Merge branch 'main' into WI370894-update-mdi-health-issues-explain-close-and-suppress

Author: DeCohen

.github/workflows/AutoPublish.yml

@@ -0,0 +1,25 @@
+name: (Scheduled) Publish to live
+
+permissions:
+  contents: write
+  pull-requests: write
+
+on:
+  schedule:
+    - cron: "25 5,11,17,22 * * *" # Times are UTC based on Daylight Saving Time. Need to be adjusted for Standard Time. Scheduling at :25 to account for queuing lag.
+
+  workflow_dispatch:
+
+jobs:
+
+  auto-publish:
+    if: github.repository_owner == 'MicrosoftDocs' && contains(github.event.repository.topics, 'build')
+    uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-AutoPublish.yml@workflows-prod
+    with:
+        PayloadJson: ${{ toJSON(github) }}
+        EnableAutoPublish: true
+
+    secrets:
+        AccessToken: ${{ secrets.GITHUB_TOKEN }}
+        PrivateKey: ${{ secrets.M365_APP_PRIVATE_KEY }}
+        ClientId: ${{ secrets.M365_APP_CLIENT_ID }}

.openpublishing.redirection.defender-endpoint.json

@@ -134,6 +134,21 @@
       "source_path": "defender-endpoint/configure-server-endpoints.md",
       "redirect_url": "/defender-endpoint/onboard-windows-server-2012r2-2016",
       "redirect_document_id": true
+    },
+    {
+      "source_path": "defender-endpoint/onboard-windows-client.md",
+      "redirect_url": "/defender-endpoint/onboard-client",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "defender-endpoint/onboard-windows-server.md",
+      "redirect_url": "/defender-endpoint/onboard-server",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "defender-endpoint/onboard-windows-server-2012r2-2016.md",
+      "redirect_url": "/defender-endpoint/onboard-server",
+      "redirect_document_id": false
     } 
   ]
 }

CloudAppSecurityDocs/caac-known-issues.md

@@ -51,6 +51,9 @@ For example, assume that a session policy is configured to prevent downloading f
 
 Session policies don't protect external business-to-business (B2B) collaboration users in Microsoft Teams applications.
 
+## Session Controls with Non-Interactive Tokens
+Some applications utilize non-interactive access tokens to facilitate seamless redirection between apps within the same suite or realm. When one application is onboarded to Conditional Access App Control and the other is not, session controls may not be enforced as expected. For example, if the Teams client retrieves a non-interactive token for SharePoint Online (SPO), it can initiate an active session in SPO without prompting the user for reauthentication. As a result, the session control mechanism cannot intercept or enforce policies on these sessions. To ensure consistent enforcement, it's recommended to onboard all relevant applications, such as Teams, alongside SPO. 
+
 ## Limitations for sessions that the reverse proxy serves
 
 The following limitations apply only on sessions that the reverse proxy serves. Users of Microsoft Edge can benefit from in-browser protection instead of using the reverse proxy, so these limitations don't affect them.

CloudAppSecurityDocs/network-requirements.md

@@ -35,7 +35,7 @@ To see which data center you're connecting to, do the following steps:
 1. In the **About** screen, you can see the region and the data center.
 
