Merge branch 'main' into diannegali-integrationxdrdsi

Author: diannegali

.github/workflows/StaleBranch.yml

@@ -2,12 +2,17 @@ name: (Scheduled) Stale branch removal
 
 permissions:
   contents: write
-      
+
+# This workflow is designed to be run in the days up to, and including, a "deletion day", specified by 'DeleteOnDayOfMonth' in env: in https://github.com/MicrosoftDocs/microsoft-365-docs/blob/workflows-prod/.github/workflows/Shared-StaleBranch.yml.
+# On the days leading up to "deletion day", the workflow will report the branches to be deleted. This lets users see which branches will be deleted. On "deletion day", those branches are deleted.
+# The workflow should not be configured to run after "deletion day" so that users can review the branches were deleted.
+# Recommendation: configure cron to run on days 1,15-31 where 1 is what's configured in 'DeleteOnDayOfMonth'. If 'DeleteOnDayOfMonth' is set to something else, update cron to run the two weeks leading up to it.
+
 on:
   schedule:
-    - cron: "0 9 1 * *"
+    - cron: "0 9 1,15-31 * *"
 
-  # workflow_dispatch:
+  workflow_dispatch:
 
 
 jobs:

.openpublishing.redirection.defender-endpoint.json

@@ -134,6 +134,26 @@
       "source_path": "defender-endpoint/configure-server-endpoints.md",
       "redirect_url": "/defender-endpoint/onboard-windows-server-2012r2-2016",
       "redirect_document_id": true
+    },
+    {
+      "source_path": "defender-endpoint/onboard-windows-client.md",
+      "redirect_url": "/defender-endpoint/onboard-client",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "defender-endpoint/onboard-windows-server.md",
+      "redirect_url": "/defender-endpoint/onboard-server",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "defender-endpoint/onboard-windows-server-2012r2-2016.md",
+      "redirect_url": "/defender-endpoint/onboard-server",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-endpoint/mde-linux-arm.md",
+      "redirect_url": "/defender-endpoint/microsoft-defender-endpoint-linux",
+      "redirect_document_id": false
     } 
   ]
 }

CloudAppSecurityDocs/media/connect-azure-menu.png

@@ -8,9 +8,9 @@ ms.topic: how-to
 
 
 
-Atlassian is an online collaborative and software development platform (including Confluence, Jira and Bitbucket). Along with the benefits of effective collaboration in the cloud, your organization's most critical assets may be exposed to threats. Exposed assets include posts, tasks, and files with potentially sensitive information, collaboration, and partnership details, and more. Preventing exposure of this data requires continuous monitoring to prevent any malicious actors or security-unaware insiders from exfiltrating sensitive information.
+Atlassian is an online collaborative and software development platform (including Confluence, Jira, and Bitbucket). Along with the benefits of effective collaboration in the cloud, your organization's most critical assets might be exposed to threats. Exposed assets include posts, tasks, and files with potentially sensitive information, collaboration, and partnership details, and more. Preventing exposure of this data requires continuous monitoring to prevent any malicious actors or security-unaware insiders from exfiltrating sensitive information.
 
-Connecting Atlassian to Defender for Cloud Apps gives you improved insights into your users' activities and provides threat detection for anomalous behavior. The connector will cover all users in your organization that use the Atlassian platform, and will show activities from Confluence, Jira, and specific Bitbucket activities.
+Connecting Atlassian to Defender for Cloud Apps gives you improved insights into your users' activities and provides threat detection for anomalous behavior. The connector covers all users in your organization that use the Atlassian platform, and shows activities from Confluence, Jira, and specific Bitbucket activities.
 
 Main threats include:
 
@@ -68,7 +68,7 @@ For more information, see:
 This section provides instructions for connecting Microsoft Defender for Cloud Apps to your existing Atlassian products using the App Connector APIs. This connection gives you visibility into and control over your organization's Atlassian use.
 
