svg/check-no.svg)|![No](media/svg/check-no.svg)|
-|Device Control|![Yes.](media/svg/check-yes.svg)|![No](media/svg/check-no.svg)|![Yes.](media/svg/check-yes.svg)|![No](media/svg/check-no.svg)|
+|[Device Control](device-control-overview.md)|![Yes.](media/svg/check-yes.svg)|![No](media/svg/check-no.svg)|![Yes.](media/svg/check-yes.svg)|![No](media/svg/check-no.svg)|
 |[Firewall](host-firewall-reporting.md)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![No](media/svg/check-no.svg)|![No](media/svg/check-no.svg)|
 |[Network Protection](network-protection.md)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg) <sup>[2]</sup>|
 |[Next-generation protection](next-generation-protection.md)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|
@@ -50,7 +50,7 @@ The following table gives information about the supported Microsoft Defender for
 |[EDR Block](edr-in-block-mode.md)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![No](media/svg/check-no.svg)|![No](media/svg/check-no.svg)|
 |[Passive Mode](microsoft-defender-antivirus-compatibility.md)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|
 |Sense detection sensor|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|
-|Endpoint & network device discovery|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg) <sup>[5]</sup>|![No](media/svg/check-no.svg)|![No](media/svg/check-no.svg)|
+|[Endpoint & network device discovery](device-discovery.md)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg) <sup>[5]</sup>|![No](media/svg/check-no.svg)|![No](media/svg/check-no.svg)|
 |[Vulnerability management](/defender-vulnerability-management/defender-vulnerability-management)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg) <sup>[6]</sup>|
 ||||||
 |**Response**     |         |         |         ||

defender-office-365/mdo-sec-ops-guide.md

@@ -71,6 +71,10 @@ Incident queue management and the responsible personas are described in the foll
 
 ### Manage false positive and false negative detections
 
+> [!TIP]
+> - For a quick overview on how to manage false positives, check out this short video: <https://youtu.be/yuduVj6wvsw>
+> - For a quick overview on how to get started with false negative investigations, check out this short video: <https://youtu.be/sFMAI8MeDKQ>
+
 In Defender for Office 365, you manage false positives (good mail marked as bad) and false negatives (bad mail allowed) in the following locations:
 
 - The [Submissions page (admin submissions)](submissions-admin.md).
@@ -133,6 +137,9 @@ Campaign Views reveals malware and phishing attacks against your organization. F
 
 ## Ad-hoc activities
 
+> [!TIP]
+> For a quick overview on how to investigate email messages in Microsoft Defender for Office 365, check out this short video: <https://youtu.be/5hA7VfaMvqs>.
+
 ### Manual investigation and removal of email
 
 |Activity|Cadence|Description|Persona|

exposure-management/microsoft-security-exposure-management.md

@@ -24,7 +24,7 @@ Security Exposure Management is aimed at:
 - Security and compliance admins responsible for maintaining and improving organizational security posture.
 - Security operations (SecOps) and partner teams who need visibility into data and workloads across organizational silos to effectively detect, investigate, and mitigate security threats.
 - Security architects responsible for solving systematic issues in overall security posture.
-- Chief Security Information Officers (CISOs) and security decision makers who need insights into organizational attack surfaces and exposure in order to understand security risk within organizational risk frameworks.
+- Chief Information Security Officers (CISOs) and security decision makers who need insights into organizational attack surfaces and exposure in order to understand security risk within organizational risk frameworks.
 
 ## What can I do with Security Exposure Management?
 

exposure-management/security-recommendations.md

@@ -26,17 +26,16 @@ This article describes how to work with security recommendations in [Microsoft S
 
 1. Sort the recommendations by any of the headings or filter them based on your task needs. Sorting includes all of the headers:
     - **Name** - Name.
-    - **Compliance state** - Compliant or not compliant.
+    - **State** - Compliant or not compliant.
     - **Impact** - High, low, or medium impact.
+    - **Workload** - Which workload the recommendations relate to.
+    - **Domain** - Device, apps, data, or identity.
     - **Last calculated** - Last time the recommendation was calculated.
     - **Last state change** - Last time the recommendation state changed.
     - **Related initiatives** - The number of related initiatives.
     - **Related metrics** - The number of related metrics.
-    - **Source** - The assessment standard source.
-    - **Workload** - Which workload the recommendations relate to.
-    - **Domain** - Device, apps, data, or identity.
-
-1. Filter recommendations by state, source, impact, workload, and domain.
+   
+1. Filter recommendations by state, impact, workload, and domain.
 
 1. Select a recommendation to view and review details.