Merge pull request #925 from MicrosoftDocs/main

American-Dipper · web-flow · commit f647927742f0 · 2024-07-11T10:49:01.000-07:00
publish main to live, 10:30 AM 7/11/24
diff --git a/defender-endpoint/configure-advanced-scan-types-microsoft-defender-antivirus.md b/defender-endpoint/configure-advanced-scan-types-microsoft-defender-antivirus.md
@@ -9,7 +9,7 @@ ms.custom: nextgen
 ms.reviewer: pahuijbr
 manager: deniseb
 ms.subservice: ngp
-ms.date: 05/30/2024
+ms.date: 07/10/2024
 ms.collection: 
 - m365-security
 - tier2
@@ -64,7 +64,7 @@ For details on configuring Microsoft Configuration Manager (current branch), see
 |Scan [reparse points](/windows/win32/fileio/reparse-points) <br/> **Scan** \> **Turn on reparse point scanning**|Disabled|Not available <br/>See [Reparse points](/windows/win32/fileio/reparse-points)|
 |Scan mapped network drives<br/>**Scan** \> **Run full scan on mapped network drives**|Disabled|`-DisableScanningMappedNetworkDrivesForFullScan`|
 |Scan archive files (such as .zip or .rar files). <br/>**Scan** \> **Scan archive files**|Enabled|`-DisableArchiveScanning` <br/><br/>The [extensions exclusion list](configure-extension-file-exclusions-microsoft-defender-antivirus.md) will take precedence over this setting.|
-|Scan files on the network <br/>**Scan** \> **Scan network files**|Enabled|`-DisableScanningNetworkFiles`|
+|Scan files on the network <br/>**Scan** \> **Scan network files**|Disabled|`-DisableScanningNetworkFiles`|
 |Scan packed executables<br/>**Scan** \> **Scan packed executables**|Enabled|Not available <br/><br/>Scan packed executables were removed from the following templates:<br/>- Administrative Templates (.admx) for Windows 11 2022 Update (22H2)<br/>- Administrative Templates (.admx) for Windows 11 October 2021 Update (21H2)|
 |Scan removable drives during full scans only<br/>**Scan** \> **Scan removable drives**|Disabled|`-DisableRemovableDriveScanning`|
 |Specify the level of subfolders within an archive folder to scan <p>**Scan** \> **Specify the maximum depth to scan archive files**|0|Not available|
diff --git a/defender-endpoint/microsoft-defender-endpoint-linux.md b/defender-endpoint/microsoft-defender-endpoint-linux.md
@@ -15,7 +15,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: linux
 search.appverid: met150
-ms.date: 07/05/2024
+ms.date: 07/11/2024
 ---
 
 # Microsoft Defender for Endpoint on Linux
@@ -102,7 +102,11 @@ In general you need to take the following steps:
   - Fedora 33-38
     
   - Rocky 8.7 and higher
+  - Rocky 9.2 and higher
+    
   - Alma 8.4 and higher
+  - Alma 9.2 and higher
+    
   - Mariner 2
   
     > [!NOTE]
diff --git a/defender-office-365/threat-explorer-real-time-detections-about.md b/defender-office-365/threat-explorer-real-time-detections-about.md
@@ -7,7 +7,7 @@ author: chrisda
 manager: deniseb
 audience: ITPro
 ms.topic: conceptual
-ms.date: 3/22/2024
+ms.date: 07/11/2024
 ms.localizationpriority: medium
 ms.collection:
   - m365-security
@@ -78,6 +78,8 @@ To use Explorer or Real-time detections, you need to be assigned permissions. Yo
     > <sup>\*</sup> Microsoft recommends that you use roles with the fewest permissions. Using lower permissioned accounts helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
 
 > [!TIP]
+> End-user spam notifications and system generated messages aren't avaialble in Threat Explorer. These types of messages are available if there's a mail flow rule (also known as a transport rule) to override.
+>
 > Audit log entries are generated when admins preview or download email messages. You can search the admin audit log by user for **AdminMailAccess** activity. For instructions, see [Audit New Search](/purview/audit-new-search).
 
 To use Threat Explorer or Real-time detections, you need to be assigned a license for Defender for Office 365 (included in your subscription or an add-on license).
diff --git a/defender-xdr/TOC.yml b/defender-xdr/TOC.yml
@@ -36,6 +36,8 @@
           href: microsoft-365-security-center-defender-cloud.md
         - name: Microsoft Sentinel
           items:
+          - name: Integration overview
+            href: /azure/sentinel/microsoft-365-defender-sentinel-integration?toc=/defender-xdr/toc.json&bc=/defender-xdr/breadcrumb/toc.json
           - name: Experience in Defender portal
             href: /azure/sentinel/microsoft-sentinel-defender-portal?toc=/defender-xdr/toc.json&bc=/defender-xdr/breadcrumb/toc.json
           - name: Connect Microsoft Sentinel to Microsoft Defender
diff --git a/defender-xdr/microsoft-sentinel-onboard.md b/defender-xdr/microsoft-sentinel-onboard.md
@@ -22,15 +22,17 @@ search.appverid:
 appliesto:
     - Microsoft Defender XDR
     - Microsoft Sentinel in the Microsoft Defender portal
-ms.date: 06/25/2024
+ms.date: 07/10/2024
 ---
 
