Merge branch 'main' into release-preview-sentinel-lake

Author: v-alje

ATPDocs/alerts-overview.md

@@ -10,7 +10,7 @@ ms.reviewer: rlitinsky
 
 ## What are Microsoft Defender for Identity security alerts?
 
-Microsoft Defender for Identity security alerts provide information about the suspicious activities detected by Defender for Identity sensors on your network, and the actors and computers involved in each threat. Alert evidence lists contain direct links to the involved users and computers, to help make your investigations easy and direct.
+Microsoft Defender for Identity security alerts provide information about the suspicious activities detected by Defender for Identity, and the actors and computers involved in each threat. Alert evidence lists contain direct links to the involved users and computers, to help make your investigations easy and direct.
 
 > [!NOTE]
 > Defender for Identity isn't designed to serve as an auditing or logging solution that captures every single operation or activity on the servers where the sensor is installed. It only captures the data required for its detection and recommendation mechanisms.

ATPDocs/understanding-security-alerts.md

@@ -67,7 +67,7 @@ The alerts page provides context into the alert, by combining attack signals and
 
 > [!NOTE]
 > Microsoft Defender for Identity alerts currently appear in two different layouts in the Microsoft Defender XDR portal. 
-> While the alert views show different information, all alerts are based on detections from Defender for Identity sensors. The differences in layout and information shown are part of an ongoing transition to a unified alerting experience across Microsoft Defender products.
+> While the alert views show different information, all alerts are based on Defender for Identity collected data. The differences in layout and information shown are part of an ongoing transition to a unified alerting experience across Microsoft Defender products.
 
 To view alerts from both Defender for Identity and Defender XDR, select **Filter**, then under **Service sources** choose **Microsoft Defender for Identity** and **Defender XDR**, and select **Apply**:
 

CloudAppSecurityDocs/caac-known-issues.md

@@ -119,27 +119,26 @@ When a session policy is enforced using Edge in-browser protection and the user
 
 Example Scenario:
 
-A user was originally assigned a CA policy for the Salesforce application, along with an Defender for Cloud apps session policy that blocked file downloads. As a result, downloads were blocked when the user accessed Salesforce in Edge.
+A user was originally assigned a CA policy for Salesforce along with a Defender for Cloud Apps session policy to block file downloads. As a result, downloads were blocked when the user accessed Salesforce in Edge.
 
 Although the admin later removed the CA policy, the user still experiences the download block in Edge due to cached policy data.
 
 Mitigation Options:
 
 Option 1: Automatic cleanup
-1.	Reassign the user/app to the CA policy.
-2.	Remove the corresponding Defender for Cloud Apps session policy.
-3.	Have the user access the application using Edge, this will trigger the policy removal automatically.
-4.	Remove the CA policy again.
+1. Add the user/app back into the scope of the CA policy.
+2. Remove the corresponding Defender for Cloud Apps session policy.
+3. Wait for users to access the application using Edge. This will automatically trigger the policy removal.
+4. Remove the user/app from the scope of the CA policy.
 
-Option 2: Manual cleanup
-1.	Delete the cached policy file
-     - Go to: C:\Users\<username>\AppData\Local\Microsoft\Edge\
-     - Delete the file: mda_store.txt
-
-2.	Remove the work profile in Edge
-    - Open Microsoft Edge.
-    - Navigate to Profile Settings.
-    - Delete the work profile associated with the outdated session policy.
+Option 2: Delete the cached policy file (Manual cleanup)
+1. Go to: C:\Users\<username>\AppData\Local\Microsoft\Edge\
+2. Delete the file: mda_store.1.txt
+
+Option 3: Remove the work profile in Edge (Manual cleanup)
+1. Open Edge.
+2. Navigate to Profile Settings.
+3. Delete the work profile associated with the outdated session policy.
 
 These steps will force a policy refresh and resolve enforcement issues related to outdated session policies.
 

defender-endpoint/android-configure.md

@@ -179,29 +179,6 @@ From version 1.0.3425.0303 of Microsoft Defender for Endpoint on Android, you're
 - For Android Enterprise with a work profile, only apps installed on the work profile will be supported.
 - For other BYOD modes, by default, vulnerability assessment of apps will **not** be enabled. However, when the device is on administrator mode, admins can explicitly enable this feature through Microsoft Intune to get the list of apps installed on the device. For more information, see details below.
 
