Merge pull request #422 from MicrosoftDocs/main

merge main to live 10:30 AM 5/14/24

Author: American-Dipper

defender-endpoint/configure-device-connectivity.md

@@ -1,6 +1,6 @@
 ---
 title: Onboarding devices using streamlined connectivity for Microsoft Defender for Endpoint 
-description: Learn how to use a streamlined domain or static IP ranges during onboarding when connecting devices to Microsoft Defender for Endpoint         
+description: Learn how to use a streamlined domain or static IP ranges during onboarding when connecting devices to Microsoft Defender for Endpoint.         
 author: siosulli
 ms.author: siosulli 
 manager: deniseb 
@@ -27,7 +27,7 @@ ms.date: 05/13/2024
 - [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md)
 - [Microsoft Defender XDR](/defender-xdr)
 
-The Microsoft Defender for Endpoint service may require the use of proxy configurations to report diagnostic data and communicate data to the service. Prior to the availability of the streamlined connectivity method, other URLs were required and Defender for Endpoint static IP ranges weren't supported. For more information on preparing your environment, see [STEP 1: Configure your network environment to ensure connectivity with Defender for Endpoint service](configure-environment.md).
+The Microsoft Defender for Endpoint service might require the use of proxy configurations to report diagnostic data and communicate data to the service. Prior to the availability of the streamlined connectivity method, other URLs were required and Defender for Endpoint static IP ranges weren't supported. For more information on preparing your environment, see [STEP 1: Configure your network environment to ensure connectivity with Defender for Endpoint service](configure-environment.md).
 
 This article describes the streamlined device connectivity method and how to onboard new devices to use a simpler deployment and management of Defender for Endpoint cloud connectivity services. For more information on migrating previously onboarded devices, see [Migrating devices to streamlined connectivity](migrate-devices-streamlined.md). 
 
@@ -44,17 +44,17 @@ The Defender for Endpoint-recognized simplified domain: `*.endpoint.security.mic
 To support network devices without hostname resolution or wildcard support, you can alternatively configure connectivity using dedicated Defender for Endpoint static IP ranges. For more information, see [Configure connectivity using static IP ranges](#option-2-configure-connectivity-using-static-ip-ranges).
 
 > [!NOTE] 
-> - The simplified connectivity method will **not change how Microsoft Defender for Endpoint functions on a device nor will it change the end-user experience**. Only the URLs or IPs that a device uses to connect to the service will change.
-> - There currently is no plan to deprecate the old, consolidated service URLs. Devices onboarded with "standard" connectivity will continue to function. It is important to ensure connectivity to *.endpoint.security.microsoft.com is and remains possible, as future services will require it. This new URL is included in all required URL lists.
+> - The streamlined connectivity method will **not change how Microsoft Defender for Endpoint functions on a device nor will it change the end-user experience**. Only the URLs or IPs that a device uses to connect to the service will change.
+> - There currently is no plan to deprecate the old, consolidated service URLs. Devices onboarded with "standard" connectivity will continue to function. It is important to ensure connectivity to `*.endpoint.security.microsoft.com` is and remains possible, as future services will require it. This new URL is included in all required URL lists.
 
 ## Consolidated services 
 
-The following Defender for Endpoint URLs consolidated under the streamlined domain should no longer be required for connectivity if `*.endpoint.security.microsoft.com` is allowed and devices are onboarded using the streamlined onboarding package. You will need to maintain connectivity with other required services not consolidated that are relevant to your organization (for example, CRL, SmartScreen/Network Protection, and Windows Update).
+The following Defender for Endpoint URLs consolidated under the simplified domain should no longer be required for connectivity if `*.endpoint.security.microsoft.com` is allowed and devices are onboarded using the streamlined onboarding package. You need to maintain connectivity with other required services not consolidated that are relevant to your organization (for example, CRL, SmartScreen/Network Protection, and Windows Update).
 
-For the updated list of required URLs, see [Download the spreadsheet here](https://aka.ms/MDE-streamlined-urls).
+For the updated list of required URLs, see [STEP 1: Configure your network environment to ensure connectivity with Defender for Endpoint service](configure-environment.md).
 
