Preview

limwainstein · limwainstein · commit d429e5e1e20e · 2025-10-23T21:48:02.000+03:00
diff --git a/defender-endpoint/configure-device-connectivity.md b/defender-endpoint/configure-device-connectivity.md
@@ -32,7 +32,7 @@ To simplify network configuration and management, you can now onboard new device
 
 ## Defender for Endpoint-recognized simplified domain
 
-The Defender for Endpoint-recognized simplified domain `*.endpoint.security.microsoft.com` (for commercial devices) or `*.endpoint.security.microsoft.us*` (for US government devices) consolidates connectivity to the following core Defender for Endpoint services:
+The Defender for Endpoint-recognized simplified domain `*.endpoint.security.microsoft.com` (for commercial devices) or `*.endpoint.security.microsoft.us*` (for US government devices - Preview) consolidates connectivity to the following core Defender for Endpoint services:
 
 - Cloud-delivered protection
 - Malware sample submission storage
@@ -47,7 +47,7 @@ To support network devices without hostname resolution or wildcard support, you
 > [!NOTE]
 >
 > - The streamlined connectivity method **doesn't change Defender for Endpoint functionality or end-user experience**. Only the URLs or IPs used for service connectivity have changed.
-> - There are no plans to deprecate old service URLs. Devices onboarded with standard connectivity continue to function. Ensure ongoing connectivity to `*.endpoint.security.microsoft.com` (for commercial devices) or `*.endpoint.security.microsoft.us` (for US government devices) for future services.
+> - There are no plans to deprecate old service URLs. Devices onboarded with standard connectivity continue to function. Ensure ongoing connectivity to `*.endpoint.security.microsoft.com` (for commercial devices) or `*.endpoint.security.microsoft.us` (for US government devices - Preview) for future services.
 > - Service connections use certificate pinning and TLS. Traffic inspection is not supported. Connections are device-initiated, not user-initiated. Enforcing proxy (user) authentication breaks connectivity.
 
 ## Prerequisites
@@ -115,11 +115,11 @@ Streamlined connectivity allows you to use the following option to configure clo
 Configure your environment to allow connections to the simplified Defender for Endpoint domain:
 
 - For commercial devices: `*.endpoint.security.microsoft.com`
-- For US government devices: `*.endpoint.security.microsoft.us`
+- For US government devices (Preview): `*.endpoint.security.microsoft.us`
 
 For more information, see [Configure your network environment to ensure connectivity with Defender for Endpoint service](configure-environment.md).
 
-You must maintain connectivity with remaining required services listed under the [commercial devices streamlined URL list](https://aka.ms/MDE-streamlined-urls) or [government devices streamlined URL list](streamlined-device-connectivity-urls-gov.md). For example, the certification revocation list, Windows Update, SmartScreen services may also need to be accessible dependent on your current networking infrastructure and patching approach.
+You must maintain connectivity with remaining required services listed under the [commercial devices streamlined URL list](https://aka.ms/MDE-streamlined-urls) or [government devices streamlined URL list (Preview)](streamlined-device-connectivity-urls-gov.md). For example, the certification revocation list, Windows Update, SmartScreen services may also need to be accessible dependent on your current networking infrastructure and patching approach.
 
 #### Option 2: Configure connectivity using static IP ranges 
 
diff --git a/defender-endpoint/configure-environment.md b/defender-endpoint/configure-environment.md
@@ -22,8 +22,7 @@ appliesto:
 ---
 # STEP 1: Configure your network environment to ensure connectivity with Defender for Endpoint service
 
-
-
+[!INCLUDE [Prerelease information](../includes/prerelease.md)]
 
 Before you onboard devices to Defender for Endpoint, make sure your network is configured to connect to the service, by allowing outbound connection and bypassings HTTPS inspection for the service URLs. The first step of this process involves adding URLs to the allowed domains list if your proxy server or firewall rules prevent access to Defender for Endpoint. This article also includes information about proxy and firewall requirements for older versions of Windows client and Windows Server.
 
