Merge branch 'main' into diannegali-mdecustomapk

Author: denisebmsft

.openpublishing.redirection.defender-endpoint.json

@@ -134,6 +134,21 @@
       "source_path": "defender-endpoint/configure-server-endpoints.md",
       "redirect_url": "/defender-endpoint/onboard-windows-server-2012r2-2016",
       "redirect_document_id": true
+    },
+    {
+      "source_path": "defender-endpoint/onboard-windows-client.md",
+      "redirect_url": "/defender-endpoint/onboard-client",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "defender-endpoint/onboard-windows-server.md",
+      "redirect_url": "/defender-endpoint/onboard-server",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "defender-endpoint/onboard-windows-server-2012r2-2016.md",
+      "redirect_url": "/defender-endpoint/onboard-server",
+      "redirect_document_id": false
     } 
   ]
 }

defender-endpoint/TOC.yml

@@ -138,10 +138,9 @@
               href: migrate-devices-streamlined.md
 
         - name: Onboard client devices
-          href: onboard-client.md
           items:
-          - name: Onboarding Windows client overview
-            href: onboard-windows-client.md
+          - name: Onboard client devices running Windows or macOS
+            href: onboard-client.md
           - name: Defender for Endpoint plug-in for WSL
             href: mde-plugin-wsl.md
           - name: Onboard Windows devices to Defender for Endpoint using Intune
@@ -160,12 +159,9 @@
             href: onboard-downlevel.md
 
         - name: Onboard server devices
-          href: onboard-server.md
           items:
-          - name: Onboard Windows Server version 1803, Windows Server 2019, and later
-            href: onboard-windows-server.md
-          - name: Onboard Windows Server 2012 R2 and Windows Server 2016
-            href: onboard-windows-server-2012r2-2016.md
+          - name: Onboard servers through Defender for Endpoint's experience
+            href: onboard-server.md
           - name: Defender for Endpoint on Windows Server with SAP
             href: mde-sap-windows-server.md
           - name: Onboard Windows devices using Configuration Manager

defender-endpoint/api/device-health-api-methods-properties.md

@@ -50,7 +50,7 @@ Retrieves a list of Microsoft Defender Antivirus device health details. This API
 Data that is collected using either `JSON response` or by using files is a snapshot of the current state. This data doesn't contain historical data. To collect historical data, you must save the data in your own data storage.
 
 > [!IMPORTANT]
-> For Windows Server 2012 R2 and Windows Server 2016 to appear in device health reports, these devices must be onboarded using the modern unified solution package. For more information, see [New functionality in the modern unified solution for Windows Server 2012 R2 and 2016](../onboard-windows-server-2012r2-2016.md#functionality-in-the-modern-unified-solution).
+> For Windows Server 2012 R2 and Windows Server 2016 to appear in device health reports, these devices must be onboarded using the modern unified solution package. For more information, see [New functionality in the modern unified solution for Windows Server 2012 R2 and 2016](../onboard-server.md#functionality-in-the-modern-unified-solution-for-windows-server-2016-and-windows-server-2012-r2).
 >
 > For information about using the **Device health and antivirus compliance** reporting tool in the Microsoft Defender portal, see: [Device health and antivirus report in Microsoft Defender for Endpoint](../device-health-reports.md).
 

defender-endpoint/api/device-health-export-antivirus-health-report-api.md

@@ -48,7 +48,7 @@ Data that is collected using either '_JSON response_ or _via files_' is the curr
 
 > [!IMPORTANT]
 >
-> For Windows Server 2012 R2 and Windows Server 2016 to appear in device health reports, these devices must be onboarded using the modern unified solution package. For more information, see [New functionality in the modern unified solution for Windows Server 2012 R2 and 2016](../onboard-windows-server-2012r2-2016.md#functionality-in-the-modern-unified-solution).
+> For Windows Server 2012 R2 and Windows Server 2016 to appear in device health reports, these devices must be onboarded using the modern unified solution package. For more information, see [New functionality in the modern unified solution for Windows Server 2012 R2 and 2016](../onboard-server.md#functionality-in-the-modern-unified-solution-for-windows-server-2016-and-windows-server-2012-r2).
 
