Merge pull request #2425 from MicrosoftDocs/main

Published main to live, Monday 5:00 PM IST, 01/13

Author: padmagit77

CloudAppSecurityDocs/activity-filters-queries.md

@@ -20,8 +20,11 @@ Below is a list of the activity filters that can be applied. Most filters suppor
 - Activity objects – Search for the objects the activity was done on. This filter applies to files, folders, users, or app objects.
     - Activity object ID - the ID of the object (file, folder, user, or app ID).
 
-    - Item - Enables you to search by the name or ID of any activity object (for example, user names, files, parameters, sites). For the **Activity object Item** filter, you can select whether to filter for items that **Contain**, **Equal**, or **Starts with** the specific item.
+    - Item - Enables you to search by the name or ID of any activity object (for example, user names, files, parameters, sites). For the **Activity object Item** filter, you can select whether to filter for items that **Contains**, **Equals**, or **Starts with** the specific item.
 
+    > [!NOTE]
+    > Activity-Policy's **Activity object Item** filter supports the **Equals** operator only.
+  
 - Action type - Search for a more specific action performed in an app.
 
 - Activity type - Search for the app activity.

defender-xdr/create-custom-rbac-roles.md

@@ -12,7 +12,7 @@ ms.collection:
 - tier3
 ms.custom: 
 ms.topic: how-to
-ms.date: 10/31/2024
+ms.date: 11/17/2024
 ms.reviewer: 
 search.appverid: met150
 ---
@@ -30,6 +30,7 @@ search.appverid: met150
 - [Microsoft Defender Vulnerability Management](/defender-vulnerability-management/defender-vulnerability-management)
 - [Microsoft Defender for Cloud](/azure/defender-for-cloud/defender-for-cloud-introduction)
 - [Microsoft Security Exposure Management](/security-exposure-management/)
+- [Microsoft Defender for Cloud Apps](/defender-cloud-apps/what-is-defender-for-cloud-apps)
 
 ## Create a custom role
 

defender-xdr/custom-permissions-details.md

@@ -12,7 +12,7 @@ ms.collection:
 - tier3
 ms.custom:
 ms.topic: how-to
-ms.date: 08/03/2023
+ms.date: 11/17/2024
 ms.reviewer:
 search.appverid: met150
 ---
@@ -32,6 +32,7 @@ In Microsoft Defender XDR Unified role-based access control (RBAC) you can selec
 - [Microsoft Defender Vulnerability Management](/defender-vulnerability-management/defender-vulnerability-management)
 - [Microsoft Defender for Cloud](/azure/defender-for-cloud/defender-for-cloud-introduction)
 - [Microsoft Security Exposure Management](/security-exposure-management/)
+- [Microsoft Defender for Cloud Apps](/defender-cloud-apps/what-is-defender-for-cloud-apps)
 
 <a name='microsoft-365-defender-unified-rbac-permission-details'></a>
 

defender-xdr/edit-delete-rbac-roles.md

@@ -12,7 +12,7 @@ ms.collection:
 - tier3
 ms.custom: 
 ms.topic: how-to
-ms.date: 06/27/2024
+ms.date: 11/17/2024
 ms.reviewer: 
 search.appverid: met150
 ---
@@ -30,6 +30,7 @@ search.appverid: met150
 - [Microsoft Defender Vulnerability Management](/defender-vulnerability-management/defender-vulnerability-management)
 - [Microsoft Defender for Cloud](/azure/defender-for-cloud/defender-for-cloud-introduction)
 - [Microsoft Security Exposure Management](/security-exposure-management/)
+- [Microsoft Defender for Cloud Apps](/defender-cloud-apps/what-is-defender-for-cloud-apps)
 
 In Microsoft Defender XDR Unified role-based access control (RBAC), you can edit and delete custom roles or roles that were imported from Defender for Endpoint, Defender for Identity, or Defender for Office 365.
 
@@ -39,7 +40,7 @@ The following steps guide you on how to edit roles in Microsoft Defender XDR Uni
 
 > [!IMPORTANT]
 > You must be a Global Administrator or Security Administrator in Microsoft Entra ID, or have all the Authorization permissions assigned in Microsoft Defender XDR Unified RBAC to perform this task. For more information on permissions, see [Permission pre-requisites](manage-rbac.md#permissions-prerequisites).
-> Microsoft recommends that you use roles with the fewest permissions. This helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
+> Microsoft recommends that you use roles with the fewest permissions to help improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
 
 1. Sign in to the [Microsoft Defender portal](https://security.microsoft.com) as global administrator or security administrator.
 
