Merge pull request #3797 from MicrosoftDocs/main

Ruchika-mittal01 · web-flow · commit a9ae945e0091 · 2025-05-16T04:11:20.000+05:30
[AutoPublish] main to live - 05/15 15:32 PDT | 05/16 04:02 IST
diff --git a/defender-endpoint/enable-network-protection.md b/defender-endpoint/enable-network-protection.md
@@ -3,7 +3,7 @@ title: Turn on network protection
 description: Enable network protection with Group Policy, PowerShell, or Mobile Device Management and Configuration Manager.
 ms.service: defender-endpoint
 ms.localizationpriority: medium
-ms.date: 05/13/2025
+ms.date: 05/15/2025
 ms.topic: conceptual
 author: emmwalshh
 ms.author: ewalsh
@@ -192,7 +192,7 @@ Use the following procedure to enable network protection on domain-joined comput
 
    | Windows Server version | Commands |
    |---|---|
-   |Windows Server 2019 and later | `set-mpPreference -AllowNetworkProtectionOnWinServer $true` |
+   |Windows Server 2019 and later | `set-mpPreference -AllowNetworkProtectionOnWinServer $true` <br/> `set-MpPreference -AllowDatagramProcessingOnWinServer $true`|
    |Windows Server 2016 <br/>Windows Server 2012 R2 with the [unified agent for Microsoft Defender for Endpoint](/defender-endpoint/enable-network-protection) | `set-MpPreference -AllowNetworkProtectionDownLevel $true` <br/> `set-MpPreference -AllowNetworkProtectionOnWinServer $true` <br/> `set-MpPreference -AllowDatagramProcessingOnWinServer $true`|
 
    > [!IMPORTANT]
diff --git a/defender-endpoint/gov.md b/defender-endpoint/gov.md
@@ -158,6 +158,7 @@ These are the known gaps:
 |Microsoft Secure Score|![Yes](media/svg/check-yes.svg)<br/>See note following this table|![Yes](media/svg/check-yes.svg)|![Yes](media/svg/check-yes.svg)|
 |Microsoft Threat Experts|![No](media/svg/check-no.svg)|![No](media/svg/check-no.svg)|![No](media/svg/check-no.svg)|
 |Microsoft Defender for Endpoint Security Configuration Management|![No](media/svg/check-no.svg)|![No](media/svg/check-no.svg)|![No](media/svg/check-no.svg)|
+|Microsoft Defender for IoT enterprise IoT security|![No](media/svg/check-no.svg)|![No](media/svg/check-no.svg)|![No](media/svg/check-no.svg)|
 
 > [!NOTE]
 > While Microsoft Secure Score is available for GCC, GCC High and DoD customers, there are some security recommendations that aren't available.
diff --git a/defender-office-365/anti-spam-protection-about.md b/defender-office-365/anti-spam-protection-about.md
@@ -145,7 +145,7 @@ These settings aren't configured in the default anti-spam policy by default, or
 
   ² For **High confidence phishing**, the **Move message to Junk Email folder** action is effectively deprecated. Although you might be able to select the **Move message to Junk Email folder** action, high confidence phishing messages are always quarantined (equivalent to selecting **Quarantine message**).
 
-  ³ You can use this value as a condition in [Mail flow rules in Exchange Server](/exchange/policy-and-compliance/mail-flow-rules/mail-flow-rules) to filter or route messages for mailboxes in on-premises Exchange environments.
+  ³ You can use this value as a condition in [Mail flow rules in Exchange Server](/exchange/policy-and-compliance/mail-flow-rules/mail-flow-rules) to filter or route messages for mailboxes in on-premises Exchange environments only (not in Exchange Online).
 
   ⁴ If the spam filtering verdict quarantines messages by default (**Quarantine message** is already selected when you get to the page), the default quarantine policy name is shown in the **Select quarantine policy** box. If you _change_ the action of a spam filtering verdict to **Quarantine message**, the **Select quarantine policy** box is blank by default. A blank value means the default quarantine policy for that verdict is used. When you later view or edit the anti-spam policy settings, the quarantine policy name is shown. For more information about the quarantine policies that are used by default for spam filter verdicts, see [EOP anti-spam policy settings](recommended-settings-for-eop-and-office365.md#eop-anti-spam-policy-settings).
 