 >[!NOTE]
->The connector will cover all users in your organization that use the Atlassian platform, and will show activities from Confluence, Jira, and specific Bitbucket activities. For more information about Atlassian activities, see [Atlassian audit log activities](https://support.atlassian.com/security-and-access-policies/docs/track-organization-activities-from-the-audit-log/#Auditlogging-Accessauditlogactivities).
+>The connector covers all users in your organization that use the Atlassian platform, and shows activities from Confluence, Jira, and specific Bitbucket activities. For more information about Atlassian activities, see [Atlassian audit log activities](https://support.atlassian.com/security-and-access-policies/docs/track-organization-activities-from-the-audit-log/#Auditlogging-Accessauditlogactivities).
 
 ### Prerequisites
 
@@ -116,19 +116,17 @@ This section provides instructions for connecting Microsoft Defender for Cloud A
 >[!NOTE]
 >
 > - The first connection can take up to four hours to get all users and their activities.
-> - The activities that will display are the activities that were generated from the moment the connector is connected.
+> - The activities displayed are the activities that were generated from the moment the connector is connected.
 > - Activities from the "Atlassian Access" audit log are fetched by Defender for Cloud apps. Other activities aren't fetched currently. See [Product Audit Logs](https://support.atlassian.com/security-and-access-policies/docs/track-organization-activities-from-the-audit-log/).
 > - After the connector’s **Status** is marked as **Connected**, the connector is live and works.
 
 ### Revoke and renew API keys
 
 1. Microsoft recommends using short lived keys or tokens for connecting apps as a security best practice.
 1. We recommend refreshing the Atlassian API key every 6 months as a best practice. To refresh the key, revoke the existing API key and generate a new key.
-1. To revoke API key, navigate to **admin.atlassian.com** > **Settings** > **API keys**, determine the API key used for integration and select **Revoke**.
+1. To revoke API key, navigate to **admin.atlassian.com** > **Settings** > **API keys**, determine the API key used for integration, and select **Revoke**.
 1. Recreate an API key in the Atlassian admin portal with the steps described above.
-1. Afterwards, go to the **App Connectors** page in the Microsoft Defender Portal and edit the connector:
-
-    ![Edit connector.](media/atlassian-edit-connector.png)
+1. Afterwards, go to the **App Connectors** page in the Microsoft Defender Portal and edit the connector.
 
 1. Enter the new generated new **API key** and select **Connect Atlassian**.
 1. In the Microsoft Defender Portal, select **Settings**. Then choose **Cloud Apps**. Under **Connected apps**, select **App Connectors**. Make sure the status of the connected App Connector is **Connected**.
@@ -148,13 +146,13 @@ This section provides instructions for connecting Microsoft Defender for Cloud A
 
 ## Rate limits and limitations
 
-- **Rate limits** include 1000 requests per minute (per API key/connector instance).
+- **Rate limits** include 1,000 requests per minute (per API key/connector instance).
 
     For more information about the Atlassian API limitation, see [Atlassian admin REST APIs](https://developer.atlassian.com/cloud/admin/about/#about-the-cloud-admin-rest-apis).
 
 - **Limitations** include:
 
-    - Activities will be shown in Defender for Cloud Apps only for users with a verified domain.
+    - Activities are shown in Defender for Cloud Apps only for users with a verified domain.
 
     - The API key has a maximum expiration period of one year. After one year, you'll need to create another API key from the Atlassian Admin portal and replace it for the old API Key in the Defender for Cloud Apps console.
 

CloudAppSecurityDocs/protect-atlassian.md

@@ -8,7 +8,7 @@ ms.topic: how-to
 
 
 
-Azure is an IaaS provider that enables your organization to host and manage their entire workloads in the cloud. Along with the benefits of leveraging infrastructure in the cloud, your organization's most critical assets may be exposed to threats. Exposed assets include storage instances with potentially sensitive information, compute resources that operate some of your most critical applications, ports, and virtual private networks that enable access to your organization.
+Azure is an IaaS provider that enables your organization to host and manage their entire workloads in the cloud. Along with the benefits of leveraging infrastructure in the cloud, your organization's most critical assets might be exposed to threats. Exposed assets include storage instances with potentially sensitive information, compute resources that operate some of your most critical applications, ports, and virtual private networks that enable access to your organization.
 
 Connecting Azure to Defender for Cloud Apps helps you secure your assets and detect potential threats by monitoring administrative and sign-in activities, notifying on possible brute force attacks, malicious use of a privileged user account, and unusual deletions of VMs.
 