@@ -49,7 +50,7 @@ The following steps guide you on how to edit roles in Microsoft Defender XDR Uni
 
 4. Select the role you want to edit. You can only edit one role at a time.
 
-5. Once selected, this opens a flyout pane where you can edit the role:
+5. Once selected, a flyout pane opens where you can edit the role:
 
     :::image type="content" source="/defender/media/defender/m365-defender-rbac-edit-roles.png" alt-text="Screenshot of the edit roles flyout page" lightbox="/defender/media/defender/m365-defender-rbac-edit-roles.png":::
 
@@ -60,7 +61,7 @@ The following steps guide you on how to edit roles in Microsoft Defender XDR Uni
 
 To delete roles in Microsoft Defender XDR Unified RBAC, select the role or roles you want to delete and select **Delete roles**.
 
-If the workload is active, by removing the role all assigned user permission will be deleted.
+If the workload is active, all assigned user permission are deleted by removing the role.
 
 > [!NOTE]
 > After deleting an imported role, the role won't be deleted from the individual product RBAC model. If needed, you can re-import it to the Microsoft Defender XDR Unified RBAC list of roles.
@@ -76,7 +77,7 @@ The Export feature enables you to export the following roles data:
 - The assigned data sources
 - The assigned users or user groups
 
-When a role has multiple assignments, each assignment will be represented as a separate row in the CSV file.
+When a role has multiple assignments, each assignment is represented as a separate row in the CSV file.
 
 The CSV also includes a snapshot of the Defender XDR Unified RBAC activation status for each workload available on the tenant.
 
@@ -97,7 +98,7 @@ The following steps guide you on how to export roles in Microsoft Defender XDR U
 
     :::image type="content" source="/defender/media/defender/m365-defender-rbac-export-roles.png" alt-text="Screenshot of the export roles page" lightbox="/defender/media/defender/m365-defender-rbac-export-roles.png":::
 
-A CSV file containing all the roles data will be generated and downloaded to the local machine.
+A CSV file containing all the roles data is generated and downloaded to the local computer.
 
 ## Next steps
 

defender-xdr/import-rbac-roles.md

@@ -12,7 +12,7 @@ ms.collection:
 - tier3
 ms.custom: 
 ms.topic: how-to
-ms.date: 07/01/2024
+ms.date: 11/17/2024
 ms.reviewer: 
 search.appverid: met150
 ---
@@ -29,14 +29,15 @@ search.appverid: met150
 - [Microsoft Defender for Office 365 P2](https://go.microsoft.com/fwlink/?LinkID=2158212)
 - [Microsoft Defender Vulnerability Management](/defender-vulnerability-management/defender-vulnerability-management)
 - [Microsoft Defender for Cloud](/azure/defender-for-cloud/defender-for-cloud-introduction)
+- [Microsoft Defender for Cloud Apps](/defender-cloud-apps/what-is-defender-for-cloud-apps)
 
 <a name='import-roles-to-microsoft-365-defender-unified-rbac-from-individual-rbac-models'></a>
 
 ## Import roles to Microsoft Defender XDR Unified RBAC from individual RBAC models
 
 You can import existing roles that are maintained as part of individual supported products in Microsoft Defender XDR (for example, Microsoft Defender for Endpoint) to the Microsoft Defender XDR Unified RBAC model.
 
-Importing roles will migrate and maintain the roles with full parity in relation to their permissions and user assignments in the Microsoft Defender XDR Unified RBAC model.
+Importing roles migrates and maintains the roles with full parity in relation to their permissions and user assignments in the Microsoft Defender XDR Unified RBAC model.
 
