Merge branch 'public' into patch-1

Author: chrisda

CloudAppSecurityDocs/governance-actions.md

@@ -83,6 +83,13 @@ The following governance actions can be taken for connected apps either on a spe
 
   - **Trash** – Move the file to the trash folder. (Box, Dropbox, Google Drive, OneDrive, SharePoint)
 
+> [!NOTE]
+> These actions are restricted to users with specific administrative roles. If the options described are not visible or accessible, please confirm with your system administrator that your account has one of the following roles assigned:
+ - Security Operator
+ - Security administrator
+ - Global administrator
+ - Cloud app security administrator
+   
 :::image type="content" source="media/governance-actions/governance-actions-dropbox-google-workspace.png" alt-text="Screenshot that shows malware governance actions." lightbox="media/governance-actions/governance-actions-dropbox-google-workspace.png":::
 
 > [!NOTE]

CloudAppSecurityDocs/release-notes.md

@@ -29,9 +29,18 @@ For news about earlier releases, see [Archive of past updates for Microsoft Defe
 
 ## June 2025
 
+### “Behaviors” data type in Microsoft Defender for Cloud Apps - General Availability
+
+The **Behaviors** data type significantly enhances overall threat detection accuracy by reducing alerts on generic anomalies and surfacing alerts only when observed patterns align with real security scenarios. You can now use **Behaviors** to conduct investigations in [Advanced Hunting](https://learn.microsoft.com/defender-xdr/advanced-hunting-overview), build better [custom detections](https://learn.microsoft.com/defender-xdr/custom-detection-rules) based on behavioral signals, and benefit from automatic inclusion of context-related behaviors into [incidents](https://learn.microsoft.com/defender-xdr/incidents-overview). This provides clearer context and helps security operations teams to reduce alert fatigue, prioritize, and respond more efficiently.
+
+For more information, see:
+- [Investigate behaviors with advanced hunting](/defender-cloud-apps/behaviors).
+- [TechCommunity Blog](https://techcommunity.microsoft.com/blog/microsoftthreatprotectionblog/transform-the-way-you-investigate-by-using-behaviors--new-detections-in-xdr-star/3825154).
+
 ### New Dynamic Threat Detection model
 
 Microsoft Defender for Cloud Apps new dynamic threat detection model continuously adapts to the ever-changing SaaS apps threat landscape. This approach ensures your organization remains protected with up-to-date detection logic without the need for manual policy updates or reconfiguration. Several legacy anomaly detection policies have already been seamlessly transitioned to this adaptive model, delivering smarter and more responsive security coverage.
+
 For more information, see [Create Defender for Cloud Apps anomaly detection policies](anomaly-detection-policy.md).
 
 
@@ -111,7 +120,7 @@ Defender for Cloud Apps customers can now configure Role-Based Access Control (R
 For more information, see:
 
 - [Configure admin access](/defender-cloud-apps/manage-admins)
-- [Investigate behaviors with advanced hunting (Preview)](/defender-cloud-apps/behaviors)
+- [Investigate behaviors with advanced hunting](/defender-cloud-apps/behaviors)
 
 ## February 2025
 

defender-endpoint/ios-new-ux.md

@@ -20,22 +20,19 @@ search.appverid: met150
 
 # User Experiences in Microsoft Defender for Endpoint on iOS
 
-As part of our ongoing commitment to delivering an exceptional user experience, we're excited to announce a series of upcoming enhancements to the user interface and overall experience of our **Microsoft Defender for Endpoint** mobile app.
-
-These updates are designed to improve usability, streamline navigation, and ensure that app meets the evolving needs of our users.
+As part of our ongoing commitment to delivering an exceptional user experience, we are excited to announce a series of upcoming changes to the user interface and overall experience of our MDE mobile app. These enhancements are designed to improve usability, streamline navigation, and ensure our app meets the evolving needs of our users. This document outlines the planned updates for MDE Mobile users.
 