-### Configure privacy for device administrator mode
-
-Use the following steps to **enable vulnerability assessment of apps** from devices in **device administrator** mode for targeted users.
-
-> [!NOTE]
-> By default, this is turned off for devices enrolled with device admin mode.
-
-1. In [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) , go to **Devices** > **Configuration profiles** > **Create profile** and enter the following settings:
-
-   - **Platform**: Select Android device administrator
-   - **Profile**: Select "Custom" and select Create.
-
-2. In the **Basics** section, specify a name and description of the profile.
-
-3. In the **Configuration settings**, select Add **OMA-URI** setting:
-
-   - **Name**: Enter a unique name and description for this OMA-URI setting so you can find it easily later.
-   - OMA-URI: **./Vendor/MSFT/DefenderATP/DefenderTVMPrivacyMode**
-   - Data type: Select Integer in the drop-down list.
-   - Value: Enter 0 to disable privacy setting (By default, the value is 1)
-
-4. Select **Next** and assign this profile to targeted devices/users.
-
 ### Configure privacy for Android Enterprise work profile
 
 Defender for Endpoint supports vulnerability assessment of apps in the work profile. However, in case you want to turn off this feature for targeted users, you can use the following steps:
@@ -222,28 +199,6 @@ Turning the above privacy controls on or off won't affect the device compliance
 
 Privacy control for phish report can be used to disable the collection of domain name or website information in the phish threat report. This setting gives organizations the flexibility to choose whether they want to collect the domain name when a malicious or phish website is detected and blocked by Defender for Endpoint.
 
-### Configure privacy for phishing alert report on Android Device Administrator enrolled devices:
-
-Use the following steps to turn it on for targeted users:
-
-1. In [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) , go to **Devices** > **Configuration profiles** > **Create profile** and enter the following settings:
-
-   - **Platform**: Select Android device administrator.
-   - **Profile**: Select "Custom" and select **Create**.
-
-2. In the **Basics** section, specify a name and description of the profile.
-
-3. In the **Configuration settings**, select Add **OMA-URI** setting:
-
-   - **Name**: Enter a unique name and description for this OMA-URI setting so you can find it easily later.
-   - OMA-URI: **./Vendor/MSFT/DefenderATP/DefenderExcludeURLInReport**
-   - Data type: Select Integer in the drop-down list.
-   - Value: Enter 1 to enable privacy setting. The default value is 0.
-
-4. Select **Next** and assign this profile to targeted devices/users.
-
-Using this privacy control won't affect the device compliance check or conditional access.
-
 ### Configure privacy for phishing alert report on Android Enterprise work profile
 
 Use the following steps to turn on privacy for targeted users in the work profile:
@@ -263,28 +218,6 @@ Turning the above privacy controls on or off won't affect the device compliance
 
 Privacy control for malware threat report can be used to disable the collection of app details (name and package information) from the malware threat report. This setting gives organizations the flexibility to choose whether they want to collect the app name when a malicious app is detected.
 
-### Configure privacy for malware alert report on Android Device Administrator enrolled devices:
-
-Use the following steps to turn it on for targeted users:
-
-1. In [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) , go to **Devices** > **Configuration profiles** > **Create profile** and enter the following settings:
-
-   - **Platform**: Select Android device administrator.
-   - **Profile**: Select "Custom" and select **Create**.
-
-2. In the **Basics** section, specify a name and description of the profile.
-
-3. In the **Configuration settings**, select Add **OMA-URI** setting:
-
-   - **Name**: Enter a unique name and description for this OMA-URI setting so you can find it easily later.
-   - OMA-URI: **./Vendor/MSFT/DefenderATP/DefenderExcludeAppInReport**
-   - Data type: Select Integer in the drop-down list.
-   - Value: Enter 1 to enable privacy setting. The default value is 0.
-
-4. Select **Next** and assign this profile to targeted devices/users.
-
-Using this privacy control won't affect the device compliance check or conditional access. For example, devices with a malicious app will always have a risk level of "Medium".
-
 ### Configure privacy for malware alert report on Android Enterprise work profile
 
 Use the following steps to turn on privacy for targeted users in the work profile:
@@ -308,9 +241,10 @@ Use the following steps to configure Disable out sign:
 1. In [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Apps** > **App configuration policies** > **Add** > **Managed devices**.
 2. Give the policy a name, select **Platform > Android Enterprise**, and select the profile type.
 3. Select **Microsoft Defender for Endpoint** as the target app.
-4. In the Settings page, select **Use configuration designer** and add **Disable Sign Out** as the key and **Integer** as the value type.
+1. In the Settings page, select **Use configuration designer** and add **Disable Sign Out** as the key and **Integer** as the value type.
 
