Merge branch 'main' of https://github.com/MicrosoftDocs/defender-docs-pr into painbar-macos-offline-security-intelligence-update

paulinbar · paulinbar · commit 9b1b49a84477 · 2025-08-19T00:51:10.000+03:00
diff --git a/defender-endpoint/mde-demonstration-amsi.md b/defender-endpoint/mde-demonstration-amsi.md
@@ -49,8 +49,11 @@ In this demonstration article, you have two engine choices to test AMSI:
 
 1. Save the following PowerShell script as `AMSI_PoSh_script.ps1`:
 
-   :::image type="content" source="media/mde-demonstrations-amsi/test-amsi-powershell-save-script.png" alt-text="Screenshot showing PowerShell script to save as AMSI_PoSh_script.ps1" lightbox="media/mde-demonstrations-amsi/test-amsi-powershell-save-script.png":::
-
+   ```powershell
+   $testString = "AMSI Test Sample: " + "7e72c3ce-861b-4339-8740-0ac1484c1386"
+   Invoke-Expression $testString
+   ```
+   
 2. On your device, open PowerShell as an administrator.
 
 3. Type `Powershell -ExecutionPolicy Bypass AMSI_PoSh_script.ps1`, and then press **Enter**.
@@ -64,17 +67,22 @@ In this demonstration article, you have two engine choices to test AMSI:
 
 1. Save the following VBScript as `AMSI_vbscript.vbs`:
 
-   :::image type="content" source="media/mde-demonstrations-amsi/test-amsi-vbscript-save-script.png" alt-text="Screenshot showing VBScript to save as AMSI_vbscript.vbs" lightbox="media/mde-demonstrations-amsi/test-amsi-vbscript-save-script.png":::
-
+   ```vbscript
+   REM Save this sample AMSI vbscript as AMSI_vbscript.vbs
+   Dim result
+   result = eval("AMSI Test Sample: " + "7e72c3ce-861b-4339-8740-0ac1484c1386")
+   WScript.Echo result
+   ```
+   
 2. On your Windows Device, open Command Prompt as an administrator.
 
-2. Type `wscript AMSI_vbscript.js`, and then press **Enter**.
+1. Type `wscript AMSI_vbscript.vbs`, and then press **Enter**.
 
    The result should be as follows:
 
-   :::image type="content" source="media/mde-demonstrations-amsi/test-amsi-vbscript-results.png" alt-text="Screenshot showing the AMSI test results. It should show that antivirus software blocked the script." lightbox="media/mde-demonstrations-amsi/test-amsi-vbscript-results.png":::
+      :::image type="content" source="media/mde-demonstrations-amsi/test-amsi-vbscript-results.png" alt-text="Screenshot showing the AMSI test results. It should show that antivirus software blocked the script." lightbox="media/mde-demonstrations-amsi/test-amsi-vbscript-results.png":::
+
 
-   
 ### Verifying the test results
 
 In your protection history, you should be able to see the following information:
diff --git a/defender-office-365/mdo-support-teams-about.md b/defender-office-365/mdo-support-teams-about.md
@@ -1,5 +1,5 @@
 ---
-title: Microsoft Defender for Office 365 Plan 2 support for Microsoft Teams
+title: Microsoft Defender for Office 365 support for Microsoft Teams
 f1.keywords: 
   - NOCSH
 author: chrisda
@@ -14,14 +14,15 @@ search.appverid:
 ms.collection: 
   - m365-security
   - tier1
-description: Admins can learn about Microsoft Teams features in Microsoft Defender for Office 365 Plan 2.
+description: Admins can learn about Microsoft Teams features in Microsoft Defender for Office 365.
 ms.service: defender-office-365
-ms.date: 07/28/2025
+ms.date: 08/18/2025
 appliesto:
-  - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 2</a>
+  - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 1 and Plan 2</a>
+  - ✅ <a href="https://learn.microsoft.com/defender-xdr/microsoft-365-defender" target="_blank">Microsoft Defender XDR</a>
 ---
 
-# Microsoft Defender for Office 365 Plan 2 support for Microsoft Teams
+# Microsoft Defender for Office 365 support for Microsoft Teams
 
