Merge pull request #846 from MicrosoftDocs/main

Stacyrch140 · web-flow · commit fd123d162d3d · 2024-06-27T13:38:02.000-04:00
Publish main to live, Thursday 10:30AM PDT, 06/27
diff --git a/defender-vulnerability-management/defender-vulnerability-management-faq.md b/defender-vulnerability-management/defender-vulnerability-management-faq.md
@@ -54,7 +54,7 @@ For existing Defender for Endpoint Plan 2 customers who want to evaluate the exp
 For new customers or existing Defender for Endpoint P1 or Microsoft 365 E3 customers, see [Defender Vulnerability Management Standalone](get-defender-vulnerability-management.md#try-defender-vulnerability-management-standalone) to sign up for the free 90-day trial.
 
 > [!NOTE]
-> Customers need to have the global admin role defined in Microsoft Entra ID to onboard the trial.
+> Customers need to have the Global Administrator role assigned in Microsoft Entra ID to onboard the trial.
 
 ### How is the service provisioned/deployed?
 
diff --git a/defender-vulnerability-management/get-defender-vulnerability-management.md b/defender-vulnerability-management/get-defender-vulnerability-management.md
@@ -4,13 +4,13 @@ description: Get Microsoft Defender Vulnerability Management
 search.appverid: MET150
 author: siosulli
 ms.author: siosulli
-manager: deniseb 
+manager: deniseb
 audience: Admin
 ms.topic: overview
 ms.service: defender-vuln-mgmt
 ms.localizationpriority: medium
-f1.keywords: NOCSH 
-ms.collection: 
+f1.keywords: NOCSH
+ms.collection:
 - m365-security
 - tier1
 - essentials-get-started
@@ -27,7 +27,6 @@ Microsoft Defender Vulnerability Management is available as a standalone and as
 > - US Government customers using GCC High, and DoD
 > - Microsoft Defender for Business customers
 
-
 - If you're a new customer or an existing Defender for Endpoint P1 or Microsoft 365 E3 customer sign up to try the [Defender Vulnerability Management Standalone Trial](#try-defender-vulnerability-management-standalone)
 - If you already have Defender for Endpoint Plan 2, sign up to try the [Defender Vulnerability Management Add-on Trial](#try-defender-vulnerability-management-add-on-trial-for-defender-for-endpoint-plan-2-customers)
 
@@ -36,11 +35,11 @@ Microsoft Defender Vulnerability Management is available as a standalone and as
 
 ## Required roles for starting the trial
 
-2. As a Global Administrator, you can start the trial or you can allow to users start the trial on behalf of your organization by enabling this option:
+As a Global Administrator, you can start the trial or you can allow to users start the trial on behalf of your organization by enabling this option:
 
-    1. In the Microsoft 365 admin center, go to **Settings** > **Org settings** > **Services** > **User owned apps and services**
-    2. Check **Let users start trials on behalf of your organization**
-    3. Select **Save**
+1. In the Microsoft 365 admin center, go to **Settings** > **Org settings** > **Services** > **User owned apps and services**
+2. Check **Let users start trials on behalf of your organization**
+3. Select **Save**
 
 :::image type="content" source="/defender/media/defender-vulnerability-management/mdvm-user-starttrial.png" alt-text="Screenshot of Microsoft Defender Vulnerability Management user trial setting.":::
 
diff --git a/defender-vulnerability-management/trial-user-guide-defender-vulnerability-management.md b/defender-vulnerability-management/trial-user-guide-defender-vulnerability-management.md
@@ -27,7 +27,6 @@ This user guide is a simple tool to help you setup and make the most of your fre
 > - US Government customers using GCC High, and DoD
 > - Microsoft Defender for Business customers
 
-
 ## What is Microsoft Defender Vulnerability Management?
 
