Merge branch 'main' into v-smandalika-8894710

Author: v-smandalika

defender-endpoint/android-intune.md

@@ -93,7 +93,7 @@ Defender for Endpoint on Android supports Android Enterprise enrolled devices.
 
 For more information on the enrollment options supported by Microsoft Intune, see [Enrollment Options](/mem/intune/enrollment/android-enroll).
 
-**Currently, personally owned devices using a work profile and corporate-owned, fully managed user device enrollments are supported for deployment.**
+**Currently, Personally-owned devices with work profile, Corporate-owned devices with work profile, and Corporate-owned fully managed user device enrollments are supported in Android Enterprise.**
 
 ## Add Microsoft Defender for Endpoint on Android as a Managed Google Play app
 
@@ -280,11 +280,11 @@ Android low touch onboarding is disabled by default. Admins can enable it throug
 
 6. Under **Configuration settings**, select `Use Configuration designer`, and then select **Add**.
 
-7. Select **Low touch onboarding and User UPN**. For User UPN, change the value type to `Variable`, and set the configuration value to `User Principal Name`. Enable low-touch onboarding by changing its configuration value to `1`.
-
-    >[!div class="mx-imgBorder"]
-    >![Screenshot showing a low touch onboarding configuration policy.](media/low-touch-user-upn.png)
+1. Select **Low touch onboarding and User UPN**. For User UPN, change the value type to `Variable`, and set the configuration value to `User Principal Name`. Enable low-touch onboarding by changing its configuration value to `1`.
 
+      > [!div class="mx-imgBorder"]
+   > ![Screenshot showing a low touch onboarding configuration policy.](media/low-touch-user-upn.png)
+   
 8. Assign the policy to the target user group.
 
 9. Review and create the policy.
@@ -297,29 +297,29 @@ Admins can go to the [Microsoft Endpoint Management admin center](https://intune
 
 1. Go to **Apps> App configuration policies** and click on **Add**. Select **Managed Devices**.
 
-    > [!div class="mx-imgBorder"]
-    > ![Image of adding app configuration policy.](media/addpolicy.png)
-
-2. Enter **Name** and **Description** to uniquely identify the configuration policy. Select platform as **'Android Enterprise'**, Profile type as **'Personally-owned work profile only'** and Targeted app as **'Microsoft Defender'**.
-
-    > [!div class="mx-imgBorder"]
-    > ![Image of naming configuration policy.](media/selectapp.png)
-
-3. On the settings page, in **'Configuration settings format'**, select **'Use configuration designer'** and click on **Add**. From the list of configurations that are displayed, select **'Microsoft Defender in Personal profile'**.
-
-    > [!div class="mx-imgBorder"]
-    > ![Image of configuring personal profile.](media/addconfiguration.png)
-
-4. The selected configuration will be listed. Change the **configuration value to 1** to enable Microsoft Defender support personal profiles. A notification will appear informing the admin about the same. Click on **Next**.
+      > [!div class="mx-imgBorder"]
+   > ![Image of adding app configuration policy.](media/addpolicy.png)
+   
+1. Enter **Name** and **Description** to uniquely identify the configuration policy. Select platform as **'Android Enterprise'**, Profile type as **'Personally-owned work profile only'** and Targeted app as **'Microsoft Defender'**.
 
-    > [!div class="mx-imgBorder"]
-    > ![Image of changing config value.](media/changeconfigvalue.png)
+      > [!div class="mx-imgBorder"]
+   > ![Image of naming configuration policy.](media/selectapp.png)
+   
+1. On the settings page, in **'Configuration settings format'**, select **'Use configuration designer'** and click on **Add**. From the list of configurations that are displayed, select **'Microsoft Defender in Personal profile'**.
 
-5. **Assign** the configuration policy to a group of users. **Review and create** the policy.
+      > [!div class="mx-imgBorder"]
+   > ![Image of configuring personal profile.](media/addconfiguration.png)
+   
+1. The selected configuration will be listed. Change the **configuration value to 1** to enable Microsoft Defender support personal profiles. A notification will appear informing the admin about the same. Click on **Next**.
 
-    > [!div class="mx-imgBorder"]
-    > ![Image of reviewing and creating policy.](media/savepolicy.png)
+      > [!div class="mx-imgBorder"]
+   > ![Image of changing config value.](media/changeconfigvalue.png)
+   
+1. **Assign** the configuration policy to a group of users. **Review and create** the policy.
 
+      > [!div class="mx-imgBorder"]
+   > ![Image of reviewing and creating policy.](media/savepolicy.png)
+   
 Admins also can set up **privacy controls** from the Microsoft Intune admin center to control what data can be sent by the Defender mobile client to the security portal. For more information, see [configuring privacy controls](android-configure.md).
 
