Merge branch 'main' into docs-editor/indicator-certificates-1722278144

Author: denisebmsft

defender-endpoint/controlled-folders.md

@@ -3,7 +3,7 @@ title: Protect important folders from ransomware from encrypting your files with
 description: Files in default folders can be protected from being changed by malicious apps. Prevent ransomware from encrypting your files.
 ms.service: defender-endpoint
 ms.localizationpriority: medium
-ms.date: 03/05/2024
+ms.date: 07/30/2024
 author: siosulli
 ms.author: siosulli
 audience: ITPro
@@ -112,7 +112,7 @@ You can query Microsoft Defender for Endpoint data by using [Advanced hunting](/
 
 Example query:
 
-```PowerShell
+```
 DeviceEvents
 | where ActionType in ('ControlledFolderAccessViolationAudited','ControlledFolderAccessViolationBlocked')
 ```

defender-endpoint/linux-whatsnew.md

@@ -32,6 +32,33 @@ This article is updated frequently to let you know what's new in the latest rele
 
 - [What's new in Defender for Endpoint on macOS](mac-whatsnew.md)
 - [What's new in Defender for Endpoint on iOS](ios-whatsnew.md)
+
+<details>
+<summary> July-2024 (Build: 101.24062.0001 | Release version: 30.124062.0001.0)</summary>
+
+## July-2024 Build: 101.24062.0001 | Release version: 30.124062.0001.0
+
+&ensp;Released: **July 31, 2024**<br/>
+&ensp;Published: **July 31, 2024**<br/>
+&ensp;Build: **101.24062.0001**<br/>
+&ensp;Release version: **30.124062.0001.0**<br/>
+&ensp;Engine version: **1.1.24050.7**<br/>
+&ensp;Signature version: **1.411.410.0**<br/>
+
+**What's new**
+
+There are multiple fixes and new changes in this release.
+
+- Fixes bug in which infected command-line threat information was not showing correctly in security portal.
+- Fixes a memory leak issue in kernel space due to ebpf maps and progs not getting closed/unloaded whenever ebpf sensor is reloaded. Impacts kernels 3.10x and <= 4.16x.
+- Fixes a bug where disabling a preview feature required a Defender of Endpoint to disable it.
+- Global Exclusions feature using managed JSON is now in Public Preview. available in insiders slow from 101.23092.0012. For more information, see [linux-exclusions](linux-exclusions.md).
+- Updated the Linux default engine version to 1.1.24050.7 and default sigs Version to 1.411.410.0.
+- Stability and performance improvements.
+- Other bug fixes.
+
+</details>
+
 <details>
 <summary> June-2024 (Build: 101.24052.0002 | Release version: 30.24052.0002.0)</summary>
 
@@ -1430,4 +1457,4 @@ As an alternative approach, follow the instructions to [uninstall](linux-resourc
 
    </details>
 
-</details><!--This </details> closes "2021 releases"-->
+</details><!--This </details> closes "2021 releases"-->

defender-vulnerability-management/fixed-reported-inaccuracies.md

@@ -37,6 +37,16 @@ The following tables present the relevant vulnerability information organized by
 | Inaccuracy report ID | Description | Fix date |
 |---|---|---|
 | - | Fixed inaccuracy in Microsoft Visio Viewer & SDK 2016 | 01-July-24 |
+| 61778 | Fixed inaccuracy in PHP vulnerabilities - CVE-2024-4577, CVE-2024-5458 & CVE-2024-5585 | 05-July-24 |
+| - | Fixed inaccuracy in Intel Proset Wireless vulnerabilities - CVE-2023-38417, CVE-2023-38654, CVE-2023-40536 & CVE-2023-47210 | 07-July-24 |
+| 58642 | Fixed inaccuracy in Microsoft Visual Studio Code & Progress Fiddler | 10-July-24 |
+| 61803 | Fixed inaccuracy in CVE-2023-24592 | 10-July-24 |
+| - | Fixed inaccuracy in CVE-2017-3010 & CVE-2017-3124 | 10-July-24 |
+| - | Fixed inaccuracy in 7-zip and Zscaler vulnerabilities - CVE-2023-31102, CVE-2023-41972, CVE-2023-41973 & CVE-2023-23463 | 10-July-24 |
+| 62958 | Fixed inaccuracy in CVE-2024-26010 | 10-July-24 |
+| - | Defender Vulnerability Management doesn't currently support CVE-2013-5387 and CVE-2018-1595 | 14-July-24 |
+| 60387 | Fixed inaccuracy in Microsoft Teams by excluding squirrel.exe path | 14-July-24 |
+| 61125 | Fixed inaccuracy in Lenovo Mouse Suite | 17-July-24 |
 
 
 ## June 2024

defender-xdr/api-incident.md