 Reducing cyber risk requires a comprehensive risk-based vulnerability management program to identify, assess, remediate, and track important vulnerabilities across your most critical assets.
@@ -45,7 +44,7 @@ Watch the following video to learn more about Defender Vulnerability Management:
 ### Step 1: Set-up
 
 > [!NOTE]
-> Users need to have the global admin role defined in Microsoft Entra ID to onboard the trial. For more information, see [Required roles for starting the trial](get-defender-vulnerability-management.md#required-roles-for-starting-the-trial).
+> Users need to have the Global Administrator role assigned in Microsoft Entra ID to onboard the trial. For more information, see [Required roles for starting the trial](get-defender-vulnerability-management.md#required-roles-for-starting-the-trial).
 
 1. Check [permissions and pre-requisites.](tvm-prerequisites.md)
 2. The Microsoft Defender Vulnerability Management trial can be accessed in several ways:
@@ -59,8 +58,8 @@ Watch the following video to learn more about Defender Vulnerability Management:
 
     - Sign up through the [Microsoft Admin Center](https://admin.microsoft.com/#/catalog) (global admins only).
 
-> [!NOTE]
-> For more options on how to sign up to the trial, see [Sign up for Microsoft Defender Vulnerability Management](get-defender-vulnerability-management.md).
+   > [!NOTE]
+   > For more options on how to sign up to the trial, see [Sign up for Microsoft Defender Vulnerability Management](get-defender-vulnerability-management.md).
 
 3. Review the information about what's included in the trial, then select **Begin trial**. Once you activate the trial it can take up to 6 hours for the new features to become available in the portal.
 
@@ -98,7 +97,7 @@ Built-in and agentless scanners continuously monitor and detect risk even when d
 
     You can also use the [set device value API](/defender-endpoint/api/set-device-value).
 
-###  Step 2: Track and mitigate remediation activities
+### Step 2: Track and mitigate remediation activities
 
 1. [**Request remediation**](tvm-remediation.md#request-remediation) - vulnerability management capabilities bridge the gap between Security and IT administrators through the remediation request workflow. Security admins like you can request for the IT Administrator to remediate a vulnerability from the **Recommendation** pages to [Intune](/mem/intune/).
 2. [**View your remediation activities**](tvm-remediation.md#view-your-remediation-activities) - when you submit a remediation request from the Security recommendations page, it kicks-off a remediation activity. A security task is created that can be tracked on a **Remediation** page, and a remediation ticket is created in Microsoft Intune.
@@ -109,15 +108,15 @@ Built-in and agentless scanners continuously monitor and detect risk even when d
     - [View blocked applications](tvm-block-vuln-apps.md#view-blocked-applications)
     - [Unblock applications](tvm-block-vuln-apps.md#unblock-applications)
 
-> [!NOTE]
-> When the trial ends blocked applications will be immediately unblocked whereas baseline profiles may be stored for a short additional time before being deleted.
+   > [!NOTE]
+   > When the trial ends blocked applications will be immediately unblocked whereas baseline profiles may be stored for a short additional time before being deleted.
 
 4. Use enhanced assessment capabilities such as [Network shares analysis](tvm-network-share-assessment.md) to protect vulnerable network shares. As network shares can be easily accessed by network users, small common weaknesses can make them vulnerable. These types of misconfigurations are commonly used in the wild by attackers for lateral movement, reconnaissance, data exfiltration, and more. That's why we built a new category of configuration assessments in Defender Vulnerability Management that identify the common weaknesses that expose your endpoints to attack vectors in Windows network shares. This helps you:
     - Disallow offline access to shares
     - Remove shares from the root folder
     - Remove share write permission set to 'Everyone'
     - Set folder enumeration for shares
- 
+
 5. View and monitor your organization's devices using a [**Vulnerable devices report**](tvm-vulnerable-devices-report.md) that shows graphs and bar charts with vulnerable device trends and current statistics. The goal is for you to understand the breath and scope of your device exposure.
 
