Merge branch 'main' into US302646_3P_Main

DebLanger · web-flow · commit d8f79142db55 · 2024-11-14T10:07:51.000+02:00
diff --git a/defender-endpoint/linux-whatsnew.md b/defender-endpoint/linux-whatsnew.md
@@ -6,7 +6,7 @@ ms.author: deniseb
 author: denisebmsft
 ms.reviewer: kumasumit, gopkr
 ms.localizationpriority: medium
-ms.date: 10/14/2024
+ms.date: 11/13/2024
 manager: deniseb
 audience: ITPro
 ms.collection:
@@ -39,6 +39,20 @@ This article is updated frequently to let you know what's new in the latest rele
 >
 > If you have any concerns or need assistance during this transition, contact support.
 
+<details> <summary> Nov-2024 (Build: 101.24092.0002 | Release version: 30.124092.0002.0)</summary>
+
+Nov-2024 Build: 101.24092.0002 | Release version: 30.124092.0002.0
+
+ Released: **November 14, 2024**  Published: **November 14, 2024**  Build: **101.24092.0002**  Release version: **30.124092.0002**  Engine version: 1.1.24080.9  Signature version: 1.417.659.0
+
+**What's new**
+
+- Support added for hardened installations on non-executable `/var` partitions. Beginning with this release, antivirus signatures are installed at `/opt/microsoft/mdatp/definitions.noindex` by default, instead of `/var/opt/microsoft/mdatp/definitions.noindex`. During upgrades, the installer attempts to migrate older definitions to the new path unless it detects that the path is already customized (using `mdatp definitions path set`).
+
+- Beginning with this version, Defender for Endpoint on Linux no longer needs executable permissions for `/var/log`. If these permissions are not available, log files are automatically be redirected to `/opt`.
+
+</details>
+
 <details>
 <summary> Oct-2024 (Build: 101.24082.0004 | Release version: 30.124082.0004.0)</summary>
 
@@ -213,6 +227,9 @@ There are multiple fixes and new changes in this release:
 </details>
 
 
+
+
+
 <details>
 <summary> March-2024 (Build: 101.24012.0001 | Release version: 30.124012.0001.0)</summary>
 
@@ -399,6 +416,18 @@ sudo systemctl disable mdatp
 
 
 
+
+
+
+
+
+
+
+
+
+
+
+
 ## October-2023 Build: 101.23082.0009 | Release version: 30.123082.0009.0
 
 &ensp;Released: **October 9,2023**<br/>
@@ -443,6 +472,18 @@ sudo systemctl disable mdatp
 
 
 
+
+
+
+
+
+
+
+
+
+
+
+
 ## October-2023 Build: 101.23082.0006 | Release version: 30.123082.0006.0
 
 &ensp;Released: **October 9,2023**<br/>
@@ -519,6 +560,18 @@ sudo systemctl disable mdatp
 
 
 
+
+
+
+
+
+
+
+
+
+
+
+
 ## September-2023 Build: 101.23072.0021 | Release version: 30.123072.0021.0
 
 &ensp;Released: **September 11,2023**<br/>
@@ -568,6 +621,18 @@ sudo systemctl disable mdatp
 
 
 
+
+
+
+
+
+
+
+
+
+
+
+
 ## July-2023 Build: 101.23062.0010 | Release version: 30.123062.0010.0
 
 &ensp;Released: **July 26,2023**<br/>
@@ -626,6 +691,18 @@ sudo systemctl disable mdatp
 
 
 
+
+
+
+
+
+
+
+
+
+
+
+
 ## July-2023 Build: 101.23052.0009 | Release version: 30.123052.0009.0
 
 &ensp;Released: **July 10,2023**<br/>
@@ -675,6 +752,18 @@ sudo systemctl disable mdatp
 
 
 
+
+
+
+
+
+
+
+
+
+
+
+
 ## June-2023 Build: 101.98.89 | Release version: 30.123042.19889.0
 
 &ensp;Released: **June 12,2023**<br/>
@@ -726,6 +815,18 @@ sudo systemctl disable mdatp
 
 
 
+
+
+
+
+
+
+
+
+
+
+
+
 ## May-2023 Build: 101.98.64 | Release version: 30.123032.19864.0
 
 &ensp;Released: **May 3,2023**<br/>
@@ -780,6 +881,18 @@ sudo systemctl disable mdatp
 
 
 
+
+
+
+
+
+
+
+
+
+
+
+
 ## April-2023 Build: 101.98.58 | Release version: 30.123022.19858.0
 
