Merge branch 'main' into AttackSim-chrisda

Author: chrisda

.acrolinx-config.edn

@@ -1,6 +1,6 @@
-{:changed-files-limit 30
+{:changed-files-limit 60
  :allowed-branchname-matches ["main" "release-.*"]
- :allowed-filename-matches ["defender-xdr/" "exposure-management/" "defender/" "defender-business/" "defender-vulnerability-management/" "defender-office-365/" "defender-endpoint/"] ;; Can be overridden in repo-specific edn file. This is an allow list that identifies which folders contain the files Acrolinx will check. Separate multiple folders as follows ["folder/" "folder2"]
+ :allowed-filename-matches ["defender/" "defender-business/" "defender-endpoint/" "defender-for-cloud/" "defender-for-iot/" "defender-office-365/" "defender-vulnerability-management/" "defender-xdr/" "exposure-management/"] ;; Can be overridden in repo-specific edn file. This is an allow list that identifies which folders contain the files Acrolinx will check. Separate multiple folders as follows ["folder/" "folder2"]
 
 :use-gh-statuses true
 

.openpublishing.redirection.defender.json

@@ -5,11 +5,6 @@
       "redirect_url": "/defender-xdr/advanced-hunting-overview",
       "redirect_document_id": false
     },
-    {
-      "source_path": "defender-xdr/alerts-incidents-correlation.md",
-      "redirect_url": "/defender-xdr/incident-response-overview",
-      "redirect_document_id": false
-    },
     {
       "source_path": "defender-office-365/zero-trust-continuous-access-evaluation-microsoft-365.md",
       "redirect_url": "/security/zero-trust/zero-trust-continuous-access-evaluation-microsoft-365",
@@ -194,6 +189,11 @@
       "source_path": "defender-endpoint/evaluation-lab.md",
       "redirect_url": "/defender-endpoint/evaluate-microsoft-defender-antivirus",
       "redirect_document_id": true
+    },
+    {
+      "source_path": "defender-endpoint/collect-diagnostic-data-update-compliance.md",
+      "redirect_url": "/defender-endpoint/collect-diagnostic-data",
+      "redirect_document_id": false
     }
   ]
 }

defender-business/TOC.yml

@@ -25,7 +25,7 @@
       href: trial-playbook-defender-business.md
     - name: Visit the Microsoft Defender portal
       href: mdb-get-started.md
-    - name: Try tutorials and simulations
+    - name: Find training and learning resources
       href: mdb-tutorials.md
   - name: Set up and configure Defender for Business
     items:

defender-business/index.yml

@@ -56,6 +56,8 @@ landingContent:
             url: trial-playbook-defender-business.md
           - text: Turn on preview features
             url: /defender-xdr/preview
+          - text: Find training and learning resources
+            url: mdb-tutorials.md
 
   # Card
   - title: Setup information

defender-business/mdb-add-users.md

@@ -9,7 +9,7 @@ audience: Admin
 ms.topic: conceptual
 ms.service: defender-business
 ms.localizationpriority: medium
-ms.date: 06/07/2024
+ms.date: 06/19/2024
 ms.collection: 
 - m365-security
 - tier1
@@ -59,8 +59,8 @@ One good way to make sure MFA is enabled for all users is by using [security def
 
 4. On the right side of the screen, in the **Security defaults** pane, see whether security defaults are turned on (**Enabled**) or off (**Disabled**). To turn security defaults on, use the drop-down menu to select **Enabled**. 
 
-   > [!CAUTION]
-   > If your organization is using Conditional Access policies, you won't be able to enable security defaults. You'll see a message that indicates you're using classic policies instead. You can use *either* security defaults *or* Conditional Access, but not both. For most organizations, security defaults offer a good level of sign-in security. But if your organization must meet more stringent requirements, you can use Conditional Access policies instead. To learn more, see the following articles:
+   > [!NOTE]
+   > If your organization is using Conditional Access policies, don't enable security defaults. In this case, you might see a message that indicates you're using classic policies. To learn more, see the following articles:
    > - [Multi-factor authentication](/Microsoft-365/business-premium/m365bp-turn-on-mfa) (in the Microsoft 365 Business Premium documentation)
    > - [Security defaults in Microsoft Entra ID](/azure/active-directory/fundamentals/concept-fundamentals-security-defaults)
 
@@ -69,5 +69,6 @@ One good way to make sure MFA is enabled for all users is by using [security def
 ## Next steps
 
