Merge pull request #3843 from MicrosoftDocs/chrisda

chrisda · web-flow · commit f4c101c74f59 · 2025-05-20T15:47:27.000-07:00
Chrisda to Main
diff --git a/defender-business/mdb-faq.yml b/defender-business/mdb-faq.yml
@@ -10,7 +10,7 @@ metadata:
   ms.topic: faq
   ms.service: defender-business
   ms.localizationpriority: medium
-  ms.date: 03/19/2024
+  ms.date: 05/20/2025
   ms.reviewer: efratka, nehabha
   f1.keywords: NOCSH
   ms.collection:
@@ -61,10 +61,10 @@ sections:
         answer: |
           The following table compares server options for Defender for Business customers:
 
-          | Server license | Description |
-          |--|--|
-          | Microsoft Defender for Business servers | [Microsoft Defender for Business servers](get-defender-business.md#how-to-get-microsoft-defender-for-business-servers) is an add-on to Defender for Business and Microsoft 365 Business Premium. This offering enables small and medium sized businesses (up to 300 users) to onboard and protect servers and client devices in the [Microsoft Defender portal](https://security.microsoft.com). |
-          | Microsoft Defender for Servers Plan 1 / Plan 2| [Microsoft Defender for Servers Plan 1/Plan 2](/azure/defender-for-cloud/plan-defender-for-servers) is an enterprise-focused offering that can be purchased with any other Microsoft cloud plan. This offering is part of [Microsoft Defender for Cloud](/azure/defender-for-cloud/defender-for-cloud-introduction), and includes advanced threat hunting with six months of data retention and the Microsoft Threat Experts service.<br/><br/>The admin experience for Defender for Cloud resides within the Azure portal ([https://portal.azure.com](https://portal.azure.com)).|
+          |Server license|Description|
+          |---|---|
+          |Microsoft Defender for Business servers|[Microsoft Defender for Business servers](get-defender-business.md#how-to-get-microsoft-defender-for-business-servers) is an add-on to Defender for Business and Microsoft 365 Business Premium. This offering enables small and medium sized businesses (up to 300 users) to onboard and protect servers and client devices in the [Microsoft Defender portal](https://security.microsoft.com).|
+          |Microsoft Defender for Servers Plan 1 / Plan 2|[Microsoft Defender for Servers Plan 1/Plan 2](/azure/defender-for-cloud/plan-defender-for-servers) is an enterprise-focused offering that can be purchased with any other Microsoft cloud plan. This offering is part of [Microsoft Defender for Cloud](/azure/defender-for-cloud/defender-for-cloud-introduction), and includes advanced threat hunting with six months of data retention and the Microsoft Threat Experts service.<br/><br/>The admin experience for Defender for Cloud resides within the Azure portal ([https://portal.azure.com](https://portal.azure.com)).|
 
           Adding Defender for Cloud to a tenant that has Defender for Business doesn't change the simplified configuration experience that Defender for Business offers. The functionality in Microsoft Defender for Servers Plan 1 or Plan 2 work with Defender for Business. 
 
@@ -90,7 +90,7 @@ sections:
 
           |OS|Method|Notes|
           |---|---|---|
-          |Windows |[Attack surface reduction rules](/defender-endpoint/attack-surface-reduction-rules-deployment)|On Windows devices, you can configure device control through ASR rules. You'll need [Microsoft Intune](/mem/intune/fundamentals/what-is-intune) to set up your ASR rules. Intune is not included in the standalone version of Defender for Business, but you can add it on. Intune is included in [Microsoft 365 Business Premium](/microsoft-365/business-premium). <br/><br/>[ASR capabilities in Defender for Business](mdb-asr.md)|
+          |Windows|[Attack surface reduction rules](/defender-endpoint/attack-surface-reduction-rules-deployment)|On Windows devices, you can configure device control through ASR rules. You'll need [Microsoft Intune](/mem/intune/fundamentals/what-is-intune) to set up your ASR rules. Intune is not included in the standalone version of Defender for Business, but you can add it on. Intune is included in [Microsoft 365 Business Premium](/microsoft-365/business-premium). <br/><br/>[ASR capabilities in Defender for Business](mdb-asr.md)|
           |Mac|Jamf or Intune|You can use Jamf or Intune to set up device control on Mac. See [Device Control for macOS](/defender-endpoint/mac-device-control-overview).|
 
       - question: How do I run custom reports with Defender for Business?
@@ -141,25 +141,25 @@ sections:
           
           The following table summarizes some differences between Defender for Business and Defender for Endpoint:
 