@@ -74,7 +74,7 @@ This section provides instructions for connecting Microsoft Defender for Cloud A
 1. In the Microsoft Defender Portal, select **Settings**. Then choose **Cloud Apps**. Under **Connected apps**, select **App Connectors**. Make sure the status of the connected App Connector is **Connected**.
 
 > [!NOTE]
-> After connecting Azure, data will be pulled. You will see data from then onwards.
+> After connecting to Azure, data will be pulled. You'll see data from then onwards.
 
 If you have any problems connecting the app, see [Troubleshooting App Connectors](troubleshooting-api-connectors-using-error-messages.md).
 

CloudAppSecurityDocs/protect-azure.md

@@ -138,10 +138,9 @@
               href: migrate-devices-streamlined.md
 
         - name: Onboard client devices
-          href: onboard-client.md
           items:
-          - name: Onboarding Windows client overview
-            href: onboard-windows-client.md
+          - name: Onboard client devices running Windows or macOS
+            href: onboard-client.md
           - name: Defender for Endpoint plug-in for WSL
             href: mde-plugin-wsl.md
           - name: Onboard Windows devices to Defender for Endpoint using Intune
@@ -160,12 +159,9 @@
             href: onboard-downlevel.md
 
         - name: Onboard server devices
-          href: onboard-server.md
           items:
-          - name: Onboard Windows Server version 1803, Windows Server 2019, and later
-            href: onboard-windows-server.md
-          - name: Onboard Windows Server 2012 R2 and Windows Server 2016
-            href: onboard-windows-server-2012r2-2016.md
+          - name: Onboard servers through Defender for Endpoint's experience
+            href: onboard-server.md
           - name: Defender for Endpoint on Windows Server with SAP
             href: mde-sap-windows-server.md
           - name: Onboard Windows devices using Configuration Manager
@@ -279,8 +275,6 @@
                 href: linux-install-manually.md
               - name: Direct onboarding with Defender for Cloud
                 href: /azure/defender-for-cloud/onboard-machines-with-defender-for-endpoint?toc=/defender-endpoint/toc.json&bc=/defender-endpoint/breadcrumb/toc.json
-              - name: Defender for Endpoint on Linux for ARM64-based devices (preview)
-                href: mde-linux-arm.md
               - name: Deployment guidance for Defender for Endpoint on Linux for SAP
                 href: mde-linux-deployment-on-sap.md
             - name: 3 - Configuration
@@ -556,6 +550,8 @@
       href: onboarding-endpoint-configuration-manager.md
     - name: Onboarding using Microsoft Intune
       href: onboarding-endpoint-manager.md
+    - name: Deploy Microsoft Defender for Endpoint prerelease builds on Android devices
+      href: mobile-pretest-android.md   
 
   - name: Migration guides
     items:

defender-endpoint/TOC.yml

@@ -15,7 +15,7 @@ ms.collection:
 ms.topic: reference
 ms.subservice: android
 search.appverid: met150
-ms.date: 03/21/2025
+ms.date: 04/18/2025
 ---
 
 # What's new in Microsoft Defender for Endpoint on Android
@@ -28,6 +28,17 @@ ms.date: 03/21/2025
 
 Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://go.microsoft.com/fwlink/p/?linkid=2225630)
 
+#### Deploy Defender for Endpoint prerelease builds on Android devices using Google Play preproduction tracks
+
+April 2025
+
+**Setup a secure environment to test prerelease builds of Defender for Endpoint on Android**. Learn the steps on how to set up your environment for prerelease testing of Defender for Endpoint on Android. These steps are for Android devices that are onboarded to Microsoft Defender for Endpoint through the following methods:
+
+- Android Enterprise scenarios
+- Mobile Application Mangement (MAM) enrollment scenarios
+
+For more information, see [Deploy Defender for Endpoint prerelease builds on Android devices using Google Play preproduction tracks](mobile-pretest-android.md).
+
 #### Defender for Endpoint on Android now supports Android 10 as the minimum version
 
 February 2025

defender-endpoint/android-whatsnew.md

@@ -50,7 +50,7 @@ Retrieves a list of Microsoft Defender Antivirus device health details. This API
 Data that is collected using either `JSON response` or by using files is a snapshot of the current state. This data doesn't contain historical data. To collect historical data, you must save the data in your own data storage.
 
