MicrosoftDocs
diff --git a/‎advanced-threat-analytics/docfx.json‎
Lines changed: 1 addition & 1 deletion b/‎advanced-threat-analytics/docfx.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎defender-endpoint/TOC.yml‎
Lines changed: 6 additions & 8 deletions b/‎defender-endpoint/TOC.yml‎
Lines changed: 6 additions & 8 deletions
diff --git a/‎defender-endpoint/configure-device-connectivity.md‎
Lines changed: 25 additions & 27 deletions b/‎defender-endpoint/configure-device-connectivity.md‎
Lines changed: 25 additions & 27 deletions
diff --git a/‎defender-endpoint/configure-environment.md‎
Lines changed: 7 additions & 8 deletions b/‎defender-endpoint/configure-environment.md‎
Lines changed: 7 additions & 8 deletions
@@ -42,7 +42,7 @@
     "globalMetadata": {
       "feedback_system": "Standard",
       "author": "AbbyMSFT",
-      "manager": "AbbyMSFT",
+      "manager": "abbyweisberg",
       "ms.author": "abbyweisberg",
       "feedback_github_repo": "MicrosoftDocs/atadocs",
       "feedback_product_url": "https://techcommunity.microsoft.com/t5/Azure-Advanced-Threat-Protection/bd-p/AzureAdvancedThreatProtection",
 
@@ -126,15 +126,13 @@
             - name: Step 2 - Configure device proxy and Internet settings
               href: configure-proxy-internet.md
             - name: Step 3 - Verify client connectivity to service URLs
-              href: verify-connectivity.md
-            
-        - name: Streamlined connectivity
-          items:
-            - name: Onboarding devices using streamlined method
-              href: configure-device-connectivity.md
-            - name: Migrating devices to streamlined method
+              href: verify-connectivity.md        
+            - name: Onboard devices using streamlined method
+              href: configure-device-connectivity.md            
+            - name: Migrate devices to streamlined method
               href: migrate-devices-streamlined.md
-
+            - name: Enable access to service URLs - US government            
+              href: streamlined-device-connectivity-urls-gov.md                       
         - name: Onboard client devices
           items:
           - name: Onboard client devices running Windows or macOS
 
@@ -1,9 +1,10 @@
 ---
 title: Onboarding devices using streamlined connectivity for Microsoft Defender for Endpoint 
 description: Learn how to use a streamlined domain or static IP ranges during onboarding when connecting devices to Microsoft Defender for Endpoint.         
-author: batamig
-ms.author: bagol 
-manager: bagol 
+author: limwainstein
+ms.author: lwainstein
+manager: bagol
+ms.date: 09/29/2025
 ms.topic: how-to
 ms.service: defender-endpoint
 ms.subservice: onboard
@@ -14,7 +15,6 @@ ms.collection:
 ms.reviewer: pahuijbr
 search.appverid: MET150
 audience: ITPro
-ms.date: 06/27/2025
 appliesto:
   - Microsoft Defender for Endpoint Plan 1
   - Microsoft Defender for Endpoint Plan 2
@@ -26,12 +26,15 @@ appliesto:
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
+[!INCLUDE [Prerelease information](../includes/prerelease.md)]
 
 The Defender for Endpoint client might require the use of proxied connections to relevant cloud services. This article describes the streamlined device connectivity method, the prerequisites and provides additional information for verifying connectivity using the new destination(s).
 
-To simplify network configuration and management, you now have the option of onboarding new devices to Defender for Endpoint using a reduced URL set or static IP ranges. For more information on migrating previously onboarded devices, see [Migrating devices to streamlined connectivity](migrate-devices-streamlined.md). 
+To simplify network configuration and management, you can now onboard new devices to Defender for Endpoint using a reduced URL set or static IP ranges. For more information, see [Migrating devices to streamlined connectivity](migrate-devices-streamlined.md).
 
-The Defender for Endpoint-recognized simplified domain: `*.endpoint.security.microsoft.com` consolidates connectivity to the following core Defender for Endpoint services:
+## Defender for Endpoint-recognized simplified domain
+
+The Defender for Endpoint-recognized simplified domain `*.endpoint.security.microsoft.com` (for commercial devices) or `*.endpoint.security.microsoft.us*` (for US government devices - Preview) consolidates connectivity to the following core Defender for Endpoint services:
 
 - Cloud-delivered protection
 - Malware sample submission storage
@@ -43,11 +46,11 @@ For more information on preparing your environment and the updated list of desti
 
 To support network devices without hostname resolution or wildcard support, you can alternatively configure connectivity using dedicated Defender for Endpoint static IP ranges. For more information, see [Configure connectivity using static IP ranges](#option-2-configure-connectivity-using-static-ip-ranges).
 