 > [!IMPORTANT]
-> If you are configuring using IP ranges, you will need to separately configure the EDR cyberdata service. This service is not consolidated on an IP level. See section below for more details.
+> If you are configuring using IP ranges, you will need to separately configure the EDR cyberdata service. This service is not consolidated on an IP level.
 
 | Category   | Consolidated URLs  |
 |------------|---------------|
@@ -85,9 +85,9 @@ Devices must meet specific prerequisites to use the streamlined connectivity met
 
 **Microsoft Defender Antivirus versions (Windows)**
 
-- **Antimalware Client:** 4.18.2211.5 
-- **Engine:** 1.1.19900.2 
-- **Antivirus (Security Intelligence):** 1.391.345.0
+- **Antimalware Client:** `4.18.2211.5` 
+- **Engine:** `1.1.19900.2` 
+- **Antivirus (Security Intelligence):** `1.391.345.0`
 
 **Defender Antivirus versions (macOS/Linux)**
 
@@ -132,7 +132,7 @@ The following illustration shows the streamlined connectivity process and the co
 
 Once you confirm prerequisites are met, ensure your network environment is properly configured to support the streamlined connectivity method. Follow the steps outlined in [Configure your network environment to ensure connectivity with Defender for Endpoint service](configure-environment.md). 
 
-Defender for Endpoint services consolidated under the simplified method should no longer be required for connectivity. However, some URLs aren't included in the consolidation. 
+Defender for Endpoint service URLs consolidated under simplified domain should no longer be required for connectivity. However, some URLs aren't included in the consolidation. 
 
 Streamlined connectivity allows you to use the following option to configure cloud connectivity:
 
@@ -157,12 +157,12 @@ With streamlined connectivity, IP-based solutions can be used as an alternative
 > [!IMPORTANT]
 > The EDR Cyber data service must be configured separately if you are using the IP method (this service is only consolidated on a URL level).You must also maintain connectivity with other required services including SmartScreen, CRL, Windows Update, and other services.<br/>
 
-In order to stay up to date on IP ranges, it is recommended to refer to the following Azure service tags for Microsoft Defender for Endpoint services. The latest IP ranges will always be found in the service tag. For more information, see [Azure IP ranges](https://azureipranges.azurewebsites.net/).
+In order to stay up to date on IP ranges, it's recommended to refer to the following Azure service tags for Microsoft Defender for Endpoint services. The latest IP ranges are found in the service tag. For more information, see [Azure IP ranges](https://azureipranges.azurewebsites.net/).
 
 | Service tag name    |    Defender for Endpoint services included   |
 |:---|:---|
 | MicrosoftDefenderForEndpoint | MAPS, Malware Sample Submission Storage, Auto-IR Sample Storage,  Command and Control. |
-| OneDsCollector | EDR Cyberdata <br/><br/> Note: The traffic under this service tag isn't limited to Defender for Endpoint and may include diagnostic data traffic for other Microsoft services. |
+| OneDsCollector | EDR Cyberdata <br/><br/> Note: The traffic under this service tag isn't limited to Defender for Endpoint and can include diagnostic data traffic for other Microsoft services. |
 
 The following table lists the current static IP ranges. For latest list, refer to the Azure service tags.
 
@@ -193,7 +193,7 @@ To test streamlined connectivity for devices not yet onboarded to Defender for E
 
 - Run `mdeclientanalyzer.cmd -g <GW_US, GW_UK, GW_EU>` , where parameter is of GW_US, GW_EU, GW_UK. GW refers to the streamlined option. Run with applicable tenant geo.
 
-As a supplementary check, you can also use the client analyzer to test whether a device meets pre-requisites: https://aka.ms/BetaMDEAnalyzer
+As a supplementary check, you can also use the client analyzer to test whether a device meets prerequisites: https://aka.ms/BetaMDEAnalyzer
 
 
 > [!NOTE]
@@ -203,34 +203,37 @@ As a supplementary check, you can also use the client analyzer to test whether a
 
 Once you configure your network to communicate with the full list of services, you can begin onboarding devices using the streamlined method. 
 
-Before proceeding, confirm devices meet the [prerequisites](#prerequisites) and have updated the sensor and Microsoft Defender Antivirus versions. 
+Before proceeding, confirm devices meet the [prerequisites](#prerequisites) and have updated sensor and Microsoft Defender Antivirus versions. 
 
 
-To get the new package, in Microsoft Defender XDR, select **Settings > Endpoints > Device management> Onboarding**.
+1. To get the new package, in Microsoft Defender XDR, select **Settings > Endpoints > Device management> Onboarding**.
 
+2. Select the applicable operating system and choose "Streamlined" from the Connectivity type dropdown menu.
 
