Merge pull request #799 from MicrosoftDocs/main

Publish main to live, Tuesday 3:30PM PDT, 06/25

Author: Stacyrch140

defender-endpoint/api/device-health-api-methods-properties.md

@@ -5,7 +5,7 @@ ms.service: defender-endpoint
 ms.author: siosulli 
 author: siosulli
 ms.localizationpriority: medium 
-ms.date: 05/15/2024
+ms.date: 06/25/2024
 manager: deniseb 
 ms.reviewr: mkaminska
 audience: ITPro 
@@ -50,7 +50,7 @@ Data that is collected using either '_JSON response_ or _via files_' is the curr
 > [!IMPORTANT]
 > For Windows Server 2012 R2 and Windows Server 2016 to appear in device health reports, these devices must be onboarded using the modern unified solution package. For more information, see [New functionality in the modern unified solution for Windows Server 2012 R2 and 2016](../configure-server-endpoints.md#functionality-in-the-modern-unified-solution).
 >
-> For information about using the **Device health and antivirus compliance** reporting tool in the Microsoft 365 Security dashboard, see: [Device health and antivirus report in Microsoft Defender for Endpoint](../device-health-reports.md).
+> For information about using the **Device health and antivirus compliance** reporting tool in the Microsoft Defender portal, see: [Device health and antivirus report in Microsoft Defender for Endpoint](../device-health-reports.md).
 
 ### 1.1 Export device antivirus health details API methods
 
@@ -128,4 +128,5 @@ Data that is collected using either '_JSON response_ or _via files_' is the curr
 [Export device antivirus health report](device-health-export-antivirus-health-report-api.md)
 
 [Device health and compliance reporting](../device-health-reports.md)
+
 [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../../includes/defender-mde-techcommunity.md)]

defender-endpoint/api/device-health-export-antivirus-health-report-api.md

@@ -5,7 +5,7 @@ ms.service: defender-endpoint
 ms.author: siosulli
 author: siosulli
 ms.localizationpriority: medium
-ms.date: 11/03/2022
+ms.date: 06/25/2024
 manager: deniseb
 audience: ITPro
 ms.collection: 
@@ -46,19 +46,13 @@ This API has two methods to retrieve Microsoft Defender Antivirus device antivir
 
 Data that is collected using either '_JSON response_ or _via files_' is the current snapshot of the current state. It doesn't contain historic data. To collect historic data, customers must save the data in their own data storages. See [Export device health details API methods and properties](device-health-api-methods-properties.md).
 
-> [!IMPORTANT]
->
-> Currently, only the **Antivirus Health JSON Response** is generally available. **Antivirus Health API via files** is currently only available in public preview.
->
-> **Advanced Hunting custom query** is currently only available in public preview, even if the queries are still visible.
-
 > [!IMPORTANT]
 >
 > For Windows Server 2012 R2 and Windows Server 2016 to appear in device health reports, these devices must be onboarded using the modern unified solution package. For more information, see [New functionality in the modern unified solution for Windows Server 2012 R2 and 2016](../configure-server-endpoints.md#functionality-in-the-modern-unified-solution).
 
 > [!NOTE]
 >
-> For information about using the **Device health and antivirus compliance** reporting tool in the Microsoft 365 Security dashboard, see: [Device health and antivirus compliance report in Microsoft Defender for Endpoint](../device-health-reports.md).
+> For information about using the **Device health and antivirus compliance** reporting tool in the Microsoft Defender portal, see: [Device health and antivirus compliance report in Microsoft Defender for Endpoint](../device-health-reports.md).
 >
 
 ## 1 Export health reporting (JSON response)

defender-endpoint/assign-portal-access.md

@@ -13,7 +13,7 @@ ms.collection:
 - m365-security
 - tier2
 ms.topic: conceptual
-ms.date: 3/30/2023
+ms.date: 06/25/2024
 ---
 
 # Assign user access 
@@ -32,19 +32,26 @@ ms.date: 3/30/2023
 
 Defender for Endpoint supports two ways to manage permissions:
 
-- **Basic permissions management**: Set permissions to either full access or read-only.
+- **Basic permissions management**: Set permissions to either full access or read-only. See [Use basic permissions to access the portal](basic-permissions.md).
+
 - **Role-based access control (RBAC)**: Set granular permissions by defining roles, assigning Microsoft Entra user groups to the roles, and granting the user groups access to device groups. For more information on RBAC, see [Manage portal access using role-based access control](rbac.md).
 
