Merge branch 'main' into batamig-patch-3

Author: batamig

defender-business/get-defender-business.md

@@ -5,17 +5,14 @@ search.appverid: MET150
 author: siosulli
 ms.author: siosulli
 manager: deniseb
-
 audience: Admin
 ms.topic: overview
 ms.service: defender-business
 ms.localizationpriority: medium
-ms.date: 09/07/2023
+ms.date: 06/07/2024
 ms.reviewer: efratka
 f1.keywords: NOCSH
-
 ms.collection:
-
 - SMB
 - m365-security
 - tier1
@@ -34,9 +31,6 @@ Sections include:
 - **[Portals that you use](#portals-you-use-for-setup-and-management)** to set up, configure, and manage Defender for Business
 - **[Next steps](#next-step)**, such as adding users and assigning licenses.
 
-> [!IMPORTANT]
-> You should be a global administrator to complete the tasks described in this article. The person who signs your company up for Microsoft 365 is a global administrator. [Learn more about admin roles in the Microsoft 365 admin center](/Microsoft-365/admin/add-users/about-admin-roles).
-
 ## How to get Microsoft Defender for Business
 
 To get Defender for Business, you can choose from several options:
@@ -107,7 +101,7 @@ Microsoft has a list of solution providers who are authorized to sell offerings,
 
 Microsoft Defender for Business servers is an add-on to Defender for Business that enables you to secure your server operating systems with the same protection that you get for client devices in Defender for Business.
 
-1. Go to the Microsoft 365 admin center ([https://admin.microsoft.com/](https://admin.microsoft.com/)), and sign in.
+1. Go to the [Microsoft 365 admin center](https://admin.microsoft.com), and sign in.
 
 2. In the navigation pane, choose **Billing** > **Purchase services**.
 
@@ -118,7 +112,6 @@ Microsoft Defender for Business servers is an add-on to Defender for Business th
 > [!IMPORTANT]
 >
 > - In order to add on Microsoft Defender for Business servers, you'll need at least one paid license for [Defender for Business](mdb-overview.md) (standalone) or [Microsoft 365 Business Premium](/Microsoft-365/business-premium/m365bp-overview).
->
 > - There's a limit of 60 Microsoft Defender for Business servers licenses per subscription to Microsoft 365 Business Premium or Defender for Business.
 > - If preferred, you could use [Microsoft Defender for Servers Plan 1 or Plan 2](/azure/defender-for-cloud/plan-defender-for-servers) instead to onboard your servers. To learn more, see [What happens if I have a mix of Microsoft endpoint security subscriptions](mdb-faq.yml#what-happens-if-i-have-a-mix-of-microsoft-endpoint-security-subscriptions)?
 
@@ -133,10 +126,12 @@ If your subscription also includes Microsoft Intune, you use the Intune admin ce
 
 |Portal|Description|
 |---|---|
-|The Microsoft 365 admin center ([https://admin.microsoft.com/](https://admin.microsoft.com/))|Use the Microsoft 365 admin center to activate your trial and sign in for the first time. You can also use the Microsoft 365 admin center to: <br/>- Add or remove users.<br/>- Assign user licenses.<br/>- View your products and services.<br/>- Complete setup tasks for your Microsoft 365 subscription.<br/><br/>To learn more, see [Overview of the Microsoft 365 admin center](/Microsoft-365/admin/admin-overview/admin-center-overview).|
-|The Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com))|Use the Microsoft Defender portal to set up and configure Defender for Business, and to monitor your devices and threat detections. You use the Microsoft Defender portal to: <br/>- View your devices and device protection policies.<br/>- View detected threats and take action.<br/>- View security recommendations and manage your security settings.<br/><br/>To learn more, see [Get started using the Microsoft Defender portal](mdb-get-started.md).|
-|The Intune admin center ([https://intune.microsoft.com/](https://intune.microsoft.com/))|Use the Intune admin center to set up multifactor authentication (MFA), onboard iOS and Android devices, and configure certain capabilities, such as [attack surface reduction rules](mdb-asr.md).<br/><br/>To learn more about Intune, see [Microsoft Intune is an MDM and MAM provider for your devices](/mem/intune/fundamentals/what-is-intune).|
+|The [Microsoft 365 admin center](https://admin.microsoft.com/)|Use the Microsoft 365 admin center to activate your trial and sign in for the first time. You can also use the Microsoft 365 admin center to: <br/>- Add or remove users.<br/>- Assign user licenses.<br/>- View your products and services.<br/>- Complete setup tasks for your Microsoft 365 subscription.<br/><br/>To learn more, see [Overview of the Microsoft 365 admin center](/Microsoft-365/admin/admin-overview/admin-center-overview).|
+|The [Microsoft Defender portal](https://security.microsoft.com)|Use the Microsoft Defender portal to set up and configure Defender for Business, and to monitor your devices and threat detections. You use the Microsoft Defender portal to: <br/>- View your devices and device protection policies.<br/>- View detected threats and take action.<br/>- View security recommendations and manage your security settings.<br/><br/>To learn more, see [Get started using the Microsoft Defender portal](mdb-get-started.md).|
+|The [Intune admin center](https://intune.microsoft.com/)|Use the Intune admin center to set up multifactor authentication (MFA), onboard iOS and Android devices, and configure certain capabilities, such as [attack surface reduction rules](mdb-asr.md).<br/><br/>To learn more about Intune, see [Microsoft Intune is an MDM and MAM provider for your devices](/mem/intune/fundamentals/what-is-intune).|
 
