Merge pull request #3214 from MicrosoftDocs/main

Publish main to live, 03/20/25, 10:30 AM PDT

Author: Ruchika-mittal01

.openpublishing.redirection.defender-endpoint.json

@@ -82,8 +82,8 @@
     },
     {
       "source_path": "defender-endpoint/linux-support-rhel.md",
-      "redirect_url": "/defender-endpoint/comprehensive-guidance-on-linux-deployment",
-      "redirect_document_id": true
+      "redirect_url": "/defender-endpoint/linux-installer-script",
+      "redirect_document_id": false
     },
     {
       "source_path": "defender-endpoint/pilot-deploy-defender-endpoint.md",
@@ -105,10 +105,15 @@
       "redirect_url": "/defender-endpoint/overview-client-analyzer",
       "redirect_document_id": false
     },
+    {
+      "source_path": "defender-endpoint/schedule-antivirus-scan-in-mde.md",
+      "redirect_url": "/defender-endpoint/schedule-antivirus-scan-anacron",
+      "redirect_document_id": true
+    },
     {
       "source_path": "defender-endpoint/comprehensive-guidance-on-linux-deployment.md",
       "redirect_url": "/defender-endpoint/linux-installer-script",
       "redirect_document_id": true
-    }    
+    } 
   ]
 }

CloudAppSecurityDocs/cas-compliance-trust.md

@@ -29,7 +29,7 @@ Defender for Cloud Apps operates in the Microsoft Azure data centers in the foll
 |---------|---------|
 |**Customers whose tenants are provisioned in the United States**     |  United States       |
 |**Customers whose tenants are provisioned in the European Union or the United Kingdom**     |    Either the European Union and/or the United Kingdom      |
-|**Customers whose tenants are provisioned in any other region**     |     The United States and/or a data center in the region that's nearest to the location of where the customer's Microsoft Entra tenant has been provisioned    |
+|**Customers whose tenants are provisioned in any other region**     |     The United States and/or a data center in the region that's nearest to the location of where the customer's Microsoft Entra tenant has been provisioned.    |
 
 In addition to the locations above, the App Governance features within Defender for Cloud Apps operate in the Microsoft Azure data centers in the following geographical regions listed below. Customer with App Governance enabled will have data stored within the data storage location the customer provisions in above, and in a second data storage location as described below: 
 
@@ -45,7 +45,7 @@ In addition to the locations above, the App Governance features within Defender
 | **Customers whose tenants are provisioned in Japan** | Japan  |
 | **Customers whose tenants are provisioned in India** | India  |
 | **Customers whose tenants are provisioned in Asia Pacific**  | Asia Pacific  |
-|**Customers whose tenants are provisioned in any other region**     |     The United States and/or a data center in the region that's nearest to the location of where the customer's Microsoft Entra tenant has been provisioned   |
+|**Customers whose tenants are provisioned in any other region**     |     The United States and/or a data center in the region that's nearest to the location of where the customer's Microsoft Entra tenant has been provisioned.   |
 
 Customer data collected by Defender for Cloud Apps is either stored in your tenant location, as described in the previous tables, or in the geographic location of another online service that Defender for Cloud Apps shares data with, as defined by the data storage rules of that online service.
 
@@ -71,4 +71,4 @@ Defender for Cloud Apps shares data, including customer data, among the followin
 
 ## Related content
 
-For more information, see the [Microsoft Service Trust portal](https://www.microsoft.com/en-us/trust-center/product-overview).
+For more information, see the [Microsoft compliance offerings](/compliance/regulatory/offering-nist-sp-800-171).

