Merge branch 'main' into onboard-win-server

Author: denisebmsft

CloudAppSecurityDocs/index.yml

@@ -10,8 +10,6 @@ metadata:
   ms.service: defender-for-cloud-apps
   ms.topic: landing-page
   ms.collection: na
-  author: batamig
-  ms.author: bagol
   ms.date: 11/09/2021
 
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new

CloudAppSecurityDocs/network-requirements.md

@@ -1,15 +1,16 @@
 ---
 title: Network requirements 
 description: This article describes the IP addresses and ports you need to open to work with Defender for Cloud Apps.
-ms.date: 04/04/2024
+ms.date: 04/06/2025
 ms.topic: reference
 ---
 
 # Network requirements
 
 >[!IMPORTANT]
 >
-> **Take Immediate Action by April, 21 2025**, to ensure optimal service quality and prevent the interruption of some services: Please update your firewall rules to allow outbound traffic on port 443 for the following IP addresses: 13.107.228.0/24, 13.107.229.0/24, 13.107.219.0/24, 13.107.227.0/24, 150.171.97.0/24. Alternatively, if you currently allow outbound traffic based on Azure service tags, please add the new Azure service tag, ‘AzureFrontDoor.MicrosoftSecurity’ to your allowlist. This tag  will be adjusted to reflect the above range by April 21, 2025.
+> **Take Immediate Action by April, 21 2025**, to ensure optimal service quality and prevent the interruption of some services. Update your firewall rules to allow outbound traffic on port 443 for the following IP addresses: 13.107.228.0/24, 13.107.229.0/24, 13.107.219.0/24, 13.107.227.0/24, 150.171.97.0/24. Alternatively, if you currently allow outbound traffic based on Azure service tags, please add the new Azure service tag, ‘AzureFrontDoor.MicrosoftSecurity’ to your allowlist. This tag  will be adjusted to reflect the above range by April 21, 2025.
+> This change only affects commercial customers of Microsoft Defender for Cloud Apps. Customers connected to the Gov US1 or GCC datacenters won't be affected.
 
 This article provides a list of ports and IP addresses you need to allow and allowlist to work with Microsoft Defender for Cloud Apps.
 

CloudAppSecurityDocs/release-notes.md

@@ -7,9 +7,6 @@ ms.topic: overview
 
 # What's new in Microsoft Defender for Cloud Apps
 
->[!IMPORTANT]
->
-> **Take Immediate Action by April, 21 2025**,  to ensure optimal service quality and prevent the interruption of some services. This change will only affect your organization if you are using a firewall allowlist that restricts outbound traffic based on IP addresses or Azure service tags. Please update your firewall rules to allow outbound traffic on port 443 for the following IP addresses:13.107.228.0/24, 13.107.229.0/24, 13.107.219.0/24, 13.107.227.0/24, 150.171.97.0/24. Alternatively use as an additional Azure service tag, ‘AzureFrontDoor.MicrosoftSecurity’, that will be adjusted to reflect the above range by April 21, 2025. This update should be completed and the IP addresses or new Azure service tag added to your firewall's allowlist by April 21, 2025. Learn more: [Network requirements](https://aka.ms/MDANetworkDocs).
 >
 *Applies to: Microsoft Defender for Cloud Apps*
 
@@ -23,6 +20,12 @@ For more information on what's new with other Microsoft Defender security produc
 
 For news about earlier releases, see [Archive of past updates for Microsoft Defender for Cloud Apps](release-note-archive.md).
 
+>[!IMPORTANT]
+>
+> **Take Immediate Action by April, 21 2025**, to ensure optimal service quality and prevent the interruption of some services. This change will only affect your organization if you're using a firewall allowlist that restricts outbound traffic based on IP addresses or Azure service tags. Update your firewall rules to allow outbound traffic on port 443 for the following IP addresses: 13.107.228.0/24, 13.107.229.0/24, 13.107.219.0/24, 13.107.227.0/24, 150.171.97.0/24. Alternatively use as an additional Azure service tag, ‘AzureFrontDoor.MicrosoftSecurity’, that will be adjusted to reflect the above range by April 21, 2025. This update should be completed and the IP addresses or new Azure service tag added to your firewall's allowlist by April 21, 2025.
+> This change only affects commercial customers of Microsoft Defender for Cloud Apps. Customers connected to the Gov US1 or GCC datacenters won't be affected.
+> Learn more: [Network requirements](https://aka.ms/MDANetworkDocs).
+
 
 ## April 2025
 

defender-endpoint/attack-surface-reduction-rules-reference.md

@@ -251,6 +251,13 @@ For rules with the "Rule State" specified:
 
 ### Block abuse of exploited vulnerable signed drivers
 
+> [!NOTE]
+> To protect your environment from vulnerable drivers, you should first implement these:
+> For Windows 10 or later, Windows Server 2016 or later using [Microsoft App Control for Business](/windows/security/application-security/application-control/app-control-for-business/design/microsoft-recommended-driver-block-rules), you should block all drivers by default and only allow drivers that you deem necessary and are not known to be vulnerable.
+> For Windows 8.1 or older, Windows Server 2012 R2 or older, using [Microsoft AppLocker](/windows/security/application-security/application-control/app-control-for-business/applocker/understanding-applocker-allow-and-deny-actions-on-rules), you should block all drivers by default and only allow drivers that you deem necessary and are not known to be vulnerable.
+> For Windows 11 or later, and Windows Server core 1809 or later, or Windows Server 2019 or later, you should also enable [Microsoft Windows vulnerable driver blocklist](/windows/security/application-security/application-control/app-control-for-business/design/microsoft-recommended-driver-block-rules), 
+> Then as another layer of defense, you should enable this attack surface reduction rule.
+
 This rule prevents an application from writing a vulnerable signed driver to disk. In-the-wild, vulnerable signed drivers can be exploited by local applications \- _that have sufficient privileges_ \- to gain access to the kernel. Vulnerable signed drivers enable attackers to disable or circumvent security solutions, eventually leading to system compromise.
 
 The **Block abuse of exploited vulnerable signed drivers** rule doesn't block a driver already existing on the system from being loaded.

defender-office-365/mdo-support-teams-about.md

@@ -31,7 +31,7 @@ With the increased use of collaboration tools like Microsoft Teams, the possibil
 
 In Microsoft 365 E5 and Defender for Office 365 Plan 2, we've extended Teams protection with a set of capabilities that are designed to disrupt the attack chain:
 
-- **Report suspicious Teams messages**: Users can report malicious Teams messages. Depending on the reported message settings in the organization, the reported messages go to the specified reporting mailbox, to Microsoft, or both. For more information, see [User reported settings in Teams](submissions-teams.md).
+- **Report suspicious Teams messages**: Users can report malicious Teams messages. Depending on the reported message settings in the organization, the reported messages go to the specified reporting mailbox, to Microsoft, or both. For more information, see [User reported settings in Teams](submissions-teams.md) and [MC 1037768](https://admin.cloud.microsoft/?ref=MessageCenter/:/messages/MC1037768).
 
 - **Zero-hour auto protection (ZAP) for Teams**: ZAP is an existing email protection feature that detects and neutralizes spam, phishing, and malware messages after delivery by moving the messages to the Junk Email folder or quarantine.