Merging changes synced from https://github.com/MicrosoftDocs/defender-docs-pr (branch live)

Author: Learn Build Service GitHub App

defender-endpoint/linux-whatsnew.md

@@ -6,7 +6,7 @@ ms.author: ewalsh
 author: emmwalshh
 ms.reviewer: kumasumit, gopkr; mevasude
 ms.localizationpriority: medium
-ms.date: 06/30/2025
+ms.date: 08/19/2025
 manager: deniseb
 audience: ITPro
 ms.collection:
@@ -43,6 +43,23 @@ This article is updated frequently to let you know what's new in the latest rele
 
 ## Releases for Defender for Endpoint on Linux
 
+### August-2025 Build: 101.25062.0003 | Release version: 30.125062.0003.0
+
+|Build:             |**101.25062.0003**    |
+|-------------------|----------------------|
+|Released:          |**August 08, 2025**   |
+|Published:         |**August 08, 2025**   |
+|Release version:   |**30.125062.0003.0**  |
+|Engine version:    |**1.1.25040.4000**    |
+|Signature version: |**1.429.442.0**       |
+
+What's new
+- Defender for Endpoint on Linux now supports installation to a custom location (preview). For more information, see [Enabling deployment of Microsoft Defender for Endpoint to a custom location (preview)](/defender-endpoint/linux-custom-location-installation). Support for this feature is being added to the installer script.
+- The `mdatp threat quarantine add` command now requires superuser (root) privileges.
+- Custom definition path can now be updated without stopping Defender for ENdpoint. Previously, this required stopping the service, but with this release onwards, updates to the definition path can be made dynamically, improving operational efficiency and reducing downtime.
+- Running Defender for Endpoint on Linux alongside Fapolicyd is now supported on RHEL and Fedora-based distributions, enabling both antivirus (real-time protection) and EDR functionality to operate without conflict. For other fanotify-based tools, MDE can still be used safely by setting the antivirus enforcement level to passive, helping avoid system instability.
+- Other stability enhancements and bug fixes.
+
 ### July-2025 Build: 101.25052.0007 | Release version: 30.125052.0007.0
 
 |Build:             |**101.25052.0007**    |

defender-endpoint/mde-linux-prerequisites.md

@@ -15,7 +15,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: linux
 search.appverid: met150
-ms.date: 08/11/2025
+ms.date: 08/19/2025
 ---
 
 # Prerequisites for Microsoft Defender for Endpoint on Linux
@@ -72,13 +72,10 @@ For detailed licensing information, see [Product Terms: Microsoft Defender for E
 The following Linux server distributions and x64 (AMD64/EM64T) versions are supported:
 
 - Red Hat Enterprise Linux 7.2 and higher 
-
 - Red Hat Enterprise Linux 8.x 
 - Red Hat Enterprise Linux 9.x 
 - CentOS 7.2 and higher, excluding CentOS Stream 
-
 - CentOS 8.x
-
 - Ubuntu 16.04 LTS 
 - Ubuntu 18.04 LTS 
 - Ubuntu 20.04 LTS 
@@ -88,7 +85,6 @@ The following Linux server distributions and x64 (AMD64/EM64T) versions are supp
 - SUSE Linux Enterprise Server 12.x 
 - SUSE Linux Enterprise Server 15.x 
 - Oracle Linux 7.2 and higher 
-
 - Oracle Linux 8.x 
 - Oracle Linux 9.x 
 - Amazon Linux 2 
@@ -121,9 +117,11 @@ The following Linux server distributions and x64 (AMD64/EM64T) versions are supp
 > Microsoft Defender for Endpoint is kernel-version agnostic for all other supported distributions and versions. The minimal requirement for the kernel version is `3.10.0-327` or later.
 
 > [!WARNING]
-> Running Defender for Endpoint on Linux with other fanotify-based security solutions isn't supported. It can lead to unpredictable results, including hanging the operating system.
-> If there are any other applications on the system that use fanotify in blocking mode, applications are listed in the conflicting_applications field of the mdatp health command output. 
-> The Linux FAPolicyD feature uses fanotify in blocking mode, and is therefore unsupported when running Defender for Endpoint in active mode. You can still safely take advantage of Defender for Endpoint on Linux EDR functionality after configuring the antivirus functionality Real Time Protection Enabled to passive mode. See [Enforcement level for Microsoft Defender Antivirus](/defender-endpoint/linux-preferences#enforcement-level-for-microsoft-defender-antivirus). 
+> Running Defender for Endpoint on Linux alongside other fanotify-based security solutions is not supported and may lead to unpredictable behavior, including system hangs.
+> If any applications use fanotify in blocking mode, they will appear in the conflicting_applications field of the mdatp health command output.
+> You can still safely take advantage of Defender for Endpoint on Linux EDR functionality by setting antivirus enforcement level to passive. See [Configure security settings in Microsoft Defender for Endpoint on Linux](/defender-endpoint/linux-preferences).
+>
+> **EXCEPTION: The Linux `FAPolicyD` feature, which also uses Fanotify in blocking mode, is supported with Defender for Endpoint on RHEL and Fedora platforms, provided that mdatp health reports a healthy status. This exception is based on validated compatibility specific to these distributions.**
 
 ## Supported filesystems for real-time protection and quick, full, and custom scans 
 

defender-xdr/TOC.yml

@@ -439,6 +439,8 @@
           href: advanced-hunting-security-copilot.md
         - name: Create incident reports
           href: security-copilot-m365d-create-incident-report.md
+        - name: Responsible AI FAQs
+          href: responsible-ai-copilot-defender.md        
         - name: Security Copilot agents in Microsoft Defender
           items:
           - name: Overview