Merge branch 'main' into WI235272-need-detail-on-security-role-todeanonymize-data

DeCohen · web-flow · commit b2530c3397df · 2025-06-19T12:05:05.000+03:00
diff --git a/CloudAppSecurityDocs/discovered-apps-api-graph.md b/CloudAppSecurityDocs/discovered-apps-api-graph.md
@@ -2,17 +2,16 @@
 title: Work with discovered apps via Graph API | Microsoft Defender for Cloud Apps
 description: Learn how to work with apps discovered by Microsoft Defender for Cloud Apps via Graph API.
 ms.topic: how-to #Don't change
-ms.date: 06/24/2024
-
+ms.date: 06/18/2025
 #customer intent: As a security engineer, I want to work with discovered apps via API so that I can customize and automate the Microsoft Defender for Cloud Apps **Discovered apps** page functionality.
-
 ---
 
 # Work with discovered apps via Graph API (Preview)
 
 Microsoft Defender for Cloud Apps supports a Microsoft Graph API that you can use to work with discovered cloud apps, to customize and automate the **Discovered apps** page functionality in the Microsoft Defender portal.
 
-This article provides sample procedures for using the [uploadedStreams API](/graph/api/security-datadiscoveryreport-list-uploadedstreams?view=graph-rest-beta) for common purposes.
+This article provides sample procedures for using the [uploadedStreams API](/graph/api/security-datadiscoveryreport-list-uploadedstreams?view=graph-rest-beta&preserve-view=true&tabs=http) for common purposes.
+
 
 ## Prerequisites
 
@@ -22,7 +21,7 @@ Before you start using the Graph API, make sure to create an app and get an acce
 
 - Take note of your app secret and copy its value to use later on in your scripts.
 
-You'll also need cloud app data streaming into Microsoft Defender for Cloud Apps.
+- You need cloud app data streaming into Microsoft Defender for Cloud Apps.
 
 For more information, see:
 
@@ -36,7 +35,7 @@ For more information, see:
 To get a high level summary of all the data available on your **Discovered apps** page, run the following GET command:
 
 ```http
-GET https://graph.microsoft.com/beta/dataDiscovery/cloudAppDiscovery/uploadedStreams
+GET https://graph.microsoft.com/beta/security/dataDiscovery/cloudAppDiscovery/uploadedStreams
 ```
 
 To drill down to data for a specific stream:
@@ -88,4 +87,4 @@ GET  https://graph.microsoft.com/beta/security/dataDiscovery/cloudAppDiscovery
 
 ## Related content
 
-For more information, see [Working with discovered apps](discovered-apps.md) and the [Microsoft Graph API reference](/graph/api/resources/security-cloudappdiscovery-overview?view=graph-rest-beta).
+For more information, see [Working with discovered apps](discovered-apps.md) and the [Microsoft Graph API reference](/graph/api/resources/security-cloudappdiscovery-overview?view=graph-rest-beta&preserve-view=true).
diff --git a/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md b/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md
@@ -119,11 +119,11 @@ Scenarios and default settings for PUA protection depend on whether devices are
 
 ##### Microsoft Defender Antivirus with devices onboarded to Defender for Endpoint Plan 1/Plan 2 or Defender for Business
 
-| Scenarios |Security intelligence update version | Smart App Locker | PUA protection default setting|
+| Scenarios |Security intelligence update version | Smart App Control| PUA protection default setting|
 | -------- | -------- | -------- | -------- |
-| Windows 10, version 2004 or later<br/>Windows Server 2012 R2 and Windows Server 2016 with the [modern unified solution](onboard-server.md#functionality-in-the-modern-unified-solution-for-windows-server-2016-and-windows-server-2012-r2)<br/>Windows Server 2019 or later | older than 1.329.495.0 | Feature not available | Audit mode (2)|
+| Windows 10, version 2004 or later<br/>Windows Server 2012 R2 and Windows Server 2016 with the [modern unified solution](onboard-server.md#functionality-in-the-modern-unified-solution-for-windows-server-2016-and-windows-server-2012-r2)<br/>Windows Server 2019 or later |Older than 1.329.495.0 |Feature not available | Audit mode (2)|
 | Windows 11, version 22H2 or later | 1.329.495.0 or later | Available | Audit mode (2)|
-| Windows 10, version 2004 or later<br/>Windows Server 2012 R2 and Windows Server 2016 with the [modern unified solution](onboard-server.md#functionality-in-the-modern-unified-solution-for-windows-server-2016-and-windows-server-2012-r2)<br/>Windows Server 2019 or later | 1.329.495.0 or later | Feature not available | Block mode (1)|
+| Windows 10, version 2004 or later<br/>Windows Server 2012 R2 and Windows Server 2016 with the [modern unified solution](onboard-server.md#functionality-in-the-modern-unified-solution-for-windows-server-2016-and-windows-server-2012-r2)<br/>Windows Server 2019 or later | 1.329.495.0 or later |Feature not available | Block mode (1)|
 