 &ensp;Released: **April 20,2023**<br/>
@@ -837,6 +950,18 @@ sudo systemctl disable mdatp
 
 
 
+
+
+
+
+
+
+
+
+
+
+
+
 ## March-2023 Build: 101.98.30 | Release version: 30.123012.19830.0
 
 &ensp;Released: **March , 20,2023**<br/>
@@ -1377,7 +1502,6 @@ As an alternative approach, follow the instructions to [uninstall](linux-resourc
 
   <p><b>What's new</b></p>
 
-
   - Beginning with this version, we're bringing Microsoft Defender for Endpoint support to the following distros:
 
     - RHEL6.7-6.10 and CentOS6.7-6.10 versions.
@@ -1452,7 +1576,6 @@ As an alternative approach, follow the instructions to [uninstall](linux-resourc
 
    <p><b>What's new</b></p>
 
-
 - Microsoft Defender for Endpoint on Linux is now available in preview for US Government customers. For more information, see [Microsoft Defender for Endpoint for US Government customers](gov.md).
    - Fixed an issue where usage of Microsoft Defender for Endpoint on Linux on systems with FUSE filesystems was leading to OS hang
    - Performance improvements & other bug fixes
@@ -1467,7 +1590,6 @@ As an alternative approach, follow the instructions to [uninstall](linux-resourc
 
    <p><b>What's new</b></p>
 
-
 - Performance improvements & bug fixes
 
    </details>
@@ -1493,12 +1615,10 @@ As an alternative approach, follow the instructions to [uninstall](linux-resourc
 
   <p>What's new</b></p>
 
-
 - EDR for Linux is now [generally available](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/edr-for-linux-is-now-is-generally-available/ba-p/2048539)
-   - Added a new command-line switch (`--ignore-exclusions`) to ignore AV exclusions during custom scans (`mdatp scan custom`)
+
+  - Added a new command-line switch (`--ignore-exclusions`) to ignore AV exclusions during custom scans (`mdatp scan custom`)
    - Extended `mdatp diagnostic create` with a new parameter (`--path [directory]`) that allows the diagnostic logs to be saved to a different directory
   - Performance improvements & bug fixes
 