 ### Step 3: Set up security baseline assessments
diff --git a/defender-vulnerability-management/tvm-block-vuln-apps.md b/defender-vulnerability-management/tvm-block-vuln-apps.md
@@ -60,7 +60,10 @@ For both actions, you can customize the message the users see. For example, you
 ## Permissions
 
 - If you use [Role-based access control (RBAC)](/defender-endpoint/rbac), then you need to have the **Threat and vulnerability management - Application handling** permission assigned.
-- If you haven't turned on RBAC, you must have one of the following Microsoft Entra roles assigned: **security admin** or **global admin**. To learn more about permissions, go to [Basic permissions](/defender-endpoint/basic-permissions).
+- If you haven't turned on RBAC, you must have one of the following Microsoft Entra roles assigned: **Security Administrator** or **Global administrator**. To learn more about permissions, go to [Basic permissions](/defender-endpoint/basic-permissions).
+
+> [!IMPORTANT]
+> Microsoft recommends that you use roles with the fewest permissions. Using lower permissioned accounts helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
 
 ## How to block vulnerable applications
 
diff --git a/defender-vulnerability-management/tvm-exception.md b/defender-vulnerability-management/tvm-exception.md
@@ -73,7 +73,7 @@ A flyout appears where you can search and choose device groups you want included
 
 ### Global exceptions
 
-If you have global administrator permissions, you'll be able to create and cancel a global exception. It affects **all** current and future device groups in your organization, and only a user with similar permission would be able to change it. The recommendation state changes from "active" to "full exception."
+If you have Global Administrator permissions, you'll be able to create and cancel a global exception. It affects **all** current and future device groups in your organization, and only a user with similar permission would be able to change it. The recommendation state changes from "active" to "full exception."
 
 ![Showing global exception option.](/defender/media/defender-vulnerability-management/tvm-exception-global.png)
 
@@ -82,6 +82,9 @@ Some things to keep in mind:
 - If a recommendation is under global exception, then newly created exceptions for device groups is suspended until the global exception has expired or been canceled. After that point, the new device group exceptions will go into effect until they expire.
 - If a recommendation already has exceptions for specific device groups and a global exception is created, then the device group exception is suspended until it expires or the global exception is canceled before it expires.
 
+> [!IMPORTANT]
+> Microsoft recommends that you use roles with the fewest permissions. Using lower permissioned accounts helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
+
 ### Justification
 
 Select your justification for the exception you need to file instead of remediating the security recommendation in question. Fill out the justification context, then set the exception duration.
diff --git a/defender-vulnerability-management/tvm-prerequisites.md b/defender-vulnerability-management/tvm-prerequisites.md
@@ -56,11 +56,14 @@ The same data security and privacy practices for Microsoft Defender for Endpoint
 
 To view the permissions options for vulnerability management:
 
-1. Log in to Microsoft Defender portal using account with a Security administrator or Global administrator role assigned.
+1. Log in to Microsoft Defender portal using account with a Security Administrator or Global Administrator role assigned.
 2. In the navigation pane, select **Settings > Endpoints > Roles**.
 
 For more information, see [Create and manage roles for role-based access control](/defender-endpoint/user-roles).
 
+> [!IMPORTANT]
+> Microsoft recommends that you use roles with the fewest permissions. Using lower permissioned accounts helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
+
 ### View data
 
 - **Security operations** - View all security operations data in the portal
diff --git a/defender-xdr/api-update-incidents.md b/defender-xdr/api-update-incidents.md
@@ -111,18 +111,7 @@ Here's an example of the request.
     "classification": "TruePositive",
     "determination": "Malware",
     "tags": ["Yossi's playground", "Don't mess with the Zohan"],
-    "comments": [
-          {
-              "comment": "pen testing",
-              "createdBy": "secop2@contoso.com",
-              "createdTime": "2021-05-02T09:34:21.5519738Z"
-          },
-          {
-              "comment": "valid incident",
-              "createdBy": "secop2@contoso.comt",
-              "createdTime": "2021-05-02T09:36:27.6652581Z"
-          }
-      ]
+    "comment": "pen testing"
 }
 ```
 
diff --git a/defender-xdr/teams-restrictions-dexapp.md b/defender-xdr/teams-restrictions-dexapp.md
@@ -15,15 +15,17 @@ ms.collection:
   - essentials-manage
 ms.topic: conceptual
 search.appverid: met150
-ms.date: 05/15/2024
+ms.date: 06/27/2024
 ---
 
-# Troubleshooting Microsoft Defender Experts app permissions in Microsoft Teams
+# Troubleshooting issues with Microsoft Defender Experts app in Microsoft Teams
 
 **Applies to:**
 
 - [Microsoft Defender XDR](microsoft-365-defender.md)
 
+## App policy permissions
+
 The Microsoft Defender Experts app is available for Microsoft Teams by default, but some environments might have limitations that block the app's installation because of app policy permissions in Teams. [Learn how to check Teams app permissions policies](#check-the-teams-app-permission-policies)
 
 :::image type="content" source="/defender-xdr/media/teams-communication-issues.png" alt-text="Screenshot of Teams communication restrictions." lightbox="media/teams-communication-issues.png":::
@@ -34,7 +36,7 @@ The following screenshot is an example of the missing bot:
 
 :::image type="content" source="/defender-xdr/media/teams-app-bot.png" alt-text="Screenshot of Teams app bot.":::
 
-## Check the Teams app permission policies
+### Check the Teams app permission policies
 
 **To verify if the Teams permission policies are preventing the Defender Experts app from working, follow these steps.**
 
@@ -59,14 +61,14 @@ This app is blocked in app permission policies. To approve a user's app request,
 
   :::image type="content" source="/defender-xdr/media/app-permissions-blocked.png" alt-text="Screenshot of Defender Experts app permissions blocked image in Teams.":::
 
-## Fix the Teams app permission policies
+### Fix the Teams app permission policies
 
 You have two options to fix the Teams app permission policy that stops the Defender Experts app from running:
 
 - [Change the policy that blocks the Defender Experts app from running](#change-the-policy-that-blocks-the-defender-experts-app-from-running)
 - [Add a new policy that lets the Defender Experts app run](#add-a-new-policy-that-lets-the-defender-experts-app-run)
 
-### Change the policy that blocks the Defender Experts app from running
+#### Change the policy that blocks the Defender Experts app from running
 
 1. Go to the [App permission policies page](https://admin.teams.microsoft.com/policies/app-permission). Read more about [App permission policies - Microsoft Teams admin center](/microsoftteams/teams-app-permission-policies)
 2. Look at each policy and see if **Microsoft apps** is set to **Allow specific apps and block all others**.
@@ -79,7 +81,7 @@ You have two options to fix the Teams app permission policy that stops the Defen
 
 The app should start working after 24 hours.
 
-### Add a new policy that lets the Defender Experts app run
+#### Add a new policy that lets the Defender Experts app run
 
 1. Go to the **App permission policies** page and then select **Add**.
 2. In the flyout panel on the right side, search for and select **Defender Experts**, and then select **Allow**.
@@ -88,6 +90,10 @@ The app should start working after 24 hours.
 
 3. Complete the rest of the fields as needed then select **Save**. If this policy is for a group of users, make sure that all the members in the channel are assigned to the policy. The app should start working after 24 hours.
 
+## Teams channel unavailable
+
+You will not be able to receive updates or chat with Defender Experts if the Managed Response channel is archived or deleted. To learn more, see how to [archive](https://support.microsoft.com/office/archive-or-restore-a-channel-53c46491-a265-4391-a2a7-001c5026c9e5) or [restore a deleted channel](https://support.microsoft.com/office/delete-a-channel-in-microsoft-teams-973f9014-53db-4165-8ab4-365021fe36b7).
+
 ### See also
 
 - [Communicating with Defender Experts for XDR](communicate-defender-experts-xdr.md)