 > [!TIP]
 > To enforce PUA protection in block mode, use any of the following management methods:
diff --git a/defender-office-365/anti-malware-protection-for-spo-odfb-teams-about.md b/defender-office-365/anti-malware-protection-for-spo-odfb-teams-about.md
@@ -1,5 +1,5 @@
 ---
-title: Built-in virus protection in SharePoint, OneDrive, and Microsoft Teams
+title: Built-in virus protection in SharePoint, SharePoint Embedded, OneDrive, and Microsoft Teams
 f1.keywords:
   - NOCSH
 ms.author: chrisda
@@ -16,65 +16,70 @@ ms.assetid: e3c6df61-8513-499d-ad8e-8a91770bff63
 ms.collection:
   - m365-security
   - tier2
-description: Learn about how SharePoint detects viruses in files that users upload and prevents users from downloading or syncing the files.
+description: Learn about how SharePoint, SharePoint Embedded, OneDrive, and Microsoft Teams detect viruses in uploaded files and prevent users from downloading or syncing the files.
 ms.custom: seo-marvel-apr2020
 ms.service: defender-office-365
-ms.date: 06/09/2023
+ms.date: 06/17/2025
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/eop-about" target="_blank">Exchange Online Protection</a>
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 1 and Plan 2</a>
+  
 ---
 
-# Built-in virus protection in SharePoint, OneDrive, and Microsoft Teams
+# Built-in virus protection in SharePoint, SharePoint Embedded, OneDrive, and Microsoft Teams
 
 [!INCLUDE [MDO Trial banner](../includes/mdo-trial-banner.md)]
 
-Microsoft 365 uses a common virus detection engine for scanning files that users upload to SharePoint, OneDrive, and Microsoft Teams. This protection is included with all subscriptions that include SharePoint, OneDrive, and Microsoft Teams.
+Microsoft 365 uses a common virus detection engine for scanning files that users upload to SharePoint, SharePoint Embedded, OneDrive, and Microsoft Teams. This protection is included with all subscriptions that include SharePoint, SharePoint Embedded, OneDrive, and Microsoft Teams.
 
 > [!IMPORTANT]
 > The built-in anti-virus capabilities are a way to help contain viruses. They aren't intended as a single point of defense against malware for your environment. We encourage all customers to investigate and implement anti-malware protection at various layers and apply best practices for securing their enterprise infrastructure.
 
-## What happens if an infected file is uploaded to SharePoint?
+## What happens if an infected file is uploaded to SharePoint, SharePoint Embedded, OneDrive, or from Microsoft Teams?
 
-The Microsoft 365 virus detection engine scans files asynchronously (at some time after upload). If a user tries to download a file in a web browser or from Teams that hasn't been scanned, a scan is triggered before the download is allowed. **All file types are not automatically scanned**. Heuristics determine the files to scan. When a file is found to contain a virus, the file is flagged.
+The Microsoft 365 virus detection engine scans files asynchronously (at some time after upload). If a user tries to download a file in a web browser or from Microsoft Teams that hasn't been scanned, a scan is triggered before the download is allowed. **All files are not automatically scanned**. Anti-malware heuristics determine the files to scan. When a file is found to contain a virus, the file is flagged as containing malware.
 
 Here's what happens:
 
-1. A user uploads a file to SharePoint.
-2. SharePoint, as part of its virus scanning processes, later determines if the file meets the criteria for a scan.
+1. A user uploads a file to SharePoint, SharePoint Embedded, OneDrive, or from Microsoft Teams.
+2. SharePoint using the common Microsoft 365 anti-malware engine, as part of its virus scanning processes, later determines if the file meets the criteria for a scan.
 3. If the file meets the criteria for a scan, the virus detection engine scans the file.
 4. If a virus is found within the scanned file, the virus engine sets a property on the file that indicates the file is infected.
 
-## What happens when a user tries to download an infected file by using the browser?
+## What happens when a user tries to download an infected file by using their web browser?
 
-By default, users can download infected files from SharePoint. Here's what happens:
+By default, users can download infected files from SharePoint or OneDrive. Here's what happens:
 
-1. In a web browser, a user tries to download a file from SharePoint that happens to be infected.
+1. In a web browser, a user tries to download a file from SharePoint or OneDrive that happens to be infected.
 2. The user is shown a warning that a virus was detected in the file. The user is given the option to proceed with the download and attempt to clean it using anti-virus software on their device.
 
-To change this behavior so users can't download infected files, even from the anti-virus warning window, admins can use the *DisallowInfectedFileDownload* parameter on the **[Set-SPOTenant](/powershell/module/sharepoint-online/Set-SPOTenant)** cmdlet in SharePoint Online PowerShell. The value $true for the *DisallowInfectedFileDownload* parameter completely blocks access to detected/blocked files for users.
+To change this behavior so users can't download infected files from SharePoint or OneDrive, even from the anti-virus warning window, admins can use the *DisallowInfectedFileDownload* parameter on the **[Set-SPOTenant](/powershell/module/sharepoint-online/Set-SPOTenant)** cmdlet in SharePoint Online PowerShell. The value $true for the *DisallowInfectedFileDownload* parameter completely blocks access to detected/blocked files for users.
 