 # Connect Microsoft Sentinel to Microsoft Defender XDR
 
-Microsoft Sentinel is available as part of the unified security operations platform in the Microsoft Defender portal. Microsoft Sentinel in the Defender portal is now supported for production use. When you onboard Microsoft Sentinel to the Microsoft Defender portal, you unify capabilities with Microsoft Defender XDR like incident management and advanced hunting. Reduce tool switching and build a more context-focused investigation that expedites incident response and stops breaches faster. For more information, see:
+Microsoft Sentinel is generally available within the Microsoft unified security operations platform in the Microsoft Defender portal. When you onboard Microsoft Sentinel to the Defender portal, you unify capabilities with Microsoft Defender XDR like incident management and advanced hunting. Reduce tool switching and build a more context-focused investigation that expedites incident response and stops breaches faster. For more information, see:
 
+- Blog post: [General availability of the Microsoft unified security operations platform](https://aka.ms/unified-soc-announcement)
 - [Microsoft Sentinel in the Microsoft Defender portal](https://go.microsoft.com/fwlink/p/?linkid=2263690)
-- [Unified security operations platform with Microsoft Sentinel and Defender XDR](https://aka.ms/unified-soc-announcement)
+- [Microsoft Defender XDR integration with Microsoft Sentinel](/azure/sentinel/microsoft-365-defender-sentinel-integration)
+
 
 ## Prerequisites
 
diff --git a/defender-xdr/whats-new.md b/defender-xdr/whats-new.md
@@ -6,7 +6,7 @@ ms.service: defender-xdr
 ms.author: diannegali
 author: diannegali
 ms.localizationpriority: medium
-ms.date: 07/09/2024
+ms.date: 07/10/2024
 manager: dansimp
 audience: ITPro
 ms.collection:
@@ -31,6 +31,13 @@ You can also get product updates and important notifications through the [messag
 
 ## July 2024
 
+- (GA) The **Microsoft unified security operations platform** in the Microsoft Defender portal is generally available. This release brings together the full capabilities of Microsoft Sentinel, Microsoft Defender XDR, and Microsoft Copilot for Security in Microsoft Defender. For more information, see the following resources:
+
+  - Blog post: [General availability of the Microsoft unified security operations platform](https://aka.ms/unified-soc-announcement)
+  - [Microsoft Sentinel in the Microsoft Defender portal](https://go.microsoft.com/fwlink/p/?linkid=2263690)
+  - [Connect Microsoft Sentinel to Microsoft Defender XDR](microsoft-sentinel-onboard.md)
+  - [Microsoft Copilot for Security in Microsoft Defender](security-copilot-in-microsoft-365-defender.md)
+
 - (Preview) You can now customize columns in the **Incidents** and **Alerts** queues in the Microsoft Defender portal. You can add, remove, reorder columns to display the information you need. For more information, see how to customize columns in the [incident queue](incident-queue.md#incident-queue) and [alert queue](investigate-alerts.md).
 
 - (Preview) **Critical assets** are now part of the tags in the incident and alert queues. When a critical asset is involved in an incident or alert, the critical asset tag is displayed in the queues. For more information, see [incident tags](manage-incidents.md#add-incident-tags) and the [alert queue](investigate-alerts.md).
diff --git a/includes/unified-soc-preview-no-alert.md b/includes/unified-soc-preview-no-alert.md
@@ -1,7 +1,7 @@
 ---
 title: "include file" 
 description: "include file" 
-ms.date: 05/29/2024
+ms.date: 07/10/2024
 manager: dansimp
 ms.author: cwatson
 author: cwatson-cat
@@ -10,4 +10,4 @@ ms.topic: include
 ms.custom: "include file"
 ---
 
-Microsoft Sentinel is available as part of the unified security operations platform in the Microsoft Defender portal. Microsoft Sentinel in the Defender portal is now supported for production use. For more information, see [Microsoft Sentinel in the Microsoft Defender portal](https://go.microsoft.com/fwlink/p/?linkid=2263690).
+Microsoft Sentinel is now generally available within the Microsoft unified security operations platform in the Microsoft Defender portal. For more information, see [Microsoft Sentinel in the Microsoft Defender portal](https://go.microsoft.com/fwlink/p/?linkid=2263690).
diff --git a/includes/unified-soc-preview.md b/includes/unified-soc-preview.md
@@ -1,7 +1,7 @@
 ---
 title: "include file" 
 description: "include file" 
-ms.date: 05/29/2024
+ms.date: 07/10/2024
 manager: dansimp
 ms.author: cwatson
 author: cwatson-cat
@@ -11,4 +11,4 @@ ms.custom: "include file"
 ---
 
 > [!IMPORTANT]
-> Microsoft Sentinel is available as part of the unified security operations platform in the Microsoft Defender portal. Microsoft Sentinel in the Defender portal is now supported for production use. For more information, see [Microsoft Sentinel in the Microsoft Defender portal](https://go.microsoft.com/fwlink/p/?linkid=2263690).
+> Microsoft Sentinel is now generally available within the Microsoft unified security operations platform in the Microsoft Defender portal. For more information, see [Microsoft Sentinel in the Microsoft Defender portal](https://go.microsoft.com/fwlink/p/?linkid=2263690).
