Merge pull request #4158 from MicrosoftDocs/main

m365-skilling-repo-management[bot] · web-flow · commit eb29962a44da · 2025-06-06T20:33:54.000Z
[AutoPublish] main to live - 06/06 13:31 PDT | 06/07 02:01 IST
diff --git a/defender-endpoint/linux-exclusions.md b/defender-endpoint/linux-exclusions.md
@@ -4,7 +4,7 @@ description: Provide and validate exclusions for Microsoft Defender for Endpoint
 ms.service: defender-endpoint
 ms.author: ewalsh
 author: emmwalshh
-ms.reviewer: gopkr, ardeshmukh
+ms.reviewer: ratujdange, ardeshmukh
 ms.localizationpriority: medium
 manager: deniseb
 audience: ITPro
@@ -15,7 +15,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: linux
 search.appverid: met150
-ms.date: 03/28/2025
+ms.date: 06/06/2025
 ---
 
 # Configure and validate exclusions for Microsoft Defender for Endpoint on Linux
@@ -32,7 +32,7 @@ ms.date: 03/28/2025
 This article provides information on how to define antivirus and global exclusions for Microsoft Defender for Endpoint. Antivirus exclusions apply to on-demand scans, real-time protection (RTP), and behavior monitoring (BM). Global exclusions apply to real-time protection (RTP), behavior monitoring (BM), and endpoint detection and response (EDR), thus stopping all the associated antivirus detections, EDR alerts, and visibility for the excluded item.
 
 > [!IMPORTANT]
-> The antivirus exclusions described in this article apply to only antivirus capabilities and not to endpoint detection and response (EDR). Files that you exclude using the antivirus exclusions described in this article can still trigger EDR alerts and other detections. Global exclusions described in this section apply to antivirus **and** endpoint detection and response capabilities, thus stopping all associated antivirus protection, EDR alerts, and detections. Global exclusions are currently in public preview, and are available in Defender for Endpoint version `101.23092.0012` or later, in the Insiders Slow and Production rings. For EDR exclusions, [contact support](/microsoft-365/admin/get-help-support).
+> The antivirus exclusions described in this article apply to only antivirus capabilities, and not to endpoint detection and response (EDR). Files that you exclude by using the antivirus exclusions described in this article can still result in EDR alerts and other detections. Global exclusions described in this section apply to antivirus and EDR capabilities, thus stopping all associated antivirus protection, EDR alerts, and detections. Global exclusions are available in production for Defender for Endpoint on Linux, version `101.23092.0012` or later. For EDR-only exclusions, [contact support](/microsoft-365/admin/get-help-support).
 
 You can exclude certain files, folders, processes, and process-opened files from Defender for Endpoint on Linux.
 
@@ -87,7 +87,7 @@ Wildcard|Description|Examples|
 
 ## How to configure the list of exclusions
 
-You can configure exclusions using a management Json configuration, Defender for Endpoint security settings management, or the command line.
+You can configure exclusions using a management JSON configuration, Defender for Endpoint security settings management, or the command line.
 
 ### Using the management console
 
@@ -141,7 +141,6 @@ In enterprise environments, exclusions can also be managed through a configurati
 ### Using Defender for Endpoint security settings management
 
 > [!NOTE]
-> This method is currently in private Preview. To enable this feature, please reach out to xplatpreviewsupport@microsoft.com.
 > Make sure to review the prerequisites: [Defender for Endpoint security settings management prerequisites](/mem/intune/protect/mde-security-integration#prerequisites)
 
 You can use the Microsoft Intune admin center or the Microsoft Defender portal to manage exclusions as endpoint security policies and assign those policies to Microsoft Entra ID groups. If you're using this method for the first time, make sure to complete the following steps:
diff --git a/defender-endpoint/linux-whatsnew.md b/defender-endpoint/linux-whatsnew.md
@@ -6,7 +6,7 @@ ms.author: ewalsh
 author: emmwalshh
 ms.reviewer: kumasumit, gopkr; mevasude
 ms.localizationpriority: medium
-ms.date: 06/03/2025
+ms.date: 06/06/2025
 manager: deniseb
 audience: ITPro
 ms.collection:
@@ -43,6 +43,20 @@ This article is updated frequently to let you know what's new in the latest rele
 
 ## Releases for Defender for Endpoint on Linux
 
+### June-2025 Build: 101.25042.0002 | Release version: 30.125042.0002.0
+
+|Build:             |**101.25042.0002**    |
+|-------------------|----------------------|
+|Released:          |**June 4, 2025**      |
+|Published:         |**June 4, 2025**      |
+|Release version:   |**30.125042.0002.0**  |
+|Engine version:    |**1.1.25020.4000**    |
+|Signature version: |**1.427.370.0**       |
+
+What's new
+
+- Removed external dependency of uuid-runtime from MDE package
+
 ### May-2025 Build: 101.25032.0010 | Release version: 30.125032.0010.0
 
 |Build:             |**101.25032.0010**    |
@@ -61,7 +75,6 @@ What's new
   
 - Added detection mechanism for CVE-2025-31324 affecting the "Visual Composer" component of the SAP NetWeaver application server.
   
