Merge branch 'main' into patch-1

Author: denisebmsft

.openpublishing.redirection.defender.json

@@ -194,6 +194,11 @@
       "source_path": "defender-endpoint/collect-diagnostic-data-update-compliance.md",
       "redirect_url": "/defender-endpoint/collect-diagnostic-data",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-endpoint/attack-simulations.md",
+      "redirect_url": "/defender-endpoint/defender-endpoint-demonstrations",
+      "redirect_document_id": true
     }
   ]
 }

defender-endpoint/TOC.yml

@@ -321,8 +321,6 @@
     items:
     - name: Integration with Microsoft Defender for Cloud
       href: azure-server-integration.md
-    - name: Run simulated attacks on devices
-      href: attack-simulations.md
     - name: Create an onboarding or offboarding notification rule
       href: onboarding-notification.md
     - name: Manage Microsoft Defender for Endpoint configuration settings on devices with Microsoft Intune

defender-endpoint/android-whatsnew.md

@@ -14,7 +14,7 @@ ms.collection:
 ms.topic: reference
 ms.subservice: android
 search.appverid: met150
-ms.date: 03/04/2024
+ms.date: 07/15/2024
 ---
 
 # What's new in Microsoft Defender for Endpoint on Android
@@ -27,6 +27,12 @@ ms.date: 03/04/2024
 
 Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-exposedapis-abovefoldlink)
 
+## Network protection
+
+Network protection on Microsoft Defender for Endpoint is now available. Network protection provides protection against rogue Wi-Fi related threats, rogue hardware like pineapple devices, and rogue certificates. It notifies the user if a related threat is detected. Users also see a guided experience to connect to secure networks and change networks when they're connected to an unsecure connection.
+
+> [!IMPORTANT]
+> Network protection feature will soon be enabled by default for all users. The update will be rolled out in a phased manner. As a result, users will be able to see a network protection card in the Defender for Endpoint app, along with App Protection and Web Protection. Users are also required to provide location permission to complete the set up. Admins can change the default value for network protection if they decide not to use it via the Intune App Configuration policies. There are also several admin controls to offer flexibility, including privacy controls to configure the data that's sent by Defender for Endpoint from Android devices. For more information, see [network protection](android-configure.md).
 
 ## Device Tagging
 
@@ -36,7 +42,7 @@ This configuration is available for both the enrolled (MDM) devices and unenroll
 
 ## Microsoft Defender for Endpoint on Company-owned personally enabled devices
 
-MDE is now generally available on AE COPE devices. Enterprises can onboard devices on COPE mode and push MDE to user's devices through the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). With this support, Android Enterprise COPE devices get the full capabilities of our offering on Android, including:
+Defender for Endpoint is now generally available on AE COPE devices. Enterprises can onboard devices on COPE mode and push Defender for Endpoint to user's devices through the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). With this support, Android Enterprise COPE devices get the full capabilities of our offering on Android, including:
 
 - Phishing and web protection.
 - Malware scanning.
@@ -51,28 +57,26 @@ Microsoft Defender for Endpoint on Android enables Privacy Controls for both the
 
 ## Optional Permissions and Disable Web Protection
 
-Microsoft Defender for Endpoint on Android enables **Optional Permissions** in the onboarding flow. Currently the permissions required by MDE are mandatory in the onboarding flow. With this feature, admin can deploy MDE on devices without enforcing the mandatory **VPN** and **Accessibility** permissions during onboarding. End Users can onboard the app without the mandatory permissions and can later review these permissions. This feature is currently present only for unenrolled devices (MAM). For more information, see [optional permissions](android-configure-mam.md#optional-permissions).
+Microsoft Defender for Endpoint on Android enables **Optional Permissions** in the onboarding flow. Currently the permissions required by Defender for Endpoint are mandatory in the onboarding flow. With this feature, admin can deploy Defender for Endpoint on devices without enforcing the mandatory **VPN** and **Accessibility** permissions during onboarding. End Users can onboard the app without the mandatory permissions and can later review these permissions. This feature is currently present only for unenrolled devices (MAM). For more information, see [optional permissions](android-configure-mam.md#optional-permissions).
 
 ## Microsoft Defender on Android enterprise BYOD personal profile
 
 Microsoft Defender for Endpoint is now supported on Android Enterprise personal profile (BYOD only) with all the key features including malware scanning, protection from phishing links, network protection and vulnerability management. This support is coupled with [privacy controls](android-configure.md#privacy-controls) to ensure user privacy on personal profile. For more information, read the [announcement](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/announcing-the-public-preview-of-defender-for-endpoint-personal/ba-p/3370979) and the [deployment guide](android-intune.md#set-up-microsoft-defender-in-personal-profile-on-android-enterprise-in-byod-mode).
 
