Merge pull request #1266 from MicrosoftDocs/main

publish main to live 9/3 10:30 AM

defender-endpoint/edr-detection.md

@@ -57,25 +57,28 @@ Run an EDR detection test to verify that the device is properly onboarded and re
 
 
 ```bash
-curl -o ~/Downloads/MDE Linux DIY.zip https://aka.ms/MDE-Linux-EDR-DIY
+curl -o ~/Downloads/MDE Linux DIY.zip -L https://aka.ms/MDE-Linux-EDR-DIY
 ```
 
-1. Extract the zip 
+2. Extract the zip 
 
 ```bash
 unzip ~/Downloads/MDE-Linux-EDR-DIY.zip
 ```
 
-1. And run the following command: 
+3. And run the following command to give the script executable permission: 
 
 ```bash
-./mde_linux_edr_diy.sh
+chmod +x ./mde_linux_edr_diy.sh
 ```
 
-After a few minutes, a detection should be raised in Microsoft Defender XDR.
-
-3. Look at the alert details, machine timeline, and perform your typical investigation steps.
+4. Run the following command to execute the script:
+```bash
+ ./mde_linux_edr_diy.sh
+```
 
+5. After a few minutes, a detection should be raised in Microsoft Defender XDR. Look at the alert details, machine timeline, and perform your typical investigation steps.
+
 ### macOS
 
 1. In your browser, Microsoft Edge for Mac or Safari, download *MDATP MacOS DIY.zip* from [https://aka.ms/mdatpmacosdiy](https://aka.ms/mdatpmacosdiy) and extract.

defender-endpoint/indicator-file.md

@@ -6,7 +6,7 @@ ms.service: defender-endpoint
 ms.author: siosulli
 author: siosulli
 ms.localizationpriority: medium
-ms.date: 08/26/2024
+ms.date: 09/03/2024
 manager: deniseb
 audience: ITPro
 ms.collection: 
@@ -63,7 +63,12 @@ Understand the following prerequisites before you create indicators for files:
 
 - To start blocking files, [turn on the "block or allow" feature](advanced-features.md) in Settings (in the [Microsoft Defender portal](https://security.microsoft.com), go to **Settings** > **Endpoints** > **General** > **Advanced features** > **Allow or block file**).
 
-This feature is designed to prevent suspected malware (or potentially malicious files) from being downloaded from the web. It currently supports portable executable (PE) files, including `.exe` and `.dll` files. Coverage is extended over time.
+This feature is designed to prevent suspected malware (or potentially malicious files) from being downloaded from the web. 
+
+> [!NOTE]
+> File indicators support portable executable (PE) files, including `.exe` and `.dll` files only.
+
+
 
 > [!IMPORTANT]
 > In Defender for Endpoint Plan 1 and Defender for Business, you can create an indicator to block or allow a file. In Defender for Business, your indicator is applied across your environment and cannot be scoped to specific devices.

defender-endpoint/troubleshoot-collect-support-log.md

@@ -14,7 +14,7 @@ ms.collection:
 ms.topic: troubleshooting
 ms.subservice: edr
 search.appverid: met150
-ms.date: 08/13/2024
+ms.date: 09/03/2024
 ---
 
 # Collect support logs in Microsoft Defender for Endpoint using live response
@@ -51,9 +51,12 @@ This article provides instructions on how to run the tool via Live Response on W
 
    :::image type="content" source="media/analyzer-file.png" alt-text="The choose file button-2" lightbox="media/analyzer-file.png":::
 
+   Repeat this step for the `MDEClientAnalyzerPreview.zip` file.
+
 6. While still in the LiveResponse session, use the following commands to run the analyzer and collect the resulting file.
 
    ```console
+   Putfile MDEClientAnalyzerPreview.zip
    Run MDELiveAnalyzer.ps1
    GetFile "C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Downloads\MDECA\MDEClientAnalyzerResult.zip"
    ```

defender-office-365/mdo-privacy.md

@@ -5,7 +5,7 @@ f1.keywords:
 ms.author: chrisda
 author: chrisda
 manager: deniseb
-ms.date: 08/22/2024
+ms.date: 09/03/2024
 audience: ITPro
 ms.topic: conceptual
 ms.service: defender-office-365
@@ -42,7 +42,7 @@ All [reports in Defender for Office 365](reports-defender-for-office-365.md) are
 - All related data is securely stored in the organization's region.
 - Only authorized users in the organization can access the data.
 
-Microsoft stores this data securely in Microsoft Entra and maintains it in accordance with Microsoft privacy practices and [Microsoft Trust Center policies](https://go.microsoft.com/fwlink/p/?linkid=827578). All service log data at rest is encrypted and hashed using ODL and CDP encryption (no clear text). Defender for Office 365 uses this data for the following features:
+Microsoft stores this data securely in Microsoft Entra and maintains it in accordance with Microsoft privacy practices and [Microsoft Trust Center policies](https://go.microsoft.com/fwlink/p/?linkid=827578). All service log data at rest is encrypted and hashed using Office Data Loader (ODL) and Common Data Platform (CDP) encryption (no clear text). Defender for Office 365 uses this data for the following features:
 
 - Threat protection policies to set the appropriate level of protection for your organization.
 - Real-time reports to monitor Defender for Office 365 performance in your organization.