 > [!NOTE]
 >

defender-endpoint/attack-surface-reduction-rules-reference.md

@@ -111,7 +111,7 @@ The following table lists the supported operating systems for rules that are cur
 
 > [!NOTE]
 > Unless otherwise indicated, the minimum Windows 10 build is version 1709 (RS3, build 16299) or later; the minimum Windows Server build is version 1809 or later.
-> Attack surface reduction rules in Windows Server 2012 R2 and Windows Server 2016 are available for devices onboarded using the modern unified solution package. For more information, see [New Windows Server 2012 R2 and 2016 functionality in the modern unified solution](onboard-windows-server-2012r2-2016.md#functionality-in-the-modern-unified-solution).
+> Attack surface reduction rules in Windows Server 2012 R2 and Windows Server 2016 are available for devices onboarded using the modern unified solution package. For more information, see [New Windows Server 2012 R2 and 2016 functionality in the modern unified solution](onboard-server.md#functionality-in-the-modern-unified-solution-for-windows-server-2016-and-windows-server-2012-r2).
 
 | Rule name| Windows 10 and 11 | Windows Server version 1803, 2019, and later | Windows Server 2016 and 2012 R2 |
 |---|---|---|---|
@@ -136,7 +136,7 @@ The following table lists the supported operating systems for rules that are cur
 | [Use advanced protection against ransomware](#use-advanced-protection-against-ransomware) | Y <br> version 1803 or later | Y | Y |
 
 > [!NOTE]
-> - For Windows Server 2012 R2 and Windows Server 2016, see [Onboard Windows Server 2012 R2 and Windows Server 2016 to Microsoft Defender for Endpoint](onboard-windows-server-2012r2-2016.md). 
+> - For Windows Server 2012 R2 and Windows Server 2016, see [Onboard Windows Server 2012 R2 and Windows Server 2016](onboard-server.md#onboard-windows-server-2012-r2-and-windows-server-2016). 
 > - If you're using Configuration Manager, the minimum required version of Microsoft Endpoint Configuration Manager is version 2111.
 > - For Windows client devices, "version 1809 or later" and "version 1903 (build 18362)" apply to Windows 10 only.
 

defender-endpoint/attack-surface-reduction-rules-report.md

@@ -52,7 +52,7 @@ For more information about individual attack surface reduction rules, see [Attac
 
 > [!IMPORTANT]
 > To access the attack surface reduction rules report, read permissions are required for the Microsoft Defender portal. 
-> For Windows Server 2012 R2 and Windows Server 2016 to appear in the attack surface reduction rules report, these devices must be onboarded using the modern unified solution package. For more information, see [New functionality in the modern unified solution for Windows Server 2012 R2 and 2016](onboard-windows-server-2012r2-2016.md#functionality-in-the-modern-unified-solution).
+> For Windows Server 2012 R2 and Windows Server 2016 to appear in the attack surface reduction rules report, these devices must be onboarded using the modern unified solution package. For more information, see [New functionality in the modern unified solution for Windows Server 2012 R2 and 2016](onboard-server.md#functionality-in-the-modern-unified-solution-for-windows-server-2016-and-windows-server-2012-r2).
 
 ## Report access permissions
 

defender-endpoint/attack-surface-reduction.md

@@ -142,7 +142,7 @@ You can set attack surface reduction rules for devices that are running any of t
 - [Windows Server 2012 R2](/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh801901(v=ws.11))
 
   > [!NOTE]
-  > Windows Server 2016 and Windows Server 2012 R2 must be onboarded using the instructions in [Onboard Windows Server 2012 R2 and Windows Server 2016 to Microsoft Defender for Endpoint](onboard-windows-server-2012r2-2016.md) for this feature to work.
+  > Windows Server 2016 and Windows Server 2012 R2 must be onboarded using the instructions in [Onboard Windows Server 2012 R2 and Windows Server 2016 to Microsoft Defender for Endpoint](onboard-server.md) for this feature to work.
 
