Merge branch 'public' into patch-2

Author: denisebmsft

defender-endpoint/api/get-all-vulnerabilities.md

@@ -94,21 +94,22 @@ Here is an example of the response.
     "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Vulnerabilities",
     "value": [
         {
-            "id": "CVE-2019-0608",
-            "name": "CVE-2019-0608",
-            "description": "A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could impersonate a user request by crafting HTTP queries. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.To exploit the vulnerability, the user must click a specially crafted URL. In an email attack scenario, an attacker could send an email message containing the specially crafted URL to the user in an attempt to convince the user to click it.In a web-based attack scenario, an attacker could host a specially crafted website designed to appear as a legitimate website to the user. However, the attacker would have no way to force the user to visit the specially crafted website. The attacker would have to convince the user to visit the specially crafted website, typically by way of enticement in an email or instant message, and then convince the user to interact with content on the website.The update addresses the vulnerability by correcting how Microsoft Browsers parses HTTP responses.",
-            "severity": "Medium",
-            "cvssV3": 4.3,
+            "id": "CVE-2024-7256",
+            "name": "CVE-2024-7256",
+            "description": "Summary: Google Chrome is vulnerable to a security bypass due to insufficient data validation in Dawn. An attacker can exploit this vulnerability by tricking a user into visiting a malicious website, allowing them to bypass security restrictions. Impact: If successfully exploited, this vulnerability could allow a remote attacker to bypass security restrictions in Google Chrome. Remediation: Apply the latest patches and updates provided by the respective vendors. Generated by AI",
+            "severity": "High",
+            "cvssV3": 8,
             "cvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
-            "exposedMachines": 4,
-            "publishedOn": "2019-10-08T00:00:00Z",
-            "updatedOn": "2019-12-16T16:20:00Z",
+            "exposedMachines": 23,
+            "publishedOn": "2024-07-30T00:00:00Z",
+            "updatedOn": "2024-07-31T00:00:00Z",
+            "firstDetected": "2024-07-31T01:55:47Z",
             "publicExploit": false,
             "exploitVerified": false,
             "exploitInKit": false,
             "exploitTypes": [],
             "exploitUris": [],
-            "CveSupportability": "supported",
+            "cveSupportability": "Supported",
             "tags": [],
             "epss": 0.632
         }

defender-endpoint/endpoint-attack-notifications.md

@@ -14,7 +14,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: edr
 search.appverid: met150
-ms.date: 09/23/2022
+ms.date: 08/15/2024
 ---
 
 # Endpoint Attack Notifications
@@ -31,7 +31,7 @@ ms.date: 09/23/2022
 > This covers threat hunting on your Microsoft Defender for Endpoint service. However, if you're interested to explore the service beyond your current license, and proactively hunt threats not just on endpoints but also across Office 365, cloud applications, and identity, refer to [Microsoft Defender Experts for Hunting](/defender-xdr/defender-experts-for-hunting).
 
 > [!NOTE]
-> Customers who signed up for Experts on Demand prior to sunset will have access to Ask Defender Experts until the expiration of their current contract.
+> The intake of new customers to the Endpoint Attack Notifications service is currently on pause. For customers interested in a managed service, sign up the [Defender Experts service request form](https://aka.ms/IWantDefenderExperts).
 
 Endpoint Attack Notifications (previously referred to as Microsoft Threat Experts - Targeted Attack Notification) provides proactive hunting for the most important threats to your network, including human adversary intrusions, hands-on-keyboard attacks, or advanced attacks like cyber-espionage. These notifications show up as a new alert. The managed hunting service includes:
 

defender-endpoint/manage-tamper-protection-intune.md

@@ -5,7 +5,7 @@ manager: deniseb
 description: Turn tamper protection on or off for your organization in Microsoft Intune.
 ms.service: defender-endpoint
 ms.localizationpriority: medium
-ms.date: 07/25/2024
+ms.date: 08/15/2024
 audience: ITPro
 ms.topic: how-to
 author: siosulli
@@ -43,8 +43,11 @@ Tamper protection helps protect certain [security settings](prevent-changes-to-s
 > If you're using Microsoft Intune to manage Defender for Endpoint settings, make sure to set [DisableLocalAdminMerge](/windows/client-management/mdm/defender-csp#configurationdisablelocaladminmerge) to true on devices.
 >
 > When tamper protection is turned on, [tamper-protected settings](prevent-changes-to-security-settings-with-tamper-protection.md#what-happens-when-tamper-protection-is-turned-on) cannot be changed. To avoid breaking management experiences, including Intune (and [Configuration Manager](manage-tamper-protection-configuration-manager.md)), keep in mind that changes to tamper-protected settings might appear to succeed but are actually blocked by tamper protection. Depending on your particular scenario, you have several options available: 
+>
 > - If you must make changes to a device and those changes are blocked by tamper protection, we recommend using [troubleshooting mode](enable-troubleshooting-mode.md) to temporarily disable tamper protection on the device. Note that after troubleshooting mode ends, any changes made to tamper-protected settings are reverted to their configured state.
+>
 > - You can use Intune or [Configuration Manager](manage-tamper-protection-configuration-manager.md) to exclude devices from tamper protection. 
+>
 > - If you're managing tamper protection through Intune, you can change [tamper-protected antivirus exclusions](#tamper-protection-for-antivirus-exclusions).
 
