Merge pull request #4863 from MicrosoftDocs/main

[AutoPublish] main to live - 08/28 10:30 PDT | 08/28 23:00 IST

Author: m365-skilling-repo-management[bot]

defender-endpoint/mac-whatsnew.md

@@ -74,6 +74,22 @@ This feature enables organizations to configure offline updates for security int
 
 Behavior monitoring monitors process behavior to detect and analyze potential threats based on the behavior of the applications, daemons, and files within the system. As behavior monitoring observes how the software behaves in real-time, it can adapt quickly to new and evolving threats and block them. To learn more, see [Behavior Monitoring in Microsoft Defender for Endpoint on macOS](behavior-monitor-macos.md) and [Behavior Monitoring GA announcement blog](https://techcommunity.microsoft.com/blog/microsoftdefenderatpblog/behavior-monitoring-is-now-generally-available-for-microsoft-defender-for-endpoi/4415697)
 
+### Sep-2025 (Build: 101.25072.0011  | Release version: 20.125072.11.0)
+
+| Build:             | **101.25072.0011**         |
+|--------------------|-----------------------|
+| Release version:   | **20.125072.11.0** |
+| Engine version:    | **1.1.25060.3000**       |
+| Signature version: | **1.429.309.0**      |
+
+##### What's new
+
+- Enhanced malware detection timing and archive scanning improvements
+- Improved diagnostic capabilities and error reporting
+- Performance and diagnostic improvements for endpoint Data Loss Prevention (DLP)
+
+- Bug fixes
+
 ### Aug-2025 (Build: 101.25062.0006  | Release version: 20.125062.6.0)
 
 | Build:             | **101.25062.0006**   |

defender-office-365/threat-explorer-real-time-detections-about.md

@@ -7,7 +7,7 @@ ms.author: chrisda
 manager: orspodek
 audience: ITPro
 ms.topic: concept-article
-ms.date: 06/19/2025
+ms.date: 08/28/2025
 ms.localizationpriority: medium
 ms.collection:
   - m365-security
@@ -82,6 +82,8 @@ To use Explorer or Real-time detections, you need to be assigned permissions. Yo
 > End-user spam notifications and system generated messages aren't available in Threat Explorer. These types of messages are available if there's a mail flow rule (also known as a transport rule) to override.
 >
 > Audit log entries are generated when admins preview or download email messages. You can search the admin audit log by user for **AdminMailAccess** activity. For instructions, see [Audit New Search](/purview/audit-new-search).
+>
+> Email delivered to moderated mailboxes or moderated distribution groups is visible in Threat Explorer. But moderator actions (for example, approve or reject messages) and messages released by a moderator to members of a distribution group aren't logged and aren't shown in Threat Explorer.
 
 To use Threat Explorer or Real-time detections, you need to be assigned a license for Defender for Office 365 (included in your subscription or an add-on license).