-          | Capabilities | Defender for Business | Defender for Endpoint Plan 1 | Defender for Endpoint Plan 2 |
-          |---|---|---|---|
-          | Centralized management | ✔ | ✔ | ✔ |
-          | Simplified firewall and antivirus configuration for Windows | ✔ | | |
-          | Vulnerability management (core capabilities) | ✔ | | ✔ |
-          | Attack surface reduction | ✔ | ✔ | ✔ |
-          | Next-generation protection | ✔ | ✔ | ✔ |
-          | Endpoint detection & response (EDR) | ✔ <br/>(optimized) | | ✔ |
-          | Automatic attack disruption | ✔ | | ✔ |
-          | Automated investigation & remediation | ✔ | | ✔ |
-          | Monthly security summary reporting | ✔ | | ✔ |
-          | 30 days advanced hunting and six months of data retention in the device timeline | | | ✔ |
-          | Threat analytics | ✔<br/>(optimized) | | ✔ |
-          | Cross-platform support <br/>(Mac, iOS, Android)| ✔ | ✔ | ✔ |
-          | Windows Server and Linux Server <br/>(requires server licenses) | ✔  | ✔ | ✔ |
-          | Microsoft Threat Experts | | | ✔ |
-          | Microsoft 365 Lighthouse <br/>(optimized; for CSPs only) | ✔ | ✔ | ✔ |
-          | Microsoft Defender multi-tenant management | ✔ | ✔ | ✔ |
-          | APIs | ✔  | ✔ | ✔ |
+          |Capabilities|Defender for</br>Business|Defender for</br>Endpoint Plan 1|Defender for</br>Endpoint Plan 2|
+          |---|:---:|:---:|:---:|
+          |Centralized management|✔|✔|✔|
+          |Simplified firewall and antivirus configuration for Windows|✔|||
+          |Vulnerability management (core capabilities)|✔||✔|
+          |Attack surface reduction|✔|✔|✔|
+          |Next-generation protection|✔|✔|✔|
+          |Endpoint detection & response (EDR)|✔ <br/> (optimized)||✔|
+          |Automatic attack disruption|✔||✔|
+          |Automated investigation & remediation|✔||✔|
+          |Monthly security summary reporting|✔||✔|
+          |30 days advanced hunting <br/> and six months of data retention <br/> in the device timeline|||✔|
+          |Threat analytics|✔ <br/> (optimized)||✔|
+          |Cross-platform support <br/> (Mac, iOS/iPadOS, Android)|✔|✔|✔|
+          |Windows Server and Linux Server <br/> (requires server licenses)|✔|✔|✔|
+          |Microsoft Threat Experts|||✔|
+          |Microsoft 365 Lighthouse <br/> (optimized; for CSPs only)|✔|✔|✔|
+          |Microsoft Defender multi-tenant management|✔|✔|✔|
+          |APIs|✔|✔|✔|
 
       - question: Can I have a mix of Microsoft endpoint security subscriptions?
         answer: |
diff --git a/defender-office-365/mdo-deployment-guide.md b/defender-office-365/mdo-deployment-guide.md
@@ -18,7 +18,7 @@ ms.collection:
 ms.custom:
 description: Learn how to get started with the initial deployment and configuration of Microsoft Defender for Office 365.
 ms.service: defender-office-365
-ms.date: 02/24/2025
+ms.date: 05/20/2025
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 1 and Plan 2</a>
   - ✅ <a href="https://learn.microsoft.com/defender-xdr/microsoft-365-defender" target="_blank">Microsoft Defender XDR</a>
@@ -315,7 +315,17 @@ In general, it's easier to create blocks than allows, because unnecessary allow
 
 - **Allow**:
 
-  - You can't create allow entries for **domains and email addresses**, **files**, and **URLs** directly on the corresponding tabs in the Tenant Allow/Block List. Instead, you use the **Submissions** page to report the item to Microsoft. As you report the item to Microsoft, you can select to allow the item, which creates a corresponding temporary allow entry in the Tenant Allow/Block list.
+  - You can create allow entries for **domains and email addresses** and **URLs** on the corresponding tabs in the Tenant Allow/Block List to override the following verdicts:
+    - Bulk
+    - Spam
+    - High confidence spam
+    - Phishing (not high confidence phishing)
+
+  - You can't create allow entries directly in the Tenant Allow/Block List for the following items:
+    - Malware or high confidence phishing verdicts for **domains and email addresses** or **URLs**.
+    - Any verdicts for **files**.
+
+    Instead, you use the **Submissions** page to report the items to Microsoft. After you select **I've confirmed it's clean**, you can then select **Allow this message**, **Allow this URL**, or **Allow this file** to create a corresponding temporary allow entry in the Tenant Allow/Block list.
 
   - Messages allowed by [spoof intelligence](anti-spoofing-spoof-intelligence.md) are shown on the **Spoof intelligence** page. If you change a block entry to an allow entry, the sender becomes a manual allow entry on the **Spoofed senders** tab in the Tenant Allow/Block List. You can also proactively create allow entries for not yet encountered spoofed senders on the **Spoofed senders** tab.
 
