You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
|Anti-malware|Medium | Information about malicious APKs including install source, storage location, time of install, etc.; [More information](android-privacy.md#app-information)||
54
54
|||||
55
-
|Jailbreak|High | NA |NA |
55
+
|Root Detection (Preview)|High|NA|NA|
56
+
|Jailbreak Detection|High | NA |NA |
56
57
|Rogue Wifi |Low |||
57
-
|Open Network Detection (Migrated from alert to event in the device timeline)|NA |||
58
-
|Suspicious Certificates Downloaded/Installed (Migrated from alert to event in the device timeline)|NA|||
58
+
|Open Network Detection (Migrated from alert to event in the device timeline)|NA (Event)|||
59
+
|Suspicious Certificates Downloaded/Installed (Migrated from alert to event in the device timeline)|NA (Event)|||
59
60
60
61
[Complete privacy information for Android](android-privacy.md)
Copy file name to clipboardExpand all lines: defender-endpoint/mtd.md
+5-4Lines changed: 5 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,13 +1,13 @@
1
-
---
1
+
---
2
2
title: Microsoft Defender for Endpoint - Mobile Threat Defense
3
3
ms.reviewer: tdoucette, sunasing, denishdonga
4
4
description: Overview of Mobile Threat Defense in Microsoft Defender for Endpoint
5
5
ms.service: defender-endpoint
6
6
ms.subservice: onboard
7
-
ms.author: bagol
8
-
author: batamig
7
+
ms.author: painbar
8
+
author: paulinbar
9
9
ms.localizationpriority: medium
10
-
ms.date: 04/08/2025
10
+
ms.date: 10/24/2025
11
11
manager: bagol
12
12
audience: ITPro
13
13
ms.collection:
@@ -38,6 +38,7 @@ Microsoft Defender for Endpoint on Android and iOS provides the below key capabi
38
38
|Web Protection|Anti-phishing, blocking unsafe network connections, and support for custom indicators for URLs and domains. (File and IP indicators aren't currently supported.)|
39
39
|Malware Protection (Android-only)|Scanning for malicious apps and APK Files.|
40
40
|Jailbreak Detection (iOS-only)|Detection of jailbroken devices.|
41
+
|Root Detection (Android - Preview)|Detection of rooted devices.|
41
42
|Microsoft Defender Vulnerability Management (MDVM) |Vulnerability assessment of onboarded mobile devices. Includes OS and Apps vulnerabilities assessment for both Android and iOS. Visit this [page](/defender-vulnerability-management/defender-vulnerability-management) to learn more about Microsoft Defender Vulnerability Management in Microsoft Defender for Endpoint.|
42
43
|Network Protection | Protection against rogue Wi-Fi related threats and rogue certificates; ability to add to the "allow" list the root CA and private root CA certificates in Intune; establish trust with endpoints.|
43
44
|Unified alerting|Alerts from all platforms in the unified Microsoft Defender portal.|
Copy file name to clipboardExpand all lines: defender-office-365/outbound-spam-protection-about.md
+3Lines changed: 3 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -40,6 +40,9 @@ This article describes the controls and notifications that are designed to help
40
40
41
41
## What admins can do to control outbound spam
42
42
43
+
> [!NOTE]
44
+
> If messages are blocked or marked as spam, admins can review the issue in the **Exchange admin center (EAC)** using **Message trace** or delivery reports. For investigation and resolution guidance, see [Troubleshoot outbound email issues in Exchange Online](/troubleshoot/exchange/email-delivery/ndr/non-delivery-reports-in-exchange-online)
45
+
43
46
- **Use built-in notifications**: When a user exceeds [sending limits of the service](/office365/servicedescriptions/exchange-online-service-description/exchange-online-limits#sending-limits-across-office-365-options) or [outbound spam policies](outbound-spam-policies-configure.md) and is restricted from sending email, the default alert policy named **User restricted from sending email** sends email notifications to members of the **TenantAdmins** group (**Global Administrator** members). To configure who else receives these notifications, see [Verify the alert settings for restricted users](outbound-spam-restore-restricted-users.md#verify-the-alert-settings-for-restricted-users). Also, the default alert policies named **Email sending limit exceeded** and **Suspicious email sending patterns detected** send email notifications to members of the **TenantAdmins** group (**Global Administrator** members). For more information about alert policies, see [Alert policies in the Microsoft Defender portal](alert-policies-defender-portal.md).
44
47
45
48
-**Review spam complaints from non-Microsoft email providers**: Many email services like Outlook.com, Yahoo, and AOL provide a feedback loop where we review our messages that are identified as spam by their users. To learn more about sender support for Outlook.com, go to the [Microsoft Sender Support and Blocklist Removal Tool](https://sendersupport.olc.protection.outlook.com/pm/services.aspx).
Copy file name to clipboardExpand all lines: defender-office-365/safe-links-about.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -9,7 +9,7 @@ audience: Admin
9
9
ms.topic: overview
10
10
f1_keywords:
11
11
- '197503'
12
-
ms.date: 09/16/2025
12
+
ms.date: 10/24/2025
13
13
ms.localizationpriority: medium
14
14
ms.collection:
15
15
- Strat_O365_IP
@@ -79,7 +79,7 @@ The following table describes scenarios for Safe Links in Microsoft 365 and Offi
79
79
|Chris's Microsoft 365 E5 organization has no Safe Links policies configured. Chris receives an email from an external sender that contains a URL to a malicious website that he ultimately clicks.|Chris is protected by Safe Links. <br><br> The **Built-in protection** preset security policy provides Safe Links protection to all recipients (users who aren't defined in the Standard or Strict preset security policies or in custom Safe Links policies). For more information, see [Preset security policies](preset-security-policies.md).|
80
80
|In Pat's organization, admins have created a Safe Links policy that applies Pat, but Safe Links protection for Office apps is turned off. Pat opens a Word document and clicks a URL in the file.|Pat isn't protected by Safe Links. <br><br> Although Pat is included in an active Safe Links policy, Safe Links protection for Office apps is turned off in that policy, so the protection can't be applied.|
81
81
|Jamie and Julia both work for contoso.com. A long time ago, admins configured Safe Links policies that apply to both of Jamie and Julia. Jamie sends an email to Julia, not knowing that the email contains a malicious URL.|Julia is protected by Safe Links **if** the Safe Links policy that applies to her is configured to apply to messages between internal recipients. For more information, see the [Safe Links settings for email messages](#safe-links-settings-for-email-messages) section later in this article.|
82
-
|Jim's IT department configured SafeLinks to not rewrite URLs, and to check via API only. Jim receives an email about an urgent crypto opportunity within BroMail - an 'aternative' email client that doesn't use 'woke' APIs, and clicks the link. The link was legitimate on delivery, but was later weaponized.|Jim is phished. BroMail doesn't support the SafeLinks API. Because the link wasn't malicious on delivery, SafeLinks didn't detect it.|
82
+
|Jim's IT department configured SafeLinks to not rewrite URLs, and to check via API only. Jim clicks a link in an alternative email client that doesn't support the SafeLinks API. The link was legitimate on delivery, but was later weaponized.|Jim is phished. Because the link wasn't malicious on delivery, SafeLinks didn't detect it.|
Copy file name to clipboardExpand all lines: defender-office-365/scc-permissions.md
+2Lines changed: 2 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -83,6 +83,7 @@ Managing permissions in Defender for Office 365 or Microsoft Purview gives users
83
83
|**Data Estate Insights Readers**|Provides read-only access to all insights reports across platforms and providers.|Data Map Reader <br/><br/> Insights Reader|
84
84
|**Data Governance**|Grants access to data governance roles within Microsoft Purview.|Data Governance Administrator|
85
85
|**Data Investigator**|Perform searches on mailboxes, SharePoint sites, and OneDrive locations.|Communication <br/><br/> Compliance Search <br/><br/> Custodian <br/><br/> Data Investigation Management <br/><br/> Export <br/><br/> Preview <br/><br/> Review <br/><br/> RMS Decrypt <br/><br/> Search And Purge|
86
+
|**Data Security AI Admins**|Use this group to assign editing capabilities for Data Loss Prevention policies related to Copilot and viewing AI content in Data Security Posture Management. Review the role description for access details.|Data Security AI Admin|
86
87
|**Data Security AI Content Viewers**|Use this group to assign read-only permissions to users in Data Security Posture Management for AI to view prompts and responses of interactions in AI apps.|Data Security AI Content Viewer|
87
88
|**Data Security AI Viewers**|Use this group to assign read-only permissions to users for Data Security Posture Management for AI.|Data Security AI Viewer|
88
89
|**Data Security Investigations Administrators**|Administrators for Data Security Investigations that can create and manage all investigations, processes, and settings.|Case Management <br/><br/> Compliance Search <br/><br/> Data Security Investigations Admin <br/><br/> Export <br/><br/> Preview <br/><br/> Review|
@@ -178,6 +179,7 @@ Roles that aren't assigned to the Organization Management role group by default
178
179
|<sup>\*</sup>**Data Security Investigations Admin**|Used to create and manage investigations, processes, and settings in Data Security Investigations.|Data Security Investigations Administrators|
179
180
|<sup>\*</sup>**Data Security Investigations Investigator**|Used to create and manage assigned investigations, processes, and settings in Data Security Investigations.|Data Security Investigations Investigators|
180
181
|<sup>\*</sup>**Data Security Investigations Reviewer**|Used to review assigned investigations in Data Security Investigations.|Data Security Investigations Reviewers|
182
+
|**Data Security AI Admin**|Role for editing Data Loss Prevention policies related to Copilot and viewing AI content in Data Security Posture Management. This role does not have access to read prompts and responses of AI interactions.|Data Security AI Admins|
181
183
|**Data Security AI Content Viewer**|Role for read-only access to prompts and responses of AI interactions in Data Security Posture Management for AI.|Data Security AI Content Viewers|
182
184
|**Data Security AI Viewer**|Role for read-only access to all pages in Data Security Posture Management for AI. This role does not have access to read prompts and responses of AI interactions.|Data Security AI Viewers|
183
185
|**Data Security Viewer**|View access to Data Security Posture Management dashboard insights. Allows users to use Copilot for Security to view details.|Data Security Management|
Copy file name to clipboardExpand all lines: defender-office-365/submissions-admin-review-user-reported-messages.md
+1-3Lines changed: 1 addition & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -57,9 +57,7 @@ Admins can mark messages and notify users of review results only if the user [re
57
57
> [!IMPORTANT]
58
58
> <sup>\*</sup> Microsoft strongly advocates for the principle of least privilege. Assigning accounts only the minimum permissions necessary to perform their tasks helps reduce security risks and strengthens your organization's overall protection. Global Administrator is a highly privileged role that you should limit to emergency scenarios or when you can't use a different role.
59
59
60
-
- You need access to Exchange Online PowerShell. If your account doesn't have access to Exchange Online PowerShell, you get the following error: _Specify an email address in your domain_. For more information about enabling or disabling access to Exchange Online PowerShell, see the following articles:
61
-
-[Enable or disable access to Exchange Online PowerShell](/powershell/exchange/disable-access-to-exchange-online-powershell)
62
-
-[Client Access Rules in Exchange Online](/exchange/clients-and-mobile-in-exchange-online/client-access-rules/client-access-rules) ([until October 2023](https://techcommunity.microsoft.com/blog/exchange/deprecation-of-client-access-rules-in-exchange-online/3638563))
60
+
- You need access to Exchange Online PowerShell. If your account doesn't have access to Exchange Online PowerShell, you get the following error: _Specify an email address in your domain_. For more information about enabling or disabling access to Exchange Online PowerShell, see [Enable or disable access to Exchange Online PowerShell](/powershell/exchange/disable-access-to-exchange-online-powershell).
0 commit comments