-Select the applicable operating system and choose "Streamlined (preview)" from the Connectivity type dropdown menu.
-
- For new devices (not onboarded to Defender for Endpoint) supported under this method, follow onboarding steps from previous sections using the updated onboarded package with your preferred deployment method:
+3. For new devices (not onboarded to Defender for Endpoint) supported under this method, follow onboarding steps from previous sections using the updated onboarded package with your preferred deployment method:
 
 - [Onboard Windows Client](onboard-windows-client.md)
 - [Onboard Windows Server](configure-server-endpoints.md)
 - [Onboard non-Windows devices](configure-endpoints-non-windows.md)
 - [Run a detection test on a device to verify it has been properly onboarded to Microsoft Defender for Endpoint](run-detection-test.md)
 
 
-Exclude devices from any existing onboarding policies that use the standard onboarding package.
+4. Exclude devices from any existing onboarding policies that use the standard onboarding package.
 
 For migrating devices already onboarded to Defender for Endpoint, see [Migrating devices to the streamlined connectivity](migrate-devices-streamlined.md). You must reboot your device and follow specific guidance here.  
 
-:::image type="content" source="media/migrate-devices-streamlined.png" alt-text="Screenshot of onboarding page with streamlined connectivity":::
+### Stage 5. Set the default onboarding package to streamlined connectivity
 
-When you're ready to set the default onboarding package to streamlined, you can turn on the following Advanced Feature setting in the Microsoft Defender portal (**Settings > Endpoints > Advanced Features**). For onboarding through Intune & Microsoft Defender for Cloud, you will need to activate the relevant option. Devices already onboarded will not automatically re-onboard; you will need to create a new policy in Intune, where it is recommended to first assign the policy to a set of test devices to verify connectivity is successful, before expanding the audience. Devices in Defender for Cloud can be re-onboarded using the relevant onboarding script.
+When you're ready to set the default onboarding package to streamlined, you can turn on the following Advanced Feature setting in the Microsoft Defender portal (**Settings > Endpoints > Advanced Features**). 
 
-> [!NOTE]
-> Before moving forward with this option, validate that your environment is ready and all devices meet prerequisites.
+<img width="593" alt="image" src="https://github.com/MicrosoftDocs/defender-docs-pr/assets/30799281/3509aeec-bbab-4efd-a328-0608a11cc6d1">
+
+This setting sets the default onboarding package to 'streamlined' for applicable operating systems.  You can still use the standard onboarding package within the onboarding page but you must specifically select it in the drop-down.  
 
+For onboarding through Intune & Microsoft Defender for Cloud, you need to activate the relevant option. Devices already onboarded don't automatically reonboard; you need to create a new policy in Intune, where it's recommended to first assign the policy to a set of test devices to verify connectivity is successful, before expanding the audience. Devices in Defender for Cloud can be reonboarded using the relevant onboarding script.
+
+> [!NOTE]
+> - Only tenants created on or before May 8th, 2024 have the option to switch between standard and streamlined connectivity. Newer tenants will only support streamlined connectivity.
+> - Before moving forward with this option, validate that your environment is ready and all devices meet prerequisites.
 
-:::image type="content" source="media/advanced-setting-streamlined-connectivity.png" alt-text="Screenshot of advanced settings page with streamlined connectivity option":::
 
-This setting sets the default onboarding package to *streamlined* for applicable operating systems.  You can still use the standard onboarding package within the onboarding page, but you must specifically select it in the drop-down.  

defender-office-365/safe-links-about.md

@@ -61,7 +61,7 @@ Safe Links protection by Safe Links policies is available in the following locat
   >
   > Safe Links supports only HTTP(S) and FTP formats.
   >
-  > Although Safe Links no longer wraps URLs pointing to SharePoint sites, SharePoint URLs are still processed by Safe Links. This change improves the performance of loading SharePoint URLs without degrading protection.
+  > Safe Links no longer wraps URLs pointing to SharePoint sites. SharePoint URLs are still processed by the Safe Links service. This change doesn't cause a degradation in the protection a tenant receives. It's intended to improve the performance of loading SharePoint URLs.
   >
   > Using another service to wrap links before Defender for Office 365 might prevent Safe Links from process links, including wrapping, detonating, or otherwise validating the "maliciousness" of the link.
 

defender-vulnerability-management/fixed-reported-inaccuracies.md

@@ -32,13 +32,45 @@ This article provides information on inaccuracies that have been reported. You c
 
 The following tables present the relevant vulnerability information organized by month:
 