 [!include[Prerelease information](../includes/prerelease.md)]
 
diff --git a/defender-office-365/scc-permissions.md b/defender-office-365/scc-permissions.md
@@ -59,6 +59,7 @@ Managing permissions in Defender for Office 365 or Microsoft Purview gives users
 
 |Role group|Description|Default roles assigned|
 |---|---|---|
+|**AI Administrators**|In addition to the capabilities listed for this role in [Microsoft Entra built-in roles](/entra/identity/role-based-access-control/permissions-reference#ai-administrator), use this group to assign read-only permissions to users for Data Security Posture Management for AI.|AI Administrator|
 |**Attack Simulator Administrators**|Don't use this role group. Use the [Attack Simulation Administrator](/entra/identity/role-based-access-control/permissions-reference#attack-simulation-administrator) role in Microsoft Entra ID.|Attack Simulator Admin|
 |**Attack Simulator Payload Authors**|Don't use this role group. Use the [Attack Payload Author](/entra/identity/role-based-access-control/permissions-reference#attack-payload-author) role in Microsoft Entra ID.|Attack Simulator Payload Author|
 |**Audit Manager**|Manage Audit log settings and Search, View, and Export Audit logs.|Audit Logs <br/><br/> View-Only Audit Logs|
@@ -82,10 +83,12 @@ Managing permissions in Defender for Office 365 or Microsoft Purview gives users
 |**Data Estate Insights Readers**|Provides read-only access to all insights reports across platforms and providers.|Data Map Reader <br/><br/> Insights Reader|
 |**Data Governance**|Grants access to data governance roles within Microsoft Purview.|Data Governance Administrator|
 |**Data Investigator**|Perform searches on mailboxes, SharePoint sites, and OneDrive locations.|Communication <br/><br/> Compliance Search <br/><br/> Custodian <br/><br/> Data Investigation Management <br/><br/> Export <br/><br/> Preview <br/><br/> Review <br/><br/> RMS Decrypt <br/><br/> Search And Purge|
-|**Data Security Investigations Administrators**|Administrators for Data Security Investigations that can create and manage all investigations, processes, and settings.|Case Management <br/><br/> Compliance Search <br/><br/> Data Security Investigations Admin <br/><br/> Export <br/><br/> Preview <br/><br/> Review |
-|**Data Security Investigations investigators**|Investigators for Data Security Investigations that can create and manage assigned investigations, processes, and settings.|Case Management <br/><br/> Compliance Search <br/><br/> Data Security Investigations Investigator <br/><br/> Export <br/><br/> Preview <br/><br/> Review |
-|**Data Security Investigations Reviewers**|Reviwers for Data Security Investigations that can create and manage all assigned investigations.|Data Security Investigations Reviewer <br/><br/> Export <br/><br/> Preview <br/><br/> Review |
-|**Data Security Management**| View all Data Security Posture Management insights, use CoPilot for Security, and manage Microsoft Purview data security solutions (Data Loss Prevention, Information Protection, and Insider Risk Management).| Case Management <br/><br/> Custodian <br/><br/> Data Classification Content Download <br/><br/> Data Classification Content Viewer <br/><br/> Data Classification List Viewer <br/><br/>Data Connector Admin <br/><br/> Data Map Reader <br/><br/> Data Security Viewer <br/><br/> Information Protection Admin <br/><br/> Information Protection Analyst <br/><br/> Information Protection Investigator <br/><br/> Information Protection Reader <br/><br/> Insider Risk Management Admin <br/><br/> Insider Risk Management Analysis <br/><br/> Insider Risk Management Approval <br/><br/> Insider Risk Management Audit <br/><br/> Insider Risk Management Investigation <br/><br/> Insider Risk Management Reports Administrator <br/><br/> Insider Risk Management Sessions <br/><br/> Insights Reader <br/><br/> Purview Agent Analysis <br/><br/> Purview Evaluation Administrator <br/><br/> Review <br/><br/> Scan Reader <br/><br/> Source Reader <br/><br/> View-Only Case |
+|**Data Security AI Content Viewers**|Use this group to assign read-only permissions to users in Data Security Posture Management for AI to view prompts and responses of interactions in AI apps.|Data Security AI Content Viewer|
+|**Data Security AI Viewers**|Use this group to assign read-only permissions to users for Data Security Posture Management for AI.|Data Security AI Viewer|
