Merge branch 'main' into redirection-defender-endpoint

Author: vpattnai

CloudAppSecurityDocs/cas-compliance-trust.md

@@ -31,7 +31,7 @@ Defender for Cloud Apps operates in the Microsoft Azure data centers in the foll
 |**Customers whose tenants are provisioned in the European Union or the United Kingdom**     |    Either the European Union and/or the United Kingdom      |
 |**Customers whose tenants are provisioned in any other region**     |     The United States and/or a data center in the region that's nearest to the location of where the customer's Microsoft Entra tenant has been provisioned    |
 
-In addition to the locations above, the App Governance features within Defender for Cloud Apps operate in the Microsoft Azure data centers in the following geographical regions: 
+In addition to the locations above, the App Governance features within Defender for Cloud Apps operate in the Microsoft Azure data centers in the following geographical regions listed below. Customer with App Governance enabled will have data stored within the data storage location the customer provisions in above, and in a second data storage location as described below: 
 
 |Customer provisioning location  |Data storage location  |
 |---------|---------|
@@ -65,7 +65,7 @@ Defender for Cloud Apps shares data, including customer data, among the followin
 - Microsoft Defender for Cloud
 - Microsoft Sentinel
 - Microsoft Defender for Endpoint
-- Microsoft Security Exposure Management (Preview)
+- Microsoft Security Exposure Management
 - Microsoft Purview
 - Microsoft Entra ID Protection
 

defender-endpoint/android-whatsnew.md

@@ -15,7 +15,7 @@ ms.collection:
 ms.topic: reference
 ms.subservice: android
 search.appverid: met150
-ms.date: 01/03/2025
+ms.date: 01/06/2025
 ---
 
 # What's new in Microsoft Defender for Endpoint on Android
@@ -40,7 +40,7 @@ Recommendation cards prominently display any active alerts, ensuring you stay in
 
 The following screenshot is an example of what the user sees in their dashboard:
 
-:::image type="content" source="media/android-whatsnew/android-dashboard-screen.png" alt-text="Screenshot showing what the user sees on the device.":::
+:::image type="content" source="media/android-whatsnew/android-dashboard-screen.png" alt-text="Screenshot showing the user's dashboard in the Microsoft Defender app.":::
 
 **Recommendation cards for alerts**
 
@@ -59,10 +59,10 @@ The current enterprise dashboard experience now features a tile view for your se
 
 | Tile | Description |
 |---|---|
-| :::image type="content" source="media/android-whatsnew/android-tile-networkprotection.png" alt-text="Screenshot showing the network protection tile for security administrators."::: | **Network protection** <br/>Your security team can see whether a connection is secured or unsecured. |
-| :::image type="content" source="media/android-whatsnew/android-tile-webprotection.png" alt-text="Screenshot of a tile that shows whether web protection is enabled on a device."::: | **Web protection** <br/>Your security team can see whether web protection is enabled on a user's device. |
-| :::image type="content" source="media/android-whatsnew/android-tile-appsecurity.png" alt-text="Screenshot showing the app security tile."::: | **App security** <br/>Your security team can see whether any threats were found in apps installed on a user's device. |
-| :::image type="content" source="media/android-whatsnew/android-tile-globalsecureaccess.png" alt-text="Screenshot showing Global Secure Access status."::: | **Global secure access** <br/>Your security team can see current connection status. |
+| :::image type="content" source="media/android-whatsnew/android-tile-networkprotection.png" alt-text="Screenshot showing the network protection tile for security administrators."::: | **Network protection** <br/>The user can see whether a connection is secured or unsecured. |
+| :::image type="content" source="media/android-whatsnew/android-tile-webprotection.png" alt-text="Screenshot of a tile that shows whether web protection is enabled on a device."::: | **Web protection** <br/>The user can see whether web protection is enabled on a user's device. |
+| :::image type="content" source="media/android-whatsnew/android-tile-appsecurity.png" alt-text="Screenshot showing the app security tile."::: | **App security** <br/>The user can see whether any threats were found in apps installed on a user's device. |
+| :::image type="content" source="media/android-whatsnew/android-tile-globalsecureaccess.png" alt-text="Screenshot showing Global Secure Access status."::: | **Global secure access** <br/>The user can see current connection status. |
 