     ![View your data center.](media/data-center.png)
-
+   
 ## Portal access
 
 To use Defender for Cloud Apps in the Microsoft Defender Portal:
@@ -104,7 +104,7 @@ Additionally, the following IP addresses, used by our reverse proxy regions, sho
 |  | **IP Addresses** | **DNS Name** |
 |--|--|--|
 | **Session controls** | Australia Southeast: 40.81.58.184, 40.81.58.180, 20.40.163.96, 20.40.163.88, 40.81.62.221, 40.81.62.206, 20.40.160.184, 20.40.163.130, 20.11.210.40, 4.198.66.78, 4.198.66.135, 20.190.102.146, 4.198.66.126, 4.198.66.117, 4.198.66.105, 4.198.66.90, 20.92.29.167, 4.198.66.94, 4.198.66.92, 4.198.154.86<br /><br />Brazil South: 191.235.123.114, 191.235.121.164, 191.235.122.101, 191.235.119.253, 191.233.23.29, 191.234.216.181, 191.233.21.52, 191.234.216.10, 20.226.100.200, 191.235.57.180, 191.235.58.203, 191.235.58.201, 191.235.58.255, 191.235.59.0, 20.206.229.223, 191.235.58.56, 191.235.58.85, 191.235.54.192, 191.235.55.73, 20.206.75.66<br /><br />Canada Central: 40.82.187.211, 40.82.187.164, 52.139.18.234, 52.139.20.118, 40.82.187.199, 40.82.187.179, 52.139.19.215, 52.139.18.236, 4.205.74.7, 20.175.142.143, 20.175.143.220, 20.175.140.191, 20.175.140.128, 20.175.140.185, 20.175.143.233, 20.175.151.201, 20.175.142.19, 20.175.142.34, 20.175.151.166, 20.104.25.35<br /><br />Central India: 20.193.137.191, 20.193.137.153, 20.193.138.1, 20.193.136.234, 20.193.131.246, 20.193.131.250, 20.193.131.247, 20.193.131.248, 20.219.218.134, 20.204.236.74, 20.204.236.213, 20.204.236.115, 20.204.235.50, 20.219.226.117, 20.219.226.224, 20.204.236.147, 20.204.235.230, 20.204.236.17, 20.204.236.111, 20.235.115.136<br /><br />North Europe: 52.156.205.222, 52.156.204.99, 52.155.166.50, 52.142.127.127, 52.155.181.183, 52.155.168.45, 52.156.202.7, 52.142.124.23, 68.219.99.63, 20.166.182.182, 20.166.182.163, 20.166.182.165, 4.231.129.246, 20.166.182.193, 4.231.129.248, 20.54.22.195, 20.166.182.159, 20.166.182.171, 20.166.182.204, 40.127.131.206<br /><br />Southeast Asia: 40.65.170.125, 40.65.170.123, 52.139.245.40, 52.139.245.48, 40.119.203.158, 40.119.203.209, 20.184.61.67, 20.184.60.77, 20.187.114.178<br /><br />West Europe: 52.157.233.49, 52.157.235.27, 51.105.164.234, 51.105.164.241, 20.229.66.63, 20.76.151.201, 20.76.199.32, 20.76.199.126, 20.76.199.12, 20.76.198.169, 20.76.198.91, 20.76.199.14, 20.76.199.49, 20.93.194.151, 20.76.198.36, 20.160.197.20<br /><br />UK West: 40.81.121.140, 40.81.121.135, 51.137.137.121, 51.137.137.118, 20.90.50.115, 20.90.53.162, 20.90.53.126, 20.68.124.199, 20.90.53.127, 20.68.122.206, 20.90.53.132, 20.90.49.200, 51.142.187.141, 51.142.187.196, 20.90.53.133, 20.254.168.148<br /><br />East US: 104.45.170.196, 104.45.170.182, 52.151.238.5, 52.151.237.243, 104.45.170.173, 104.45.170.176, 52.224.188.157, 52.224.188.168, 20.168.249.164, 20.237.16.198, 20.124.59.146, 20.237.18.20, 20.121.150.131, 20.237.16.199, 20.237.22.162, 20.237.18.21, 20.237.22.163, 20.237.23.162, 20.124.59.116, 172.173.135.148<br /><br />West US 2: 52.156.88.173, 52.149.61.128, 52.149.61.214, 52.149.63.211, 20.190.7.24, 20.190.6.224, 20.190.7.239, 