+|**Data Security Investigations Administrators**|Administrators for Data Security Investigations that can create and manage all investigations, processes, and settings.|Case Management <br/><br/> Compliance Search <br/><br/> Data Security Investigations Admin <br/><br/> Export <br/><br/> Preview <br/><br/> Review|
+|**Data Security Investigations investigators**|Investigators for Data Security Investigations that can create and manage assigned investigations, processes, and settings.|Case Management <br/><br/> Compliance Search <br/><br/> Data Security Investigations Investigator <br/><br/> Export <br/><br/> Preview <br/><br/> Review|
+|**Data Security Investigations Reviewers**|Reviwers for Data Security Investigations that can create and manage all assigned investigations.|Data Security Investigations Reviewer <br/><br/> Export <br/><br/> Preview <br/><br/> Review|
+|**Data Security Management**|View all Data Security Posture Management insights, use CoPilot for Security, and manage Microsoft Purview data security solutions (Data Loss Prevention, Information Protection, and Insider Risk Management).|Case Management <br/><br/> Custodian <br/><br/> Data Classification Content Download <br/><br/> Data Classification Content Viewer <br/><br/> Data Classification List Viewer <br/><br/>Data Connector Admin <br/><br/> Data Map Reader <br/><br/> Data Security Viewer <br/><br/> Information Protection Admin <br/><br/> Information Protection Analyst <br/><br/> Information Protection Investigator <br/><br/> Information Protection Reader <br/><br/> Insider Risk Management Admin <br/><br/> Insider Risk Management Analysis <br/><br/> Insider Risk Management Approval <br/><br/> Insider Risk Management Audit <br/><br/> Insider Risk Management Investigation <br/><br/> Insider Risk Management Reports Administrator <br/><br/> Insider Risk Management Sessions <br/><br/> Insights Reader <br/><br/> Purview Agent Analysis <br/><br/> Purview Evaluation Administrator <br/><br/> Review <br/><br/> Scan Reader <br/><br/> Source Reader <br/><br/> View-Only Case|
 |**Data Security Viewers**|View Data Security Posture Management (DSPM) dashboard insights and use Copilot for Security to view detailed information.|Data Security Viewer|
 |**Data Source Administrators**|Manage data sources and data scans.|Credential Reader <br/><br/> Credential Writer <br/><br/> Scan Reader <br/><br/> Scan Writer <br/><br/> Source Reader <br/><br/> Source Writer|
 |**eDiscovery Manager**|Members can perform searches and place holds on mailboxes, SharePoint sites, and OneDrive locations. Members can also create and manage eDiscovery cases, add and remove members to a case, create and edit Content Searches associated with a case, and access case data in eDiscovery (Premium). <br/><br/> An eDiscovery Administrator is a member of the eDiscovery Manager role group who has been assigned additional permissions. In addition to the tasks that an eDiscovery Manager can perform, an eDiscovery Administrator can:<ul><li>View all eDiscovery cases in the organization.</li><li>Manage any eDiscovery case after they add themselves as a member of the case.</li></ul> <br/><br/> The primary difference between an eDiscovery Manager and an eDiscovery Administrator is that an eDiscovery Administrator can access all cases that are listed on the **eDiscovery cases** page in the Microsoft Purview portal. An eDiscovery manager can only access the cases they created or cases they're a member of. For more information about making a user an eDiscovery Administrator, see [Assign eDiscovery permissions in the Microsoft Purview portal](/purview/ediscovery-assign-permissions).|Case Management <br/><br/> Communication <br/><br/> Compliance Search <br/><br/> Custodian <br/><br/> Export <br/><br/> Hold <br/><br/> Manage Review Set Tags <br/><br/> Preview <br/><br/> Review <br/><br/> RMS Decrypt|
@@ -140,6 +143,7 @@ Roles that aren't assigned to the Organization Management role group by default
 |---|---|---|
 |**Admin Unit Extension Manager**||Compliance Administrator <br/><br/> Organization Management <br/><br/> Purview Administrators|
 |<sup>\*</sup>**Attack Simulator Admin**|Don't use this role. Use the [Attack Simulation Administrator](/entra/identity/role-based-access-control/permissions-reference#attack-simulation-administrator) role in Microsoft Entra ID.|Attack Simulator Administrators|
+|**AI Administrator**|In addition to the capabilities listed for this role in [Microsoft Entra built-in roles](/entra/identity/role-based-access-control/permissions-reference#ai-administrator), use this role for read-only access to all pages in Data Security Posture Management for AI. This role does not have access to read prompts and responses of AI interactions.|AI Administrators|