-   - By default, Disable Sign Out = 1 for Android Enterprise personally owned work profiles, fully managed, company owned personally enabled profiles and 0 for device administrator mode.
+   - By default, Disable Sign Out = 1 for Android Enterprise personally owned work profiles, fully managed, company owned personally enabled profiles.
+      
    - Admins need to make Disable Sign Out = 0 to enable the sign out button in the app. Users are able to see the sign out button once the policy is pushed.
 
 5. Select **Next** and assign this profile to targeted devices and users.

defender-endpoint/android-intune.md

@@ -33,58 +33,7 @@ Learn how to deploy Defender for Endpoint on Android on Microsoft Intune Company
 
 > [!NOTE]
 > **Defender for Endpoint on Android is now available on [Google Play](https://play.google.com/store/apps/details?id=com.microsoft.scmx)**
->
-> You can connect to Google Play from Microsoft Intune to deploy Defender for Endpoint app across device administrator and Android Enterprise enrollment modes. Updates to the app are automatic via Google Play.
-
-## Deploy on Device Administrator enrolled devices
-
-Learn how to deploy Defender for Endpoint on Android by using the Microsoft Intune Company Portal for device administrator enrolled devices.
-
-### Add as Android store app
-
-1. In the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) , go to **Apps** \> **Android Apps** \> **Add** \> **Android store app**. Then choose **Select**.
-
-   :::image type="content" source="media/mda-addandroidstoreapp.png" alt-text="The Add Android store application pane in the Microsoft Intune admin center portal"  lightbox="media/mda-addandroidstoreapp.png":::
-
-2. On the **Add app** page, in the **App Information** section specify the following details:
-
-   - **Name**
-   - **Description**
-   - **Publisher** as Microsoft.
-   - **App store URL** as `https://play.google.com/store/apps/details?id=com.microsoft.scmx` (URL for the Defender for Endpoint app in the Google Play Store)
-
-   Other fields are optional. Then select **Next**.
-
-   :::image type="content" source="media/mda-addappinfo.png" alt-text=" The Add App page displaying the application's publisher and URL information in the Microsoft Intune admin center portal" lightbox="media/mda-addappinfo.png":::
-
-3. In the **Assignments** section, go to the **Required** section and select **Add group.** You can then choose the user group (or groups) to receive the Defender for Endpoint on Android app. Choose **Select**, and then tap **Next**.
-
-    The selected user group should consist of Intune enrolled users.
-    
-    :::image type="content" source="media/363bf30f7d69a94db578e8af0ddd044b.png" alt-text="Screenshot that shows the Add group pane in the Add App page in the Microsoft Intune admin center portal." lightbox="media/363bf30f7d69a94db578e8af0ddd044b.png":::
-
-4. In the **Review+Create** section, verify that all the information entered is correct, and then select **Create**.
-
-    In a few moments, the Defender for Endpoint app should be created, and a notification should appear in the upper right corner of the screen.
-
-    :::image type="content" source="media/86cbe56f88bb6e93e9c63303397fc24f.png" alt-text="The application status pane in the Microsoft Intune admin center portal" lightbox="media/86cbe56f88bb6e93e9c63303397fc24f.png":::
-
-5. In the app information page that is displayed, in the **Monitor** section, select **Device install status** to verify that the device installation completed successfully.
-
-    :::image type="content" source="media/513cf5d59eaaef5d2b5bc122715b5844.png" alt-text="The Device install status page in the Microsoft Defender portal" lightbox="media/513cf5d59eaaef5d2b5bc122715b5844.png":::
-
-### Complete onboarding and check status
-
-1. After Defender for Endpoint on Android is installed on the device, you should see the app icon.
-
-   :::image type="content" source="media/7cf9311ad676ec5142002a4d0c2323ca.jpg" alt-text="The Microsoft Defender ATP icon listed in the Search pane" lightbox="media/7cf9311ad676ec5142002a4d0c2323ca.jpg":::
-
-2. Tap the Microsoft Defender for Endpoint app icon, and follow the on-screen instructions to complete onboarding. The details include end-user acceptance of Android permissions required by Defender for Endpoint on Android.
-
-3. Upon successful onboarding, the device shows up in the list of devices in the [Microsoft Defender portal](https://security.microsoft.com).
-
-    :::image type="content" source="media/9fe378a1dce0f143005c3aa53d8c4f51.png" alt-text="A device in the Microsoft Defender for Endpoint portal"  lightbox="media/9fe378a1dce0f143005c3aa53d8c4f51.png":::
-
+> > You can connect to Google Play from Microsoft Intune to deploy Defender for Endpoint app across device administrator and Android Enterprise enrollment modes. Updates to the app are automatic via Google Play.
 ## Deploy on Android Enterprise enrolled devices
 
