Merge pull request #3132 from MicrosoftDocs/main

Publish main to live, 03/13/25, 10:30 AM PDT

Author: Ruchika-mittal01

.openpublishing.redirection.defender-xdr.json

@@ -309,6 +309,11 @@
       "source_path": "defender-xdr/microsoft-365-defender-integration-with-azure-sentinel.md",
       "redirect_url": "/azure/sentinel/microsoft-365-defender-sentinel-integration",
       "redirect_document_id": false
-    }                                            
+    },
+    {
+      "source_path": "defender-xdr/microsoft-365-security-center-defender-cloud.md",
+      "redirect_url": "/azure/defender-for-cloud/concept-integration-365",
+      "redirect_document_id": false
+    }                                                
   ]
 }

CloudAppSecurityDocs/api-activities-feedback.md

@@ -32,7 +32,7 @@ POST /api/v1/activities/<pk>/feedback
 
 ### Request
 
-Here is an example of the request.
+Here's an example of the request.
 
 ```rest
 curl -XPOST -H "Authorization:Token <your_token_key>"  -H "Content-Type: application/json" "https://<tenant_id>.<tenant_region>.portal.cloudappsecurity.com/api/v1/activities/<pk>/feedback" -d '{
@@ -49,7 +49,7 @@ Returns a list of activities in JSON format.
 
 ```json
 {
-  "total": 5 // total number of records
+  "total": 5 // approximate number of records
   "hasNext": true // whether there is more data to show or not.
   "data": [
     // returned records

CloudAppSecurityDocs/api-activities-list.md

@@ -24,7 +24,7 @@ POST /api/v1/activities/
 
 | Parameter | Description |
 | --- | --- |
-| filters | Filter objects with all the search filters for the request, see [activity filters](api-activities.md#filters) for more details |
+| filters | Filter objects with all the search filters for the request, for more details see [activity filters](api-activities.md#filters)  |
 | sortDirection | The sorting direction. Possible values are: `asc` and `desc` |
 | sortField | Fields used to sort activities. Possible values are: <li> **date**: The date when then the activity happened <li> **created**: The [timestamp](api-introduction.md#timestamps) when the activity was saved |
 | skip | Skips the specified number of records |
@@ -34,7 +34,7 @@ POST /api/v1/activities/
 
 ### Request
 
-Here is an example of the request.
+Here's an example of the request.
 
 ```rest
 curl -XPOST -H "Authorization:Token <your_token_key>" -H "Content-Type: application/json" "https://<tenant_id>.<tenant_region>.portal.cloudappsecurity.com/api/v1/activities/" -d '{
@@ -53,7 +53,7 @@ Returns a list of activities in JSON format.
 
 ```json
 {
-  "total": 5 // total number of records
+  "total": 5 // approximate number of records
   "hasNext": true // whether there is more data to show or not.
   "data": [
     // returned records

CloudAppSecurityDocs/api-data-enrichment-list.md

@@ -24,7 +24,7 @@ POST /api/v1/subnet/
 
 | Parameter | Description |
 | --- | --- |
-| filters | Filter objects with all the search filters for the request, see [IP range filters](api-data-enrichment.md#filters) for more details |
+| filters | Filter objects with all the search filters for the request, for more details see [IP range filters](api-data-enrichment.md#filters)  |
 | sortDirection | The sorting direction. Possible values are: `asc` and `desc` |
 | sortField | Fields used to sort IP ranges. Possible values are:<br />- **category**: The category of the IP range<br />- **tags**: The tags of the IP range<br />- **name**: The name of the IP range |
 | skip | Skips the specified number of records |
@@ -34,7 +34,7 @@ POST /api/v1/subnet/
 
 ### Request
 
-Here is an example of the request.
+Here's an example of the request.
 
 ```rest
 curl -XPOST -H "Authorization:Token <your_token_key>" -H "Content-Type: application/json" "https://<tenant_id>.<tenant_region>.portal.cloudappsecurity.com/api/v1/subnet/" -d '{
@@ -53,7 +53,7 @@ Returns a list of IP ranges in JSON format. For information about the response f
 
 ```json
 {
-  "total": 1 // total number of records
+  "total": 1 // approximate number of records
   "hasNext": false // whether there is more data to show or not.
   "data": [
     {