20.190.7.233<br /><br />West US 3: 20.106.103.34, 20.150.153.126, 20.118.150.70, 20.150.157.146, 20.150.153.110, 20.118.145.8, 20.150.152.101, 20.150.157.211, 20.150.158.183, 20.106.80.235, 20.106.81.123, 20.14.38.249, 20.14.38.222, 20.163.100.176<br /><br />East Asia: 20.195.89.219, 20.195.89.186, 20.239.27.66, 20.195.89.166, 20.239.26.193, 20.195.89.213, 20.195.89.72, 20.195.89.128, 20.195.89.62, 20.195.89.56, 20.205.119.72<br /><br />France Central: 51.103.95.227, 20.74.94.42, 20.74.94.220, 20.74.94.113, 20.74.115.131, 20.74.94.109, 20.74.95.102, 20.74.114.253, 20.74.94.73, 20.74.94.136, 20.74.94.139, 51.103.31.141                                                                                                | *.mcas.ms<br/>\*.admin-mcas.ms |
-| **Access controls** | Australia Southeast: 20.42.228.161, 20.211.237.204, 4.198.66.78, 4.198.66.135, 20.190.102.146, 4.198.66.126, 4.198.66.117, 4.198.66.105, 4.198.66.90, 20.92.29.167, 4.198.66.94, 4.198.66.92, 4.198.154.86<br /><br />Brazil South: 191.235.228.36, 104.41.37.185, 20.201.80.33, 104.41.37.185, 191.235.57.180, 191.235.58.203, 191.235.58.201, 191.235.58.255, 191.235.59.0, 20.206.229.223, 191.235.58.56, 191.235.58.85, 191.235.54.192, 191.235.55.73, 20.206.75.66<br /><br />North Europe: 68.219.99.39, 20.166.182.182, 20.166.182.163, 20.166.182.165, 4.231.129.246, 20.166.182.193, 4.231.129.248, 20.54.22.195, 20.166.182.159, 20.166.182.171, 20.166.182.204, 40.127.131.206<br /><br />West Europe: 13.69.81.118, 20.103.48.225, 13.69.81.118, 20.76.151.201, 20.76.199.32, 20.76.199.126, 20.76.199.12, 20.76.198.169, 20.76.198.91, 20.76.199.14, 20.76.199.49, 20.93.194.151, 20.76.198.36, 20.160.197.20<br /><br />Southeast Asia: 20.43.132.128, 20.24.14.233, 20.195.116.193, 20.187.116.207<br /><br />UK West: 51.137.163.32, 20.90.50.109, 20.90.53.162, 20.90.53.126, 20.68.124.199, 20.90.53.127, 20.68.122.206, 20.90.53.132, 20.90.49.200, 51.142.187.141, 51.142.187.196, 20.90.53.133, 20.254.168.148<br /><br />East US: 20.49.104.46, 40.117.113.165, 52.249.211.17, 40.117.113.165, 20.237.16.198, 20.124.59.146, 20.237.18.20, 20.121.150.131, 20.237.16.199, 20.237.22.162, 20.237.18.21, 20.237.22.163, 20.237.23.162, 20.124.59.116, 172.173.135.148<br /><br /> France Central: 20.111.40.153, 20.74.94.42, 20.74.94.220, 20.74.94.113, 20.74.115.131, 20.74.94.109, 20.74.95.102, 20.74.114.253, 20.74.94.73, 20.74.94.136, 20.74.94.139, 51.103.31.141<br /><br />West US 2: 20.115.232.7<br /><br />Canada Central: 20.48.202.161, 4.205.74.15, 20.175.142.143, 20.175.143.220, 20.175.140.191, 20.175.140.128, 20.175.140.185, 20.175.143.233, 20.175.151.201, 20.175.142.19, 20.175.142.34, 20.175.151.166, 20.104.25.35<br /><br />East Asia: 20.187.116.207, 20.195.89.219, 20.195.89.186, 20.239.27.66, 20.195.89.166, 20.239.26.193, 20.195.89.213, 20.195.89.72, 20.195.89.128, 20.195.89.62, 20.195.89.56, 20.205.119.72<br /><br /> West US 3: 20.150.143.88, 20.150.153.126, 20.118.150.70, 20.150.157.146, 20.150.153.110, 20.118.145.8, 20.150.152.101, 20.150.157.211, 20.150.158.183, 20.106.80.235, 20.106.81.123, 20.14.38.249, 20.14.38.222, 20.163.100.176<br /><br />Central India: 20.235.81.243, 20.204.236.74, 20.204.236.213, 20.204.236.115, 20.204.235.50, 20.219.226.117, 20.219.226.224, 20.204.236.147, 20.204.235.230, 20.204.236.17, 20.204.236.111, 20.235.115.136| \*.access.mcas.ms<br/> |
