Merge branch 'main' into maccruz-quotaupdates

Author: schmurky

defender-endpoint/machines-view-overview.md

@@ -43,8 +43,7 @@ Trojans can come in many different varieties, but generally they do the followin
 
 Use the following free Microsoft software to detect and remove it:
 
-- [Microsoft Defender Antivirus](../microsoft-defender-antivirus-windows.md) for Windows 10 and Windows 8.1, or [Microsoft Security Essentials](https://www.microsoft.com/download/details.aspx?id=5201) for previous versions of Windows.
-
+- [Microsoft Defender Antivirus](../microsoft-defender-antivirus-windows.md) for Windows 10 and 11.
 - [Microsoft Safety Scanner](../safety-scanner-download.md)
 
 For more general tips, see [prevent malware infection](prevent-malware-infection.md).

defender-endpoint/malware/trojans-malware.md

@@ -45,9 +45,7 @@ To prevent unwanted software infection, download software only from official web
 
 Use [Microsoft Edge](/microsoft-edge/deploy/index) when browsing the internet. Microsoft Edge includes additional protections that effectively block browser modifiers that can change your browser settings. Microsoft Edge also blocks known websites hosting unwanted software using [Windows Defender SmartScreen](/microsoft-edge/deploy/index) (also used by Internet Explorer).
 
-Enable [Microsoft Defender Antivirus](../microsoft-defender-antivirus-windows.md) in Windows 10. It provides real-time protection against threats and detects and removes known unwanted software.
-
-Download [Microsoft Security Essentials](https://www.microsoft.com/download/details.aspx?id=5201) for real-time protection in Windows 7 or Windows Vista.
+Enable [Microsoft Defender Antivirus](../microsoft-defender-antivirus-windows.md) in Windows 10 and 11. It provides real-time protection against threats and detects and removes known unwanted software.
 
 For more general tips, see [prevent malware infection](prevent-malware-infection.md).
 

defender-endpoint/malware/unwanted-software.md

@@ -49,8 +49,6 @@ This image shows how a worm can quickly spread through a shared USB drive.
 
 Enable [Microsoft Defender Antivirus](../microsoft-defender-antivirus-windows.md) in Windows 10. It provides real-time protection against threats and detects and removes known unwanted software.
 
-Download [Microsoft Security Essentials](https://www.microsoft.com/download/details.aspx?id=5201) for real-time protection in Windows 7 or Windows Vista.
-
 In case threat removal is unsuccessful, read about [troubleshooting malware detection and removal problems](https://www.microsoft.com/wdsi/help/troubleshooting-infection).
 
 For more general tips, see [prevent malware infection](prevent-malware-infection.md).

defender-endpoint/malware/worms-malware.md

@@ -40,7 +40,7 @@ Microsoft Safety Scanner is a scan tool designed to find and remove malware from
 
 - Safety Scanner is a portable executable and doesn't appear in the Windows Start menu or as an icon on the desktop. Note where you saved this download.
 
-- This tool doesn't replace your antimalware product. For real-time protection with automatic updates, use [Microsoft Defender Antivirus on Windows 11, Windows 10, and Windows 8](https://www.microsoft.com/windows/comprehensive-security) or [Microsoft Security Essentials on Windows 7](https://support.microsoft.com/help/14210/security-essentials-download). These antimalware products also provide powerful malware removal capabilities. If you're having difficulties removing malware with these products, you can refer to our help on [removing difficult threats](https://www.microsoft.com/wdsi/help/troubleshooting-infection).
+- This tool doesn't replace your antimalware product. For real-time protection with automatic updates, use [Microsoft Defender Antivirus on Windows 11, Windows 10, and Windows 8](https://www.microsoft.com/windows/comprehensive-security). These antimalware products also provide powerful malware removal capabilities. If you're having difficulties removing malware with these products, you can refer to our help on [removing difficult threats](https://www.microsoft.com/wdsi/help/troubleshooting-infection).
 