 Although attack surface reduction rules don't require a [Windows E5 license](/windows/deployment/deploy-enterprise-licenses), if you have Windows E5, you get advanced management capabilities. The advanced capabilities - available only in Windows E5 - include:S
 

defender-endpoint/automated-investigations.md

@@ -93,7 +93,7 @@ Currently, AIR only supports the following OS versions:
 - Windows 11
 
 > [!NOTE]
-> Automated investigation and response on Windows Server 2012 R2 and Windows Server 2016 requires the [Unified Agent](onboard-windows-server-2012r2-2016.md#functionality-in-the-modern-unified-solution) to be installed. 
+> Automated investigation and response on Windows Server 2012 R2 and Windows Server 2016 requires the [Unified Agent](onboard-server.md#functionality-in-the-modern-unified-solution-for-windows-server-2016-and-windows-server-2012-r2) to be installed. 
 
 ## Next steps
 

defender-endpoint/azure-server-integration.md

@@ -47,6 +47,6 @@ The following capabilities are included in this integration:
 ## Related articles
 
 - [Onboard previous versions of Windows](onboard-downlevel.md)
-- [Onboard Windows Server 2012 R2, 2016, SAC version 1803, and 2019](onboard-windows-server-2012r2-2016.md)
+- [Onboard Windows Server 2012 R2, 2016, SAC version 1803, and 2019](onboard-server.md)
 
 [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]

defender-endpoint/cloud-protection-microsoft-antivirus-sample-submission.md

@@ -9,7 +9,7 @@ ms.reviewer: mkaminska, yongrhee
 manager: deniseb
 ms.subservice: ngp
 ms.topic: conceptual
-ms.date: 04/07/2025
+ms.date: 04/16/2025
 ms.collection: 
 - m365-security
 - tier2
@@ -128,7 +128,7 @@ There are two more scenarios where Defender for Endpoint might request a file sa
 
 | Scenario | Description |
 |:---|:---|
-|Manual file sample collection in the Microsoft Defender portal | When onboarding devices to Defender for Endpoint, you can configure settings for [endpoint detection and response (EDR)](overview-endpoint-detection-response.md). For example, there's a setting to enable sample collections from the device, which can easily be confused with the sample submission settings described in this article. <br/><br/>The EDR setting controls file sample collection from devices when requested through the Microsoft Defender portal, and is subject to the roles and permissions already established. This setting can allow or block file collection from the endpoint for features such as deep analysis in the Microsoft Defender portal. If this setting isn't configured, the default is to enable sample collection. <br/><br/>Learn about Defender for Endpoint configuration settings, see: [Onboarding tools and methods for Windows 10 devices in Defender for Endpoint](onboard-windows-client.md) |
+|Manual file sample collection in the Microsoft Defender portal | When onboarding devices to Defender for Endpoint, you can configure settings for [endpoint detection and response (EDR)](overview-endpoint-detection-response.md). For example, there's a setting to enable sample collections from the device, which can easily be confused with the sample submission settings described in this article. <br/><br/>The EDR setting controls file sample collection from devices when requested through the Microsoft Defender portal, and is subject to the roles and permissions already established. This setting can allow or block file collection from the endpoint for features such as deep analysis in the Microsoft Defender portal. If this setting isn't configured, the default is to enable sample collection. <br/><br/>Learn about Defender for Endpoint configuration settings, see [Onboard Windows and Mac client devices to Microsoft Defender for Endpoint](onboard-client.md) |
 | Automated investigation and response content analysis | When [automated investigations](automated-investigations.md) are running on devices (when configured to run automatically in response to an alert or manually run), files that are identified as suspicious can be collected from the endpoints for further inspection. If necessary, the file content analysis feature for automated investigations can be disabled in the Microsoft Defender portal. <br/><br/> The file extension names can also be modified to add or remove extensions for other file types that are automatically submitted during an automated investigation. <br/><br/> To learn more, see [Manage automation file uploads](manage-automation-file-uploads.md). |