 Organizations can communicate to their users to protect Personal profile with Microsoft Defender on their enrolled BYOD devices.

defender-endpoint/configure-proxy-internet.md

@@ -132,7 +132,7 @@ Configure the static proxy using the Group Policy available in Administrative Te
 >
 > For resiliency purposes and the real-time nature of cloud-delivered protection, Microsoft Defender Antivirus caches the last known working proxy. Ensure your proxy solution does not perform SSL inspection, as that breaks the secure cloud connection.
 >
-> Microsoft Defender Antivirus doesn't use the static proxy to connect to Windows Update or Microsoft Update for downloading updates. Instead, it uses a system-wide proxy if configured to use Windows Update, or the configured internal update source according to the [configured fallback order](manage-protection-updates-microsoft-defender-antivirus.md). If necessary, you can use **Administrative Templates > Windows Components > Microsoft Defender Antivirus > Define proxy auto-config (.pac)** for connecting to the network. If you need to set up advanced configurations with multiple proxies, use **Administrative Templates > Windows Components > Microsoft Defender Antivirus > Define addresses** to bypass proxy server and prevent Microsoft Defender Antivirus from using a proxy server for those destinations.
+> Microsoft Defender Antivirus doesn't use the static proxy to connect to Windows Update or Microsoft Update for downloading updates. Instead, it uses a system-wide proxy if configured to use Windows Update, or the configured internal update source according to the [configured fallback order](manage-protection-updates-microsoft-defender-antivirus.md). If necessary, you can use **Administrative Templates > Windows Components > Microsoft Defender Antivirus > Define proxy auto-config (.pac)** for connecting to the network. If you need to set up advanced configurations with multiple proxies, use **Administrative Templates > Windows Components > Microsoft Defender Antivirus > Define addresses to bypass proxy server** and prevent Microsoft Defender Antivirus from using a proxy server for those destinations.
 > 
 > You can use PowerShell with the `Set-MpPreference` cmdlet to configure these options: 
 >    - `ProxyBypass`

defender-endpoint/device-control-overview.md

@@ -4,7 +4,7 @@ description: Get an overview of device control, including removable storage acce
 author: siosulli
 ms.author: siosulli
 manager: deniseb
-ms.date: 08/27/2024
+ms.date: 08/28/2024
 ms.topic: overview
 ms.service: defender-endpoint
 ms.subservice: asr
@@ -57,7 +57,6 @@ Device control capabilities from Microsoft can be organized into three main cate
 
 - **Device control in Defender for Endpoint**. Device control in Defender for Endpoint provides more advanced capabilities and is cross platform.
   - Granular access control - create policies to control access by device, device type, operation (read, write, execute), user group, network location, or file type.
-  - File evidence - store the file information and contents to audit files copied or accessed on devices.
   - Reporting and advanced hunting - complete visibility into add device related activities.
   - Device control in Microsoft Defender can be managed using Intune or [Group Policy](device-control-deploy-manage-gpo.md).
   - **Device control in Microsoft Defender and Intune**. Intune provides a rich experience for managing complex device control policies for organizations. You can configure and deploy device restriction settings in Defender for Endpoint, for example. See [Deploy and manage device control with Microsoft Intune](device-control-deploy-manage-intune.md).

defender-endpoint/linux-preferences.md

@@ -6,7 +6,7 @@ ms.service: defender-endpoint
 ms.author: dansimp
 author: dansimp
 ms.localizationpriority: medium
-ms.date: 07/31/2024
+ms.date: 08/28/2024
 manager: deniseb
 audience: ITPro
 ms.collection: 
@@ -63,12 +63,13 @@ Specifies the enforcement preference of antivirus engine. There are three values
 - Real-time (`real_time`): Real-time protection (scan files as they're modified) is enabled.
 - On-demand (`on_demand`): Files are scanned only on demand. In this:
   - Real-time protection is turned off.
-- Passive (`passive`): Runs the antivirus engine in passive mode. In this:
+- Passive (`passive`): Runs the antivirus engine in passive mode. In this case, all of the following apply:
   - Real-time protection is turned off: Threats are not remediated by Microsoft Defender Antivirus.
   - On-demand scanning is turned on: Still use the scan capabilities on the endpoint.
-  - Automatic threat remediation is turned off: No files will be moved and security admin is expected to take required action.
-  - Security intelligence updates are turned on: Alerts will be available on security admins tenant.
-
+  - Automatic threat remediation is turned off: No files are moved and your security administrator is expected to take required action.
+  - Security intelligence updates are turned on: Alerts are available in the security administrator's tenant.
+  - Definition updates occur only when a scan starts, even if `automaticDefinitionUpdateEnabled` is set to `true` in passive mode.
+    
 |Description|JSON Value|Defender Portal Value|
 |---|---|---|
 |**Key**|enforcementLevel|Enforcement Level|