defender-endpoint/TOC.yml

@@ -294,7 +294,7 @@
               - name: Configure antivirus scans
                 items:
                 - name: Schedule antivirus scans using Anacron
-                  href: schedule-antivirus-scan-in-mde.md
+                  href: schedule-antivirus-scan-anacron.md
                 - name: Schedule antivirus scans using Crontab
                   href: linux-schedule-scan-mde.md
               - name: Network protection for Linux

defender-endpoint/linux-preferences.md

@@ -36,7 +36,7 @@ Microsoft Defender for Endpoint on Linux includes antivirus, anti-malware protec
 | Settings | Description| 
 |--|--|
 | 1. Configure static proxy discovery. | Configuring a static proxy helps ensure that telemetry is submitted and helps avoid network time-outs. Perform this task during and after your Defender for Endpoint installation. <br/><br/> See [Configure Microsoft Defender for Endpoint on Linux for static proxy discovery](linux-static-proxy-configuration.md). |
-| 2. Configure your antivirus scans. | You can schedule automatic antivirus scans by using either Anacron or Crontab. <br/><br/>See the following articles: <br/>- [Use Anacron to schedule an antivirus scan in Microsoft Defender for Endpoint on Linux](/defender-endpoint/schedule-antivirus-scan-in-mde)<br/>- [Use Crontab to schedule an antivirus scan in Microsoft Defender for Endpoint on Linux](/defender-endpoint/linux-schedule-scan-mde) | 
+| 2. Configure your antivirus scans. | You can schedule automatic antivirus scans by using either Anacron or Crontab. <br/><br/>See the following articles: <br/>- [Use Anacron to schedule an antivirus scan in Microsoft Defender for Endpoint on Linux](/defender-endpoint/schedule-antivirus-scan-anacron)<br/>- [Use Crontab to schedule an antivirus scan in Microsoft Defender for Endpoint on Linux](/defender-endpoint/linux-schedule-scan-mde) | 
 | 3. Configure your security settings and policies. | You can use the Microsoft Defender portal (Defender for Endpoint Security Settings Management) or a configuration profile (`.json` file) to configure Defender for Endpoint on Linux. Or, if you prefer, you can use command line to configure certain settings. <br/><br/> See the following articles:<br/>- [Defender for Endpoint Security Settings Management](linux-preferences.md#defender-for-endpoint-security-settings-management) <br/>- [Configuration profile](linux-preferences.md#configuration-profile)<br/>- [Command line](linux-resources.md#configure-from-the-command-line) |
 | 4. Configure and validate exclusions (as appropriate) | You can exclude certain files, folders, processes, and process-opened files from Defender for Endpoint on Linux. Global exclusions apply to real-time protection (RTP), behavior monitoring (BM), and endpoint detection and response (EDR), thus stopping all the associated antivirus detections, EDR alerts, and visibility for the excluded item.<br/><br/>See [Configure and validate exclusions for Microsoft Defender for Endpoint on Linux](linux-exclusions.md).| 
 | 5. Configure the eBPF-based sensor. | The extended Berkeley Packet Filter (eBPF) for Microsoft Defender for Endpoint on Linux is automatically enabled for all customers by default for agent versions `101.23082.0006` and later. It provides supplementary event data for Linux operating systems and helps reduce the possibility of conflicts between applications. <br/><br/>See [Use eBPF-based sensor for Microsoft Defender for Endpoint on Linux](linux-support-ebpf.md). |

defender-endpoint/microsoft-defender-endpoint-linux.md

@@ -15,7 +15,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: linux
 search.appverid: met150
-ms.date: 03/17/2025
+ms.date: 03/20/2025
 ---
 
 # Microsoft Defender for Endpoint on Linux
@@ -127,11 +127,7 @@ Additionally, they can use live response for a remote shell connection to perfor
 
 Microsoft is committed to providing you with the information and controls you need to make choices about how your data is collected and used when you're using Defender for Endpoint on Linux.
 
-For more information, see [Privacy for Microsoft Defender for Endpoint on Linux](/defender-endpoint/linux-privacy)
-
-## Resources for troubleshooting, diagnostics, and configuration 
-
-If you run into any issues with Defender for Endpoint on Linux, or you just want some tips on configuring capabilities or exclusions, see [Resources](/defender-endpoint/linux-resources)
+For more information, see [Privacy for Microsoft Defender for Endpoint on Linux](/defender-endpoint/linux-privacy).
 
