MicrosoftDocs
diff --git a/‎CloudAppSecurityDocs/release-notes.md‎
Lines changed: 27 additions & 3 deletions b/‎CloudAppSecurityDocs/release-notes.md‎
Lines changed: 27 additions & 3 deletions
diff --git a/‎defender-endpoint/endpoint-attack-notifications.md‎
Lines changed: 2 additions & 1 deletion b/‎defender-endpoint/endpoint-attack-notifications.md‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎defender-endpoint/evaluate-mda-using-mde-security-settings-management.md‎
Lines changed: 2 additions & 1 deletion b/‎defender-endpoint/evaluate-mda-using-mde-security-settings-management.md‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎defender-endpoint/machines-view-overview.md‎
Lines changed: 176 additions & 84 deletions b/‎defender-endpoint/machines-view-overview.md‎
Lines changed: 176 additions & 84 deletions
diff --git a/‎defender-endpoint/malware/trojans-malware.md‎
Lines changed: 1 addition & 2 deletions b/‎defender-endpoint/malware/trojans-malware.md‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎defender-endpoint/malware/unwanted-software.md‎
Lines changed: 1 addition & 3 deletions b/‎defender-endpoint/malware/unwanted-software.md‎
Lines changed: 1 addition & 3 deletions
diff --git a/‎defender-endpoint/malware/worms-malware.md‎
Lines changed: 0 additions & 2 deletions b/‎defender-endpoint/malware/worms-malware.md‎
Lines changed: 0 additions & 2 deletions
diff --git a/‎defender-endpoint/media/m365-cc-sc-customize-icon.png‎
648 Bytes b/‎defender-endpoint/media/m365-cc-sc-customize-icon.png‎
648 Bytes
diff --git a/‎defender-endpoint/safety-scanner-download.md‎
Lines changed: 1 addition & 2 deletions b/‎defender-endpoint/safety-scanner-download.md‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎defender-endpoint/troubleshoot-microsoft-defender-antivirus.yml‎
Lines changed: 1 addition & 1 deletion b/‎defender-endpoint/troubleshoot-microsoft-defender-antivirus.yml‎
Lines changed: 1 addition & 1 deletion
@@ -20,6 +20,30 @@ For more information on what's new with other Microsoft Defender security produc
 For news about earlier releases, see [Archive of past updates for Microsoft Defender for Cloud Apps](release-note-archive.md).
 
 
+## October 2024
+
+### New anomaly data in advanced hunting CloudAppEvents table
+
+Defender for Cloud Apps users who use advanced hunting in the Microsoft Defender portal, can now utilize the new *LastSeenForUser* and *UncommonForUser* columns for queries and detections rules.  
+The new columns are designed to assist you to better __identify uncommon activities__ that may appear suspicious, and allow you to create more accurate custom detections, as well as investigate any suspicious activities that arise.
+
+For more information, see [Advanced Hunting "CloudAppEvents" Data schema](/microsoft-365/security/defender/advanced-hunting-cloudappevents-table).
+
+### New Conditional Access app control / inline data in advanced hunting CloudAppEvents table
+
+Defender for Cloud Apps users who use advanced hunting in the Microsoft Defender portal can now use the new *AuditSource* and *SessionData* columns for queries and detection rules.   
+Using this data allows for queries that consider specific audit sources, including access and session control, and queries by specific inline sessions.
+
+For more information, see [Advanced Hunting "CloudAppEvents" Data schema](/microsoft-365/security/defender/advanced-hunting-cloudappevents-table).
+
+### New data in advanced hunting CloudAppEvents table - OAuthAppId
+
+Defender for Cloud Apps users who use advanced hunting in the Microsoft Defender portal can now use the new _OAuthAppId_ column for queries and detection rules.
+
+Using _OAuthAppId_ allows the queries that consider specific OAuth applications, making queries and detection rules more accurate.
+
+For more information, see [Advanced Hunting "CloudAppEvents" Data schema](/microsoft-365/security/defender/advanced-hunting-cloudappevents-table).
+
 ## September 2024
 
 ### Enforce Edge in-browser when accessing business apps
@@ -28,7 +52,7 @@ Administrators who understand the power of Edge in-browser protection, can now r
 A primary reason is security, since the barrier to circumventing session controls using Edge is much higher than with reverse proxy technology.
 
