Merge pull request #4173 from MicrosoftDocs/main

[AutoPublish] main to live - 06/09 19:57 PDT | 06/10 08:27 IST

Author: m365-skilling-repo-management[bot]

defender-office-365/TOC.yml

@@ -145,7 +145,7 @@
              href: anti-malware-protection-faq.yml
            - name: Zero-hour auto purge (ZAP)
              href: zero-hour-auto-purge.md
-           - name: Virus detection in SharePoint Online
+           - name: Virus detection in SharePoint
              href: anti-malware-protection-for-spo-odfb-teams-about.md
          - name: Anti-spam in EOP
            items:
@@ -538,7 +538,7 @@
           href: step-by-step-guides/connect-microsoft-defender-for-office-365-to-microsoft-sentinel.md
         - name: How to enable DMARC Reporting for Microsoft Online Email Routing Address (MOERA) and parked Domains
           href: step-by-step-guides/how-to-enable-dmarc-reporting-for-microsoft-online-email-routing-address-moera-and-parked-domains.md
-        - name: Use Microsoft Defender for Office 365 in SharePoint Online
+        - name: Use Microsoft Defender for Office 365 in SharePoint
           href: step-by-step-guides/utilize-microsoft-defender-for-office-365-in-sharepoint-online.md
         - name: Tune bulk email filtering
           href: step-by-step-guides/tune-bulk-mail-filtering-walkthrough.md

defender-office-365/anti-malware-protection-for-spo-odfb-teams-about.md

@@ -1,5 +1,5 @@
 ---
-title: Built-in virus protection in SharePoint Online, OneDrive, and Microsoft Teams
+title: Built-in virus protection in SharePoint, OneDrive, and Microsoft Teams
 f1.keywords:
   - NOCSH
 ms.author: chrisda
@@ -16,7 +16,7 @@ ms.assetid: e3c6df61-8513-499d-ad8e-8a91770bff63
 ms.collection:
   - m365-security
   - tier2
-description: Learn about how SharePoint Online detects viruses in files that users upload and prevents users from downloading or syncing the files.
+description: Learn about how SharePoint detects viruses in files that users upload and prevents users from downloading or syncing the files.
 ms.custom: seo-marvel-apr2020
 ms.service: defender-office-365
 ms.date: 06/09/2023
@@ -25,31 +25,31 @@ appliesto:
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 1 and Plan 2</a>
 ---
 
-# Built-in virus protection in SharePoint Online, OneDrive, and Microsoft Teams
+# Built-in virus protection in SharePoint, OneDrive, and Microsoft Teams
 
 [!INCLUDE [MDO Trial banner](../includes/mdo-trial-banner.md)]
 
-Microsoft 365 uses a common virus detection engine for scanning files that users upload to SharePoint Online, OneDrive, and Microsoft Teams. This protection is included with all subscriptions that include SharePoint Online, OneDrive, and Microsoft Teams.
+Microsoft 365 uses a common virus detection engine for scanning files that users upload to SharePoint, OneDrive, and Microsoft Teams. This protection is included with all subscriptions that include SharePoint, OneDrive, and Microsoft Teams.
 
 > [!IMPORTANT]
 > The built-in anti-virus capabilities are a way to help contain viruses. They aren't intended as a single point of defense against malware for your environment. We encourage all customers to investigate and implement anti-malware protection at various layers and apply best practices for securing their enterprise infrastructure.
 
-## What happens if an infected file is uploaded to SharePoint Online?
+## What happens if an infected file is uploaded to SharePoint?
 
 The Microsoft 365 virus detection engine scans files asynchronously (at some time after upload). If a user tries to download a file in a web browser or from Teams that hasn't been scanned, a scan is triggered before the download is allowed. **All file types are not automatically scanned**. Heuristics determine the files to scan. When a file is found to contain a virus, the file is flagged.
 
 Here's what happens:
 
-1. A user uploads a file to SharePoint Online.
-2. SharePoint Online, as part of its virus scanning processes, later determines if the file meets the criteria for a scan.
+1. A user uploads a file to SharePoint.
+2. SharePoint, as part of its virus scanning processes, later determines if the file meets the criteria for a scan.
 3. If the file meets the criteria for a scan, the virus detection engine scans the file.
 4. If a virus is found within the scanned file, the virus engine sets a property on the file that indicates the file is infected.
 
