MicrosoftDocs
diff --git a/‎defender-endpoint/indicator-file.md‎
Lines changed: 11 additions & 20 deletions b/‎defender-endpoint/indicator-file.md‎
Lines changed: 11 additions & 20 deletions
diff --git a/‎defender-vulnerability-management/tvm-browser-extensions.md‎
Lines changed: 18 additions & 17 deletions b/‎defender-vulnerability-management/tvm-browser-extensions.md‎
Lines changed: 18 additions & 17 deletions
@@ -6,7 +6,7 @@ ms.service: defender-endpoint
 ms.author: deniseb
 author: denisebmsft
 ms.localizationpriority: medium
-ms.date: 02/06/2025
+ms.date: 03/04/2025
 manager: deniseb
 audience: ITPro
 ms.collection: 
@@ -29,9 +29,6 @@ search.appverid: met150
 - [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md)
 - [Microsoft Defender for Business](/defender-business/mdb-overview)
 
-> [!TIP]
-> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationexclusionlist-abovefoldlink)
-
 > [!IMPORTANT]
 > In Defender for Endpoint Plan 1 and Defender for Business, you can create an indicator to block or allow a file. In Defender for Business, your indicator is applied across your environment and cannot be scoped to specific devices.
 
@@ -52,37 +49,33 @@ There are three ways you can create indicators for files:
 Understand the following prerequisites before you create indicators for files:
 
 - [Behavior Monitoring is enabled](behavior-monitor.md)
-
 - [Cloud-based protection is turned on](/defender-endpoint/enable-cloud-protection-microsoft-defender-antivirus).
-
 - [Cloud Protection network connectivity is functional](configure-network-connections-microsoft-defender-antivirus.md)
-
 - To start blocking files, [turn on the "block or allow" feature](advanced-features.md) in Settings (in the [Microsoft Defender portal](https://security.microsoft.com), go to **Settings** > **Endpoints** > **General** > **Advanced features** > **Allow or block file**).
 
 ### Windows prerequisites
 
 - This feature is available if your organization uses [Microsoft Defender Antivirus](microsoft-defender-antivirus-windows.md) (in active mode) 
-
-- The Antimalware client version must be `4.18.1901.x` or later. See [Monthly platform and engine versions](microsoft-defender-antivirus-updates.md#platform-and-engine-releases)
-
+- The antimalware client version must be `4.18.1901.x` or later. See [Monthly platform and engine versions](microsoft-defender-antivirus-updates.md#platform-and-engine-releases)
 - This feature is supported on devices running Windows 10, version 1703 or later, Windows 11, Windows Server 2012 R2, Windows Server 2016 or later, Windows Server 2019, or Windows Server 2022.
-
 - File hash computation is enabled, by setting `Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\MpEngine\` to **Enabled**
 
 > [!NOTE]
 > File indicators support portable executable (PE) files, including `.exe` and `.dll` files only.
 
 ### macOS prerequisites
 
-- [File hash computation is enabled](/defender-endpoint/mac-resources#configuring-from-the-command-line) by running `mdatp config enable-file-hash-computation --value enabled`
-
-### Linux prerequisites
+- Real-time protection (RTP) needs to be active.
+- [File hash computation must be enabled](/defender-endpoint/mac-resources#configuring-from-the-command-line). Run the following command: `mdatp config enable-file-hash-computation --value enabled`
 
-- Available in Defender for Endpoint version 101.85.27 or later.
+> [!NOTE]
+> On Mac, file indicators support Mach-O files (akin to `.exe` and `.dll` in Windows) scripts, such as sh/bash and AppleScript File (`.scpt`) files only.
 
-- [File hash computation is enabled](/defender-endpoint/linux-preferences#configure-file-hash-computation-feature) in the Microsoft Defender portal or in the managed JSON
+### Linux prerequisites
 
-- Behavior monitoring is preferred, but this will work with any other scan (RTP or Custom).
+- Available in Defender for Endpoint version `101.85.27` or later.
+- [File hash computation must be enabled](/defender-endpoint/linux-preferences#configure-file-hash-computation-feature) in the Microsoft Defender portal or in the managed JSON
+- Behavior monitoring enabled is preferred, but this feature works with any other scan (RTP or Custom).
 
 ## Create an indicator for files from the settings page
 
@@ -95,9 +88,7 @@ Understand the following prerequisites before you create indicators for files:
 4. Specify the following details:
 
    - Indicator: Specify the entity details and define the expiration of the indicator.
-
    - Action: Specify the action to be taken and provide a description.
-   
    - Scope: Define the scope of the device group (scoping isn't available in [Defender for Business](/defender-business/mdb-overview)).
 