@@ -18,7 +18,7 @@ search.appverid:
   - MOE150
   - MET150
 ms.custom: api
-ms.date: 02/08/2024
+ms.date: 07/30/2024
 ---
 
 # Microsoft Defender XDR incidents API and the incidents resource type
@@ -73,7 +73,7 @@ Refer to the respective method articles for more details on how to construct a r
 | status | Enum | Specifies the current status of the incident. Possible values are: `Active`, `InProgress`, `Resolved`, and `Redirected`. |
 | classification | Enum | Specification of the incident. Possible values are: `TruePositive`, `Informational, expected activity`, and `FalsePositive`. |
 | determination | Enum | Specifies the determination of the incident. <p>Possible determination values for each classification are: <br><li> <b>True positive</b>: `Multistage attack` (MultiStagedAttack), `Malicious user activity` (MaliciousUserActivity), `Compromised account` (CompromisedUser) – consider changing the enum name in public api accordingly, `Malware` (Malware), `Phishing` (Phishing), `Unwanted software` (UnwantedSoftware), and `Other` (Other). <li> <b>Informational, expected activity:</b> `Security test` (SecurityTesting), `Line-of-business application` (LineOfBusinessApplication), `Confirmed activity` (ConfirmedUserActivity) - consider changing the enum name in public api accordingly, and `Other` (Other). <li>  <b>False positive:</b> `Not malicious` (Clean) - consider changing the enum name in public api accordingly, `Not enough data to validate` (InsufficientData), and `Other` (Other). |
-| tags | string list | List of Incident tags. |
+| tags | string list | List of Incident tags (customTags only). |
 | comments | List of incident comments | Incident Comment object contains: comment string, createdBy string, and createTime date time. |
 | alerts | alert list | List of related alerts. See examples at [List incidents](api-list-incidents.md) API documentation. |
 

defender-xdr/breadcrumb/toc.yml

@@ -1,7 +1,21 @@
+
 - name: 'Microsoft Defender'
   tocHref: /defender/
   topicHref: /defender/index
   items:
-   - name: 'Microsoft Defender XDR'
-     tocHref: /defender-xdr/
-     topicHref: /defender-xdr/index
+  - name: 'Microsoft Defender XDR'
+    tocHref: /defender-xdr/
+    topicHref: /defender-xdr/index
+  - name: Microsoft Defender XDR
+    tocHref: /defender-for-identity/
+    topicHref: /defender-xdr/index
+    
+## Azure override
+- name: 'Microsoft Defender'
+  tocHref: /azure/
+  topicHref: /defender/index
+  items:
+  - name: 'Microsoft Defender XDR'
+    tocHref: /azure/sentinel/
+    topicHref: /defender-xdr/index
+

defender-xdr/media/defender-for-cloud-apps/cloud-apps.png

@@ -1,14 +1,14 @@
 ---
-title: Microsoft Defender for Cloud Apps in Microsoft Defender XDR
-description: Learn about changes from the Microsoft Defender for Cloud Apps to Microsoft Defender XDR.
+title: Microsoft Defender for Cloud Apps in the Microsoft Defender portal
+description: Learn about using Microsoft Defender for Cloud Apps in the Microsoft Defender portal.
 ms.service: defender-xdr
 ms.localizationpriority: medium
 f1.keywords:
 - NOCSH
 ms.author: bagol
 author: batamig
 manager: raynew
-ms.date: 06/18/2024
+ms.date: 07/31/2024
 audience: ITPro
 ms.topic: conceptual
 search.appverid: 
@@ -20,7 +20,7 @@ ms.collection:
 ms.custom: admindeeplinkDEFENDER
 ---
 
-# Microsoft Defender for Cloud Apps in Microsoft Defender XDR
+# Microsoft Defender for Cloud Apps in the Microsoft Defender portal
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
@@ -29,102 +29,35 @@ ms.custom: admindeeplinkDEFENDER
 - [Microsoft Defender XDR](microsoft-365-defender.md)
 - [Microsoft Defender for Cloud Apps](/defender-cloud-apps/)
 
-Microsoft Defender for Cloud Apps is part of Microsoft Defender XDR, and uses the Microsoft Defender portal to allow security admins to perform their security tasks in one location. The Microsoft Defender portal simplifies workflows and combines functionality from other Microsoft Defender XDR services to Defender for Cloud Apps. 