 - [Step 3: Assign security roles and permissions in Microsoft Defender for Business](mdb-roles-permissions.md).
+
 - [Step 4: Set up email notifications for your security team](mdb-email-notifications.md).
 

defender-business/mdb-create-edit-device-groups.md

@@ -10,7 +10,7 @@ ms.topic: how-to
 ms.service: defender-business
 ms.localizationpriority: medium
 ms.reviewer: nehabha
-ms.date: 05/17/2023
+ms.date: 06/19/2024
 f1.keywords: NOCSH 
 ms.collection: 
 - SMB
@@ -30,7 +30,6 @@ In Defender for Business, policies are applied to devices through certain collec
 - [How to view an existing device group](#view-an-existing-device-group)
 - [What the Add All Devices option does](#what-does-the-add-all-devices-option-do)
 
-
 ## What is a device group?
 
 A device group is a collection of devices that are grouped together because of certain specified criteria, such as operating system version. Devices that meet the criteria are included in that device group, unless you exclude them. In Defender for Business, policies are applied to devices by using device groups.

defender-business/mdb-email-notifications.md

@@ -10,7 +10,7 @@ ms.topic: overview
 ms.service: defender-business
 ms.localizationpriority: medium
 ms.reviewer: nehabha
-ms.date: 05/01/2023
+ms.date: 06/19/2024
 f1.keywords: NOCSH 
 ms.collection: 
  - m365-security
@@ -45,7 +45,7 @@ When you set up email notifications, you can choose from two types, as described
 > [!TIP]
 > **Email notifications are not the only way your security team can find out about new alerts or vulnerabilities**.
 > 
-> Email notifications are a convenient way to help keep your security team informed, in real time. But there are others! For example, whenever your security team signs into the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), they'll see cards highlighting new threats, alerts, and vulnerabilities. Defender for Business is designed to highlight important information that your security team cares about as soon as they sign in.
+> Email notifications are a convenient way to help keep your security team informed, in real time. But there are other methods you can use as well. For example, whenever your security team signs into the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), they see cards highlighting new threats, alerts, and vulnerabilities. Defender for Business is designed to highlight important information that your security team cares about as soon as they sign in.
 > 
 > Your security team can also choose **Incidents** in the navigation pane to view information. To learn more, see [View and manage incidents in Defender for Business](mdb-view-manage-incidents.md).
 

defender-business/mdb-firewall.md

@@ -9,7 +9,7 @@ audience: Admin
 ms.topic: overview
 ms.service: defender-business
 ms.localizationpriority: medium
-ms.date: 05/04/2023
+ms.date: 06/19/2024
 ms.reviewer: nehabha
 f1.keywords: NOCSH 
 ms.collection: 
@@ -34,10 +34,29 @@ You can use firewall protection to specify whether to allow or to block connecti
 
 Depending on whether you're using the Microsoft Defender portal or Intune to manage your firewall protection, use one of the following procedures.
 
-| Portal | Procedure |
-|:---|:---|
-| Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) |1. Go to the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), and sign in.<br/>2. In the navigation pane, choose **Device configuration**. Policies are organized by operating system and policy type.<br/>3. Select an operating system tab (such as **Windows clients**).<br/>4. Expand **Firewall** to view your list of policies.<br/>5. Select a policy to view the details. <br/><br/>To make changes or to learn more about policy settings, see the following articles:<br/>- [View or edit device policies](mdb-view-edit-create-policies.md)<br/>- [Firewall settings](mdb-firewall.md)<br/>- [Manage your custom rules for firewall policies](mdb-firewall.md)  |
-| Microsoft Intune admin center ([https://intune.microsoft.com](https://intune.microsoft.com)) |1. Go to [https://intune.microsoft.com](https://intune.microsoft.com) and sign in. You're now in the Intune admin center.<br/>2. Select **Endpoint security**.<br/>3. Select **Firewall** to view your policies in that category. Custom rules that are defined for firewall protection are listed as separate policies. <br/><br/>For help with managing your security settings in Intune, start with [Manage endpoint security in Microsoft Intune](/mem/intune/protect/endpoint-security).|
+### Use the Microsoft Defender portal to view or edit firewall policies
+
+1. Go to the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), and sign in.
+
+2. In the navigation pane, choose **Device configuration**. Policies are organized by operating system and policy type.
+
+3. Select an operating system tab (such as **Windows clients**).
+
+4. Expand **Firewall** to view your list of policies.
+
+5. Select a policy to view the details. To make changes or to learn more about policy settings, see the following articles:
+   
+   - [View or edit device policies](mdb-view-edit-create-policies.md)
+   - [Firewall settings](mdb-firewall.md)
+   - [Manage your custom rules for firewall policies](mdb-firewall.md)
+   
+### Use the Intune admin center to view or edit firewall policies
+
+1. Go to [https://intune.microsoft.com](https://intune.microsoft.com) and sign in. You're now in the Intune admin center.
+
+2. Select **Endpoint security**.
+
+3. Select **Firewall** to view your policies in that category. Custom rules that are defined for firewall protection are listed as separate policies. To get help with managing your security settings in Intune, start with [Manage endpoint security in Microsoft Intune](/mem/intune/protect/endpoint-security).
 
