Merge branch 'main' of https://github.com/MicrosoftDocs/defender-docs-pr

Author: DebLanger

defender-endpoint/android-support-signin.md

@@ -108,19 +108,42 @@ Defender App asks for Battery Optimization/Permanent Protection permission on de
 
 **Cause:**
 
-Xiaomi changed the battery optimization permissions in Android 11. Defender for Endpoint isn't allowed to configure this setting to ignore battery optimizations.
+Xiaomi changed the battery optimization permissions from Android 11 onwards. Defender for Endpoint isn't allowed to configure this setting to ignore battery optimizations.
 
-**Solution:**
- 1. Install MDE app in personal profile. (Sign-in isn't required.) 
+**Solution 1:**
+
+The Android devices Battery Optimization screen opens automatically as part of the onboarding flow where the user needs to give the permissions. The user must then follow these steps to get on-boarded:
+
+1. Select Work Profile to see all of the work profile apps
+
+![Image of Battery Optimisation screen](media/android-support-signin/image.png)
+2. Tap on **Not optimised** and select **All Apps**
+
+![Image of Optimisation dropdown menu](media/android-support-signin/image1.png)
+
+![Image of All Apps option in the dropdown](media/android-support-signin/image2.png)
+
+3. Scroll down to find **Microsoft Defender** and tap on it
+
+![Image of All Apps including Microsoft Defender](media/android-support-signin/image3.png)
+
+4. Select **Don’t Optimise** option and tap on **Done**
+
+![Image of the Microsoft Defende Optimise drop down](media/android-support-signin/image4.png)
+
+5. Navigate back to Defender
+
+**Solution 2** (needed in case the Solution 1 does not work):
+
+1. Install MDE app in personal profile. (Sign-in isn't required.) 
  2. Open the Company Portal and tap on Settings. 
  3. Go to the Battery Optimization section, tap on the **Turn Off** button, and then select on **Allow** to turn off Battery Optimization for the Company Portal. 
  4. Again, go to the Battery Optimization section and tap on the **Turn On** button. The battery saver section opens. 
  5. Find the Defender app and tap on it. 
  6. Select **No Restriction**. Go back to the Defender app in work profile and tap on **Allow** button.  
  7. The application shouldn't be uninstalled from personal profile for this to work. 
 
->[!NOTE]
->This is a temporary workaround. This can be used to unblock onboarding on Xiaomi devices. The Defender team is working on a permanent fix. As the MDE app is not onboarded in the personal profile, it will not have any visibility there.
+
 
 ## Unable to use banking applications with MDE app
 

defender-endpoint/client-behavioral-blocking.md

@@ -8,6 +8,7 @@ ms.reviewer: shwetaj
 audience: ITPro
 ms.topic: conceptual
 ms.service: defender-endpoint
+ms.subservice: ngp
 ms.localizationpriority: medium
 ms.custom:
   - next-gen
@@ -16,7 +17,7 @@ ms.collection:
 - m365-security
 - tier2
 search.appverid: met150
-ms.date: 12/18/2020
+ms.date: 07/22/2024
 ---
 
 # Client behavioral blocking

defender-endpoint/defender-endpoint-demonstration-app-reputation.md

@@ -3,6 +3,7 @@ title: Microsoft Defender for Endpoint SmartScreen app reputation demonstration
 description: Test how Microsoft Defender for Endpoint SmartScreen helps you identify phishing and malware websites
 search.appverid: met150
 ms.service: defender-endpoint
+ms.subservice: ngp
 ms.author: siosulli 
 author: siosulli 
 ms.localizationpriority: medium
@@ -13,7 +14,7 @@ ms.collection:
 - tier2
 - demo
 ms.topic: article
-ms.date: 01/15/2024
+ms.date: 07/22/2024
 ---
 
 # SmartScreen app reputation demonstration

defender-endpoint/ios-configure-features.md

@@ -14,7 +14,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: ios
 search.appverid: met150
-ms.date: 07/18/2024
+ms.date: 07/22/2024
 ---
 
 # Configure Microsoft Defender for Endpoint on iOS features
@@ -97,6 +97,9 @@ Use the following steps to disable web protection for unenrolled devices.
    - Defender for Endpoint sends the heartbeat to the Microsoft Defender portal whenever a user opens the app.
    - Select **Next**, and then assign this profile to targeted devices/users.
 
+> [!NOTE]
+> The `WebProtection` key is not applicable for the Control Filter in the list of supervised devices. If you want to disable web protection for supervised devices, you can remove the Control Filter profile.
+
 ## Configure network protection
 
 Network protection in Microsoft Defender for endpoint is disabled by default. Admins can use the following steps to configure network protection. This configuration is available for both enrolled devices through MDM config and unenrolled devices through MAM config.
@@ -275,8 +278,8 @@ End users install and open the Microsoft Defender app to start onboarding.
 
 Microsoft Defender for Endpoint has the capability of detecting unmanaged and managed devices that are jailbroken. These jailbreak checks are done periodically. If a device is detected as jailbroken, these events occur:
 
-- High-risk alert is reported to the Microsoft Defender portal. If device Compliance and Conditional Access is set up based on device risk score, then the device is blocked from accessing corporate data.
-- User data on app is cleared. When user opens the app after jailbreaking the VPN profile also is deleted and no web protection is offered.
+- A high-risk alert is reported to the Microsoft Defender portal. If device Compliance and Conditional Access is set up based on device risk score, then the device is blocked from accessing corporate data.
+- User data on app is cleared. When user opens the app after jailbreaking, the VPN profile (only Defender for Endpoint loopback VPN Profile) also is deleted, and no web protection is offered. VPN profiles delivered by Intune are not removed.
 
 ### Configure compliance policy against jailbroken devices