defender-endpoint/threat-analytics.md

@@ -211,6 +211,8 @@ When looking at the threat analytics data, remember the following factors:
 - The checklist in the **Recommended actions** tab only displays recommendations tracked in [Microsoft Secure Score](/defender-xdr/microsoft-secure-score). Check the **Analyst report** tab for more recommended actions that aren't tracked in Secure Score.
 - The recommended actions don’t guarantee complete resilience and only reflect the best possible actions needed to improve it.
 - Antivirus-related statistics are based on Microsoft Defender Antivirus settings. 
+- The **Misconfigured devices** column in the main Threat analytics page shows the number of devices affected by a threat when the threat's related recommended actions aren't turned on. However, if Microsoft researchers don't link any recommended actions, the **Misconfigured devices** column shows the status *Not available*.  
+- The **Vulnerable devices** column in the main Threat analytics page shows the number of devices running software that are vulnerable to any of the vulnerabilities linked to the threat. However, if Microsoft researchers don't link any vulnerabilities, the **Vulnerable devices** column shows the status *Not available*.
 
 ## See also
 

defender-for-iot/prerequisites.md

@@ -27,7 +27,7 @@ Before you start, you need:
 
 - A Microsoft 365 E5/ Defender for Endpoint Plan 2/ E5 security license.
 
-- Microsoft Defender for Endpoint agents deployed in your environment. For more information, see [onboard Microsoft Defender for Endpoint](/defender-endpoint/onboarding)
+- Microsoft Defender for Endpoint agents deployed in your environment. For more information, see [onboard Microsoft Defender for Endpoint](/defender-endpoint/onboarding).
 
 ## Prerequisites for setting up a site
 

defender-office-365/create-safe-sender-lists-in-office-365.md

@@ -18,7 +18,7 @@ ms.custom:
   - seo-marvel-apr2020
 description: Admins can learn about the available and preferred options to allow inbound messages in Exchange Online Protection (EOP).
 ms.service: defender-office-365
-ms.date: 06/10/2024
+ms.date: 08/27/2024
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/eop-about" target="_blank">Exchange Online Protection</a>
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 1 and Plan 2</a>
@@ -120,7 +120,7 @@ When messages skip spam filtering due to entries in a user's Safe Senders list,
 
 - In Exchange Online, whether entries in the Safe Senders list work or don't work depends on the verdict and action in the policy that identified the message:
   - **Move messages to Junk Email folder**: Domain entries and sender email address entries are honored. Messages from those senders aren't moved to the Junk Email folder.
-  - **Quarantine**: Domain entries aren't honored (messages from those senders are quarantined). Email address entries are honored (messages from those senders aren't quarantined) if either of the following statements are true:
+  - **Quarantine**: Domain entries and email address entries are honored (messages from those senders aren't quarantined) if either of the following statements are true:
     - The message isn't identified as malware or high confidence phishing (malware and high confidence phishing messages are quarantined).
     - The email address isn't also in a block entry in the [Tenant Allow/Block List](tenant-allow-block-list-email-spoof-configure.md#create-block-entries-for-domains-and-email-addresses).
 - Entries for blocked senders and blocked domains are honored (messages from those senders are moved to the Junk Email folder). Safe mailing list settings are ignored.

defender-xdr/threat-analytics.md

@@ -209,7 +209,8 @@ When looking at the threat analytics data, remember the following factors:
 - The checklist in the **Recommended actions** tab only displays recommendations tracked in [Microsoft Secure Score](microsoft-secure-score.md). Check the **Analyst report** tab for more recommended actions that aren't tracked in Secure Score.
 - The recommended actions don’t guarantee complete resilience and only reflect the best possible actions needed to improve it.
 - Antivirus-related statistics are based on Microsoft Defender Antivirus settings. 
-
+- The **Misconfigured devices** column in the main Threat analytics page shows the number of devices affected by a threat when the threat's related recommended actions aren't turned on. However, if Microsoft researchers don't link any recommended actions, the **Misconfigured devices** column shows the status *Not available*.  
+- The **Vulnerable devices** column in the main Threat analytics page shows the number of devices running software that are vulnerable to any of the vulnerabilities linked to the threat. However, if Microsoft researchers don't link any vulnerabilities, the **Vulnerable devices** column shows the status *Not available*.
 
 ## See also