Merge pull request #2921 from MicrosoftDocs/main

Publish main to live, 02/25, 11:00 AM IST

Author: aditisrivastava07

.openpublishing.redirection.defender-office-365.json

@@ -49,6 +49,16 @@
       "source_path": "defender-office-365/pilot-deploy-defender-office-365.md",
       "redirect_url": "/defender-xdr/pilot-deploy-defender-office-365",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-office-365/submissions-error-messages.md",
+      "redirect_url": "/defender-office-365/submissions-result-definitions",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-office-365/step-by-step-guides/deploy-and-configure-the-report-message-add-in.md",
+      "redirect_url": "/defender-office-365/submissions-outlook-report-messages",
+      "redirect_document_id": false
     }
   ]
 }

defender-endpoint/threat-analytics.md

@@ -19,7 +19,7 @@ ms.custom:
 - cx-ta
 ms.topic: conceptual
 ms.subservice: edr
-ms.date: 11/12/2024
+ms.date: 02/25/2025
 ---
 
 # Track and respond to emerging threats through threat analytics
@@ -63,7 +63,7 @@ Each report provides an analysis of a tracked threat and extensive guidance on h
 The following roles and permissions are required to access Threat analytics in the Defender portal:
 
 - **Security data basics (read)**—to view threat analytics report, related incidents and alerts, and impacted assets
-- **Vulnerability management (read)** and **Secure Score (read)**—to see related exposure data and recommended actions
+- **Vulnerability management (read)** and **Exposure Management (read)**—to see related exposure data and recommended actions
 
 By default, access to services available in the Defender portal are managed collectively using [Microsoft Entra global roles](/defender-xdr/m365d-permissions). If you need greater flexibility and control over access to specific product data, and aren't yet using the [Microsoft Defender XDR Unified role-based access control (RBAC)](/defender-xdr/manage-rbac) for centralized permissions management, we recommend creating custom roles for each service. [Learn more about creating custom roles](/defender-xdr/custom-roles)
 

defender-office-365/TOC.yml

@@ -385,8 +385,6 @@
            href: submissions-submit-files-to-microsoft.md
          - name: Admin review for user reported messages
            href: submissions-admin-review-user-reported-messages.md
-         - name: Errors during submissions
-           href: submissions-error-messages.md
          - name: Submission result definitions
            href: submissions-result-definitions.md
        - name: Threat Explorer and real-time detections
@@ -529,8 +527,6 @@
           href: step-by-step-guides/connect-microsoft-defender-for-office-365-to-microsoft-sentinel.md
         - name: How to enable DMARC Reporting for Microsoft Online Email Routing Address (MOERA) and parked Domains
           href: step-by-step-guides/how-to-enable-dmarc-reporting-for-microsoft-online-email-routing-address-moera-and-parked-domains.md
-        - name: How-to deploy and configure the report message add-in
-          href: step-by-step-guides/deploy-and-configure-the-report-message-add-in.md
         - name: Use Microsoft Defender for Office 365 in SharePoint Online
           href: step-by-step-guides/utilize-microsoft-defender-for-office-365-in-sharepoint-online.md
         - name: Tune bulk email filtering

defender-office-365/step-by-step-guides/defense-in-depth-guide.md

@@ -15,7 +15,7 @@ ms.collection:
 - tier3
 ms.topic: how-to
 search.appverid: met150
-ms.date: 01/31/2023
+ms.date: 02/24/2025
 ---
 
 # Getting the best security value from Microsoft Defender for Office 365 when you have third party email filtering
@@ -31,90 +31,88 @@ The following information details how to get the most out of your investment, br
 
 - Mailboxes hosted in Office 365
 - One or more of:
-  - Microsoft Defender for Office 365 Plan 1 for protection features
-  - Microsoft Defender for Office 365 Plan 2 for most other features (included in E5 plans)
-  - Microsoft Defender for Office 365 Trial (available to all customers at aka.ms/tryMDO)
-- Sufficient permissions to configure the features discussed below
+  - Microsoft Defender for Office 365 Plan 1 for protection features.
+  - Microsoft Defender for Office 365 Plan 2 for most other features (included in E5 plans).
+  - Microsoft Defender for Office 365 Trial (available to all customers at <https://aka.ms/tryMDO>).
+- Sufficient permissions to configure the features discussed in this article.
 
 ## Step 1 – Understand the value you already have
 
 ### Built-in protection features
 
-- Built-in protection offers a base level of unobtrusive protection, and includes malware, zero day (Safe Attachments), and URL protection (Safe Links) in email (including internal email), SharePoint Online, OneDrive, and Teams. URL protection provided in this state is via API call only. It doesn't wrap or rewrite URLs but does require a supported Outlook client. You can create your own custom policies to expand your protection.
+- Built-in protection offers a base level of unobtrusive protection, and includes malware, zero day (Safe Attachments), and URL protection (Safe Links) in email (including internal email), SharePoint, OneDrive, and Microsoft Teams. URL protection provided in this state is via API call only. It doesn't wrap or rewrite URLs but does require a supported Outlook client. You can create your own custom policies to expand your protection.
 
