Merge branch 'main' into SubResults-chrisda

Author: chrisda

defender-endpoint/mde-plugin-wsl.md

@@ -15,7 +15,7 @@ ms.collection:
 ms.custom:
 - partner-contribution
 audience: ITPro
-ms.date: 06/12/2024
+ms.date: 07/26/2024
 search.appverid: MET150
 ---
 
@@ -293,6 +293,8 @@ DeviceProcessEvents
          dnsProxy=false
          ```
 
+   - If the connectivity issues persist, collect the networking logs using the method mentioned at [link](https://aka.ms/wsllogs), and include those logs with your support bundle.
+
 5. If you run into any other challenges or issues, open Terminal, and run the following commands to generate a support bundle:
 
    ```powershell
@@ -346,4 +348,4 @@ DeviceProcessEvents
 
    This should fix the problem by placing the right files in the expected directories.
 
-   :::image type="content" source="media/mdeplugin-wsl/plug-in-repair-control-panel.png" alt-text="Screenshot showing MDE plug-in for WSL repair option in control panel." lightbox="media/mdeplugin-wsl/plug-in-repair-control-panel.png":::
+   :::image type="content" source="media/mdeplugin-wsl/plug-in-repair-control-panel.png" alt-text="Screenshot showing MDE plug-in for WSL repair option in control panel." lightbox="media/mdeplugin-wsl/plug-in-repair-control-panel.png":::

defender-office-365/defender-for-office-365-whats-new.md

@@ -8,7 +8,7 @@ ms.author: chrisda
 author: chrisda
 manager: deniseb
 ms.localizationpriority: medium
-ms.date: 07/18/2024
+ms.date: 07/26/2024
 audience: ITPro
 ms.collection:
   - m365-security
@@ -41,6 +41,8 @@ For more information on what's new with other Microsoft Defender security produc
 
 ## July 2024
 
+- **Tenant Allow/Block List in Microsoft 365 GCC, GCC High, DoD and and Office 365 operated by 21Vianet environments**: The [Tenant Allow/Block List](tenant-allow-block-list-about.md) is now available these environments. They are on parity with the WW commercial experiences.
+
 - **45 days after last used date**: The value **Remove allow entry after** \> **45 days after last used date** is now the default on new allow entries from submissions and existing allow entries in the [Tenant Allow/Block List](tenant-allow-block-list-about.md). The allow entry is triggered and the **LastUsedDate** property is updated when the entity is encountered and identified as malicious during mail flow or at time of click. After the filtering system determines that the entity is clean, the allow entry is automatically removed after 45 days. By default, allow entries for spoofed senders never expire.
 
 - (GA) Learning hub resources have moved from the Microsoft Defender portal to [learn.microsoft.com](https://go.microsoft.com/fwlink/?linkid=2273118). Access Microsoft Defender XDR Ninja training, learning paths, training modules and more. Browse the [list of learning paths](/training/browse/?products=m365-ems-cloud-app-security%2Cdefender-for-cloud-apps%2Cdefender-identity%2Cm365-information-protection%2Cm365-threat-protection%2Cmdatp%2Cdefender-office365&expanded=m365%2Coffice-365), and filter by product, role, level, and subject. 

defender-vulnerability-management/tvm-security-baselines.md

@@ -38,6 +38,9 @@ Security baselines provide support for Center for Internet Security (**CIS)** be
 > [!TIP]
 > Did you know you can try all the features in Microsoft Defender Vulnerability Management for free? Find out how to [sign up for a free trial](defender-vulnerability-management-trial.md).
 
+> [!NOTE]
+> Security baseline assessment is not supported when DFSS (Dynamic Fair Share Scheduling) is enabled on Windows Server 2012 R2.
+
 ## Get started with security baselines assessment
 
 1. Go to **Vulnerability management** > **Baselines assessment** in the [Microsoft Defender portal](https://security.microsoft.com).

defender-xdr/alert-grading-playbook-inbox-forwarding-rules.md

@@ -17,7 +17,7 @@ ms.topic: conceptual
 search.appverid: 
   - MOE150
   - met150
-ms.date: 04/03/2024
+ms.date: 07/26/2024
 ---
 
 # Alert classification for suspicious inbox forwarding rules
@@ -29,7 +29,7 @@ ms.date: 04/03/2024
 
 Threat actors can use compromised user accounts for several malicious purposes including reading emails in a user's inbox, creating inbox rules to forward emails to external accounts, sending phishing mails, among others. Malicious inbox rules are widely common during business email compromise (BEC) and phishing campaigns, and it important to monitor them consistently.
 
-This playbook helps you investigate alerts for suspicious inbox forwarding rules and quickly grade them as either a true positive (TP) or a false positive (TP). You can then take recommended actions for the TP alerts to remediate the attack.
+This playbook helps you investigate alerts for suspicious inbox forwarding rules and quickly grade them as either a true positive (TP) or a false positive (FP). You can then take recommended actions for the TP alerts to remediate the attack.
 
 For an overview of alert classification for Microsoft Defender for Office 365 and Microsoft Defender for Cloud Apps, see the [introduction article](alert-classification-playbooks.md).