CloudAppSecurityDocs/api-entities-list.md

@@ -27,7 +27,7 @@ POST /api/v1/entities/
 
 | Parameter | Description |
 | --- | --- |
-| filters | Filter objects with all the search filters for the request, see [entity filters](api-entities.md#filters) for more details |
+| filters | Filter objects with all the search filters for the request, for more details see [entity filters](api-entities.md#filters)  |
 | sortDirection | The sorting direction. Possible values are: `asc` and `desc` |
 | sortField | Fields used to sort entities. Possible values are:<br />- **date**: The date when then the entity was created<br />- **severity**: The severity of the entity |
 | skip | Skips the specified number of records |
@@ -37,7 +37,7 @@ POST /api/v1/entities/
 
 ### Request
 
-Here is an example of the request.
+Here's an example of the request.
 
 ```rest
 curl -XPOST -H "Authorization:Token <your_token_key>" -H "Content-Type: application/json" "https://<tenant_id>.<tenant_region>.portal.cloudappsecurity.com/api/v1/entities/" -d '{
@@ -56,7 +56,7 @@ Returns a list of activities in JSON format.
 
 ```json
 {
-  "total": 5 // total number of records
+  "total": 5 // approximate number of records
   "hasNext": true // whether there is more data to show or not.
   "data": [
     // returned records

CloudAppSecurityDocs/api-files-list.md

@@ -11,7 +11,7 @@ ms.topic: reference
 > [!NOTE]
 >
 > - This API is not available for Microsoft 365 Cloud App Security.
-> - This endpoint may time out when filtering and paginating large collections.
+> - This endpoint might time out when filtering and paginating large collections.
 
 Run the GET or POST request to fetch a list of files matching the specified filters.
 
@@ -29,15 +29,15 @@ POST /api/v1/files/
 
 | Parameter | Description |
 | --- | --- |
-| filters | Filter objects with all the search filters for the request, see [file filters](api-files.md#filters) for more details |
+| filters | Filter objects with all the search filters for the request, for more details see [file filters](api-files.md#filters)  |
 | skip | Skips the specified number of records |
 | limit | Maximum number of records returned by the request |
 
 ## Example
 
 ### Request
 
-Here is an example of the request.
+Here's an example of the request.
 
 ```rest
 curl -XPOST -H "Authorization:Token <your_token_key>" -H "Content-Type: application/json" "https://<tenant_id>.<tenant_region>.portal.cloudappsecurity.com/api/v1/files/" -d '{
@@ -56,7 +56,7 @@ Returns a list of files in JSON format.
 
 ```json
 {
-  "total": 5 // total number of records
+  "total": 5 // approximate number of records
   "hasNext": true // whether there is more data to show or not.
   "data": [
     // returned records

