Merge branch 'main' into maccruz-contextpane

Author: schmurky

defender-xdr/configure-asset-rules.md

@@ -12,7 +12,7 @@ ms.collection:
 - tier2
 ms.topic: conceptual
 search.appverid: met150
-ms.date: 07/11/2023
+ms.date: 09/04/2024
 ---
 
 # Asset rule management - Dynamic rules for devices
@@ -37,24 +37,31 @@ Dynamic rules can help manage device context by assigning tags and device values
 
 A rule can be based on device name, domain, OS platform, internet facing status, onboarding status and manual device tags. You can select or create a tag that will be applied based on the conditions you've set.
 
+> [!IMPORTANT]
+> Use of [dynamic device tagging](/defender-xdr/configure-asset-rules) capabilities in Defender for Endpoint to tag devices with `MDE-Management` isn't currently supported with security settings management. Devices tagged through this capability don't successfully enroll. This is currently under investigation.
+
 The following steps guide you on how to create a new dynamic rule in Microsoft Defender XDR:
 
 1. Sign in to the [Microsoft Defender portal](https://security.microsoft.com) as a user who can view and perform actions on all devices.
+
 2. In the navigation pane, select **Settings** \> **Microsoft Defender XDR** \> **Asset Rule Management**.
+
 3. Select **Create a new rule**.
+
 4. Enter a **Rule name** and **Description***.
+
 5. Select **Next** to choose the conditions you want to assign:
 
-:::image type="content" source="/defender/media/defender/rule-conditions.png" alt-text="Screenshot of the Rule conditions page" lightbox="/defender/media/defender/rule-conditions.png":::
+   :::image type="content" source="/defender/media/defender/rule-conditions.png" alt-text="Screenshot of the Rule conditions page" lightbox="/defender/media/defender/rule-conditions.png":::
 
 6. Select **Next** and choose the tag to apply to this rule.
 
-:::image type="content" source="/defender/media/defender/actions-to-apply.png" alt-text="Screenshot of the actions page" lightbox="/defender/media/defender/actions-to-apply.png":::
+   :::image type="content" source="/defender/media/defender/actions-to-apply.png" alt-text="Screenshot of the actions page" lightbox="/defender/media/defender/actions-to-apply.png":::
 
 7. Select **Next** to review and finish creating the rule and then select **Submit**.
 
->[!Note]
-> It may take up to 1 hour for changes to be reflected in the portal.
+   >[!NOTE]
+   > It may take up to 1 hour for changes to be reflected in the portal.
 
 ### Dynamic tags in the Device Inventory
 
@@ -63,13 +70,15 @@ You can see the dynamic tags assigned in the Device Inventory view.
 To see tags on individual devices:
 
 1. Select **Devices** from the **Assets** navigation menu in the [Microsoft Defender portal](https://security.microsoft.com).
+
 2. In the **Device Inventory** page, select the device name that you want to view.
+
 3. Select **Manage tags**.
 
-:::image type="content" source="/defender/media/defender/manage-machine-tags.png" alt-text="Screenshot of the machine tags page" lightbox="/defender/media/defender/manage-machine-tags.png":::
+   :::image type="content" source="/defender/media/defender/manage-machine-tags.png" alt-text="Screenshot of the machine tags page" lightbox="/defender/media/defender/manage-machine-tags.png":::
 
 ### Updating rules
 
-Dynamic tags and device values set by dynamic rules can't be manually updated. To edit, delete or turn off a rule, in the **Asset Rule Management** page select the rule and choose the action you wish to take:
+Dynamic tags and device values set by dynamic rules can't be manually updated. To edit, delete or turn off a rule, in the **Asset Rule Management** page select the rule and choose an action.
 
 :::image type="content" source="/defender/media/defender/update-rule.png" alt-text="Screenshot of the rule details page" lightbox="/defender/media/defender/update-rule.png":::

defender-xdr/experts-on-demand.md

@@ -19,7 +19,7 @@ ms.collection:
   - essentials-get-started
 ms.topic: conceptual
 search.appverid: met150
-ms.date: 08/14/2024
+ms.date: 09/05/2024
 ---
 
 # Collaborate with experts on demand
@@ -31,24 +31,29 @@ ms.date: 08/14/2024
 - [Microsoft Defender XDR](microsoft-365-defender.md)
 
 > [!NOTE]
-> Ask Defender Experts is included in your Defender Experts for Hunting subscription with [monthly allocations](before-you-begin-defender-experts.md#eligibility-and-licensing). However, it's not a security incident response service. It's intended to provide a better understanding of complex threats affecting your organization. Engage with your own security incident response team to address urgent security incident response issues. If you don't have your own security incident response team and would like Microsoft's help, create a support request in the [Premier Services Hub](/services-hub/).
+> Ask Defender Experts is included in your Defender Experts for Hunting subscription with [quarterly allocations](before-you-begin-defender-experts.md#eligibility-and-licensing). However, it's not a security incident response service. It's intended to provide a better understanding of complex threats affecting your organization. Engage with your own security incident response team to address urgent security incident response issues. If you don't have your own security incident response team and would like Microsoft's help, create a support request in the [Premier Services Hub](/services-hub/).
 
