Merge branch 'main' into diannegali-mdecustomapk

Author: diannegali

defender-endpoint/TOC.yml

@@ -108,15 +108,15 @@
         items:
         - name: Overview
           href: mde-planning-guide.md
-        - name: Step 1 - Set up Defender for Endpoint deployment
+        - name: Step 1 - Prepare for deployment
           href: production-deployment.md
         - name: Step 2 - Assign roles and permissions
           href: prepare-deployment.md
-        - name: Step 3 - Identify your architecture and deployment method
+        - name: Step 3 - Identify your architecture and select a deployment method
           href: deployment-strategy.md
-        - name: Step 4 - Onboard devices
+        - name: Step 4 - Onboard devices to Defender for Endpoint
           href: onboarding.md
-        - name: Step 5 - Configure Microsoft Defender for Endpoint capabilities
+        - name: Step 5 - Configure Defender for Endpoint capabilities
           href: onboard-configure.md
 
       - name: Onboard and configure devices

defender-endpoint/controlled-folders.md

@@ -3,7 +3,7 @@ title: Protect important folders from ransomware from encrypting your files with
 description: Files in default folders can be protected from changes through malicious apps. Prevent ransomware from encrypting your files.
 ms.service: defender-endpoint
 ms.localizationpriority: medium
-ms.date: 03/04/2025
+ms.date: 04/15/2025
 author: denisebmsft
 ms.author: deniseb
 audience: ITPro
@@ -38,6 +38,7 @@ search.appverid: met150
 ## What is controlled folder access?
 
 Controlled folder access helps protect your valuable data from malicious apps and threats, such as ransomware. Controlled folder access protects your data by checking apps against a list of known, trusted apps. Controlled folder access can be configured by using the Windows Security App, Microsoft Endpoint Configuration Manager, or Intune (for managed devices). Controlled folder access is supported on:
+
 - Windows 11
 - Windows 10
 - Windows Server 2025
@@ -92,8 +93,10 @@ Default folders appear in the user's profile, under **This PC**, as shown in the
 
 ![Protected Windows default systems folders](media/defaultfolders.png)
 
+The same profile folders are also protected for system accounts, such as `LocalService`, `NetworkService`, `systemprofile`, and so on. For example, `C:\Windows\System32\config\systemprofile\Documents` is also protected (if it exists).
+
 > [!NOTE]
-> You can configure more folders as protected, but you can't remove the Windows system folders that are protected by default.
+> You can configure more folders as protected, but you can't remove Windows system folders that are protected by default.
 
 ## Requirements for controlled folder access
 
@@ -150,7 +153,7 @@ You can use the Windows Security app to view the list of folders that are protec
 
 4. If controlled folder access is turned off, you need to turn it on. Select **protected folders**.
 
-5. Do one of the following steps:
+5. Take one of the following steps:
 
    - To add a folder, select **+ Add a protected folder**.
    - To remove a folder, select it, and then select **Remove**.

defender-endpoint/defender-endpoint-trial-user-guide.md

@@ -69,7 +69,7 @@ This playbook is a simple guide to help you make the most of your free trial. Us
 
 To make sure your Defender for Endpoint subscription is properly provisioned, you can check your license state in either the Microsoft 365 admin center ([https://admin.microsoft.com](https://admin.microsoft.com)) or Microsoft Entra ID ([https://portal.azure.com](https://portal.azure.com/#blade/Microsoft_AAD_IAM/LicensesMenuBlade/Products)).
 
-[Check your license state](production-deployment.md#check-license-state).
+[Check your license state](production-deployment.md#check-your-license-state).
 
