Merge pull request #1350 from MicrosoftDocs/main

Publish main to live, 09/16, 11:00 AM IST

Author: padmagit77

defender-endpoint/mac-whatsnew.md

@@ -41,9 +41,9 @@ Apple fixed an issue on macOS [Ventura upgrade](https://developer.apple.com/docu
 
 In macOS Sonoma 14.3.1, Apple made a change to the [handling of Bluetooth devices](https://developer.apple.com/forums/thread/738748) that impacts Defender for Endpoint device controls ability to intercept and block access to Bluetooth devices.  At this time, the recommended mitigation is to use a version of macOS less than 14.3.1.
 
-**Sonoma support**
+**Sequoia support**
 
-Microsoft Defender supports macOS Sonoma (14.0) in the current Defender release.
+Microsoft Defender supports macOS Sequoia (15) in the current Defender release.
 
 **macOS Deprecation**
 

defender-endpoint/microsoft-defender-endpoint-mac.md

@@ -71,7 +71,7 @@ There are several methods and deployment tools that you can use to install and c
 
 The three most recent major releases of macOS are supported.
 
-- 14 (Sonoma), 13 (Ventura), 12 (Monterey)
+- 15 (Sequoia), 14 (Sonoma), 13 (Ventura), 12 (Monterey)
 
   > [!IMPORTANT]
   > On macOS 11 (Big Sur) and above, Microsoft Defender for Endpoint requires additional configuration profiles. If you are an existing customer upgrading from earlier versions of macOS, make sure to deploy the additional configuration profiles listed on [New configuration profiles for macOS Big Sur and newer versions of macOS](mac-sysext-policies.md).

defender-for-iot/license-overview.md

@@ -9,32 +9,32 @@ ms.date: 08/01/2024
 ms.topic: overview
 ---
 
-# How the site-based license model works
+# The site-based license model
 
-The site-based license model offers a simplified approach to licensing by providing coverage for entire sites rather than individual devices. Customers can purchase annual licenses for their operational sites where Operational Technology (OT) devices are deployed, and receive security coverage for all devices within the site.  
+Our site-based license model streamlines your licensing needs by covering entire sites instead of individual devices. With this model, you can purchase annual licenses for your operational sites where Operational Technology (OT) devices are deployed. This ensures comprehensive security coverage for all devices within each site.
 
 [!INCLUDE [defender-iot-preview](../includes//defender-for-iot-defender-public-preview.md)]
 
-## What defines a site?
+## Sites in Defender for IoT
 
 A site refers to a logical grouping of devices within your organization. It represents a specific physical location, such as a manufacturing facility, campus, office building, hospital, rig, or any other relevant site.
 
-## What are the different OT site-based licenses?
+## OT site-based licenses
 
 Licenses come in five different sizes, based on the number of devices at the site. The licenses range from the smallest tier that covers up to 100 devices per site, to the largest tier, which secures up to 5000 devices per site. For more information, see [license sizing details](https://www.microsoft.com/en-us/security/business/endpoint-security/microsoft-defender-iot-pricing#xfb84a030eec341cb84a6165f393e928a).
 
 The size of a site is determined by the maximum number of devices per site. Billing is based on the license tier, regardless of the number of devices actually discovered.
 
-## What if I need to change the number of devices for a site after making a purchase?  
+## Adjust the number of devices for a site
 
-Once a license is purchased, the number of devices cannot be adjusted until the renewal period. During the annual license renewal, you change to a different license tier for a site based on your updated discovered device count.
+Once a license is purchased, the number of devices can only be adjusted at the renewal period. During the annual license renewal, you can change to a different license tier for a site based on your updated discovered device count.
 
-## How to choose a license and assess the number of devices on-site?
+## Assess the number of devices at a site
 
 There are two methods for assessing the number of devices at your site. You could either utilize your OT network monitoring tools to detect and count the devices per site, or use previous knowledge of the number of devices at the site and update the license during the annual license renewal if needed.
 
 > [!Note]
-> All types of devices, both OT and IT, identified on your site should be included in the license. This includes endpoints managed by Microsoft Defender for Endpoint and devices detected by the Microsoft Defender for IoT sensors.
+> The license should cover all types of devices identified on your site, including both OT and IT devices. This includes endpoints managed by Microsoft Defender for Endpoint.
 