 ## Manage your custom rules for firewall policies in Microsoft Defender for Business
 
@@ -56,10 +75,15 @@ You can use custom rules to define exceptions for your firewall policies. That i
 5. To create a custom rule, follow these steps: 
 
    1. Under **Custom rules**, choose **+ Add rule**. (You can have up to 150 custom rules.)
+
    2. On the **Create new rule** flyout, specify a name and description for the rule.
+
    3. Select a profile. (Your options include **Domain network**, **Public network**, or **Private network**.)
+
    4. In the **Remote address type** list, select either **IP** or **Application file path**.
+
    5. In the **Value** box, specify an appropriate value. Depending on what you selected in step 6d, you might specify an IP address, an IP address range, or an application file path. (See [Firewall settings](mdb-firewall.md).)
+
    6. On the **Create new rule** flyout, select **Create rule**. 
 
 6. On the **Configuration settings** screen, choose **Next**.
@@ -81,10 +105,15 @@ You can use custom rules to define exceptions for your firewall policies. That i
 6. To edit your custom rule, follow these steps:
 
    1. On the **Edit rule** flyout, review and edit the rule's name and description.
+
    2. Review and if necessary, edit the rule's profile. (Your options include **Domain network**, **Public network**, or **Private network**.)
+   
    3. In the **Remote address type** list, select either **IP** or **Application file path**.
+   
    4. In the **Value** box, specify an appropriate value. Depending on what you selected in step 6c, you might specify an IP address, an IP address range, or an application file path. (See [Firewall settings](mdb-firewall.md).)
+   
    5. Set **Enable rule** to **On** to make the rule active. Or, to disable the rule, set the switch to **Off**.
+   
    6. On the **Edit rule** flyout, select **Update rule**. 
 
