Merge pull request #5031 from MicrosoftDocs/main

[AutoPublish] main to live - 09/12 19:39 PDT | 09/13 08:09 IST

Author: m365-skilling-repo-management[bot]

defender-business/get-defender-business.md

@@ -80,7 +80,7 @@ Defender for Business provides advanced security protection for your company's d
 
 ## [Get Microsoft 365 Business Premium](#tab/getpremium)
 
-Microsoft 365 Business Premium includes Defender for Business, Microsoft Defender for Office 365 Plan 1, and Microsoft 365 Apps (formerly referred to as Office apps). For more information, see [Productivity and security for small and medium-sized businesses](/Microsoft-365/business-premium/why-choose-microsoft-365-business-premium).
+Microsoft 365 Business Premium includes Defender for Business, Microsoft Defender for Office 365 Plan 1, and Microsoft 365 Apps (formerly referred to as Office apps). For more information, see [Why should I choose Microsoft 365 Business Premium?](/microsoft-365/admin/security-and-compliance/m365bp-security-benefits).
 
 1. Visit the [Microsoft 365 Business Premium product page](https://www.microsoft.com/microsoft-365/business/microsoft-365-business-premium?activetab=pivot%3aoverviewtab).
 
@@ -90,10 +90,7 @@ Microsoft 365 Business Premium includes Defender for Business, Microsoft Defende
 
 4. Go to the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), where you view and manage security settings and devices for your organization. In the navigation bar, go to **Assets** > **Devices**. This action initiates the provisioning of Defender for Business for your tenant.
 
-5. Follow the guidance in [Boost your security protection](/Microsoft-365/business-premium/m365bp-security-overview) to set up your security capabilities.
-
-> [!IMPORTANT]
-> Make sure to complete all the steps described in [Microsoft 365 Business Premium – productivity and cybersecurity for small business](/Microsoft-365/business-premium/m365bp-overview).
+5. Follow the guidance in [Microsoft 365 for business security best practices](/microsoft-365/admin/security-and-compliance/m365b-security-best-practices) to set up your security capabilities.
 
 ---
 

defender-business/mdb-add-users.md

@@ -61,7 +61,7 @@ One good way to make sure MFA is enabled for all users is by using [security def
 
    > [!NOTE]
    > If your organization is using Conditional Access policies, don't enable security defaults. In this case, you might see a message that indicates you're using classic policies. To learn more, see the following articles:
-   > - [Multi-factor authentication](/Microsoft-365/business-premium/m365bp-turn-on-mfa) (in the Microsoft 365 Business Premium documentation)
+   > - [Multifactor authentication in Microsoft 365](/microsoft-365/admin/security-and-compliance/multi-factor-authentication-microsoft-365)
    > - [Security defaults in Microsoft Entra ID](/azure/active-directory/fundamentals/concept-fundamentals-security-defaults)
 
 5. Save your changes.

defender-business/mdb-onboard-devices.md

@@ -9,7 +9,7 @@ audience: Admin
 ms.topic: overview
 ms.service: defender-business
 ms.localizationpriority: medium
-ms.date: 12/12/2024
+ms.date: 09/12/2025
 ms.reviewer: efratka, nehabha, muktaagarwal
 f1.keywords: NOCSH
 ms.collection:
@@ -187,7 +187,7 @@ When you run the local script on Mac, it creates a trust with Microsoft Entra ID
    ```bash
    /usr/bin/unzip WindowsDefenderATPOnboardingPackage.zip \
    && /bin/chmod +x MicrosoftDefenderATPOnboardingMacOs.sh \
-   && /bin/bash -c MicrosoftDefenderATPOnboardingMacOs.sh
+   && Sudo bash -x MicrosoftDefenderATPOnboardingMacOs.sh
    ```
 
 After Mac is enrolled in Intune, you can add it to a device group. [Learn more about device groups in Defender for Business](mdb-create-edit-device-groups.md).

defender-business/mdb-requirements.md

@@ -53,7 +53,7 @@ The following table lists the basic requirements you need to configure and use D
 >    - If you don't have a Microsoft 365 subscription before you start your trial, Microsoft Entra ID will be provisioned for you during the activation process.
 >    - If you do have another Microsoft 365 subscription when you start your Defender for Business trial, you can use your existing Microsoft Entra service.
 >
-> 3. Security defaults are included in Defender for Business. If you prefer to use Conditional Access policies instead, you'll need Microsoft Entra ID P1 or P2 Plan 1 (included in [Microsoft 365 Business Premium](/Microsoft-365/business-premium/m365bp-overview)). To learn more, see [Multi-factor authentication](/Microsoft-365/business-premium/m365bp-turn-on-mfa).
+> 3. Security defaults are included in Defender for Business. If you prefer to use Conditional Access policies instead, you'll need Microsoft Entra ID P1 or P2 Plan 1 (included in [Microsoft 365 Business Premium](/Microsoft-365/business-premium/m365bp-overview)). To learn more, see [Multifactor authentication in Microsoft 365](/microsoft-365/admin/security-and-compliance/multi-factor-authentication-microsoft-365).
 