+| **Access controls** | Australia Southeast: 20.42.228.161, 20.211.237.204, 4.198.66.78, 4.198.66.135, 20.190.102.146, 4.198.66.126, 4.198.66.117, 4.198.66.105, 4.198.66.90, 20.92.29.167, 4.198.66.94, 4.198.66.92, 4.198.154.86<br /><br />Brazil South: 191.235.228.36, 104.41.37.185, 20.201.80.33, 104.41.37.185, 191.235.57.180, 191.235.58.203, 191.235.58.201, 191.235.58.255, 191.235.59.0, 20.206.229.223, 191.235.58.56, 191.235.58.85, 191.235.54.192, 191.235.55.73, 20.206.75.66<br /><br />North Europe: 68.219.99.39, 20.166.182.182, 20.166.182.163, 20.166.182.165, 4.231.129.246, 20.166.182.193, 4.231.129.248, 20.54.22.195, 20.166.182.159, 20.166.182.171, 20.166.182.204, 40.127.131.206<br /><br />West Europe: 13.69.81.118, 20.103.48.225, 20.76.151.201, 20.76.199.32, 20.76.199.126, 20.76.199.12, 20.76.198.169, 20.76.198.91, 20.76.199.14, 20.76.199.49, 20.93.194.151, 20.76.198.36, 20.160.197.20<br /><br />Southeast Asia: 20.43.132.128, 20.24.14.233, 20.195.116.193, 20.187.116.207<br /><br />UK West: 51.137.163.32, 20.90.50.109, 20.90.53.162, 20.90.53.126, 20.68.124.199, 20.90.53.127, 20.68.122.206, 20.90.53.132, 20.90.49.200, 51.142.187.141, 51.142.187.196, 20.90.53.133, 20.254.168.148<br /><br />East US: 20.49.104.46, 40.117.113.165, 52.249.211.17, 40.117.113.165, 20.237.16.198, 20.124.59.146, 20.237.18.20, 20.121.150.131, 20.237.16.199, 20.237.22.162, 20.237.18.21, 20.237.22.163, 20.237.23.162, 20.124.59.116, 172.173.135.148<br /><br /> France Central: 20.111.40.153, 20.74.94.42, 20.74.94.220, 20.74.94.113, 20.74.115.131, 20.74.94.109, 20.74.95.102, 20.74.114.253, 20.74.94.73, 20.74.94.136, 20.74.94.139, 51.103.31.141<br /><br />West US 2: 20.115.232.7<br /><br />Canada Central: 20.48.202.161, 4.205.74.15, 20.175.142.143, 20.175.143.220, 20.175.140.191, 20.175.140.128, 20.175.140.185, 20.175.143.233, 20.175.151.201, 20.175.142.19, 20.175.142.34, 20.175.151.166, 20.104.25.35<br /><br />East Asia: 20.187.116.207, 20.195.89.219, 20.195.89.186, 20.239.27.66, 20.195.89.166, 20.239.26.193, 20.195.89.213, 20.195.89.72, 20.195.89.128, 20.195.89.62, 20.195.89.56, 20.205.119.72<br /><br /> West US 3: 20.150.143.88, 20.150.153.126, 20.118.150.70, 20.150.157.146, 20.150.153.110, 20.118.145.8, 20.150.152.101, 20.150.157.211, 20.150.158.183, 20.106.80.235, 20.106.81.123, 20.14.38.249, 20.14.38.222, 20.163.100.176<br /><br />Central India: 20.235.81.243, 20.204.236.74, 20.204.236.213, 20.204.236.115, 20.204.235.50, 20.219.226.117, 20.219.226.224, 20.204.236.147, 20.204.235.230, 20.204.236.17, 20.204.236.111, 20.235.115.136| \*.access.mcas.ms<br/> |
 | **SAML proxy** | North Europe: 20.50.64.15, 40.127.131.206<br /><br />East US: 20.49.104.26, 172.173.135.148<br /><br />West US 2: 20.42.128.102<br /><br />West US 2: 20.163.100.176| \*.us.saml.cas.ms \*.us2.saml.cas.ms \*.us3.saml.cas.ms \*.eu.saml.cas.ms *.eu2.saml.cas.ms |
 