-   </details>
-
 </details><!--This </details> closes "2021 releases"-->
diff --git a/defender-office-365/scc-permissions.md b/defender-office-365/scc-permissions.md
@@ -77,7 +77,7 @@ Managing permissions in Defender for Office 365 or Microsoft Purview gives users
 |**Data Estate Insights Readers**|Provides read-only access to all insights reports across platforms and providers.|Data Map Reader <br/><br/> Insights Reader|
 |**Data Governance**|Grants access to data governance roles within Microsoft Purview.|Data Governance Administrator|
 |**Data Investigator**|Perform searches on mailboxes, SharePoint Online sites, and OneDrive for Business locations.|Communication <br/><br/> Compliance Search <br/><br/> Custodian <br/><br/> Data Investigation Management <br/><br/> Export <br/><br/> Preview <br/><br/> Review <br/><br/> RMS Decrypt <br/><br/> Search And Purge|
-|**Data Security Management**| View all Data Security Analytics insights, use CoPilot for Security, and manage Microsoft Purview data security solutions (Data Loss Prevention, Information Protection, and Insider Risk Management).| Case Management <br/><br/> Custodian <br/><br/> Data Classification Content Viewer <br/><br/> Data Classification List Viewer <br/><br/>Data Connector Admin <br/><br/> Data Map Reader <br/><br/> Data Security Viewer <br/><br/> Information Protection Admin <br/><br/> Information Protection Analyst <br/><br/> Information Protection Investigator <br/><br/> Information Protection Reader <br/><br/> Insider Risk Management Admin <br/><br/> Insider Risk Management Analysis <br/><br/> Insider Risk Management Approval <br/><br/> Insider Risk Management Audit <br/><br/> Insider Risk Management Investigation <br/><br/> Insider Risk Management Reports Administrator <br/><br/> Insider Risk Management Sessions <br/><br/> Insights Reader <br/><br/> Purview Evaluation Administrator <br/><br/> Review <br/><br/> Scan Reader <br/><br/> Source Reader <br/><br/> View-Only Case |
+|**Data Security Management**| View all Data Security Posture Management insights, use CoPilot for Security, and manage Microsoft Purview data security solutions (Data Loss Prevention, Information Protection, and Insider Risk Management).| Case Management <br/><br/> Custodian <br/><br/> Data Classification Content Viewer <br/><br/> Data Classification List Viewer <br/><br/>Data Connector Admin <br/><br/> Data Map Reader <br/><br/> Data Security Viewer <br/><br/> Information Protection Admin <br/><br/> Information Protection Analyst <br/><br/> Information Protection Investigator <br/><br/> Information Protection Reader <br/><br/> Insider Risk Management Admin <br/><br/> Insider Risk Management Analysis <br/><br/> Insider Risk Management Approval <br/><br/> Insider Risk Management Audit <br/><br/> Insider Risk Management Investigation <br/><br/> Insider Risk Management Reports Administrator <br/><br/> Insider Risk Management Sessions <br/><br/> Insights Reader <br/><br/> Purview Evaluation Administrator <br/><br/> Review <br/><br/> Scan Reader <br/><br/> Source Reader <br/><br/> View-Only Case |
 |**Data Source Administrators**|Manage data sources and data scans.|Credential Reader <br/><br/> Credential Writer <br/><br/> Scan Reader <br/><br/> Scan Writer <br/><br/> Source Reader <br/><br/> Source Writer|
 |**eDiscovery Manager**|Members can perform searches and place holds on mailboxes, SharePoint Online sites, and OneDrive for Business locations. Members can also create and manage eDiscovery cases, add and remove members to a case, create and edit Content Searches associated with a case, and access case data in eDiscovery (Premium). <br/><br/> An eDiscovery Administrator is a member of the eDiscovery Manager role group who has been assigned additional permissions. In addition to the tasks that an eDiscovery Manager can perform, an eDiscovery Administrator can:<ul><li>View all eDiscovery cases in the organization.</li><li>Manage any eDiscovery case after they add themselves as a member of the case.</li></ul> <br/><br/> The primary difference between an eDiscovery Manager and an eDiscovery Administrator is that an eDiscovery Administrator can access all cases that are listed on the **eDiscovery cases** page in the compliance portal. An eDiscovery manager can only access the cases they created or cases they're a member of. For more information about making a user an eDiscovery Administrator, see [Assign eDiscovery permissions in the compliance portal](/purview/ediscovery-assign-permissions).|Case Management <br/><br/> Communication <br/><br/> Compliance Search <br/><br/> Custodian <br/><br/> Export <br/><br/> Hold <br/><br/> Manage Review Set Tags <br/><br/> Preview <br/><br/> Review <br/><br/> RMS Decrypt|
 |**Exact Data Match Upload Admins**|Upload data for Exact Data Match.|Exact Data Match Upload Admin|
@@ -160,7 +160,7 @@ Roles that aren't assigned to the Organization Management role group by default
 |<sup>\*</sup>**Data Investigation Management**|Create, edit, delete, and control access to data investigation.|Compliance Administrator <br/><br/> Data Investigator|
 |<sup>\*</sup>**Data Map Reader**|Read actions on data map objects.|Compliance Administrator <br/><br/> Data Catalog Curators <br/><br/> Data Estate Insights Readers <br/><br/> Information Protection <br/><br/> Information Protection Admins <br/><br/> Information Protection Analysts <br/><br/> Information Protection Investigators|
 |<sup>\*</sup>**Data Map Writer**|Create, read, modify, and delete actions on data map objects and establish relationships between objects.|Data Catalog Curators|
-| **Data Security Viewer** | View access to Data Security Analytics dashboard insights. Allows users to use Copilot for Security to view details.| Data Security Management |
+| **Data Security Viewer** | View access to Data Security Posture Management dashboard insights. Allows users to use Copilot for Security to view details.| Data Security Management |
 |**Device Management**|View and edit settings and reports for device management features.|Compliance Administrator <br/><br/> Compliance Data Administrator <br/><br/> Organization Management <br/><br/> Security Administrator|
 |<sup>\*</sup>**Disposition Management**|Control permissions for accessing Manual Disposition in the Defender and compliance portals.|Compliance Administrator <br/><br/> Compliance Data Administrator <br/><br/> Records Management|
 |**DLP Compliance Management**|View and edit settings and reports for data loss prevention (DLP) policies.|Compliance Administrator <br/><br/> Compliance Data Administrator <br/><br/> Organization Management <br/><br/> Security Administrator|
diff --git a/defender-office-365/tenant-allow-block-list-email-spoof-configure.md b/defender-office-365/tenant-allow-block-list-email-spoof-configure.md
@@ -55,10 +55,10 @@ This article describes how admins can manage entries for email senders in the Mi
 