 ## Android low-touch onboarding is now GA
 
@@ -125,7 +125,7 @@ Read the announcement [Tech Community Blog: Defender for Endpoint is now availab
 
 ## Privacy controls
 
-Microsoft Defender for Endpoint on Android enables privacy controls for both administrators and end users, and includes controls for enrolled (MDM) and unenrolled (MAM) devices. Administrators can configure the privacy in the alert report while End Users can configure the information shared to their organization. For more information, see [privacy controls(MDM)](android-configure.md#privacy-controls) and [privacy controls (MAM)](android-configure-mam.md#configure-privacy-controls).
+Microsoft Defender for Endpoint on Android enables privacy controls for both administrators and end users, and includes controls for enrolled (MDM) and unenrolled (MAM) devices. Administrators can configure the privacy in the alert report while End Users can configure the information shared to their organization. For more information, see [privacy controls (MDM)](android-configure.md#privacy-controls) and [privacy controls (MAM)](android-configure-mam.md#configure-privacy-controls).
 
 ## Optional permissions and the ability to disable web protection
 

defender-endpoint/api/get-assessment-secure-config.md

@@ -15,7 +15,7 @@ ms.topic: reference
 ms.subservice: reference
 ms.custom: api
 search.appverid: met150
-ms.date: 06/04/2021
+ms.date: 01/06/2025
 ---
 
 # Export secure configuration assessment per device
@@ -245,18 +245,18 @@ GET /api/machines/SecureConfigurationsAssessmentExport
 ### 2.5 Properties
 
 > [!NOTE]
->
-> - The files are gzip compressed & in multiline Json format.
-> - The download URLs are only valid for 3 hours; otherwise you can use the parameter.
+> - The files are GZIP compressed & in multiline JSON format.
+> - The download URLs are only valid for 1 hour; otherwise you can use the parameter.
 > - For maximum download speed of your data, you can make sure you are downloading from the same Azure region in which your data resides.
 
+
 <br>
 
 ****
 
 Property (ID)|Data type|Description|Example of a returned value
 ---|---|---|---
-Export files|array\[string\]|A list of download URLs for files holding the current snapshot of the organization|["Https://tvmexportstrstgeus.blob.core.windows.net/tvm-export...1", "https://tvmexportstrstgeus.blob.core.windows.net/tvm-export...2"]
+Export files|array[string]|A list of download URLs for files holding the current snapshot of the organization|["Https://tvmexportstrstgeus.blob.core.windows.net/tvm-export...1", "https://tvmexportstrstgeus.blob.core.windows.net/tvm-export...2"]
 GeneratedTime|string|The time that the export was generated.|2021-05-20T08:00:00Z
 |
 

defender-endpoint/defender-antivirus-compatibility-without-mde.md

@@ -6,11 +6,12 @@ ms.author: deniseb
 ms.reviewer: yongrhee
 ms.service: defender-endpoint
 ms.topic: conceptual
-ms.date: 12/30/2024
+ms.date: 01/06/2025
 ms.subservice: ngp
 search.appverid: met150
 ms.localizationpriority: medium
-
+ms.custom:
+- partner-contribution
 ---
 
 # Microsoft Defender Antivirus and non-Microsoft antivirus solutions without Defender for Endpoint
@@ -21,9 +22,9 @@ ms.localizationpriority: medium
 - [Microsoft Defender for Individuals](https://www.microsoft.com/microsoft-365/microsoft-defender-for-individuals)
 - Microsoft Defender Antivirus
 
-This section describes what happens when you use Microsoft Defender Antivirus alongside non-Microsoft antivirus/antimalware products on endpoints that aren't onboarded to Defender for Endpoint.
+This section describes what happens when you use Microsoft Defender Antivirus alongside non-Microsoft antivirus/antimalware products on endpoints that aren't onboarded to Defender for Endpoint Plan 2.
 
