Merge branch 'main' of https://github.com/MicrosoftDocs/defender-docs-pr into redirect

Author: batamig

.acrolinx-config.edn

@@ -1,6 +1,6 @@
-{:changed-files-limit 30
+{:changed-files-limit 60
  :allowed-branchname-matches ["main" "release-.*"]
- :allowed-filename-matches ["defender-xdr/" "exposure-management/" "defender/" "defender-business/" "defender-vulnerability-management/" "defender-office-365/" "defender-endpoint/"] ;; Can be overridden in repo-specific edn file. This is an allow list that identifies which folders contain the files Acrolinx will check. Separate multiple folders as follows ["folder/" "folder2"]
+ :allowed-filename-matches ["defender/" "defender-business/" "defender-endpoint/" "defender-for-cloud/" "defender-for-iot/" "defender-office-365/" "defender-vulnerability-management/" "defender-xdr/" "exposure-management/"] ;; Can be overridden in repo-specific edn file. This is an allow list that identifies which folders contain the files Acrolinx will check. Separate multiple folders as follows ["folder/" "folder2"]
 
 :use-gh-statuses true
 

.openpublishing.redirection.defender.json

@@ -5,11 +5,6 @@
       "redirect_url": "/defender-xdr/advanced-hunting-overview",
       "redirect_document_id": false
     },
-    {
-      "source_path": "defender-xdr/alerts-incidents-correlation.md",
-      "redirect_url": "/defender-xdr/incident-response-overview",
-      "redirect_document_id": false
-    },
     {
       "source_path": "defender-office-365/zero-trust-continuous-access-evaluation-microsoft-365.md",
       "redirect_url": "/security/zero-trust/zero-trust-continuous-access-evaluation-microsoft-365",
@@ -185,10 +180,35 @@
         "redirect_url": "/defender-xdr/pilot-deploy-overview",
         "redirect_document_id": false
     },
+    {
+      "source_path": "defender-xdr/microsoft-365-security-mde-redirection.md",
+      "redirect_url": "/defender-xdr/",
+      "redirect_document_id": false
+    },
     {
       "source_path": "defender-endpoint/evaluation-lab.md",
       "redirect_url": "/defender-endpoint/evaluate-microsoft-defender-antivirus",
       "redirect_document_id": true
+    },
+    {
+      "source_path": "defender-endpoint/collect-diagnostic-data-update-compliance.md",
+      "redirect_url": "/defender-endpoint/collect-diagnostic-data",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-endpoint/attack-simulations.md",
+      "redirect_url": "/defender-endpoint/defender-endpoint-demonstrations",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "defender-endpoint/mssp-support.md",
+      "redirect_url": "/defender-endpoint/configure-mssp-support",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "defender-endpoint/evaluate-mde.md",
+      "redirect_url": "/defender-endpoint/evaluate-microsoft-defender-antivirus",
+      "redirect_document_id": false
     }
   ]
 }

defender-business/TOC.yml

@@ -25,7 +25,7 @@
       href: trial-playbook-defender-business.md
     - name: Visit the Microsoft Defender portal
       href: mdb-get-started.md
-    - name: Try tutorials and simulations
+    - name: Find training and learning resources
       href: mdb-tutorials.md
   - name: Set up and configure Defender for Business
     items:

defender-business/index.yml

@@ -56,6 +56,8 @@ landingContent:
             url: trial-playbook-defender-business.md
           - text: Turn on preview features
             url: /defender-xdr/preview
+          - text: Find training and learning resources
+            url: mdb-tutorials.md
 
   # Card
   - title: Setup information

defender-business/mdb-add-users.md

@@ -9,7 +9,7 @@ audience: Admin
 ms.topic: conceptual
 ms.service: defender-business
 ms.localizationpriority: medium
-ms.date: 06/07/2024
+ms.date: 06/19/2024
 ms.collection: 
 - m365-security
 - tier1
@@ -59,8 +59,8 @@ One good way to make sure MFA is enabled for all users is by using [security def
 
 4. On the right side of the screen, in the **Security defaults** pane, see whether security defaults are turned on (**Enabled**) or off (**Disabled**). To turn security defaults on, use the drop-down menu to select **Enabled**. 
 