+## May 2024
+
+| Inaccuracy report ID | Description | Fix date |
+|---|---|---|
+| - | Fixed inaccuracy in Microsoft Visual Studio Code | 06-May-24 |
+| - | Added Microsoft Defender Vulnerability Management support to NextGen Mirth Connect | 08-May-24 |
+| 54538 | Fixed inaccuracy in Pippo product | 08-May-24 |
+| - | Fixed inaccuracy in FortiClient Endpoint Management | 08-May-24 |
+
+## April 2024
+
+| Inaccuracy report ID | Description | Fix date |
+|---|---|---|
+| 46816 | Fixed inaccuracy in Telerik Progress | 01-Apr-24 |
+| - | Fixed inaccuracy in CVE-2024-28916 | 01-Apr-24 |
+| - | Fixed inaccuracies in OpenSSL invalid file detections | 01-Apr-24 |
+| 48792 | Fixed inaccuracy in CVE-2023-4895 | 02-Apr-24 |
+| - | Fixed invalid version detections in Anydesk | 02-Apr-24 |
+| 50593 | Fixed inaccuracy in CVE-2023-6237 | 02-Apr-24 |
+| - | Defender Vulnerability Management doesn't currently support CVE-2024-27088 | 02-Apr-24 |
+| 44989 | Fixed inaccuracy in Ubuntu & Debian Samba | 03-Apr-24 |
+| 49233 | Fixed inaccuracy in Suse Kernel-devel | 03-Apr-24 |
+| 35636 | Fixed inaccuracy in Azul Zulu | 08-Apr-24 |
+| 48792 | Fixed inaccuracy in CVE-2021-32823 | 09-Apr-24 |
+| 53310 | Fixed inaccuracy in CVE-2020-8284 | 14-Apr-24 |
+| 53315 | Defender Vulnerability Management doesn't currently support ThinkPad P14S Gen3 | 15-Apr-24 |
+| 49836 | Fixed inaccuracies in OpenEdge invalid file detections | 15-Apr-24 |
+| 48996 | Fixed inaccuracy in Connectwise ScreenConnect Client | 16-Apr-24 |
+| - | Fixed inaccurate product considerations in Apple | 16-Apr-24 |
+| 49565 | Fixed inaccuracy in GitHub vulnerabilities - CVE-2012-2055 and CVE-2024-0727 | 16-Apr-24 |
+
 ## March 2024
 
 | Inaccuracy report ID | Description | Fix date |
 |---|---|---|
 | - | Defender Vulnerability Management doesn't currently support CVE-2023-4966 | 05-Mar-24 |
 | 47296 | Defender Vulnerability Management doesn't currently support Bitdefender Vulnerabilities - CVE-2017-17408, CVE-2017-17409 & CVE-2017-17410 | 05-Mar-24 |
 | 45748 | Fixed inaccuracy in Zscaler Client Connector | 14-Mar-24 |
+| - | Fixed inaccuracies in Weblogic Server invalid file detections | 19-Mar-24 |
 | 49672 | Fixed inaccuracy in CVE-2024-0819 | 20-Mar-24 |
 | 30583 | Fixed inaccuracy in Opera Browser | 21-Mar-24 |
 | - | Fixed inaccuracy in Autodesk Civil 3D and Anydesk | 21-Mar-24 |
@@ -52,6 +84,8 @@ The following tables present the relevant vulnerability information organized by
 | 46021 | Defender Vulnerability Management doesn't currently support CVE-2023-6129 | 26-Mar-24 |
 | - | Fixed inaccuracy in Ultraedit | 26-Mar-24 |
 | - | Defender Vulnerability Management doesn't currently support CVE-2023-47248 | 26-Mar-24 |
+| - | Fixed inaccuracy in CVE-2024-20337 | 26-Mar-24 |
+| - | Fixed inaccuracy in Python | 26-Mar-24 |
 | - | Fixed inaccuracy in Mitel 6920 & 6930 Firmwares | 31-Mar-24 |
 
 ## February 2024

defender-xdr/custom-detection-rules.md

@@ -149,6 +149,7 @@ You can run a query continuously as long as:
 - The query references one table only.
 - The query uses an operator from the list of supported KQL operators. **[Supported KQL features](/azure/azure-monitor/essentials/data-collection-transformations-structure#supported-kql-features)**
 - The query doesn't use joins, unions, or the `externaldata` operator.
+- The query doesn't include any comments line/information.
 
 ###### Tables that support Continuous (NRT) frequency