 ## Next steps
 

defender-office-365/defender-for-office-365-whats-new.md

@@ -8,7 +8,7 @@ author: chrisda
 ms.author: chrisda
 manager: bagol
 ms.localizationpriority: medium
-ms.date: 08/28/2025
+ms.date: 09/12/2025
 audience: ITPro
 ms.collection:
   - m365-security
@@ -39,13 +39,24 @@ For more information on what's new with other Microsoft Defender security produc
 - [What's new in Microsoft Defender for Identity](/defender-for-identity/whats-new)
 - [What's new in Microsoft Defender for Cloud Apps](/cloud-app-security/release-notes)
 
+## September 2025
+
+- **Near real-time URL protection in Teams messages**: Known, malicious URLs in Teams messages are delivered with a warning. Messages found to contain malicious URLs up to 48 hours after delivery also receive a warning. The warning is added to messages in internal and external chats and channels for all URL verdicts (not just malware or high confidence phishing).
+
+- Users can report external and intra-org [Microsoft Teams messages](submissions-teams.md) as non-malicious (not a security risk) from the following locations:
+  - Chats
+  - Standard, shared, and private channels
+  - Meeting conversations
+
+[User reported settings](submissions-user-reported-messages-custom-mailbox.md) determine whether reported messages are sent to the specified reporting mailbox, to Microsoft, or both.
+
 ## Aug 2025
 
 - SecOps can now dispute Microsoft's verdict on previously submitted email or URLs when they believe the result is incorrect. Disputing an item links back to the original submission and triggers a reevaluation with full context and audit history. [Learn more](submissions-admin.md).
 
 ## July 2025
 
-- Users can report external and intra-org [Microsoft Teams messages](submissions-teams.md) from chats, standard and private channels, meeting conversations to Microsoft, the specified reporting mailbox, or both via [user reported settings](submissions-user-reported-messages-custom-mailbox.md).
+- Users can report external and intra-org [Microsoft Teams messages](submissions-teams.md) from chats, standard, shared, and private channels, meeting conversations to Microsoft as malicious (security risk) the specified reporting mailbox, or both via [user reported settings](submissions-user-reported-messages-custom-mailbox.md).
 
 ## June 2025
 

defender-office-365/mdo-support-teams-about.md

@@ -16,7 +16,7 @@ ms.collection:
   - tier1
 description: Admins can learn about Microsoft Teams features in Microsoft Defender for Office 365.
 ms.service: defender-office-365
-ms.date: 09/03/2025
+ms.date: 09/11/2025
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 1 and Plan 2</a>
   - ✅ <a href="https://learn.microsoft.com/defender-xdr/microsoft-365-defender" target="_blank">Microsoft Defender XDR</a>
@@ -33,7 +33,7 @@ With the increased use of collaboration tools like Microsoft Teams, the possibil
 All licenses of Microsoft Teams in Microsoft 365 include the following built-in protections:
 
 - [Built-in virus protection in SharePoint, SharePoint Embedded, OneDrive, and Microsoft Teams](anti-malware-protection-for-spo-odfb-teams-about.md)
-- **Near real-time URL protection in Teams messages (currently in Preview)**: Known, malicious URLs in Teams messages are delivered with a warning. Messages found to contain malicious URLs up to 48 hours after delivery also receive a warning. The warning is added to messages in internal and external chats and teams for all URL verdicts (not just malware or high confidence phishing).
+- **Near real-time URL protection in Teams messages (currently in Preview)**: Known, malicious URLs in Teams messages are delivered with a warning. Messages found to contain malicious URLs up to 48 hours after delivery also receive a warning. The warning is added to messages in internal and external chats and channels for all URL verdicts (not just malware or high confidence phishing).
 
   :::image type="content" source="media/teams-message-url-warning.png" alt-text="Screenshot showing a Microsoft Teams message with a URL warning." lightbox="media/teams-message-url-warning.png":::
 
@@ -46,7 +46,7 @@ Microsoft Defender for Office 365 provides the following extra Teams protection
 
 Microsoft 365 E5 and Defender for Office 365 Plan 2 extend Teams protection with a set of extra capabilities designed to disrupt the attack chain:
 
-- **Report suspicious Teams messages**: Users can report malicious Teams messages. Depending on the reported message settings in the organization, the reported messages go to the specified reporting mailbox, to Microsoft, or both. For more information, see [User reported settings in Teams](submissions-teams.md).
+- **Report Teams messages**: Users can report Teams messages as malicious or not malicious. Depending on the reported message settings in the organization, reported messages go to the specified reporting mailbox, to Microsoft, or both. For more information, see [User reported settings in Teams](submissions-teams.md).
 
 - **Zero-hour auto protection (ZAP) for Teams**: ZAP is an existing email protection feature that detects and neutralizes spam, phishing, and malware messages after delivery by moving the messages to the Junk Email folder or quarantine.
 

defender-office-365/mdo-support-teams-quick-configure.md

@@ -16,7 +16,7 @@ ms.collection:
   - tier1
 description: Admins who aren't using Microsoft Defender for Office 365 can learn how to quickly set up protection in Microsoft Teams.
 ms.service: defender-office-365
-ms.date: 08/21/2025
+ms.date: 09/11/2025
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 1 and Plan 2</a>
 ---
@@ -112,18 +112,30 @@ For complete instructions, see [Configure ZAP for Teams protection in Defender f
 
 For complete instructions, see [User reported message settings in Microsoft Teams](submissions-teams.md).
 
-1. In the Teams admin center, go to the **Messaging policies** page at <https://admin.teams.microsoft.com/policies/messaging>.
+1. In the Teams admin center, go to the **Settings & policies** page at <https://admin.teams.microsoft.com/one-policy/settings>.
 
-2. On the **Manage policies** tab of the **Messaging policies** page, verify that the **Manage policies** tab is selected, and do either of the following actions to edit the appropriate policy (the **Global (Org-wide) default** policy for all users or a custom policy for specific users):
-   - Select the link in the **Name** column.
-   - Select the policy by clicking anywhere in the row other than the **Name** column, and then select :::image type="icon" source="media/m365-cc-sc-edit-icon.png" border="false"::: **Edit**.
+2. On the **Settings & policies** page, select either the **Global (Org-wide) default settings** tab for all users or **Custom policies for users & groups** for specific users.
 
-3. In the policy details page that opens, find the **Report a security concern** toggle, and verify the value is :::image type="icon" source="media/scc-toggle-on.png" border="false"::: **On**.
+3. On the tab, go to the **Messaging** section and select **Messaging**. If you selected the **Custom policies for users & groups** tab in the previous step, do one of the following steps to edit the specific policy:
+   - Click on the policy name in the **Name** column.
+   - Click anywhere in the row other than the **Name** column, and then select the :::image type="icon" source="media/m365-cc-sc-edit-icon.png" border="false"::: **Edit** action that appears.
+
+4. In the policy details page that opens, find the **Report a security concern** toggle, and verify the value is :::image type="icon" source="media/scc-toggle-on.png" border="false"::: **On**.
 
    If the value is :::image type="icon" source="media/scc-toggle-off.png" border="false"::: **Off**, move the toggle to :::image type="icon" source="media/scc-toggle-on.png" border="false"::: **On**, and then select **Save**.
 
-4. In the Microsoft Defender portal, go to the **User reported settings** page at <https://security.microsoft.com/securitysettings/userSubmission>.
+   :::image type="content" source="media/submissions-teams-turn-on-off-tac-security-risk.png" alt-text="Screenshot of the 'Report a security concern' toggle in Messaging policies in the Teams admin center." lightbox="media/submissions-teams-turn-on-off-tac-security-risk.png":::
+
+5. In the Teams admin center, go to the **Messaging settings** page at <https://admin.teams.microsoft.com/messaging/settings>.
+
+6. On the **Messaging settings** page, go to the **Messaging safety** section, find the **Report incorrect security detections** toggle, and verify the value is :::image type="icon" source="media/scc-toggle-on.png" border="false"::: **On**.
+
+   If the value is :::image type="icon" source="media/scc-toggle-off.png" border="false"::: **Off**, move the toggle to :::image type="icon" source="media/scc-toggle-on.png" border="false"::: **On**, and then select **Save**.
+
+   :::image type="content" source="media/submissions-teams-turn-on-off-tac-not-security-risk.png" alt-text="Screenshot of the 'Report incorrect security detections' toggle on the Messaging settings page in the Microsoft Teams admin center." lightbox="media/submissions-teams-turn-on-off-tac-not-security-risk.png":::
+
+7. In the Microsoft Defender portal, go to the **User reported settings** page at <https://security.microsoft.com/securitysettings/userSubmission>.
 
-5. On the **User reported settings** page, go to the **Microsoft Teams** section, and verify **Monitor reported messages in Microsoft Teams** is selected.
+8. On the **User reported settings** page, go to the **Microsoft Teams** section, and verify **Monitor reported messages in Microsoft Teams** is selected.
 
    If it's not selected, select the check box, and then select **Save**.

defender-office-365/mdo-support-teams-sec-ops-guide.md

@@ -16,7 +16,7 @@ ms.collection:
   - tier1
 description: A prescriptive playbook for SecOps personnel to manage Microsoft Teams protection in Microsoft Defender for Office 365.
 ms.service: defender-office-365
-ms.date: 07/28/2025
+ms.date: 09/11/2025
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 2</a>
 ---
@@ -33,14 +33,14 @@ Another important step is to ensure SecOps team members have the appropriate per
 
 ## Integrate user reported Teams messages into SecOps incident response
 
-When users report Teams messages as potentially malicious, the reported messages are sent to Microsoft and/or the reporting mailbox as defined by the [user reported settings in Defender for Office 365](submissions-user-reported-messages-custom-mailbox.md).  
+When users report Teams messages as potentially malicious or non malicious, the reported messages are sent to Microsoft and/or the reporting mailbox as defined by the [user reported settings in Defender for Office 365](submissions-user-reported-messages-custom-mailbox.md).  
 
-The **Teams message reported by user as security risk** alert is automatically generated and correlated to Defender XDR Incidents.  
+The **Teams message reported by user as security risk** and **Teams message reported by user as not security risk** alerts are automatically generated and correlated to Defender XDR Incidents for malicious and non malicious user report respectively.
 
 We strongly recommend that SecOps team members start triage and investigation from the [Defender XDR incidents queue in the Microsoft Defender portal](/defender-office-365/mdo-sec-ops-manage-incidents-and-alerts) or SIEM/SOAR integration.
 
 > [!TIP]
-> Currently, **Teams message reported by user as security risk** alerts don't generate automated investigation and response (AIR) investigations.
+> Currently, **Teams message reported by user as security risk** and **Teams message reported by user as not security risk** alerts don't generate automated investigation and response (AIR) investigations.
 
 SecOps team members can review submitted Teams message details in the following locations in the Defender portal:
 
@@ -67,9 +67,12 @@ SecOps team members can use threat hunting or information from external threat i
 
 ## Enable SecOps to manage false positives in Microsoft Teams
 
-SecOps team members can triage and respond to false positive Teams messages (good messages blocked) on the **Quarantine** page in Defender for Office 365 at <https://security.microsoft.com/quarantine>.
+SecOps team members can triage and respond to false positive Teams messages (good messages blocked) on the **Quarantine** page in Defender for Office 365 at <https://security.microsoft.com/quarantine>. Teams messages detected by zero-hour auto protection (ZAP) are available on the **Teams messages** tab. SecOps team members can [take action](quarantine-admin-manage-messages-files.md#take-action-on-quarantined-teams-messages) on these messages. For example, preview messages, download messages, submit messages to Microsoft for review, and release the messages from quarantine.
 
-Teams messages detected by zero-hour auto protection (ZAP) are available on the **Teams messages** tab. SecOps team members can [take action](quarantine-admin-manage-messages-files.md#take-action-on-quarantined-teams-messages) on these messages. For example, preview messages, download messages, submit messages to Microsoft for review, and release the messages from quarantine.
+SecOps team members can also use allow entries in the Tenant Allow/Block List to allow the misclassified indicators:
+
+- URLs misidentified by Defender for Office 365. URL allows entries are enforced at time of click in Teams when [Teams integration in Safe Links policies is turned on](mdo-support-teams-quick-configure.md#step-2-verify-safe-links-integration-for-microsoft-teams).
+- Files by using the SHA256 hash value.
 
 > [!TIP]
 > Teams messages released from quarantine are available to senders and recipients in the original location in Teams chats and channel posts.