 ### US Government offerings

defender-endpoint/TOC.yml

@@ -108,15 +108,15 @@
         items:
         - name: Overview
           href: mde-planning-guide.md
-        - name: Step 1 - Set up Defender for Endpoint deployment
+        - name: Step 1 - Prepare for deployment
           href: production-deployment.md
         - name: Step 2 - Assign roles and permissions
           href: prepare-deployment.md
-        - name: Step 3 - Identify your architecture and deployment method
+        - name: Step 3 - Identify your architecture and select a deployment method
           href: deployment-strategy.md
-        - name: Step 4 - Onboard devices
+        - name: Step 4 - Onboard devices to Defender for Endpoint
           href: onboarding.md
-        - name: Step 5 - Configure Microsoft Defender for Endpoint capabilities
+        - name: Step 5 - Configure Defender for Endpoint capabilities
           href: onboard-configure.md
 
       - name: Onboard and configure devices
@@ -138,10 +138,9 @@
               href: migrate-devices-streamlined.md
 
         - name: Onboard client devices
-          href: onboard-client.md
           items:
-          - name: Onboarding Windows client overview
-            href: onboard-windows-client.md
+          - name: Onboard client devices running Windows or macOS
+            href: onboard-client.md
           - name: Defender for Endpoint plug-in for WSL
             href: mde-plugin-wsl.md
           - name: Onboard Windows devices to Defender for Endpoint using Intune
@@ -160,12 +159,9 @@
             href: onboard-downlevel.md
 
         - name: Onboard server devices
-          href: onboard-server.md
           items:
-          - name: Onboard Windows Server version 1803, Windows Server 2019, and later
-            href: onboard-windows-server.md
-          - name: Onboard Windows Server 2012 R2 and Windows Server 2016
-            href: onboard-windows-server-2012r2-2016.md
+          - name: Onboard servers through Defender for Endpoint's experience
+            href: onboard-server.md
           - name: Defender for Endpoint on Windows Server with SAP
             href: mde-sap-windows-server.md
           - name: Onboard Windows devices using Configuration Manager

defender-endpoint/advanced-features.md

@@ -177,7 +177,7 @@ Deception enables your security team to manage and deploy lures and decoys to ca
 
 ## Share endpoint alerts with Microsoft Compliance Center
 
-Forwards endpoint security alerts and their triage status to Microsoft Purview compliance portal, allowing you to enhance insider risk management policies with alerts and remediate internal risks before they cause harm. Forwarded data is processed and stored in the same location as your Office 365 data.
+Forwards endpoint security alerts and their triage status to Microsoft Purview portal, allowing you to enhance insider risk management policies with alerts and remediate internal risks before they cause harm. Forwarded data is processed and stored in the same location as your Office 365 data.
 
 After configuring the [Security policy violation indicators](/microsoft-365/compliance/insider-risk-management-settings#indicators) in the insider risk management settings, Defender for Endpoint alerts will be shared with insider risk management for applicable users.
 

defender-endpoint/api/device-health-api-methods-properties.md

@@ -50,7 +50,7 @@ Retrieves a list of Microsoft Defender Antivirus device health details. This API
 Data that is collected using either `JSON response` or by using files is a snapshot of the current state. This data doesn't contain historical data. To collect historical data, you must save the data in your own data storage.
 