-> [!NOTE]
-> If you have already assigned basic permissions, you may switch to RBAC anytime. Consider the following before making the switch:
-> - Users with full access (users that are assigned the Global Administrator or Security Administrator directory role in Microsoft Entra ID), are automatically assigned the default Defender for Endpoint administrator role, which also has full access. Additional Microsoft Entra user groups can be assigned to the Defender for Endpoint administrator role after switching to RBAC. Only users assigned to the Defender for Endpoint administrator role can manage permissions using RBAC. 
-> - Users that have read-only access (Security Readers) will lose access to the portal until they are assigned a role. Note that only Microsoft Entra user groups can be assigned a role under RBAC.
-> - After switching to RBAC, you will not be able to switch back to using basic permissions management.
->
->  Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.
+## Change from basic permissions to RBAC
+
+If you have already assigned basic permissions, you can switch to RBAC anytime. Consider the following before making the switch:
+
+- Users who have full access (users who are assigned the Global Administrator or Security Administrator directory role in Microsoft Entra ID), are automatically assigned the default Defender for Endpoint administrator role, which also has full access. 
+- Other Microsoft Entra user groups can be assigned to the Defender for Endpoint administrator role after switching to RBAC.
+- Only users who are assigned the Defender for Endpoint administrator role can manage permissions using RBAC. 
+- Users who have read-only access (Security Readers) lose access to the portal until they are assigned a role. Only Microsoft Entra user groups can be assigned a role under RBAC.
+- After switching to RBAC, you can't switch back to using basic permissions management.
+
+> [!IMPORTANT]
+> Microsoft recommends that you use roles with the fewest permissions. This helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
+
+## Related articles
 
-## Related topics
+- [Create and manage device groups](machine-groups.md)
+- [Zero Trust with Microsoft Defender for Endpoint](zero-trust-with-microsoft-defender-endpoint.md)
 
-- [Use basic permissions to access the portal](basic-permissions.md)
-- [Manage portal access using RBAC](rbac.md)
 [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]

defender-endpoint/attack-surface-reduction-rules-report.md

@@ -15,7 +15,7 @@ ms.collection:
 - m365-security
 - tier2
 - mde-asr
-ms.date: 03/27/2023
+ms.date: 06/25/2024
 search.appverid: met150
 ---
 
@@ -33,9 +33,6 @@ search.appverid: met150
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
-> [!IMPORTANT]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 The attack surface reduction rules report provides information about the _attack surface reduction rules_ that are applied to devices in your organization. This report also provides information about:
 
 - detected threats
@@ -47,39 +44,31 @@ Additionally, this report provides an easy-to-use interface that enables you to:
 - View threat detections
 - View the configuration of the ASR rules
 - Configure (add) exclusions
-- Easily activate _basic protection_ by enabling the three most recommended ASR rules with a single toggle
 - Drill down to gather detailed information
 
 For more information about individual attack surface reduction rules, see [Attack surface reduction rules reference](attack-surface-reduction-rules-reference.md).
 
 ## Prerequisites
 
 > [!IMPORTANT]
-> To access the **Attack surface reduction rules report**, read permissions are required for the Microsoft Defender portal. Access to this report granted by Microsoft Entra roles, such as Security Global Admin or Security role, is being deprecated and will be removed in April 2023.
-> For Windows Server 2012 R2 and Windows Server 2016 to appear in the **Attack surface reduction rules report**, these devices must be onboarded using the modern unified solution package. For more information, see [New functionality in the modern unified solution for Windows Server 2012 R2 and 2016](configure-server-endpoints.md#functionality-in-the-modern-unified-solution).
+> To access the attack surface reduction rules report, read permissions are required for the Microsoft Defender portal. 
+> For Windows Server 2012 R2 and Windows Server 2016 to appear in the attack surface reduction rules report, these devices must be onboarded using the modern unified solution package. For more information, see [New functionality in the modern unified solution for Windows Server 2012 R2 and 2016](configure-server-endpoints.md#functionality-in-the-modern-unified-solution).
 