 ## Requirements for managing tamper protection in Intune
@@ -68,7 +71,7 @@ Tamper protection helps protect certain [security settings](prevent-changes-to-s
 
 :::image type="content" source="media/turnontamperprotectinmem.png" alt-text="Turn tamper protection turned on with Intune" lightbox="media/turnontamperprotectinmem.png":::
 
-1. In the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Endpoint security** \> **Antivirus**, and then choose **+ Create Policy**.
+1. In the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Endpoint security** > **Antivirus**, and then choose **+ Create Policy**.
 
    - In the **Platform** list, select **Windows 10, Windows 11, and Windows Server**.
    - In the **Profile** list, select **Windows Security experience**.
@@ -88,12 +91,14 @@ If your organization has [exclusions defined for Microsoft Defender Antivirus](c
 | Condition | Criteria |
 |---|---|
 | Microsoft Defender platform | Devices are running Microsoft Defender platform `4.18.2211.5` or later. For more information, see [Monthly platform and engine versions](microsoft-defender-antivirus-updates.md#monthly-platform-and-engine-versions). |
-| `DisableLocalAdminMerge` setting | This setting is also known as preventing local list merging. `DisableLocalAdminMerge` is enabled so that settings configured on a device aren't merged with organization policies, such as settings in Intune. For more information, see [DisableLocalAdminMerge](/windows/client-management/mdm/defender-csp). |
+| `DisableLocalAdminMerge` setting | This setting is also known as preventing local list merging. `DisableLocalAdminMerge` must be enabled so that settings configured on a device aren't merged with organization policies, such as settings in Intune. For more information, see [DisableLocalAdminMerge](/windows/client-management/mdm/defender-csp). |
 | Device management | Devices are either managed in Intune only, or are managed with Configuration Manager only. Sense must be enabled. |
-| Antivirus exclusions | Microsoft Defender Antivirus exclusions are managed in Microsoft Intune. For more information, see [Settings for Microsoft Defender Antivirus policy in Microsoft Intune for Windows devices](/mem/intune/protect/antivirus-microsoft-defender-settings-windows). <br/><br/>Functionality to protect Microsoft Defender Antivirus exclusions is enabled on devices. For more information, see [How to determine whether antivirus exclusions are tamper protected on a Windows device](#how-to-determine-whether-antivirus-exclusions-are-tamper-protected-on-a-windows-device). |
+| Antivirus exclusions | Microsoft Defender Antivirus exclusions are managed in Microsoft Intune or Configuration Manager. For more information, see [Settings for Microsoft Defender Antivirus policy in Microsoft Intune for Windows devices](/mem/intune/protect/antivirus-microsoft-defender-settings-windows). <br/><br/>Functionality to protect Microsoft Defender Antivirus exclusions is enabled on devices. For more information, see [How to determine whether antivirus exclusions are tamper protected on a Windows device](#how-to-determine-whether-antivirus-exclusions-are-tamper-protected-on-a-windows-device). |
+
+> [!NOTE]
+> For example, when Configuration Manager is used solely to manage exclusions and the required conditions are met, exclusions from Configuration Manager are tamper protected. In this case, there is no need to push antivirus exclusions using Microsoft Intune.
 
-> [!TIP]
-> For more detailed information about Microsoft Defender Antivirus exclusions, see [Exclusions for Microsoft Defender for Endpoint and Microsoft Defender Antivirus](defender-endpoint-antivirus-exclusions.md).
+For more detailed information about Microsoft Defender Antivirus exclusions, see [Exclusions for Microsoft Defender for Endpoint and Microsoft Defender Antivirus](defender-endpoint-antivirus-exclusions.md).
 
 ## How to determine whether antivirus exclusions are tamper protected on a Windows device