+Microsoft Defender for Cloud Apps is available inside the Microsoft Defender portal. The Defender portal is the home for monitoring and managing security across your Microsoft identities, data, devices, apps, and infrastructure, allowing security admins to perform their security tasks in one location, across multiple Microsoft Defender services.
 
-The Microsoft Defender portal is the home for monitoring and managing security across your Microsoft identities, data, devices, apps, and infrastructure. SOC analysts can triage, investigate, and hunt across all Microsoft Defender XDR workloads, including cloud apps. For example, Defender for Cloud Apps alerts appear in Microsoft Defender XDR's incidents queue and alerts queue, with relevant content inside the alert pages, in a unified format with the proper adaptations to each alerts type. 
-
-All users accessing the classic Microsoft Defender for Cloud Apps portal are automatically rerouted to the Microsoft Defender portal, with no option to opt out. This article is intended for customers moving from the classic Defender for Cloud Apps portal and want to learn more about where to find Defender for Cloud Apps content in the Microsoft Defender portal.
+SOC analysts can triage, investigate, and hunt across all Microsoft Defender XDR workloads, including cloud apps.
 
 Take a look in Microsoft Defender XDR at <https://security.microsoft.com>.
 
 Learn more about the benefits: [Overview of Microsoft Defender XDR](microsoft-365-defender.md).
 
-## Quick reference
-
-The images and the tables below list the changes in navigation between Microsoft Defender for Cloud Apps and Microsoft Defender XDR.
-
-### Discover
-
-> [!div class="mx-imgBorder"]
-> :::image type="content" source="/defender/media/defender-cloud-apps-m365-defender-discover.png" alt-text="The new locations for Cloud Discovery features in the Microsoft Defender portal" lightbox="/defender/media/defender-cloud-apps-m365-defender-discover.png":::
-
-| Defender for Cloud Apps | Microsoft Defender XDR |
-|---------|---------|
-| Cloud Discover dashboard | Cloud apps -> Cloud discovery |
-| Discovered Apps | tab on Cloud Discovery page |
-| Discovered resources | tab on Cloud Discovery page |
-| IP addresses | tab on Cloud Discovery page |
-| Users | tab on Cloud Discovery page |
-| Devices | tab on Cloud Discovery page |
-| Cloud app catalog |  Cloud apps -> Cloud app catalog |
-| Create Cloud Discovery snapshot report | On the Cloud Discovery page, under Actions |
-
-### Investigate
-
-> [!div class="mx-imgBorder"]
-> :::image type="content" source="/defender/media/defender-cloud-apps-m365-defender-investigate.png" alt-text="The new locations for Investigation features in the Microsoft Defender portal" lightbox="/defender/media/defender-cloud-apps-m365-defender-investigate.png":::
-
-| Defender for Cloud Apps | Microsoft Defender XDR |
-|---------|---------|
-| Activity log | Cloud apps -> Activity log |
-| Files | Cloud apps -> Files |
-| Users and accounts | Assets -> Identities |
-| Security configuration | available in [Microsoft Defender for Cloud](/azure/defender-for-cloud/defender-for-cloud-introduction) |
-| Identity security posture | [Microsoft Defender for Identity's identity security posture assessments](/defender-for-identity/isp-overview) |
-| OAuth apps | Cloud apps -> OAuth apps |
-| Connected apps | Settings -> Cloud apps -> Connected apps |
-
-### Control
-
-> [!div class="mx-imgBorder"]
-> :::image type="content" source="/defender/media/defender-cloud-apps-m365-defender-control.png" alt-text="The new locations for Control features in the Microsoft Defender portal" lightbox="/defender/media/defender-cloud-apps-m365-defender-control.png":::
-
-| Defender for Cloud Apps | Microsoft Defender XDR |
-|---------|---------|
-| Policies | Cloud apps -> Policy management. Note: Microsoft Entra ID Protection policies will be removed gradually from the Cloud apps policies list. To configure alerts from these policies, see [Configure Microsoft Entra IP alert service](investigate-alerts.md#configure-aad-ip-alert-service) |
-| Templates | Cloud apps -> Policy templates |
