Merge pull request #3393 from MicrosoftDocs/main

pushing updates live

Author: denisebmsft

.openpublishing.redirection.defender-endpoint.json

@@ -124,6 +124,16 @@
       "source_path": "defender-endpoint/non-windows.md",
       "redirect_url": "/defender-endpoint/microsoft-defender-endpoint",
       "redirect_document_id": true
+    },
+    {
+      "source_path": "defender-endpoint/configure-endpoints-non-windows.md",
+      "redirect_url": "/defender-endpoint/onboarding",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "defender-endpoint/configure-server-endpoints.md",
+      "redirect_url": "/defender-endpoint/onboard-windows-server-2012r2-2016",
+      "redirect_document_id": true
     } 
   ]
 }

CloudAppSecurityDocs/index.yml

@@ -10,8 +10,6 @@ metadata:
   ms.service: defender-for-cloud-apps
   ms.topic: landing-page
   ms.collection: na
-  author: batamig
-  ms.author: bagol
   ms.date: 11/09/2021
 
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new

CloudAppSecurityDocs/network-requirements.md

@@ -1,15 +1,16 @@
 ---
 title: Network requirements 
 description: This article describes the IP addresses and ports you need to open to work with Defender for Cloud Apps.
-ms.date: 04/04/2024
+ms.date: 04/06/2025
 ms.topic: reference
 ---
 
 # Network requirements
 
 >[!IMPORTANT]
 >
-> **Take Immediate Action by April, 21 2025**, to ensure optimal service quality and prevent the interruption of some services: Please update your firewall rules to allow outbound traffic on port 443 for the following IP addresses: 13.107.228.0/24, 13.107.229.0/24, 13.107.219.0/24, 13.107.227.0/24, 150.171.97.0/24. Alternatively, if you currently allow outbound traffic based on Azure service tags, please add the new Azure service tag, ‘AzureFrontDoor.MicrosoftSecurity’ to your allowlist. This tag  will be adjusted to reflect the above range by April 21, 2025.
+> **Take Immediate Action by April, 21 2025**, to ensure optimal service quality and prevent the interruption of some services. Update your firewall rules to allow outbound traffic on port 443 for the following IP addresses: 13.107.228.0/24, 13.107.229.0/24, 13.107.219.0/24, 13.107.227.0/24, 150.171.97.0/24. Alternatively, if you currently allow outbound traffic based on Azure service tags, please add the new Azure service tag, ‘AzureFrontDoor.MicrosoftSecurity’ to your allowlist. This tag  will be adjusted to reflect the above range by April 21, 2025.
+> This change only affects commercial customers of Microsoft Defender for Cloud Apps. Customers connected to the Gov US1 or GCC datacenters won't be affected.
 
 This article provides a list of ports and IP addresses you need to allow and allowlist to work with Microsoft Defender for Cloud Apps.
 

CloudAppSecurityDocs/release-notes.md

@@ -7,9 +7,6 @@ ms.topic: overview
 
 # What's new in Microsoft Defender for Cloud Apps
 
->[!IMPORTANT]
->
-> **Take Immediate Action by April, 21 2025**,  to ensure optimal service quality and prevent the interruption of some services. This change will only affect your organization if you are using a firewall allowlist that restricts outbound traffic based on IP addresses or Azure service tags. Please update your firewall rules to allow outbound traffic on port 443 for the following IP addresses:13.107.228.0/24, 13.107.229.0/24, 13.107.219.0/24, 13.107.227.0/24, 150.171.97.0/24. Alternatively use as an additional Azure service tag, ‘AzureFrontDoor.MicrosoftSecurity’, that will be adjusted to reflect the above range by April 21, 2025. This update should be completed and the IP addresses or new Azure service tag added to your firewall's allowlist by April 21, 2025. Learn more: [Network requirements](https://aka.ms/MDANetworkDocs).
 >
 *Applies to: Microsoft Defender for Cloud Apps*
 
@@ -23,6 +20,12 @@ For more information on what's new with other Microsoft Defender security produc
 
 For news about earlier releases, see [Archive of past updates for Microsoft Defender for Cloud Apps](release-note-archive.md).
 
+>[!IMPORTANT]
+>
+> **Take Immediate Action by April, 21 2025**, to ensure optimal service quality and prevent the interruption of some services. This change will only affect your organization if you're using a firewall allowlist that restricts outbound traffic based on IP addresses or Azure service tags. Update your firewall rules to allow outbound traffic on port 443 for the following IP addresses: 13.107.228.0/24, 13.107.229.0/24, 13.107.219.0/24, 13.107.227.0/24, 150.171.97.0/24. Alternatively use as an additional Azure service tag, ‘AzureFrontDoor.MicrosoftSecurity’, that will be adjusted to reflect the above range by April 21, 2025. This update should be completed and the IP addresses or new Azure service tag added to your firewall's allowlist by April 21, 2025.
+> This change only affects commercial customers of Microsoft Defender for Cloud Apps. Customers connected to the Gov US1 or GCC datacenters won't be affected.
+> Learn more: [Network requirements](https://aka.ms/MDANetworkDocs).
+
 
 ## April 2025
 

defender-endpoint/TOC.yml

@@ -162,10 +162,12 @@
         - name: Onboard server devices
           href: onboard-server.md
           items:
-          - name: Onboarding Windows Server overview
+          - name: Onboard Windows Server version 1803, Windows Server 2019, and later
             href: onboard-windows-server.md
-          - name: Onboard Windows Server 2012 R2, 2016, Semi-Annual Channel, 2019 and later
-            href: configure-server-endpoints.md
+          - name: Onboard Windows Server 2012 R2 and Windows Server 2016
+            href: onboard-windows-server-2012r2-2016.md
+          - name: Defender for Endpoint on Windows Server with SAP
+            href: mde-sap-windows-server.md
           - name: Onboard Windows devices using Configuration Manager
             href: configure-endpoints-sccm.md
           - name: Onboard Windows devices using Group Policy
@@ -174,10 +176,8 @@
             href: configure-endpoints-script.md
           - name: Onboard non-persistent virtual desktop infrastructure (VDI) devices
             href: configure-endpoints-vdi.md
-          - name: Defender for Endpoint on Windows Server with SAP
-            href: mde-sap-windows-server.md
-        - name: Onboard non-Windows devices
-          href: configure-endpoints-non-windows.md
+          - name: Direct onboarding with Defender for Cloud
+            href: /azure/defender-for-cloud/onboard-machines-with-defender-for-endpoint?toc=/defender-endpoint/toc.json&bc=/defender-endpoint/breadcrumb/toc.json
         - name: Defender for Endpoint on macOS
           items:
           - name: Deploy Defender for Endpoint on macOS

defender-endpoint/advanced-features.md

@@ -74,7 +74,7 @@ This feature enables you to block potentially malicious files in your network. B
 
 To turn **Allow or block** files on:
 
-1. In the Microsoft Defender portal, in navigation pane, select **Settings** \> **Endpoints** \> **General** \> **Advanced features** \> **Allow or block file**.
+1. In the Microsoft Defender portal, in the navigation pane, select **Settings** \> **Endpoints** \> **General** \> **Advanced features** \> **Allow or block file**.
 
 2. Toggle the setting between **On** and **Off**.
 
@@ -129,8 +129,7 @@ Enabling the Skype for Business integration gives you the ability to communicate
 
 Enabling this setting forwards Defender for Endpoint signals to Microsoft Defender for Cloud Apps to provide deeper visibility into cloud application usage. Forwarded data is stored and processed in the same location as your Defender for Cloud Apps data.
 
-> [!NOTE]
-> This feature will be available with an E5 license for [Enterprise Mobility + Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security) on devices running Windows 10, version 1709 (OS Build 16299.1085 with [KB4493441](https://support.microsoft.com/help/4493441)), Windows 10, version 1803 (OS Build 17134.704 with [KB4493464](https://support.microsoft.com/help/4493464)), Windows 10, version 1809 (OS Build 17763.379 with [KB4489899](https://support.microsoft.com/help/4489899)), later Windows 10 versions, or Windows 11.
+For more information, see [Microsoft Defender for Cloud Apps overview](/defender-cloud-apps/what-is-defender-for-cloud-apps).
 
 ## Web content filtering
 

defender-endpoint/api/device-health-api-methods-properties.md

@@ -50,7 +50,7 @@ Retrieves a list of Microsoft Defender Antivirus device health details. This API
 Data that is collected using either `JSON response` or by using files is a snapshot of the current state. This data doesn't contain historical data. To collect historical data, you must save the data in your own data storage.
 
 > [!IMPORTANT]
-> For Windows Server 2012 R2 and Windows Server 2016 to appear in device health reports, these devices must be onboarded using the modern unified solution package. For more information, see [New functionality in the modern unified solution for Windows Server 2012 R2 and 2016](../configure-server-endpoints.md#functionality-in-the-modern-unified-solution).
+> For Windows Server 2012 R2 and Windows Server 2016 to appear in device health reports, these devices must be onboarded using the modern unified solution package. For more information, see [New functionality in the modern unified solution for Windows Server 2012 R2 and 2016](../onboard-windows-server-2012r2-2016.md#functionality-in-the-modern-unified-solution).
 >
 > For information about using the **Device health and antivirus compliance** reporting tool in the Microsoft Defender portal, see: [Device health and antivirus report in Microsoft Defender for Endpoint](../device-health-reports.md).
 

defender-endpoint/api/device-health-export-antivirus-health-report-api.md

@@ -48,7 +48,7 @@ Data that is collected using either '_JSON response_ or _via files_' is the curr
 
 > [!IMPORTANT]
 >
-> For Windows Server 2012 R2 and Windows Server 2016 to appear in device health reports, these devices must be onboarded using the modern unified solution package. For more information, see [New functionality in the modern unified solution for Windows Server 2012 R2 and 2016](../configure-server-endpoints.md#functionality-in-the-modern-unified-solution).
+> For Windows Server 2012 R2 and Windows Server 2016 to appear in device health reports, these devices must be onboarded using the modern unified solution package. For more information, see [New functionality in the modern unified solution for Windows Server 2012 R2 and 2016](../onboard-windows-server-2012r2-2016.md#functionality-in-the-modern-unified-solution).
 
 > [!NOTE]
 >

defender-endpoint/application-deployment-via-mecm.md

@@ -126,7 +126,7 @@ Copy the unified solution package, onboarding script, and migration script to th
 - [Microsoft Monitoring Agent Setup](/services-hub/health/mma-setup)
 - [Deploy applications - Configuration Manager](/mem/configmgr/apps/deploy-use/deploy-applications)
 - [Microsoft Defender for Endpoint - Configuration Manager](/mem/configmgr/protect/deploy-use/defender-advanced-threat-protection)
-- [Onboard Windows servers to the Microsoft Defender for Endpoint service](configure-server-endpoints.md)
+- [Onboard servers through Microsoft Defender for Endpoint's onboarding experience](onboard-server.md)
 - [Microsoft Defender for Endpoint: Defending Windows Server 2012 R2 and 2016](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/defending-windows-server-2012-r2-and-2016/ba-p/2783292)
 
 [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]

defender-endpoint/attack-surface-reduction-rules-reference.md

@@ -111,7 +111,7 @@ The following table lists the supported operating systems for rules that are cur
 
 > [!NOTE]
 > Unless otherwise indicated, the minimum Windows 10 build is version 1709 (RS3, build 16299) or later; the minimum Windows Server build is version 1809 or later.
-> Attack surface reduction rules in Windows Server 2012 R2 and Windows Server 2016 are available for devices onboarded using the modern unified solution package. For more information, see [New Windows Server 2012 R2 and 2016 functionality in the modern unified solution](configure-server-endpoints.md#functionality-in-the-modern-unified-solution).
+> Attack surface reduction rules in Windows Server 2012 R2 and Windows Server 2016 are available for devices onboarded using the modern unified solution package. For more information, see [New Windows Server 2012 R2 and 2016 functionality in the modern unified solution](onboard-windows-server-2012r2-2016.md#functionality-in-the-modern-unified-solution).
 
 | Rule name| Windows 10 and 11 | Windows Server version 1803, 2019, and later | Windows Server 2016 and 2012 R2 |
 |---|---|---|---|
@@ -136,7 +136,8 @@ The following table lists the supported operating systems for rules that are cur
 | [Use advanced protection against ransomware](#use-advanced-protection-against-ransomware) | Y <br> version 1803 or later | Y | Y |
 
 > [!NOTE]
-> - For Windows Server 2012 R2 and Windows Server 2016, use the [modern, unified solution](/defender-endpoint/configure-server-endpoints#functionality-in-the-modern-unified-solution). If you're using Configuration Manager, the minimum required version of Microsoft Endpoint Configuration Manager is version 2111.
+> - For Windows Server 2012 R2 and Windows Server 2016, see [Onboard Windows Server 2012 R2 and Windows Server 2016 to Microsoft Defender for Endpoint](onboard-windows-server-2012r2-2016.md). 
+> - If you're using Configuration Manager, the minimum required version of Microsoft Endpoint Configuration Manager is version 2111.
 > - For Windows client devices, "version 1809 or later" and "version 1903 (build 18362)" apply to Windows 10 only.
 
 ## ASR rules supported configuration management systems