 ## Key changes
 
-We're pleased to introduce the Device Protection feature card for our enterprise users, which includes **Web Protection**, **Device Health**, and **Jail break** features that are designed to be more user-friendly and accessible.
-
-The updated cards also include **recommendation cards**, which prominently display any active alerts, keeping you informed. Features are now displayed as tiles to improve user experience and navigation efficiency.
+We are pleased to introduce the **Device Protection** feature card for our enterprise users which includes Web Protection, Device Health and Jail break feature that has been designed to be more user-friendly and accessible. The updated feature cards now include recommendation cards. The first recommendation card will prominently display any active alerts, ensuring you stay informed. Additionally, a list of features will now be presented in the form of tiles as a part of L2 screens enhancing ease of use and navigation.
 
 **The main changes involved are**:
 
 - Main dashboard changes
 - List the features inside one feature card
 - Detailed features experience
 - Recommendation cards for alerts
+- Onboarding screens
 
 ### Main Dashboard changes
 
@@ -72,3 +69,61 @@ The structure of the dashboard is updated to include a recommendation card that
 2. **Device Health (iOS Update)**
 
     :::image type="content" source="media/mde-ios-device-health-rec-card.png" alt-text="Screenshot that shows the device health recommendation card feature on the MDE iOS app." lightbox="media/mde-ios-device-health-rec-card.png":::
+
+### Onboarding Screens
+
+This sections details these changes:
+
+* VPN Permission flow while Onboarding
+
+* VPN Permission flow after Onboarding
+
+* TVM EUPI Screen
+
+### VPN Permission flow while Onboarding 
+
+This is the main VPN Permission screen that will appear to the enterprise's users as per our latest rollout of enhancements in the application. 
+
+:::row:::
+   :::column span="":::
+
+      #### Before
+
+      :::image type="content" source="media/ios-vpn-before.png" alt-text="Screenshot that shows the Microsoft Defender for Endpoint mobile iOS setup before the new update." lightbox="media/mde-ios-main-dash-new.png":::
+
+   :::column-end:::
+   :::column span="":::
+
+      #### Now
+
+      :::image type="content" source="media/ios-vpn-after.png" alt-text="Screenshot that shows the Microsoft Defender for Endpoint mobile iOS setup after the new update." lightbox="media/mde-ios-main-dash-new.png":::
+
+   :::column-end:::
+:::row-end:::
+
+### VPN Permission flow after Onboarding
+
+This screen is seen when the VPN configuration is deleted from user's device, and the VPN needs to be re-enabled.
+
+:::image type="content" source="media/ios-vpn-re-enable.png" alt-text="Screenshot that shows the Microsoft Defender for Endpoint mobile iOS re-enable screen." lightbox="media/mde-ios-list-new.png":::
+
+### TVM EUPI Screen
+
+We've enhanced the TVM EUPI screen as made it align with our current code flow.
+
+:::row:::
+   :::column span="":::
+
+      #### Before
+
+      :::image type="content" source="media/ios-tvm-before.png" alt-text="Screenshot that shows the Microsoft Defender for Endpoint mobile iOS TVM EUPI screen before the new update." lightbox="media/mde-ios-main-dash-new.png":::
+
+   :::column-end:::
+   :::column span="":::
+
+      #### Now
+
+      :::image type="content" source="media/ios-tvm-after.png" alt-text="Screenshot that shows the Microsoft Defender for Endpoint mobile iOS TVM EUPI after the new update." lightbox="media/mde-ios-main-dash-new.png":::
+
+   :::column-end:::
+:::row-end:::

defender-endpoint/media/ios-tvm-after.png

@@ -17,7 +17,7 @@ ms.collection:
 description: Admins can learn about anti-malware protection and anti-malware policies that protect against viruses, spyware, and ransomware in Exchange Online Protection (EOP).
 ms.custom: seo-marvel-apr2020
 ms.service: defender-office-365
-ms.date: 05/13/2025
+ms.date: 06/24/2025
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/eop-about" target="_blank">Exchange Online Protection</a>
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 1 and Plan 2</a>
@@ -94,7 +94,7 @@ In the Microsoft Defender portal, you can select from a list of additional file
 