 ## Next steps
 

defender-vulnerability-management/fixed-reported-inaccuracies.md

@@ -32,6 +32,47 @@ This article provides information on inaccuracies that have been reported. You c
 
 The following tables present the relevant vulnerability information organized by month:
 
+## September 2024
+
+| Inaccuracy report ID | Description | Fix date |
+|---|---|---|
+| - | Fixed inaccuracy in VMWare ESXI vulnerabilities - CVE-2024-37085 and CVE-2024-37086 | 01-Sept-24 |
+| 58936 | Fixed inaccuracy in Mirth Connect Administrator Launcher | 03-Sept-24 |
+| 68168 | Fixed inaccurate detections in Adobe Acrobat Reader | 03-Sept-24 |
+| 61457 | Fixed inaccurate detections in Mozilla Firefox | 03-Sept-24 |
+| - | Fixed inaccuracy in Microsoft Visual Studio 2015 | 03-Sept-24 |
+| - | Fixed inaccurate detections in Microsoft Teams by excluding downloads file path | 08-Sept-24 |
+| - | Fixed inaccuracy in Python vulnerability - CVE-2024-7592 | 10-Sept-24 |
+| 54061 | Defender Vulnerability Management doesn't currently support Flock | 10-Sept-24 |
+| 68097 | Fixed inaccuracy in OpenSSL vulnerabilities - CVE-2024-4603, CVE-2024-4741 & CVE-2024-5535 | 10-Sept-24 |
+| - | Fixed inaccuracy in Ubuntu vulnerability - CVE-2021-3177 | 10-Sept-24 |
+| 71448 | Fixed inaccurate published date in CVE-2024-38517 | 10-Sept-24 |
+| 71764 | Fixed inaccuracy in Palo Alto Networks vulnerability - CVE-2024-5912 | 10-Sept-24 |
+| 69676 | Fixed inaccuracy in Devolution Remote Desktop Manager vulnerabilities - CVE-2024-6354 & CVE-2024-6492 | 10-Sept-24 |
+| 72022 | Fixed inaccuracy in ExpressVPN vulnerability - CVE-2024-25728 | 10-Sept-24 |
+| - | Fixed inaccuracy in Microsoft Edge Chromium-based vulnerability - CVE-2024-7971 | 10-Sept-24 |
+| 71626 | Fixed inaccuracy in MongoDB vulnerability - CVE-2024-7553 | 10-Sept-24 |
+| - | Fixed inaccuracy in Cisco Anyconnect Secure Mobility Client vulnerabilities - CVE-2023-20241 & CVE-2023-20240 | 10-Sept-24 |
+| - | Fixed inaccuracy in Plantronics vulnerability - CVE-2024-27460 | 10-Sept-24 |
+
+
+## August 2024
+
+| Inaccuracy report ID | Description | Fix date |
+|---|---|---|
+| 59502 | Fixed inaccuracy in Dell SupportAssist vulnerabilities- CVE-2023-44283 and CVE-2023-25535 | 06-Aug-24 |
+| 60800 | Fixed inaccuracy in Git SCM | 06-Aug-24 |
+| 61540 | Fixed inaccurate detections in FileZilla by excluding fzputtygen.exe path | 07-Aug-24 |
+| 67107 | Fixed inaccurate detections in Apache Commons Text by excluding WebHelpdesk path | 07-Aug-24 |
+| 61435 | Fixed inaccurate detections in Notepad++ by excluding uninstall.exe path | 07-Aug-24 |
+| 61403 | Defender Vulnerability Management doesn't currently support CVE-2024-20391 and CVE-2024-34750 | 07-Aug-24 |
+| - | Defender Vulnerability Management doesn't currently support CVE-2013-5400 | 07-Aug-24 |
+| 56991 | Fixed inaccurate detections in Microsoft Teams | 12-Aug-24 |
+| 62176 | Fixed inaccuracy in Imagemagick | 20-Aug-24 |
+| - | Fixed inaccuracy in CVE-2024-34064 and CVE-2023-3164 | 12-Aug-24 |
+| 47545 | Added Microsoft Defender Vulnerability Management support to Eclipse Temurin | 12-Aug-24 |
+
+
 ## July 2024
 
 | Inaccuracy report ID | Description | Fix date |
@@ -42,6 +83,7 @@ The following tables present the relevant vulnerability information organized by
 | 58642 | Fixed inaccuracy in Microsoft Visual Studio Code & Progress Fiddler | 10-July-24 |
 | 61803 | Fixed inaccuracy in CVE-2023-24592 | 10-July-24 |
 | - | Fixed inaccuracy in CVE-2017-3010 & CVE-2017-3124 | 10-July-24 |
+| - | Fixed inaccuracy in Veeam May vulnerabilities | 10-July-24 |
 | - | Fixed inaccuracy in 7-zip and Zscaler vulnerabilities - CVE-2023-31102, CVE-2023-41972, CVE-2023-41973 & CVE-2023-23463 | 10-July-24 |
 | 62958 | Fixed inaccuracy in CVE-2024-26010 | 10-July-24 |
 | - | Defender Vulnerability Management doesn't currently support CVE-2013-5387 and CVE-2018-1595 | 14-July-24 |

exposure-management/predefined-classification-rules-and-levels.md

@@ -6,7 +6,7 @@ author: dlanger
 manager: rayne-wiselman
 ms.topic: reference
 ms.service: exposure-management
-ms.date: 08/13/2024
+ms.date: 09/16/2024
 ---
 