-Microsoft Defender Antivirus doesn't run in passive mode on devices that aren't onboarded to Defender for Endpoint.
+Microsoft Defender Antivirus doesn't run in passive mode on devices that aren't onboarded to Defender for Endpoint Plan 2.
 
 The following table summarizes what to expect:
 
@@ -48,41 +49,41 @@ gsv WinDefend, WdBoot, WdFilter, WdNisSvc, WdNisDrv | ft -auto DisplayName, Name
 |Display Name|Name|StartType|Status when Microsoft Defender Antivirus is enabled| Status when Microsoft Defender Antivirus is disabled| Comments |
 | -------- | -------- | -------- | -------- | -------- | -------- |
 |Microsoft Defender Antivirus Boot Driver |`WdBoot`|Boot |Stopped (`0x0 Boot_start`)| Stopped (`0x3 Demand_start`)|It's normal to be stopped after boot. |
-|Microsoft Defender Antivirus Mini-Filter Driver|`WdFilter`|Manual |Running (`0x0 Boot_start`)|Stopped (`0x3 Demand_start`)|If a non-Microsoft antivirus solution is installed, expect status to be stopped. |
-|Microsoft Defender Antivirus Network Inspection System Driver |`WdNisDrv`|Manual|Running (`0x3 Demand_start`)|Stopped (`0x3 Demand_start`)|If a non-Microsoft antivirus solution is installed, expect status to be stopped. |
-|Microsoft Defender Antivirus Network Inspection Service |`WdNisSvc`|Manual|Running (`0x3 Demand_start`)|Stopped (`0x3 Demand_start`)|If a non-Microsoft antivirus solution is installed, expect status to be stopped. |
-|Microsoft Defender Antivirus Service|`WinDefend`|Automatic|Running (`0x2 Auto_start`)|Stopped (`0x3 Demand_start`)|If a non-Microsoft antivirus solution is installed, expect status to be stopped.|
+|Microsoft Defender Antivirus Mini-Filter Driver|`WdFilter`|Manual |Running (`0x0 Boot_start`)|Stopped (`0x3 Demand_start`)|If a non-Microsoft antivirus solution is installed, expect the status to be stopped. |
+|Microsoft Defender Antivirus Network Inspection System Driver |`WdNisDrv`|Manual|Running (`0x3 Demand_start`)|Stopped (`0x3 Demand_start`)|If a non-Microsoft antivirus solution is installed, expect the status to be stopped. |
+|Microsoft Defender Antivirus Network Inspection Service |`WdNisSvc`|Manual|Running (`0x3 Demand_start`)|Stopped (`0x3 Demand_start`)|If a non-Microsoft antivirus solution is installed, expect the status to be stopped. |
+|Microsoft Defender Antivirus Service|`WinDefend`|Automatic|Running (`0x2 Auto_start`)|Stopped (`0x3 Demand_start`)|If a non-Microsoft antivirus solution is installed, expect the status to be stopped.|
 
 ### Frequently Asked Questions (FAQ)
 
-Q: Can I update Microsoft Defender Antivirus components such as "Security intelligence update" or "Engine update" "Platform update" when Microsoft Defender Antivirus is disabled?
+**Q:** Can I update Microsoft Defender Antivirus components such as "Security intelligence update" or "Engine update" or "Platform update" when Microsoft Defender Antivirus is disabled?
 
-A: No. When Microsoft Defender Antivirus is disabled, since the services and drivers aren't running, you won't be able to update the components such as "Security intelligence update" or "Engine update" "Platform update".
+**A:** No. When Microsoft Defender Antivirus is disabled, since the services and drivers aren't running, you won't be able to update the components such as "Security intelligence update" or "Engine update" or "Platform update".
 
