Merge pull request #1400 from MicrosoftDocs/main

Publish main to live, Thursday 3:30PM PDT, 09/19

Author: Stacyrch140

defender-endpoint/linux-install-with-ansible.md

@@ -15,7 +15,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: linux
 search.appverid: met150
-ms.date: 07/10/2024
+ms.date: 09/19/2024
 ---
 
 # Deploy Microsoft Defender for Endpoint on Linux with Ansible
@@ -221,8 +221,12 @@ Create a subtask or role files that contribute to a playbook or task.
         ```Output
         - hosts: servers
           tasks:
-            - include: ../roles/onboarding_setup.yml
-            - include: ../roles/add_yum_repo.yml
+            - name: include onboarding tasks
+              import_tasks:
+                file: ../roles/onboarding_setup.yml
+            - name: add apt repository
+              import_tasks:
+                file: ../roles/add_yum_repo.yml
             - name: Install MDATP
               dnf:
                 name: mdatp

defender-endpoint/microsoft-defender-antivirus-updates.md

@@ -3,11 +3,11 @@ title: Microsoft Defender Antivirus security intelligence and product updates
 description: Manage how Microsoft Defender Antivirus receives protection and product updates.
 ms.service: defender-endpoint
 ms.localizationpriority: high
-ms.date: 08/12/2024
+ms.date: 09/19/2024
 audience: ITPro
 ms.topic: reference
-author: siosulli
-ms.author: siosulli
+author: denisebmsft
+ms.author: deniseb
 ms.custom: nextgen
 ms.reviewer: pahuijbr, tudobril, yongrhee
 manager: deniseb
@@ -151,21 +151,6 @@ All our updates contain:
 - Fixed an issue where an Outlook exclusion for the ASR rule [Block Office applications from injecting code into other processes](/defender-endpoint/attack-surface-reduction-rules-reference#block-office-applications-from-injecting-code-into-other-processes) was not honored.
 - Fixed a race condition during the startup of [endpoint data loss prevention](/purview/endpoint-dlp-getting-started) such that, in certain environments, some system files could be corrupted.
 
-### May-2024 (Engine: 1.1.24050.5 | Platform: 4.18.24050.7)
-
-- Security intelligence update version: **1.413.1.0**
-- Release date: **May 30, 2024** (Engine) / **June 4, 2024** (Platform)
-- Engine: **1.1.24050.5**
-- Platform: **4.18.24050.7**
-- Support phase: **Security and Critical Updates**
-
-#### What's new
-
-- Improved performance when running configuration queries.
-- Optimized how scans are prioritized.
-- Fixed a crash caused by a race condition with a device control driver.
-- Added Event Viewer Logging for scan start event where the scan originates from PowerShell.
-
 ### Previous version updates: Technical upgrade support only
 
 After a new package version is released, support for the previous two versions is reduced to technical support only. For more information about previous versions, see [Microsoft Defender Antivirus updates: Previous versions for technical upgrade support](msda-updates-previous-versions-technical-upgrade-support.md).
@@ -228,14 +213,13 @@ Updates are released for x86, x64, and ARM64 Windows architecture.
 
 For more information, see [Microsoft Defender update for Windows operating system installation images](https://support.microsoft.com/help/4568292/defender-update-for-windows-operating-system-installation-images).
 
-After a new package version is released, support for the previous two versions is reduced to technical support only. To view a list of previous versions, see [Previous DISM updates (no longer supported)](msda-updates-previous-versions-technical-upgrade-support.md#previous-dism-updates-no-longer-supported).
+After a new package version is released, support for the previous two versions is reduced to technical support only. To view a list of previous versions, see [Previous DISM updates](msda-updates-previous-versions-technical-upgrade-support.md#previous-dism-updates-no-longer-supported).
 
-### 1.415.295.0
+### 1.417.472.0
 
-- Defender package version: `1.415.295.0`
-- Security intelligence version: `1.415.295.0`
-- Engine version: `1.24070.1`
-- Platform version: `4.18.24070.5`
+- Defender package version: `1.417.472.0`
+- Security intelligence version: `1.417.472.0`
+- Engine version: `1.24080.9`
 
 #### Fixes
 
@@ -245,10 +229,10 @@ After a new package version is released, support for the previous two versions i
 
 - None
 
-### 1.415.235.0
+### 1.415.295.0
 
-- Defender package version: `1.415.235.0`
-- Security intelligence version: `1.415.235.0`
+- Defender package version: `1.415.295.0`
+- Security intelligence version: `1.415.295.0`
 - Engine version: `1.24070.1`
 - Platform version: `4.18.24070.5`
 
@@ -260,12 +244,12 @@ After a new package version is released, support for the previous two versions i
 
 - None
 
-### 1.411.111.0
+### 1.415.235.0
 
-- Defender package version: `1.411.111.0`
-- Security intelligence version: `1.411.111.0`
-- Engine version: `1.24050.2`
-- Platform version: `4.18.24050.7`
+- Defender package version: `1.415.235.0`
+- Security intelligence version: `1.415.235.0`
+- Engine version: `1.24070.1`
+- Platform version: `4.18.24070.5`
 
 #### Fixes
 

defender-endpoint/msda-updates-previous-versions-technical-upgrade-support.md

@@ -2,11 +2,11 @@
 title: Microsoft Defender Antivirus updates - Previous versions for technical upgrade support
 description: Understand the type of technical support offered for previous versions of Microsoft Defender Antivirus
 ms.service: defender-endpoint
-ms.author: siosulli
-author: siosulli
+ms.author: deniseb
+author: denisebmsft
 ms.localizationpriority: medium
 ms.reviewer: pahuijbr
-ms.date: 08/12/2024
+ms.date: 09/19/2024
 manager: deniseb
 audience: ITPro
 ms.collection:
@@ -29,6 +29,21 @@ Microsoft regularly releases [security intelligence updates and product updates
 
 ## Engine and platform updates
 
+### May-2024 (Engine: 1.1.24050.5 | Platform: 4.18.24050.7)
+
+- Security intelligence update version: **1.413.1.0**
+- Release date: **May 30, 2024** (Engine) / **June 4, 2024** (Platform)
+- Engine: **1.1.24050.5**
+- Platform: **4.18.24050.7**
+- Support phase: **Technical upgrade support (only)**
+
+#### What's new
+
+- Improved performance when running configuration queries.
+- Optimized how scans are prioritized.
+- Fixed a crash caused by a race condition with a device control driver.
+- Added Event Viewer Logging for scan start event where the scan originates from PowerShell.
+
 ### April-2024 (Engine: 1.1.24040.1 | Platform: 4.18.24040.4)
 
 - Security intelligence update version: **1.411.7.0**
@@ -1106,6 +1121,21 @@ Microsoft regularly releases [security intelligence updates and product updates
 
 The versions listed in this section are no longer supported. To view current versions, see [Updates for Deployment Image Servicing and Management (DISM)](microsoft-defender-antivirus-updates.md#updates-for-deployment-image-servicing-and-management-dism).
 
+### 1.411.111.0
+
+- Defender package version: `1.411.111.0`
+- Security intelligence version: `1.411.111.0`
+- Engine version: `1.24050.2`
+- Platform version: `4.18.24050.7`
+
+#### Fixes
+
+- None
+
+#### Additional information
+
+- None
+
 ### 1.411.9.0
 
 - Defender package version: `1.411.9.0`

defender-xdr/advanced-hunting-deviceevents-table.md

@@ -68,7 +68,7 @@ For information on other tables in the advanced hunting schema, [see the advance
 | `InitiatingProcessSHA1` | `string` | SHA-1 of the process (image file) that initiated the event |
 | `InitiatingProcessSHA256` | `string` | SHA-256 of the process (image file) that initiated the event. This field is usually not populated — use the SHA1 column when available. |
 | `InitiatingProcessMD5` | `string` | MD5 hash of the process (image file) that initiated the event |
-| `InitiatingProcessFileName` | `string` | Name of the process that initiated the event |
+| `InitiatingProcessFileName` | `string` | Name of the process file name that initiated the event; if unavailable, the name of the process that initiated the event might be shown instead |
 | `InitiatingProcessFileSize` | `long` | Size of the file that ran the process responsible for the event |
 | `InitiatingProcessFolderPath` | `string` | Folder containing the process (image file) that initiated the event |
 | `InitiatingProcessId` | `long` | Process ID (PID) of the process that initiated the event |

defender-xdr/advanced-hunting-devicefileevents-table.md

@@ -60,7 +60,7 @@ For information on other tables in the advanced hunting schema, [see the advance
 | `InitiatingProcessSHA1` | `string` | SHA-1 of the process (image file) that initiated the event |
 | `InitiatingProcessSHA256` | `string` | SHA-256 of the process (image file) that initiated the event. This field is usually not populated — use the SHA1 column when available. |
 | `InitiatingProcessFolderPath` | `string` | Folder containing the process (image file) that initiated the event |
-| `InitiatingProcessFileName` | `string` | Name of the process that initiated the event |
+| `InitiatingProcessFileName` | `string` | Name of the process file name that initiated the event; if unavailable, the name of the process that initiated the event might be shown instead |
 | `InitiatingProcessFileSize` | `long` | Size of the process (image file) that initiated the event |
 | `InitiatingProcessVersionInfoCompanyName` | `string` | Company name from the version information of the process (image file) responsible for the event |
 | `InitiatingProcessVersionInfoProductName` | `string` | Product name from the version information of the process (image file) responsible for the event |