 ## Step 2: Set up role-based access control and grant permissions to your security team
 

defender-endpoint/deployment-strategy.md

@@ -1,5 +1,5 @@
 ---
-title: Identify Defender for Endpoint architecture and deployment method
+title: Identify your architecture and select a deployment method for Defender for Endpoint
 description: Select the best Microsoft Defender for Endpoint deployment strategy for your environment.
 ms.service: defender-endpoint
 ms.author: deniseb
@@ -13,10 +13,10 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: onboard
 search.appverid: met150
-ms.date: 12/12/2024
+ms.date: 04/15/2025
 ---
 
-# Identify Defender for Endpoint architecture and deployment method
+# Identify your architecture and select a deployment method for Defender for Endpoint
 
 **Applies to:**
 
@@ -26,7 +26,7 @@ ms.date: 12/12/2024
 
 > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://go.microsoft.com/fwlink/p/?linkid=2225630)
 
-If you're already completed the steps to set up your Microsoft Defender for Endpoint deployment, and you have assigned roles and permissions for Defender for Endpoint, your next step is to create a plan for onboarding. Your plan begins with identifying your architecture and choosing your deployment method.
+If you're already completed the steps to [prepare your environment for Defender for Endpoint](production-deployment.md), and you have [assigned roles and permissions for Defender for Endpoint](prepare-deployment.md), your next step is to create a plan for onboarding. This plan should begin with identifying your architecture and choosing your deployment method.
 
 We understand that every enterprise environment is unique, so we've provided several options to give you the flexibility in choosing how to deploy the service. Deciding how to onboard endpoints to the Defender for Endpoint service comes down to two important steps:
 
@@ -43,21 +43,27 @@ Depending on your environment, some tools are better suited for certain architec
 |**On-premises**|For enterprises who want to take advantage of the cloud-based capabilities of Microsoft Defender for Endpoint while also maximizing their investments in Configuration Manager or Active Directory Domain Services, we recommend this architecture.|
 |**Evaluation and local onboarding**|We recommend this architecture for SOCs (Security Operations Centers) who are looking to evaluate or run a Microsoft Defender for Endpoint pilot, but don't have existing management or deployment tools. This architecture can also be used to onboard devices in small environments without management infrastructure, such as a DMZ (Demilitarized Zone).|
 
-## Step 2: Select deployment method
+## Step 2: Select your deployment method
 
-Once you have determined the architecture of your environment and have created an inventory as outlined in the [requirements section](mde-planning-guide.md#requirements), use the table below to select the appropriate deployment tools for the endpoints in your environment. This will help you plan the deployment effectively.
+Once you have determined the architecture of your environment and have created an inventory as outlined in the [requirements section](mde-planning-guide.md#requirements), use the table below to select the appropriate deployment tools for the endpoints in your environment. This information will help you plan the deployment effectively.
 
 |Endpoint|Deployment tool|
 |---|---|
-|**Windows**|[Local script (up to 10 devices)](configure-endpoints-script.md) <br/>  [Group Policy](configure-endpoints-gp.md) <br/>  [Microsoft Intune/ Mobile Device Manager](configure-endpoints-mdm.md) <br/>   [Microsoft Configuration Manager](configure-endpoints-sccm.md) <br/> [VDI scripts](configure-endpoints-vdi.md)|
-|**Windows servers<br/>Linux servers** <br/>(Requires a server license) | [Onboard Windows devices using a local script](configure-endpoints-script.md)<br/>[Integration with Microsoft Defender for Cloud](azure-server-integration.md) |
-|**macOS**|[Local script](mac-install-manually.md) <br/> [Microsoft Intune](mac-install-with-intune.md) <br/> [JAMF Pro](mac-install-with-jamf.md) <br/> [Mobile Device Management](mac-install-with-other-mdm.md)|
-|**Linux servers**|[Local script](linux-install-manually.md) <br/> [Puppet](linux-install-with-puppet.md) <br/> [Ansible](linux-install-with-ansible.md) <br/> [Chef](linux-deploy-defender-for-endpoint-with-chef.md)<br/> [Saltstack](linux-install-with-saltack.md)<br/>[Defender for Endpoint on Linux for ARM64-based devices (preview)](mde-linux-arm.md)|
+| **Windows client devices** |[Microsoft Intune / Mobile Device Management (MDM)](configure-endpoints-mdm.md) <br/>[Microsoft Configuration Manager](configure-endpoints-sccm.md)<br/>[Local script (up to 10 devices)](configure-endpoints-script.md)<br/>[Group Policy](configure-endpoints-gp.md)<br/>[Non-persistent virtual desktop infrastructure (VDI) devices](configure-endpoints-vdi.md)<br/>[Azure Virtual Desktop](onboard-windows-multi-session-device.md)<br/>[System Center Endpoint Protection and Microsoft Monitoring Agent](onboard-downlevel.md) (for previous versions of Windows) |
+|**Windows Server** <br/>(Requires a server plan) | [Local script](configure-endpoints-script.md)<br/>[Integration with Microsoft Defender for Cloud](azure-server-integration.md)<br/>[Guidance for Windows Server with SAP](mde-sap-windows-server.md) |
+|**macOS**| [Intune](mac-install-with-intune.md)<br/>[JAMF Pro](mac-install-with-jamf.md) <br/>[Local script](mac-install-manually.md)(manual deployment) <br/>[MDM tools](mac-install-with-other-mdm.md)|
+|**Linux server**<br/>(Requires a server plan)|[Installer script based deployment](linux-installer-script.md)<br/>[Ansible](linux-install-with-ansible.md)<br/>[Chef](linux-deploy-defender-for-endpoint-with-chef.md)<br/>[Puppet](linux-install-with-puppet.md) <br/>[Saltstack](linux-install-with-saltack.md)<br/>[Manual deployment](linux-install-manually.md)<br/>[Direct onboarding with Defender for Cloud](/azure/defender-for-cloud/onboard-machines-with-defender-for-endpoint)<br/>[Guidance for ARM64-based devices (preview)](mde-linux-arm.md)<br/>[Guidance for Linux with SAP](mde-linux-deployment-on-sap.md)|
 |**Android**|[Microsoft Intune](android-intune.md)|
 |**iOS**|[Microsoft Intune](ios-install.md) <br/> [Mobile Application Manager](ios-install-unmanaged.md) |
 