 > [!IMPORTANT]
-> For Windows Server 2012 R2 and Windows Server 2016 to appear in device health reports, these devices must be onboarded using the modern unified solution package. For more information, see [New functionality in the modern unified solution for Windows Server 2012 R2 and 2016](../onboard-windows-server-2012r2-2016.md#functionality-in-the-modern-unified-solution).
+> For Windows Server 2012 R2 and Windows Server 2016 to appear in device health reports, these devices must be onboarded using the modern unified solution package. For more information, see [New functionality in the modern unified solution for Windows Server 2012 R2 and 2016](../onboard-server.md#functionality-in-the-modern-unified-solution-for-windows-server-2016-and-windows-server-2012-r2).
 >
 > For information about using the **Device health and antivirus compliance** reporting tool in the Microsoft Defender portal, see: [Device health and antivirus report in Microsoft Defender for Endpoint](../device-health-reports.md).
 

defender-endpoint/api/device-health-export-antivirus-health-report-api.md

@@ -48,7 +48,7 @@ Data that is collected using either '_JSON response_ or _via files_' is the curr
 
 > [!IMPORTANT]
 >
-> For Windows Server 2012 R2 and Windows Server 2016 to appear in device health reports, these devices must be onboarded using the modern unified solution package. For more information, see [New functionality in the modern unified solution for Windows Server 2012 R2 and 2016](../onboard-windows-server-2012r2-2016.md#functionality-in-the-modern-unified-solution).
+> For Windows Server 2012 R2 and Windows Server 2016 to appear in device health reports, these devices must be onboarded using the modern unified solution package. For more information, see [New functionality in the modern unified solution for Windows Server 2012 R2 and 2016](../onboard-server.md#functionality-in-the-modern-unified-solution-for-windows-server-2016-and-windows-server-2012-r2).
 
 > [!NOTE]
 >

defender-endpoint/attack-surface-reduction-rules-reference.md

@@ -111,7 +111,7 @@ The following table lists the supported operating systems for rules that are cur
 
 > [!NOTE]
 > Unless otherwise indicated, the minimum Windows 10 build is version 1709 (RS3, build 16299) or later; the minimum Windows Server build is version 1809 or later.
-> Attack surface reduction rules in Windows Server 2012 R2 and Windows Server 2016 are available for devices onboarded using the modern unified solution package. For more information, see [New Windows Server 2012 R2 and 2016 functionality in the modern unified solution](onboard-windows-server-2012r2-2016.md#functionality-in-the-modern-unified-solution).
+> Attack surface reduction rules in Windows Server 2012 R2 and Windows Server 2016 are available for devices onboarded using the modern unified solution package. For more information, see [New Windows Server 2012 R2 and 2016 functionality in the modern unified solution](onboard-server.md#functionality-in-the-modern-unified-solution-for-windows-server-2016-and-windows-server-2012-r2).
 
 | Rule name| Windows 10 and 11 | Windows Server version 1803, 2019, and later | Windows Server 2016 and 2012 R2 |
 |---|---|---|---|
@@ -136,7 +136,7 @@ The following table lists the supported operating systems for rules that are cur
 | [Use advanced protection against ransomware](#use-advanced-protection-against-ransomware) | Y <br> version 1803 or later | Y | Y |
 
 > [!NOTE]
-> - For Windows Server 2012 R2 and Windows Server 2016, see [Onboard Windows Server 2012 R2 and Windows Server 2016 to Microsoft Defender for Endpoint](onboard-windows-server-2012r2-2016.md). 
+> - For Windows Server 2012 R2 and Windows Server 2016, see [Onboard Windows Server 2016 and Windows Server 2012 R2](onboard-server.md#onboard-windows-server-2016-and-windows-server-2012-r2). 
 > - If you're using Configuration Manager, the minimum required version of Microsoft Endpoint Configuration Manager is version 2111.
 > - For Windows client devices, "version 1809 or later" and "version 1903 (build 18362)" apply to Windows 10 only.