 |**Attack Simulator Payload Author**||Don't use this role. Use the [Attack Payload Author](/entra/identity/role-based-access-control/permissions-reference#attack-payload-author) role in Microsoft Entra ID.|
 |**Data Map Reader**||Data Estate Insights Admins <br/><br/> Privacy Management <br/><br/> Privacy Management Administrators <br/><br/> Privacy Management Analysts <br/><br/> Privacy Management Contributors <br/><br/> Privacy Management Investigators <br/><br/> Privacy Management Viewers|
 |<sup>\*</sup>**Attack Simulator Payload Author**|Don't use this role in the portals. Use the corresponding role in Microsoft Entra ID.|Attack Simulator Payload Authors|
@@ -174,7 +178,9 @@ Roles that aren't assigned to the Organization Management role group by default
 |<sup>\*</sup>**Data Security Investigations Admin**|Used to create and manage investigations, processes, and settings in Data Security Investigations.|Data Security Investigations Administrators|
 |<sup>\*</sup>**Data Security Investigations Investigator**|Used to create and manage assigned investigations, processes, and settings in Data Security Investigations.|Data Security Investigations Investigators|
 |<sup>\*</sup>**Data Security Investigations Reviewer**|Used to review assigned investigations in Data Security Investigations.|Data Security Investigations Reviewers|
-| **Data Security Viewer** | View access to Data Security Posture Management dashboard insights. Allows users to use Copilot for Security to view details.| Data Security Management |
+|**Data Security AI Content Viewer**|Role for read-only access to prompts and responses of AI interactions in Data Security Posture Management for AI.|Data Security AI Content Viewers|
+|**Data Security AI Viewer**|Role for read-only access to all pages in Data Security Posture Management for AI. This role does not have access to read prompts and responses of AI interactions.|Data Security AI Viewers|
+|**Data Security Viewer**|View access to Data Security Posture Management dashboard insights. Allows users to use Copilot for Security to view details.|Data Security Management|
 |**Device Management**|View and edit settings and reports for device management features.|Compliance Administrator <br/><br/> Compliance Data Administrator <br/><br/> Organization Management <br/><br/> Security Administrator|
 |<sup>\*</sup>**Disposition Management**|Control permissions for accessing Manual Disposition in the Defender and compliance portals.|Compliance Administrator <br/><br/> Compliance Data Administrator <br/><br/> Records Management|
 |**DLP Compliance Management**|View and edit settings and reports for data loss prevention (DLP) policies.|Compliance Administrator <br/><br/> Compliance Data Administrator <br/><br/> Organization Management <br/><br/> Security Administrator|
@@ -204,7 +210,7 @@ Roles that aren't assigned to the Organization Management role group by default
 |<sup>\*</sup>**Manage Review Set Tags**|This role lets users create, edit, and delete review set tags for cases they can access.|eDiscovery Manager|
 |**Organization Configuration**|Run, view, and export audit reports and manage compliance policies for DLP, devices, and preservation.|Compliance Administrator <br/><br/> Compliance Data Administrator <br/><br/> Organization Management|
 |<sup>\*</sup>**Preview**|View a list of items that are returned from content searches, and open each item from the list to view its contents.|Data Investigator <br/><br/> eDiscovery Manager|
-|**Priority Cleanup Admin**|Access Priority Cleanup tab within Data Lifecycle Management to create, update, and delete policies and modify Priority Cleanup settings for the tenant  |Organization Management|
+|**Priority Cleanup Admin**|Access Priority Cleanup tab within Data Lifecycle Management to create, update, and delete policies and modify Priority Cleanup settings for the tenant|Organization Management|
 |**Priority Cleanup Viewer**|Access Priority Cleanup tab within Data Lifecycle Management to view policies|Organization Management|
 |<sup>\*</sup>**Privacy Management Admin**|Manage policies in Privacy Management and has access to all functionality of the solution.|Privacy Management <br/><br/> Privacy Management Administrators|
 |<sup>\*</sup>**Privacy Management Analysis**|Perform investigation and remediation of the message violations in Privacy Management. Can only view messages metadata.|Privacy Management <br/><br/> Privacy Management Analysts|