 For more information see: 
-[Enforce Edge in-browser protection when accessing business apps](https://learn.microsoft.com/defender-cloud-apps/in-browser-protection#enforce-edge-in-browser-when-accessing-business-apps)
+[Enforce Edge in-browser protection when accessing business apps](/defender-cloud-apps/in-browser-protection)
 
 ### Connect Mural to Defender for Cloud Apps (Preview)
 
@@ -146,7 +170,7 @@ Microsoft Defender for Cloud Apps log collector now supports [Azure Kubernetes S
 
 For more information, see [Configure automatic log upload using Docker on Azure Kubernetes Service (AKS)](discovery-kubernetes.md).
 
-### New Conditional Access app control / inline data for the advanced hunting CloudAppEvents table
+### New Conditional Access app control / inline data for the advanced hunting CloudAppEvents table (Preview)
 
 Defender for Cloud Apps users who use advanced hunting in the Microsoft Defender portal can now use the new *AuditSource* and *SessionData* columns for queries and detection rules. Using this data allows for queries that consider specific audit sources, including access and session control, and queries by specific inline sessions.
 
@@ -224,7 +248,7 @@ Automatic log collection is supported using a Docker container on multiple opera
 
 For more information, see [Configure automatic log upload using Podman](discovery-linux-podman.md).
 
-### New anomaly data for the advanced hunting CloudAppEvents table
+### New anomaly data for the advanced hunting CloudAppEvents table (Preview)
 
 Defender for Cloud Apps users who use advanced hunting in the Microsoft Defender portal can now use the new *LastSeenForUser* and *UncommonForUser* columns for queries and detections rules. Using this data helps to rule out false positives and find anomalies.
 
 
@@ -12,9 +12,10 @@ ms.collection:
 - m365-security
 - tier2
 ms.topic: conceptual
+ms.custom: cx-ean
 ms.subservice: edr
 search.appverid: met150
-ms.date: 08/15/2024
+ms.date: 10/30/2024
 ---
 
 # Endpoint Attack Notifications
 
@@ -12,9 +12,10 @@ ms.collection:
 - m365-security
 - tier2
 ms.topic: conceptual
+ms.custom: cx-ean
 ms.subservice: edr
 search.appverid: met150
-ms.date: 05/13/2024
+ms.date: 10/30/2024
 ---
 
 # Evaluate Microsoft Defender Antivirus using Microsoft Defender Endpoint Security Settings Management (Endpoint security policies)
 
@@ -43,8 +43,7 @@ Trojans can come in many different varieties, but generally they do the followin
 
 Use the following free Microsoft software to detect and remove it:
 
-- [Microsoft Defender Antivirus](../microsoft-defender-antivirus-windows.md) for Windows 10 and Windows 8.1, or [Microsoft Security Essentials](https://www.microsoft.com/download/details.aspx?id=5201) for previous versions of Windows.
-
+- [Microsoft Defender Antivirus](../microsoft-defender-antivirus-windows.md) for Windows 10 and 11.
 - [Microsoft Safety Scanner](../safety-scanner-download.md)
 
 For more general tips, see [prevent malware infection](prevent-malware-infection.md).
@@ -45,9 +45,7 @@ To prevent unwanted software infection, download software only from official web
 
 Use [Microsoft Edge](/microsoft-edge/deploy/index) when browsing the internet. Microsoft Edge includes additional protections that effectively block browser modifiers that can change your browser settings. Microsoft Edge also blocks known websites hosting unwanted software using [Windows Defender SmartScreen](/microsoft-edge/deploy/index) (also used by Internet Explorer).
 
-Enable [Microsoft Defender Antivirus](../microsoft-defender-antivirus-windows.md) in Windows 10. It provides real-time protection against threats and detects and removes known unwanted software.
-
-Download [Microsoft Security Essentials](https://www.microsoft.com/download/details.aspx?id=5201) for real-time protection in Windows 7 or Windows Vista.
+Enable [Microsoft Defender Antivirus](../microsoft-defender-antivirus-windows.md) in Windows 10 and 11. It provides real-time protection against threats and detects and removes known unwanted software.
 
 For more general tips, see [prevent malware infection](prevent-malware-infection.md).
 
 
@@ -49,8 +49,6 @@ This image shows how a worm can quickly spread through a shared USB drive.
 
 Enable [Microsoft Defender Antivirus](../microsoft-defender-antivirus-windows.md) in Windows 10. It provides real-time protection against threats and detects and removes known unwanted software.
 
-Download [Microsoft Security Essentials](https://www.microsoft.com/download/details.aspx?id=5201) for real-time protection in Windows 7 or Windows Vista.
-
 In case threat removal is unsuccessful, read about [troubleshooting malware detection and removal problems](https://www.microsoft.com/wdsi/help/troubleshooting-infection).
 
 For more general tips, see [prevent malware infection](prevent-malware-infection.md).
@@ -40,7 +40,7 @@ Microsoft Safety Scanner is a scan tool designed to find and remove malware from
 
 - Safety Scanner is a portable executable and doesn't appear in the Windows Start menu or as an icon on the desktop. Note where you saved this download.
 
-- This tool doesn't replace your antimalware product. For real-time protection with automatic updates, use [Microsoft Defender Antivirus on Windows 11, Windows 10, and Windows 8](https://www.microsoft.com/windows/comprehensive-security) or [Microsoft Security Essentials on Windows 7](https://support.microsoft.com/help/14210/security-essentials-download). These antimalware products also provide powerful malware removal capabilities. If you're having difficulties removing malware with these products, you can refer to our help on [removing difficult threats](https://www.microsoft.com/wdsi/help/troubleshooting-infection).
+- This tool doesn't replace your antimalware product. For real-time protection with automatic updates, use [Microsoft Defender Antivirus on Windows 11, Windows 10, and Windows 8](https://www.microsoft.com/windows/comprehensive-security). These antimalware products also provide powerful malware removal capabilities. If you're having difficulties removing malware with these products, you can refer to our help on [removing difficult threats](https://www.microsoft.com/wdsi/help/troubleshooting-infection).
 
 ## System requirements
 
@@ -60,7 +60,6 @@ For more information about the Safety Scanner, see the support article on [how t
 
 - [Troubleshooting Safety Scanner](https://support.microsoft.com/help/2520970/how-to-troubleshoot-an-error-when-you-run-the-microsoft-safety-scanner)
 - [Microsoft Defender Antivirus](https://www.microsoft.com/windows/comprehensive-security)
-- [Microsoft Security Essentials](https://support.microsoft.com/help/14210/security-essentials-download)
 - [Removing difficult threats](https://support.microsoft.com/help/4466982/windows-10-troubleshoot-problems-with-detecting-and-removing-malware)
 - [Submit file for malware analysis](https://www.microsoft.com/wdsi/filesubmission)
 - [Microsoft antimalware and threat protection solutions](microsoft-defender-endpoint.md)
@@ -631,7 +631,7 @@ sections:
 
           - Engine Version: Antimalware Engine version
 
-          NOTE: Whenever Microsoft Defender Antivirus, Microsoft Security Essentials, Malicious Software Removal Tool, or System Center Endpoint Protection detects a malware, it restores the following system settings and services that might have been changed by the malware:
+          Note: Whenever Microsoft Defender Antivirus, Malicious Software Removal Tool, or System Center Endpoint Protection detects a malware, it restores the following system settings and services that might have been changed by the malware:
 
              - Default Internet Explorer or Microsoft Edge setting