 > [!IMPORTANT]
-> For Windows Server 2012 R2 and Windows Server 2016 to appear in device health reports, these devices must be onboarded using the modern unified solution package. For more information, see [New functionality in the modern unified solution for Windows Server 2012 R2 and 2016](../onboard-windows-server-2012r2-2016.md#functionality-in-the-modern-unified-solution).
+> For Windows Server 2012 R2 and Windows Server 2016 to appear in device health reports, these devices must be onboarded using the modern unified solution package. For more information, see [New functionality in the modern unified solution for Windows Server 2012 R2 and 2016](../onboard-server.md#functionality-in-the-modern-unified-solution-for-windows-server-2016-and-windows-server-2012-r2).
 >
 > For information about using the **Device health and antivirus compliance** reporting tool in the Microsoft Defender portal, see: [Device health and antivirus report in Microsoft Defender for Endpoint](../device-health-reports.md).
 

defender-endpoint/api/device-health-api-methods-properties.md

@@ -48,7 +48,7 @@ Data that is collected using either '_JSON response_ or _via files_' is the curr
 
 > [!IMPORTANT]
 >
-> For Windows Server 2012 R2 and Windows Server 2016 to appear in device health reports, these devices must be onboarded using the modern unified solution package. For more information, see [New functionality in the modern unified solution for Windows Server 2012 R2 and 2016](../onboard-windows-server-2012r2-2016.md#functionality-in-the-modern-unified-solution).
+> For Windows Server 2012 R2 and Windows Server 2016 to appear in device health reports, these devices must be onboarded using the modern unified solution package. For more information, see [New functionality in the modern unified solution for Windows Server 2012 R2 and 2016](../onboard-server.md#functionality-in-the-modern-unified-solution-for-windows-server-2016-and-windows-server-2012-r2).
 
 > [!NOTE]
 >

defender-endpoint/api/device-health-export-antivirus-health-report-api.md

@@ -111,7 +111,7 @@ The following table lists the supported operating systems for rules that are cur
 
 > [!NOTE]
 > Unless otherwise indicated, the minimum Windows 10 build is version 1709 (RS3, build 16299) or later; the minimum Windows Server build is version 1809 or later.
-> Attack surface reduction rules in Windows Server 2012 R2 and Windows Server 2016 are available for devices onboarded using the modern unified solution package. For more information, see [New Windows Server 2012 R2 and 2016 functionality in the modern unified solution](onboard-windows-server-2012r2-2016.md#functionality-in-the-modern-unified-solution).
+> Attack surface reduction rules in Windows Server 2012 R2 and Windows Server 2016 are available for devices onboarded using the modern unified solution package. For more information, see [New Windows Server 2012 R2 and 2016 functionality in the modern unified solution](onboard-server.md#functionality-in-the-modern-unified-solution-for-windows-server-2016-and-windows-server-2012-r2).
 
 | Rule name| Windows 10 and 11 | Windows Server version 1803, 2019, and later | Windows Server 2016 and 2012 R2 |
 |---|---|---|---|
@@ -136,7 +136,7 @@ The following table lists the supported operating systems for rules that are cur
 | [Use advanced protection against ransomware](#use-advanced-protection-against-ransomware) | Y <br> version 1803 or later | Y | Y |
 
 > [!NOTE]
-> - For Windows Server 2012 R2 and Windows Server 2016, see [Onboard Windows Server 2012 R2 and Windows Server 2016 to Microsoft Defender for Endpoint](onboard-windows-server-2012r2-2016.md). 
+> - For Windows Server 2012 R2 and Windows Server 2016, see [Onboard Windows Server 2016 and Windows Server 2012 R2](onboard-server.md#onboard-windows-server-2016-and-windows-server-2012-r2). 
 > - If you're using Configuration Manager, the minimum required version of Microsoft Endpoint Configuration Manager is version 2111.
 > - For Windows client devices, "version 1809 or later" and "version 1903 (build 18362)" apply to Windows 10 only.