-   > [!CAUTION]
-   > If your organization is using Conditional Access policies, you won't be able to enable security defaults. You'll see a message that indicates you're using classic policies instead. You can use *either* security defaults *or* Conditional Access, but not both. For most organizations, security defaults offer a good level of sign-in security. But if your organization must meet more stringent requirements, you can use Conditional Access policies instead. To learn more, see the following articles:
+   > [!NOTE]
+   > If your organization is using Conditional Access policies, don't enable security defaults. In this case, you might see a message that indicates you're using classic policies. To learn more, see the following articles:
    > - [Multi-factor authentication](/Microsoft-365/business-premium/m365bp-turn-on-mfa) (in the Microsoft 365 Business Premium documentation)
    > - [Security defaults in Microsoft Entra ID](/azure/active-directory/fundamentals/concept-fundamentals-security-defaults)
 
@@ -69,5 +69,6 @@ One good way to make sure MFA is enabled for all users is by using [security def
 ## Next steps
 
 - [Step 3: Assign security roles and permissions in Microsoft Defender for Business](mdb-roles-permissions.md).
+
 - [Step 4: Set up email notifications for your security team](mdb-email-notifications.md).
 

defender-business/mdb-asr.md

@@ -4,7 +4,7 @@ description: Get an overview of attack surface reduction capabilities, including
 author: siosulli
 ms.author: siosulli
 manager: deniseb 
-ms.date: 06/07/2024
+ms.date: 07/23/2024
 ms.topic: conceptual
 ms.service: defender-business
 ms.localizationpriority: medium 
@@ -23,9 +23,6 @@ Your attack surfaces are all the places and ways that your organization's networ
 
 To help protect your network and devices, Microsoft Defender for Business includes several attack surface reduction capabilities, including attack surface reduction rules. This article describes how to set up your attack surface reduction rules and describes attack surface reduction capabilities.
 
-> [!NOTE]
-> Intune is not included in the standalone version of Defender for Business, but it can be added on.
-
 ## Standard protection ASR rules
 
 There are lots of attack surface reduction rules available. You don't have to set them all up at once. And, you can set up some rules in audit mode just to see how they work for your organization, and change them to work in block mode later. That said, we recommend enabling the following standard protection rules as soon as possible:

defender-business/mdb-create-edit-device-groups.md

@@ -10,7 +10,7 @@ ms.topic: how-to
 ms.service: defender-business
 ms.localizationpriority: medium
 ms.reviewer: nehabha
-ms.date: 05/17/2023
+ms.date: 06/19/2024
 f1.keywords: NOCSH 
 ms.collection: 
 - SMB
@@ -30,7 +30,6 @@ In Defender for Business, policies are applied to devices through certain collec
 - [How to view an existing device group](#view-an-existing-device-group)
 - [What the Add All Devices option does](#what-does-the-add-all-devices-option-do)
 
-
 ## What is a device group?
 
 A device group is a collection of devices that are grouped together because of certain specified criteria, such as operating system version. Devices that meet the criteria are included in that device group, unless you exclude them. In Defender for Business, policies are applied to devices by using device groups.

defender-business/mdb-email-notifications.md

@@ -10,7 +10,7 @@ ms.topic: overview
 ms.service: defender-business
 ms.localizationpriority: medium
 ms.reviewer: nehabha
-ms.date: 05/01/2023
+ms.date: 06/19/2024
 f1.keywords: NOCSH 
 ms.collection: 
  - m365-security
@@ -45,7 +45,7 @@ When you set up email notifications, you can choose from two types, as described
 > [!TIP]
 > **Email notifications are not the only way your security team can find out about new alerts or vulnerabilities**.
 > 
-> Email notifications are a convenient way to help keep your security team informed, in real time. But there are others! For example, whenever your security team signs into the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), they'll see cards highlighting new threats, alerts, and vulnerabilities. Defender for Business is designed to highlight important information that your security team cares about as soon as they sign in.
+> Email notifications are a convenient way to help keep your security team informed, in real time. But there are other methods you can use as well. For example, whenever your security team signs into the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), they see cards highlighting new threats, alerts, and vulnerabilities. Defender for Business is designed to highlight important information that your security team cares about as soon as they sign in.
 > 
 > Your security team can also choose **Incidents** in the navigation pane to view information. To learn more, see [View and manage incidents in Defender for Business](mdb-view-manage-incidents.md).
 

defender-business/mdb-firewall.md

@@ -9,7 +9,7 @@ audience: Admin
 ms.topic: overview
 ms.service: defender-business
 ms.localizationpriority: medium
-ms.date: 05/04/2023
+ms.date: 06/19/2024
 ms.reviewer: nehabha
 f1.keywords: NOCSH 
 ms.collection: 
@@ -34,10 +34,29 @@ You can use firewall protection to specify whether to allow or to block connecti
 
 Depending on whether you're using the Microsoft Defender portal or Intune to manage your firewall protection, use one of the following procedures.
 