-## Network protection
 
-Network Protection on Microsoft Defender for Endpoint is now available. Network protection provides protection against rogue Wi-Fi related threats, rogue hardware like pineapple devices and notifies the user if a related threat is detected. Users also see a guided experience to connect to secure networks and change networks when they're connected to an unsecure connection.
-> [!IMPORTANT]
-> Network protection feature will soon be enabled by default for all users. The update will be rolled out in a phased manner. As a result, users will be able to see Network Protection Card in the Defender for Endpoint iOS app along with App Protection and Web Protection. Users are also required to provide Location permission to complete the set up. Admins can change the default value for the Network Protection feature if they decide not to use it via the Intune App Configuration policies. There are also several admin controls to offer flexibility, including privacy controls to configure the data that's sent by Defender for Endpoint from Android devices. For more information, see [network protection](android-configure.md).
+## Microsoft Defender on Android app updates
 
-
-> [!NOTE]
-> Microsoft Defender is no longer supported for versions 1.0.3011.0302 or earlier. Users are requested to upgrade to latest versions to keep their devices secure.
+Microsoft Defender is no longer supported for versions 1.0.3011.0302 or earlier. Users are requested to upgrade to latest versions to keep their devices secure.
 
 To update, users can use the following steps:
 
-> 1. On your work profile, go to Managed Play Store.
-> 2. Tap on the profile icon on the top right corner and select "Manage apps and device".
-> 3. Locate MDE under updates available and select update.
-> If you encounter any issues, [submit in-app feedback](android-support-signin.md#send-in-app-feedback).
+1. On your work profile, go to Managed Play Store.
+
+2. Tap on the profile icon on the top right corner and select **Manage apps and device**.
+
+3. Locate Defender for Endpoint under updates available and select **Update**.
+
+If you encounter any issues, [submit in-app feedback](android-support-signin.md#send-in-app-feedback).
 
 ## Microsoft Defender for Endpoint is now Microsoft Defender in the Play store
 
@@ -84,19 +88,19 @@ On January 25, 2022, we announced the general availability of Vulnerability mana
 
 ## Upcoming permission changes for Microsoft Defender for Endpoint running Android 11 or later (Nov 2021)
 
-Release Build: 1.0.3501.0301
+Release Build: `1.0.3501.0301`
 Release month: Nov 2021
 Microsoft Defender for Endpoint has released this update required by [Google](https://developer.android.com/distribute/play-policies#APILevel30) to upgrade to Android API 30. This change prompts users seeking access to [new storage permission](https://developer.android.com/training/data-storage/manage-all-files#all-files-access-google-play), for devices running Android 11 or later. Users need to accept this new storage permission once they update Defender app with the release build 1.0.3501.0301 or later. This update ensures that Defender for Endpoint's app security feature to function without any disruption. For more information, review the following sections.
 
 **How will this affect your organization:** These changes take effect if you're using Microsoft Defender for Endpoint on devices running Android 11 or later and updated Defender for Endpoint to release build 1.0.3501.0301 or later.
 
 > [!NOTE]
-> The new storage permissions cannot be configured by admin to 'Auto Approve' through Microsoft Intune. User will need to take action to provide access to this permission.
+> The new storage permissions cannot be configured by admin to auto approve through Microsoft Intune. User will need to take action to provide access to this permission.
 
-- **User experience:** Users receive a notification indicating a missing permission for app security. If the user denies this permission, the 'App security' functionality is turned off on the device. If user doesn't accept or deny permission, they'll continue to receive the prompt when unlocking their device or opening the app, until it has been approved.
+- **User experience:** Users receive a notification indicating a missing permission for app security. If the user denies this permission, app security functionality is turned off on the device. If user doesn't accept or deny permission, they continue to receive the prompt when unlocking their device or opening the app, until it's approved.
 
 > [!NOTE]
-> If your organization is previewing 'Tamper protection' feature and if the new storage permissions are not granted by the user within 7 days of updating to the latest version, the user might lose access to corporate resources.
+> If your organization is previewing the tamper protection feature and if the new storage permissions are not granted by the user within 7 days of updating to the latest version, the user might lose access to corporate resources.
 
 **What you need to do to prepare:**
 

defender-endpoint/attack-simulations.md

@@ -15,7 +15,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: ios
 search.appverid: met150
-ms.date: 12/18/2020
+ms.date: 07/15/2024
 ---
 
 # Privacy information - Microsoft Defender for Endpoint on iOS
@@ -48,9 +48,8 @@ Here is a list of the types of data being collected:
 
 ### Device and account information
 
-- Device information such as date & time, iOS version, CPU info, and Device identifier, where Device identifier is one of the following:
-  - Wi-Fi adapter MAC address
-  - Randomly generated globally unique identifier (GUID)
+- Device information such as date and time, iOS version, CPU info, and device identifier (randomly generated globally unique identifier GUID).
+
 - Tenant, Device, and User information
   - Microsoft Entra Device ID and Azure User ID - Uniquely identifies the device, User respectively at Microsoft Entra ID.
   - Azure tenant ID - GUID that identifies your organization within Microsoft Entra ID.