 ## What happens when a user tries to download an infected file by using the browser?
 
-By default, users can download infected files from SharePoint Online. Here's what happens:
+By default, users can download infected files from SharePoint. Here's what happens:
 
-1. In a web browser, a user tries to download a file from SharePoint Online that happens to be infected.
+1. In a web browser, a user tries to download a file from SharePoint that happens to be infected.
 2. The user is shown a warning that a virus was detected in the file. The user is given the option to proceed with the download and attempt to clean it using anti-virus software on their device.
 
 To change this behavior so users can't download infected files, even from the anti-virus warning window, admins can use the *DisallowInfectedFileDownload* parameter on the **[Set-SPOTenant](/powershell/module/sharepoint-online/Set-SPOTenant)** cmdlet in SharePoint Online PowerShell. The value $true for the *DisallowInfectedFileDownload* parameter completely blocks access to detected/blocked files for users.

defender-office-365/app-guard-for-office-install.md

@@ -190,7 +190,7 @@ Application Guard for Office is integrated with Microsoft Defender for Endpoint
 
 - Active content like macros and ActiveX controls are disabled in Application Guard for Office. To enable active content, the Application Guard protection must be removed.
 
-- Untrusted files from network shares or files shared from OneDrive, OneDrive for Business, or SharePoint Online open as read-only in Application Guard. Users can save a local copy of such files to continue working in the container or remove protection to directly work with the original file.
+- Untrusted files from network shares or files shared from OneDrive or SharePoint open as read-only in Application Guard. Users can save a local copy of such files to continue working in the container or remove protection to directly work with the original file.
 
 - Files that are protected by Information Rights Management (IRM) are blocked by default. If users want to open such files in Protected View, an administrator must configure policy settings for unsupported file types for the organization.
 

defender-office-365/attack-simulation-training-get-started.md

@@ -109,7 +109,7 @@ The following social engineering techniques are available:
 
 - **Link in Attachment**: This technique is a hybrid of a credential harvest. An attacker sends the recipient a message that contains a link inside of an attachment. When the recipient opens the attachment and clicks on the link, they're taken to a website that typically shows a dialog box that asks the user for their username and password. Typically, the destination page is themed to represent a well-known website in order to build trust in the user.
 
-- **Link to Malware**<sup>\*</sup>: An attacker sends the recipient a message that contains a link to an attachment on a well-known file sharing site (for example, SharePoint Online or Dropbox). When the recipient clicks on the link, the attachment opens, and arbitrary code (for example, a macro) runs on the user's device to help the attacker install additional code or further entrench themselves.
+- **Link to Malware**<sup>\*</sup>: An attacker sends the recipient a message that contains a link to an attachment on a well-known file sharing site (for example, SharePoint or Dropbox). When the recipient clicks on the link, the attachment opens, and arbitrary code (for example, a macro) runs on the user's device to help the attacker install additional code or further entrench themselves.
 
 - **Drive-by-url**<sup>\*</sup>: An attacker sends the recipient a message that contains a link. When the recipient clicks on the link, they're taken to a website that tries to run background code. This background code attempts to gather information about the recipient or deploy arbitrary code on their device. Typically, the destination website is a well-known website that has been compromised or a clone of a well-known website. Familiarity with the website helps convince the user that the link is safe to click. This technique is also known as a _watering hole attack_.
 

defender-office-365/mdo-deployment-guide.md

@@ -236,7 +236,7 @@ But, the intent of this step is to configure other admins to help you manage the
 
 When it comes to assigning permissions for tasks in EOP and Defender for Office 365, the following options are available:
 
-- [Microsoft Entra permissions](/entra/identity/role-based-access-control/manage-roles-portal): These permissions apply to all workloads in Microsoft 365 (Exchange Online, SharePoint Online, Microsoft Teams, etc.).
+- [Microsoft Entra permissions](/entra/identity/role-based-access-control/manage-roles-portal): These permissions apply to all workloads in Microsoft 365 (Exchange Online, SharePoint, Microsoft Teams, etc.).
 - [Exchange Online permissions](/exchange/permissions-exo/permissions-exo): Most tasks in EOP and Defender for Office 365 are available using Exchange Online permissions. Assigning permissions only in Exchange Online prevents administrative access in other Microsoft 365 workloads.
 - [Email & collaboration permissions in the Microsoft Defender portal](scc-permissions.md): Administration of some security features in EOP and Defender for Office 365 is available with Email & collaboration permissions. For example:
   - [Configuration analyzer](configuration-analyzer-for-security-policies.md)

defender-office-365/office-365-ti.md

@@ -31,7 +31,7 @@ appliesto:
 Threat investigation and response capabilities in [Microsoft Defender for Office 365](mdo-about.md) help security analysts and administrators protect their organization's Microsoft 365 for business users by:
 
