MicrosoftDocs
diff --git a/‎defender-endpoint/linux-preferences.md‎
Lines changed: 2 additions & 4 deletions b/‎defender-endpoint/linux-preferences.md‎
Lines changed: 2 additions & 4 deletions
diff --git a/‎defender-for-cloud-apps/governance-discovery.md‎
Lines changed: 9 additions & 2 deletions b/‎defender-for-cloud-apps/governance-discovery.md‎
Lines changed: 9 additions & 2 deletions
diff --git a/‎defender-for-identity/deploy/prerequisites-sensor-version-3.md‎
Lines changed: 10 additions & 4 deletions b/‎defender-for-identity/deploy/prerequisites-sensor-version-3.md‎
Lines changed: 10 additions & 4 deletions
diff --git a/‎defender-for-identity/remove-rbcd-microsoft-entra-seamless-single-sign-on-account.md‎
Lines changed: 0 additions & 1 deletion b/‎defender-for-identity/remove-rbcd-microsoft-entra-seamless-single-sign-on-account.md‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎defender-office-365/TOC.yml‎
Lines changed: 2 additions & 0 deletions b/‎defender-office-365/TOC.yml‎
Lines changed: 2 additions & 0 deletions
@@ -1,4 +1,4 @@
----
+---
 title: Configure security settings in Microsoft Defender for Endpoint on Linux
 ms.reviewer: gopkr, ardeshmukh
 description: Describes how to configure Microsoft Defender for Endpoint on Linux in enterprises.
@@ -581,10 +581,8 @@ Specify the maximum number of entries to keep in the scan history. Entries inclu
 
 ### Exclusion setting preferences
 
-**Exclusion setting preferences are currently in preview**.
-
 > [!NOTE] 
-> Global exclusions are currently in public preview, and are available in Defender for Endpoint beginning with version `101.23092.0012` or later in the Insiders Slow and Production rings.
+> Global exclusions are available in Defender for Endpoint beginning with version `101.24092.0001` or above.
 
 The `exclusionSettings` section of the configuration profile is used to configure various exclusions for Microsoft Defender for Endpoint for Linux.
 
 
@@ -1,17 +1,24 @@
 ---
 title: Govern discovered apps 
 description: This article describes the procedure for governing your discovered apps by blocking their usage in your organization.
-ms.date: 01/29/2023
+ms.date: 09/30/2025
 ms.topic: how-to
 ms.reviewer: Mravela
 ---
 
 # Govern discovered apps
 
 
-
 After you review the list of discovered apps in your environment, you can secure your environment by approving safe apps (**Sanctioned**) or prohibiting unwanted apps (**Unsanctioned**) in the following ways.
 
+## Prerequisites
+
+Before you can block discovered cloud apps, you must meet the following requirements:
+
+- [Turn on **Cloud Protection** in Microsoft Defender for Endpoint](/defender-endpoint/enable-cloud-protection-microsoft-defender-antivirus)
+- [Turn on **Network Protection** in Microsoft Defender for Endpoint.](/defender-endpoint/network-protection#required-browser-configuration)
+- Install the **Microsoft Defender Browser Protection** add-on across all non-Microsoft browsers in your organization.
+
 ## Sanctioning/unsanctioning an app
 
 You can mark a specific risky app as unsanctioned by clicking the three dots at the end of the row. Then select **Unsanctioned**. Unsanctioning an app doesn't block use, but enables you to more easily monitor its use with the cloud discovery filters. You can then notify users of the unsanctioned app and suggest an alternative safe app for their use, or [generate a block script using the Defender for Cloud Apps APIs](api-discovery-script.md) to block all unsanctioned apps.
 
@@ -70,13 +70,13 @@ Applying the **Unified Sensor RPC Audit** tag enables a new, tested capability o
 **Steps to apply the configuration:**
 
 1. In the **Microsoft Defender portal**, navigate to: **System > Settings > Microsoft Defender XDR > Asset Rule Management**.
-1. Create a new rule.  
+1. Select **Create a new rule**
 
  ![Screenshot that shows how to add a new rule.](media/prerequisites-sensor-version-3/new-rule.png)
 
 3. In the side panel:
 
-   1. Select a **name** for the rule.
+   1. Enter a **Rule name** and **Description**.
 
    1. Set **rule conditions** using `Device name`, `Domain`, or `Device tag` to target the desired machines.
 
@@ -88,9 +88,15 @@ Applying the **Unified Sensor RPC Audit** tag enables a new, tested capability o
 
  ![Screenshot that shows the config tag.](media/prerequisites-sensor-version-3/tag.png)
 
-5. Click **Submit** to save the rule.
+5. Select **Next** to review and finish creating the rule and then select **Submit**.
 
-   Offboarding a device from this configuration can be done by **deleting the asset rule** or **modifying the rule conditions** so the device no longer matches.
+### Updating rules
+   Offboarding a device from this configuration can be done **only** from **deleting the asset rule** or **modifying the rule conditions** so the device no longer matches.
+
+>[!NOTE]
+> It may take up to 1 hour for changes to be reflected in the portal.
+
+Learn more about Asset Management Rule [here](/defender-xdr/configure-asset-rules)
 
 ## Configure Windows auditing
 
 
@@ -6,7 +6,6 @@ ms.author: rlitinsky
 ms.service: microsoft-defender-for-identity
 ms.topic: article
 ms.date:     08/22/2024
-ms.subservice: ''
 ms.reviewer: LiorShapiraa
 ---
 
 
@@ -120,6 +120,8 @@
          href: mdo-sec-ops-guide.md
        - name: SecOps guide for Teams protection in Defender for Office 365
          href: mdo-support-teams-sec-ops-guide.md
+       - name: SecOps guide for email authentication in Microsoft 365
+         href: email-auth-sec-ops-guide.md
        - name: Threat classification
          href: mdo-threat-classification.md
        - name: Security recommendations for priority accounts