 For instructions, see [Use SharePoint Online PowerShell to prevent users from downloading malicious files](safe-attachments-for-spo-odfb-teams-configure.md#step-2-recommended-use-sharepoint-online-powershell-to-prevent-users-from-downloading-malicious-files).
 
-## Can admins bypass *DisallowInfectedFileDownload* and extract infected files?
+## Can admins bypass *DisallowInfectedFileDownload* and extract infected files from SharePoint or OneDrive?
 
-SharePoint admins and global admins<sup>\*</sup> are allowed to do forensic file extractions of malware-infected files in SharePoint Online PowerShell with the [Get-SPOMalwareFileContent](/powershell/module/sharepoint-online/get-spomalwarefilecontent) cmdlet. Admins don't need access to the site that hosts the infected content. As long as the file is marked as malware, admins can use **Get-SPOMalwareFileContent** to extract the file.
+Members of the SharePoint Administrator or Global Administrator roles in Microsoft Entra ID<sup>\*</sup> are allowed to do forensic file extractions of malware-infected files from SharePoint Online PowerShell with the [Get-SPOMalwareFileContent](/powershell/module/sharepoint-online/get-spomalwarefilecontent) cmdlet. Admins don't need access to the site that hosts the infected content. As long as the file is marked as malware, admins can use **Get-SPOMalwareFileContent** to extract the file.
 
 For more information about the infected file, admins can use the **[Get-SPOMalwareFile](/powershell/module/sharepoint-online/get-spomalwarefile)** cmdlet to see the type of malware that was detected and the status of the infection.
 
 > [!IMPORTANT]
 > <sup>\*</sup> Microsoft recommends that you use roles with the fewest permissions. Using lower permissioned accounts helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
 
-## What happens when the OneDrive sync client tries to sync an infected file?
+## What happens when the OneDrive sync client tries to sync an infected file from SharePoint or OneDrive?
 
-When a malicious file is uploaded to OneDrive, the file is synced to the local machine before being marked as malware. After the file is marked as malware, the user can't open the synced file from their local machine.
+When a malicious file is uploaded to SharePoint or OneDrive, the file might be synced to the local machine before being marked as malware. After the file is marked as malware, the user can't open the synced file from their local machine.
 
 ## Extended capabilities with Microsoft Defender for Office 365
 
-Microsoft 365 organizations that have [Microsoft Defender for Office 365](mdo-about.md) included in their subscription or purchased as an add-on can enable Safe Attachments for SharePoint, OneDrive, and Microsoft Teams for enhanced reporting and protection. For more information, see [Safe Attachments for SharePoint, OneDrive, and Microsoft Teams](safe-attachments-for-spo-odfb-teams-about.md).
+Microsoft 365 organizations that have [Microsoft Defender for Office 365](mdo-about.md) included in their subscription or purchased as an add-on can enable Safe Attachments for SharePoint, SharePoint Embedded, OneDrive, and Microsoft Teams for enhanced reporting and protection. For more information, see [Safe Attachments for SharePoint, OneDrive, and Microsoft Teams](safe-attachments-for-spo-odfb-teams-about.md).
 
 ## Related articles
 
 [Malware and ransomware protection in Microsoft 365](/compliance/assurance/assurance-malware-and-ransomware-protection)
 
-[Turn on Safe Attachments for SharePoint, OneDrive, and Microsoft Teams](safe-attachments-for-spo-odfb-teams-configure.md).
+[Turn on Safe Attachments for SharePoint, OneDrive, and Microsoft Teams](/defender-office-365/safe-attachments-for-spo-odfb-teams-configure)
+
+[Introduction to SharePoint and OneDrive in Microsoft 365 for administrators](/sharepoint/introduction)
+
+[Overview of SharePoint Embedded](/sharepoint/dev/embedded/overview)
diff --git a/defender-office-365/reports-defender-for-office-365.md b/defender-office-365/reports-defender-for-office-365.md
@@ -112,7 +112,7 @@ The **Post-delivery activities** report shows information about email messages t
 
 The report shows real-time information with updated threat information.
 
-On the **Email & collaboration reports** page at <https://security.microsoft.com/emailandcollabreport>, find **Post-delivery activities**, and then select **View details**. Or, to go directly to the report, use <https://security.microsoft.com/reports/ZapReport>.
+On the **Email & collaboration reports** page at <https://security.microsoft.com/emailandcollabreport>, find **Post-delivery activities**, and then select **View details**. Or, to go directly to the report, use <https://security.microsoft.com/reports/PostDeliveryActivities>.
 
 :::image type="content" source="media/post-delivery-activities-widget.png" alt-text="The Post-delivery activities widget on the Email & collaboration reports page." lightbox="media/post-delivery-activities-widget.png":::
 