 ## Next step
 
+- [Assign administrator roles](/microsoft-365/admin/add-users/assign-admin-roles)
+
 - Proceed to [Step 2: Add users and assign licenses in Microsoft Defender for Business](mdb-add-users.md).

defender-business/mdb-add-users.md

@@ -9,7 +9,7 @@ audience: Admin
 ms.topic: conceptual
 ms.service: defender-business
 ms.localizationpriority: medium
-ms.date: 05/01/2023
+ms.date: 06/07/2024
 ms.collection: 
 - m365-security
 - tier1
@@ -25,10 +25,7 @@ As soon as you have signed up for Defender for Business, your first step is to a
 
 ## Add users and assign licenses
 
-> [!IMPORTANT]
-> You must be a global administrator to perform this task.  The person who signed up your company for Microsoft 365 or for Defender for Business is a global administrator by default.
-
-1. Go to the Microsoft 365 admin center at [https://admin.microsoft.com](https://admin.microsoft.com) and sign in.
+1. Go to the [Microsoft 365 admin center](https://admin.microsoft.com) and sign in.
 
 2. Go to **Users** > **Active users**, and then select **Add a user**.
 
@@ -50,9 +47,6 @@ As soon as you have signed up for Defender for Business, your first step is to a
 
 One good way to make sure MFA is enabled for all users is by using [security defaults](/azure/active-directory/fundamentals/concept-fundamentals-security-defaults). If your tenant was created on or after October 22, 2019, security defaults might be enabled automatically in your tenant. Use the following procedure to confirm or enable security defaults.
 
-> [!IMPORTANT]
-> You must be a security administrator, Conditional Access administrator, or Global Administrator to perform this task.
-
 1. Go to the Azure portal ([https://portal.azure.com/](https://portal.azure.com/)) and sign in.
 
 2. Under **Manage Microsoft Entra ID**, select **View**.

defender-business/mdb-asr.md

@@ -4,7 +4,7 @@ description: Get an overview of attack surface reduction capabilities, including
 author: siosulli
 ms.author: siosulli
 manager: deniseb 
-ms.date: 11/30/2023
+ms.date: 06/07/2024
 ms.topic: conceptual
 ms.service: defender-business
 ms.localizationpriority: medium 
@@ -38,7 +38,7 @@ These rules help protect your network and devices but shouldn't cause disruption
 
 ## Set up ASR rules using Intune
 
-1. As a global administrator, in the Microsoft Intune admin center ([https://intune.microsoft.com/](https://intune.microsoft.com/)), go to **Endpoint security** > **Attack surface reduction**.
+1. In the [Microsoft Intune admin center](https://intune.microsoft.com/), go to **Endpoint security** > **Attack surface reduction**.
 
 2. Choose **Create policy** to create a new policy.
 
@@ -70,7 +70,7 @@ These rules help protect your network and devices but shouldn't cause disruption
 
 Defender for Business includes an attack surface reduction report that shows how attack surface reduction rules are working for you.
 
-1. As a global administrator, in the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, choose **Reports**.
+1. In the [Microsoft Defender portal](https://security.microsoft.com), in the navigation pane, choose **Reports**.
 
 2. Under **Endpoints**, choose **Attack surface reduction rules**. The report opens and includes three tabs:
 

defender-business/mdb-attack-disruption.md

@@ -4,7 +4,7 @@ description: Learn about automatic attack disruption in Microsoft Defender for B
 author: siosulli
 ms.author: siosulli
 manager: deniseb 
-ms.date: 10/12/2023
+ms.date: 06/07/2024
 ms.topic: conceptual
 ms.service: defender-business
 ms.localizationpriority: medium 
@@ -41,8 +41,8 @@ Automated response actions include:
 - Containing a user account by disconnecting current user connections at the device level
 
 > [!IMPORTANT]
-> - To view information about a detected advanced attack, you must have the Security Reader, Security Administrator, or Global Administrator role assigned.
-> - To take remediation actions, release a contained device/user, or re-enable a user account, you must have either the Security Administrator or Global Administrator role assigned.
+> - To view information about a detected advanced attack, you must have an appropriate role, such as Security Reader or Security Administrator assigned.
+> - To take remediation actions, release a contained device/user, or re-enable a user account, you must have the Security Administrator role assigned.
 > - See [Security roles and permissions in Defender for Business](mdb-roles-permissions.md).
 