 > [!NOTE]
-> For devices that aren't managed by Microsoft Intune or Microsoft Configuration Manager, you can use the Security Management for Microsoft Defender for Endpoint to receive security configurations for Microsoft Defender directly from Intune.
+> For devices that aren't managed by Intune or Configuration Manager, you can use the Defender for Endpoint Security Settings Management to receive security configurations directly from Intune.
+> To onboard servers to Defender for Endpoint, [server licenses](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#microsoft-defender-for-endpoint) are required. You can choose from these options:
+>
+> - [Microsoft Defender for Servers Plan 1 or Plan 2](/azure/defender-for-cloud/defender-for-servers-overview) (as part of the Defender for Cloud) offering
+> - Microsoft Defender for Endpoint for servers
+> - [Microsoft Defender for Business servers](/defender-business/get-defender-business#how-to-get-microsoft-defender-for-business-servers) (for small and medium-sized businesses only)
+
 
 ## Next step
 

defender-endpoint/linux-install-manually.md

@@ -151,13 +151,13 @@ In order to preview new features and provide early feedback, it's recommended th
 1. Install `curl` if it isn't installed yet:
 
    ```bash
-   sudo apt-get install curl
+   sudo apt install curl
    ```
 
 2. Install `libplist-utils` if it isn't installed yet:
 
    ```bash
-   sudo apt-get install libplist-utils
+   sudo apt install libplist-utils
    ```
 
    > [!NOTE]
@@ -193,13 +193,13 @@ In order to preview new features and provide early feedback, it's recommended th
 5. Install the `gpg` package if not already installed:
 
    ```bash
-   sudo apt-get install gpg
+   sudo apt install gpg
    ```
 
    If `gpg` isn't available, then install `gnupg`.
 
    ```bash
-   sudo apt-get install gnupg
+   sudo apt install gnupg
    ```
 
 6. Install the Microsoft GPG public key:
@@ -219,13 +219,13 @@ In order to preview new features and provide early feedback, it's recommended th
 7. Install the HTTPS driver if not already installed:
 
    ```bash
-   sudo apt-get install apt-transport-https
+   sudo apt install apt-transport-https
    ```
 
 8. Update the repository metadata:
 
    ```bash
-   sudo apt-get update
+   sudo apt update
    ```
 
 ### Mariner
@@ -313,7 +313,7 @@ sudo zypper install packages-microsoft-com-prod:mdatp
 ### Ubuntu and Debian systems
 
 ```bash
-sudo apt-get install mdatp
+sudo apt install mdatp
 ```
 
 > [!NOTE]
@@ -551,7 +551,7 @@ For manual uninstallation, execute the following command for your Linux distribu
 