-
-### Settings
-
-> [!div class="mx-imgBorder"]
-> :::image type="content" source="/defender/media/defender-cloud-apps-m365-defender-settings.png" alt-text="The new locations for Settings in the Microsoft Defender portal" lightbox="/defender/media/defender-cloud-apps-m365-defender-settings.png":::
-
-| Defender for Cloud Apps | Microsoft Defender XDR |
-|---------|---------|
-| Settings | Settings -> Cloud apps |
-| Settings/Governance log | Cloud apps -> Governance log |
-| Security extensions -> Playbooks | Settings -> Cloud apps |
-| Security extensions -> SIEM  agents | Settings -> Cloud apps |
-| Security extensions -> External  DLP | Settings -> Cloud apps |
-| Security extensions -> API  tokens | Settings -> Cloud apps |
-| Manage admin access -> Admin roles | Permissions-> Cloud apps-> Roles |
-| Manage admin access -> Activity privacy permissions | Permissions-> Cloud apps-> Activity privacy permissions |
-| Exported reports | Reports -> Cloud apps -> Exported reports |
-| Scoped deployment and privacy | Settings -> Cloud Apps -> Scoped deployment and privacy |
-| Connected Apps / App connectors | Settings -> Cloud Apps -> Connected apps -> App Connectors |
-| Conditional Access App Control | Settings -> Cloud apps -> Connected apps -> Conditional Access App Control apps |
-| IP address ranges              | Settings -> Cloud apps                                      |
-| User groups                    | Settings -> Cloud apps                                      |
-
-The capabilities on the following pages are fully integrated into Microsoft Defender XDR, and therefore don't have their own standalone experience in Microsoft Defender XDR:
-  
-- [Settings > Microsoft Entra ID Protection](investigate-alerts.md)
-- [Settings > App Governance](/defender-cloud-apps/app-governance-get-started)
-- [Settings > Microsoft Defender for Identity](/defender-for-identity/deploy-defender-identity)
-
-## What's changed
-
-Learn about the changes that have come with the integration of Defender for Cloud Apps and Microsoft Defender XDR.
-
-### Global search
+## Perform cloud app security tasks
+
+Find Defender for Cloud Apps functionality in the Microsoft Defender portal under **Cloud Apps**. For example:
+
+:::image type="content" source="media/defender-for-cloud-apps/cloud-apps.png" alt-text="Screenshot that shows the Defender for Cloud Apps Cloud discovery page." lightbox="media/defender-for-cloud-apps/cloud-apps.png":::
+
+## Investigate cloud app alerts
+
+Defender for Cloud Apps alerts show in the Defender portal's incident and alerts queues, with relevant content inside alert pages for each type of an alert. For more information, see [Investigate incidents in Microsoft Defender XDR](investigate-incidents.md).
+
+## Global search for your connected cloud apps
 
 Use the Microsoft Defender portal's global search bar at the top of the page to search for connected apps in Defender for Cloud Apps.
 
-:::image type="content" source="/defender/media/global-search-apps.png" alt-text="Search for connected apps.":::
+:::image type="content" source="/defender/media/global-search-apps.png" alt-text="Screenshot that shows searching for connected apps." lightbox="/defender/media/global-search-apps.png":::
+
+## Assets and identities
 
-### Assets and identities
+Use the **Assets > Identities** page to find comprehensive details about entities pulled from connected cloud applications, including a users's activity history and security alerts related to the user. For example:
 
-As part of the creation of a dedicated **Assets** section that spans the entire Microsoft Defender XDR experience, the **Users and Accounts** section of Defender for Cloud Apps is rebranded as the **Identities** section. No changes to functionality are expected.
+:::image type="content" source="media/defender-for-cloud-apps/dashboard-top-users.png" alt-text="Screenshot that shows cloud app entities in the Identities page." lightbox="media/defender-for-cloud-apps/dashboard-top-users.png":::
 
 <a name='redirection-from-the-classic-microsoft-defender-for-cloud-apps-portal-to-microsoft-365-defender'></a>