-> [!NOTE] 
-> - The streamlined connectivity method will **not change how Microsoft Defender for Endpoint functions on a device nor will it change the end-user experience**. Only the URLs or IPs that a device uses to connect to the service will change.
-> - There currently is no plan to deprecate the old, consolidated service URLs. Devices onboarded with "standard" connectivity will continue to function. It is important to ensure connectivity to `*.endpoint.security.microsoft.com` is and remains possible, as future services will require it. This new URL is included in all required URL lists.
-> - Connections to the service leverage certificate pinning and TLS. It is not supported to "break and inspect" traffic. In addition, connections are initiated from a device context, not a user context. Enforcing proxy (user) authentication will disallow (break) connectivity in most cases.
-
+> [!NOTE]
+>
+> - The streamlined connectivity method **doesn't change Defender for Endpoint functionality or end-user experience**. Only the URLs or IPs used for service connectivity have changed.
+> - There are no plans to deprecate old service URLs. Devices onboarded with standard connectivity continue to function. Ensure ongoing connectivity to `*.endpoint.security.microsoft.com` (for commercial devices) or `*.endpoint.security.microsoft.us` (for US government devices - Preview) for future services.
+> - Service connections use certificate pinning and TLS. Traffic inspection is not supported. Connections are device-initiated, not user-initiated. Enforcing proxy (user) authentication breaks connectivity.
 
 ## Prerequisites
 
@@ -75,6 +78,7 @@ Devices must meet specific prerequisites to use the streamlined connectivity met
 - Azure Stack HCI OS, version 23H2 and later.
 
 > [!IMPORTANT]
+>
 > - **Devices running on MMA agent are not supported** on the streamlined connectivity method and will need to continue using the standard URL set (Windows 7, Windows 8.1, Windows Server 2008 R2 MMA, Server 2012 & 2016 not upgraded to modern unified agent). 
 > - Windows Server 2012 R2 and Server 2016 will need to upgrade to unified agent to leverage the new method. <br/>
 > - Windows 10 1607, 1703, 1709, 1803 can leverage the new onboarding option but will use a longer list. For more information, see the [streamlined URL sheet](https://aka.ms/MDE-streamlined-urls).
@@ -107,12 +111,17 @@ Streamlined connectivity allows you to use the following option to configure clo
 
 - [Option 1: Use the simplified domain](#option-1-configure-connectivity-using-the-simplified-domain)
 - [Option 2: Use static IP ranges](#option-2-configure-connectivity-using-static-ip-ranges)
- 
+
 #### Option 1: Configure connectivity using the simplified domain
 
-Configure your environment to allow connections to the simplified Defender for Endpoint domain: `*.endpoint.security.microsoft.com`. For more information, see [Configure your network environment to ensure connectivity with Defender for Endpoint service](configure-environment.md).
+Configure your environment to allow connections to the simplified Defender for Endpoint domain:
+
+- For commercial devices: `*.endpoint.security.microsoft.com`
+- For US government devices (Preview): `*.endpoint.security.microsoft.us`
 
-You must maintain connectivity with remaining required services listed under the [updated list](https://aka.ms/MDE-streamlined-urls). For example, the certification revocation list, Windows Update, SmartScreen services may also need to be accessible dependent on your current networking infrastructure and patching approach.
+For more information, see [Configure your network environment to ensure connectivity with Defender for Endpoint service](configure-environment.md).
+
+You must maintain connectivity with remaining required services listed under the [commercial devices streamlined URL list](https://aka.ms/MDE-streamlined-urls) or [government devices streamlined URL list (Preview)](streamlined-device-connectivity-urls-gov.md). For example, the certification revocation list, Windows Update, SmartScreen services may also need to be accessible dependent on your current networking infrastructure and patching approach.
 
 #### Option 2: Configure connectivity using static IP ranges 
 
@@ -133,14 +142,7 @@ In order to stay up to date on IP ranges, it's recommended to refer to the follo
 | `MicrosoftDefenderForEndpoint` | Cloud-delivered protection, malware sample submission storage, Auto-IR sample storage,  Defender for Endpoint command and control. |
 | `OneDsCollector` | Defender for Endpoint cyber and diagnostic data <br/><br/> Note: The traffic under this service tag isn't limited to Defender for Endpoint and can include diagnostic data traffic for other Microsoft services. |
 
-The following table lists the current static IP ranges covered by the MicrosoftDefenderForEndpoint service tag. For latest list, refer to the [Azure service tags](/azure/virtual-network/service-tags-overview) documentation.
-
-|Geo|IP Ranges|
-|------|-------|
-|US|`20.15.141.0/24` <br/> `20.242.181.0/24` <br/>`20.10.127.0/24`<br/>`13.83.125.0/24`|
-|EU|`4.208.13.0/24` <br/>`20.8.195.0/24`|
-|UK|`20.26.63.224/28` <br/>`20.254.173.48/28`|
-|AU|`68.218.120.64/28` <br/>`20.211.228.80/28`|
+For latest service tags list, refer to the [Azure service tags](/azure/virtual-network/service-tags-overview) documentation.
 