 <a name='view-details-about-an-attack-in-the-microsoft-365-defender-portal'></a>

defender-business/mdb-controlled-folder-access.md

@@ -4,7 +4,7 @@ description: Get an overview of attack surface reduction capabilities in Microso
 author: siosulli
 ms.author: siosulli
 manager: deniseb 
-ms.date: 08/21/2023
+ms.date: 06/07/2024
 ms.topic: conceptual
 ms.service: defender-business
 ms.localizationpriority: medium 
@@ -23,7 +23,7 @@ Controlled folder access allows only trusted apps to access protected folders on
 
 ## Set up controlled folder access
 
-1. As a global administrator, in the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Endpoint security** > **Attack surface reduction**.
+1. In the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Endpoint security** > **Attack surface reduction**.
 
 2. Select an existing policy, or choose **Create policy** to create a new policy.
 

defender-business/mdb-manage-devices.md

@@ -9,7 +9,7 @@ audience: Admin
 ms.topic: how-to
 ms.service: defender-business
 ms.localizationpriority: medium
-ms.date: 05/10/2023
+ms.date: 06/07/2024
 ms.reviewer: nehabha
 f1.keywords: NOCSH 
 ms.collection: 
@@ -33,13 +33,6 @@ In Defender for Business, you can manage devices as follows:
 
 :::image type="content" source="/defender/media/defender-business/mdb-device-inventory.png" alt-text="Screenshot of device inventory":::
 
-> [!IMPORTANT]
-> In order to view the list of onboarded devices, you must have one of the following [roles](mdb-roles-permissions.md) assigned: 
-> 
-> - Global Administrator
-> - Security Administrator
-> - Security Reader
-
 1. Go to the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) and sign in.
 
 2. In the navigation pane, go to **Assets** > **Devices**.
@@ -50,13 +43,7 @@ In Defender for Business, you can manage devices as follows:
 
 ## Take action on a device that has threat detections
 
-:::image type="content" source="/defender/media/defender-business/mdb-selected-device.png" alt-text="Screenshot of a selected device with details and actions available":::
-
-> [!IMPORTANT]
-> In order to take action on a device with detected threats, you must have one of the following [roles](mdb-roles-permissions.md) assigned: 
-> 
-> - Global Administrator
-> - Security Administrator
+:::image type="content" source="/defender/media/defender-business/mdb-selected-device.png" alt-text="Screenshot of a selected device with details and actions available.":::
 
 1. In the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, go to **Assets** > **Devices**. 
 

defender-business/mdb-manage-subscription.md

@@ -29,10 +29,6 @@ This article describes how to apply either Defender for Business or Defender for
 - You should have active trial or paid licenses for both Defender for Business and Defender for Endpoint Plan 2. 
 
 - If you're using Defender for Business only, you can continue using it. In this case, no changes are needed. But if you're considering switching to Defender for Endpoint Plan 2, follow the guidance in this article.
-- To access license information, you must have one of the following roles assigned in Microsoft Entra ID:
-   
-   - Global Admin
-   - Security Admin
 
 ## View and manage your endpoint security subscription settings
 
@@ -64,11 +60,6 @@ The license usage report is estimated based on sign-in activities on the device.
 
 To reduce management overhead, there's no requirement for device-to-user mapping and assignment. Instead, the license report provides a utilization estimation that is calculated based on device usage seen across your organization. It might take up to one day for your usage report to reflect the active usage of your devices.
 
-> [!IMPORTANT]
-> To access license information, you must have one of the following roles assigned in Microsoft Entra ID:
-> - Security Admin
-> - Global Admin
-
 1. Go to the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) and sign in.
 
 2. Choose **Settings** > **Endpoints** > **Licenses**.

defender-business/mdb-onboard-devices.md

@@ -9,7 +9,7 @@ audience: Admin
 ms.topic: overview
 ms.service: defender-business
 ms.localizationpriority: medium
-ms.date: 08/08/2023
+ms.date: 06/07/2024
 ms.reviewer: efratka, nehabha, muktaagarwal
 f1.keywords: NOCSH 
 ms.collection: 
@@ -358,9 +358,6 @@ You can use the following methods to onboard an instance of Linux Server to Defe
 
 ## View a list of onboarded devices
 
-> [!IMPORTANT]
-> You must be assigned an appropriate role, such as Global Administrator, Security Administrator, or Security Reader to perform the following procedure. For more information, see [Roles in Defender for Business](mdb-roles-permissions.md#roles-in-defender-for-business).
-
 1. Go to the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), and sign in.
 
 2. In the navigation pane, go to **Assets** > **Devices**. The **Device inventory** view opens.