diff --git a/defender-xdr/configure-attack-disruption.md b/defender-xdr/configure-attack-disruption.md
@@ -9,7 +9,7 @@ audience: ITPro
 ms.topic: how-to
 ms.service: defender-xdr
 ms.localizationpriority: medium
-ms.date: 04/25/2025
+ms.date: 05/15/2025
 ms.collection:
 - m365-security
 - tier2
@@ -45,6 +45,7 @@ The following are prerequisites for configuring automatic attack disruption in M
 The Minimum Sense Agent version required for the **Contain User** action to work is v10.8470. You can identify the Sense Agent version on a device by running the following PowerShell command: 
 
 > Get-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Advanced Threat Protection\' -Name "InstallLocation"
+> Get-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Advanced Threat Protection\Status' -Name "MsSenseDllVersion"
 
 #### Automation setting for your organizations devices
 
diff --git a/defender-xdr/usgov.md b/defender-xdr/usgov.md
@@ -33,8 +33,6 @@ Microsoft Defender XDR for US Government customers requires one of the following
 
 ### Desktop licensing
 
-<br />
-
 ****
 
 |GCC|GCC High|DoD|
@@ -48,64 +46,54 @@ Microsoft Defender XDR for US Government customers requires one of the following
 |Microsoft Defender for Identity - GCC|Microsoft Defender for Identity for GCC High|Microsoft Defender for Identity for DOD|
 |Microsoft Defender for Office 365 (Plan 2) GCC|Microsoft Defender for Office 365 (Plan 2) for GCC High|Microsoft Defender for Office 365 (Plan 2) for DOD|
 |Windows 10 Enterprise E5 GCC|Windows 10 Enterprise E5 for GCC High|Windows 10 Enterprise E5 for DOD|
-|
 
 ### Server licensing
 
-<br />
-
 ****
 
 |GCC|GCC High|DoD|
 |---|---|---|
 |Microsoft Defender for Endpoint Server GCC|Microsoft Defender for Endpoint Server for GCC High|Microsoft Defender for Endpoint Server for DOD|
 |Microsoft Defender for servers|Microsoft Defender for servers - Government|Microsoft Defender for servers - Government|
-|
 
 ## Portal URLs
 
 The following are the Microsoft Defender portal URLs for US Government customers:
 
-<br />
-
 ****
 
 |Customer type|Portal URL|
 |---|---|
 |GCC|<https://security.microsoft.com>|
 |GCC High|[https://security.microsoft.us](https://security.microsoft.us)|
 |DoD|[https://security.apps.mil](https://security.apps.mil)|
-|
+
 > [!NOTE]
 > If you are a GCC customer and in the process of moving from Microsoft Defender for Endpoint commercial to GCC, use https://transition.security.microsoft.com to access your Microsoft Defender for Endpoint commercial data.
 
 ## API
 
 Instead of the public URIs listed in our [API documentation](api-overview.md), you'll need to use the following URIs:
 
-<br />
-
 ****
 
 |Endpoint type|GCC|GCC High & DoD|
 |---|---|---|
 |Login|`https://login.microsoftonline.com`|`https://login.microsoftonline.us`|
 |Microsoft Defender XDR API|`https://api-gcc.security.microsoft.us`|`https://api-gov.security.microsoft.us`|
-|
 
 ## Feature parity with commercial
 
 Microsoft Defender XDR for US Government customers doesn't have complete parity with the commercial offering. While our goal is to deliver all commercial features and functionality to our US Government customers, there are some capabilities not yet available we want to highlight.
 
 These are the known gaps:
 
-<br />
-
 ****
 
 |Feature name|GCC|GCC High|DoD|
 |---|:---:|:---:|:---:|
 |Microsoft Threat Experts|![No](/defender-endpoint/media/svg/check-no.svg) On engineering backlog|![No](/defender-endpoint/media/svg/check-no.svg) On engineering backlog|![No](/defender-endpoint/media/svg/check-no.svg) On engineering backlog|
+|Microsoft Defender for IoT enterprise IoT security|![No](/defender-endpoint/media/svg/check-no.svg)|![No](/defender-endpoint/media/svg/check-no.svg)|![No](/defender-endpoint/media/svg/check-no.svg)|
 
 For detailed list of Event Streaming API tables, see [Microsoft Defender XDR streaming event types supported in Event Streaming API](supported-event-types.md).
 
