Merge branch 'main' into v-mathavale-9153480

Author: denisebmsft

defender-endpoint/enable-controlled-folders.md

@@ -15,7 +15,7 @@ ms.collection:
 - tier3
 - mde-asr
 search.appverid: met150
-ms.date: 06/11/2024
+ms.date: 07/17/2024
 ---
 
 # Enable controlled folder access
@@ -47,10 +47,10 @@ You can enable controlled folder access by using any of these methods:
 > [!TIP]
 > Try using [audit mode](evaluate-controlled-folder-access.md) at first so you can see how the feature works and review events without impacting normal device usage in your organization.
 
-Group Policy settings that disable local administrator list merging will override controlled folder access settings. They also override protected folders and allowed apps set by the local administrator through controlled folder access. These policies include:
-
-- Microsoft Defender Antivirus **Configure local administrator merge behavior for lists**
-- System Center Endpoint Protection **Allow users to add exclusions and overrides**
+> [!NOTE]
+> If you add Microsoft Defender Antivirus exclusions (process or path) for the binary in question, controlled folder access trusts it, and doesn't block the process or path. Group Policy settings that disable local administrator list merging override controlled folder access settings. They also override protected folders and allowed apps set by the local administrator through controlled folder access. These policies include:
+> - Microsoft Defender Antivirus **Configure local administrator merge behavior for lists**
+> - System Center Endpoint Protection **Allow users to add exclusions and overrides**
 
 For more information about disabling local list merging, see [Prevent or allow users to locally modify Microsoft Defender Antivirus policy settings](/windows/security/threat-protection/microsoft-defender-antivirus/configure-local-policy-overrides-microsoft-defender-antivirus).
 

defender-endpoint/ios-configure-features.md

@@ -116,8 +116,7 @@ All our updates contain
 - Fixed potentially packet loss due to [network protection](network-protection.md) shutdown that could lead to deadlock.
 - Implemented performance improvements for scenarios where WDAC is enabled with Intelligent Security Graph.
 - Fixed an issue where an Outlook exclusion for the ASR rule [Block Office applications from injecting code into other processes](/defender-endpoint/attack-surface-reduction-rules-reference#block-office-applications-from-injecting-code-into-other-processes) was not honored.
-- Fixed a race condition during the startup of [endpoint data loss prevention](/purview/endpoint-dlp-getting-started), such that in certain environments, some system files could be corrupted.
-
+- Fixed a race condition during the startup of [endpoint data loss prevention](/purview/endpoint-dlp-getting-started) such that, in certain environments, some system files could be corrupted.
 
 ### May-2024 (Engine: 1.1.24050.5 | Platform: 4.18.24050.7)
 

defender-endpoint/microsoft-defender-antivirus-updates.md

@@ -15,7 +15,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: linux
 search.appverid: met150
-ms.date: 07/11/2024
+ms.date: 07/17/2024
 ---
 
 # Microsoft Defender for Endpoint on Linux
@@ -89,8 +89,6 @@ In general you need to take the following steps:
   - Ubuntu 18.04 LTS
   - Ubuntu 20.04 LTS
   - Ubuntu 22.04 LTS
-  - Ubuntu 24.04 LTS
-    
   - Debian 9 - 12
   - SUSE Linux Enterprise Server 12 or higher
   - SUSE Linux Enterprise Server 15 or higher

defender-endpoint/microsoft-defender-endpoint-linux.md

@@ -6,7 +6,7 @@ ms.author: siosulli
 author: siosulli
 ms.reviewer: pahuijbr
 ms.localizationpriority: medium
-ms.date: 05/01/2024
+ms.date: 07/17/2024
 manager: deniseb
 audience: ITPro
 ms.collection: 
@@ -67,9 +67,13 @@ Devices on your network must be running one of these editions. New features or c
 
 ### Supported Windows versions
 
+> [!IMPORTANT]
+> Windows 11 Home devices that have been upgraded to one of the below supported editions might require you to run the following command before onboarding: 
+> `DISM /online /Add-Capability /CapabilityName:Microsoft.Windows.Sense.Client~~~~`. 
+> For more information about edition upgrades and features, see [Features](/windows-hardware/manufacture/desktop/windows-features?view=windows-11&preserve-view=true))
+
 - Windows 11 Enterprise
 - Windows 11 IoT Enterprise
-
 - Windows 11 Education
 - Windows 11 Pro
 - Windows 11 Pro Education

defender-endpoint/minimum-requirements.md

@@ -13,7 +13,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: onboard
 search.appverid: met150
-ms.date: 07/11/2024
+ms.date: 07/17/2024
 ---
 