 - `sudo yum remove mdatp` for RHEL and variants(CentOS and Oracle Linux).
 - `sudo zypper remove mdatp` for SLES and variants.
-- `sudo apt-get purge mdatp` for Ubuntu and Debian systems.
+- `sudo apt purge mdatp` for Ubuntu and Debian systems.
 - `sudo dnf remove mdatp` for Mariner
 
 ## See also

defender-endpoint/linux-install-with-ansible.md

@@ -216,7 +216,7 @@ ansible-playbook -i  /etc/ansible/hosts /etc/ansible/playbooks/install_mdatp.yml
 
     - name: MDE Deployed
       debug:
-      msg: "MDE succesfully deployed"
+        msg: "MDE succesfully deployed"
 ```
 
 ### How to uninstall Microsoft Defender for Endpoint on Linux Servers

defender-endpoint/media/mde-device-onboarding-ui.png

@@ -1,5 +1,5 @@
 ---
-title: Onboard to Microsoft Defender for Endpoint
+title: Onboard devices to Microsoft Defender for Endpoint
 description: Learn how to onboard endpoints to Microsoft Defender for Endpoint service.
 ms.service: defender-endpoint
 ms.author: deniseb
@@ -20,7 +20,7 @@ search.appverid: met150
 ms.date: 04/03/2024
 ---
 
-# Onboard to Microsoft Defender for Endpoint
+# Onboard devices to Microsoft Defender for Endpoint
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
@@ -35,16 +35,21 @@ ms.date: 04/03/2024
 
 ## Onboard devices using any of the supported management tools
 
-The deployment tool you use influences how you onboard endpoints to the service.
+The deployment tool you use influences how you onboard endpoints to the service. Refer to your selected [deployment method](deployment-strategy.md#step-2-select-your-deployment-method).
 
-To start onboarding your devices:
+If you're onboarding devices in the Microsoft Defender portal, follow these steps:
 
-1. Go to [Select deployment method](deployment-strategy.md#step-2-select-deployment-method).
-2. Choose the Operating System for the devices you wish to Onboard.
-3. Select the tool you plan to use.
-4. Follow the instructions to Onboard your devices.
+1. In the [Microsoft Defender portal](https://security.microsoft.com), go to **Settings** > **Endpoints**, and then, under **Device management**, select **Onboarding**.
 
-This video provides a quick overview of the onboarding process and the different tools and methods.
+   :::image type="content" source="media/mde-device-onboarding-ui.png" alt-text="Screenshot showing device onboarding in the Microsoft Defender portal for Defender for Endpoint.":::
+
+2. Under **Select operating system to start onboarding process**, select the operating system for the device.
+
+3. Under **Connectivity type**, select either **Streamlined** or **Standard**. (See [prerequisites for streamlined connectivity](/defender-endpoint/configure-device-connectivity#prerequisites).)
+
+4. Under **Deployment method**, select an option. Then download the onboarding package (and installation package, if there is one available). Follow the instructions to onboard your devices.
+
+The following video provides a quick overview of the onboarding process and the different tools and methods: 
 
 > [!VIDEO https://learn-video.azurefd.net/vod/player?id=2524ee5d-6a5f-482c-8f69-dc3792577c60]
 
@@ -59,7 +64,7 @@ This table provides an example of the deployment rings you might use:
 |Deployment ring|Description|
 |---|---|
 |Evaluate|Ring 1: Identify 50 devices to onboard to the service for testing.|
-|Pilot|Ring 2: Identify and onboard the next 50-100 endpoints in a production environment. Microsoft Defender for Endpoint supports various endpoints that you can onboard to the service, for more information, see [Select deployment method](deployment-strategy.md#step-2-select-deployment-method).|
+|Pilot|Ring 2: Identify and onboard the next 50-100 endpoints in a production environment. Microsoft Defender for Endpoint supports various endpoints that you can onboard to the service, for more information, see [Select deployment method](deployment-strategy.md#step-2-select-your-deployment-method).|
 |Full deployment|Ring 3: Roll out service to the rest of environment in larger increments. For more information, see [Get started with your Microsoft Defender for Endpoint deployment](mde-planning-guide.md).
 
 ### Exit criteria