 - You need to be assigned permissions before you can do the procedures in this article. You have the following options:
   - [Microsoft Defender XDR Unified role based access control (RBAC)](/defender-xdr/manage-rbac) (If **Email & collaboration** \> **Defender for Office 365** permissions is :::image type="icon" source="media/scc-toggle-on.png" border="false"::: **Active**. Affects the Defender portal only, not PowerShell): **Authorization and settings/Security settings/Detection tuning (manage)** or **Authorization and settings/Security settings/Core security settings (read)**.
-  - [Exchange Online permissions](/exchange/permissions-exo/permissions-exo) in the  **Exchange admin center** at <https://admin.exchange.microsoft.com> \> **Roles** \> **Admin Roles**:
+  - [Exchange Online permissions](/exchange/permissions-exo/permissions-exo):
     - *Add and remove entries from the Tenant Allow/Block List*: Membership in one of the following role groups:
       - **Organization Management** or **Security Administrator** (Security admin role).
-      - **Security Operator** (Tenant AllowBlockList Manager role)
+      - **Security Operator** (Tenant AllowBlockList Manager role): This permission works only when assigned directly in the **Exchange admin center** at <https://admin.exchange.microsoft.com> \> **Roles** \> **Admin Roles**.
     - *Read-only access to the Tenant Allow/Block List*: Membership in one of the following role groups:
       - **Global Reader**
       - **Security Reader**
diff --git a/defender-office-365/tenant-allow-block-list-files-configure.md b/defender-office-365/tenant-allow-block-list-files-configure.md
@@ -58,7 +58,7 @@ This article describes how admins can manage entries for files in the Microsoft
   - [Exchange Online permissions](/exchange/permissions-exo/permissions-exo):
     - _Add and remove entries from the Tenant Allow/Block List_: Membership in one of the following role groups:
       - **Organization Management** or **Security Administrator** (Security admin role).
-      - **Security Operator** (Tenant AllowBlockList Manager).
+      - **Security Operator** (Tenant AllowBlockList Manager role): This permission works only when assigned directly in the **Exchange admin center** at <https://admin.exchange.microsoft.com> \> **Roles** \> **Admin Roles**.
     - _Read-only access to the Tenant Allow/Block List_: Membership in one of the following role groups:
       - **Global Reader**
       - **Security Reader**
diff --git a/defender-office-365/tenant-allow-block-list-ip-addresses-configure.md b/defender-office-365/tenant-allow-block-list-ip-addresses-configure.md
@@ -53,7 +53,7 @@ This article describes how admins can manage entries for IPv6 addresses in the M
   - [Exchange Online permissions](/exchange/permissions-exo/permissions-exo):
     - _Add and remove entries from the Tenant Allow/Block List_: Membership in one of the following role groups:
       - **Organization Management** or **Security Administrator** (Security admin role).
-      - **Security Operator** (Tenant AllowBlockList Manager).
+      - **Security Operator** (Tenant AllowBlockList Manager role): This permission works only when assigned directly in the **Exchange admin center** at <https://admin.exchange.microsoft.com> \> **Roles** \> **Admin Roles**.
     - _Read-only access to the Tenant Allow/Block List_: Membership in one of the following role groups:
       - **Global Reader**
       - **Security Reader**
diff --git a/defender-office-365/tenant-allow-block-list-urls-configure.md b/defender-office-365/tenant-allow-block-list-urls-configure.md
@@ -60,7 +60,7 @@ This article describes how admins can manage entries for URLs in the Microsoft D
   - [Exchange Online permissions](/exchange/permissions-exo/permissions-exo):
     - *Add and remove entries from the Tenant Allow/Block List*: Membership in one of the following role groups:
       - **Organization Management** or **Security Administrator** (Security admin role).
-      - **Security Operator** (Tenant AllowBlockList Manager).
+      - **Security Operator** (Tenant AllowBlockList Manager role): This permission works only when assigned directly in the **Exchange admin center** at <https://admin.exchange.microsoft.com> \> **Roles** \> **Admin Roles**.
     - *Read-only access to the Tenant Allow/Block List*: Membership in one of the following role groups:
       - **Global Reader**
       - **Security Reader**
diff --git a/defender-vulnerability-management/fixed-reported-inaccuracies.md b/defender-vulnerability-management/fixed-reported-inaccuracies.md
@@ -13,7 +13,7 @@ ms.collection:
   - tier2
 ms.localizationpriority: medium
 ms.topic: troubleshooting
-ms.date: 10/11/2024
+ms.date: 11/13/2024
 ---
 