 > [!IMPORTANT]
 > In compliance with Defender for Endpoint security and compliance standards, your data will be processed and stored in accordance with your tenant's physical location. Based on client location, traffic may flow through any of these IP regions (which correspond to Azure datacenter regions). For more information, see [Data storage and privacy](data-storage-privacy.md).  
@@ -185,10 +187,6 @@ Before proceeding, confirm devices meet the [prerequisites](#prerequisites) and
    - [Onboard servers through Microsoft Defender for Endpoint's onboarding experience](onboard-server.md)
    - [Run a detection test on a device to verify it has been properly onboarded to Microsoft Defender for Endpoint](run-detection-test.md)
 
-
 4. Exclude devices from any existing onboarding policies that use the standard onboarding package.
 
-For migrating devices already onboarded to Defender for Endpoint, see [Migrating devices to the streamlined connectivity](migrate-devices-streamlined.md). You must reboot your device and follow specific guidance here.  
-
-
-
+For migrating devices already onboarded to Defender for Endpoint, see [Migrating devices to the streamlined connectivity](migrate-devices-streamlined.md). You must reboot your device and follow specific guidance here.
@@ -14,16 +14,15 @@ ms.collection:
 - tier1
 ms.topic: how-to
 ms.subservice: onboard
-ms.date: 06/11/2025
+ms.date: 10/19/2025
 appliesto:
   - Microsoft Defender for Endpoint Plan 1
   - Microsoft Defender for Endpoint Plan 2
 
 ---
 # STEP 1: Configure your network environment to ensure connectivity with Defender for Endpoint service
 
-
-
+[!INCLUDE [Prerelease information](../includes/prerelease.md)]
 
 Before you onboard devices to Defender for Endpoint, make sure your network is configured to connect to the service, by allowing outbound connection and bypassings HTTPS inspection for the service URLs. The first step of this process involves adding URLs to the allowed domains list if your proxy server or firewall rules prevent access to Defender for Endpoint. This article also includes information about proxy and firewall requirements for older versions of Windows client and Windows Server.
 
@@ -34,13 +33,14 @@ Before you onboard devices to Defender for Endpoint, make sure your network is c
 
 ## Enable access to Microsoft Defender for Endpoint service URLs in the proxy server
 
-The following downloadable spreadsheet lists the services and their associated URLs that devices in your network must be able to connect to. Ensure there are no firewall or network filtering rules to deny access for these URLs. Optionally, you might need to create an *allow* rule specifically for them.
+The following URL lists specify the services and their associated URLs that devices in your network must be able to connect to. Ensure there are no firewall or network filtering rules to deny access for these URLs. Optionally, you might need to create an *allow* rule specifically for them.
 