defender-xdr/advanced-hunting-deviceimageloadevents-table.md

@@ -56,7 +56,7 @@ For information on other tables in the advanced hunting schema, [see the advance
 | `InitiatingProcessSHA1` | `string` | SHA-1 of the process (image file) that initiated the event |
 | `InitiatingProcessSHA256` | `string` | SHA-256 of the process (image file) that initiated the event. This field is usually not populated — use the SHA1 column when available. |
 | `InitiatingProcessMD5` | `string` | MD5 hash of the process (image file) that initiated the event |
-| `InitiatingProcessFileName` | `string` | Name of the process that initiated the event |
+| `InitiatingProcessFileName` | `string` | Name of the process file name that initiated the event; if unavailable, the name of the process that initiated the event might be shown instead |
 | `InitiatingProcessFileSize` | `long` | Size of the file that ran the process responsible for the event |
 | `InitiatingProcessVersionInfoCompanyName` | `string` | Company name from the version information of the process (image file) responsible for the event |
 | `InitiatingProcessVersionInfoProductName` | `string` | Product name from the version information of the process (image file) responsible for the event |

defender-xdr/advanced-hunting-devicelogonevents-table.md

@@ -64,7 +64,7 @@ For information on other tables in the advanced hunting schema, [see the advance
 | `InitiatingProcessSHA1` | `string` | SHA-1 hash of the process (image file) that initiated the event |
 | `InitiatingProcessSHA256` | `string` | SHA-256 hash of the process (image file) that initiated the event. This field is usually not populated - use the SHA1 column when available. |
 | `InitiatingProcessMD5` | `string` | MD5 hash of the process (image file) that initiated the event |
-| `InitiatingProcessFileName` | `string` | Name of the process that initiated the event |
+| `InitiatingProcessFileName` | `string` | Name of the process file name that initiated the event; if unavailable, the name of the process that initiated the event might be shown instead|
 | `InitiatingProcessFileSize` | `long` | Size of the file that ran the process responsible for the event |
 | `InitiatingProcessVersionInfoCompanyName` | `string` | Company name from the version information of the process (image file) responsible for the event |
 | `InitiatingProcessVersionInfoProductName` | `string` | Product name from the version information of the process (image file) responsible for the event |

defender-xdr/advanced-hunting-devicenetworkevents-table.md

@@ -53,7 +53,7 @@ For information on other tables in the advanced hunting schema, [see the advance
 | `InitiatingProcessSHA1` | `string` | SHA-1 of the process (image file) that initiated the event |
 | `InitiatingProcessSHA256` | `string` | SHA-256 of the process (image file) that initiated the event. This field is usually not populated — use the SHA1 column when available. |
 | `InitiatingProcessMD5` | `string` | MD5 hash of the process (image file) that initiated the event |
-| `InitiatingProcessFileName` | `string` | Name of the process that initiated the event |
+| `InitiatingProcessFileName` | `string` | Name of the process file name that initiated the event; if unavailable, the name of the process that initiated the event might be shown instead |
 | `InitiatingProcessFileSize` | `long` | Size of the file that ran the process responsible for the event |
 | `InitiatingProcessVersionInfoCompanyName` | `string` | Company name from the version information of the process (image file) responsible for the event |
 | `InitiatingProcessVersionInfoProductName` | `string` | Product name from the version information of the process (image file) responsible for the event |

defender-xdr/advanced-hunting-deviceprocessevents-table.md

@@ -76,7 +76,7 @@ For information on other tables in the advanced hunting schema, [see the advance
 | `InitiatingProcessSHA1` | `string` | SHA-1 hash of the process (image file) that initiated the event |
 | `InitiatingProcessSHA256` | `string` | SHA-256 of the process (image file) that initiated the event. This field is usually not populated — use the SHA1 column when available. |
 | `InitiatingProcessMD5` | `string` | MD5 hash of the process (image file) that initiated the event |
-| `InitiatingProcessFileName` | `string` | Name of the process that initiated the event |
+| `InitiatingProcessFileName` | `string` | Name of the process file name that initiated the event; if unavailable, the name of the process that initiated the event might be shown instead |
 | `InitiatingProcessFileSize` | `long` | Size of the file that ran the process responsible for the event |
 | `InitiatingProcessVersionInfoCompanyName` | `string` | Company name from the version information of the process (image file) responsible for the event |
 | `InitiatingProcessVersionInfoProductName` | `string` | Product name from the version information of the process (image file) responsible for the event |

defender-xdr/advanced-hunting-deviceregistryevents-table.md

@@ -55,7 +55,7 @@ For information on other tables in the advanced hunting schema, [see the advance
 | `InitiatingProcessSHA1` | `string` | SHA-1 of the process (image file) that initiated the event |
 | `InitiatingProcessSHA256` | `string` | SHA-256 of the process (image file) that initiated the event. This field is usually not populated — use the SHA1 column when available. |
 | `InitiatingProcessMD5` | `string` | MD5 hash of the process (image file) that initiated the event |
-| `InitiatingProcessFileName` | `string` | Name of the process that initiated the event |
+| `InitiatingProcessFileName` | `string` | Name of the process file name that initiated the event; if unavailable, the name of the process that initiated the event might be shown instead |
 | `InitiatingProcessFileSize` | `long` | Size of the file that ran the process responsible for the event |
 | `InitiatingProcessVersionInfoCompanyName` | `string` | Company name from the version information of the process (image file) responsible for the event |
 | `InitiatingProcessVersionInfoProductName` | `string` | Product name from the version information of the process (image file) responsible for the event |