@@ -39,7 +38,7 @@ The following URL lists specify the services and their associated URLs that devi
 |Domains list| Description|
 |--|--|
 | Microsoft Defender for Endpoint consolidated URL list (Streamlined) | Spreadsheet of consolidated URLs. <br/>[Download the spreadsheet here](https://aka.ms/MDE-streamlined-urls).<br><br> **Applicable OS:** <br/>For complete list, see [streamlined connectivity](configure-device-connectivity.md#prerequisites). <br>- Windows 10 1809+<br>- Windows 11<br>- Windows Server 2022 or later<br>- Windows Server 2019<br>- Windows Server 2012 R2, Windows Server 2016 running [Defender for Endpoint modern unified solution](onboard-server.md) (requires installation through MSI). <br>- macOS supported versions running 101.23102.* +  <br/>- Linux supported versions running 101.23102.* + <br><br> **Minimum component versions:**<br/>- anti-malware client: 4.18.2211.5<br/>- Engine: 1.1.19900.2<br/>- Security intelligence: 1.391.345.0<br/> - Xplat version: 101.23102.* +<br/>- Sensor/ KB version: >10.8040.*/ March 8, 2022+<br><br>If you're moving previously onboarded devices to the streamlined approach, see [Migrating device connectivity](migrate-devices-streamlined.md)<br><br>Windows 10 versions 1607, 1703, 1709, 1803 (RS1-RS4) are supported through the streamlined onboarding package but require a longer URL list (see updated URL sheet). These versions don't support reonboarding (must be fully offboarded first). <br><br>Devices running on Windows 7, Windows 8.1, Windows Server 2008 R2 MMA, Servers not upgraded to Unified Agent (MMA) must continue using MMA onboarding method. |
-| Microsoft Defender for Endpoint consolidated URL list for Gov/GCC/DoD (Streamlined) | List of consolidated URLs for service locations, geographic locations, and OS for Gov/GCC/DoD customers <br/>[See the URL list](streamlined-device-connectivity-urls-gov.md).<br><br> **Applicable OS:** <br/>For complete list, see [streamlined connectivity].(configure-device-connectivity.md#prerequisites). <br>- Windows 10 1809+<br>- Windows 11<br>- Windows Server 2022 or later<br>- Windows Server 2019<br>- Windows Server 2012 R2, Windows Server 2016 running [Defender for Endpoint modern unified solution](onboard-server.md) (requires installation through MSI). <br>- macOS supported versions running 101.23102.* +  <br/>- Linux supported versions running 101.23102.* + <br><br> **Minimum component versions:**<br/>- anti-malware client: 4.18.2211.5<br/>- Engine: 1.1.19900.2<br/>- Security intelligence: 1.391.345.0<br/> - Xplat version: 101.23102.* +<br/>- Sensor/ KB version: >10.8040.*/ March 8, 2022+<br><br>If you're moving previously onboarded devices to the streamlined approach, see [Migrating device connectivity](migrate-devices-streamlined.md)<br><br>Windows 10 versions 1607, 1703, 1709, 1803 (RS1-RS4) are supported through the streamlined onboarding package but require a longer URL list (see updated URL sheet). These versions don't support reonboarding (must be fully offboarded first). <br><br>Devices running on Windows 7, Windows 8.1, Windows Server 2008 R2 MMA, Servers not upgraded to Unified Agent (MMA) must continue using MMA onboarding method. | 
+| Microsoft Defender for Endpoint consolidated URL list for Gov/GCC/DoD (Streamlined) - Preview | List of consolidated URLs for service locations, geographic locations, and OS for Gov/GCC/DoD customers <br/>[See the URL list](streamlined-device-connectivity-urls-gov.md).<br><br> **Applicable OS:** <br/>For complete list, see [streamlined connectivity].(configure-device-connectivity.md#prerequisites). <br>- Windows 10 1809+<br>- Windows 11<br>- Windows Server 2022 or later<br>- Windows Server 2019<br>- Windows Server 2012 R2, Windows Server 2016 running [Defender for Endpoint modern unified solution](onboard-server.md) (requires installation through MSI). <br>- macOS supported versions running 101.23102.* +  <br/>- Linux supported versions running 101.23102.* + <br><br> **Minimum component versions:**<br/>- anti-malware client: 4.18.2211.5<br/>- Engine: 1.1.19900.2<br/>- Security intelligence: 1.391.345.0<br/> - Xplat version: 101.23102.* +<br/>- Sensor/ KB version: >10.8040.*/ March 8, 2022+<br><br>If you're moving previously onboarded devices to the streamlined approach, see [Migrating device connectivity](migrate-devices-streamlined.md)<br><br>Windows 10 versions 1607, 1703, 1709, 1803 (RS1-RS4) are supported through the streamlined onboarding package but require a longer URL list (see updated URL sheet). These versions don't support reonboarding (must be fully offboarded first). <br><br>Devices running on Windows 7, Windows 8.1, Windows Server 2008 R2 MMA, Servers not upgraded to Unified Agent (MMA) must continue using MMA onboarding method. | 
 |Microsoft Defender for Endpoint URL list for commercial customers (Standard)| Spreadsheet of specific DNS records for service locations, geographic locations, and OS for commercial customers. <p> [Download the spreadsheet here.](https://aka.ms/MDE-standard-urls) <p> Microsoft Defender for Endpoint Plan 1 and Plan 2 share the same proxy service URLs. In your firewall, open all the URLs where the geography column is WW. For rows where the geography column isn't WW, open the URLs to your specific data location. To verify your data location setting, see [Verify data storage location and update data retention settings for Microsoft Defender for Endpoint](preferences-setup.md). Don't exclude the URL `*.blob.core.windows.net` from any kind of network inspection. Instead, exclude only the blob URLs that are specific to MDE and listed in the spreadsheet of domains list.
 | Microsoft Defender for Endpoint URL list for Gov/GCC/DoD (Standard) | Spreadsheet of specific DNS records for service locations, geographic locations, and OS for Gov/GCC/DoD customers. <br> [Download the spreadsheet here.](https://aka.ms/MDE-gov-urls) |
 