 7. On the **Configuration settings** screen, choose **Next**.

defender-business/mdb-get-started.md

@@ -9,7 +9,7 @@ audience: Admin
 ms.topic: conceptual
 ms.service: defender-business
 ms.localizationpriority: medium
-ms.date: 04/10/2024
+ms.date: 07/03/2024
 ms.reviewer: nehabha
 f1.keywords: NOCSH 
 ms.collection: 
@@ -37,15 +37,12 @@ Use the navigation bar on the left side of the screen to access your incidents,
 | **Incidents & alerts** > **Incidents** | Takes you to your list of recent incidents. As alerts are triggered, incidents are created. An incident can include multiple alerts. Make sure to review your incidents regularly. To learn more, see [View and manage incidents in Defender for Business](mdb-view-manage-incidents.md).|
 | **Actions & submissions** > **Action center** | Takes you to your list of response actions, including completed and pending actions.<br/>- Select the **Pending** tab to view actions that require approval to proceed.<br/>- Select the **History** tab to see the actions that were taken. Some actions are taken automatically; others are taken manually or complete after they're approved.<br/><br/>To learn more, see [Review remediation actions in the Action center](mdb-review-remediation-actions.md). |
 | **Actions & submissions** > **Submissions** | Takes you to the unified submissions portal, where you can submit files to Microsoft for analysis. To learn more, see [Submit files in Microsoft Defender for Endpoint](/defender-endpoint/admin-submissions-mde) (the process is similar for Defender for Business). |
-| **Secure score** | Provides a representation of your company's security position and offers suggestions to improve it. To learn more, see [Microsoft Secure Score for Devices](/defender-vulnerability-management/tvm-microsoft-secure-score-devices). |
-| **Learning hub** | Provides access to security training and other resources through learning paths that are included with your subscription. You can filter by product, skill level, role, and more. The Learning hub can help your security team ramp up on security features and capabilities in Defender for Business and more Microsoft offerings, such as [Microsoft Defender for Endpoint](/defender-endpoint/microsoft-defender-endpoint) and [Microsoft Defender for Office 365](/defender-office-365/mdo-about).  |
+| **Learning hub** | Security training and other resources are available online at [learn.microsoft.com](https://go.microsoft.com/fwlink/?linkid=2273118). You can filter by product, skill level, role, and more. The Learning hub can help your security team ramp up on security features and capabilities in Defender for Business and more Microsoft offerings, such as [Microsoft Defender for Endpoint](/defender-endpoint/microsoft-defender-endpoint) and [Microsoft Defender for Office 365](/defender-office-365/mdo-about). |
 | **Trials** | Try additional security and compliance capabilities by adding on a trial subscription. If you do not see **Trials** in your navigation bar, and you want to add on another trial, you can take one of the following steps: <br/>- Visit the [Small Business Solutions page](https://www.microsoft.com/en-us/store/b/business?icid=CNavBusinessStore), and choose **Questions? Talk to an expert** to get some help adding on a trial subscription. <br/>- Go to the [Microsoft 365 admin center](https://admin.microsoft.com/?auth_upn=admin%40M365B614031.onmicrosoft.com&source=applauncher#/catalog), and choose **Billing** > **Purchase services**. If you need help, choose **Help & support**.    |
 | **Partner catalog** | Lists Microsoft partners who provide technical and professional services. |
-| **Assets** > **Devices** | Enables you to view devices, such as computers and mobile devices that are enrolled in [Microsoft Intune](/mem/intune/fundamentals/what-is-intune). |
+| **Assets** > **Devices** | Takes you to the device inventory view, where you can view devices, such as computers and mobile devices that are enrolled in [Microsoft Intune](/mem/intune/fundamentals/what-is-intune). If no devices are onboarded yet, you can select **Onboard devices** to get started. For more information, see [Onboard devices to Microsoft Defender for Business](mdb-onboard-devices.md). |
 | **Endpoints** > **Vulnerability management** | Enables you to access your [Microsoft Defender Vulnerability Management](/defender-vulnerability-management/defender-vulnerability-management) capabilities. Provides a dashboard, recommendations, remediation activities, a software inventory, and a list of potential weaknesses within your company. |
-| **Endpoints** > **Tutorials** | Provides access to walkthroughs and simulations to help you learn more about how your threat protection features work. Select the **Read the walkthrough** link before attempting to get the simulation file for each tutorial. Some simulations require Office apps, such as Microsoft Word, to read the walkthrough. |
 | **Endpoints** > **Configuration management** > **Device configuration** | Lists your security policies by operating system and by type. To learn more about your security policies, see [View or edit policies in Defender for Business](mdb-view-edit-create-policies.md). |
-| **Endpoints** > **Configuration management** > **Device management reporting** | Lists devices that are onboarded to Defender for Business, along with their operating system version, sensor health state, and when they were last updated. |
 | **Email & collaboration** > **Policies & rules** | If your subscription includes Exchange Online Protection or Microsoft Defender for Office 365, this section is where you'll manage your security policies and settings for email and collaboration services. [Learn more about Office 365 security](/defender-office-365/mdo-about). *The standalone version of Defender for Business does not include email & collaboration policies, but Microsoft 365 Business Premium does include Exchange Online Protection and Defender for Office 365 Plan 1*. |
 | **Cloud apps** > **App governance** | If your subscription includes [Microsoft Defender for Cloud Apps](/defender-cloud-apps/what-is-defender-for-cloud-apps), you can add on [app governance](/defender-cloud-apps/app-governance-manage-app-governance), and this section is where you'll view and access those capabilities. *Defender for Business and Microsoft 365 Business Premium do not include Defender for Cloud Apps*. |
 | **Reports** | Lists available security reports. These reports enable you to see your security trends, view details about threat detections and alerts, and learn more about your company's vulnerable devices. |

defender-business/mdb-lighthouse-integration.md

@@ -9,7 +9,7 @@ audience: Admin
 ms.topic: overview
 ms.service: defender-business
 ms.localizationpriority: medium
-ms.date: 09/28/2022
+ms.date: 06/19/2024
 ms.reviewer: nehabha
 f1.keywords: NOCSH 
 ms.collection: 
@@ -34,7 +34,7 @@ If you're a Microsoft Cloud Solution Provider (CSP) or Managed Service Provider
 
 ## Learn more about Microsoft 365 Lighthouse
 
-Microsoft 365 Lighthouse enables Microsoft CSPs and MSPs to secure and manage devices, data, and users at scale.
+Microsoft 365 Lighthouse enables Microsoft CSPs and MSPs to secure and manage devices, data, and users for customers.
 
 To learn more, see: