MicrosoftDocs
diff --git a/‎CloudAppSecurityDocs/in-browser-protection.md‎
Lines changed: 3 additions & 1 deletion b/‎CloudAppSecurityDocs/in-browser-protection.md‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎CloudAppSecurityDocs/mde-integration.md‎
Lines changed: 2 additions & 3 deletions b/‎CloudAppSecurityDocs/mde-integration.md‎
Lines changed: 2 additions & 3 deletions
diff --git a/‎CloudAppSecurityDocs/media/in-browser-protection/edge-for-business-protection-settings.png‎
429 KB b/‎CloudAppSecurityDocs/media/in-browser-protection/edge-for-business-protection-settings.png‎
429 KB
diff --git a/‎CloudAppSecurityDocs/media/mde-settings.png‎
-100 KB b/‎CloudAppSecurityDocs/media/mde-settings.png‎
-100 KB
diff --git a/‎CloudAppSecurityDocs/media/turn-on-advanced-features-for-microsoft-defender-for-cloud-apps.png‎
174 KB b/‎CloudAppSecurityDocs/media/turn-on-advanced-features-for-microsoft-defender-for-cloud-apps.png‎
174 KB
diff --git a/‎CloudAppSecurityDocs/toc.yml‎
Lines changed: 0 additions & 2 deletions b/‎CloudAppSecurityDocs/toc.yml‎
Lines changed: 0 additions & 2 deletions
diff --git a/‎defender-office-365/configure-junk-email-settings-on-exo-mailboxes.md‎
Lines changed: 8 additions & 1 deletion b/‎defender-office-365/configure-junk-email-settings-on-exo-mailboxes.md‎
Lines changed: 8 additions & 1 deletion
diff --git a/‎defender-xdr/auditing.md‎
Lines changed: 2 additions & 2 deletions b/‎defender-xdr/auditing.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎defender-xdr/microsoft-365-defender-portal.md‎
Lines changed: 1 addition & 0 deletions b/‎defender-xdr/microsoft-365-defender-portal.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎defender-xdr/microsoft-365-defender.md‎
Lines changed: 1 addition & 0 deletions b/‎defender-xdr/microsoft-365-defender.md‎
Lines changed: 1 addition & 0 deletions
@@ -1,7 +1,7 @@
 ---
 title: In-browser protection with Microsoft Edge for Business | Microsoft Defender for Cloud Apps
 description: Learn about using in-browser protection with Microsoft Defender for Cloud Apps session policies and Microsoft Edge for Business.
-ms.date: 10/31/2024
+ms.date: 01/26/2025
 ms.topic: conceptual
 #customerIntent: As a Defender for Cloud Apps admin, I want to learn about the user experience with in-browser protection.
 ---
@@ -105,6 +105,8 @@ Administrators who understand the power of Microsoft Edge browser protection can
 
 4. When you're finished on the **Edge for Business protection** page, select **Save**.
 
+:::image type="content" source="media/in-browser-protection/edge-for-business-protection-settings.png" alt-text="Screenshot of Microsoft Edge for business protection settings." lightbox="media/in-browser-protection/edge-for-business-protection-settings.png":::
+
 ## Related content
 
 For more information, see [Microsoft Defender for Cloud Apps Conditional Access app control](proxy-intro-aad.md).
@@ -65,13 +65,12 @@ To enable Defender for Endpoint integration with Defender for Cloud Apps:
 
 1. In the [Microsoft Defender portal](https://security.microsoft.com), from the navigation pane, select **Settings** > **Endpoints** > **General** > **Advanced features**.
 1. Toggle the **Microsoft Defender for Cloud Apps** to **On**.
-1. Select **Apply**.
+1. Select **Save preferences**.
 