 - **Default file types**: `ace, ani, apk, app, appx, arj, bat, cab, cmd, com, deb, dex, dll, docm, elf, exe, hta, img, iso, jar, jnlp, kext, lha, lib, library, lnk, lzh, macho, msc, msi, msix, msp, mst, pif, ppa, ppam, reg, rev, scf, scr, sct, sys, uif, vb, vbe, vbs, vxd, wsc, wsf, wsh, xll, xz, z`.
 
-- **Additional file types to select in the Defender portal**: `7z, 7zip, a, accdb, accde, action, ade, adp, appxbundle, asf, asp, aspx, avi, bas, bin, bundle, bz, bz2, bzip2, caction, cer, chm, command, cpl, crt, csh, css, der, dgz, dmg, doc, docx, dos, dot, dotm, dtox [sic], dylib, font, fxp, gadget, gz, gzip, hlp, Hta, htm, html, imp, inf, ins, ipa, isp, its, js, jse, ksh, Lnk, lqy, mad, maf, mag, mam, maq, mar, mas, mat, mau, mav, maw, mda, mdb, mde, mdt, mdw, mdz, mht, mhtml, mscompress, msh, msh1, msh1xml, msh2, msh2xml, mshxml, msixbundle, o, obj, odp, ods, odt, one, onenote, ops, os2, package, pages, pbix, pcd, pdb, pdf, php, pkg, plg, plugin, pps, ppsm, ppsx, ppt, pptm, pptx, prf, prg, ps1, ps1xml, ps2, ps2xml, psc1, psc2, pst, pub, py, rar, rpm, rtf, scpt, service, sh, shb, shs, shtm, shx, so, tar, tarz, terminal, tgz, tmp, tool, url, vhd, vsd, vsdm, vsdx, vsmacros, vss, vssx, vst, vstm, vstx, vsw, w16, workflow, ws, xhtml, xla, xlam, xls, xlsb, xlsm, xlsx, xlt, xltm, xltx, xnk, zi, zip, zipx`.
+- **Additional file types to select in the Defender portal**: `7z, 7zip, accdb, accde, action, ade, adp, appxbundle, asf, asp, aspx, avi, bas, bin, bundle, bz, bz2, bzip2, caction, cer, chm, command, cpl, crt, csh, css, der, dgz, dmg, doc, docx, dos, dot, dotm, dtox [sic], dylib, font, fxp, gadget, gz, gzip, hlp, Hta, htm, html, imp, inf, ins, ipa, isp, its, js, jse, ksh, Lnk, lqy, mad, maf, mag, mam, maq, mar, mas, mat, mau, mav, maw, mda, mdb, mde, mdt, mdw, mdz, mht, mhtml, mscompress, msh, msh1, msh1xml, msh2, msh2xml, mshxml, msixbundle, o, obj, odp, ods, odt, one, onenote, ops, os2, package, pages, pbix, pcd, pdb, pdf, php, pkg, plg, plugin, pps, ppsm, ppsx, ppt, pptm, pptx, prf, prg, ps1, ps1xml, ps2, ps2xml, psc1, psc2, pst, pub, py, rar, rpm, rtf, scpt, service, sh, shb, shs, shtm, shx, so, tar, tarz, terminal, tgz, tmp, tool, url, vhd, vsd, vsdm, vsdx, vsmacros, vss, vssx, vst, vstm, vstx, vsw, w16, workflow, ws, xhtml, xla, xlam, xls, xlsb, xlsm, xlsx, xlt, xltm, xltx, xnk, zi, zip, zipx`.
 
 When files are detected by the common attachments filter, you can choose to **Reject the message with a non-delivery report (NDR)** or **Quarantine the message**.