-| Portal | Procedure |
-|:---|:---|
-| Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) |1. Go to the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), and sign in.<br/>2. In the navigation pane, choose **Device configuration**. Policies are organized by operating system and policy type.<br/>3. Select an operating system tab (such as **Windows clients**).<br/>4. Expand **Firewall** to view your list of policies.<br/>5. Select a policy to view the details. <br/><br/>To make changes or to learn more about policy settings, see the following articles:<br/>- [View or edit device policies](mdb-view-edit-create-policies.md)<br/>- [Firewall settings](mdb-firewall.md)<br/>- [Manage your custom rules for firewall policies](mdb-firewall.md)  |
-| Microsoft Intune admin center ([https://intune.microsoft.com](https://intune.microsoft.com)) |1. Go to [https://intune.microsoft.com](https://intune.microsoft.com) and sign in. You're now in the Intune admin center.<br/>2. Select **Endpoint security**.<br/>3. Select **Firewall** to view your policies in that category. Custom rules that are defined for firewall protection are listed as separate policies. <br/><br/>For help with managing your security settings in Intune, start with [Manage endpoint security in Microsoft Intune](/mem/intune/protect/endpoint-security).|
+### Use the Microsoft Defender portal to view or edit firewall policies
+
+1. Go to the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), and sign in.
+
+2. In the navigation pane, choose **Device configuration**. Policies are organized by operating system and policy type.
+
+3. Select an operating system tab (such as **Windows clients**).
+
+4. Expand **Firewall** to view your list of policies.
+
+5. Select a policy to view the details. To make changes or to learn more about policy settings, see the following articles:
+   
+   - [View or edit device policies](mdb-view-edit-create-policies.md)
+   - [Firewall settings](mdb-firewall.md)
+   - [Manage your custom rules for firewall policies](mdb-firewall.md)
+   
+### Use the Intune admin center to view or edit firewall policies
+
+1. Go to [https://intune.microsoft.com](https://intune.microsoft.com) and sign in. You're now in the Intune admin center.
+
+2. Select **Endpoint security**.
+
+3. Select **Firewall** to view your policies in that category. Custom rules that are defined for firewall protection are listed as separate policies. To get help with managing your security settings in Intune, start with [Manage endpoint security in Microsoft Intune](/mem/intune/protect/endpoint-security).
 
 ## Manage your custom rules for firewall policies in Microsoft Defender for Business
 
@@ -56,10 +75,15 @@ You can use custom rules to define exceptions for your firewall policies. That i
 5. To create a custom rule, follow these steps: 
 
    1. Under **Custom rules**, choose **+ Add rule**. (You can have up to 150 custom rules.)
+
    2. On the **Create new rule** flyout, specify a name and description for the rule.
+
    3. Select a profile. (Your options include **Domain network**, **Public network**, or **Private network**.)
+
    4. In the **Remote address type** list, select either **IP** or **Application file path**.
+
    5. In the **Value** box, specify an appropriate value. Depending on what you selected in step 6d, you might specify an IP address, an IP address range, or an application file path. (See [Firewall settings](mdb-firewall.md).)
+
    6. On the **Create new rule** flyout, select **Create rule**. 
 
 6. On the **Configuration settings** screen, choose **Next**.
@@ -81,10 +105,15 @@ You can use custom rules to define exceptions for your firewall policies. That i
 6. To edit your custom rule, follow these steps:
 
    1. On the **Edit rule** flyout, review and edit the rule's name and description.
+
    2. Review and if necessary, edit the rule's profile. (Your options include **Domain network**, **Public network**, or **Private network**.)
+   
    3. In the **Remote address type** list, select either **IP** or **Application file path**.
+   
    4. In the **Value** box, specify an appropriate value. Depending on what you selected in step 6c, you might specify an IP address, an IP address range, or an application file path. (See [Firewall settings](mdb-firewall.md).)
+   
    5. Set **Enable rule** to **On** to make the rule active. Or, to disable the rule, set the switch to **Off**.
+   
    6. On the **Edit rule** flyout, select **Update rule**. 
 
 7. On the **Configuration settings** screen, choose **Next**.