Merge branch 'main' into repo_sync_working_branch

Author: Stacyrch140

defender-endpoint/indicator-ip-domain.md

@@ -15,7 +15,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: 
 search.appverid: met150
-ms.date: 10/23/2024
+ms.date: 12/11/2024
 ---
 
 # Create indicators for IPs and URLs/domains
@@ -37,7 +37,7 @@ By creating indicators for IPs and URLs or domains, you can now allow or block I
 To block malicious IPs/URLs (as determined by Microsoft), Defender for Endpoint can use:
 
 - Windows Defender SmartScreen for Microsoft browsers
-- Network Protection for non-Microsoft browsers, or calls made outside of a browser
+- Network protection for non-Microsoft browsers, or calls made outside of a browser
 
 The threat-intelligence data set to block malicious IPs/URLs is managed by Microsoft.
 
@@ -65,15 +65,15 @@ It's important to understand the following prerequisites prior to creating indic
 
 ### Microsoft Defender Antivirus version requirements
 
-This feature is available if your organization uses [Microsoft Defender Antivirus](/defender-endpoint/microsoft-defender-antivirus-windows) (in active mode)
+- Your organization uses [Microsoft Defender Antivirus](/defender-endpoint/microsoft-defender-antivirus-windows). Microsoft Defender Antivirus must be in active mode for non-Microsoft browsers. With Microsoft browsers, like Edge, Microsoft Defender Antivirus can be in active or passive mode.
 
-[Behavior Monitoring](/defender-endpoint/behavior-monitor) is enabled
+- [Behavior Monitoring](/defender-endpoint/behavior-monitor) is enabled.
 
-[Cloud-based protection](/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus) is turned on.
+- [Cloud-based protection](/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus) is turned on.
 
-[Cloud Protection network connectivity](/defender-endpoint/configure-network-connections-microsoft-defender-antivirus) is functional
+- [Cloud Protection network connectivity](/defender-endpoint/configure-network-connections-microsoft-defender-antivirus) is turned on.
 
-The antimalware client version must be `4.18.1906.x` or later. See [Monthly platform and engine versions](/defender-endpoint/microsoft-defender-antivirus-updates).
+- The antimalware client version must be `4.18.1906.x` or later. See [Monthly platform and engine versions](/defender-endpoint/microsoft-defender-antivirus-updates).
 
 ### Network Protection requirements
 
@@ -142,7 +142,9 @@ Policy conflict handling for domains/URLs/IP addresses differ from policy confli
 In the case where multiple different action types are set on the same indicator (for example, **block**,  **warn**, and **allow**,  action types set for Microsoft.com), the order those action types would take effect is:
 
 1. Allow
+
 2. Warn
+
 3. Block
 
 "Allow" overrides "warn," which overrides "block", as follows: `Allow` > `Warn` > `Block`. Therefore, in the previous example, `Microsoft.com` would be allowed.
@@ -175,6 +177,7 @@ The result is that categories 1-4 are all blocked. This is illustrated in the fo
 3. Select **Add item**.
 
 4. Specify the following details:
+
    - Indicator - Specify the entity details and define the expiration of the indicator.
    - Action - Specify the action to be taken and provide a description.
    - Scope - Define the scope of the machine group.
@@ -192,4 +195,4 @@ The result is that categories 1-4 are all blocked. This is illustrated in the fo
 - [Manage indicators](indicator-manage.md)
 - [Exclusions for Microsoft Defender for Endpoint and Microsoft Defender Antivirus](defender-endpoint-antivirus-exclusions.md)
 
-[!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]
+[!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]

defender-endpoint/ios-whatsnew.md

@@ -6,7 +6,7 @@ ms.author: deniseb
 author: denisebmsft
 ms.reviewer: sunasing
 ms.localizationpriority: medium
-ms.date: 06/12/2024
+ms.date: 12/11/2024
 manager: deniseb
 audience: ITPro
 ms.collection: 
@@ -30,13 +30,26 @@ search.appverid: met150
 Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-exposedapis-abovefoldlink)
 
 
-## User Enrollment
+## Defender for Endpoint on iOS now supports iOS/iPadOS 16.x as the minimum version
+
+Defender for Endpoint on iOS is ending support for iOS/iPadOS 15, as iOS/iPadOS 18 became available in September 2024. Microsoft typically supports the current version and two previous versions (n-2). This change takes effect beginning on January 31, 2025.
+
+**How does this affect you or your users?**
+
+New users won't be able to install the Microsoft Defender app on devices running iOS/iPadOS 15 and earlier versions. Similarly, existing users won't be to upgrade to the latest version of the app.
+
+To check which devices support iOS 16 or iPadOS 16 (if applicable), see the following Apple documentation:
+
+- [Supported iPhone Models](https://support.apple.com/en-in/guide/iphone/iphe3fa5df43/16.0/ios/16.0)
+- [Supported iPad Models](https://support.apple.com/en-in/guide/ipad/ipad213a25b2/16.0/ipados/16.0)
+
+## User enrollment
 
 Microsoft Defender for Endpoint iOS can now be deployed on Intune User Enrolled devices. This new feature offers security and IT teams the flexibility to deploy Defender for Endpoint for iOS to user-enrolled devices so that work data and applications are protected, while end-user privacy is upheld on those devices. For more information, see [User Enrollment setup](ios-install.md#user-enrollment-setup-only-for-intune-user-enrolled-devices).  
 
-## Device Tagging
+## Device tagging
 
-Mobile Device Tagging is now generally available. This feature enables bulk tagging the mobile devices by allowing the admins to set up tags via Intune. Admin can configure the device tags through Intune via configuration policies and push them to user's devices. Once the User installs and activates Defender, the client app passes the device tags to the Security Portal. The Device tags appear against the devices in the Device Inventory. For more information, read [Configure Device Tagging](ios-configure-features.md#device-tagging).
+Mobile Device Tagging is now generally available. This feature enables bulk tagging the mobile devices by allowing the administrators to set up tags via Intune. Admin can configure the device tags through Intune via configuration policies and push them to user's devices. Once the User installs and activates Defender, the client app passes the device tags to the Security Portal. The Device tags appear against the devices in the Device Inventory. For more information, read [Configure Device Tagging](ios-configure-features.md#device-tagging).
 
 ## Vulnerability assessment of apps
 
@@ -46,27 +59,27 @@ Vulnerability assessment of apps on Microsoft Defender for Endpoint for iOS is n
 
 Network Protection on Microsoft Defender for Endpoint is now generally available. Network protection provides protection against rogue Wi-Fi related threats, rogue hardware like pineapple devices and notifies the user if a related threat is detected. Users also see a guided experience to connect to secure networks and change networks when they're connected to an unsecure connection.
 
-**This feature is now enabled by default for all users.** As a result, users will be able to see the Network Protection Card in the Defender for Endpoint iOS app along with App Protection and Web Protection. Users are also required to provide **Local Network** permission. This permission is needed to enhance the existing rogue wifi detection. Admins can change the default value for the Network Protection feature if they decide not to use it via the Intune App Configuration policies. 
+**This feature is now enabled by default for all users.** As a result, users are able to see the Network Protection Card in the Defender for Endpoint iOS app along with App Protection and Web Protection. Users are also required to provide **Local Network** permission. This permission is needed to enhance the existing rogue wifi detection. Administrators can change the default value for the Network Protection feature if they decide not to use it via the Intune App Configuration policies. 
 
 There are also several admin controls to offer flexibility, including privacy controls to configure the data that's sent by Defender for Endpoint from iOS devices. For more information, read [Configure Network Protection](ios-configure-features.md#configure-network-protection).
 
 ## Privacy Controls
 
-Microsoft Defender for Endpoint on iOS enables Privacy Controls for both the Admins and the End Users. This includes the controls for enrolled (MDM) and unenrolled (MAM) devices. Admins can configure the privacy in the phish alert report while End Users can configure the information shared to their organization.
+Microsoft Defender for Endpoint on iOS enables Privacy Controls for both administrators and end users. These controls include the controls for enrolled (MDM) and unenrolled (MAM) devices. Administrators can configure the privacy in the phish alert report, and end users can configure the information shared to their organization.
 
-## Optional Permissions and Disable Web Protection
+## Optional permissions and Disable Web Protection
 
-Microsoft Defender for Endpoint on iOS enables **Optional Permissions** in the onboarding flow. Currently the permissions required by MDE are mandatory in the onboarding flow. With this feature, admin can deploy MDE on BYOD devices without enforcing the mandatory **VPN Permission** during onboarding. End Users can onboard the app without the mandatory permissions and can later review these permissions. This feature is currently present only for enrolled devices (MDM).
+Microsoft Defender for Endpoint on iOS enables **Optional Permissions** in the onboarding flow. Currently the permissions required by Defender for Endpoint are mandatory in the onboarding flow. With this feature, admin can deploy Defender for Endpoint on BYOD devices without enforcing the mandatory **VPN Permission** during onboarding. End users can onboard the app without the mandatory permissions and can later review these permissions. This feature is currently present only for enrolled devices (MDM).
 
-With **Disable Web Protection**, customers who don't want to set up a VPN can configure to disable **Web Protection** and deploy MDE without that feature. Other MDE features will continue to work. This configuration is available for both the enrolled (MDM) devices and unenrolled (MAM) devices.
+With **Disable Web Protection**, customers who don't want to set up a VPN can configure to disable **Web Protection** and deploy Defender for Endpoint without that feature. Other Defender for Endpoint features continue to work. This configuration is available for both the enrolled (MDM) devices and unenrolled (MAM) devices.
 
 ## Integration with Tunnel
 
-Microsoft Defender for Endpoint on iOS can now integrate with Microsoft Tunnel, a VPN gateway solution to enable security and connectivity in a single app.  Integration with Tunnel provides a simpler, secure VPN experience on iOS with just one app. This feature was earlier available only on Android. For more information, [see the techcommunity post here](https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/what-s-new-in-microsoft-endpoint-manager-2204-april-edition/ba-p/3297995)
+Microsoft Defender for Endpoint on iOS can now integrate with Microsoft Tunnel, a VPN gateway solution to enable security and connectivity in a single app. Integration with Tunnel provides a simpler, secure VPN experience on iOS with just one app. This feature was earlier available only on Android. For more information, [see the techcommunity post here](https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/what-s-new-in-microsoft-endpoint-manager-2204-april-edition/ba-p/3297995).
 
 ## Improved experience on supervised iOS devices
 
-Microsoft Defender for Endpoint on iOS now has specialized ability on supervised iOS/iPadOS devices, given the increased management capabilities provided by the platform on these types of devices. It can also provide Web Protection **without setting up a local VPN on the device**. This gives end-users a seamless experience while still being protected from phishing and other web-based attacks. For details, visit [this documentation](ios-install.md#complete-deployment-for-supervised-devices)
+Microsoft Defender for Endpoint on iOS now has specialized ability on supervised iOS/iPadOS devices, given the increased management capabilities provided by the platform on these types of devices. It can also provide Web Protection **without setting up a local VPN on the device**. This gives end-users a seamless experience while still being protected from phishing and other web-based attacks. For more information, see [this documentation](ios-install.md#complete-deployment-for-supervised-devices).
 
 ## Microsoft Defender for Endpoint is now Microsoft Defender in the App store
 
@@ -125,4 +138,5 @@ On January 25, 2022, we announced the general availability of Vulnerability mana
 
 - With this version, we're announcing support for iPadOS/iPad devices.
 - Bug fixes.
+
 [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]