 > [!TIP]
-> If you are migrating to Microsoft Defender for Endpoint, when onboarded, Microsoft Defender Antivirus goes into passive mode automatically on Windows clients, and can be set to passive mode using a registry key on Windows Server. You can update the different components of Microsoft Defender Antivirus.
+> If you are migrating to Microsoft Defender for Endpoint Plan 2, when onboarded, Microsoft Defender Antivirus goes into passive mode automatically on Windows clients, and can be set to passive mode using a registry key on Windows Server. You can update the different components of Microsoft Defender Antivirus.
 
-Q: Can I manually change the start type of the services and drivers for Microsoft Defender Antivirus?
+**Q:** Can I manually change the start type of the services and drivers for Microsoft Defender Antivirus?
 
-A: We don't support the manual modification of the start type of the services and drivers for Microsoft Defender Antivirus in Windows images. On Windows clients, the supported method is by registering your non-Microsoft antivirus in Windows Security (WSC) API. Or, on Windows Server, you can uninstall the Microsoft Defender Antivirus feature by using roles and features MMC or by running the following PowerShell command (as an administrator): 
+**A:** We don't support the manual modification of the start type of the services and drivers for Microsoft Defender Antivirus in Windows images. On Windows clients, the supported method is by your non-Microsoft antivirus registering in Windows Security Center (WSC) api. Or, on Windows Server, you can uninstall the Microsoft Defender Antivirus feature by using roles and features MMC or by running the following PowerShell command (as an administrator): 
 
 ```powershell
 
 Uninstall-WindowsFeature Windows-Defender
 
 ```
 
-Q: Can I use Microsoft Defender Antivirus in passive mode without onboarding to Microsoft Defender for Endpoint?
+**Q:** Can I use Microsoft Defender Antivirus in passive mode without onboarding to Microsoft Defender for Endpoint?
 
-A: No. Passive mode is functionality in Microsoft Defender for Endpoint Plan 2.
+**A:** No. Passive mode is a functionality in Microsoft Defender for Endpoint Plan 2.
 
-Q: Can I use [EDR in block mode](edr-in-block-mode.md) without onboarding to Microsoft Defender for Endpoint?
+**Q:** Can I use [EDR in block mode](edr-in-block-mode.md) without onboarding to Microsoft Defender for Endpoint?
 
-A: No. EDR in block mode is a functionality in Microsoft Defender for Endpoint Plan 2.
+**A:** No. EDR in block mode is a functionality in Microsoft Defender for Endpoint Plan 2.
 
-Q: Can I use indicators, such as file hashes, IP addresses, URLs, or certificates with Microsoft Defender Antivirus (in active mode) with my Microsoft 365 E3/A3 license?
+**Q:** Can I use indicators, such as file hashes, IP addresses, URLs, or certificates with Microsoft Defender Antivirus (in active mode) with my Microsoft 365 E3/A3 license?
 
-A: Yes. See [Tech Community Blog: Microsoft Defender for Endpoint Plan 1 Now Included in Microsoft 365 E3/A3 Licenses](https://techcommunity.microsoft.com/blog/microsoftdefenderatpblog/microsoft-defender-for-endpoint-plan-1-now-included-in-m365-e3a3-licenses/3060639) and [Overview of Microsoft Defender for Endpoint Plan 1](/defender-endpoint/defender-endpoint-plan-1).
+**A:** Yes. See [Tech Community Blog: Microsoft Defender for Endpoint Plan 1 Now Included in Microsoft 365 E3/A3 Licenses](https://techcommunity.microsoft.com/blog/microsoftdefenderatpblog/microsoft-defender-for-endpoint-plan-1-now-included-in-m365-e3a3-licenses/3060639) and [Overview of Microsoft Defender for Endpoint Plan 1](/defender-endpoint/defender-endpoint-plan-1).
 
 ## See also