Merge pull request #2654 from MicrosoftDocs/main

Publish main to live, 02/04/25, 3:30 PM PT

Author: Ruchika-mittal01

defender-endpoint/troubleshoot-microsoft-defender-antivirus.yml

@@ -7,7 +7,7 @@ metadata:
   ms.reviewer: yongrhee
   ms.service: defender-endpoint
   ms.topic: troubleshooting
-  ms.date: 02/16/2024
+  ms.date: 02/04/2025
   ms.localizationpriority: medium
   ms.custom: nextgen
   manager: deniseb
@@ -103,71 +103,6 @@ sections:
 
           - Scan Time: The duration of a scan.
 
-     - question: Event ID 1003
-       answer: |
-
-         Symbolic name: `MALWAREPROTECTION_SCAN_PAUSED`
-
-         Message: An antimalware scan was paused.
-
-         Description:
-
-          - Scan ID: ID number of the relevant scan.
-
-          - Scan Type: Scan type. Examples: Antivirus, Antispyware, or Antimalware
-
-          - Scan Parameters: Scan parameters. Examples: Full scan, Quick scan, or Customer scan
-
-          - User: Domain\User
-
-     - question: Event ID 1004
-       answer: |
-
-         Symbolic name: `MALWAREPROTECTION_SCAN_RESUMED`
-
-         Message: An antimalware scan was resumed.
-
-         Description:
-
-          - Scan ID: ID number of the relevant scan.
-
-          - Scan Type: Scan type. Examples: Antivirus, Antispyware, or Antimalware
-
-          - Scan Parameters: Scan parameters. Examples: Full scan, Quick scan, or Customer scan
-
-          - User: Domain\User
-
-     - question: Event ID 1005
-       answer: |
-
-         Symbolic name: `MALWAREPROTECTION_SCAN_FAILED`
-
-         Message: An antimalware scan failed.
-
-         Description:
-
-          - Scan ID: ID number of the relevant scan.
-
-          - Scan Type: Scan type. Examples: Antivirus, Antispyware, or Antimalware
-
-          - Scan Parameters: Scan parameters. Examples: Full scan, Quick scan, or Custom scan
-
-          - User: Domain\User
-
-          - Error Code: Error code. Result code associated with threat status. Standard HRESULT values.
-
-          - Error Description: Error description. Description of the error.
-
-         User action:
-
-           The antivirus client encountered an error, and the current scan stopped. The scan might fail due to a client-side issue. This event record includes the scan ID, type of scan (Microsoft Defender Antivirus, antispyware, antimalware), scan parameters, the user that started the scan, the error code, and a description of the error. To troubleshoot this event:
-
-             - Run the scan again.
-
-             - If it fails in the same way, go to the [Microsoft Support site](https://support.microsoft.com/), enter the error number in the Search box to look for the error code.
-
-             - Contact [Microsoft Technical Support](/microsoft-365/admin/get-help-support).
-
      - question: Event ID 1006
        answer: |
 

defender-office-365/attack-simulation-training-get-started.md

@@ -19,7 +19,7 @@ ms.custom:
   - seo-marvel-apr2020
 description: Admins can learn how to use Attack simulation training to run simulated phishing and password attacks in their Microsoft 365 E5 or Microsoft Defender for Office 365 Plan 2 organizations.
 ms.service: defender-office-365
-ms.date: 12/04/2024
+ms.date: 02/04/2025
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 2</a>
 ---
@@ -54,12 +54,27 @@ Watch this short video to learn more about Attack simulation training.
     - **Global Administrator**¹
     - **Security Administrator**
     - **Attack Simulation Administrators**²: Create and manage all aspects of attack simulation campaigns.
-    - **Attack Payload Author**²: Create attack payloads that an admin can initiate later.
+    - **Attack Payload Author**²: Create attack payloads that an admin can initiate later. 
+    - **Security Operator and Security Reader**³: View all aspects of attack simulation campaigns.
 
     > [!IMPORTANT]
     > ¹ Microsoft recommends that you use roles with the fewest permissions. Using lower permissioned accounts helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
     >
     > ² Adding users to this role group in [Email & collaboration permissions in the Microsoft Defender portal](mdo-portal-permissions.md) is currently unsupported.
+    >
+    >   Members of Attack Payload Author have the following limitations in attack simulation training:
+    >
+    >   - They can't create or edit simulations, training campaigns, simulation automations, or payload automations.
+    >   - They can't change global settings.
+    >   - They can't change content (for example, notifications), but they can change payloads.
+    >   - They can't view tenant simulation reports, aggregate reports, simulation automation records, or payload automation records.
+    >
+    > ³ Members of Security Operator and Security Reader have the following limitations in attack simulation training:
+    >
+    >   - They can't create or edit simulations, training campaigns, simulation automations, or payload automations.
+    >   - They can't change global settings.
+    >   - They can't change content (for example, tenant payloads or notifications).
+    >   - They can access data through read APIs with user scope, but they can't use write APIs.
 
     Currently, [Microsoft Defender XDR Unified role based access control (RBAC)](/defender-xdr/manage-rbac) isn't supported.
 

defender-office-365/submissions-outlook-report-messages.md

@@ -14,7 +14,7 @@ ms.collection:
 description: Learn how to report phishing and suspicious emails in supported versions of Outlook using the built-in Report button or the Report Message and Report Phishing add-ins.
 ms.service: defender-office-365
 search.appverid: met150
-ms.date: 01/30/2025
+ms.date: 02/04/2025
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/eop-about" target="_blank">Exchange Online Protection</a>
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 1 and Plan 2</a>
@@ -44,6 +44,8 @@ Admins configure user reported messages to go to a specified reporting mailbox,
   - Outlook for Microsoft 365:
     - **Current channel**: Version 16.0.17827.15010 or later.
     - **Monthly Enterprise Channel**: Version 16.0.18025.20000 or later.
+    - **Semi-Annual Channel (Preview)**: Release 2502, build 16.0.18526.20024 or later.
+    - **Semi-Annual Channel**: Release 2502, build 16.0.18526.20024 or later.
   - Outlook for Mac version 16.89 (24090815) or later.
   - Outlook for iOS and Android version 4.2446 or later.
   - The new Outlook for Windows.