    > [!NOTE]
@@ -156,7 +147,7 @@ Timestamp > ago(30d)
 
 For more information about advanced hunting, see [Proactively hunt for threats with advanced hunting](/defender-xdr/advanced-hunting-overview).
 
-Below are other thread names that can be used in the sample query from above:
+Here are other thread names that can be used in the sample query:
 
 Files:
 
 
@@ -1,6 +1,6 @@
 ---
 title: Browser extensions assessment in Microsoft Defender Vulnerability Management
-description: Find out about the browsers extensions installed in your environment
+description: Find out about the browser extensions installed in your environment through Microsoft Defender Vulnerability Management.
 ms.service: defender-vuln-mgmt
 ms.pagetype: security
 ms.author: deniseb
@@ -11,9 +11,10 @@ audience: ITPro
 ms.collection:
   - m365-security
   - Tier1
-ms.topic: conceptual
+ms.topic: concept-article
 search.appverid: met150
-ms.date: 02/23/2025
+ms.date: 03/04/2025
+#customer intent: To learn about the browser extensions installed in your environment through Microsoft Defender Vulnerability Management.
 ---
 
 # Browser extensions assessment in Microsoft Defender Vulnerability Management
@@ -32,71 +33,71 @@ The information available helps your security team learn about the installed ext
 
 ## View your browser extensions
 
-1. Go to **Vulnerability management** \> **Inventories** in the [Microsoft Defender portal](https://security.microsoft.com).
+1. Sign in to the [Microsoft Defender portal](https://security.microsoft.com).
 
-2. Select the **Browser extensions** tab.
+2. Navigate to **Endpoints** \> **Vulnerability management** \> **Inventories**, then select the **Browser extensions** tab.
 
 > [!NOTE]
 > Browser extension assessment is only available on Windows devices. Only extensions that exist in Microsoft Edge, Chrome, and Firefox, appear in browser extension list.
 
 The **Browser extensions** page opens with a list of the browser extensions installed across your organization, including details on the extension name, browser, the number of devices the extension is installed on, and the number of devices with the extensions turned on.
 
-   :::image type="content" source="/defender/media/defender-vulnerability-management/browser_extensions.png" alt-text="Screenshot of the Browser extensions page" lightbox="/defender/media/defender-vulnerability-management/browser_extensions.png":::
+   :::image type="content" source="/defender/media/defender-vulnerability-management/mdvm-inventories-small.png" alt-text="Screenshot of the Browser extensions tab" lightbox="/defender/media/defender-vulnerability-management/mdvm-inventories.png":::
 
 You can use the Browser filter to view the relevant list of extensions for a particular browser.
 
 The **Requested permissions** and **Permissions risk** columns provide more specific information on the number of permissions requested by the extension, and the permissions risk level based on the type of access to devices or sites it requested.
 
 Select a browser extension to open its flyout pane, where you can learn more about the extension:
 
-   :::image type="content" source="/defender/media/defender-vulnerability-management/browser_extensions_details.png" alt-text="Screenshot of the Browser extensions details pane" lightbox="/defender/media/defender-vulnerability-management/browser_extensions_details.png":::
+   :::image type="content" source="/defender/media/defender-vulnerability-management/mdm-browserex-pane-small.png" alt-text="Screenshot of the Browser extensions details pane" lightbox="/defender/media/defender-vulnerability-management/mdm-browserex-pane.png":::
 
-Where applicable, there's a link available on this page to access the extension in the store it was installed from.
+Where applicable, there's a link available on the flyout pane to access the extension in the store it was installed from.
 
 ### Browser extension permissions
 
 Browser extensions usually need different types of permission to run properly, for example, they might require permission to modify a webpage.
 
 Select the **Permissions** tab, from the browser extension flyout pane, to see information on the permissions the browser extension needs to run, and whether this permission is optional or not.
 
-   :::image type="content" source="/defender/media/defender-vulnerability-management/browser_extensions_permissions.png" alt-text="Screenshot of the Browser extensions permissions page" lightbox="/defender/media/defender-vulnerability-management/browser_extensions_permissions.png":::
+   :::image type="content" source="/defender/media/defender-vulnerability-management/mdvm-browserex-perms-small.png" alt-text="Screenshot of the Browser extensions permissions page" lightbox="/defender/media/defender-vulnerability-management/mdvm-browserex-perms.png":::
 
 The permission risk level generated is based on the type of access the permission is requesting. You can use this information to help make an informed decision on whether you want to allow or block this extension.
 