 # Supported Microsoft Defender for Endpoint capabilities by platform
@@ -38,15 +38,15 @@ The following table gives information about the supported Microsoft Defender for
 |[Attack Surface Reduction](attack-surface-reduction.md)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![No](media/svg/check-no.svg)|![No](media/svg/check-no.svg)|
 |Device Control|![Yes.](media/svg/check-yes.svg)|![No](media/svg/check-no.svg)|![Yes.](media/svg/check-yes.svg)|![No](media/svg/check-no.svg)|
 |[Firewall](host-firewall-reporting.md)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![No](media/svg/check-no.svg)|![No](media/svg/check-no.svg)|
-|[Network Protection](network-protection.md)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg) <sup>[2]</sup>|![Yes.](media/svg/check-yes.svg) <sup>[2]</sup>|
+|[Network Protection](network-protection.md)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg) <sup>[2]</sup>|
 |[Next-generation protection](next-generation-protection.md)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|
 |[Tamper Protection](prevent-changes-to-security-settings-with-tamper-protection.md)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![No](media/svg/check-no.svg)|
-|[Web Protection](web-protection-overview.md)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg) <sup>[2]</sup>|![Yes.](media/svg/check-yes.svg) <sup>[2]</sup>|
+|[Web Protection](web-protection-overview.md)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg) <sup>[2]</sup>|
 ||||||
 |**Detection**|||||
 |[Advanced Hunting](/defender-xdr/advanced-hunting-overview)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|
 |[Custom file indicators](indicator-file.md)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|
-|[Custom network indicators](indicator-ip-domain.md)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg) <sup>[2]</sup>|![Yes.](media/svg/check-yes.svg) <sup>[2]</sup>|
+|[Custom network indicators](indicator-ip-domain.md)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg) <sup>[2]</sup>|
 |[EDR Block](edr-in-block-mode.md)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![No](media/svg/check-no.svg)|![No](media/svg/check-no.svg)|
 |[Passive Mode](microsoft-defender-antivirus-compatibility.md)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|
 |Sense detection sensor|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|![Yes.](media/svg/check-yes.svg)|

defender-endpoint/supported-capabilities-by-platform.md

@@ -13,7 +13,7 @@ ms.collection:
 ms.topic: troubleshooting
 ms.subservice: onboard
 search.appverid: met150
-ms.date: 12/18/2020
+ms.date: 07/18/2024
 ---
 
 # Troubleshoot subscription and portal access issues
@@ -76,7 +76,7 @@ You'll need to allow the `security.windows.com` and all subdomains under it on y
 
 ## Portal communication issues
 
-If you encounter issues with accessing the portal, missing data, or restricted access to portions of the portal, you'll need to verify that the following URLs are allowed and open for communication.
+If you encounter issues with accessing the portal, missing data, or restricted access to portions of the portal, you'll need to verify that the following URLs are accessible through the browser for authorized users:
 
 - `*.blob.core.windows.net`
 - `crl.microsoft.com`

defender-endpoint/troubleshoot-onboarding-error-messages.md

@@ -24,7 +24,7 @@ Learn how to [discover and manage your IoT/OT devices](manage-devices-inventory.
 ## Device inventory: initial view
 
 If you don't yet have a Defender for IoT license, the **Device inventory** page detects your OT devices and lists them with regular device data, but without security data. For example, the device name, IP, and category are visible, while the risk level isn't visible. The device inventory also displays a note at the top of the page that indicates the number of unprotected OT devices.
- 
+
 In this case, [onboard Defender for IoT](get-started.md) to get security value for your OT devices.
 