CloudAppSecurityDocs/toc.yml

@@ -439,7 +439,7 @@ items:
 - name: Reference
   items:
   - name: Microsoft Graph API reference
-    href: /graph/api/resources/security-cloudappdiscovery-overview?view=graph-rest-beta
+    href: /graph/api/resources/security-cloudappdiscovery-overview?view=graph-rest-beta&preserve-view=true
   - name: REST API reference
     items:
     - name: Introduction
@@ -466,72 +466,72 @@ items:
         href: api-activities-fetch.md
       - name: Feedback on activity
         href: api-activities-feedback.md
-      - name: Alerts
-        items:
-        - name: Overview
-          href: api-alerts.md
-        - name: List alerts
-          href: api-alerts-list.md
-        - name: Close benign
-          href: api-alerts-close-benign.md
-        - name: Close false positive
-          href: api-alerts-close-false-positive.md
-        - name: Close true positive
-          href: api-alerts-close-true-positive.md
-        - name: Fetch alert
-          href: api-alerts-fetch.md
-        - name: Mark alert as read
-          href: api-alerts-mark-read.md
-        - name: Mark alert as unread
-          href: api-alerts-mark-unread.md
-      - name: Cloud Discovery
-        items:
-        - name: Overview
-          href: api-discovery.md
-        - name: Initiate file upload
-          href: api-discovery-initiate.md
-        - name: Perform file upload
-          href: api-discovery-perform.md
-        - name: Finalize file upload
-          href: api-discovery-finalize.md
-        - name: List continuous reports
-          href: api-discovery-list-streams.md
-        - name: List continuous report categories
-          href: api-discovery-list-categories.md
-        - name: Generate block script
-          href: api-discovery-script.md
-      - name: Data Enrichment
-        items:
-        - name: Overview
-          href: api-data-enrichment.md
-        - name: Manage IP address ranges using the API
-          href: api-data-enrichment-manage-script.md
-        - name: List IP ranges
-          href: api-data-enrichment-list.md
-        - name: Create IP address range
-          href: api-data-enrichment-create.md
-        - name: Update IP address range
-          href: api-data-enrichment-update.md
-        - name: Delete IP address range
-          href: api-data-enrichment-delete.md
-      - name: Entities
-        items:
-        - name: Overview
-          href: api-entities.md
-        - name: List entities
-          href: api-entities-list.md
-        - name: Fetch entity
-          href: api-entities-fetch.md
-        - name: Fetch entity tree
-          href: api-entities-fetch-tree.md
-      - name: Files
-        items:
-        - name: Overview
-          href: api-files.md
-        - name: List Files
-          href: api-files-list.md
-        - name: Fetch File
-          href: api-files-fetch.md
+    - name: Alerts
+      items:
+      - name: Overview
+        href: api-alerts.md
+      - name: List alerts
+        href: api-alerts-list.md
+      - name: Close benign
+        href: api-alerts-close-benign.md
+      - name: Close false positive
+        href: api-alerts-close-false-positive.md
+      - name: Close true positive
+        href: api-alerts-close-true-positive.md
+      - name: Fetch alert
+        href: api-alerts-fetch.md
+      - name: Mark alert as read
+        href: api-alerts-mark-read.md
+      - name: Mark alert as unread
+        href: api-alerts-mark-unread.md
+    - name: Cloud Discovery
+      items:
+      - name: Overview
+        href: api-discovery.md
+      - name: Initiate file upload
+        href: api-discovery-initiate.md
+      - name: Perform file upload
+        href: api-discovery-perform.md
+      - name: Finalize file upload
+        href: api-discovery-finalize.md
+      - name: List continuous reports
+        href: api-discovery-list-streams.md
+      - name: List continuous report categories
+        href: api-discovery-list-categories.md
+      - name: Generate block script
+        href: api-discovery-script.md
+    - name: Data Enrichment
+      items:
+      - name: Overview
+        href: api-data-enrichment.md
+      - name: Manage IP address ranges using the API
+        href: api-data-enrichment-manage-script.md
+      - name: List IP ranges
+        href: api-data-enrichment-list.md
+      - name: Create IP address range
+        href: api-data-enrichment-create.md
+      - name: Update IP address range
+        href: api-data-enrichment-update.md
+      - name: Delete IP address range
+        href: api-data-enrichment-delete.md
+    - name: Entities
+      items:
+      - name: Overview
+        href: api-entities.md
+      - name: List entities
+        href: api-entities-list.md
+      - name: Fetch entity
+        href: api-entities-fetch.md
+      - name: Fetch entity tree
+        href: api-entities-fetch-tree.md
+    - name: Files
+      items:
+      - name: Overview
+        href: api-files.md
+      - name: List Files
+        href: api-files-list.md
+      - name: Fetch File
+        href: api-files-fetch.md
 - name: Resources
   items:
   - name: Licensing datasheet

defender-endpoint/device-health-microsoft-defender-antivirus-health.md

@@ -6,7 +6,7 @@ ms.service: defender-endpoint
 ms.author: ewalsh
 author: emmwalshh
 ms.localizationpriority: medium
-ms.date: 02/19/2025
+ms.date: 03/13/2025
 manager: deniseb
 audience: ITPro
 ms.collection:
@@ -44,14 +44,29 @@ The Device Health report provides information about the devices in your organiza
 
 In the Microsoft Defender portal, in the navigation pane, select **Reports**, and then open **Device health and compliance**. The [**Microsoft Defender Antivirus health** tab](#microsoft-defender-antivirus-health-tab) has eight cards that report on the following aspects of Microsoft Defender Antivirus:
 