 > [!NOTE]
 > Once roles are migrated, you can modify the imported roles and change the level of permissions as needed.
@@ -45,7 +46,7 @@ The following steps guide you on how to import roles into Microsoft Defender XDR
 
 > [!IMPORTANT]
 > You must be a Global Administrator or Security Administrator in Microsoft Entra ID, or have all the **Authorization** permissions assigned in Microsoft Defender XDR Unified RBAC to perform this task. For more information on permissions, see [Permission pre-requisites](manage-rbac.md#permissions-prerequisites).
-> Microsoft recommends that you use roles with the fewest permissions. This helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
+> Microsoft recommends that you use roles with the fewest permissions to help improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
 
 1. Sign in to the [Microsoft Defender portal](https://security.microsoft.com).
 
@@ -72,14 +73,14 @@ The following steps guide you on how to import roles into Microsoft Defender XDR
 
 9. Select **Done** on the confirmation page.
 
-Now that you have imported your roles you will be able to [View and edit roles](edit-delete-rbac-roles.md) and activate the workloads.
+After importing your roles, you are be able to [View and edit roles](edit-delete-rbac-roles.md) and activate the workloads.
 
-For the Microsoft Defender XDR security portal to start enforcing the permissions and assignments configured in your new or imported roles, you'll need to activate the new Defender XDR Unified RBAC model. For more information, see [Activate the workloads](activate-defender-rbac.md).
+You need to activate the new Defender XDR Unified RBAC model to start enforcing the permissions and assignments configured in your new or imported roles within the Microsoft Defender portal. For more information, see [Activate the workloads](activate-defender-rbac.md).
 
-Imported roles appear in the **Permissions and roles** list together with any custom roles you might have created. All imported roles will be marked as **Imported** in the description. Once you edit an imported role it will no longer be marked as **Imported**.
+Imported roles appear in the **Permissions and roles** list together with any custom roles you created. All imported roles are marked as **Imported** in the description. Once you edit an imported role, it will no longer be marked as **Imported**.
 
 > [!NOTE]
-> You can import roles as frequently as required. After you edit an imported role, the changes will not affect the original role where it was imported from. This means you have the option to delete an imported role and re-import the original role, if required. If you import the same role twice you will create a duplicate role.
+> You can import roles as frequently as required. After you edit an imported role, the changes will not affect the original role where it was imported from. This means you have the option to delete an imported role and re-import the original role, if necessary. If you import the same role twice, you create a duplicate role.
 
 ## Next steps
 

defender-xdr/manage-rbac.md

@@ -12,7 +12,7 @@ ms.collection:
 - tier3
 ms.custom: 
 ms.topic: overview
-ms.date: 07/02/2024
+ms.date: 11/17/2024
 ms.reviewer: 
 search.appverid: met150
 ---
@@ -30,6 +30,7 @@ search.appverid: met150
 - [Microsoft Defender Vulnerability Management](/defender-vulnerability-management/defender-vulnerability-management)
 - [Microsoft Defender for Cloud](/azure/defender-for-cloud/defender-for-cloud-introduction)
 - [Microsoft Security Exposure Management](/security-exposure-management/)
+- [Microsoft Defender for Cloud Apps](/defender-cloud-apps/what-is-defender-for-cloud-apps)
 
 Microsoft Defender XDR provides integrated threat protection, detection, and response across endpoints, email, identities, applications, and data within a single portal. Controlling a user's permissions around their access to view data or complete tasks is essential for organizations to minimize the risks associated with unauthorized access.
 
@@ -50,11 +51,10 @@ Centralized permissions management is supported for the following solutions:
 |Microsoft Defender for Identity|Full support for all identity data and actions. </br></br> **Note:** Defender for Identity experiences also adhere to permissions granted from [Microsoft Defender for Cloud Apps](https://security.microsoft.com/cloudapps/permissions/roles). For more information, see [Microsoft Defender for Identity role groups](https://go.microsoft.com/fwlink/?linkid=2202729).|
 |Microsoft Defender for Cloud|Support access management for all Defender for Cloud data that is available in Microsoft Defender portal.|
 |Microsoft Security Exposure Management|Full support for all Exposure Management data and actions, including Microsoft Secure Score data.|
+|Microsoft Defender for Cloud Apps|Full support for all cloud apps data and actions. </br></br> **Note:** Once Unified RBAC is activated, some built-in scoped roles will no longer be supported. For more information, see [Map Microsoft Defender for Cloud Apps permissions to the Microsoft Defender XDR Unified RBAC permissions](compare-rbac-roles.md#map-microsoft-defender-for-cloud-apps-permissions-to-the-microsoft-defender-xdr-unified-rbac-permissions).|
 
 > [!NOTE]
 > Scenarios and experiences controlled by Compliance permissions are still managed in the Microsoft Purview compliance portal.
->
-> This offering isn't currently available for Microsoft Defender for CloudApps.
 
 ## Before you start