Merge pull request #993 from MicrosoftDocs/main

Publish main to live, Monday 10:30AM PDT, 7/22

Author: Stacyrch140

defender-endpoint/ios-configure-features.md

@@ -14,7 +14,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: ios
 search.appverid: met150
-ms.date: 07/18/2024
+ms.date: 07/22/2024
 ---
 
 # Configure Microsoft Defender for Endpoint on iOS features
@@ -97,6 +97,9 @@ Use the following steps to disable web protection for unenrolled devices.
    - Defender for Endpoint sends the heartbeat to the Microsoft Defender portal whenever a user opens the app.
    - Select **Next**, and then assign this profile to targeted devices/users.
 
+> [!NOTE]
+> The `WebProtection` key is not applicable for the Control Filter in the list of supervised devices. If you want to disable web protection for supervised devices, you can remove the Control Filter profile.
+
 ## Configure network protection
 
 Network protection in Microsoft Defender for endpoint is disabled by default. Admins can use the following steps to configure network protection. This configuration is available for both enrolled devices through MDM config and unenrolled devices through MAM config.
@@ -275,8 +278,8 @@ End users install and open the Microsoft Defender app to start onboarding.
 
 Microsoft Defender for Endpoint has the capability of detecting unmanaged and managed devices that are jailbroken. These jailbreak checks are done periodically. If a device is detected as jailbroken, these events occur:
 
-- High-risk alert is reported to the Microsoft Defender portal. If device Compliance and Conditional Access is set up based on device risk score, then the device is blocked from accessing corporate data.
-- User data on app is cleared. When user opens the app after jailbreaking the VPN profile also is deleted and no web protection is offered.
+- A high-risk alert is reported to the Microsoft Defender portal. If device Compliance and Conditional Access is set up based on device risk score, then the device is blocked from accessing corporate data.
+- User data on app is cleared. When user opens the app after jailbreaking, the VPN profile (only Defender for Endpoint loopback VPN Profile) also is deleted, and no web protection is offered. VPN profiles delivered by Intune are not removed.
 
 ### Configure compliance policy against jailbroken devices
 

defender-endpoint/whats-new-in-microsoft-defender-endpoint.md

@@ -41,6 +41,7 @@ For more information on what's new with other Microsoft Defender security produc
 - [What's new in Microsoft Defender for Office 365](/defender-office-365/defender-for-office-365-whats-new)
 - [What's new in Microsoft Defender for Identity](/defender-for-identity/whats-new)
 - [What's new in Microsoft Defender for Cloud Apps](/cloud-app-security/release-notes)
+- [What's new in Microsoft Defender Vulnerability Management](/defender-vulnerability-management/whats-new-in-microsoft-defender-vulnerability-management)
 
 For more information on Microsoft Defender for Endpoint on specific operating systems:
 