-|Spreadsheet of domains list| Description|
+|Domains list| Description|
 |--|--|
-| Microsoft Defender for Endpoint consolidated URL list (Streamlined) | Spreadsheet of consolidated URLs. <br/>[Download the spreadsheet here](https://aka.ms/MDE-streamlined-urls).<br><br> **Applicable OS:** <br/>For complete list, see [streamlined connectivity](configure-device-connectivity.md#prerequisites). <br>- Windows 10 1809+<br>- Windows 11<br>- Windows Server 2022 or later<br>- Windows Server 2019<br>- Windows Server 2012 R2, Windows Server 2016 running [Defender for Endpoint modern unified solution](onboard-server.md) (requires installation through MSI). <br>- macOS supported versions running 101.23102.* +  <br/>- Linux supported versions running 101.23102.* + <br><br> **Minimum component versions:**<br/>- anti-malware client: 4.18.2211.5<br/>- Engine: 1.1.19900.2<br/>- Security intelligence: 1.391.345.0<br/> - Xplat version: 101.23102.* +<br/>- Sensor/ KB version: >10.8040.*/ March 8, 2022+<br><br>If you're moving previously onboarded devices to the streamlined approach, see [Migrating device connectivity](migrate-devices-streamlined.md)<br><br>Windows 10 versions 1607, 1703, 1709, 1803 (RS1-RS4) are supported through the streamlined onboarding package but require a longer URL list (see updated URL sheet). These versions don't support reonboarding (must be fully offboarded first). <br><br>Devices running on Windows 7, Windows 8.1, Windows Server 2008 R2 MMA, Servers not upgraded to Unified Agent (MMA) must continue using MMA onboarding method.  
+| Microsoft Defender for Endpoint consolidated URL list (Streamlined) | Spreadsheet of consolidated URLs. <br/>[Download the spreadsheet here](https://aka.ms/MDE-streamlined-urls).<br><br> **Applicable OS:** <br/>For complete list, see [streamlined connectivity](configure-device-connectivity.md#prerequisites). <br>- Windows 10 1809+<br>- Windows 11<br>- Windows Server 2022 or later<br>- Windows Server 2019<br>- Windows Server 2012 R2, Windows Server 2016 running [Defender for Endpoint modern unified solution](onboard-server.md) (requires installation through MSI). <br>- macOS supported versions running 101.23102.* +  <br/>- Linux supported versions running 101.23102.* + <br><br> **Minimum component versions:**<br/>- anti-malware client: 4.18.2211.5<br/>- Engine: 1.1.19900.2<br/>- Security intelligence: 1.391.345.0<br/> - Xplat version: 101.23102.* +<br/>- Sensor/ KB version: >10.8040.*/ March 8, 2022+<br><br>If you're moving previously onboarded devices to the streamlined approach, see [Migrating device connectivity](migrate-devices-streamlined.md)<br><br>Windows 10 versions 1607, 1703, 1709, 1803 (RS1-RS4) are supported through the streamlined onboarding package but require a longer URL list (see updated URL sheet). These versions don't support reonboarding (must be fully offboarded first). <br><br>Devices running on Windows 7, Windows 8.1, Windows Server 2008 R2 MMA, Servers not upgraded to Unified Agent (MMA) must continue using MMA onboarding method. |
+| Microsoft Defender for Endpoint consolidated URL list for Gov/GCC/DoD (Streamlined) - Preview | List of consolidated URLs for service locations, geographic locations, and OS for Gov/GCC/DoD customers <br/>[See the URL list](streamlined-device-connectivity-urls-gov.md).<br><br> **Applicable OS:** <br/>For complete list, see [streamlined connectivity].(configure-device-connectivity.md#prerequisites). <br>- Windows 10 1809+<br>- Windows 11<br>- Windows Server 2022 or later<br>- Windows Server 2019<br>- Windows Server 2012 R2, Windows Server 2016 running [Defender for Endpoint modern unified solution](onboard-server.md) (requires installation through MSI). <br>- macOS supported versions running 101.23102.* +  <br/>- Linux supported versions running 101.23102.* + <br><br> **Minimum component versions:**<br/>- anti-malware client: 4.18.2211.5<br/>- Engine: 1.1.19900.2<br/>- Security intelligence: 1.391.345.0<br/> - Xplat version: 101.23102.* +<br/>- Sensor/ KB version: >10.8040.*/ March 8, 2022+<br><br>If you're moving previously onboarded devices to the streamlined approach, see [Migrating device connectivity](migrate-devices-streamlined.md)<br><br>Windows 10 versions 1607, 1703, 1709, 1803 (RS1-RS4) are supported through the streamlined onboarding package but require a longer URL list (see updated URL sheet). These versions don't support reonboarding (must be fully offboarded first). <br><br>Devices running on Windows 7, Windows 8.1, Windows Server 2008 R2 MMA, Servers not upgraded to Unified Agent (MMA) must continue using MMA onboarding method. | 
 |Microsoft Defender for Endpoint URL list for commercial customers (Standard)| Spreadsheet of specific DNS records for service locations, geographic locations, and OS for commercial customers. <p> [Download the spreadsheet here.](https://aka.ms/MDE-standard-urls) <p> Microsoft Defender for Endpoint Plan 1 and Plan 2 share the same proxy service URLs. In your firewall, open all the URLs where the geography column is WW. For rows where the geography column isn't WW, open the URLs to your specific data location. To verify your data location setting, see [Verify data storage location and update data retention settings for Microsoft Defender for Endpoint](preferences-setup.md). Don't exclude the URL `*.blob.core.windows.net` from any kind of network inspection. Instead, exclude only the blob URLs that are specific to MDE and listed in the spreadsheet of domains list.
-| Microsoft Defender for Endpoint URL list for Gov/GCC/DoD | Spreadsheet of specific DNS records for service locations, geographic locations, and OS for Gov/GCC/DoD customers. <br> [Download the spreadsheet here.](https://aka.ms/MDE-gov-urls) |
+| Microsoft Defender for Endpoint URL list for Gov/GCC/DoD (Standard) | Spreadsheet of specific DNS records for service locations, geographic locations, and OS for Gov/GCC/DoD customers. <br> [Download the spreadsheet here.](https://aka.ms/MDE-gov-urls) |
 
 > [!IMPORTANT]
 > - Connections are made from the context of the operating system or the Defender client services and as such, proxies shouldn't require authentication for these destinations or perform inspection (HTTPS scanning / SSL inspection) that breaks the secure channel.
@@ -75,4 +75,3 @@ For devices with no direct internet connection, the use of a proxy solution is t
 ## Next step
 
 [STEP 2: Configure your devices to connect to the Defender for Endpoint service using a proxy](configure-proxy-internet.md).
-