 Select **Ask Defender Experts** directly inside the Microsoft 365 security portal to get swift and accurate responses to all your threat hunting questions. Experts can provide insight to better understand the complex threats your organization might face. Ask Defender Experts can help:
 
 - Gather additional information on alerts and incidents, including root causes and scope
 - Gain clarity into suspicious devices, alerts, or incidents and take next steps if faced with an advanced attacker
 - Determine risks and available protections related to threat actors, campaigns, or emerging attacker techniques
 
-### Required permissions for submitting inquiries in the Ask Defender Experts panel
+ :::image type="content" source="media/ask-defender-expert-dialog.png" alt-text="Screenshot of the Ask Defender Experts dialog box." lightbox="media/ask-defender-expert-dialog.png":::
 
-You need to select one of the following permissions before submitting inquires to our Defender experts. For more details about role-based access control (RBAC) permissions, see: [Microsoft Defender for Endpoint and Microsoft Defender XDR RBAC permissions](compare-rbac-roles.md#map-defender-for-endpoint-and-defender-vulnerability-management-permissions-to-the-microsoft-defender-xdr-rbac-permissions).
+### Required permissions for using Ask Defender Experts
 
-|Product name|Product RBAC permission|
+You need to select one of the following Microsoft Defender XDR Unified RBAC permissions before submitting inquiries to our Defender experts.
+
+|Permission name|Level|
 |---|---|---|
-| Microsoft Defender for Endpoint RBAC | Manage security settings in the Security Center|
-| Microsoft Defender XDR Unified RBAC | Authorization and settings \ Security settings \ Core security settings (manage)</br>Authorization and settings \ Security settings \ Detection tuning (manage) |
+| Security data basics | Read|
+| Alerts | Manage |
+| Response | Manage |
+
+To learn more about Unified RBAC permissions, see: [Microsoft Defender XDR Unified RBAC permission details](custom-permissions-details.md#microsoft-defender-xdr-unified-rbac-permission-details).
 
-### Where to find Ask Defender Experts
+### Where to submit inquiries to Ask Defender Experts
 
 The option to **Ask Defender Experts** is available in several places throughout the portal:
 
@@ -68,6 +73,23 @@ The option to **Ask Defender Experts** is available in several places throughout
 
   :::image type="content" source="/defender/media/mte/defenderexperts/incidents-page-actions-menu.png" alt-text="Screenshot of the Ask Defender Experts menu option in the Incidents page actions menu in the Microsoft Defender portal.." lightbox="/defender/media/mte/defenderexperts/incidents-page-actions-menu.png":::
 
+### Where to view responses from Defender Experts
+
+#### In portal
+
+You can view responses to inquiries submitted to Ask Defender Experts from up to six months ago by navigating to **Reports** > **Defender Experts messages**. You will also be able to ask follow-up questions or reply with more information to Defender Experts from this page.
+
+:::image type="content" source="media/inportal-managed-response.png" alt-text="Screenshot of in-portal managed response." lightbox="media/inportal-managed-response.png":::
+
+#### Email
+
+If you included contact email addresses when submitting your inquiry, they will receive an email notification when a response from Defender Experts is posted.
+
+:::image type="content" source="media/email-based-managed-response.png" alt-text="Screenshot of email based managed response." lightbox="media/email-based-managed-response.png":::
+
+> [!NOTE]
+> Defender Experts will not be able to assist you with inquiries regarding bugs or issues in your product experience in the Microsoft Defender XDR portal. You can reach out to Microsoft Support via the [Services Hub](https://serviceshub.microsoft.com/home) regarding such inquiries.
+
 ### Sample questions you can ask from Defender Experts
 
 #### Alert information

defender-xdr/media/ask-defender-expert-dialog.png

@@ -62,7 +62,7 @@ Turn on preview features to be among the first to try new features. Your feedbac
 
 In Microsoft Defender XDR, select **Settings > Microsoft Defender XDR > General > Preview features**, and select to turn on preview features.
 
-(Preview) If you already have preview features turned on, and you're a Microsoft Defender for Business, Microsoft Defender for Endpoint, or Microsoft Defender for Cloud Apps customer, you can also select to turn preview features on and off for specific services only. For example:
+If you already have preview features turned on, and you're a Microsoft Defender for Business, Microsoft Defender for Endpoint, or Microsoft Defender for Cloud Apps customer, you can also select to turn preview features on and off for specific services only. For example:
 
 :::image type="content" source="media/preview-features-settings.png" alt-text="Screenshot of the preview features settings.":::