 ## System requirements
 
@@ -60,7 +60,6 @@ For more information about the Safety Scanner, see the support article on [how t
 
 - [Troubleshooting Safety Scanner](https://support.microsoft.com/help/2520970/how-to-troubleshoot-an-error-when-you-run-the-microsoft-safety-scanner)
 - [Microsoft Defender Antivirus](https://www.microsoft.com/windows/comprehensive-security)
-- [Microsoft Security Essentials](https://support.microsoft.com/help/14210/security-essentials-download)
 - [Removing difficult threats](https://support.microsoft.com/help/4466982/windows-10-troubleshoot-problems-with-detecting-and-removing-malware)
 - [Submit file for malware analysis](https://www.microsoft.com/wdsi/filesubmission)
 - [Microsoft antimalware and threat protection solutions](microsoft-defender-endpoint.md)

defender-endpoint/media/m365-cc-sc-customize-icon.png

@@ -631,7 +631,7 @@ sections:
 
           - Engine Version: Antimalware Engine version
 
-          NOTE: Whenever Microsoft Defender Antivirus, Microsoft Security Essentials, Malicious Software Removal Tool, or System Center Endpoint Protection detects a malware, it restores the following system settings and services that might have been changed by the malware:
+          Note: Whenever Microsoft Defender Antivirus, Malicious Software Removal Tool, or System Center Endpoint Protection detects a malware, it restores the following system settings and services that might have been changed by the malware:
 
              - Default Internet Explorer or Microsoft Edge setting
 

defender-endpoint/safety-scanner-download.md

@@ -7,7 +7,7 @@ ms.author: yelevin
 author: yelevin
 manager: dansimp
 audience: ITPro
-ms.collection: 
+ms.collection:
 - m365-security
 - tier3
 - usx-security
@@ -31,7 +31,7 @@ The device entity page in the Microsoft Defender portal helps you in your invest
 > The content set displayed on the device entity page may differ slightly, depending on the device's enrollment in Microsoft Defender for Endpoint and Microsoft Defender for Identity.
 >
 > If your organization onboarded Microsoft Sentinel to the Defender portal, additional information will appear.
-> 
+>
 > In Microsoft Sentinel, device entities are also known as **host** entities. [Learn more](/azure/sentinel/entities-reference).
 >
 > [!INCLUDE [unified-soc-preview-no-alert](../includes/unified-soc-preview-no-alert.md)]
@@ -85,15 +85,15 @@ The **Overview** tab contains the [device details](#device-details) sidebar and
 
 The sidebar lists the device's full name and exposure level. It also provides some important basic information in small subsections, which can be expanded or collapsed, such as:
 
-| Section | Included information |
-| ------- | -------------------- |
-| **VM details** | Machine and domain names and IDs, health and onboarding statuses, timestamps for first and last seen, IP addresses, and more |
-| **DLP policy sync details** | If relevant |
-| **Configuration status** | Details regarding Microsoft Defender for Endpoint configuration |
-| **Cloud resource details** | Cloud platform, resource ID, subscription information, and more |
-| **Hardware and firmware** | VM, processor, and BIOS information, and more |
-| **Device management** | Microsoft Defender for Endpoint enrollment status and management info |
-| **Directory data** |  [UAC](/windows/security/identity-protection/user-account-control/user-account-control-overview) flags, [SPNs](/windows/win32/ad/service-principal-names), and group memberships. |
+|Section|Included information|
+|---|---|
+|**VM details**|Machine and domain names and IDs, health and onboarding statuses, timestamps for first and last seen, IP addresses, and more|
+|**DLP policy sync details**|If relevant|
+|**Configuration status**|Details regarding Microsoft Defender for Endpoint configuration|
+|**Cloud resource details**|Cloud platform, resource ID, subscription information, and more|
+|**Hardware and firmware**|VM, processor, and BIOS information, and more|
+|**Device management**|Microsoft Defender for Endpoint enrollment status and management info|
+|**Directory data**|[UAC](/windows/security/identity-protection/user-account-control/user-account-control-overview) flags, [SPNs](/windows/win32/ad/service-principal-names), and group memberships.|
 
 ### Dashboard
 
@@ -282,30 +282,31 @@ Response actions offer shortcuts to analyze, investigate, and defend against thr
 :::image type="content" source="/defender/media/entity-page-device/entity-device-response-actions.png" alt-text="Screenshot of the Action bar for the device entity page in the Microsoft Defender portal.":::
 
 > [!IMPORTANT]
+>
 > - [Response actions](/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts) are only available if the device is enrolled in Microsoft Defender for Endpoint.
 > - Devices that are enrolled in Microsoft Defender for Endpoint may display different numbers of response actions, based on the device's OS and version number.
 