 ## Report access permissions
 
-To access the **Attack surface reduction rules report** in the Microsoft 365 Security dashboard, the following permissions are required:
+To access the attack surface reduction rules report in the Microsoft Defender portal, the following permissions are required:
 
 | Permission type | Permission | Permission display name |
 |:---|:---|:---|
-| Application | Machine.Read.All | 'Read all machine profiles' |
-|Delegated (work or school account) | Machine.Read | 'Read machine information' |
-
-To assign these permissions:
+| Application | `Machine.Read.All` | `Read all machine profiles` |
+| Delegated (work or school account) | `Machine.Read` | `Read machine information` |
 
-1. Sign in to <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft Defender XDR</a> using account with Security administrator or Global administrator role assigned.
-1. In the navigation pane, select **Settings** \> **Endpoints** \> **Roles** (under **Permissions**).
-1. Select the role you'd like to edit.
-1. Select **Edit**.
-1. In **Edit role**, on the **General** tab, in **Role name**, type a name for the role.
-1. In **Description** type a brief summary of the role.
-1. In **Permissions**, select **View Data**, and under **View Data** select **Attack surface reduction**.
+You can assign permissions by using Microsoft Entra ID or the Microsoft Defender portal.
 
-For more information about user role management, see [Create and manage roles for role-based access control](user-roles.md).
+- To use Microsoft Entra ID, see [Assign Microsoft Entra roles to users](/entra/identity/role-based-access-control/manage-roles-portal)
+- To use the Microsoft Defender portal, see [Assign user access](assign-portal-access.md).
 
-## Navigation
+## Navigate to the attack surface reduction rules report
 
 To navigate to the summary cards for the attack surface reduction rules report
 

defender-endpoint/basic-permissions.md

@@ -16,7 +16,7 @@ ms.collection:
 - tier2
 ms.topic: conceptual
 search.appverid: met150
-ms.date: 02/21/2024
+ms.date: 06/25/2024
 ---
 
 # Use basic permissions to access the portal
@@ -31,14 +31,7 @@ ms.date: 02/21/2024
 
 > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-basicaccess-abovefoldlink)
 
-Refer to the instructions below to use basic permissions management.
-
-You can use either of the following solutions:
-
-- Microsoft Graph PowerShell
-- Azure portal
-
-For granular control over permissions, [switch to role-based access control](rbac.md).
+If you want to use basic permissions management for the Microsoft Defender portal, keep in mind that permissions are set to either full access or read only. For granular control over permissions, [use role-based access control](rbac.md).
 
 ## Assign user access using Microsoft Graph PowerShell
 
@@ -57,6 +50,7 @@ You can assign users with one of the following levels of permissions:
 - Connect to your Microsoft Entra ID. For more information, see [Connect-MgGraph](/powershell/microsoftgraph/authentication-commands).
 
   - **Full access**: Users with full access can log in, view all system information and resolve alerts, submit files for deep analysis, and download the onboarding package. Assigning full access rights requires adding the users to the "Security Administrator" or "Global Administrator" Microsoft Entra built-in roles.
+
   - **Read-only access**: Users with read-only access can log in, view all alerts, and related information.
 
     They will not be able to change alert states, submit files for deep analysis or perform any state changing operations.
@@ -93,11 +87,10 @@ Use the following steps to assign security roles:
 
 For more information, see [Add or remove group members using Microsoft Entra ID](/azure/active-directory/fundamentals/active-directory-groups-members-azure-portal).
 
-## Assign user access using the Azure portal
-
-For more information, see [Assign administrator and non-administrator roles to users with Microsoft Entra ID](/azure/active-directory/fundamentals/active-directory-users-assign-role-azure-portal).
 
-## Related topic
+## Related articles
 
+- [Assign Microsoft Entra roles to users](/entra/identity/role-based-access-control/manage-roles-portal)
 - [Manage portal access using RBAC](rbac.md)
+
 [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]