-**Read more & watch an overview video of Safe Links here:** [Complete Safe Links overview](../safe-links-about.md)
+  **Read more & watch an overview video of Safe Links here:** [Complete Safe Links overview](../safe-links-about.md)
 
-**Read more about Safe Attachments here:** [Safe Attachments](../safe-attachments-about.md)
+  **Read more about Safe Attachments here:** [Safe Attachments](../safe-attachments-about.md)
 
 ### Detection, investigation, response, and hunting features
 
 - When alerts fire in Microsoft Defender for Office 365, they're automatically correlated, and combined into Incidents to help reduce the alert fatigue on security staff. Automated Investigation and Response (AIR) triggers investigations to help remediate and contain threats.
 
-**Read more, watch an overview video and get started here :** [Incident response with Microsoft Defender XDR](/defender-xdr/incidents-overview)
+  **Read more, watch an overview video and get started here :** [Incident response with Microsoft Defender XDR](/defender-xdr/incidents-overview)
 
 - Threat Analytics is our in-product, detailed threat intelligence solution from expert Microsoft security researchers. Threat Analytics contains detailed reports that are designed to get you up to speed on the latest threat groups, attack techniques, how to protect your organization with Indicators of Compromise (IOC) and much more.
 
-**Read more, watch an overview video and get started here :** [Threat analytics in Microsoft Defender XDR](/defender-xdr/threat-analytics)
+  **Read more, watch an overview video and get started here :** [Threat analytics in Microsoft Defender XDR](/defender-xdr/threat-analytics)
 
-- Explorer can be used to hunt threats, visualize mail flow patterns, spot trends, and identify the impact of changes you make during tuning Defender for Office 365. You can also quickly delete messages from your organization with a few simple clicks.
+- Explorer can be used to hunt threats, visualize mail flow patterns, spot trends, and identify the affect of changes you make during tuning Defender for Office 365. You can also quickly delete messages from your organization with a few simple clicks.
 
-**Read more, and get started here:** [Threat Explorer and Real-time detections](../threat-explorer-real-time-detections-about.md)
+  **Read more, and get started here:** [Threat Explorer and Real-time detections](../threat-explorer-real-time-detections-about.md)
+
+- Advanced hunting can be used to proactively hunt for threats in your organization, using shared queries from the community to help you get started. You can also use custom detections to set up alerts when personalized criteria are met.
+
+  **Read more, watch an overview video and get started here:** [Overview - Advanced hunting](/defender-xdr/advanced-hunting-overview)
 
 ## Step 2 – Enhance the value further with these simple steps
 
 ### Additional protection features
 
 - Consider enabling policies beyond the built-in Protection. Enabling time-of-click protection, or impersonation protection, for example, to add extra layers or fill gaps missing from your third party protection. If you have a mail flow rule (also known as a transport rule) or connection filter that overrides verdicts (also known as an SCL=-1 rule) you need to address this configuration before turning on other protection features.
 
-**Read more here:** [Anti-phishing policies](../anti-phishing-policies-about.md)
+  **Read more here:** [Anti-phishing policies](../anti-phishing-policies-about.md)
 
-- If your current security provider is configured to modify messages *in any way*, it's important to note that authentication signals can impact the ability for Defender for Office 365 to protect you against attacks such as spoofing. If your third party supports Authenticated Received Chain (ARC), then enabling this is a highly recommended step in your journey to advanced dual filtering. Moving any message modification configuration to Defender for Office 365 is also an alternative.
+- If your current security provider is configured to modify messages *in any way*, it's important to note that authentication signals can affect the ability for Defender for Office 365 to protect you against attacks such as spoofing. If your third party supports Authenticated Received Chain (ARC), we highly recommend enabling ARC in your journey to advanced dual filtering. Moving any message modification configuration to Defender for Office 365 is also an alternative.
 
-**Read more here:** [Configure trusted ARC sealers.](../email-authentication-arc-configure.md)
+  **Read more here:** [Configure trusted ARC sealers](../email-authentication-arc-configure.md)
 
 - Enhanced Filtering for connectors allows IP address and sender information to be preserved through the third party. This feature improves accuracy for the filtering (protection) stack, post breach capabilities & authentication improvements.
 
-**Read more here:** [Enhanced filtering for connectors in Exchange Online](/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/enhanced-filtering-for-connectors)
+  **Read more here:** [Enhanced filtering for connectors in Exchange Online](/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/enhanced-filtering-for-connectors)
 
 - Priority account protection offers enhanced visibility for accounts in tooling, along with additional protection when in an advanced defense in-depth configuration state.
 
-**Read more here:** [Priority account protection](protect-your-c-suite-with-priority-account-protection.md)
+  **Read more here:** [Priority account protection](protect-your-c-suite-with-priority-account-protection.md)
 
 - Advanced Delivery should be configured to deliver any third party phish simulations correctly, and if you have a Security Operations mailbox, consider defining it as a SecOps mailbox to ensure emails *don't* get removed from the mailbox due to threats.
 