 > [!NOTE]
-> Risk is subjective, and it's up to each organization to determine the types of risk they're willing to take on.
+> Risk is subjective. Each organization should determine the types of risk they're willing to take on.
 
 Select a permission to see a further flyout with more information.
 
 ### View installed devices
 
 To see the list of the devices the extension is installed on, choose the **Installed devices** tab from the browser extension flyout pane:
 
-   :::image type="content" source="/defender/media/defender-vulnerability-management/browser_extensions_devices.png" alt-text="Screenshot of the Browser extensions devices tab" lightbox="/defender/media/defender-vulnerability-management/browser_extensions_devices.png":::
+   :::image type="content" source="/defender/media/defender-vulnerability-management/mdvm-browserex-installtab-small.png" alt-text="Screenshot of the Browser extensions devices tab" lightbox="/defender/media/defender-vulnerability-management/mdvm-browserex-installtab.png":::
 
 From here, you can search for a particular device the extension is installed on, and you can export a list of the devices to a csv file.
 
 ### View extension versions
 
-Select the **Extensions versions** tab, from the browser extension flyout pane, to see information on the versions of the extension installed in your organization.
+Select the **Extension versions** tab, from the browser extension flyout pane, to see information on the versions of the extension installed in your organization.
 
-   :::image type="content" source="/defender/media/defender-vulnerability-management/browser_extensions_versions.png" alt-text="Screenshot of the Browser extensions versions tab" lightbox="/defender/media/defender-vulnerability-management/browser_extensions_versions.png":::
+   :::image type="content" source="/defender/media/defender-vulnerability-management/mdvm-browserex-extension-small.png" alt-text="Screenshot of the Browser extensions versions tab" lightbox="/defender/media/defender-vulnerability-management/mdvm-browserex-extension.png":::
 
 ### View extensions users
 
 Select the **Users** tab, from the browser extension flyout pane, to see a list of users who installed the browser extension.
 
-   :::image type="content" source="/defender/media/defender-vulnerability-management/tvm-browser-ext-user-filter.png" alt-text="Screenshot of the Browser extensions user tab." lightbox="/defender/media/defender-vulnerability-management/tvm-browser-ext-user-filter.png":::
+   :::image type="content" source="/defender/media/defender-vulnerability-management/mdvm-browserex-users-small.png" alt-text="Screenshot of the Browser extensions user tab." lightbox="/defender/media/defender-vulnerability-management/mdvm-browserex-users.png":::
 
 ### Browser extensions on devices
 
 You can also view a list of extensions installed on a device:
 
-1. Select the device from the **Installed devices** tab in the flyout panel and select **Open device page** or select the device directly from the **Device inventory** page.
+1. Select the device from the **Installed devices** tab in the flyout pane and select **Open device page** or select the device directly from the **Device inventory** page.
 
 2. Select **Inventories** and then **Browser extensions** to see a list of extensions installed on that device.
 
-   :::image type="content" source="/defender/media/defender-vulnerability-management/browser_extensions_devicepage.png" alt-text="Screenshot of the Browser extensions in the devices page" lightbox="/defender/media/defender-vulnerability-management/browser_extensions_devicepage.png":::
+   :::image type="content" source="/defender/media/defender-vulnerability-management/mdvm-browserex-devicepage-small.png" alt-text="Screenshot of the Browser extensions in the devices page" lightbox="/defender/media/defender-vulnerability-management/mdvm-browserex-devicepage.png":::
 
 ### Browser extension APIs
 
@@ -107,7 +108,7 @@ You can use APIs to view all browser extensions installed in your organization,
 
 ### Use advanced hunting
 
-You can use advanced hunting queries to gain visibility on browser extensions in your organization. Find details about the browser extensions installed per device in the **DeviceTvmBrowserExtensions** table, or browser extension related information, including extensions permission information in the **DeviceTvmBrowserExtensionsKB** table.
+You can use advanced hunting queries to gain visibility on browser extensions in your organization. Find details about the browser extensions installed per device in the [**DeviceTvmBrowserExtensions**](/defender-xdr/advanced-hunting-devicetvmbrowserextensions-table) table, or browser extension related information, including extensions permission information in the [**DeviceTvmBrowserExtensionsKB**](/defender-xdr/advanced-hunting-devicetvmbrowserextensionskb-table) table.
 
 ## Related articles