 Response actions run along the top of a specific device page and include:
 
-| Action | Description |
-| ------ | ----------- |
-| **Device value** |  |
-| **Set criticality** |  |
-| **Manage tags** | Updates custom tags you've applied to this device. |
-| **Report device inaccuracy** |  |
-| **Run Antivirus Scan** | Updates Microsoft Defender Antivirus definitions and immediately runs an antivirus scan. Choose between Quick scan or Full scan. |
-| **Collect Investigation Package** | Gathers information about the device. When the investigation is completed, you can download it. |
-| **Restrict app execution** | Prevents applications that aren't signed by Microsoft from running. |
-| **Initiate automated investigation** | Automatically [investigates and remediates threats](/defender-office-365/air-about). Although you can manually trigger automated investigations to run from this page, [certain alert policies](/Microsoft-365/compliance/alert-policies#default-alert-policies) trigger automatic investigations on their own. |
-| **Initiate Live Response Session** | Loads a remote shell on the device for [in-depth security investigations](/defender-endpoint/live-response). |
-| **Isolate device** | Isolates the device from your organization's network while keeping it connected to Microsoft Defender. You can choose to allow Outlook, Teams, and Skype for Business to run while the device is isolated, for communication purposes. |
-| **Ask Defender Experts** |  |
-| **Action Center** | Displays information about any response actions that are currently running. Only available if another action has already been selected. |
-| **Download force release from isolation script** |  |
-| **Exclude** |  |
-| **Go hunt** |  |
-| **Turn on troubleshooting mode** |  |
-| **Policy sync** |  |
+|Action|Description|
+|---|---|
+|**Device value**||
+|**Set criticality**||
+|**Manage tags**|Updates custom tags you've applied to this device.|
+|**Report device inaccuracy**||
+|**Run Antivirus Scan**|Updates Microsoft Defender Antivirus definitions and immediately runs an antivirus scan. Choose between Quick scan or Full scan.|
+|**Collect Investigation Package**|Gathers information about the device. When the investigation is completed, you can download it.|
+|**Restrict app execution**|Prevents applications that aren't signed by Microsoft from running.|
+|**Initiate automated investigation**|Automatically [investigates and remediates threats](/defender-office-365/air-about). Although you can manually trigger automated investigations to run from this page, [certain alert policies](/Microsoft-365/compliance/alert-policies#default-alert-policies) trigger automatic investigations on their own.|
+|**Initiate Live Response Session**|Loads a remote shell on the device for [in-depth security investigations](/defender-endpoint/live-response).|
+|**Isolate device**|Isolates the device from your organization's network while keeping it connected to Microsoft Defender. You can choose to allow Outlook, Teams, and Skype for Business to run while the device is isolated, for communication purposes.|
+|**Ask Defender Experts**||
+|**Action Center**|Displays information about any response actions that are currently running. Only available if another action has already been selected.|
+|**Download force release from isolation script**||
+|**Exclude**||
+|**Go hunt**||
+|**Turn on troubleshooting mode**||
+|**Policy sync**||
 
 ## Related topics
 

defender-endpoint/troubleshoot-microsoft-defender-antivirus.yml

@@ -25,6 +25,8 @@ Security Exposure Management is currently in public preview.
 Here's how Security Exposure Management helps you to identify and resolve attack paths.
 
 - **Attack path generation**: Security Exposure Management automatically generates attack paths based on the data collected across assets and workloads. It simulates attack scenarios, and identifies vulnerabilities and weaknesses that an attacker could exploit.
+  - The number of attack paths visible in the portal can fluctuate due to the dynamic nature of  IT environments. Our system dynamically generates attack paths based on the real-time conditions of each customer's environment. Changes such as the addition or removal of assets, updates to configurations, a user logging on or off from a machine, a user added or removed to a group, and the implementation of new network segmentation or security policies can all influence the number and types of attack paths identified. 
+  - This approach ensures that the security posture we provide is both accurate and reflective of the latest environment state, accommodating the agility required in today's IT environments.
 - **Attack path visibility**: The attack path graph view uses [enterprise exposure graph](cross-workload-attack-surfaces.md) data to visualize the attack path to understand how potential threats might unfold.
   - Hovering over each node and connector icon provides you with additional information about how the attack path is build. For instance, from an initial virtual machine containing TLS/SSL keys all the way to permissions to storage accounts.
   - The [enterprise exposure map](enterprise-exposure-map.md) extends how you can visualize attack paths. Along with other data, it shows you multiple attack paths and choke points, nodes that create bottlenecks in the graph or map where attack paths converge. It visualizes exposure data, allowing you to see what assets are at risk, and where to prioritize your focus.