-**Read more here:** [Advanced delivery](../advanced-delivery-policy-configure.md)
-
-- You can configure user reported settings to allow users to report good or bad messages to Microsoft, to a designated reporting mailbox (to integrate with current security workflows) or both. Admins can use the **User reported** tab on the **Submissions** page to triage false positives and false negative user reported messages.
+  **Read more here:** [Advanced delivery](../advanced-delivery-policy-configure.md)
 
-**Read more here:** [Deploy and configure the report message add-in to users.](deploy-and-configure-the-report-message-add-in.md)
-
-### Detection, investigation, response, and hunting features
-
-- Advanced hunting can be used to proactively hunt for threats in your organization, using shared queries from the community to help you get started. You can also use custom detections to set up alerts when personalized criteria are met.
+- You can configure user reported settings to allow users to report good or bad messages to Microsoft, to a designated reporting mailbox (to integrate with current security workflows) or both using the built-in **Report** button in [supported versions of Outlook](../submissions-outlook-report-messages.md#use-the-built-in-report-button-in-outlook) or using [supported third-party solutions](../submissions-user-reported-messages-custom-mailbox.md#options-for-third-party-reporting-tools). Admins can use the **User reported** tab on the **Submissions** page to triage false positives and false negative user reported messages.
 
-**Read more, watch an overview video and get started here:** [Overview - Advanced hunting](/defender-xdr/advanced-hunting-overview)
+  **Read more here:** [User reported settings](../submissions-user-reported-messages-custom-mailbox.md) and [Report phishing and suspicious emails in Outlook for admins](../submissions-outlook-report-messages.md)
 
 ### Education features
 
-- Attack simulation training allows you to run realistic but benign cyber-attack scenarios in your organization. If you don't already have phishing simulation capabilities from your primary email security provider, Microsoft's simulated attacks can help you identify and find vulnerable users, policies, and practices. This capability contains important knowledge to have and correct *before* a real attack impacts your organization. Post simulation we assign in product or custom training to educate users about the threats they missed, ultimately reducing your organization's risk profile. With Attack simulation training, we deliver messages directly into the inbox, so the user experience is rich. This also means no security changes such as overrides needed to get simulations delivered correctly.
+- Attack simulation training allows you to run realistic but benign cyber-attack scenarios in your organization. If you don't already have phishing simulation capabilities from your primary email security provider, Microsoft's simulated attacks can help you identify and find vulnerable users, policies, and practices. This capability contains important knowledge to have and correct *before* a real attack impacts your organization. Post simulation we assign in product or custom training to educate users about the threats they missed, ultimately reducing your organization's risk profile. With Attack simulation training, we deliver messages directly into the inbox, so the user experience is rich. This experience also means no security changes such as overrides needed to get simulations delivered correctly.
 
 **Get started here:** [Get started using Attack simulation.](../attack-simulation-training-get-started.md)
 
 **Jump right into delivering a simulation here:** [How to setup automated attacks and training within Attack simulation training](how-to-setup-attack-simulation-training-for-automated-attacks-and-training.md)
 
 ## Step 3 and beyond, becoming a dual use hero
 
-- Many of the detection, investigation, response, and hunting activities as previously described should be repeated by your security teams. This guidance offers a detailed description of tasks, cadence, and team assignments we would recommend.
+- Your security teams should repeat many of the detection, investigation, response, and hunting activities as previously described. This guidance offers a detailed description of tasks, cadence, and team assignments we would recommend.
 
-**Read More:** [Security Operations Guide for Defender for Office 365](../mdo-sec-ops-guide.md)
+  **Read More:** [Security Operations Guide for Defender for Office 365](../mdo-sec-ops-guide.md)
 
 - Consider user experiences such as accessing multiple quarantines, or the submission / reporting of false positives and false negatives. You can mark messages detected by the third party service with a custom *X* header. For example, you can use mail flow rules to detect and quarantine email that contains the *X* header. This result also gives users a single place to access quarantined mail.
 
-**Read More:** [How to configure quarantine permissions and policies](how-to-configure-quarantine-permissions-with-quarantine-policies.md)
+  **Read More:** [How to configure quarantine permissions and policies](how-to-configure-quarantine-permissions-with-quarantine-policies.md)
 
-- The Migration guide contains lots of useful guidance on preparing and tuning your environment to ready it for a migration. But many of the steps are *also* applicable to a dual-use scenario. Simply ignore the MX switch guidance in the final steps.
+- The Migration guide contains lots of useful guidance on preparing and tuning your environment to ready it for a migration. But many of the steps are *also* applicable to a dual-use scenario. Ignore the MX switch guidance in the final steps.
 
-**Read it here:** [Migrate from a third-party protection service to Microsoft Defender for Office 365 - Office 365 | Microsoft Docs.](../migrate-to-defender-for-office-365.md)
+  **Read it here:** [Migrate from a third-party protection service to Microsoft Defender for Office 365 - Office 365 | Microsoft Docs.](../migrate-to-defender-for-office-365.md)
 
 ## More information