diff --git a/defender-endpoint/gov.md b/defender-endpoint/gov.md
@@ -21,6 +21,7 @@ appliesto:
 ---
 # Microsoft Defender for Endpoint for US Government customers
 
+[!INCLUDE [Prerelease information](../includes/prerelease.md)]
 
 Microsoft Defender for Endpoint for US Government customers, built in the Azure US Government environment, uses the same underlying technologies as Defender for Endpoint in Azure Commercial.
 
@@ -129,7 +130,7 @@ The following downloadable spreadsheet lists the services and their associated U
 
 | Spreadsheet of domains list  | Description  |
 |---------|---------|
-| Microsoft Defender for Endpoint Streamlined Connectivity URL list for Gov/GCC/DoD | List of consolidated URLs for service locations, geographic locations, and OS for Gov/GCC/DoD customers. <br/><br/> [See the full list](streamlined-device-connectivity-urls-gov.md). |
+| Microsoft Defender for Endpoint Streamlined Connectivity URL list for Gov/GCC/DoD (Preview) | List of consolidated URLs for service locations, geographic locations, and OS for Gov/GCC/DoD customers. <br/><br/> [See the full list](streamlined-device-connectivity-urls-gov.md). |
 | Microsoft Defender for Endpoint Standard Connectivity URL list for Gov/GCC/DoD | Spreadsheet of specific DNS records for service locations, geographic locations, and OS for Gov/GCC/DoD customers. <br/><br/> [Download the spreadsheet here.](https://aka.ms/MDE-gov-urls) |
 
 For more information, see [Configure device proxy and Internet connectivity settings](configure-proxy-internet.md).
diff --git a/defender-endpoint/streamlined-device-connectivity-urls-gov.md b/defender-endpoint/streamlined-device-connectivity-urls-gov.md
@@ -1,5 +1,5 @@
 ---
-title: Microsoft Defender for Endpoint streamlined connectivity URLs - US government environments 
+title: Microsoft Defender for Endpoint streamlined connectivity URLs - US government environments (Preview)
 description: Get a list of the streamlined connectivity URLs required to onboard and maintain devices in Microsoft Defender for Endpoint in US Government cloud environments (GCC, GCC High, DoD).         
 author: limwainstein
 ms.author: lwainstein
@@ -18,10 +18,12 @@ ms.date: 10/05/2025
 appliesto: Microsoft Defender for Endpoint Plan 1, Microsoft Defender for Endpoint Plan 2, Microsoft Defender XDR
 ---
 
-# Microsoft Defender for Endpoint streamlined connectivity URLs - US government environments
+# Microsoft Defender for Endpoint streamlined connectivity URLs - US government environments (Preview)
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
+[!INCLUDE [Prerelease information](../includes/prerelease.md)]
+
 This article includes a list of the streamlined connectivity URLs required to onboard and maintain devices in Microsoft Defender for Endpoint in US Government cloud environments (GCC, GCC High, DoD).
 
 ## Prerequisites