 - Making it easy to identify, monitor, and understand cyberattacks.
-- Helping to quickly address threats in Exchange Online, SharePoint Online, OneDrive for Business and Microsoft Teams.
+- Helping to quickly address threats in Exchange Online, SharePoint, OneDrive and Microsoft Teams.
 - Providing insights and knowledge to help security operations prevent cyberattacks against their organization.
 - Employing [automated investigation and response in Office 365](air-about.md) for critical email-based threats.
 

defender-office-365/quarantine-admin-manage-messages-files.md

@@ -16,7 +16,7 @@ ms.collection:
   - tier1
 ms.custom:
   - seo-marvel-apr2020
-description: Admins can learn how to view and manage quarantined messages for all users in Exchange Online Protection (EOP). Admins in organizations with Microsoft Defender for Office 365 can also manage quarantined files in SharePoint Online, OneDrive for Business, and Microsoft Teams.
+description: Admins can learn how to view and manage quarantined messages for all users in Exchange Online Protection (EOP). Admins in organizations with Microsoft Defender for Office 365 can also manage quarantined files in SharePoint, OneDrive, and Microsoft Teams.
 ms.service: defender-office-365
 ms.date: 05/21/2025
 appliesto:
@@ -616,7 +616,7 @@ In the details flyout that opens, the following information is available:
 
 - **File details** section:
   - **File Name**
-  - **File URL**: URL that defines the location of the file (for example, in SharePoint Online).
+  - **File URL**: URL that defines the location of the file (for example, in SharePoint).
   - **Malicious content detected on** The date/time the file was quarantined.
   - **Expires**: The date when the file will be deleted from quarantine.
   - **Detected by**

defender-office-365/safe-attachments-for-spo-odfb-teams-about.md

@@ -19,9 +19,9 @@ ms.collection:
 ms.custom: 
   - seo-marvel-apr2020
   - seo-marvel-jun2020
-description: Learn about Microsoft Defender for Office 365 for files in SharePoint Online, OneDrive for Business, and Microsoft Teams.
+description: Learn about Microsoft Defender for Office 365 for files in SharePoint, OneDrive, and Microsoft Teams.
 ms.service: defender-office-365
-ms.date: 6/19/2023
+ms.date: 06/09/2025
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 1 and Plan 2</a>
   - ✅ <a href="https://learn.microsoft.com/defender-xdr/microsoft-365-defender" target="_blank">Microsoft Defender XDR</a>
@@ -39,21 +39,21 @@ Safe Attachments for SharePoint, OneDrive, and Microsoft Teams is enabled by def
 
 When Safe Attachments for SharePoint, OneDrive, and Microsoft Teams is enabled and identifies a file as malicious, the file is locked using direct integration with the file stores. The following image shows an example of a malicious file detected in a library.
 
-:::image type="content" source="media/2bba71cc-7ad1-4799-8b9d-d56f923db3a7.png" alt-text="The files in OneDrive for Business with one detected as malicious" lightbox="media/2bba71cc-7ad1-4799-8b9d-d56f923db3a7.png":::
+:::image type="content" source="media/2bba71cc-7ad1-4799-8b9d-d56f923db3a7.png" alt-text="Screenshot of files in OneDrive with one file detected as malicious." lightbox="media/2bba71cc-7ad1-4799-8b9d-d56f923db3a7.png":::
 
 Although the blocked file is still listed in the document library and in web, mobile, or desktop applications, people can't open, copy, move, or share the file. But, they can delete the blocked file.
 
 Here's an example of what a blocked file looks like on a mobile device:
 
-:::image type="content" source="media/cb1c1705-fd0a-45b8-9a26-c22503011d54.png" alt-text="The option to delete a blocked file from OneDrive for Business from the OneDrive mobile app" lightbox="media/cb1c1705-fd0a-45b8-9a26-c22503011d54.png":::
+:::image type="content" source="media/cb1c1705-fd0a-45b8-9a26-c22503011d54.png" alt-text="Screenshot of the option to delete a blocked file from OneDrive in the OneDrive mobile app." lightbox="media/cb1c1705-fd0a-45b8-9a26-c22503011d54.png":::
 
 By default, people can download a blocked file. Here's what downloading a blocked file looks like on a mobile device:
 