 >[!NOTE]
 > It takes up to two hours after you enable the integration for the data to show up in Defender for Cloud Apps.
 >
-
-![Screenshot of the Defender for Endpoint settings.](media/mde-settings.png)
+![Screenshot of the Defender for Endpoint settings.](media\turn-on-advanced-features-for-microsoft-defender-for-cloud-apps.png)
 
 To configure the severity for alerts sent to Microsoft Defender for Endpoint:
 
 
@@ -310,8 +310,6 @@ items:
     items:
     - name: Investigate anomaly detection alerts
       href: investigate-anomaly-alerts.md
-    - name: Investigate risky users
-      href: tutorial-ueba.md
   - name: Respond to threats
     items:
     - name: Governing connected apps
 
@@ -16,7 +16,7 @@ ms.collection:
   - tier2
 description: Admins can learn how to configure the junk email settings in Exchange Online mailboxes. Many of these settings are available to users in Outlook or Outlook on the web.
 ms.service: defender-office-365
-ms.date: 12/08/2024
+ms.date: 01/27/2025
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/eop-about" target="_blank">Exchange Online Protection</a>
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 1 and Plan 2</a>
@@ -172,3 +172,10 @@ As you can see, enabling the **Trust email from my contacts** setting reduces th
 
 - File name: outlk16.opax
 - Policy setting: **Trust e-mail from contacts**
+
+> [!IMPORTANT]
+> The following button helps identify and resolve issues with the safelist collection in user mailboxes (the Safe Senders list and Bloxked Senders list, which includes individual senders and domains):
+>
+<div class="nextstepaction">
+<p><a href="https://aka.ms/safeblockdiag" data-linktype="external">Run Tests: Mailbox safe/blocked sender list</a></p>
+</div>
@@ -17,7 +17,7 @@ ms.custom:
 - cx-ti
 - cx-dex
 search.appverid: met150
-ms.date: 10/30/2024
+ms.date: 01/14/2025
 ---
 
 # Auditing
@@ -28,7 +28,7 @@ ms.date: 10/30/2024
 
 As a tenant administrator, you can use Microsoft Purview to search the audit logs for the times Microsoft Defender Experts signed into your tenant and the actions they did there to perform their investigations. You can also search the audit logs for the changes done by your tenant administrators to the Defender Experts settings.
 
-[Audit (Standard)](/microsoft-365/compliance/audit-solutions-overview) is turned on by default for all Microsoft Defender Experts for XDR customers when paid licenses are assigned to the tenant. If you have a trial license, work with your service delivery manager to turn on Audit if it isn't yet.
+Auditing is automatically turned on in the Microsoft Defender portal. Features that are audited are logged in the audit log automatically. Auditing can also collect audit logs from GCC environments.
 
 > [!NOTE]
 > Make sure you have the right [permissions](/microsoft-365/compliance/audit-log-search#before-you-search-the-audit-log) to search for audit logs.
 
@@ -38,6 +38,7 @@ To learn more about the services that are part of the Microsoft Defender portal,
 - **[Microsoft Security Copilot embedded experience in the Microsoft Defender portal](security-copilot-in-microsoft-365-defender.md)**
 - **[Microsoft Defender for IoT enterprise monitoring in the Microsoft Defender portal](/azure/defender-for-iot/organizations/eiot-defender-for-endpoint)**
 - **[Microsoft Sentinel in the Microsoft Defender portal](/azure/sentinel/microsoft-sentinel-defender-portal)**
+- **[Microsoft Purview Insider Risk Management alerts in the Microsoft Defender portal](irm-investigate-alerts-defender.md)**
 
 [!INCLUDE [unified-soc-preview](../includes/unified-soc-preview.md)]
 
 
@@ -40,6 +40,7 @@ Microsoft Defender XDR helps security teams protect and detect their organizatio
 - [**Microsoft Entra ID Protection**](/azure/active-directory/identity-protection/overview-identity-protection)
 - [**Microsoft Data Loss Prevention**](/microsoft-365/compliance/dlp-learn-about-dlp)
 - [**App Governance**](/defender-cloud-apps/app-governance-manage-app-governance)
+- [**Microsoft Purview Insider Risk Management**](/purview/insider-risk-management-solution-overview)
 
 With the integrated Microsoft Defender XDR solution, security professionals can stitch together the threat signals that each of these products receive and determine the full scope and impact of the threat; how it entered the environment, what it's affected, and how it's currently impacting the organization. Microsoft Defender XDR takes automatic action to prevent or stop the attack and self-heal affected mailboxes, endpoints, and user identities.