 If you're seeing the message that indicates the number of unprotected OT devices, and you've already set up Defender for IoT, [set up a site](set-up-sites.md) and associate the relevant devices with it.
@@ -41,29 +41,29 @@ Learn more about the [device inventory in Microsoft Defender for Endpoint](/defe
 
 The key device discovery capabilities are:
 
-|Capability  |Description  |
-|---------|---------|
-|OT device management     |[Manage OT devices](manage-devices-inventory.md):<br>- Build an up-to-date inventory that includes all your managed and unmanaged devices.<br>- Classify critical devices to ensure that the most important assets in your organization are protected.​<br>- Add organization-specific information to emphasize your organization preferences. |
-|Device protection with risk-based approach  |Identify risks such as missing patches, vulnerabilities and prioritize fixes based on risk scoring and automated threat modeling. |
-|Device alignment with physical sites     |Allows contextual security monitoring. Use the **Site** filter to manage each site separately. Learn more about [filters](/defender-endpoint/machines-view-overview#use-filters-to-customize-the-device-inventory-views). |
-|Device groups     |Allows different teams in your organization to monitor and manage relevant assets only.​ Learn more about [creating a device group](/defender-endpoint/machine-groups#create-a-device-group).  |
-|Device criticality     |Reflects how critical a device is for your organization and allows you to identify a device as a business critical asset. Learn more about [device criticality](/defender-endpoint/machines-view-overview#device-inventory-overview). |
+|Capability|Description|
+|---|---|
+|OT device management|[Manage OT devices](manage-devices-inventory.md):<br>- Build an up-to-date inventory that includes all your managed and unmanaged devices.<br>- Classify critical devices to ensure that the most important assets in your organization are protected.<br>- Add organization-specific information to emphasize your organization preferences.|
+|Device protection with risk-based approach|Identify risks such as missing patches, vulnerabilities and prioritize fixes based on risk scoring and automated threat modeling.|
+|Device alignment with physical sites|Allows contextual security monitoring. Use the **Site** filter to manage each site separately. Learn more about [filters](/defender-endpoint/machines-view-overview#use-filters-to-customize-the-device-inventory-views).|
+|Device groups|Allows different teams in your organization to monitor and manage relevant assets only. Learn more about [creating a device group](/defender-endpoint/machine-groups#create-a-device-group).|
+|Device criticality|Reflects how critical a device is for your organization and allows you to identify a device as a business critical asset. Learn more about [device criticality](/defender-endpoint/machines-view-overview#device-inventory-overview).|
 
 ## Supported devices
 
 Defender for IoT's device inventory supports the following device classes:
 
-|Devices  |Example |
-|---------|---------|
-|**Manufacturing**| Industrial and operational devices, such as pneumatic devices,  packaging systems, industrial packaging systems, industrial robots        |
-|**Building**     | Access panels,  surveillance devices, HVAC systems, elevators, smart lighting systems    |
-|**Health care**     |  Glucose meters, monitors       |
-|**Transportation / Utilities**     |  Turnstiles, people counters, motion sensors, fire and safety systems, intercoms       |
-|**Energy and resources**     |  DCS controllers, PLCs, historian devices, HMIs      |
-|**Endpoint devices**     |  Workstations, servers, or mobile devices        |
-| **Enterprise** | Smart devices, printers,  communication devices, or audio/video devices |
-| **Retail** | Barcode scanners, humidity sensor, punch clocks | 
+|Devices|Example|
+|---|---|
+|**Manufacturing**|Industrial and operational devices, such as pneumatic devices,  packaging systems, industrial packaging systems, industrial robots|
+|**Building**|Access panels,  surveillance devices, HVAC systems, elevators, smart lighting systems|
+|**Health care**|Glucose meters, monitors|
+|**Transportation / Utilities**|Turnstiles, people counters, motion sensors, fire and safety systems, intercoms|
+|**Energy and resources**|DCS controllers, PLCs, historian devices, HMIs|
+|**Endpoint devices**|Workstations, servers, or mobile devices|
+|**Enterprise**|Smart devices, printers,  communication devices, or audio/video devices|
+|**Retail**|Barcode scanners, humidity sensor, punch clocks|
 
 ## Next steps
 
-[Discover and manage devices](manage-devices-inventory.md)
+[Discover and manage devices](manage-devices-inventory.md)

defender-for-iot/device-discovery.md

@@ -22,18 +22,18 @@ In this article, you learn how Microsoft Defender customers can extend their pro
 
 You can work with these different flavors of Defender for IoT:
 