-:::image type="content" source="media/be288a82-bdd8-4371-93d8-1783db3b61bc.png" alt-text="The option to download a blocked file in OneDrive for Business" lightbox="media/be288a82-bdd8-4371-93d8-1783db3b61bc.png":::
+:::image type="content" source="media/be288a82-bdd8-4371-93d8-1783db3b61bc.png" alt-text="Screenshot of the option to download a blocked file in OneDrive." lightbox="media/be288a82-bdd8-4371-93d8-1783db3b61bc.png":::
 
-SharePoint Online admins can prevent people from downloading malicious files. For instructions, see [Use SharePoint Online PowerShell to prevent users from downloading malicious files](safe-attachments-for-spo-odfb-teams-configure.md#step-2-recommended-use-sharepoint-online-powershell-to-prevent-users-from-downloading-malicious-files).
+SharePoint admins can prevent people from downloading malicious files. For instructions, see [Use SharePoint Online PowerShell to prevent users from downloading malicious files](safe-attachments-for-spo-odfb-teams-configure.md#step-2-recommended-use-sharepoint-online-powershell-to-prevent-users-from-downloading-malicious-files).
 
-To learn more about the user experience when a file has been detected as malicious, see [What to do when a malicious file is found in SharePoint Online, OneDrive, or Microsoft Teams](https://support.microsoft.com/office/01e902ad-a903-4e0f-b093-1e1ac0c37ad2).
+To learn more about the user experience when a file has been detected as malicious, see [What to do when a malicious file is found in SharePoint, OneDrive, or Microsoft Teams](https://support.microsoft.com/office/01e902ad-a903-4e0f-b093-1e1ac0c37ad2).
 
 ## View information about malicious files detected by Safe Attachments for SharePoint, OneDrive, and Microsoft Teams
 
@@ -63,7 +63,7 @@ When a file is identified as malicious by Safe Attachments for SharePoint, OneDr
 
 ## Keep these points in mind
 
-- Defender for Office 365 doesn't scan every single file in SharePoint Online, OneDrive for Business, or Microsoft Teams. This behavior is by design. Files are scanned asynchronously. The process uses sharing and guest activity events along with smart heuristics and threat signals to identify malicious files.
+- Defender for Office 365 doesn't scan every single file in SharePoint, OneDrive, or Microsoft Teams. This behavior is by design. Files are scanned asynchronously. The process uses sharing and guest activity events along with smart heuristics and threat signals to identify malicious files.
 
 - Make sure your SharePoint sites are configured to use the [Modern experience](/sharepoint/guide-to-sharepoint-modern-experience). Visual indicators that a file is blocked are available only in the Modern experience.
 

defender-office-365/safe-attachments-for-spo-odfb-teams-configure.md

@@ -107,7 +107,7 @@ You can create an alert policy that notifies admins when Safe Attachments for Sh
 
 3. On the **Name your alert, categorize it, and choose a severity** page, configure the following settings:
    - **Name**: Type a unique and descriptive name. For example, **Malicious Files in Libraries**.
-   - **Description**: Type an optional description. For example, **Notifies admins when malicious files are detected in SharePoint Online, OneDrive, or Microsoft Teams**.
+   - **Description**: Type an optional description. For example, **Notifies admins when malicious files are detected in SharePoint, OneDrive, or Microsoft Teams**.
    - **Severity**: Select **Low**, **Medium**, or **High** from the dropdown list.
    - **Category**: Select **Threat management** from the dropdown list.
 
@@ -142,7 +142,7 @@ You can create an alert policy that notifies admins when Safe Attachments for Sh
 If you'd rather use PowerShell to create the same alert policy as described in the previous section, [connect to Security & Compliance PowerShell](/powershell/exchange/connect-to-scc-powershell) and run the following command:
 
 ```powershell
-New-ActivityAlert -Name "Malicious Files in Libraries" -Description "Notifies admins when malicious files are detected in SharePoint Online, OneDrive, or Microsoft Teams" -Category ThreatManagement -Operation FileMalwareDetected -NotifyUser "[email protected]","[email protected]"
+New-ActivityAlert -Name "Malicious Files in Libraries" -Description "Notifies admins when malicious files are detected in SharePoint, OneDrive, or Microsoft Teams" -Category ThreatManagement -Operation FileMalwareDetected -NotifyUser "[email protected]","[email protected]"
 ```
 
 **Note**: The default _Severity_ value is Low. To specify Medium or High, include the _Severity_ parameter and value in the command.