 # Vulnerability support in Microsoft Defender Vulnerability Management
@@ -40,6 +40,14 @@ The following tables present the relevant vulnerability information organized by
 | 70377 | Fixed incorrect detections in Microsoft Teams by excluding Vida from the Teams normalization rule | 09-Oct-24 |
 | 74420 | Fixed incorrect detections in Toggl Track by excluding WeChat from the Toggl Track normalization rule | 09-Oct-24 |
 | 76607 | Fixed inaccuracy in Scooter Software | 09-Oct-24 |
+| 71665 | Fixed inaccuracy in Hoppscotch vulnerabilities - CVE-2023-34097 & CVE-2024-27092 | 29-Oct-24 |
+| 74054 | Fixed inaccuracy in Acronis vulnerability - CVE-2022-45449 | 29-Oct-24 |
+| 75229 | Fixed inaccuracy in OpenSSL vulnerability- CVE-2024-6119 | 29-Oct-24 |
+| 75353 | Fixed inaccuracy in Primx vulnerability- CVE-2018-16518 | 29-Oct-24 |
+| 76133 | Fixed inaccuracy in Microsoft Teams vulnerability - CVE-2024-38197 | 29-Oct-24 |
+| 79136 | Fixed inaccuracy in Acronis vulnerability -CVE-2023-48678 | 29-Oct-24 |
+| 75671 | Fixed inaccurate published date in CVE-2024-26167 | 29-Oct-24 |
+| - | Fixed inaccuracy in 4 CVEs - CVE-2016-6297, CVE-2016-6296, CVE-2016-6290 and CVE-2016-4694 by removing macOS CPEs | 29-Oct-24 |
 
 ## September 2024
 
diff --git a/exposure-management/enterprise-exposure-map.md b/exposure-management/enterprise-exposure-map.md
@@ -6,7 +6,7 @@ author: dlanger
 manager: rayne-wiselman
 ms.topic: overview
 ms.service: exposure-management
-ms.date: 08/20/2024
+ms.date: 11/13/2024
 ---
 
 # Explore with the attack surface map
@@ -46,6 +46,14 @@ The exposure map gives you visibility into asset connections.
 
 :::image type="content" source="media/value-data-connectors/attack map data connectors.png" alt-text="Screenshot of the attack surface exposure map." lightbox="media/value-data-connectors/attack map data connectors.png":::
 
+1. Open the side panel to view asset details.
+   - **General**: View general information about the asset, including **Type**, **IDs**, and **Discovery source**.
+   - **All data**: View all data about the asset, including **Categories**, **Node Properties**, **Metadata**, and **IDs**.
+   - **Top Vulnerabilities**: View up to the top 100 CVEs (by severity) on the asset.
+   - **Findings**: View all the security findings on the asset.
+
+    :::image type="content" source="media/enterprise-exposure-map/attack-surface-exposure-map-sidepane.png" alt-text="Screenshot of attack surface map side pane" lightbox="media/enterprise-exposure-map/attack-surface-exposure-map-sidepane.png":::
+
 ## Next steps
 
 [Work with attack paths](work-attack-paths-overview.md).
diff --git a/exposure-management/media/enterprise-exposure-map/attack-surface-exposure-map-sidepane.png b/exposure-management/media/enterprise-exposure-map/attack-surface-exposure-map-sidepane.png
diff --git a/exposure-management/media/enterprise-exposure-map/attack-surface-exposure-map.png b/exposure-management/media/enterprise-exposure-map/attack-surface-exposure-map.png
diff --git a/exposure-management/work-attack-paths-overview.md b/exposure-management/work-attack-paths-overview.md
@@ -6,7 +6,7 @@ author: dlanger
 manager: rayne-wiselman
 ms.topic: overview
 ms.service: exposure-management
-ms.date: 08/20/2024
+ms.date: 11/13/2024
 ---
 
 # Overview of attack paths
@@ -43,8 +43,7 @@ Here's how Exposure Management helps you to identify and resolve attack paths.
   - **Grouping**: Security Exposure Management groups choke point nodes where multiple attack paths flow or intersect on the way to a critical asset.
   - **Strategic Mitigation**: Choke point visibility enables you to focus mitigation efforts strategically, addressing multiple attack paths by securing these critical points.
   - **Protection**: Ensuring that choke points are secure protects your assets from threats.
-- **Blast radius**: Allows users to visually explore the paths from a choke point. It provides a detailed visualization showing how the compromise of one asset could affect others, enabling security teams to assess the broader implications of an attack and prioritize mitigation strategies more effectively.
-
+- **Blast radius**: Allows users to visually explore the highest-risk paths from a choke point. It provides a detailed visualization showing how the compromise of one asset could affect others, enabling security teams to assess the broader implications of an attack and prioritize mitigation strategies more effectively.
 
 ## Next steps
 