 ## Common applications that Defender for Endpoint impacts 
 

defender-endpoint/schedule-antivirus-scan-in-mde.md renamed to defender-endpoint/schedule-antivirus-scan-anacron.md

@@ -1,5 +1,5 @@
 ---
-title: How to schedule an antivirus scan using Anacron in Microsoft Defender for Endpoint on Linux
+title: Schedule an antivirus scan using Anacron in Microsoft Defender for Endpoint on Linux
 description: Learn how to schedule an antivirus scan in Microsoft Defender for Endpoint on Linux for better protection of your organization's assets.
 ms.service: defender-endpoint
 ms.author: deniseb

defender-xdr/advanced-hunting-deviceevents-table.md

@@ -103,6 +103,8 @@ For information on other tables in the advanced hunting schema, [see the advance
 |`IsProcessRemoteSession` | `bool` | Indicates whether the created process was run under a remote desktop protocol (RDP) session (true) or locally (false) |
 | `ProcessRemoteSessionDeviceName` | `string` | Device name of the remote device from which the created process's RDP session was initiated |
 | `ProcessRemoteSessionIP` | `string` | IP address of the remote device from which the created process's RDP session was initiated |
+| `ProcessUniqueId` | `string` | Unique identifier of the process; this is equal to the Process Start Key in Windows devices |
+| `InitiatingProcessUniqueId` | `string` | Unique identifier of the initiating process; this is equal to the Process Start Key in Windows devices |
 
 
 

defender-xdr/advanced-hunting-devicefileevents-table.md

@@ -96,6 +96,8 @@ For information on other tables in the advanced hunting schema, [see the advance
 | `IsInitiatingProcessRemoteSession` | `bool` |   Indicates whether the initiating process was run under a remote desktop protocol (RDP) session (true) or locally (false) |
 | `InitiatingProcessRemoteSessionDeviceName` | `string` | Device name of the remote device from which the initiating process's RDP session was initiated |
 | `InitiatingProcessRemoteSessionIP` | `string` | IP address of the remote device from which the initiating process's RDP session was initiated |
+| `ProcessUniqueId` | `string` | Unique identifier of the process; this is equal to the Process Start Key in Windows devices |
+| `InitiatingProcessUniqueId` | `string` | Unique identifier of the initiating process; this is equal to the Process Start Key in Windows devices |
 
 
 > [!NOTE]

defender-xdr/advanced-hunting-deviceimageloadevents-table.md

@@ -80,6 +80,8 @@ For information on other tables in the advanced hunting schema, [see the advance
 | `IsInitiatingProcessRemoteSession` | `bool` |   Indicates whether the initiating process was run under a remote desktop protocol (RDP) session (true) or locally (false) |
 | `InitiatingProcessRemoteSessionDeviceName` | `string` | Device name of the remote device from which the initiating process's RDP session was initiated |
 | `InitiatingProcessRemoteSessionIP` | `string` | IP address of the remote device from which the initiating process's RDP session was initiated |
+| `ProcessUniqueId` | `string` | Unique identifier of the process; this is equal to the Process Start Key in Windows devices |
+| `InitiatingProcessUniqueId` | `string` | Unique identifier of the initiating process; this is equal to the Process Start Key in Windows devices |
 
 
 ## Related topics

defender-xdr/advanced-hunting-devicelogonevents-table.md

@@ -89,6 +89,8 @@ For information on other tables in the advanced hunting schema, [see the advance
 | `IsInitiatingProcessRemoteSession` | `bool` |   Indicates whether the initiating process was run under a remote desktop protocol (RDP) session (true) or locally (false) |
 | `InitiatingProcessRemoteSessionDeviceName` | `string` | Device name of the remote device from which the initiating process's RDP session was initiated |
 | `InitiatingProcessRemoteSessionIP` | `string` | IP address of the remote device from which the initiating process's RDP session was initiated |
+| `ProcessUniqueId` | `string` | Unique identifier of the process; this is equal to the Process Start Key in Windows devices |
+| `InitiatingProcessUniqueId` | `string` | Unique identifier of the initiating process; this is equal to the Process Start Key in Windows devices |
 
 
 > [!NOTE]