-|Flavor  |Details  |Next steps  |
-|---------|---------|---------|
-|Defender for IoT in the Defender portal (Preview)  |Microsoft Defender customers can use this flavor for a unified IT/OT experience, extending Defender XDR protection to OT environments. [Learn about the main use cases](#what-are-the-main-defender-for-iot-use-cases).  |[Get started](get-started.md) with Defender for IoT in the Defender portal. |
-|Defender for IoT in the classic, Azure portal    |All customers can use this flavor to identify OT devices, vulnerabilities, and threats in the Azure portal.  |See the [Defender for IoT on Azure overview](/azure/defender-for-iot/organizations/overview).         |
-|Protection for enterprise IoT devices     |Microsoft Defender customers can enable protection for enterprise IoT devices, like printers, smart TVs, and conferencing systems and purpose-built, proprietary devices. |[Get started](/azure/defender-for-iot/organizations/eiot-sensor) with enterprise IoT monitoring.         |
+|Flavor|Details|Next steps|
+|---|---|---|
+|Defender for IoT in the Defender portal (Preview)|Microsoft Defender customers can use this flavor for a unified IT/OT experience, extending Defender XDR protection to OT environments. [Learn about the main use cases](#what-are-the-main-defender-for-iot-use-cases).|[Get started](get-started.md) with Defender for IoT in the Defender portal.|
+|Defender for IoT in the classic, Azure portal|All customers can use this flavor to identify OT devices, vulnerabilities, and threats in the Azure portal.|See the [Defender for IoT on Azure overview](/azure/defender-for-iot/organizations/overview).|
+|Protection for enterprise IoT devices|Microsoft Defender customers can enable protection for enterprise IoT devices, like printers, smart TVs, and conferencing systems and purpose-built, proprietary devices.|[Get started](/azure/defender-for-iot/organizations/eiot-sensor) with enterprise IoT monitoring.|
 
 ## Who uses Defender for IoT?
 
 Defender for IoT is intended for:
 
 - **CISOs** or security leaders that want to gain an overview of their organization's OT network and security.
-- **OT security admins, industrial engineers, risk managers, and SOC analysts​** that want to gain a high-level view of a site's risks, incidents, and vulnerabilities, get recommendations for remediation actions, manage and discover protected OT devices, and more.
+- **OT security admins, industrial engineers, risk managers, and SOC analysts** that want to gain a high-level view of a site's risks, incidents, and vulnerabilities, get recommendations for remediation actions, manage and discover protected OT devices, and more.
 
 ## What are the main OT security challenges?
 
@@ -51,13 +51,13 @@ Defender for IoT in the Defender portal uses the following combination of techno
 
 ## What are the main Defender for IoT use cases?
 
-|Use case  |Capabilities  |
-|---------|---------|
-|**[Discover OT devices](manage-devices-inventory.md)**     |Gather OT network data from Microsoft Defender for Endpoint; identify and  manage OT devices.  |
-|**[Get an overview of your productions sites (site security)](site-security-overview.md)** |Get an overview of your production sites to gain insights into OT risks, make better-informed security investment decisions​, and streamline communication between stakeholders. |
-|**[Prioritize and remediate vulnerabilities](prioritize-vulnerabilities.md)**     |Proactively manage OT network risks based on vulnerability details and recommended remediation advice.  |
-|**[Analyze incidents](investigate-threats.md) and respond to threats**     |Review incidents and alerts with real-time details about events logged in your OT network and take recommended remediation actions. |
-|**Extend Microsoft Defender XDR**     |Microsoft Defender XDR and Defender for IoT form a unified pre- and post-breach enterprise defense suite. This suite natively integrates across endpoint, IoT/OT, identity, email, and applications to detect, prevent, investigate, and automatically respond to sophisticated attacks. |
+|Use case|Capabilities|
+|---|---|
+|**[Discover OT devices](manage-devices-inventory.md)**|Gather OT network data from Microsoft Defender for Endpoint; identify and  manage OT devices.|
+|**[Get an overview of your productions sites (site security)](site-security-overview.md)**|Get an overview of your production sites to gain insights into OT risks, make better-informed security investment decisions, and streamline communication between stakeholders.|
+|**[Prioritize and remediate vulnerabilities](prioritize-vulnerabilities.md)**|Proactively manage OT network risks based on vulnerability details and recommended remediation advice.|
+|**[Analyze incidents](investigate-threats.md) and respond to threats**|Review incidents and alerts with real-time details about events logged in your OT network and take recommended remediation actions.|
+|**Extend Microsoft Defender XDR**|Microsoft Defender XDR and Defender for IoT form a unified pre- and post-breach enterprise defense suite. This suite natively integrates across endpoint, IoT/OT, identity, email, and applications to detect, prevent, investigate, and automatically respond to sophisticated attacks.|
 
 ## Next steps