 Defender for Endpoint on Android supports Android Enterprise enrolled devices.

defender-endpoint/android-whatsnew.md

@@ -28,6 +28,18 @@ ms.date: 05/15/2025
 
 Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://go.microsoft.com/fwlink/p/?linkid=2225630)
 
+### Releases for Defender for Endpoint on Android
+
+#### July 2025
+
+|Build|1.0.7901.0101|
+| -------- | -------- |
+|Release Date|July 10, 2025|
+
+**What's New**
+
+UX Improvement for home page and tiles screens, for more details please visit this link - [Android UX Enhancement](/defender-endpoint/android-new-ux)
+
 #### Alerts for activities related to open wireless connection and certificates are now detected as events
 
 May 2025

defender-endpoint/ios-configure-features.md

@@ -384,6 +384,8 @@ Once the client versions are deployed to target iOS devices, processing starts.
 
 > [!NOTE]
 > If you're using SSL inspection solution within your iOS device, add the domain names `securitycenter.windows.com` (in commercial environments) and `securitycenter.windows.us` (in GCC environments) for threat and vulnerability management features to work.
+> 
+> The TVM Privacy permission approval screen will only appear for Unsupervised and Non-Zero touch enabled devices. Even For Non-Zero touch enabled devices approval is __not required only on supervised devices__ where the `issupervised` key is configured
 
 ## Disable sign out
 

defender-endpoint/ios-whatsnew.md

@@ -29,6 +29,18 @@ search.appverid: met150
 
 Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://go.microsoft.com/fwlink/p/?linkid=2225630)
 
+## Releases for Defender for Endpoint on iOS
+
+### July-2025 
+
+| Build| 1.1.67040101|
+| -------- | -------- |
+| Release Date| July 8, 2025|
+
+**What's New**
+
+- UX Improvement, please visit the attached link for more details - [iOS UX Experience](/defender-endpoint/ios-new-ux)
+
 #### Alerts for activities related to open wireless connections are now detected as events
 
 **May 2025**

defender-endpoint/linux-install-manually.md

@@ -488,7 +488,7 @@ Download the onboarding package from the [Microsoft Defender portal](https://sec
 The following external package dependencies exist for the `mdatp` package:
 
 - The mdatp RPM package requires `glibc >= 2.17`
-- For DEBIAN the mdatp package requires `libc6 >= 2.23`, `uuid-runtime`
+- For DEBIAN the mdatp package requires `libc6 >= 2.23`
 - For Mariner the mdatp package requires `attr`,  `diffutils`, `libacl`, `libattr`, `libselinux-utils`, `selinux-policy`, `policycoreutils`
 
 > [!NOTE]
@@ -503,6 +503,7 @@ The following external package dependencies exist for the `mdatp` package:
 > - The `mde-netfilter` package also has the following package dependencies:
     - For DEBIAN, the mde-netfilter package requires `libnetfilter-queue1` and `libglib2.0-0`
     - For RPM, the mde-netfilter package requires `libmnl`, `libnfnetlink`, `libnetfilter_queue`, and `glib2`
+> Beginning with version `101.25042.0003`, uuid-runtime is no longer required as an external-dependency.
 
 If the Microsoft Defender for Endpoint installation fails due to missing dependencies errors, you can manually download the prerequisite dependencies.
 

defender-endpoint/linux-installer-script.md

@@ -193,7 +193,7 @@ If the Microsoft Defender for Endpoint installation fails due to missing depende
 The following external package dependencies exist for the `mdatp` package:
 
 - The `mdatp RPM` package requires - `glibc >= 2.17`
-- For DEBIAN the `mdatp` package requires `libc6 >= 2.23`,`uuid-runtime`
+- For DEBIAN the `mdatp` package requires `libc6 >= 2.23`
 - For Mariner the `mdatp` package requires `attr`,`diffutils`, `libacl`, `libattr`,`libselinux-utils`, `selinux-policy`, `policycoreutils`
 
 > [!NOTE]
@@ -205,6 +205,7 @@ The following external package dependencies exist for the `mdatp` package:
 > - The `mde-netfilter` package also has the following package dependencies:
     - For DEBIAN, the mde-netfilter package requires `libnetfilter-queue1` and `libglib2.0-0`
     - For RPM, the mde-netfilter package requires `libmnl`, `libnfnetlink`, `libnetfilter_queue`, and `glib2`
+> Beginning with version `101.25042.0003`, uuid-runtime is no longer required as an external-dependency.
 
 ## Troubleshoot installation issues