-- [Antivirus mode card](#antivirus-mode-card)
-- [Antivirus engine version card](#antivirus-engine-version-card)
-- [Antivirus security intelligence version card](#antivirus-security-intelligence-version-card)
-- [Antivirus platform version card](#antivirus-platform-version-card)
-- [Recent antivirus scan results card](#recent-antivirus-scan-results-card)
-- [Antivirus engine updates card](#antivirus-engine-updates-card)
-- [Security intelligence updates card](#security-intelligence-updates-card)
-- [Antivirus platform updates card](#antivirus-platform-updates-card)
+- [Device health, Microsoft Defender Antivirus health report](#device-health-microsoft-defender-antivirus-health-report)
+  - [View device health cards](#view-device-health-cards)
+  - [Report access permissions](#report-access-permissions)
+  - [Microsoft Defender Antivirus health tab](#microsoft-defender-antivirus-health-tab)
+    - [Prerequisites](#prerequisites)
+    - [Card functionality](#card-functionality)
+      - [New Microsoft Defender Antivirus filter definitions](#new-microsoft-defender-antivirus-filter-definitions)
+      - [Export report](#export-report)
+        - [Top level export](#top-level-export)
+    - [Microsoft Defender Antivirus version and update cards functionality](#microsoft-defender-antivirus-version-and-update-cards-functionality)
+      - [Full report](#full-report)
+    - [Card descriptions](#card-descriptions)
+      - [Antivirus mode card](#antivirus-mode-card)
+      - [Recent antivirus scan results card](#recent-antivirus-scan-results-card)
+      - [Antivirus engine version card](#antivirus-engine-version-card)
+      - [Antivirus security intelligence version card](#antivirus-security-intelligence-version-card)
+        - [Antivirus platform version card](#antivirus-platform-version-card)
+      - [Up-to-date cards](#up-to-date-cards)
+        - [Up-to-date definitions](#up-to-date-definitions)
+        - [Antivirus engine updates card](#antivirus-engine-updates-card)
+      - [Antivirus platform updates card](#antivirus-platform-updates-card)
+        - [Security intelligence updates card](#security-intelligence-updates-card)
+  - [See also](#see-also)
 
 ## Report access permissions
 
@@ -108,14 +123,16 @@ For the three `updates` cards (also known as up-to-date reporting cards), "**No
 
 Up-to-date reporting generates information for devices that meet the following criteria:
 
-- Engine version: 1.1.19300.2+
-- Platform version: 4.18.2202.1+
-- Cloud protection enabled
-- Sense (MsSense.exe): **10.8210.** \*+
-- Windows OS - Windows 10 1809 or later
+* **Windows:**
+  * OS - Windows 10 1809 or later  
+  * Engine version: 1.1.19300.2+  
+  * Platform version: 4.8.2202.1+  
+  * Sense (MsSense.exe): 10.8210.*+  
+
+* **Linux and Mac:**
+  * Platform version: 101.23112.*+  
 
-  > [!NOTE]
-  > \* Currently up to date reporting is only available for Windows and Linux devices. Mac devices are listed under “no such data available or unknown".
+* **Cloud Protection enabled**
 
 :::image type="content" source="media/device-health-defender-antivirus-health-tab.png" alt-text="Shows the Microsoft Defender Antivirus Health tab." lightbox="media/device-health-defender-antivirus-health-tab.png":::
 

defender-xdr/microsoft-365-defender-portal.md

@@ -32,7 +32,7 @@ To learn more about the services that are part of the Microsoft Defender portal,
 - **[Microsoft Defender for Office 365 in the Microsoft Defender portal](microsoft-365-security-center-mdo.md)**
 - **[Microsoft Defender for Identity in the Microsoft Defender portal](/defender-for-identity/microsoft-365-security-center-mdi)**
 - **[Microsoft Defender for Cloud Apps in the Microsoft Defender portal](/defender-cloud-apps/microsoft-365-security-center-defender-cloud-apps)**
-- **[Microsoft Defender for Cloud alerts and incidents in the Microsoft Defender portal](microsoft-365-security-center-defender-cloud.md)**
+- **[Microsoft Defender for Cloud integration with Microsoft Defender XDR](/azure/defender-for-cloud/concept-integration-365)**
 - **[Microsoft Purview Data Loss Prevention alerts in the Microsoft Defender portal](dlp-investigate-alerts-defender.md)**
 - **[Microsoft Defender Vulnerability Management in the Microsoft Defender portal](/defender-vulnerability-management/defender-vulnerability-management)**
 - **[Microsoft Security Copilot embedded experience in the Microsoft Defender portal](security-copilot-in-microsoft-365-defender.md)**