-- Updated Engine Version 1.1.25020.3000/Sigs Version 1.421.1866.0
 
 ### April-2025 Build: 101.25022.0002 | Release version: 30.125022.0001.0
 
diff --git a/defender-endpoint/mac-health-status.md b/defender-endpoint/mac-health-status.md
@@ -10,7 +10,7 @@ audience: ITPro
 ms.service: defender-endpoint
 ms.subservice: macos
 ms.topic: troubleshooting-general
-ms.date: 04/16/2025
+ms.date: 06/06/2025
 ms.collection: 
 - m365-security
 - tier3
@@ -78,6 +78,8 @@ mdatp health --details edr
 
 mdatp health --details definitions
 
+mdatp health --details features
+
 mdatp health --details help
 
 ```
diff --git a/defender-endpoint/web-content-filtering.md b/defender-endpoint/web-content-filtering.md
@@ -6,7 +6,7 @@ ms.author: deniseb
 author: denisebmsft
 ms.reviewer: ericlaw
 ms.localizationpriority: medium
-ms.date: 02/18/2025
+ms.date: 06/06/2025
 manager: deniseb
 audience: ITPro
 ms.collection:
@@ -30,7 +30,6 @@ search.appverid: met150
 > [!TIP]
 > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://go.microsoft.com/fwlink/p/?linkid=2225630)
 
-
 ## What is web content filtering?
 
 Web content filtering is part of the [Web protection](web-protection-overview.md) capabilities in Microsoft Defender for Endpoint and Microsoft Defender for Business. Web content filtering enables your organization to track and regulate access to websites based on their content categories. Many of these websites (even if they're not malicious) might be problematic because of compliance regulations, bandwidth usage, or other concerns.
@@ -104,7 +103,7 @@ Policies can be deployed to block any of the following parent or child categorie
 | **Uncategorized** | - **Newly registered domains**: Sites that are newly registered in the past 30 days and haven't yet been moved to another category.<br/><br/>- **Parked domains**: Sites that have no content or are parked for later use. |
 
 > [!NOTE]
-> Uncategorized contains only newly registered domains and parked domains, and does not include all other sites outside of these categories.
+> Uncategorized contains only newly registered domains and parked domains, and does not include all other sites outside of these categories. *Remote proxy sites* are categorized as *Illegal Software*. This classification is based on their inherent ability to route traffic to any destination, which can include access to unwanted, malicious, or illegal content. As with any other blocked site, an organization can choose to use an "allow" indicator to allow access to a site that would otherwise be blocked based on its Web Content Filtering category.
 
 ### Create a policy
 
@@ -151,11 +150,11 @@ To define a custom indicator, follow these steps:
 
 ### Dispute categories
 
-If you encounter a domain that has been incorrectly categorized, you can dispute the category directly from the Microsoft Defender portal.
+If you encounter a domain that has been incorrectly categorized, you can dispute the category directly in the Microsoft Defender portal.
 
 To dispute the category of a domain, navigate to **Reports** \> **Web protection** \> **Web content filtering categories details** \> **Domains**. On the domains tab of the Web Content Filtering reports, find the ellipsis beside each of the domains. Hover over the ellipsis and then select **Dispute Category**.
 
-A panel opens where you can select the priority and add more details such as the suggested category for recategorization. Once you complete the form, select **Submit**. Our team will review the request within one business day. For manual unblocking, create a [custom allow indicator](indicator-ip-domain.md) .
+A panel opens where you can select the priority and add more details such as the suggested category for recategorization. Once you complete the form, select **Submit**. Our team will review the request within one business day. For manual unblocking, create a [custom allow indicator](indicator-ip-domain.md).
 
 ## Web content filtering cards and details
 
@@ -169,7 +168,7 @@ In the first 30 days of using this feature, your organization might not have eno
 
 :::image type="content" source="media/web-activity-by-category600.png" alt-text="The web activity by category card" lightbox="media/web-activity-by-category600.png":::
 
-### Web content filtering  summary card
+### Web content filtering summary card
 
 This card displays the distribution of blocked access attempts across the different parent web content categories. Select one of the colored bars to view more information about a specific parent web category.
 
@@ -188,9 +187,7 @@ You can access the **Report details** for each card by selecting a table row or
 :::image type="content" source="media/web-protection-report-details.png" alt-text="The web protection report details" lightbox="media/web-protection-report-details.png":::
 
 - **Web categories**: Lists the web content categories that have had access attempts in your organization. Select a specific category to open a summary flyout.
-
 - **Domains**: Lists the web domains that have been accessed or blocked in your organization.
-
 - **Device groups**: Lists all the device groups that have generated web activity in your organization
 
 Use the time range filter at the top left of the page to select a time period. You can also filter the information or customize the columns. Select a row to open a flyout pane with even more information about the selected item.
diff --git a/defender-office-365/TOC.yml b/defender-office-365/TOC.yml
@@ -490,6 +490,8 @@
        href: mdo-data-retention.md
      - name: Privacy in Defender for Office 365
        href: mdo-privacy.md
+     - name: Defender for Office 365 API Vendor Ecosystem integration guide
+       href: mdo-api-vendor-ecosystem.md
      - name: External email senders - Microsoft 365 resources
        items:
        - name: Microsoft 365 services for external email senders
diff --git a/defender-office-365/mdo-api-vendor-ecosystem.md b/defender-office-365/mdo-api-vendor-ecosystem.md
diff --git a/unified-secops-platform/hunting-overview.md b/unified-secops-platform/hunting-overview.md