 # Predefined classifications
@@ -31,12 +31,13 @@ Current asset types are:
 | ADCS                       | Device     | Medium                    | ADCS server allows administrators to fully implement a public key infrastructure (PKI) and issue digital certificates that can be used to secure multiple resources on a network. Moreover, ADCS can be used for various security solutions, such as SSL encryption, user authentication, and secure email. |
 | ADFS                       | Device     | High                      | ADFS server provides users with single sign-on access to systems and applications located across organizational boundaries. It uses a claims-based access control authorization model to maintain application security and implement federated identity. |
 | Backup                     | Device     | Medium                    | Backup server is responsible for safeguarding data through regular backups, ensuring data protection and disaster recovery readiness. |
-| Domain Admin Machines      | Device     | High                      | Domain admin machines are machines that one or more of the domain admins are frequently logged into. These devices are likely to store related files, documents, and credentials used by the domain admins. |
+| Domain Admin Device      | Device     | High                      | Domain admin devices are devices that one or more of the domain admins are frequently logged into. These devices are likely to store related files, documents, and credentials used by the domain admins. |
 | Domain Controller          | Device     | High                      | Domain controller server is responsible for user authentication, authorization, and centralized management of network resources within an active directory domain. |
+| DNS                        | Device     | Low                    | The DNS server is essential for resolving domain names to IP addresses, enabling network communication and access to resources both internally and externally. |
 | Exchange                   | Device     | Medium                    | Exchange server is responsible for all the mail traffic within the organization. Depending on the setup and architecture, each server might hold several mail databases that store highly sensitive organizational information. |
 | SCCM                       | Device     | Medium                    | SCCM is used for managing endpoints in a large network, including patch management, software distribution, and inventory management. |
-| ITAdminDevice              | Device     | Medium                    | Critical devices used to configure, manage, and monitor the assets within the organization are vital for IT administration and are at high risk of cyber threats. They require top-level security to prevent unauthorized access. |
-| NetworkAdminDevice         | Device     | Medium                    | Critical devices used to configure, manage, and monitor the network assets within the organization are vital for network administration and are at high risk of cyber threats. They require top-level security to prevent unauthorized access. |
+| IT Admin Device              | Device     | Medium                    | Critical devices used to configure, manage, and monitor the assets within the organization are vital for IT administration and are at high risk of cyber threats. They require top-level security to prevent unauthorized access. |
+| Network Admin Device         | Device     | Medium                    | Critical devices used to configure, manage, and monitor the network assets within the organization are vital for network administration and are at high risk of cyber threats. They require top-level security to prevent unauthorized access. |
 | VMware ESXi                | Device     | High                      | The VMware ESXi hypervisor is essential for running and managing virtual machines within your infrastructure. As a bare-metal hypervisor, it's providing the foundation for creating and managing virtual resources. |
 | VMware vCenter             | Device     | High                      | The VMware vCenter Server is crucial for managing virtual environments. It provides centralized management of virtual machines and ESXi hosts. If it fails, it could disrupt the administration and control of your virtual infrastructure, including provisioning, migration, load balancing of virtual machines, and datacenter automation. However, as there are often redundant vCenter Servers and High Availability configurations, the immediate halt of all operations might not occur. Its failure could still cause significant inconvenience and potential performance issues |
 
@@ -105,4 +106,4 @@ Current asset types are:
 | Immutable Azure Storage                                      | Cloud resource | Medium                    | This rule applies to Azure storage accounts that have immutability support enabled. Immutability stores business data in a write once read many (WORM) state, and usually indicates that the storage account holds critical or sensitive data that must be protected from modification. |
 | Immutable and Locked Azure Storage                           | Cloud resource | High                      | This rule applies to Azure storage accounts that have immutability support enabled with a locked policy. Immutability stores business data in a write once read many (WORM). Data protection is increased with a locked policy to ensure that data can’t be deleted or its retention time shortened. These settings usually indicate that the storage account holds critical or sensitive data that must be protected from modification or deletion. Data might also need to align with compliance policies for data protection. |
 | Azure Virtual Machine with a Critical User Signed-in         | Cloud resource | High                      | This rule applies to virtual machines protected by Defender for Endpoint, where a user with a high or very high criticality level is signed in. The signed-in user can be through a joined or registered device, an active browser session, or other means. |
-| Azure Key Vaults with Many Connected Identities              | Cloud resource | High                      | This rule identifies Key Vaults that can be accessed by a large number of identities, compared to other Key Vaults. This often indicates that the Key Vault is used by critical workloads, such as production services. |
+| Azure Key Vaults with Many Connected Identities              | Cloud resource | High                      | This rule identifies Key Vaults that can be accessed by a large number of identities, compared to other Key Vaults. This often indicates that the Key Vault is used by critical workloads, such as production services. |