defender-office-365/safe-attachments-policies-configure.md

@@ -18,7 +18,7 @@ ms.collection:
 description: Learn about how to define Safe Attachments policies to protect your organization from malicious files in email.
 ms.custom: seo-marvel-apr2020
 ms.service: defender-office-365
-ms.date: 4/26/2024
+ms.date: 07/22/2024
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 1 and Plan 2</a>
   - ✅ <a href="https://learn.microsoft.com/defender-xdr/microsoft-365-defender" target="_blank">Microsoft Defender XDR</a>
@@ -511,6 +511,4 @@ To verify that you've successfully created, modified, or removed Safe Attachment
   Get-SafeAttachmentRule -Identity "<Name>" | Format-List
   ```
 
-- Add the URL `http://spamlink.contoso.com` to a file (for example, a Word document), and attach that file in an email message to test Safe Attachments protection. This URL is similar to the GTUBE text string for testing anti-spam solutions. This URL isn't harmful, but when it's included in an email attachment, it triggers a Safe Attachments protection response.
-
 - To verify that Safe Attachments is scanning messages, check the available Defender for Office 365 reports. For more information, see [View reports for Defender for Office 365](reports-defender-for-office-365.md) and [Use Explorer in the Microsoft Defender portal](threat-explorer-real-time-detections-about.md).

defender-vulnerability-management/whats-new-in-microsoft-defender-vulnerability-management.md

@@ -14,9 +14,9 @@ ms.topic: conceptual
 ms.date: 07/09/2024
 ---
 
-# What's new in Microsoft Defender Vulnerability Management Public Preview
+# What's new in Microsoft Defender Vulnerability Management
 
-This article provides information about new features and important product updates for the latest release of Microsoft Defender Vulnerability Management public preview.
+This article provides information about new features and important product updates for the latest release of Microsoft Defender Vulnerability Management.
 
 > [!TIP]
 > Did you know you can try all the features in Microsoft Defender Vulnerability Management for free? Find out how to [sign up for a free trial](defender-vulnerability-management-trial.md).

defender-xdr/microsoft-365-security-center-defender-cloud.md

@@ -8,7 +8,7 @@ f1.keywords:
 ms.author: diannegali
 author: diannegali
 manager: deniseb
-ms.date: 06/05/2024
+ms.date: 07/22/2024
 audience: ITPro
 ms.topic: conceptual
 search.appverid: 
@@ -41,11 +41,14 @@ To ensure access to Defender for Cloud alerts in the Microsoft Defender portal,
 
 ### Required permissions
 
-You must be a global administrator or a security administrator in Azure Active Directory to view Defender for Cloud alerts and correlations. For users that don't have these roles, the integration is available only by applying [unified role-based access control (RBAC) roles](manage-rbac.md) for Defender for Cloud.
-
 > [!NOTE]
 > The permission to view Defender for Cloud alerts and correlations is automatic for the entire tenant. Viewing for specific subscriptions is not supported. You can use the **alert subscription ID** filter to view Defender for Cloud alerts associated with a specific Defender for Cloud subscription in the alert and incident queues. Learn more about [filters](incident-queue.md#filters-).
 
+The integration is available only by applying the appropriate [unified role-based access control (RBAC)](manage-rbac.md) for Defender for Cloud. To view Defender for Cloud alerts and correlations without unified RBAC, you must be a Global Administrator or Security Administrator in Azure Active Directory.
+
+> [!IMPORTANT]
+> Global Administrator is a highly privileged role that should be limited to scenarios when you can't use an existing role. Microsoft recommends that you use roles with the fewest permissions. Using lower permissioned accounts helps improve security for your organization.
+
 ## Investigation experience in the Microsoft Defender portal
 
 > [!IMPORTANT]
@@ -54,11 +57,6 @@ You must be a global administrator or a security administrator in Azure Active D
 
 The following section describes the detection and investigation experience in the Microsoft Defender portal with Defender for Cloud alerts.
 
-> [!NOTE]
-> Informational alerts from Defender for Cloud are not integrated to the Microsoft Defender portal to allow focus on the relevant and high severity alerts. This strategy streamlines management of incidents and reduces alert fatigue.
-
-
-
 > [!div class="mx-tdCol2BreakAl"]
 > |Area   |Description   |
 > |----------|-----------|
@@ -69,6 +67,9 @@ The following section describes the detection and investigation experience in th
 > |Unified API|Defender for Cloud alerts and incidents are now included in [Microsoft Defender XDR's public API](api-overview.md), allowing customers to export their security alerts data into other systems using one API.|
 > |Advanced hunting (Preview)| Information about cloud audit events for various cloud platforms protected by the organization's Defender for Cloud is available through the [CloudAuditEvents](advanced-hunting-cloudauditevents-table.md) table in [advanced hunting](advanced-hunting-overview.md).|
 
+> [!NOTE]
+> Informational alerts from Defender for Cloud are not integrated to the Microsoft Defender portal to allow focus on the relevant and high severity alerts. This strategy streamlines management of incidents and reduces alert fatigue.
+
 ## Impact to Microsoft Sentinel users
 
 Microsoft Sentinel customers [integrating Microsoft Defender XDR incidents](/azure/sentinel/microsoft-365-defender-sentinel-integration) *and* ingesting Defender for Cloud alerts are required to make the following configuration changes to ensure that duplicate alerts and incidents aren't created:

defender-xdr/prerequisites.md

@@ -40,7 +40,7 @@ Any of these licenses gives you access to Microsoft Defender XDR features via th
 - Windows 11 Enterprise E5 or A5
 - Enterprise Mobility + Security (EMS) E5 or A5
 - Office 365 E5 or A5
-- Microsoft Defender for Endpoint (Plan 2)
+- Microsoft Defender for Endpoint
 - Microsoft Defender for Identity
 - Microsoft Defender for Cloud Apps or [Cloud App Discovery](/defender-cloud-apps/editions-cloud-app-security-aad)
 - Microsoft Defender for Office 365 (Plan 2)