diff --git a/.openpublishing.redirection.defender.json b/.openpublishing.redirection.defender.json index 5414c4d9d7..3cb5cc2d9e 100644 --- a/.openpublishing.redirection.defender.json +++ b/.openpublishing.redirection.defender.json @@ -209,6 +209,11 @@ "source_path": "defender-endpoint/evaluate-mde.md", "redirect_url": "/defender-endpoint/evaluate-microsoft-defender-antivirus", "redirect_document_id": false + }, + { + "source_path": "defender-endpoint/defender-endpoint-antivirus-exclusions.md", + "redirect_url": "/defender-endpoint/navigate-defender-endpoint-antivirus-exclusions", + "redirect_document_id": false } ] } \ No newline at end of file diff --git a/defender-business/get-defender-business.md b/defender-business/get-defender-business.md index 4224bf0235..690f73555c 100644 --- a/defender-business/get-defender-business.md +++ b/defender-business/get-defender-business.md @@ -2,8 +2,8 @@ title: Get Microsoft Defender for Business description: Find out how to get Microsoft Defender for Business, endpoint protection for small and medium sized businesses. search.appverid: MET150 -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb audience: Admin ms.topic: overview diff --git a/defender-business/index.yml b/defender-business/index.yml index 87db7ef2cb..418bf9591f 100644 --- a/defender-business/index.yml +++ b/defender-business/index.yml @@ -15,8 +15,8 @@ metadata: - tier1 - essentials-navigation ms.custom: intro-hub-or-landing - author: siosulli - ms.author: siosulli + author: denisebmsft + ms.author: deniseb # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new diff --git a/defender-business/mdb-add-users.md b/defender-business/mdb-add-users.md index 0fcf79de6c..fa682de58b 100644 --- a/defender-business/mdb-add-users.md +++ b/defender-business/mdb-add-users.md @@ -2,8 +2,8 @@ title: Add users and assign licenses in Microsoft Defender for Business description: Add users and assign Defender for Business licenses to protect their devices search.appverid: MET150 -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb audience: Admin ms.topic: conceptual diff --git a/defender-business/mdb-asr.md b/defender-business/mdb-asr.md index 96814f4b5c..3637fb9419 100644 --- a/defender-business/mdb-asr.md +++ b/defender-business/mdb-asr.md @@ -1,8 +1,8 @@ --- title: Enable your attack surface reduction rules in Microsoft Defender for Business description: Get an overview of attack surface reduction capabilities, including attack surface reduction rules, in Microsoft Defender for Business -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb ms.date: 07/23/2024 ms.topic: conceptual diff --git a/defender-business/mdb-attack-disruption.md b/defender-business/mdb-attack-disruption.md index 0a9c380a6b..c34b76244c 100644 --- a/defender-business/mdb-attack-disruption.md +++ b/defender-business/mdb-attack-disruption.md @@ -1,8 +1,8 @@ --- title: Automatic attack disruption in Microsoft Defender for Business description: Learn about automatic attack disruption in Microsoft Defender for Business -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb ms.date: 06/07/2024 ms.topic: conceptual diff --git a/defender-business/mdb-configure-security-settings.md b/defender-business/mdb-configure-security-settings.md index 076c36980f..e0901ea868 100644 --- a/defender-business/mdb-configure-security-settings.md +++ b/defender-business/mdb-configure-security-settings.md @@ -2,8 +2,8 @@ title: Set up, review, and edit your security policies and settings in Microsoft Defender for Business description: View and edit security policies and settings in Defender for Business search.appverid: MET150 -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb audience: Admin ms.topic: overview diff --git a/defender-business/mdb-controlled-folder-access.md b/defender-business/mdb-controlled-folder-access.md index ba0bfe72ef..595da3d25d 100644 --- a/defender-business/mdb-controlled-folder-access.md +++ b/defender-business/mdb-controlled-folder-access.md @@ -1,8 +1,8 @@ --- title: Set up or edit your controlled folder access policy in Microsoft Defender for Business description: Get an overview of attack surface reduction capabilities in Microsoft Defender for Business -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb ms.date: 06/07/2024 ms.topic: conceptual diff --git a/defender-business/mdb-create-edit-device-groups.md b/defender-business/mdb-create-edit-device-groups.md index 6909f8f0d0..1788eadf59 100644 --- a/defender-business/mdb-create-edit-device-groups.md +++ b/defender-business/mdb-create-edit-device-groups.md @@ -2,8 +2,8 @@ title: Device groups in Microsoft Defender for Business description: Security policies are applied to devices through device groups in Defender for Business. search.appverid: MET150 -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb audience: Admin ms.topic: how-to diff --git a/defender-business/mdb-email-notifications.md b/defender-business/mdb-email-notifications.md index f2e556ede6..4a06f99048 100644 --- a/defender-business/mdb-email-notifications.md +++ b/defender-business/mdb-email-notifications.md @@ -2,8 +2,8 @@ title: Set up email notifications for your security team description: Set up email notifications to tell your security team about alerts and vulnerabilities in Defender for Business. search.appverid: MET150 -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb audience: Admin ms.topic: overview diff --git a/defender-business/mdb-faq.yml b/defender-business/mdb-faq.yml index a9d29d6904..9f15e58aba 100644 --- a/defender-business/mdb-faq.yml +++ b/defender-business/mdb-faq.yml @@ -3,8 +3,8 @@ metadata: title: Microsoft Defender for Business frequently asked questions description: Get answers to questions about Defender for Business, a cybersecurity solution for small and medium sized businesses. search.appverid: MET150 - author: siosulli - ms.author: siosulli + author: denisebmsft + ms.author: deniseb manager: deniseb audience: Admin ms.topic: faq diff --git a/defender-business/mdb-firewall.md b/defender-business/mdb-firewall.md index 1a725eb43c..ad73c4cb5e 100644 --- a/defender-business/mdb-firewall.md +++ b/defender-business/mdb-firewall.md @@ -2,8 +2,8 @@ title: Firewall in Microsoft Defender for Business description: Learn about Windows Defender Firewall settings in Defender for Business. Firewall can help prevent unwanted network traffic from flowing to your company devices. search.appverid: MET150 -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb audience: Admin ms.topic: overview diff --git a/defender-business/mdb-get-started.md b/defender-business/mdb-get-started.md index 38ea0f71c9..2c3d3ba0de 100644 --- a/defender-business/mdb-get-started.md +++ b/defender-business/mdb-get-started.md @@ -2,8 +2,8 @@ title: Visit the Microsoft Defender portal description: Your security center in Defender for Business is the Microsoft Defender portal. Learn how to navigate the portal, and see your next steps. search.appverid: MET150 -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb audience: Admin ms.topic: conceptual diff --git a/defender-business/mdb-lighthouse-integration.md b/defender-business/mdb-lighthouse-integration.md index 1fc2f283ad..9140c1054b 100644 --- a/defender-business/mdb-lighthouse-integration.md +++ b/defender-business/mdb-lighthouse-integration.md @@ -2,8 +2,8 @@ title: Microsoft 365 Lighthouse and Microsoft Defender for Business description: See how Microsoft Defender for Business integrates with Microsoft 365 Lighthouse, a security solution for Microsoft partners. search.appverid: MET150 -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb audience: Admin ms.topic: overview diff --git a/defender-business/mdb-manage-devices.md b/defender-business/mdb-manage-devices.md index 108e60e89f..aa2c231adf 100644 --- a/defender-business/mdb-manage-devices.md +++ b/defender-business/mdb-manage-devices.md @@ -2,8 +2,8 @@ title: Manage devices in Microsoft Defender for Business description: Learn how to add, remove, and manage devices in Defender for Business, endpoint protection for small and medium sized businesses. search.appverid: MET150 -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb audience: Admin ms.topic: how-to diff --git a/defender-business/mdb-manage-subscription.md b/defender-business/mdb-manage-subscription.md index a6c7ebe822..a35770cd8b 100644 --- a/defender-business/mdb-manage-subscription.md +++ b/defender-business/mdb-manage-subscription.md @@ -2,8 +2,8 @@ title: Change your endpoint security subscription description: Learn about your options for managing your Defender for Business or Defender for Endpoint subscription settings. Choose between Defender for Endpoint or Defender for Business. search.appverid: MET150 -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb audience: ITPro ms.topic: overview diff --git a/defender-business/mdb-mtd.md b/defender-business/mdb-mtd.md index 78f6293f4b..b0a3ea25bc 100644 --- a/defender-business/mdb-mtd.md +++ b/defender-business/mdb-mtd.md @@ -1,8 +1,8 @@ --- title: Mobile threat defense capabilities in Microsoft Defender for Business description: Get an overview of mobile threat defense in Defender for Business. Learn about what's included and how to onboard devices. -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb ms.date: 07/23/2024 ms.topic: conceptual diff --git a/defender-business/mdb-next-generation-protection.md b/defender-business/mdb-next-generation-protection.md index 2a7c8a9d29..8f03b256b6 100644 --- a/defender-business/mdb-next-generation-protection.md +++ b/defender-business/mdb-next-generation-protection.md @@ -2,8 +2,8 @@ title: Review or edit your next-generation protection policies Microsoft Defender for Business description: Learn how to view and edit your next-generation protection policies in Defender for Business. These policies pertain to antivirus and anti-malware protection. search.appverid: MET150 -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb audience: Admin ms.topic: overview diff --git a/defender-business/mdb-offboard-devices.md b/defender-business/mdb-offboard-devices.md index 6ecc0a1045..d207ffe00b 100644 --- a/defender-business/mdb-offboard-devices.md +++ b/defender-business/mdb-offboard-devices.md @@ -2,8 +2,8 @@ title: Offboard a device from Microsoft Defender for Business description: Learn about how to remove or offboard a device from Microsoft Defender for Business. search.appverid: MET150 -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb audience: Admin ms.topic: overview diff --git a/defender-business/mdb-onboard-devices.md b/defender-business/mdb-onboard-devices.md index dbec721bb7..e336fd4e41 100644 --- a/defender-business/mdb-onboard-devices.md +++ b/defender-business/mdb-onboard-devices.md @@ -2,8 +2,8 @@ title: Onboard devices to Microsoft Defender for Business description: See how to get devices onboarded to Defender for Business to protect your devices from day one. search.appverid: MET150 -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb audience: Admin ms.topic: overview diff --git a/defender-business/mdb-overview.md b/defender-business/mdb-overview.md index 95c069bada..112da5c24b 100644 --- a/defender-business/mdb-overview.md +++ b/defender-business/mdb-overview.md @@ -2,8 +2,8 @@ title: What is Microsoft Defender for Business? description: Microsoft Defender for Business is a cybersecurity solution for small and medium sized businesses. Defender for Business protects against threats across your devices. search.appverid: MET150 -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb audience: Admin ms.topic: overview diff --git a/defender-business/mdb-partners.md b/defender-business/mdb-partners.md index 1cecea9b08..9edc83b58c 100644 --- a/defender-business/mdb-partners.md +++ b/defender-business/mdb-partners.md @@ -2,8 +2,8 @@ title: Resources for Microsoft partners working with small and medium-sized businesses description: Download our new security guide or integrate your remote monitoring and management (RMM) tools and professional service automation (PSA) software with Defender for Business, Microsoft 365 Business Premium, Defender for Endpoint, and Microsoft 365 Lighthouse. search.appverid: MET150 -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb audience: Admin ms.topic: overview diff --git a/defender-business/mdb-policy-order.md b/defender-business/mdb-policy-order.md index c6dc73b835..e1837c9fa2 100644 --- a/defender-business/mdb-policy-order.md +++ b/defender-business/mdb-policy-order.md @@ -2,8 +2,8 @@ title: Understand policy order in Microsoft Defender for Business description: Learn about order of priority with cybersecurity policies to protect your company devices with Defender for Business. search.appverid: MET150 -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb audience: Admin ms.topic: overview diff --git a/defender-business/mdb-portal-advanced-feature-settings.md b/defender-business/mdb-portal-advanced-feature-settings.md index e47f30dede..a220d23e8a 100644 --- a/defender-business/mdb-portal-advanced-feature-settings.md +++ b/defender-business/mdb-portal-advanced-feature-settings.md @@ -2,8 +2,8 @@ title: Review and edit settings in Microsoft Defender for Business description: View and edit settings for the Microsoft Defender portal and advanced features in Defender for Business search.appverid: MET150 -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb audience: Admin ms.topic: overview diff --git a/defender-business/mdb-reports.md b/defender-business/mdb-reports.md index d2f12e452f..9fa37a4b0b 100644 --- a/defender-business/mdb-reports.md +++ b/defender-business/mdb-reports.md @@ -2,8 +2,8 @@ title: Reports in Microsoft Defender for Business description: Get an overview of security reports in Defender for Business. Reports will show detected threats, alerts, vulnerabilities, and device status. search.appverid: MET150 -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb audience: Admin ms.topic: overview diff --git a/defender-business/mdb-requirements.md b/defender-business/mdb-requirements.md index 25bac47396..3ac5b65f6d 100644 --- a/defender-business/mdb-requirements.md +++ b/defender-business/mdb-requirements.md @@ -2,8 +2,8 @@ title: Requirements for Microsoft Defender for Business description: Microsoft Defender for Business license, hardware, and software requirements search.appverid: MET150 -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb audience: Admin ms.topic: overview diff --git a/defender-business/mdb-respond-mitigate-threats.md b/defender-business/mdb-respond-mitigate-threats.md index a2a00e5304..6eeb3a6860 100644 --- a/defender-business/mdb-respond-mitigate-threats.md +++ b/defender-business/mdb-respond-mitigate-threats.md @@ -2,8 +2,8 @@ title: Respond to and mitigate threats in Microsoft Defender for Business description: As threats are detected in Defender for Business, you can take actions to respond to those threats. See how to use the device inventory view. search.appverid: MET150 -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb audience: Admin ms.topic: how-to diff --git a/defender-business/mdb-review-remediation-actions.md b/defender-business/mdb-review-remediation-actions.md index d9a8c88f0d..36ea495e68 100644 --- a/defender-business/mdb-review-remediation-actions.md +++ b/defender-business/mdb-review-remediation-actions.md @@ -2,8 +2,8 @@ title: Review remediation actions in Microsoft Defender for Business description: View remediations that were taken on detected threats or suspected attacks with Defender for Business. search.appverid: MET150 -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb audience: Admin ms.topic: how-to diff --git a/defender-business/mdb-roles-permissions.md b/defender-business/mdb-roles-permissions.md index dd11510f80..bb9fd8298a 100644 --- a/defender-business/mdb-roles-permissions.md +++ b/defender-business/mdb-roles-permissions.md @@ -2,8 +2,8 @@ title: Assign security roles and permissions in Microsoft Defender for Business description: Assign roles to your cybersecurity team. Learn about these roles and permissions in Defender for Business. search.appverid: MET150 -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb audience: Admin ms.topic: how-to diff --git a/defender-business/mdb-security-privacy-compliance.md b/defender-business/mdb-security-privacy-compliance.md index 80f2ed3786..e6f0e3d4be 100644 --- a/defender-business/mdb-security-privacy-compliance.md +++ b/defender-business/mdb-security-privacy-compliance.md @@ -2,8 +2,8 @@ title: Security, privacy, and compliance description: "Learn about security, privacy, and compliance in Defender for Business." search.appverid: MET150 -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft manager: deniseb audience: Admin ms.topic: overview diff --git a/defender-business/mdb-setup-configuration.md b/defender-business/mdb-setup-configuration.md index 015723e54d..48745c5ff7 100644 --- a/defender-business/mdb-setup-configuration.md +++ b/defender-business/mdb-setup-configuration.md @@ -2,8 +2,8 @@ title: Set up and configure Microsoft Defender for Business description: See how to set up your Defender for Business cybersecurity solution. Onboard devices, review your policies, and edit your settings as needed. search.appverid: MET150 -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb audience: Admin ms.topic: overview diff --git a/defender-business/mdb-streaming-api.md b/defender-business/mdb-streaming-api.md index f50a33da1d..330eea966e 100644 --- a/defender-business/mdb-streaming-api.md +++ b/defender-business/mdb-streaming-api.md @@ -1,8 +1,8 @@ --- title: Use the streaming API with Microsoft Defender for Business description: The Defender for Endpoint streaming API is available for Defender for Business and Microsoft 365 Business Premium. Stream of device file, registry, network, sign-in events, and other data to Azure Event Hub, Azure Storage, and Microsoft Sentinel to support advanced hunting and attack detection. -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb ms.date: 06/07/2024 ms.topic: how-to diff --git a/defender-business/mdb-troubleshooting.yml b/defender-business/mdb-troubleshooting.yml index 0e21629d5a..c8b563ff0f 100644 --- a/defender-business/mdb-troubleshooting.yml +++ b/defender-business/mdb-troubleshooting.yml @@ -3,8 +3,8 @@ metadata: title: Microsoft Defender for Business troubleshooting description: Troubleshoot issues in Microsoft Defender for Business. See how to resolve problems with setup or device management. search.appverid: MET150 - author: siosulli - ms.author: siosulli + author: denisebmsft + ms.author: deniseb manager: deniseb audience: Admin3 ms.topic: faq diff --git a/defender-business/mdb-tutorials.md b/defender-business/mdb-tutorials.md index 3b026b1042..12bdeaa0a3 100644 --- a/defender-business/mdb-tutorials.md +++ b/defender-business/mdb-tutorials.md @@ -2,8 +2,8 @@ title: Learning resources for Microsoft Defender for Business description: Get an overview of learning resources to help you get started with security operations and Defender for Business. search.appverid: MET150 -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb audience: Admin ms.topic: conceptual diff --git a/defender-business/mdb-view-edit-create-policies.md b/defender-business/mdb-view-edit-create-policies.md index 6adfd4e504..5d3966dd1b 100644 --- a/defender-business/mdb-view-edit-create-policies.md +++ b/defender-business/mdb-view-edit-create-policies.md @@ -2,8 +2,8 @@ title: View or edit policies in Microsoft Defender for Business description: Learn how to view, edit, create, and delete cybersecurity policies in Defender for Business. Protect your devices with security policies. search.appverid: MET150 -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb audience: Admin ms.topic: overview diff --git a/defender-business/mdb-view-manage-incidents.md b/defender-business/mdb-view-manage-incidents.md index 63178a96db..c6415e5a75 100644 --- a/defender-business/mdb-view-manage-incidents.md +++ b/defender-business/mdb-view-manage-incidents.md @@ -2,8 +2,8 @@ title: View and manage incidents in Microsoft Defender for Business description: View and manage alerts, respond to threats, manage devices, and review remediation actions on detected threats in Defender for Business. search.appverid: MET150 -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb audience: Admin ms.topic: how-to diff --git a/defender-business/mdb-view-tvm-dashboard.md b/defender-business/mdb-view-tvm-dashboard.md index dde27efdba..f2922d60ce 100644 --- a/defender-business/mdb-view-tvm-dashboard.md +++ b/defender-business/mdb-view-tvm-dashboard.md @@ -2,8 +2,8 @@ title: View your Microsoft Defender Vulnerability Management dashboard in Microsoft Defender for Business description: Use your Microsoft Defender Vulnerability Management dashboard to see important items to address in Defender for Business. search.appverid: MET150 -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb audience: Admin ms.topic: conceptual diff --git a/defender-business/mdb-web-content-filtering.md b/defender-business/mdb-web-content-filtering.md index f92a72dbf8..9a822a20cb 100644 --- a/defender-business/mdb-web-content-filtering.md +++ b/defender-business/mdb-web-content-filtering.md @@ -1,8 +1,8 @@ --- title: Set up web content filtering in Microsoft Defender for Business description: Learn how to set up, view, and edit your web content filtering policy in Microsoft Defender for Business. -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb ms.date: 06/28/2023 ms.topic: how-to diff --git a/defender-business/trial-playbook-defender-business.md b/defender-business/trial-playbook-defender-business.md index 671633d2ef..f7da967974 100644 --- a/defender-business/trial-playbook-defender-business.md +++ b/defender-business/trial-playbook-defender-business.md @@ -2,8 +2,8 @@ title: "Microsoft Defender for Business trial user guide" f1.keywords: - NOCSH -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft manager: deniseb audience: Admin ms.topic: how-to diff --git a/defender-endpoint/TOC.yml b/defender-endpoint/TOC.yml index 6083f00eb9..3a3af94cf1 100644 --- a/defender-endpoint/TOC.yml +++ b/defender-endpoint/TOC.yml @@ -346,8 +346,12 @@ href: machine-groups.md - name: Create and manage device tags href: machine-tags.md - - name: Rules + - name: Rules and Exclusions items: + - name: Exclusions overview + href: navigate-defender-endpoint-antivirus-exclusions.md + - name: Using submissions, suppressions and exclusions + href: submissions-suppressions-exclusions.md - name: Manage suppression rules href: manage-suppression-rules.md - name: Create indicators @@ -386,6 +390,7 @@ items: - name: Safe deployment practices href: mde-sdp-strategy.md + - name: Defender for Endpoint Security Operations Guide href: mde-sec-ops-guide.md - name: Troubleshoot @@ -417,13 +422,15 @@ - name: Troubleshoot Microsoft Defender for Endpoint on macOS items: + - name: Troubleshoot NetExt issues with Defender for Endpoint on Mac + href: mac-troubleshoot-netext-mde.md - name: Troubleshooting mode on macOS href: mac-troubleshoot-mode.md - name: Troubleshoot macOS installation issues href: mac-support-install.md - name: Troubleshoot macOS performance issues overview href: mac-support-perf-overview.md - displayName: Troubleshoot performance issues for Microsoft Defender for Endpoint on macOS + displayName: Troubleshoot performance issues for Defender for Endpoint on macOS - name: Troubleshoot performance issues href: mac-support-perf.md - name: Troubleshoot cloud connectivity @@ -707,8 +714,6 @@ href: safety-scanner-download.md - name: Configure Microsoft Defender Antivirus features href: configure-microsoft-defender-antivirus-features.md - - name: Manage exclusions for Defender for Endpoint and Microsoft Defender Antivirus - href: defender-endpoint-antivirus-exclusions.md - name: Cloud protection and Microsoft Defender Antivirus href: cloud-protection-microsoft-defender-antivirus.md items: @@ -859,8 +864,9 @@ href: restore-quarantined-files-microsoft-defender-antivirus.md - name: Microsoft Defender Antivirus exclusions - href: configure-exclusions-microsoft-defender-antivirus.md items: + - name: Configure custom exclusions + href: configure-exclusions-microsoft-defender-antivirus.md - name: Exclusions based on file extension and folder location href: configure-extension-file-exclusions-microsoft-defender-antivirus.md - name: Exclusions for files opened by processes diff --git a/defender-endpoint/access-mssp-portal.md b/defender-endpoint/access-mssp-portal.md index 294c2b7257..21682e9584 100644 --- a/defender-endpoint/access-mssp-portal.md +++ b/defender-endpoint/access-mssp-portal.md @@ -3,8 +3,8 @@ title: Access the Microsoft Defender XDR MSSP customer portal description: Access the Microsoft Defender XDR MSSP customer portal ms.service: defender-endpoint ms.subservice: onboard -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/admin-submissions-mde.md b/defender-endpoint/admin-submissions-mde.md index 6d4ee8b259..7498e050a3 100644 --- a/defender-endpoint/admin-submissions-mde.md +++ b/defender-endpoint/admin-submissions-mde.md @@ -4,8 +4,8 @@ description: Learn how to use the unified submissions feature in Microsoft Defen search.appverid: met150 ms.date: 05/06/2024 ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft manager: deniseb ms.localizationpriority: medium audience: ITPro diff --git a/defender-endpoint/advanced-features.md b/defender-endpoint/advanced-features.md index c7bdd7b061..00a0d587cd 100644 --- a/defender-endpoint/advanced-features.md +++ b/defender-endpoint/advanced-features.md @@ -2,8 +2,8 @@ title: Configure advanced features in Microsoft Defender for Endpoint description: Turn on advanced features such as block file in Microsoft Defender for Endpoint. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.reviewer: yongrhee ms.localizationpriority: medium manager: deniseb diff --git a/defender-endpoint/alerts-queue-endpoint-detection-response.md b/defender-endpoint/alerts-queue-endpoint-detection-response.md index 5a43990aba..f8c81b5a24 100644 --- a/defender-endpoint/alerts-queue-endpoint-detection-response.md +++ b/defender-endpoint/alerts-queue-endpoint-detection-response.md @@ -4,8 +4,8 @@ ms.reviewer: description: View and manage the alerts surfaced in Microsoft Defender XDR keywords: ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/alerts-queue.md b/defender-endpoint/alerts-queue.md index 1e6dd347db..b09f9a29c6 100644 --- a/defender-endpoint/alerts-queue.md +++ b/defender-endpoint/alerts-queue.md @@ -2,8 +2,8 @@ title: View and organize the Microsoft Defender for Endpoint Alerts queue description: Learn about how the Microsoft Defender for Endpoint alerts queues work, and how to sort and filter lists of alerts. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/analyzer-feedback.md b/defender-endpoint/analyzer-feedback.md index 73cabf6fe1..7370c3cdfc 100644 --- a/defender-endpoint/analyzer-feedback.md +++ b/defender-endpoint/analyzer-feedback.md @@ -4,8 +4,8 @@ description: Provide feedback on the Microsoft Defender for Endpoint client anal ms.service: defender-endpoint f1.keywords: - NOCSH -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/analyzer-report.md b/defender-endpoint/analyzer-report.md index 62fe30c9d6..24cb5febee 100644 --- a/defender-endpoint/analyzer-report.md +++ b/defender-endpoint/analyzer-report.md @@ -4,8 +4,8 @@ description: Learn how to analyze the Microsoft Defender for Endpoint Client Ana ms.service: defender-endpoint f1.keywords: - NOCSH -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/android-configure-mam.md b/defender-endpoint/android-configure-mam.md index ca1ed89d9d..d3c5bb9f51 100644 --- a/defender-endpoint/android-configure-mam.md +++ b/defender-endpoint/android-configure-mam.md @@ -3,8 +3,8 @@ title: Configure Microsoft Defender for Endpoint on Android risk signals using A description: Describes how to configure Microsoft Defender for Endpoint risk signals using App Protection policies search.appverid: met150 ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft manager: deniseb ms.localizationpriority: medium audience: ITPro diff --git a/defender-endpoint/android-intune.md b/defender-endpoint/android-intune.md index 6604cec9c4..ea297d44f8 100644 --- a/defender-endpoint/android-intune.md +++ b/defender-endpoint/android-intune.md @@ -2,8 +2,8 @@ title: Deploy Microsoft Defender for Endpoint on Android with Microsoft Intune description: Describes how to deploy Microsoft Defender for Endpoint on Android with Microsoft Intune ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/android-privacy.md b/defender-endpoint/android-privacy.md index 73992c2e3d..14d02de9b3 100644 --- a/defender-endpoint/android-privacy.md +++ b/defender-endpoint/android-privacy.md @@ -2,8 +2,8 @@ title: Microsoft Defender for Endpoint on Android - Privacy information description: Privacy controls, how to configure policy settings that impact privacy and information about the diagnostic data collected in Microsoft Defender for Endpoint on Android. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/android-support-signin.md b/defender-endpoint/android-support-signin.md index 2a9da64a73..0249dabf19 100644 --- a/defender-endpoint/android-support-signin.md +++ b/defender-endpoint/android-support-signin.md @@ -2,8 +2,8 @@ title: Troubleshoot issues on Microsoft Defender for Endpoint on Android description: Troubleshoot issues for Microsoft Defender for Endpoint on Android ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/android-whatsnew.md b/defender-endpoint/android-whatsnew.md index 9c3f29abdc..7a83c3864a 100644 --- a/defender-endpoint/android-whatsnew.md +++ b/defender-endpoint/android-whatsnew.md @@ -2,8 +2,8 @@ title: What's new in Microsoft Defender for Endpoint on Android description: Learn about the major changes for previous versions of Microsoft Defender for Endpoint on Android. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api-microsoft-flow.md b/defender-endpoint/api-microsoft-flow.md index dcd423ad3a..8a28ccbe69 100644 --- a/defender-endpoint/api-microsoft-flow.md +++ b/defender-endpoint/api-microsoft-flow.md @@ -4,8 +4,8 @@ ms.reviewer: description: Use Microsoft Defender for Endpoint Flow connector to create a flow that will be triggered anytime a new event occurs on your tenant. ms.service: defender-endpoint ms.subservice: reference -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/Get-agent-details.md b/defender-endpoint/api/Get-agent-details.md index 66c48b53d0..4e813724e7 100644 --- a/defender-endpoint/api/Get-agent-details.md +++ b/defender-endpoint/api/Get-agent-details.md @@ -3,8 +3,8 @@ title: Get scan agent by ID description: Learn how to use the "Get-Agent-Details" api. keywords: apis, graph api, supported apis, agent details, definition ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/Get-scan-history-by-definition.md b/defender-endpoint/api/Get-scan-history-by-definition.md index c8990165c7..bc9f7fc2d1 100644 --- a/defender-endpoint/api/Get-scan-history-by-definition.md +++ b/defender-endpoint/api/Get-scan-history-by-definition.md @@ -2,8 +2,8 @@ title: Get scan history by definition description: Learn how to use the get scan history by definition api ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/Get-scan-history-by-session.md b/defender-endpoint/api/Get-scan-history-by-session.md index 3b945c8c65..1c27128c28 100644 --- a/defender-endpoint/api/Get-scan-history-by-session.md +++ b/defender-endpoint/api/Get-scan-history-by-session.md @@ -2,8 +2,8 @@ title: Get scan history by session description: Learn how to use the get scan history by session api. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/add-a-new-scan-definition.md b/defender-endpoint/api/add-a-new-scan-definition.md index cf0ce5bf40..9015beeb18 100644 --- a/defender-endpoint/api/add-a-new-scan-definition.md +++ b/defender-endpoint/api/add-a-new-scan-definition.md @@ -2,8 +2,8 @@ title: Add, update, or delete a scan definition description: Learn how to use the Add, update, or delete scan definitions. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/add-or-remove-machine-tags.md b/defender-endpoint/api/add-or-remove-machine-tags.md index 15b4ede73c..9c50ddb5aa 100644 --- a/defender-endpoint/api/add-or-remove-machine-tags.md +++ b/defender-endpoint/api/add-or-remove-machine-tags.md @@ -2,8 +2,8 @@ title: Add or remove a tag for a machine description: Learn how to use the Add or Remove machine tags API to adds or remove a tag for a machine in Microsoft Defender for Endpoint. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/add-or-remove-multiple-machine-tags.md b/defender-endpoint/api/add-or-remove-multiple-machine-tags.md index fc60ca18c7..061998d9a3 100644 --- a/defender-endpoint/api/add-or-remove-multiple-machine-tags.md +++ b/defender-endpoint/api/add-or-remove-multiple-machine-tags.md @@ -2,8 +2,8 @@ title: Add or remove a tag for multiple machines description: Learn how to use the Add or Remove machine tags API to add or remove a tag for multiple devices in Microsoft Defender for Endpoint. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/alerts.md b/defender-endpoint/api/alerts.md index f49c55b681..4a953d07a0 100644 --- a/defender-endpoint/api/alerts.md +++ b/defender-endpoint/api/alerts.md @@ -2,8 +2,8 @@ title: Get alerts API description: Learn about the methods and properties of the Alert resource type in Microsoft Defender for Endpoint. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/api-explorer.md b/defender-endpoint/api/api-explorer.md index 4f60bdc072..c12796d917 100644 --- a/defender-endpoint/api/api-explorer.md +++ b/defender-endpoint/api/api-explorer.md @@ -3,8 +3,8 @@ title: API Explorer in Microsoft Defender for Endpoint ms.reviewer: description: Use the API Explorer to construct and do API queries, test, and send requests for any available API ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/api-hello-world.md b/defender-endpoint/api/api-hello-world.md index e9764260b4..86b49cbe2a 100644 --- a/defender-endpoint/api/api-hello-world.md +++ b/defender-endpoint/api/api-hello-world.md @@ -3,8 +3,8 @@ title: Hello World for Microsoft Defender for Endpoint API ms.reviewer: description: Create a practice 'Hello world'-style API call to the Microsoft Defender for Endpoint API. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/api-power-bi.md b/defender-endpoint/api/api-power-bi.md index c3d1c36ef5..58dff3b1b1 100644 --- a/defender-endpoint/api/api-power-bi.md +++ b/defender-endpoint/api/api-power-bi.md @@ -3,8 +3,8 @@ title: Microsoft Defender for Endpoint APIs connection to Power BI ms.reviewer: yongrhee description: Create a Power Business Intelligence (BI) report on top of Microsoft Defender for Endpoint APIs. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/api-release-notes.md b/defender-endpoint/api/api-release-notes.md index e65d8b02c7..17ef0562c1 100644 --- a/defender-endpoint/api/api-release-notes.md +++ b/defender-endpoint/api/api-release-notes.md @@ -3,8 +3,8 @@ title: Microsoft Defender for Endpoint API release notes description: Release notes for updates made to the Microsoft Defender for Endpoint set of APIs. ms.service: defender-endpoint ms.subservice: reference -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/apis-intro.md b/defender-endpoint/api/apis-intro.md index b52e024e6f..dad235261b 100644 --- a/defender-endpoint/api/apis-intro.md +++ b/defender-endpoint/api/apis-intro.md @@ -4,8 +4,8 @@ ms.reviewer: description: Learn how you can use APIs to automate workflows and innovate based on Microsoft Defender for Endpoint capabilities ms.service: defender-endpoint ms.subservice: reference -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium ms.date: 01/25/2022 manager: deniseb diff --git a/defender-endpoint/api/batch-delete-ti-indicators.md b/defender-endpoint/api/batch-delete-ti-indicators.md index 03e079baa6..a865dbc8a3 100644 --- a/defender-endpoint/api/batch-delete-ti-indicators.md +++ b/defender-endpoint/api/batch-delete-ti-indicators.md @@ -4,8 +4,8 @@ description: Learn how to use the Batch Delete Indicators API to delete indicato ms.service: defender-endpoint ms.subservice: reference ms.reviewer: itsela -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.localizationpriority: medium manager: deniseb ms.collection: diff --git a/defender-endpoint/api/batch-update-alerts.md b/defender-endpoint/api/batch-update-alerts.md index 18c7939c15..10898bba3c 100644 --- a/defender-endpoint/api/batch-update-alerts.md +++ b/defender-endpoint/api/batch-update-alerts.md @@ -3,8 +3,8 @@ title: Batch Update alert entities API description: Learn how to update Microsoft Defender for Endpoint alerts in a batch by using this API. You can update the status, determination, classification, and assignedTo properties. ms.service: defender-endpoint ms.subservice: reference -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/cancel-machine-action.md b/defender-endpoint/api/cancel-machine-action.md index 072799aa1b..9ebd8a2b51 100644 --- a/defender-endpoint/api/cancel-machine-action.md +++ b/defender-endpoint/api/cancel-machine-action.md @@ -6,8 +6,8 @@ ms.service: defender-endpoint ms.subservice: reference f1.keywords: - NOCSH -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/collect-investigation-package.md b/defender-endpoint/api/collect-investigation-package.md index 675994cb55..a58d9770a5 100644 --- a/defender-endpoint/api/collect-investigation-package.md +++ b/defender-endpoint/api/collect-investigation-package.md @@ -2,8 +2,8 @@ title: Collect investigation package API description: Use this API to create calls related to the collecting an investigation package from a device. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/common-errors.md b/defender-endpoint/api/common-errors.md index dc0948f2d5..fcf3fef2a8 100644 --- a/defender-endpoint/api/common-errors.md +++ b/defender-endpoint/api/common-errors.md @@ -2,8 +2,8 @@ title: Common Microsoft Defender for Endpoint API errors description: List of common Microsoft Defender for Endpoint API errors with descriptions. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/create-alert-by-reference.md b/defender-endpoint/api/create-alert-by-reference.md index aa61b40277..82cd81dbb1 100644 --- a/defender-endpoint/api/create-alert-by-reference.md +++ b/defender-endpoint/api/create-alert-by-reference.md @@ -2,8 +2,8 @@ title: Create alert from event API description: Learn how to use the Create alert API to create a new Alert on top of Event in Microsoft Defender for Endpoint. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/delete-library.md b/defender-endpoint/api/delete-library.md index 5e7a082729..a63883f4c5 100644 --- a/defender-endpoint/api/delete-library.md +++ b/defender-endpoint/api/delete-library.md @@ -5,8 +5,8 @@ search.appverid: met150 ms.service: defender-endpoint f1.keywords: - NOCSH -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/delete-ti-indicator-by-id.md b/defender-endpoint/api/delete-ti-indicator-by-id.md index c871b83378..22ff076953 100644 --- a/defender-endpoint/api/delete-ti-indicator-by-id.md +++ b/defender-endpoint/api/delete-ti-indicator-by-id.md @@ -2,8 +2,8 @@ title: Delete Indicator API. description: Learn how to use the Delete Indicator API to delete an Indicator entity by ID in Microsoft Defender for Endpoint. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/device-health-api-methods-properties.md b/defender-endpoint/api/device-health-api-methods-properties.md index e3916e0423..3be79d61a1 100644 --- a/defender-endpoint/api/device-health-api-methods-properties.md +++ b/defender-endpoint/api/device-health-api-methods-properties.md @@ -2,8 +2,8 @@ title: Microsoft Defender Antivirus export device antivirus health details API methods and properties description: "Learn how to export a list of Microsoft Defender Antivirus device health details." ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium ms.date: 06/25/2024 manager: deniseb diff --git a/defender-endpoint/api/device-health-export-antivirus-health-report-api.md b/defender-endpoint/api/device-health-export-antivirus-health-report-api.md index 342ff9d26b..9f0c9e33fd 100644 --- a/defender-endpoint/api/device-health-export-antivirus-health-report-api.md +++ b/defender-endpoint/api/device-health-export-antivirus-health-report-api.md @@ -2,8 +2,8 @@ title: Microsoft Defender Antivirus Device Health export device antivirus health reporting description: Presents methods to retrieve Microsoft Defender Antivirus device health details. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium ms.date: 06/25/2024 manager: deniseb diff --git a/defender-endpoint/api/export-certificate-inventory-assessment.md b/defender-endpoint/api/export-certificate-inventory-assessment.md index ca09f2034e..a47f62670e 100644 --- a/defender-endpoint/api/export-certificate-inventory-assessment.md +++ b/defender-endpoint/api/export-certificate-inventory-assessment.md @@ -2,8 +2,8 @@ title: Certificate assessment methods and properties per device description: Provides information about the certificates APIs that pull "Microsoft Defender Vulnerability Management" data. There are different API calls to get different types of data. In general, each API call contains the requisite data for devices in your organization. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/export-firmware-hardware-assessment.md b/defender-endpoint/api/export-firmware-hardware-assessment.md index 919d9e34f8..6d4509bc55 100644 --- a/defender-endpoint/api/export-firmware-hardware-assessment.md +++ b/defender-endpoint/api/export-firmware-hardware-assessment.md @@ -2,8 +2,8 @@ title: Hardware and firmware assessment methods and properties per device description: Provides information about the Firmware and Hardware APIs that pull "Microsoft Defender Vulnerability Management" data. There are different API calls to get different types of data. In general, each API call contains the requisite data for devices in your organization. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/export-security-baseline-assessment.md b/defender-endpoint/api/export-security-baseline-assessment.md index 0c39f1aa7d..dad17fbb46 100644 --- a/defender-endpoint/api/export-security-baseline-assessment.md +++ b/defender-endpoint/api/export-security-baseline-assessment.md @@ -2,8 +2,8 @@ title: Security baseline assessment methods and properties per device description: Provides information about the security baselines APIs that pull "Microsoft Defender Vulnerability Management" data. There are different API calls to get different types of data. In general, each API call contains the requisite data for devices in your organization. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/exposed-apis-create-app-nativeapp.md b/defender-endpoint/api/exposed-apis-create-app-nativeapp.md index 4162c28f6a..3defc4f88e 100644 --- a/defender-endpoint/api/exposed-apis-create-app-nativeapp.md +++ b/defender-endpoint/api/exposed-apis-create-app-nativeapp.md @@ -3,8 +3,8 @@ title: Use Microsoft Defender for Endpoint APIs ms.reviewer: description: Learn how to design a native Windows app to get programmatic access to Microsoft Defender for Endpoint without a user. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium ms.date: 06/24/2024 manager: deniseb diff --git a/defender-endpoint/api/exposed-apis-create-app-partners.md b/defender-endpoint/api/exposed-apis-create-app-partners.md index b0514bd1cc..8bb6df233f 100644 --- a/defender-endpoint/api/exposed-apis-create-app-partners.md +++ b/defender-endpoint/api/exposed-apis-create-app-partners.md @@ -3,8 +3,8 @@ title: Partner access through Microsoft Defender for Endpoint APIs ms.reviewer: description: Learn how to design a web app to get programmatic access to Microsoft Defender for Endpoint on behalf of your users. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium ms.date: 08/29/2024 manager: deniseb diff --git a/defender-endpoint/api/exposed-apis-create-app-webapp.md b/defender-endpoint/api/exposed-apis-create-app-webapp.md index f0e5a3727f..cdb6391b3f 100644 --- a/defender-endpoint/api/exposed-apis-create-app-webapp.md +++ b/defender-endpoint/api/exposed-apis-create-app-webapp.md @@ -3,8 +3,8 @@ title: Create an app to access Microsoft Defender for Endpoint without a user ms.reviewer: description: Learn how to design a web app to get programmatic access to Microsoft Defender for Endpoint without a user. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium ms.date: 08/29/2024 manager: deniseb diff --git a/defender-endpoint/api/exposed-apis-full-sample-powershell.md b/defender-endpoint/api/exposed-apis-full-sample-powershell.md index 0ca5a70a9f..d0ecd13cae 100644 --- a/defender-endpoint/api/exposed-apis-full-sample-powershell.md +++ b/defender-endpoint/api/exposed-apis-full-sample-powershell.md @@ -3,8 +3,8 @@ title: Advanced Hunting with PowerShell API Guide ms.reviewer: description: Use these code samples, querying several Microsoft Defender for Endpoint APIs. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/exposed-apis-list.md b/defender-endpoint/api/exposed-apis-list.md index 55e6a1f8a6..57d0d80886 100644 --- a/defender-endpoint/api/exposed-apis-list.md +++ b/defender-endpoint/api/exposed-apis-list.md @@ -3,8 +3,8 @@ title: Supported Microsoft Defender for Endpoint APIs ms.reviewer: description: Learn about the specific supported Microsoft Defender for Endpoint entities where you can create API calls to. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium ms.date: 04/17/2024 manager: deniseb diff --git a/defender-endpoint/api/exposed-apis-odata-samples.md b/defender-endpoint/api/exposed-apis-odata-samples.md index fb5e2be81f..f3fb11e8f8 100644 --- a/defender-endpoint/api/exposed-apis-odata-samples.md +++ b/defender-endpoint/api/exposed-apis-odata-samples.md @@ -3,8 +3,8 @@ title: OData queries with Microsoft Defender for Endpoint ms.reviewer: description: Use these examples of Open Data Protocol (OData) queries to help with data access protocols in Microsoft Defender for Endpoint. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium ms.date: 01/25/2023 manager: deniseb diff --git a/defender-endpoint/api/fetch-alerts-mssp.md b/defender-endpoint/api/fetch-alerts-mssp.md index e01341434a..2fee488423 100644 --- a/defender-endpoint/api/fetch-alerts-mssp.md +++ b/defender-endpoint/api/fetch-alerts-mssp.md @@ -2,8 +2,8 @@ title: Fetch alerts from MSSP customer tenant description: Learn how to fetch alerts from a customer tenant ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/files.md b/defender-endpoint/api/files.md index 21b354e8a2..a47a111210 100644 --- a/defender-endpoint/api/files.md +++ b/defender-endpoint/api/files.md @@ -2,8 +2,8 @@ title: File resource type description: Retrieve recent Microsoft Defender for Endpoint alerts related to files. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/find-machine-info-by-ip.md b/defender-endpoint/api/find-machine-info-by-ip.md index 4fba81208b..299abfaf1a 100644 --- a/defender-endpoint/api/find-machine-info-by-ip.md +++ b/defender-endpoint/api/find-machine-info-by-ip.md @@ -2,8 +2,8 @@ title: Find device information by internal IP API description: Use this API to create calls related to finding a device entry around a specific timestamp by internal IP. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/find-machines-by-ip.md b/defender-endpoint/api/find-machines-by-ip.md index 12bb6540c4..c15da90c6f 100644 --- a/defender-endpoint/api/find-machines-by-ip.md +++ b/defender-endpoint/api/find-machines-by-ip.md @@ -2,8 +2,8 @@ title: Find devices by internal IP API description: Find devices seen with the requested internal IP in the time range of 15 minutes prior and after a given timestamp ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/find-machines-by-tag.md b/defender-endpoint/api/find-machines-by-tag.md index 8f4fe36992..60661524a4 100644 --- a/defender-endpoint/api/find-machines-by-tag.md +++ b/defender-endpoint/api/find-machines-by-tag.md @@ -2,8 +2,8 @@ title: Find devices by tag API description: Find all devices that contain specific tag ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-alert-info-by-id.md b/defender-endpoint/api/get-alert-info-by-id.md index d3a2cc3786..a036bcb7d1 100644 --- a/defender-endpoint/api/get-alert-info-by-id.md +++ b/defender-endpoint/api/get-alert-info-by-id.md @@ -2,8 +2,8 @@ title: Get alert information by ID API description: Learn how to use the Get alert information by ID API to retrieve a specific alert by its ID in Microsoft Defender for Endpoint. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-alert-related-domain-info.md b/defender-endpoint/api/get-alert-related-domain-info.md index 5d4d4a1092..3ecfb8ea25 100644 --- a/defender-endpoint/api/get-alert-related-domain-info.md +++ b/defender-endpoint/api/get-alert-related-domain-info.md @@ -2,8 +2,8 @@ title: Get alert related domains information description: Retrieve all domains related to a specific alert using Microsoft Defender for Endpoint. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-alert-related-files-info.md b/defender-endpoint/api/get-alert-related-files-info.md index d702f01375..f1d45bcffa 100644 --- a/defender-endpoint/api/get-alert-related-files-info.md +++ b/defender-endpoint/api/get-alert-related-files-info.md @@ -2,8 +2,8 @@ title: Get alert related files information description: Retrieve all files related to a specific alert using Microsoft Defender for Endpoint. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-alert-related-ip-info.md b/defender-endpoint/api/get-alert-related-ip-info.md index b102269135..ac5489b721 100644 --- a/defender-endpoint/api/get-alert-related-ip-info.md +++ b/defender-endpoint/api/get-alert-related-ip-info.md @@ -2,8 +2,8 @@ title: Get alert-related IPs' information description: Retrieve all IPs related to a specific alert using Microsoft Defender for Endpoint. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-alert-related-machine-info.md b/defender-endpoint/api/get-alert-related-machine-info.md index 93f1108829..23e9e2918a 100644 --- a/defender-endpoint/api/get-alert-related-machine-info.md +++ b/defender-endpoint/api/get-alert-related-machine-info.md @@ -2,8 +2,8 @@ title: Get alert related machine information description: Retrieve all devices related to a specific alert using Microsoft Defender for Endpoint. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-alert-related-user-info.md b/defender-endpoint/api/get-alert-related-user-info.md index 6a0751fdc8..3505d945d4 100644 --- a/defender-endpoint/api/get-alert-related-user-info.md +++ b/defender-endpoint/api/get-alert-related-user-info.md @@ -2,8 +2,8 @@ title: Get alert related user information description: Learn how to use the Get alert-related user information API to retrieve the user related to a specific alert in Microsoft Defender for Endpoint. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-alerts.md b/defender-endpoint/api/get-alerts.md index d7c6b3aad0..cc5717ca48 100644 --- a/defender-endpoint/api/get-alerts.md +++ b/defender-endpoint/api/get-alerts.md @@ -2,8 +2,8 @@ title: List alerts API description: Learn how to use the List alerts API to retrieve a collection of alerts in Microsoft Defender for Endpoint. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-all-recommendations.md b/defender-endpoint/api/get-all-recommendations.md index 3414d4ca57..70e2bfc126 100644 --- a/defender-endpoint/api/get-all-recommendations.md +++ b/defender-endpoint/api/get-all-recommendations.md @@ -2,8 +2,8 @@ title: List all recommendations description: Retrieves a list of all security recommendations affecting the organization. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-all-scan-agents.md b/defender-endpoint/api/get-all-scan-agents.md index b7f7c7e8b3..d43e2b070a 100644 --- a/defender-endpoint/api/get-all-scan-agents.md +++ b/defender-endpoint/api/get-all-scan-agents.md @@ -2,8 +2,8 @@ title: Get all scan agents description: Learn how to use the Get all scan agents API ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-all-scan-definitions.md b/defender-endpoint/api/get-all-scan-definitions.md index 800e70334e..0e318b9fbb 100644 --- a/defender-endpoint/api/get-all-scan-definitions.md +++ b/defender-endpoint/api/get-all-scan-definitions.md @@ -2,8 +2,8 @@ title: Get scan definitions description: Learn how to use the Get all scan definition APIs ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-all-vulnerabilities-by-machines.md b/defender-endpoint/api/get-all-vulnerabilities-by-machines.md index a1edf04edf..c55b061cb0 100644 --- a/defender-endpoint/api/get-all-vulnerabilities-by-machines.md +++ b/defender-endpoint/api/get-all-vulnerabilities-by-machines.md @@ -2,8 +2,8 @@ title: Get all vulnerabilities by machine and software description: Retrieves a list of all the vulnerabilities affecting the organization by Machine and Software ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-all-vulnerabilities.md b/defender-endpoint/api/get-all-vulnerabilities.md index 96d047f0cb..07d13d8ebc 100644 --- a/defender-endpoint/api/get-all-vulnerabilities.md +++ b/defender-endpoint/api/get-all-vulnerabilities.md @@ -2,8 +2,8 @@ title: Get all vulnerabilities description: Retrieves a list of all the vulnerabilities affecting the organization ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-assessment-browser-extensions.md b/defender-endpoint/api/get-assessment-browser-extensions.md index c21dacadf2..e0431b0427 100644 --- a/defender-endpoint/api/get-assessment-browser-extensions.md +++ b/defender-endpoint/api/get-assessment-browser-extensions.md @@ -2,8 +2,8 @@ title: Export browser extensions assessment description: Returns a table with an entry for every unique combination of DeviceId, BrowserName, ExtensionID. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-assessment-information-gathering.md b/defender-endpoint/api/get-assessment-information-gathering.md index 0b65f6326d..eec4913e4f 100644 --- a/defender-endpoint/api/get-assessment-information-gathering.md +++ b/defender-endpoint/api/get-assessment-information-gathering.md @@ -2,8 +2,8 @@ title: Export information gathering assessment description: Returns a table with an entry for every unique combination of DeviceId, DeviceName, Additional fields. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-assessment-methods-properties.md b/defender-endpoint/api/get-assessment-methods-properties.md index 72160f847c..4e6fb6acbc 100644 --- a/defender-endpoint/api/get-assessment-methods-properties.md +++ b/defender-endpoint/api/get-assessment-methods-properties.md @@ -2,8 +2,8 @@ title: Export assessment methods and properties per device description: Provides information about the APIs that pull "Microsoft Defender Vulnerability Management" data. There are different API calls to get different types of data. In general, each API call contains the requisite data for devices in your organization. ms.service: defender-endpoint -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-assessment-non-cpe-software-inventory.md b/defender-endpoint/api/get-assessment-non-cpe-software-inventory.md index 45fa5338b7..f612b4f40d 100644 --- a/defender-endpoint/api/get-assessment-non-cpe-software-inventory.md +++ b/defender-endpoint/api/get-assessment-non-cpe-software-inventory.md @@ -2,8 +2,8 @@ title: Export non product code software inventory assessment per device description: Returns a table with an entry for every unique combination of DeviceId, SoftwareVendor, SoftwareName, SoftwareVersion for software that doesn't have a Common Platform Enumeration (CPE) ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-assessment-secure-config.md b/defender-endpoint/api/get-assessment-secure-config.md index 8e0317ca4c..ee6cce1a81 100644 --- a/defender-endpoint/api/get-assessment-secure-config.md +++ b/defender-endpoint/api/get-assessment-secure-config.md @@ -2,8 +2,8 @@ title: Export secure configuration assessment per device description: Returns an entry for every unique combination of DeviceId, ConfigurationId. ms.service: defender-endpoint -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-assessment-software-inventory.md b/defender-endpoint/api/get-assessment-software-inventory.md index 72895a238e..1dfbbf6573 100644 --- a/defender-endpoint/api/get-assessment-software-inventory.md +++ b/defender-endpoint/api/get-assessment-software-inventory.md @@ -2,8 +2,8 @@ title: Export software inventory assessment per device description: Returns a table with an entry for every unique combination of DeviceId, SoftwareVendor, SoftwareName, SoftwareVersion. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-assessment-software-vulnerabilities.md b/defender-endpoint/api/get-assessment-software-vulnerabilities.md index b61f20c5c1..1f961a3dde 100644 --- a/defender-endpoint/api/get-assessment-software-vulnerabilities.md +++ b/defender-endpoint/api/get-assessment-software-vulnerabilities.md @@ -2,8 +2,8 @@ title: Export software vulnerabilities assessment per device description: The API response is per device and contains vulnerable software installed on your exposed devices and any known vulnerabilities in these software products. This table also includes operating system information, CVE IDs, and vulnerability severity information. ms.service: defender-endpoint -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-authenticated-scan-properties.md b/defender-endpoint/api/get-authenticated-scan-properties.md index 9b6fcf74e4..0e7d8935d8 100644 --- a/defender-endpoint/api/get-authenticated-scan-properties.md +++ b/defender-endpoint/api/get-authenticated-scan-properties.md @@ -2,8 +2,8 @@ title: Authenticated scan methods and properties description: The API response contains Microsoft Defender Vulnerability Management authenticated scans created in your tenant. You can request all the scans, all the scan definitions or add a new network our authenticated scan. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-browser-extensions-permission-info.md b/defender-endpoint/api/get-browser-extensions-permission-info.md index d6d2996830..7f1add036b 100644 --- a/defender-endpoint/api/get-browser-extensions-permission-info.md +++ b/defender-endpoint/api/get-browser-extensions-permission-info.md @@ -2,8 +2,8 @@ title: Get browser extensions permission info description: Retrieves a list of all permissions required for a browser extension ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-device-secure-score.md b/defender-endpoint/api/get-device-secure-score.md index d9e20a0f5b..d8e467384b 100644 --- a/defender-endpoint/api/get-device-secure-score.md +++ b/defender-endpoint/api/get-device-secure-score.md @@ -2,8 +2,8 @@ title: Get the device secure score description: Retrieves the organizational device secure score. ms.service: defender-endpoint -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-discovered-vulnerabilities.md b/defender-endpoint/api/get-discovered-vulnerabilities.md index 40e162cd5f..1c447ad93b 100644 --- a/defender-endpoint/api/get-discovered-vulnerabilities.md +++ b/defender-endpoint/api/get-discovered-vulnerabilities.md @@ -2,8 +2,8 @@ title: Get discovered vulnerabilities description: Retrieves a collection of discovered vulnerabilities related to a given device ID. ms.service: defender-endpoint -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-domain-related-alerts.md b/defender-endpoint/api/get-domain-related-alerts.md index 1a990ef850..f6690e47a2 100644 --- a/defender-endpoint/api/get-domain-related-alerts.md +++ b/defender-endpoint/api/get-domain-related-alerts.md @@ -2,8 +2,8 @@ title: Get domain-related alerts API description: Learn how to use the Get domain-related alerts API to retrieve alerts related to a given domain address in Microsoft Defender for Endpoint. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-domain-related-machines.md b/defender-endpoint/api/get-domain-related-machines.md index d13f2e5a9d..9ad5b57a9f 100644 --- a/defender-endpoint/api/get-domain-related-machines.md +++ b/defender-endpoint/api/get-domain-related-machines.md @@ -2,8 +2,8 @@ title: Get domain-related machines API description: Learn how to use the Get domain-related machines API to get machines that communicated to or from a domain in Microsoft Defender for Endpoint. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-domain-statistics.md b/defender-endpoint/api/get-domain-statistics.md index f339a4e07c..60a75ee8d6 100644 --- a/defender-endpoint/api/get-domain-statistics.md +++ b/defender-endpoint/api/get-domain-statistics.md @@ -2,8 +2,8 @@ title: Get domain statistics API description: Learn how to use the Get domain statistics API to retrieve the statistics on the given domain in Microsoft Defender for Endpoint. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-exposure-score.md b/defender-endpoint/api/get-exposure-score.md index 9ca68015bc..1af6e41a22 100644 --- a/defender-endpoint/api/get-exposure-score.md +++ b/defender-endpoint/api/get-exposure-score.md @@ -2,8 +2,8 @@ title: Get exposure score description: Retrieves the organizational exposure score. ms.service: defender-endpoint -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-file-information.md b/defender-endpoint/api/get-file-information.md index 613ccd4cfa..12209f3af0 100644 --- a/defender-endpoint/api/get-file-information.md +++ b/defender-endpoint/api/get-file-information.md @@ -2,8 +2,8 @@ title: Get file information API description: Learn how to use the Get file information API to get a file by Sha1, Sha256, or MD5 identifier in Microsoft Defender for Endpoint. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-file-related-alerts.md b/defender-endpoint/api/get-file-related-alerts.md index 76aecb8ee2..a619189947 100644 --- a/defender-endpoint/api/get-file-related-alerts.md +++ b/defender-endpoint/api/get-file-related-alerts.md @@ -2,8 +2,8 @@ title: Get file-related alerts API description: Learn how to use the Get file-related alerts API to get a collection of alerts related to a given file hash in Microsoft Defender for Endpoint. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-file-related-machines.md b/defender-endpoint/api/get-file-related-machines.md index 8145726fad..bb7d198955 100644 --- a/defender-endpoint/api/get-file-related-machines.md +++ b/defender-endpoint/api/get-file-related-machines.md @@ -2,8 +2,8 @@ title: Get file-related machines API description: Learn how to use the Get file-related machines API to get a collection of machines related to a file hash in Microsoft Defender for Endpoint. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-file-statistics.md b/defender-endpoint/api/get-file-statistics.md index 82a3680b70..b5cbc8b750 100644 --- a/defender-endpoint/api/get-file-statistics.md +++ b/defender-endpoint/api/get-file-statistics.md @@ -2,8 +2,8 @@ title: Get file statistics API description: Learn how to use the Get file statistics API to retrieve the statistics for the given file in Microsoft Defender for Endpoint. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-installed-software.md b/defender-endpoint/api/get-installed-software.md index 35be10e120..a4b102ca11 100644 --- a/defender-endpoint/api/get-installed-software.md +++ b/defender-endpoint/api/get-installed-software.md @@ -2,8 +2,8 @@ title: Get installed software description: Retrieves a collection of installed software related to a given device ID. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-investigation-collection.md b/defender-endpoint/api/get-investigation-collection.md index 482dd0aa84..7563f2ea81 100644 --- a/defender-endpoint/api/get-investigation-collection.md +++ b/defender-endpoint/api/get-investigation-collection.md @@ -2,8 +2,8 @@ title: List Investigations API description: Use this API to create calls related to get Investigations collection. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-investigation-object.md b/defender-endpoint/api/get-investigation-object.md index 0efede6854..626f61ebc1 100644 --- a/defender-endpoint/api/get-investigation-object.md +++ b/defender-endpoint/api/get-investigation-object.md @@ -2,8 +2,8 @@ title: Get Investigation object API description: Use this API to create calls related to get Investigation object ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-ip-related-alerts.md b/defender-endpoint/api/get-ip-related-alerts.md index 2cd487cbc1..6794c2461d 100644 --- a/defender-endpoint/api/get-ip-related-alerts.md +++ b/defender-endpoint/api/get-ip-related-alerts.md @@ -2,8 +2,8 @@ title: Get IP related alerts API description: Retrieve a collection of alerts related to a given IP address using Microsoft Defender for Endpoint. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-ip-statistics.md b/defender-endpoint/api/get-ip-statistics.md index 3ae9d63b6a..a1ce697543 100644 --- a/defender-endpoint/api/get-ip-statistics.md +++ b/defender-endpoint/api/get-ip-statistics.md @@ -2,8 +2,8 @@ title: Get IP statistics API description: Get the latest stats for your IP using Microsoft Defender for Endpoint. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-live-response-result.md b/defender-endpoint/api/get-live-response-result.md index 5985d5f608..dfd1b23a07 100644 --- a/defender-endpoint/api/get-live-response-result.md +++ b/defender-endpoint/api/get-live-response-result.md @@ -5,8 +5,8 @@ search.appverid: met150 ms.service: defender-endpoint f1.keywords: - NOCSH -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-machine-by-id.md b/defender-endpoint/api/get-machine-by-id.md index 1b60b5f479..eb61b06c35 100644 --- a/defender-endpoint/api/get-machine-by-id.md +++ b/defender-endpoint/api/get-machine-by-id.md @@ -2,8 +2,8 @@ title: Get machine by ID API description: Learn how to use the Get machine by ID API to retrieve a machine by its device ID or computer name in Microsoft Defender for Endpoint. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-machine-group-exposure-score.md b/defender-endpoint/api/get-machine-group-exposure-score.md index 101ee1a074..f13419492a 100644 --- a/defender-endpoint/api/get-machine-group-exposure-score.md +++ b/defender-endpoint/api/get-machine-group-exposure-score.md @@ -2,8 +2,8 @@ title: List exposure score by device group description: Retrieves a list of exposure scores by device group. ms.service: defender-endpoint -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-machine-log-on-users.md b/defender-endpoint/api/get-machine-log-on-users.md index 18549c635a..8ea1d3a15e 100644 --- a/defender-endpoint/api/get-machine-log-on-users.md +++ b/defender-endpoint/api/get-machine-log-on-users.md @@ -2,8 +2,8 @@ title: Get machine logon users API description: Learn how to use the Get machine logon users API to retrieve a collection of logged on users on a device in Microsoft Defender for Endpoint. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-machine-related-alerts.md b/defender-endpoint/api/get-machine-related-alerts.md index 99443e5064..af5509991a 100644 --- a/defender-endpoint/api/get-machine-related-alerts.md +++ b/defender-endpoint/api/get-machine-related-alerts.md @@ -2,8 +2,8 @@ title: Get machine related alerts API description: Learn how to use the Get machine related alerts API. This API allows you to retrieve all alerts that are related to a specific device in Microsoft Defender for Endpoint. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-machineaction-object.md b/defender-endpoint/api/get-machineaction-object.md index d338e8be2d..5c2dcbf539 100644 --- a/defender-endpoint/api/get-machineaction-object.md +++ b/defender-endpoint/api/get-machineaction-object.md @@ -2,8 +2,8 @@ title: Get MachineAction object API description: Learn how to use the Get MachineAction API to retrieve a specific Machine Action by its ID in Microsoft Defender for Endpoint. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-machineactions-collection.md b/defender-endpoint/api/get-machineactions-collection.md index 005ef5ca6f..73984ec697 100644 --- a/defender-endpoint/api/get-machineactions-collection.md +++ b/defender-endpoint/api/get-machineactions-collection.md @@ -2,8 +2,8 @@ title: List machineActions API description: Learn how to use the List MachineActions API to retrieve a collection of Machine Actions in Microsoft Defender for Endpoint. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-machines-by-software.md b/defender-endpoint/api/get-machines-by-software.md index 4b5e427049..191b42ef9f 100644 --- a/defender-endpoint/api/get-machines-by-software.md +++ b/defender-endpoint/api/get-machines-by-software.md @@ -2,8 +2,8 @@ title: List devices by software description: Retrieve a list of devices that has this software installed. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-machines-by-vulnerability.md b/defender-endpoint/api/get-machines-by-vulnerability.md index 9e9951235d..b8597ed56f 100644 --- a/defender-endpoint/api/get-machines-by-vulnerability.md +++ b/defender-endpoint/api/get-machines-by-vulnerability.md @@ -2,8 +2,8 @@ title: List devices by vulnerability description: Retrieves a list of devices affected by a vulnerability. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-machines.md b/defender-endpoint/api/get-machines.md index 320e20dd26..9142be51f8 100644 --- a/defender-endpoint/api/get-machines.md +++ b/defender-endpoint/api/get-machines.md @@ -2,8 +2,8 @@ title: List machines API description: Learn how to use the List machines API to retrieve a collection of machines that have communicated with Microsoft Defender for Endpoint cloud. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-missing-kbs-machine.md b/defender-endpoint/api/get-missing-kbs-machine.md index 6caa07da54..d5d612a8c4 100644 --- a/defender-endpoint/api/get-missing-kbs-machine.md +++ b/defender-endpoint/api/get-missing-kbs-machine.md @@ -2,8 +2,8 @@ title: Get missing KBs by device ID description: Retrieves missing security updates by device ID ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-missing-kbs-software.md b/defender-endpoint/api/get-missing-kbs-software.md index 6c13a099dd..1b7ae80e0f 100644 --- a/defender-endpoint/api/get-missing-kbs-software.md +++ b/defender-endpoint/api/get-missing-kbs-software.md @@ -2,8 +2,8 @@ title: Get missing KBs by software ID description: Retrieves missing security updates by software ID ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-package-sas-uri.md b/defender-endpoint/api/get-package-sas-uri.md index 3b0642cb85..890db0c11a 100644 --- a/defender-endpoint/api/get-package-sas-uri.md +++ b/defender-endpoint/api/get-package-sas-uri.md @@ -2,8 +2,8 @@ title: Get package SAS URI API description: Use this API to get a URI that allows downloading an investigation package. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-recommendation-by-id.md b/defender-endpoint/api/get-recommendation-by-id.md index a9203c0012..ae1b390408 100644 --- a/defender-endpoint/api/get-recommendation-by-id.md +++ b/defender-endpoint/api/get-recommendation-by-id.md @@ -2,8 +2,8 @@ title: Get recommendation by Id description: Retrieves a security recommendation by its ID. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-recommendation-machines.md b/defender-endpoint/api/get-recommendation-machines.md index 692995dea3..3b7401acc9 100644 --- a/defender-endpoint/api/get-recommendation-machines.md +++ b/defender-endpoint/api/get-recommendation-machines.md @@ -2,8 +2,8 @@ title: List devices by recommendation description: Retrieves a list of devices associated with the security recommendation. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-recommendation-vulnerabilities.md b/defender-endpoint/api/get-recommendation-vulnerabilities.md index 33fd5f6a22..aac347f8ec 100644 --- a/defender-endpoint/api/get-recommendation-vulnerabilities.md +++ b/defender-endpoint/api/get-recommendation-vulnerabilities.md @@ -2,8 +2,8 @@ title: List vulnerabilities by recommendation description: Retrieves a list of vulnerabilities associated with the security recommendation. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-remediation-all-activities.md b/defender-endpoint/api/get-remediation-all-activities.md index a37aa866b1..82784bda34 100644 --- a/defender-endpoint/api/get-remediation-all-activities.md +++ b/defender-endpoint/api/get-remediation-all-activities.md @@ -2,8 +2,8 @@ title: List all remediation activities description: Returns information about all remediation activities. ms.service: defender-endpoint -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-remediation-exposed-devices-activities.md b/defender-endpoint/api/get-remediation-exposed-devices-activities.md index 115d78f5bb..93cef8fe4d 100644 --- a/defender-endpoint/api/get-remediation-exposed-devices-activities.md +++ b/defender-endpoint/api/get-remediation-exposed-devices-activities.md @@ -2,8 +2,8 @@ title: List exposed devices of one remediation activity description: Returns information about exposed devices for the specified remediation task. ms.service: defender-endpoint -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-remediation-methods-properties.md b/defender-endpoint/api/get-remediation-methods-properties.md index b6bbb07a92..67759c39ef 100644 --- a/defender-endpoint/api/get-remediation-methods-properties.md +++ b/defender-endpoint/api/get-remediation-methods-properties.md @@ -2,8 +2,8 @@ title: Remediation activity methods and properties description: The API response contains Microsoft Defender Vulnerability Management remediation activities created in your tenant. You can request all the remediation activities, only one remediation activity, or information about exposed devices for a selected remediation task. ms.service: defender-endpoint -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-remediation-one-activity.md b/defender-endpoint/api/get-remediation-one-activity.md index 5184026d61..f5a868cb79 100644 --- a/defender-endpoint/api/get-remediation-one-activity.md +++ b/defender-endpoint/api/get-remediation-one-activity.md @@ -2,8 +2,8 @@ title: Get one remediation activity by ID description: Returns information for the specified remediation activity. ms.service: defender-endpoint -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-security-baselines-assessment-configurations.md b/defender-endpoint/api/get-security-baselines-assessment-configurations.md index 04c7d81b57..d68347ae51 100644 --- a/defender-endpoint/api/get-security-baselines-assessment-configurations.md +++ b/defender-endpoint/api/get-security-baselines-assessment-configurations.md @@ -2,8 +2,8 @@ title: Get baseline profile configurations description: Provides information about the security baselines assessment configurations that pull "Microsoft Defender Vulnerability Management" data. There are different API calls to get different types of data. In general, each API call contains the requisite data for devices in your organization. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-security-baselines-assessment-profiles.md b/defender-endpoint/api/get-security-baselines-assessment-profiles.md index 032461925e..90222a3e29 100644 --- a/defender-endpoint/api/get-security-baselines-assessment-profiles.md +++ b/defender-endpoint/api/get-security-baselines-assessment-profiles.md @@ -2,8 +2,8 @@ title: Security baselines assessment profiles description: Provides information about the security baselines assessment profiles APIs that pull "Microsoft Defender Vulnerability Management" data. There are different API calls to get different types of data. In general, each API call contains the requisite data for devices in your organization. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-security-recommendations.md b/defender-endpoint/api/get-security-recommendations.md index 7357623453..0e78f98654 100644 --- a/defender-endpoint/api/get-security-recommendations.md +++ b/defender-endpoint/api/get-security-recommendations.md @@ -2,8 +2,8 @@ title: Get security recommendations description: Retrieves a collection of security recommendations related to a given device ID. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-software-by-id.md b/defender-endpoint/api/get-software-by-id.md index 84517fc2e2..be8f8b2e9f 100644 --- a/defender-endpoint/api/get-software-by-id.md +++ b/defender-endpoint/api/get-software-by-id.md @@ -2,8 +2,8 @@ title: Get software by ID description: Retrieves a list of software details by ID. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-software-ver-distribution.md b/defender-endpoint/api/get-software-ver-distribution.md index 901209423c..29d2f8ca7c 100644 --- a/defender-endpoint/api/get-software-ver-distribution.md +++ b/defender-endpoint/api/get-software-ver-distribution.md @@ -2,8 +2,8 @@ title: List software version distribution description: Retrieves a list of your organization's software version distribution ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-software.md b/defender-endpoint/api/get-software.md index ee1b6589e6..0887c01ab4 100644 --- a/defender-endpoint/api/get-software.md +++ b/defender-endpoint/api/get-software.md @@ -2,8 +2,8 @@ title: List software description: Retrieves a list of software inventory ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-ti-indicators-collection.md b/defender-endpoint/api/get-ti-indicators-collection.md index cbbe07dfe7..6412536abf 100644 --- a/defender-endpoint/api/get-ti-indicators-collection.md +++ b/defender-endpoint/api/get-ti-indicators-collection.md @@ -2,8 +2,8 @@ title: List Indicators API description: Learn how to use the List Indicators API to retrieve a collection of all active Indicators in Microsoft Defender for Endpoint. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-user-related-alerts.md b/defender-endpoint/api/get-user-related-alerts.md index 98ee7694a8..7cdb7b0528 100644 --- a/defender-endpoint/api/get-user-related-alerts.md +++ b/defender-endpoint/api/get-user-related-alerts.md @@ -2,8 +2,8 @@ title: Get user-related alerts API description: Retrieve a collection of alerts related to a given user ID using Microsoft Defender for Endpoint. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-user-related-machines.md b/defender-endpoint/api/get-user-related-machines.md index 9e403f48d5..825c98863b 100644 --- a/defender-endpoint/api/get-user-related-machines.md +++ b/defender-endpoint/api/get-user-related-machines.md @@ -2,8 +2,8 @@ title: Get user-related machines API description: Learn how to use the Get user-related machines API to retrieve a collection of devices related to a user ID in Microsoft Defender for Endpoint. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-vuln-by-software.md b/defender-endpoint/api/get-vuln-by-software.md index 378b45e400..a0e0557413 100644 --- a/defender-endpoint/api/get-vuln-by-software.md +++ b/defender-endpoint/api/get-vuln-by-software.md @@ -2,8 +2,8 @@ title: List vulnerabilities by software description: Retrieve a list of vulnerabilities in the installed software. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/get-vulnerability-by-id.md b/defender-endpoint/api/get-vulnerability-by-id.md index 13369ea9f6..e7d695f91a 100644 --- a/defender-endpoint/api/get-vulnerability-by-id.md +++ b/defender-endpoint/api/get-vulnerability-by-id.md @@ -2,8 +2,8 @@ title: Get vulnerability by ID description: Retrieves vulnerability information by its ID. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/import-ti-indicators.md b/defender-endpoint/api/import-ti-indicators.md index 9246ae2ea2..8f7cef0955 100644 --- a/defender-endpoint/api/import-ti-indicators.md +++ b/defender-endpoint/api/import-ti-indicators.md @@ -2,8 +2,8 @@ title: Import Indicators API description: Learn how to use the Import batch of Indicator API in Microsoft Defender for Endpoint. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/initiate-autoir-investigation.md b/defender-endpoint/api/initiate-autoir-investigation.md index f0865077e1..c15c41cc64 100644 --- a/defender-endpoint/api/initiate-autoir-investigation.md +++ b/defender-endpoint/api/initiate-autoir-investigation.md @@ -2,8 +2,8 @@ title: Start Investigation API description: Use this API to start investigation on a device. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/investigation.md b/defender-endpoint/api/investigation.md index 2d9bf50635..f51d1c8fa3 100644 --- a/defender-endpoint/api/investigation.md +++ b/defender-endpoint/api/investigation.md @@ -2,8 +2,8 @@ title: Investigation resource type description: Microsoft Defender for Endpoint Investigation entity. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/isolate-machine.md b/defender-endpoint/api/isolate-machine.md index 9096d3e75e..341caaee24 100644 --- a/defender-endpoint/api/isolate-machine.md +++ b/defender-endpoint/api/isolate-machine.md @@ -2,8 +2,8 @@ title: Isolate machine API description: Learn how to use the Isolate machine API to isolate a device from accessing external network in Microsoft Defender for Endpoint. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/list-library-files.md b/defender-endpoint/api/list-library-files.md index 4ef95d71f3..e50725f4df 100644 --- a/defender-endpoint/api/list-library-files.md +++ b/defender-endpoint/api/list-library-files.md @@ -5,8 +5,8 @@ search.appverid: met150 ms.service: defender-endpoint f1.keywords: - NOCSH -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/list-recommendation-software.md b/defender-endpoint/api/list-recommendation-software.md index c3b58219cb..dba32ab0f2 100644 --- a/defender-endpoint/api/list-recommendation-software.md +++ b/defender-endpoint/api/list-recommendation-software.md @@ -2,8 +2,8 @@ title: List software by recommendation description: Retrieves a security recommendation related to a specific software. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/machine.md b/defender-endpoint/api/machine.md index 441f0e6069..73a590af9e 100644 --- a/defender-endpoint/api/machine.md +++ b/defender-endpoint/api/machine.md @@ -2,8 +2,8 @@ title: Machine resource type description: Learn about the methods and properties of the Machine resource type in Microsoft Defender for Endpoint. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/machineaction.md b/defender-endpoint/api/machineaction.md index 1ad1d86083..fafcf6d93c 100644 --- a/defender-endpoint/api/machineaction.md +++ b/defender-endpoint/api/machineaction.md @@ -2,8 +2,8 @@ title: machineAction resource type description: Learn about the methods and properties of the MachineAction resource type in Microsoft Defender for Endpoint. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/management-apis.md b/defender-endpoint/api/management-apis.md index 5d7829cf8e..d25632de50 100644 --- a/defender-endpoint/api/management-apis.md +++ b/defender-endpoint/api/management-apis.md @@ -3,8 +3,8 @@ title: Overview of management and APIs ms.reviewer: description: Learn about the management tools and API categories in Microsoft Defender for Endpoint ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/offboard-machine-api.md b/defender-endpoint/api/offboard-machine-api.md index 771891ca0b..7284256042 100644 --- a/defender-endpoint/api/offboard-machine-api.md +++ b/defender-endpoint/api/offboard-machine-api.md @@ -2,8 +2,8 @@ title: Offboard machine API description: Learn how to use an API to offboard a device from Microsoft Defender for Endpoint. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/post-ti-indicator.md b/defender-endpoint/api/post-ti-indicator.md index 852e94b3ed..8d67849560 100644 --- a/defender-endpoint/api/post-ti-indicator.md +++ b/defender-endpoint/api/post-ti-indicator.md @@ -2,8 +2,8 @@ title: Submit or Update Indicator API description: Learn how to use the Submit or Update Indicator API to submit or update a new Indicator entity in Microsoft Defender for Endpoint. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/raw-data-export-event-hub.md b/defender-endpoint/api/raw-data-export-event-hub.md index 2df225f3ef..e29e441166 100644 --- a/defender-endpoint/api/raw-data-export-event-hub.md +++ b/defender-endpoint/api/raw-data-export-event-hub.md @@ -2,8 +2,8 @@ title: Stream Microsoft Defender for Endpoint events to Azure Event Hubs description: Learn how to configure Microsoft Defender for Endpoint to stream Advanced Hunting events to your Event Hubs. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/raw-data-export-storage.md b/defender-endpoint/api/raw-data-export-storage.md index fb35cc5dc3..3431d2736f 100644 --- a/defender-endpoint/api/raw-data-export-storage.md +++ b/defender-endpoint/api/raw-data-export-storage.md @@ -2,8 +2,8 @@ title: Stream Microsoft Defender for Endpoint events to your Storage account description: Learn how to configure Microsoft Defender for Endpoint to stream Advanced Hunting events to your Storage account. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/raw-data-export.md b/defender-endpoint/api/raw-data-export.md index 5da2a1f022..daa2123c8a 100644 --- a/defender-endpoint/api/raw-data-export.md +++ b/defender-endpoint/api/raw-data-export.md @@ -2,8 +2,8 @@ title: Stream Microsoft Defender for Endpoint event description: Learn how to configure Microsoft Defender for Endpoint to stream Advanced Hunting events to Event Hubs or Azure storage account ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/recommendation.md b/defender-endpoint/api/recommendation.md index fee7444e75..ff549272c0 100644 --- a/defender-endpoint/api/recommendation.md +++ b/defender-endpoint/api/recommendation.md @@ -2,8 +2,8 @@ title: Recommendation methods and properties description: Retrieves the top recent alerts. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/restrict-code-execution.md b/defender-endpoint/api/restrict-code-execution.md index e12ae543a2..7fba262b07 100644 --- a/defender-endpoint/api/restrict-code-execution.md +++ b/defender-endpoint/api/restrict-code-execution.md @@ -2,8 +2,8 @@ title: Restrict app execution API description: Use this API to create calls related to restricting an application from executing. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/run-advanced-query-api.md b/defender-endpoint/api/run-advanced-query-api.md index eabfa8849c..c73005c939 100644 --- a/defender-endpoint/api/run-advanced-query-api.md +++ b/defender-endpoint/api/run-advanced-query-api.md @@ -3,8 +3,8 @@ title: Advanced Hunting API ms.reviewer: description: Learn to use the advanced hunting API to run advanced queries on Microsoft Defender for Endpoint. Find out about limitations and see an example. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/run-advanced-query-sample-powershell.md b/defender-endpoint/api/run-advanced-query-sample-powershell.md index 218f29d64e..41ec67e069 100644 --- a/defender-endpoint/api/run-advanced-query-sample-powershell.md +++ b/defender-endpoint/api/run-advanced-query-sample-powershell.md @@ -3,8 +3,8 @@ title: Advanced Hunting with PowerShell API Basics ms.reviewer: description: Learn the basics of querying the Microsoft Defender for Endpoint API, using PowerShell. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/run-advanced-query-sample-python.md b/defender-endpoint/api/run-advanced-query-sample-python.md index e2905cc276..544875ee14 100644 --- a/defender-endpoint/api/run-advanced-query-sample-python.md +++ b/defender-endpoint/api/run-advanced-query-sample-python.md @@ -3,8 +3,8 @@ title: Advanced Hunting with Python API Guide ms.reviewer: description: Learn how to query using the Microsoft Defender for Endpoint API, by using Python, with examples. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/run-av-scan.md b/defender-endpoint/api/run-av-scan.md index aa19d28320..171c2d37a2 100644 --- a/defender-endpoint/api/run-av-scan.md +++ b/defender-endpoint/api/run-av-scan.md @@ -2,8 +2,8 @@ title: Run antivirus scan API description: Use this API to create calls related to running an antivirus scan on a device. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/score.md b/defender-endpoint/api/score.md index e2dc917236..d8434d5569 100644 --- a/defender-endpoint/api/score.md +++ b/defender-endpoint/api/score.md @@ -2,8 +2,8 @@ title: Score methods and properties description: Retrieves your organization's exposure score, device secure score, and exposure score by device group ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/set-device-value.md b/defender-endpoint/api/set-device-value.md index 7e1eaf4bf2..ef1c5fb11e 100644 --- a/defender-endpoint/api/set-device-value.md +++ b/defender-endpoint/api/set-device-value.md @@ -2,8 +2,8 @@ title: Set device value API description: Learn how to specify the value of a device using a Microsoft Defender for Endpoint API. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/software.md b/defender-endpoint/api/software.md index f36d7f6f4f..081639cd08 100644 --- a/defender-endpoint/api/software.md +++ b/defender-endpoint/api/software.md @@ -2,8 +2,8 @@ title: Software methods and properties description: Retrieves top recent alerts. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/stop-and-quarantine-file.md b/defender-endpoint/api/stop-and-quarantine-file.md index f486e557bc..8cc1856240 100644 --- a/defender-endpoint/api/stop-and-quarantine-file.md +++ b/defender-endpoint/api/stop-and-quarantine-file.md @@ -2,8 +2,8 @@ title: Stop and quarantine file API description: Learn how to stop running a file on a device and delete the file in Microsoft Defender for Endpoint. See an example. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/ti-indicator.md b/defender-endpoint/api/ti-indicator.md index f564003339..24933a9288 100644 --- a/defender-endpoint/api/ti-indicator.md +++ b/defender-endpoint/api/ti-indicator.md @@ -2,8 +2,8 @@ title: Indicator resource type description: Specify the entity details and define the expiration of the indicator using Microsoft Defender for Endpoint. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/unisolate-machine.md b/defender-endpoint/api/unisolate-machine.md index a3a19d4870..f49b1cb621 100644 --- a/defender-endpoint/api/unisolate-machine.md +++ b/defender-endpoint/api/unisolate-machine.md @@ -2,8 +2,8 @@ title: Release device from isolation API description: Use this API to create calls related to release a device from isolation. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/unrestrict-code-execution.md b/defender-endpoint/api/unrestrict-code-execution.md index 5267830a8d..809640dedc 100644 --- a/defender-endpoint/api/unrestrict-code-execution.md +++ b/defender-endpoint/api/unrestrict-code-execution.md @@ -2,8 +2,8 @@ title: Remove app restriction API description: Use this API to create calls related to removing a restriction from applications from executing. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/update-alert.md b/defender-endpoint/api/update-alert.md index 03d54390f3..aba0f08d48 100644 --- a/defender-endpoint/api/update-alert.md +++ b/defender-endpoint/api/update-alert.md @@ -2,8 +2,8 @@ title: Update alert entity API description: Learn how to update a Microsoft Defender for Endpoint alert by using this API. You can update the status, determination, classification, and assignedTo properties. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/update-machine-method.md b/defender-endpoint/api/update-machine-method.md index a5ae3e1616..44932f3cf5 100644 --- a/defender-endpoint/api/update-machine-method.md +++ b/defender-endpoint/api/update-machine-method.md @@ -2,8 +2,8 @@ title: Update machine entity API description: Learn how to update machine tags by using this API. You can update the tags and devicevalue properties. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/upload-library.md b/defender-endpoint/api/upload-library.md index aa790ef43b..36770365b8 100644 --- a/defender-endpoint/api/upload-library.md +++ b/defender-endpoint/api/upload-library.md @@ -5,8 +5,8 @@ search.appverid: met150 ms.service: defender-endpoint f1.keywords: - NOCSH -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/user.md b/defender-endpoint/api/user.md index 0ecb2670e8..409000e6b3 100644 --- a/defender-endpoint/api/user.md +++ b/defender-endpoint/api/user.md @@ -2,8 +2,8 @@ title: User resource type description: Retrieve recent Microsoft Defender for Endpoint alerts related to users. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/api/vulnerability.md b/defender-endpoint/api/vulnerability.md index acc33bc90b..be9d5d482f 100644 --- a/defender-endpoint/api/vulnerability.md +++ b/defender-endpoint/api/vulnerability.md @@ -2,8 +2,8 @@ title: Vulnerability methods and properties description: Retrieves vulnerability information ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/application-deployment-via-mecm.md b/defender-endpoint/application-deployment-via-mecm.md index f9872e18ef..c207e59119 100644 --- a/defender-endpoint/application-deployment-via-mecm.md +++ b/defender-endpoint/application-deployment-via-mecm.md @@ -4,8 +4,8 @@ description: Learn how to migrate down-level servers from Microsoft Monitoring A search.appverid: met150 ms.service: defender-endpoint ms.subservice: onboard -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/assign-portal-access.md b/defender-endpoint/assign-portal-access.md index ab6f230c8a..31fc7d2151 100644 --- a/defender-endpoint/assign-portal-access.md +++ b/defender-endpoint/assign-portal-access.md @@ -4,8 +4,8 @@ description: Assign read and write or read only access to the Microsoft Defender search.appverid: met150 ms.service: defender-endpoint ms.subservice: onboard -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/attack-surface-reduction-faq.yml b/defender-endpoint/attack-surface-reduction-faq.yml index fac1cb3c68..813048f41c 100644 --- a/defender-endpoint/attack-surface-reduction-faq.yml +++ b/defender-endpoint/attack-surface-reduction-faq.yml @@ -6,8 +6,8 @@ metadata: ms.subservice: asr ms.localizationpriority: medium audience: ITPro - author: siosulli - ms.author: siosulli + author: denisebmsft + ms.author: deniseb ms.reviewer: sugamar manager: deniseb ms.custom: asr diff --git a/defender-endpoint/attack-surface-reduction-rules-deployment-implement.md b/defender-endpoint/attack-surface-reduction-rules-deployment-implement.md index a4cb6d7fa5..bc0d9b40a2 100644 --- a/defender-endpoint/attack-surface-reduction-rules-deployment-implement.md +++ b/defender-endpoint/attack-surface-reduction-rules-deployment-implement.md @@ -5,8 +5,8 @@ ms.service: defender-endpoint ms.subservice: asr ms.localizationpriority: medium audience: ITPro -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.reviewer: sugamar manager: deniseb ms.custom: asr diff --git a/defender-endpoint/attack-surface-reduction-rules-deployment-operationalize.md b/defender-endpoint/attack-surface-reduction-rules-deployment-operationalize.md index 9a1d5960be..cad668f09a 100644 --- a/defender-endpoint/attack-surface-reduction-rules-deployment-operationalize.md +++ b/defender-endpoint/attack-surface-reduction-rules-deployment-operationalize.md @@ -5,8 +5,8 @@ ms.service: defender-endpoint ms.subservice: asr ms.localizationpriority: medium audience: ITPro -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.reviewer: sugamar manager: deniseb ms.custom: asr diff --git a/defender-endpoint/attack-surface-reduction-rules-deployment-plan.md b/defender-endpoint/attack-surface-reduction-rules-deployment-plan.md index 396204025e..a0cf3756ca 100644 --- a/defender-endpoint/attack-surface-reduction-rules-deployment-plan.md +++ b/defender-endpoint/attack-surface-reduction-rules-deployment-plan.md @@ -5,8 +5,8 @@ ms.service: defender-endpoint ms.subservice: asr ms.localizationpriority: medium audience: ITPro -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.reviewer: sugamar manager: deniseb ms.custom: asr diff --git a/defender-endpoint/attack-surface-reduction-rules-deployment-test.md b/defender-endpoint/attack-surface-reduction-rules-deployment-test.md index d62e7ea269..f6e72b1c65 100644 --- a/defender-endpoint/attack-surface-reduction-rules-deployment-test.md +++ b/defender-endpoint/attack-surface-reduction-rules-deployment-test.md @@ -5,8 +5,8 @@ ms.service: defender-endpoint ms.subservice: asr ms.localizationpriority: medium audience: ITPro -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.reviewer: sugamar manager: deniseb ms.custom: asr diff --git a/defender-endpoint/attack-surface-reduction-rules-deployment.md b/defender-endpoint/attack-surface-reduction-rules-deployment.md index 65746f11d8..47fee2e6c5 100644 --- a/defender-endpoint/attack-surface-reduction-rules-deployment.md +++ b/defender-endpoint/attack-surface-reduction-rules-deployment.md @@ -5,8 +5,8 @@ ms.service: defender-endpoint ms.subservice: asr ms.localizationpriority: medium audience: ITPro -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.reviewer: sugamar manager: deniseb ms.custom: asr diff --git a/defender-endpoint/attack-surface-reduction-rules-reference.md b/defender-endpoint/attack-surface-reduction-rules-reference.md index 857ddb1e0d..e93c59d5fc 100644 --- a/defender-endpoint/attack-surface-reduction-rules-reference.md +++ b/defender-endpoint/attack-surface-reduction-rules-reference.md @@ -5,8 +5,8 @@ ms.service: defender-endpoint ms.subservice: asr ms.localizationpriority: medium audience: ITPro -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.reviewer: sugamar, niwelton manager: deniseb ms.custom: asr diff --git a/defender-endpoint/attack-surface-reduction-rules-report.md b/defender-endpoint/attack-surface-reduction-rules-report.md index 8e184c12fd..37a5b51e94 100644 --- a/defender-endpoint/attack-surface-reduction-rules-report.md +++ b/defender-endpoint/attack-surface-reduction-rules-report.md @@ -5,8 +5,8 @@ ms.service: defender-endpoint ms.subservice: asr ms.localizationpriority: medium audience: ITPro -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.reviewer: sugamar, manager: deniseb ms.custom: asr diff --git a/defender-endpoint/attack-surface-reduction.md b/defender-endpoint/attack-surface-reduction.md index 9ad58052e6..7b1a4f479f 100644 --- a/defender-endpoint/attack-surface-reduction.md +++ b/defender-endpoint/attack-surface-reduction.md @@ -5,8 +5,8 @@ ms.service: defender-endpoint ms.subservice: asr ms.localizationpriority: medium audience: ITPro -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.reviewer: sugamar manager: deniseb ms.custom: admindeeplinkDEFENDER diff --git a/defender-endpoint/auto-investigation-action-center.md b/defender-endpoint/auto-investigation-action-center.md index 2725f35dea..799ae79b58 100644 --- a/defender-endpoint/auto-investigation-action-center.md +++ b/defender-endpoint/auto-investigation-action-center.md @@ -3,8 +3,8 @@ title: Visit the Action center to see remediation actions description: Use the action center to view details and results following an automated investigation ms.service: defender-endpoint ms.subservice: edr -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/autoir-investigation-results.md b/defender-endpoint/autoir-investigation-results.md index e855a404fc..7c7f18d6de 100644 --- a/defender-endpoint/autoir-investigation-results.md +++ b/defender-endpoint/autoir-investigation-results.md @@ -4,8 +4,8 @@ description: During and after an automated investigation, you can view the resul search.appverid: met150 f1.keywords: - NOCSH -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.service: defender-endpoint ms.subservice: edr ms.localizationpriority: medium diff --git a/defender-endpoint/automated-investigations.md b/defender-endpoint/automated-investigations.md index 1d3e21bf51..7dd111af98 100644 --- a/defender-endpoint/automated-investigations.md +++ b/defender-endpoint/automated-investigations.md @@ -3,8 +3,8 @@ title: Use automated investigations to investigate and remediate threats description: Understand the automated investigation flow in Microsoft Defender for Endpoint. ms.service: defender-endpoint ms.subservice: edr -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.localizationpriority: medium ms.date: 08/31/2022 manager: deniseb diff --git a/defender-endpoint/automation-levels.md b/defender-endpoint/automation-levels.md index c630f86ab0..6b5855a2db 100644 --- a/defender-endpoint/automation-levels.md +++ b/defender-endpoint/automation-levels.md @@ -1,10 +1,10 @@ --- title: Automation levels in automated investigation and remediation description: Get an overview of automation levels and how they work in Microsoft Defender for Endpoint -author: siosulli +author: denisebmsft ms.service: defender-endpoint ms.subservice: edr -ms.author: siosulli +ms.author: deniseb ms.localizationpriority: medium ms.date: 07/27/2023 manager: deniseb diff --git a/defender-endpoint/azure-server-integration.md b/defender-endpoint/azure-server-integration.md index 3e609c6cc8..37f9576a39 100644 --- a/defender-endpoint/azure-server-integration.md +++ b/defender-endpoint/azure-server-integration.md @@ -4,8 +4,8 @@ description: Learn about Microsoft Defender for Endpoint integration with Micros search.appverid: met150 ms.service: defender-endpoint ms.subservice: onboard -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/basic-permissions.md b/defender-endpoint/basic-permissions.md index 740c5c81d9..dbc3eb2192 100644 --- a/defender-endpoint/basic-permissions.md +++ b/defender-endpoint/basic-permissions.md @@ -3,8 +3,8 @@ title: Use basic permissions to access the portal description: Learn how to use basic permissions to access the Microsoft Defender for Endpoint portal. ms.service: defender-endpoint ms.subservice: onboard -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium ms.custom: - has-azure-ad-ps-ref diff --git a/defender-endpoint/behavioral-blocking-containment.md b/defender-endpoint/behavioral-blocking-containment.md index 31f6d02539..23a4ee1738 100644 --- a/defender-endpoint/behavioral-blocking-containment.md +++ b/defender-endpoint/behavioral-blocking-containment.md @@ -1,8 +1,8 @@ --- title: Behavioral blocking and containment description: Learn about behavioral blocking and containment capabilities at Microsoft Defender for Endpoint -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb ms.reviewer: shwetaj audience: ITPro diff --git a/defender-endpoint/built-in-protection.md b/defender-endpoint/built-in-protection.md index 48e4e98470..f0f5cb5045 100644 --- a/defender-endpoint/built-in-protection.md +++ b/defender-endpoint/built-in-protection.md @@ -2,8 +2,8 @@ title: Built-in protection helps guard against ransomware description: Learn how built-in protection protects against ransomware as part of Microsoft Defender for Endpoint. search.appverid: MET150 -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb audience: IT Pro ms.topic: overview diff --git a/defender-endpoint/check-sensor-status.md b/defender-endpoint/check-sensor-status.md index c24a1f34c9..4694665e8d 100644 --- a/defender-endpoint/check-sensor-status.md +++ b/defender-endpoint/check-sensor-status.md @@ -3,8 +3,8 @@ title: Check the device health at Microsoft Defender for Endpoint description: Check the sensor health on devices to identify which ones are misconfigured, inactive, or aren't reporting sensor data. ms.service: defender-endpoint ms.subservice: onboard -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/client-behavioral-blocking.md b/defender-endpoint/client-behavioral-blocking.md index 84f7bfcc7c..c691eed3f0 100644 --- a/defender-endpoint/client-behavioral-blocking.md +++ b/defender-endpoint/client-behavioral-blocking.md @@ -1,8 +1,8 @@ --- title: Client behavioral blocking description: Client behavioral blocking is part of behavioral blocking and containment capabilities at Microsoft Defender for Endpoint -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb ms.reviewer: shwetaj audience: ITPro diff --git a/defender-endpoint/cloud-protection-microsoft-antivirus-sample-submission.md b/defender-endpoint/cloud-protection-microsoft-antivirus-sample-submission.md index 8babd207d2..14a7061790 100644 --- a/defender-endpoint/cloud-protection-microsoft-antivirus-sample-submission.md +++ b/defender-endpoint/cloud-protection-microsoft-antivirus-sample-submission.md @@ -3,8 +3,8 @@ title: Cloud protection and sample submission at Microsoft Defender Antivirus description: Learn about cloud-delivered protection and Microsoft Defender Antivirus ms.service: defender-endpoint ms.localizationpriority: medium -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.reviewer: mkaminska, yongrhee manager: deniseb ms.subservice: ngp diff --git a/defender-endpoint/cloud-protection-microsoft-defender-antivirus.md b/defender-endpoint/cloud-protection-microsoft-defender-antivirus.md index 8eebc79fb2..469c11228c 100644 --- a/defender-endpoint/cloud-protection-microsoft-defender-antivirus.md +++ b/defender-endpoint/cloud-protection-microsoft-defender-antivirus.md @@ -3,8 +3,8 @@ title: Cloud protection and Microsoft Defender Antivirus description: Learn about cloud protection and Microsoft Defender Antivirus ms.service: defender-endpoint ms.localizationpriority: medium -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.reviewer: mkaminska manager: deniseb ms.custom: nextgen diff --git a/defender-endpoint/collect-diagnostic-data.md b/defender-endpoint/collect-diagnostic-data.md index 392442b7da..e181ea8c53 100644 --- a/defender-endpoint/collect-diagnostic-data.md +++ b/defender-endpoint/collect-diagnostic-data.md @@ -3,8 +3,8 @@ title: Collect diagnostic data of Microsoft Defender Antivirus description: Use a tool to collect data to troubleshoot Microsoft Defender Antivirus. ms.service: defender-endpoint ms.localizationpriority: medium -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.custom: nextgen ms.date: 03/07/2024 ms.reviewer: pahuijbr, yongrhee diff --git a/defender-endpoint/command-line-arguments-microsoft-defender-antivirus.md b/defender-endpoint/command-line-arguments-microsoft-defender-antivirus.md index bb33bd3050..7f9c8fa6df 100644 --- a/defender-endpoint/command-line-arguments-microsoft-defender-antivirus.md +++ b/defender-endpoint/command-line-arguments-microsoft-defender-antivirus.md @@ -3,8 +3,8 @@ title: Use the command line to manage Microsoft Defender Antivirus description: Run Microsoft Defender Antivirus scans and configure next-generation protection with a dedicated command-line utility. ms.service: defender-endpoint ms.localizationpriority: medium -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.custom: nextgen ms.reviewer: ksarens manager: deniseb diff --git a/defender-endpoint/common-exclusion-mistakes-microsoft-defender-antivirus.md b/defender-endpoint/common-exclusion-mistakes-microsoft-defender-antivirus.md index 4ddb54faf3..037e6f66b6 100644 --- a/defender-endpoint/common-exclusion-mistakes-microsoft-defender-antivirus.md +++ b/defender-endpoint/common-exclusion-mistakes-microsoft-defender-antivirus.md @@ -3,8 +3,8 @@ title: Common mistakes to avoid when defining exclusions description: Avoid common mistakes when defining exclusions for Microsoft Defender Antivirus scans. ms.service: defender-endpoint ms.localizationpriority: medium -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.custom: nextgen ms.reviewer: manager: deniseb diff --git a/defender-endpoint/comprehensive-guidance-on-linux-deployment.md b/defender-endpoint/comprehensive-guidance-on-linux-deployment.md index 359e59d254..e0ebc5ba83 100644 --- a/defender-endpoint/comprehensive-guidance-on-linux-deployment.md +++ b/defender-endpoint/comprehensive-guidance-on-linux-deployment.md @@ -2,8 +2,8 @@ title: Advanced deployment guidance for Microsoft Defender for Endpoint on Linux description: Learn how to deploy Defender for Endpoint on Linux and address issues such as high cpu utilization ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/conditional-access.md b/defender-endpoint/conditional-access.md index 70a9a59bae..6a9f5eb5bc 100644 --- a/defender-endpoint/conditional-access.md +++ b/defender-endpoint/conditional-access.md @@ -4,8 +4,8 @@ description: Enable Conditional Access to prevent applications from running if a search.appverid: met150 ms.service: defender-endpoint ms.subservice: onboard -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/configuration-management-reference-microsoft-defender-antivirus.md b/defender-endpoint/configuration-management-reference-microsoft-defender-antivirus.md index c0f861e492..965d5d660d 100644 --- a/defender-endpoint/configuration-management-reference-microsoft-defender-antivirus.md +++ b/defender-endpoint/configuration-management-reference-microsoft-defender-antivirus.md @@ -3,8 +3,8 @@ title: Manage Microsoft Defender Antivirus in your business description: Learn how to use Group Policy, Configuration Manager, PowerShell, WMI, Intune, and the command line to manage Microsoft Defender Antivirus ms.service: defender-endpoint ms.localizationpriority: medium -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.custom: nextgen ms.date: 02/18/2024 ms.reviewer: yongrhee diff --git a/defender-endpoint/configure-advanced-scan-types-microsoft-defender-antivirus.md b/defender-endpoint/configure-advanced-scan-types-microsoft-defender-antivirus.md index 9c576d263b..2ecf9b7672 100644 --- a/defender-endpoint/configure-advanced-scan-types-microsoft-defender-antivirus.md +++ b/defender-endpoint/configure-advanced-scan-types-microsoft-defender-antivirus.md @@ -3,8 +3,8 @@ title: Configure scanning options for Microsoft Defender Antivirus description: You can configure Microsoft Defender Antivirus to scan email storage files, back-up or reparse points, network files, and archived files (such as .zip files). ms.service: defender-endpoint ms.localizationpriority: medium -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.custom: nextgen ms.reviewer: pahuijbr manager: deniseb diff --git a/defender-endpoint/configure-automated-investigations-remediation.md b/defender-endpoint/configure-automated-investigations-remediation.md index 441427d15c..dde5cf223f 100644 --- a/defender-endpoint/configure-automated-investigations-remediation.md +++ b/defender-endpoint/configure-automated-investigations-remediation.md @@ -3,8 +3,8 @@ title: Configure automated investigation and remediation capabilities description: Set up your automated investigation and remediation capabilities in Microsoft Defender for Endpoint. ms.service: defender-endpoint ms.subservice: edr -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus.md b/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus.md index a1bf4924b6..0bf055228f 100644 --- a/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus.md +++ b/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus.md @@ -3,8 +3,8 @@ title: Enable block at first sight to detect malware in seconds description: Turn on the block at first sight feature to detect and block malware within seconds. ms.service: defender-endpoint ms.localizationpriority: high -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.reviewer: marcmcc manager: deniseb ms.custom: nextgen diff --git a/defender-endpoint/configure-cloud-block-timeout-period-microsoft-defender-antivirus.md b/defender-endpoint/configure-cloud-block-timeout-period-microsoft-defender-antivirus.md index 4edbba880a..ad5e2ff73b 100644 --- a/defender-endpoint/configure-cloud-block-timeout-period-microsoft-defender-antivirus.md +++ b/defender-endpoint/configure-cloud-block-timeout-period-microsoft-defender-antivirus.md @@ -3,8 +3,8 @@ title: Configure the Microsoft Defender Antivirus cloud block timeout period description: You can configure how long Microsoft Defender Antivirus will block a file from running while waiting for a cloud determination. ms.service: defender-endpoint ms.localizationpriority: medium -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.custom: nextgen ms.reviewer: yongrhee manager: deniseb diff --git a/defender-endpoint/configure-conditional-access.md b/defender-endpoint/configure-conditional-access.md index e02cb5c9b6..ddbcc1cba8 100644 --- a/defender-endpoint/configure-conditional-access.md +++ b/defender-endpoint/configure-conditional-access.md @@ -2,8 +2,8 @@ title: Configure Conditional Access in Microsoft Defender for Endpoint description: Learn about steps that you need to do in Intune, Microsoft Defender XDR, and Azure to implement Conditional access ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/configure-contextual-file-folder-exclusions-microsoft-defender-antivirus.md b/defender-endpoint/configure-contextual-file-folder-exclusions-microsoft-defender-antivirus.md index b696bf6da2..821f334d99 100644 --- a/defender-endpoint/configure-contextual-file-folder-exclusions-microsoft-defender-antivirus.md +++ b/defender-endpoint/configure-contextual-file-folder-exclusions-microsoft-defender-antivirus.md @@ -2,8 +2,8 @@ title: Contextual file and folder exclusions description: Describes the contextual file and folder exclusions capability for Microsoft Defender Antivirus on Windows. This capability allows you to be more specific when you define under which context Microsoft Defender Antivirus shouldn't scan a file or folder, by applying restrictions ms.service: defender-endpoint -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.localizationpriority: medium ms.date: 02/18/2024 manager: deniseb diff --git a/defender-endpoint/configure-device-connectivity.md b/defender-endpoint/configure-device-connectivity.md index 56fdab6920..44ca0d66da 100644 --- a/defender-endpoint/configure-device-connectivity.md +++ b/defender-endpoint/configure-device-connectivity.md @@ -1,8 +1,8 @@ --- title: Onboarding devices using streamlined connectivity for Microsoft Defender for Endpoint description: Learn how to use a streamlined domain or static IP ranges during onboarding when connecting devices to Microsoft Defender for Endpoint. -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb ms.topic: how-to ms.service: defender-endpoint diff --git a/defender-endpoint/configure-device-discovery.md b/defender-endpoint/configure-device-discovery.md index 48dbd960e6..98a05d9436 100644 --- a/defender-endpoint/configure-device-discovery.md +++ b/defender-endpoint/configure-device-discovery.md @@ -5,8 +5,8 @@ ms.service: defender-endpoint ms.subservice: onboard f1.keywords: - NOCSH -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/configure-endpoints-gp.md b/defender-endpoint/configure-endpoints-gp.md index 2e1fb2e837..985d2a12ca 100644 --- a/defender-endpoint/configure-endpoints-gp.md +++ b/defender-endpoint/configure-endpoints-gp.md @@ -2,8 +2,8 @@ title: Onboard Windows devices to Microsoft Defender for Endpoint via Group Policy description: Use Group Policy to deploy the configuration package on Windows devices so that they are onboarded to the service. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/configure-endpoints-mdm.md b/defender-endpoint/configure-endpoints-mdm.md index 4b43c5e61c..276e9c7433 100644 --- a/defender-endpoint/configure-endpoints-mdm.md +++ b/defender-endpoint/configure-endpoints-mdm.md @@ -2,8 +2,8 @@ title: Onboard Windows devices to Defender for Endpoint using Intune description: Use Microsoft Intune to deploy the configuration package on devices so that they're onboarded to the Defender for Endpoint service. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/configure-endpoints-non-windows.md b/defender-endpoint/configure-endpoints-non-windows.md index abb2439d87..70d80d3c23 100644 --- a/defender-endpoint/configure-endpoints-non-windows.md +++ b/defender-endpoint/configure-endpoints-non-windows.md @@ -3,8 +3,8 @@ title: Onboard non-Windows devices to the Microsoft Defender for Endpoint servic description: Configure non-Windows devices so that they can send sensor data to the Microsoft Defender for Endpoint service. search.appverid: met150 ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/configure-endpoints-sccm.md b/defender-endpoint/configure-endpoints-sccm.md index 4984a47915..b6b55b832b 100644 --- a/defender-endpoint/configure-endpoints-sccm.md +++ b/defender-endpoint/configure-endpoints-sccm.md @@ -2,8 +2,8 @@ title: Onboard Windows devices using Configuration Manager description: Use Configuration Manager to deploy the configuration package on devices so that they are onboarded to the Defender for Endpoint service. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/configure-endpoints-script.md b/defender-endpoint/configure-endpoints-script.md index 68da7fa345..4aebbfd20a 100644 --- a/defender-endpoint/configure-endpoints-script.md +++ b/defender-endpoint/configure-endpoints-script.md @@ -3,8 +3,8 @@ title: Onboard Windows devices using a local script description: Use a local script to deploy the configuration package on devices to enable onboarding of the devices to the service. search.appverid: met150 ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.reviewer: pahuijbr ms.localizationpriority: medium manager: deniseb diff --git a/defender-endpoint/configure-endpoints-vdi.md b/defender-endpoint/configure-endpoints-vdi.md index 4ec57f35b7..64547e18b6 100644 --- a/defender-endpoint/configure-endpoints-vdi.md +++ b/defender-endpoint/configure-endpoints-vdi.md @@ -3,8 +3,8 @@ title: Onboard non-persistent virtual desktop infrastructure (VDI) devices description: Deploy the configuration package on virtual desktop infrastructure (VDI) device so that they are onboarded to Microsoft Defender for Endpoint service. search.appverid: met150 ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.reviewer: pahuijbr ms.localizationpriority: medium manager: deniseb diff --git a/defender-endpoint/configure-environment.md b/defender-endpoint/configure-environment.md index 7585b840d4..35ab722791 100644 --- a/defender-endpoint/configure-environment.md +++ b/defender-endpoint/configure-environment.md @@ -3,8 +3,8 @@ title: Configure your network environment to ensure connectivity with Defender f description: Learn how to configure your network environment to connect with the Defender for Endpoint service. search.appverid: met150 ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.reviewer: pahuijbr ms.localizationpriority: medium manager: deniseb diff --git a/defender-endpoint/configure-exclusions-microsoft-defender-antivirus.md b/defender-endpoint/configure-exclusions-microsoft-defender-antivirus.md index 06de0040ad..37c64382dd 100644 --- a/defender-endpoint/configure-exclusions-microsoft-defender-antivirus.md +++ b/defender-endpoint/configure-exclusions-microsoft-defender-antivirus.md @@ -4,8 +4,8 @@ description: You can exclude files (including files modified by specified proces ms.service: defender-endpoint ms.localizationpriority: medium ms.date: 09/13/2024 -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.custom: nextgen ms.reviewer: ksarens manager: deniseb diff --git a/defender-endpoint/configure-extension-file-exclusions-microsoft-defender-antivirus.md b/defender-endpoint/configure-extension-file-exclusions-microsoft-defender-antivirus.md index ee008bf5ff..657a5733e8 100644 --- a/defender-endpoint/configure-extension-file-exclusions-microsoft-defender-antivirus.md +++ b/defender-endpoint/configure-extension-file-exclusions-microsoft-defender-antivirus.md @@ -5,8 +5,8 @@ ms.service: defender-endpoint ms.subservice: ngp ms.localizationpriority: medium ms.date: 09/10/2024 -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.topic: conceptual ms.custom: nextgen ms.reviewer: thdoucet diff --git a/defender-endpoint/configure-local-policy-overrides-microsoft-defender-antivirus.md b/defender-endpoint/configure-local-policy-overrides-microsoft-defender-antivirus.md index ff074abc61..af66c3b5de 100644 --- a/defender-endpoint/configure-local-policy-overrides-microsoft-defender-antivirus.md +++ b/defender-endpoint/configure-local-policy-overrides-microsoft-defender-antivirus.md @@ -4,8 +4,8 @@ description: Enable or disable users from locally changing settings in Microsoft ms.service: defender-endpoint ms.subservice: ngp ms.localizationpriority: medium -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.topic: conceptual ms.custom: nextgen ms.date: 07/25/2024 diff --git a/defender-endpoint/configure-machines-asr.md b/defender-endpoint/configure-machines-asr.md index 6c99b8fdc5..cec17c7969 100644 --- a/defender-endpoint/configure-machines-asr.md +++ b/defender-endpoint/configure-machines-asr.md @@ -2,8 +2,8 @@ title: Optimize ASR rule deployment and detections description: Optimize your attack surface reduction rules to identify and prevent typical malware exploits. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/configure-machines-onboarding.md b/defender-endpoint/configure-machines-onboarding.md index 61c0328ae3..9467b43845 100644 --- a/defender-endpoint/configure-machines-onboarding.md +++ b/defender-endpoint/configure-machines-onboarding.md @@ -2,8 +2,8 @@ title: Get devices onboarded to Microsoft Defender for Endpoint description: Track onboarding of Intune-managed devices to Microsoft Defender for Endpoint and increase onboarding rate. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/configure-machines-security-baseline.md b/defender-endpoint/configure-machines-security-baseline.md index 92dd7a8025..1f6a602ee4 100644 --- a/defender-endpoint/configure-machines-security-baseline.md +++ b/defender-endpoint/configure-machines-security-baseline.md @@ -3,8 +3,8 @@ title: Increase compliance to the Microsoft Defender for Endpoint security basel description: The Microsoft Defender for Endpoint security baseline sets security controls to provide optimal protection. ms.service: defender-endpoint ms.subservice: onboard -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/configure-machines.md b/defender-endpoint/configure-machines.md index 5cef011900..96c7ebf2d3 100644 --- a/defender-endpoint/configure-machines.md +++ b/defender-endpoint/configure-machines.md @@ -2,8 +2,8 @@ title: Ensure your devices are configured properly description: Properly configure devices to boost overall resilience against threats and enhance your capability to detect and respond to attacks. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/configure-mssp-notifications.md b/defender-endpoint/configure-mssp-notifications.md index 1dae543754..b81c826dc6 100644 --- a/defender-endpoint/configure-mssp-notifications.md +++ b/defender-endpoint/configure-mssp-notifications.md @@ -3,8 +3,8 @@ title: Configure alert notifications that are sent to MSSPs description: Configure alert notifications that are sent to MSSPs ms.service: defender-endpoint ms.subservice: onboard -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/configure-mssp-support.md b/defender-endpoint/configure-mssp-support.md index 80401e8d7b..eddb9f41f1 100644 --- a/defender-endpoint/configure-mssp-support.md +++ b/defender-endpoint/configure-mssp-support.md @@ -3,8 +3,8 @@ title: Configure managed security service provider support description: Take the necessary steps to configure the MSSP integration with the Microsoft Defender for Endpoint ms.service: defender-endpoint ms.subservice: onboard -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/configure-network-connections-microsoft-defender-antivirus.md b/defender-endpoint/configure-network-connections-microsoft-defender-antivirus.md index 0c204255af..04cc183b44 100644 --- a/defender-endpoint/configure-network-connections-microsoft-defender-antivirus.md +++ b/defender-endpoint/configure-network-connections-microsoft-defender-antivirus.md @@ -4,9 +4,9 @@ description: Configure and test your connection to the Microsoft Defender Antivi ms.service: defender-endpoint ms.subservice: ngp ms.localizationpriority: medium -author: siosulli +author: denisebmsft manager: deniseb -ms.author: siosulli +ms.author: deniseb ms.topic: conceptual ms.custom: nextgen ms.date: 05/17/2024 diff --git a/defender-endpoint/configure-notifications-microsoft-defender-antivirus.md b/defender-endpoint/configure-notifications-microsoft-defender-antivirus.md index c3ddddd63e..e7c3546dd4 100644 --- a/defender-endpoint/configure-notifications-microsoft-defender-antivirus.md +++ b/defender-endpoint/configure-notifications-microsoft-defender-antivirus.md @@ -4,9 +4,9 @@ description: Learn how to configure and customize both standard and other Micros ms.service: defender-endpoint ms.subservice: ngp ms.localizationpriority: medium -author: siosulli +author: denisebmsft ms.topic: conceptual -ms.author: siosulli +ms.author: deniseb ms.custom: nextgen ms.date: 10/18/2021 ms.reviewer: diff --git a/defender-endpoint/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md b/defender-endpoint/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md index 86af548f88..c74937a50b 100644 --- a/defender-endpoint/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md +++ b/defender-endpoint/configure-process-opened-file-exclusions-microsoft-defender-antivirus.md @@ -4,8 +4,8 @@ description: You can exclude files from scans if they've been opened by a specif ms.service: defender-endpoint ms.subservice: ngp ms.localizationpriority: medium -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.topic: conceptual ms.custom: nextgen ms.reviewer: diff --git a/defender-endpoint/configure-protection-features-microsoft-defender-antivirus.md b/defender-endpoint/configure-protection-features-microsoft-defender-antivirus.md index 347cddf60b..ffe832c1b5 100644 --- a/defender-endpoint/configure-protection-features-microsoft-defender-antivirus.md +++ b/defender-endpoint/configure-protection-features-microsoft-defender-antivirus.md @@ -4,8 +4,8 @@ description: Enable behavior-based, heuristic, and real-time protection in Micro ms.service: defender-endpoint ms.subservice: ngp ms.localizationpriority: medium -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.topic: conceptual ms.custom: nextgen ms.reviewer: yongrhee diff --git a/defender-endpoint/configure-proxy-internet.md b/defender-endpoint/configure-proxy-internet.md index 0746211175..ad1b9a4276 100644 --- a/defender-endpoint/configure-proxy-internet.md +++ b/defender-endpoint/configure-proxy-internet.md @@ -3,8 +3,8 @@ title: Configure your devices to connect to the Defender for Endpoint service us description: Learn how to configure your devices to enable communication with the cloud service using a proxy. search.appverid: met150 ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus.md b/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus.md index 80a7eaf937..13b9b46843 100644 --- a/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus.md +++ b/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus.md @@ -4,8 +4,8 @@ description: Enable and configure Microsoft Defender Antivirus real-time protect ms.service: defender-endpoint ms.subservice: ngp ms.localizationpriority: medium -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.topic: conceptual ms.date: 04/03/2024 manager: deniseb diff --git a/defender-endpoint/configure-remediation-microsoft-defender-antivirus.md b/defender-endpoint/configure-remediation-microsoft-defender-antivirus.md index 8c80a3d006..d16534ca9c 100644 --- a/defender-endpoint/configure-remediation-microsoft-defender-antivirus.md +++ b/defender-endpoint/configure-remediation-microsoft-defender-antivirus.md @@ -4,8 +4,8 @@ description: Configure what Microsoft Defender Antivirus should do when it detec ms.service: defender-endpoint ms.subservice: ngp ms.localizationpriority: medium -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.topic: conceptual ms.custom: nextgen ms.date: 09/15/2023 diff --git a/defender-endpoint/configure-server-endpoints.md b/defender-endpoint/configure-server-endpoints.md index 1e8a488f3f..2c1eafc12c 100644 --- a/defender-endpoint/configure-server-endpoints.md +++ b/defender-endpoint/configure-server-endpoints.md @@ -3,8 +3,8 @@ title: Onboard Windows servers to the Microsoft Defender for Endpoint service description: Onboard Windows servers so that they can send sensor data to the Microsoft Defender for Endpoint sensor. search.appverid: met150 ms.service: defender-endpoint -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.reviewer: pahuijbr ms.localizationpriority: medium ms.date: 05/20/2024 diff --git a/defender-endpoint/configure-server-exclusions-microsoft-defender-antivirus.md b/defender-endpoint/configure-server-exclusions-microsoft-defender-antivirus.md index 4a49a4dc37..2d568ed21e 100644 --- a/defender-endpoint/configure-server-exclusions-microsoft-defender-antivirus.md +++ b/defender-endpoint/configure-server-exclusions-microsoft-defender-antivirus.md @@ -7,8 +7,8 @@ ms.service: defender-endpoint ms.subservice: ngp ms.localizationpriority: medium ms.date: 08/21/2023 -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.topic: conceptual ms.custom: nextgen ms.collection: diff --git a/defender-endpoint/configure-siem.md b/defender-endpoint/configure-siem.md index e1c6245bf7..54653174cc 100644 --- a/defender-endpoint/configure-siem.md +++ b/defender-endpoint/configure-siem.md @@ -3,8 +3,8 @@ title: Migrate from the MDE SIEM API to the Microsoft Defender XDR alerts API description: Learn how to ingest incidents and alerts, and integrate SIEM tools. search.appverid: met150 ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/configure-updates.md b/defender-endpoint/configure-updates.md index bffa3f2799..3f542cd607 100644 --- a/defender-endpoint/configure-updates.md +++ b/defender-endpoint/configure-updates.md @@ -5,8 +5,8 @@ ms.service: defender-endpoint ms.subservice: onboard f1.keywords: - NOCSH -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/configure-vulnerability-email-notifications.md b/defender-endpoint/configure-vulnerability-email-notifications.md index 8ea33ffd29..fb939f9a2c 100644 --- a/defender-endpoint/configure-vulnerability-email-notifications.md +++ b/defender-endpoint/configure-vulnerability-email-notifications.md @@ -2,8 +2,8 @@ title: Configure vulnerability email notifications in Microsoft Defender for Endpoint description: Use Microsoft Defender for Endpoint to configure email notification settings for vulnerability events. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/connected-applications.md b/defender-endpoint/connected-applications.md index 507d4a5863..01e687de9e 100644 --- a/defender-endpoint/connected-applications.md +++ b/defender-endpoint/connected-applications.md @@ -3,8 +3,8 @@ title: Connected applications in Microsoft Defender for Endpoint ms.reviewer: description: View connected partner applications that use standard OAuth 2.0 protocol to authenticate and provide tokens for use with Microsoft Defender for Endpoint APIs. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/contact-support.md b/defender-endpoint/contact-support.md index bc605026a4..631b668c73 100644 --- a/defender-endpoint/contact-support.md +++ b/defender-endpoint/contact-support.md @@ -2,8 +2,8 @@ title: Contact Microsoft Defender for Endpoint support description: Learn how to contact Microsoft Defender for Endpoint support ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/controlled-folders.md b/defender-endpoint/controlled-folders.md index 6900b2522a..37751416d5 100644 --- a/defender-endpoint/controlled-folders.md +++ b/defender-endpoint/controlled-folders.md @@ -4,8 +4,8 @@ description: Files in default folders can be protected from being changed by mal ms.service: defender-endpoint ms.localizationpriority: medium ms.date: 07/30/2024 -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb audience: ITPro ms.reviewer: sugamar manager: deniseb diff --git a/defender-endpoint/customize-controlled-folders.md b/defender-endpoint/customize-controlled-folders.md index 6ea5917fd4..2031ebf15a 100644 --- a/defender-endpoint/customize-controlled-folders.md +++ b/defender-endpoint/customize-controlled-folders.md @@ -4,8 +4,8 @@ description: Add other folders that should be protected by controlled folder acc ms.service: defender-endpoint ms.localizationpriority: medium audience: ITPro -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.reviewer: dbodorin, vladiso, nixanm, anvascon manager: deniseb ms.subservice: asr diff --git a/defender-endpoint/customize-exploit-protection.md b/defender-endpoint/customize-exploit-protection.md index 3e50563b69..2433f16e41 100644 --- a/defender-endpoint/customize-exploit-protection.md +++ b/defender-endpoint/customize-exploit-protection.md @@ -5,8 +5,8 @@ ms.service: defender-endpoint ms.localizationpriority: medium audience: ITPro ms.topic: conceptual -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.reviewer: manager: deniseb ms.subservice: asr diff --git a/defender-endpoint/customize-run-review-remediate-scans-microsoft-defender-antivirus.md b/defender-endpoint/customize-run-review-remediate-scans-microsoft-defender-antivirus.md index 51506f90c8..bb22a30805 100644 --- a/defender-endpoint/customize-run-review-remediate-scans-microsoft-defender-antivirus.md +++ b/defender-endpoint/customize-run-review-remediate-scans-microsoft-defender-antivirus.md @@ -3,8 +3,8 @@ title: Run and customize scheduled and on-demand scans description: Customize and initiate Microsoft Defender Antivirus scans on endpoints across your network ms.service: defender-endpoint ms.localizationpriority: medium -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.custom: nextgen ms.date: 02/27/2024 ms.reviewer: yongrhee diff --git a/defender-endpoint/data-collection-analyzer.md b/defender-endpoint/data-collection-analyzer.md index 719e15a69c..4865739d9d 100644 --- a/defender-endpoint/data-collection-analyzer.md +++ b/defender-endpoint/data-collection-analyzer.md @@ -4,8 +4,8 @@ description: Learn how to use the client analyzer to collect data for complex tr ms.service: defender-endpoint f1.keywords: - NOCSH -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/data-storage-privacy.md b/defender-endpoint/data-storage-privacy.md index 80863898f9..a0efd58187 100644 --- a/defender-endpoint/data-storage-privacy.md +++ b/defender-endpoint/data-storage-privacy.md @@ -3,8 +3,8 @@ title: Microsoft Defender for Endpoint data storage and privacy description: Learn about how Microsoft Defender for Endpoint handles privacy and data that it collects. keywords: Microsoft Defender for Endpoint, data storage and privacy, storage, privacy, licensing, geolocation, data retention, data ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/defender-compatibility.md b/defender-endpoint/defender-compatibility.md index 9098b0a64e..371af93a3b 100644 --- a/defender-endpoint/defender-compatibility.md +++ b/defender-endpoint/defender-compatibility.md @@ -3,8 +3,8 @@ title: Antivirus solution compatibility with Defender for Endpoint description: Learn about how Windows Defender works with Microsoft Defender for Endpoint. Also learn how Defender for Endpoint works when a third-party anti-malware client is used. search.appverid: met150 ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/defender-endpoint-demonstration-app-reputation.md b/defender-endpoint/defender-endpoint-demonstration-app-reputation.md index 0eb2de5a76..864d10e8a0 100644 --- a/defender-endpoint/defender-endpoint-demonstration-app-reputation.md +++ b/defender-endpoint/defender-endpoint-demonstration-app-reputation.md @@ -4,8 +4,8 @@ description: Test how Microsoft Defender for Endpoint SmartScreen helps you iden search.appverid: met150 ms.service: defender-endpoint ms.subservice: ngp -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/defender-endpoint-demonstration-attack-surface-reduction-rules.md b/defender-endpoint/defender-endpoint-demonstration-attack-surface-reduction-rules.md index 2462b9e409..dabf08ba4a 100644 --- a/defender-endpoint/defender-endpoint-demonstration-attack-surface-reduction-rules.md +++ b/defender-endpoint/defender-endpoint-demonstration-attack-surface-reduction-rules.md @@ -3,8 +3,8 @@ title: Microsoft Defender for Endpoint attack surface reduction rules demonstrat description: See how attack surface reduction rules block various known threat types. search.appverid: met150 ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/defender-endpoint-demonstration-cloud-delivered-protection.md b/defender-endpoint/defender-endpoint-demonstration-cloud-delivered-protection.md index fa12cb8e28..1d3c2ff622 100644 --- a/defender-endpoint/defender-endpoint-demonstration-cloud-delivered-protection.md +++ b/defender-endpoint/defender-endpoint-demonstration-cloud-delivered-protection.md @@ -3,8 +3,8 @@ title: Microsoft Defender for Endpoint Cloud-delivered protection demonstration description: See how Cloud-delivered protection can automatically detect and delete malicious files. search.appverid: met150 ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/defender-endpoint-demonstration-controlled-folder-access-test-tool.md b/defender-endpoint/defender-endpoint-demonstration-controlled-folder-access-test-tool.md index a7ca6dec6f..b0618286ed 100644 --- a/defender-endpoint/defender-endpoint-demonstration-controlled-folder-access-test-tool.md +++ b/defender-endpoint/defender-endpoint-demonstration-controlled-folder-access-test-tool.md @@ -3,8 +3,8 @@ title: Microsoft Defender for Endpoint Controlled folder access (CFA) demonstrat description: See how malicious apps and threats are evaluated and countered by Microsoft Defender Antivirus. search.appverid: met150 ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/defender-endpoint-demonstration-controlled-folder-access.md b/defender-endpoint/defender-endpoint-demonstration-controlled-folder-access.md index 00f042ac73..6e470cda3f 100644 --- a/defender-endpoint/defender-endpoint-demonstration-controlled-folder-access.md +++ b/defender-endpoint/defender-endpoint-demonstration-controlled-folder-access.md @@ -3,8 +3,8 @@ title: Microsoft Defender for Endpoint Controlled folder access (CFA) demonstrat description: Demonstrates how Controlled Folder Access protects valuable data from malicious apps and threats, such as ransomware. search.appverid: met150 ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/defender-endpoint-demonstration-exploit-protection.md b/defender-endpoint/defender-endpoint-demonstration-exploit-protection.md index 53bebe425f..14dfc1e181 100644 --- a/defender-endpoint/defender-endpoint-demonstration-exploit-protection.md +++ b/defender-endpoint/defender-endpoint-demonstration-exploit-protection.md @@ -3,8 +3,8 @@ title: Microsoft Defender for Endpoint Exploit protection (EP) demonstrations description: See how Exploit Protection automatically applies many exploit mitigation settings system wide and on individual apps. search.appverid: met150 ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/defender-endpoint-demonstration-network-protection.md b/defender-endpoint/defender-endpoint-demonstration-network-protection.md index 6e47bc39b8..664c158134 100644 --- a/defender-endpoint/defender-endpoint-demonstration-network-protection.md +++ b/defender-endpoint/defender-endpoint-demonstration-network-protection.md @@ -3,8 +3,8 @@ title: Microsoft Defender for Endpoint Network protection demonstrations description: Shows how Network protection prevents employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet. search.appverid: met150 ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/defender-endpoint-demonstration-potentially-unwanted-applications.md b/defender-endpoint/defender-endpoint-demonstration-potentially-unwanted-applications.md index 73029e770e..e3bf86b358 100644 --- a/defender-endpoint/defender-endpoint-demonstration-potentially-unwanted-applications.md +++ b/defender-endpoint/defender-endpoint-demonstration-potentially-unwanted-applications.md @@ -3,8 +3,8 @@ title: Microsoft Defender for Endpoint Potentially unwanted applications (PUA) d description: Demonstration to show how the Potentially Unwanted Applications (PUA) protection feature can identify and block PUAs from downloading and installing on endpoints. search.appverid: met150 ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/defender-endpoint-demonstration-smartscreen-url-reputation.md b/defender-endpoint/defender-endpoint-demonstration-smartscreen-url-reputation.md index e5d01be94c..ad4f22d6c1 100644 --- a/defender-endpoint/defender-endpoint-demonstration-smartscreen-url-reputation.md +++ b/defender-endpoint/defender-endpoint-demonstration-smartscreen-url-reputation.md @@ -3,8 +3,8 @@ title: Microsoft Defender for Endpoint SmartScreen URL reputation demonstrations description: Demonstrates how Microsoft Defender SmartScreen identifies phishing and malware websites based on URL reputation. search.appverid: met150 ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/defender-endpoint-demonstrations.md b/defender-endpoint/defender-endpoint-demonstrations.md index 6a4b6588a9..6ce5330a6f 100644 --- a/defender-endpoint/defender-endpoint-demonstrations.md +++ b/defender-endpoint/defender-endpoint-demonstrations.md @@ -3,8 +3,8 @@ title: Microsoft Defender for Endpoint demonstration scenarios description: Lists Microsoft Defender for Endpoint demonstration scenarios that you can run. search.appverid: met150 ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/defender-endpoint-false-positives-negatives.md b/defender-endpoint/defender-endpoint-false-positives-negatives.md index d813b95505..01fd974a54 100644 --- a/defender-endpoint/defender-endpoint-false-positives-negatives.md +++ b/defender-endpoint/defender-endpoint-false-positives-negatives.md @@ -3,8 +3,8 @@ title: Address false positives/negatives in Microsoft Defender for Endpoint description: Learn how to handle false positives or false negatives in Microsoft Defender for Endpoint. ms.service: defender-endpoint ms.subservice: ngp -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium ms.date: 07/18/2023 manager: deniseb diff --git a/defender-endpoint/defender-endpoint-plan-1.md b/defender-endpoint/defender-endpoint-plan-1.md index 5c37f4b482..11af838fbf 100644 --- a/defender-endpoint/defender-endpoint-plan-1.md +++ b/defender-endpoint/defender-endpoint-plan-1.md @@ -2,8 +2,8 @@ title: Overview of Microsoft Defender for Endpoint Plan 1 description: Get an overview of Defender for Endpoint Plan 1. Learn about the features and capabilities included in this endpoint protection subscription. search.appverid: MET150 -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb audience: ITPro ms.topic: overview diff --git a/defender-endpoint/defender-endpoint-subscription-settings.md b/defender-endpoint/defender-endpoint-subscription-settings.md index 3fcd57fe72..de2b1db7ad 100644 --- a/defender-endpoint/defender-endpoint-subscription-settings.md +++ b/defender-endpoint/defender-endpoint-subscription-settings.md @@ -2,8 +2,8 @@ title: Manage your Microsoft Defender for Endpoint subscription settings across client devices description: Learn about your options for managing your Defender for Endpoint subscription settings. Choose Plan 1, Plan 2, or mixed mode. search.appverid: MET150 -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb audience: ITPro ms.topic: overview diff --git a/defender-endpoint/defender-endpoint-trial-user-guide.md b/defender-endpoint/defender-endpoint-trial-user-guide.md index 68a341add1..8d23b64a6d 100644 --- a/defender-endpoint/defender-endpoint-trial-user-guide.md +++ b/defender-endpoint/defender-endpoint-trial-user-guide.md @@ -2,8 +2,8 @@ title: Trial user guide - Microsoft Defender for Endpoint description: Use this guide to get the most of your 90-day free trial. See how Defender for Endpoint can help prevent, detect, investigate, and respond to advanced threats. search.appverid: MET150 -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb audience: ITPro ms.topic: how-to diff --git a/defender-endpoint/deploy-manage-report-microsoft-defender-antivirus.md b/defender-endpoint/deploy-manage-report-microsoft-defender-antivirus.md index 52f7034abd..a4cdd722c1 100644 --- a/defender-endpoint/deploy-manage-report-microsoft-defender-antivirus.md +++ b/defender-endpoint/deploy-manage-report-microsoft-defender-antivirus.md @@ -5,8 +5,8 @@ ms.service: defender-endpoint ms.localizationpriority: medium ms.date: 03/23/2023 ms.topic: conceptual -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.custom: nextgen ms.reviewer: pahuijbr manager: deniseb diff --git a/defender-endpoint/deployment-strategy.md b/defender-endpoint/deployment-strategy.md index 5919bbbf7a..de6e82bfd1 100644 --- a/defender-endpoint/deployment-strategy.md +++ b/defender-endpoint/deployment-strategy.md @@ -2,8 +2,8 @@ title: Identify Defender for Endpoint architecture and deployment method description: Select the best Microsoft Defender for Endpoint deployment strategy for your environment. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/deployment-vdi-microsoft-defender-antivirus.md b/defender-endpoint/deployment-vdi-microsoft-defender-antivirus.md index dad323cee7..0badcfb8ef 100644 --- a/defender-endpoint/deployment-vdi-microsoft-defender-antivirus.md +++ b/defender-endpoint/deployment-vdi-microsoft-defender-antivirus.md @@ -4,8 +4,8 @@ description: Get an overview of how to configure Microsoft Defender Antivirus in ms.localizationpriority: medium ms.date: 08/22/2023 ms.topic: conceptual -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.custom: nextgen ms.reviewer: jesquive manager: deniseb diff --git a/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md b/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md index e218a2b0b8..c0265dee66 100644 --- a/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md +++ b/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md @@ -3,8 +3,8 @@ title: Block potentially unwanted applications with Microsoft Defender Antivirus description: Enable the potentially unwanted application (PUA) antivirus feature to block unwanted software such as adware. ms.service: defender-endpoint ms.localizationpriority: high -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.custom: nextgen audience: ITPro ms.reviewer: mimilone, julih diff --git a/defender-endpoint/device-control-deploy-manage-gpo.md b/defender-endpoint/device-control-deploy-manage-gpo.md index baf6b833a7..34cffe62d5 100644 --- a/defender-endpoint/device-control-deploy-manage-gpo.md +++ b/defender-endpoint/device-control-deploy-manage-gpo.md @@ -1,8 +1,8 @@ --- title: Deploy and manage device control in Microsoft Defender for Endpoint with Group Policy description: Learn how to deploy and manage device control in Defender for Endpoint using Group Policy -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb ms.date: 08/27/2024 ms.topic: overview diff --git a/defender-endpoint/device-control-deploy-manage-intune.md b/defender-endpoint/device-control-deploy-manage-intune.md index 38b1f758e1..2475aece6e 100644 --- a/defender-endpoint/device-control-deploy-manage-intune.md +++ b/defender-endpoint/device-control-deploy-manage-intune.md @@ -1,8 +1,8 @@ --- title: Deploy and manage device control in Microsoft Defender for Endpoint with Microsoft Intune description: Learn how to deploy and manage device control in Defender for Endpoint using Microsoft Intune -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb ms.date: 07/30/2024 ms.topic: overview diff --git a/defender-endpoint/device-control-faq.md b/defender-endpoint/device-control-faq.md index 5a06d82dff..290b7ea1ed 100644 --- a/defender-endpoint/device-control-faq.md +++ b/defender-endpoint/device-control-faq.md @@ -3,8 +3,8 @@ title: Microsoft Defender for Endpoint Device Control frequently asked questions description: Answers frequently asked questions about device control in Defender for Endpoint ms.service: defender-endpoint ms.subservice: asr -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/device-control-overview.md b/defender-endpoint/device-control-overview.md index 2837ab0e82..fd0d82174a 100644 --- a/defender-endpoint/device-control-overview.md +++ b/defender-endpoint/device-control-overview.md @@ -1,8 +1,8 @@ --- title: Device control in Microsoft Defender for Endpoint description: Get an overview of device control, including removable storage access control and device installation policies in Defender for Endpoint. -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb ms.date: 08/28/2024 ms.topic: overview @@ -45,7 +45,9 @@ Device control helps protect your organization from potential data loss, malware Device control capabilities from Microsoft can be organized into three main categories: device control in Windows, device control in Defender for Endpoint, and Endpoint Data Loss Prevention (Endpoint DLP). -- **Device control in Windows**. The Windows operating system has built-in device control capabilities. Your security team can configure device installation settings to prevent (or allow) users from installing certain devices on their computers. Policies are applied at the device level, and use various device properties to determine whether or not a user can install/use a device. Device control in Windows works with BitLocker and ADMX templates, and can be managed using Intune. +- **Device control in Windows**. The Windows operating system has built-in device control capabilities. Your security team can configure device installation settings to prevent (or allow) users from installing certain devices on their computers. Policies are applied at the device level, and use various device properties to determine whether or not a user can install/use a device. + + Device control in Windows works with BitLocker and ADMX templates, and can be managed using Intune. **BitLocker**. [BitLocker](/windows/security/operating-system-security/data-protection/encrypted-hard-drive) is a Windows security feature that provides encryption for entire volumes. BitLocker encryption can be required for writing to removable media. Together with [Intune](/mem/intune/fundamentals/what-is-intune), policies can be configured to enforce encryption on devices using BitLocker for Windows. For more information, see [Disk encryption policy settings for endpoint security in Intune](/mem/intune/protect/endpoint-security-disk-encryption-profile-settings). @@ -59,7 +61,8 @@ Device control capabilities from Microsoft can be organized into three main cate - Granular access control - create policies to control access by device, device type, operation (read, write, execute), user group, network location, or file type. - Reporting and advanced hunting - complete visibility into add device related activities. - Device control in Microsoft Defender can be managed using Intune or [Group Policy](device-control-deploy-manage-gpo.md). - - **Device control in Microsoft Defender and Intune**. Intune provides a rich experience for managing complex device control policies for organizations. You can configure and deploy device restriction settings in Defender for Endpoint, for example. See [Deploy and manage device control with Microsoft Intune](device-control-deploy-manage-intune.md). + +- **Device control in Microsoft Defender and Intune**. Intune provides a rich experience for managing complex device control policies for organizations. You can configure and deploy device restriction settings in Defender for Endpoint, for example. See [Deploy and manage device control with Microsoft Intune](device-control-deploy-manage-intune.md). - **Endpoint data loss prevention** (Endpoint DLP). Endpoint DLP monitors sensitive information on devices that are onboarded to Microsoft Purview solutions. DLP policies can enforce protective actions on sensitive information and where it's stored or used. Endpoint DLP can capture file evidence. [Learn about Endpoint DLP](/purview/endpoint-dlp-learn-about). diff --git a/defender-endpoint/device-control-report.md b/defender-endpoint/device-control-report.md index adfc3be9d7..d51ff48c3d 100644 --- a/defender-endpoint/device-control-report.md +++ b/defender-endpoint/device-control-report.md @@ -4,8 +4,8 @@ description: Monitor your organization's data security through device control re ms.service: defender-endpoint ms.localizationpriority: medium ms.date: 06/25/2024 -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.topic: conceptual manager: deniseb ms.reviewer: joshbregman diff --git a/defender-endpoint/device-control-walkthroughs.md b/defender-endpoint/device-control-walkthroughs.md index ac18fcb510..783b819785 100644 --- a/defender-endpoint/device-control-walkthroughs.md +++ b/defender-endpoint/device-control-walkthroughs.md @@ -1,8 +1,8 @@ --- title: Device control walkthroughs description: Learn how to work with device control in Defender for Endpoint. -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb ms.date: 02/14/2024 ms.topic: overview diff --git a/defender-endpoint/device-discovery-faq.md b/defender-endpoint/device-discovery-faq.md index 55f7ab9dd7..1800c8499d 100644 --- a/defender-endpoint/device-discovery-faq.md +++ b/defender-endpoint/device-discovery-faq.md @@ -5,8 +5,8 @@ ms.service: defender-endpoint ms.subservice: onboard f1.keywords: - NOCSH -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/device-discovery.md b/defender-endpoint/device-discovery.md index 99582bf44e..4c3b49df11 100644 --- a/defender-endpoint/device-discovery.md +++ b/defender-endpoint/device-discovery.md @@ -5,8 +5,8 @@ ms.service: defender-endpoint ms.subservice: onboard f1.keywords: - NOCSH -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/device-health-microsoft-defender-antivirus-health.md b/defender-endpoint/device-health-microsoft-defender-antivirus-health.md index 508854980c..f9cf8f3903 100644 --- a/defender-endpoint/device-health-microsoft-defender-antivirus-health.md +++ b/defender-endpoint/device-health-microsoft-defender-antivirus-health.md @@ -3,8 +3,8 @@ title: Device health Microsoft Defender Antivirus health report description: Use the Microsoft Defender Antivirus report to track antivirus status and Microsoft Defender Antivirus engine, intelligence, and platform versions. search.appverid: met150 ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium ms.date: 02/18/2024 manager: deniseb diff --git a/defender-endpoint/device-health-reports.md b/defender-endpoint/device-health-reports.md index f5bce76b4b..7921247ca2 100644 --- a/defender-endpoint/device-health-reports.md +++ b/defender-endpoint/device-health-reports.md @@ -3,8 +3,8 @@ title: Device health reporting in Microsoft Defender for Endpoint description: Use the device health report to track device health, antivirus status and versions, OS platforms, and Windows 10 versions. search.appverid: met150 ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium ms.date: 06/25/2024 manager: deniseb diff --git a/defender-endpoint/device-health-sensor-health-os.md b/defender-endpoint/device-health-sensor-health-os.md index 22bfa97bf3..68bf497627 100644 --- a/defender-endpoint/device-health-sensor-health-os.md +++ b/defender-endpoint/device-health-sensor-health-os.md @@ -3,8 +3,8 @@ title: Device health Sensor health & OS report description: Use the device health report to track device health, OS platforms, and Windows 10 versions. search.appverid: met150 ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium ms.date: 09/06/2022 manager: deniseb diff --git a/defender-endpoint/device-timeline-event-flag.md b/defender-endpoint/device-timeline-event-flag.md index 44e9ea2ee0..12e3fbb31c 100644 --- a/defender-endpoint/device-timeline-event-flag.md +++ b/defender-endpoint/device-timeline-event-flag.md @@ -3,8 +3,8 @@ title: Microsoft Defender for Endpoint device timeline description: Use Microsoft Defender for Endpoint device timeline and timeline event flags. keywords: Defender for Endpoint device timeline, event flags ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.reviewer: efratka, alonshar ms.localizationpriority: medium manager: deniseb diff --git a/defender-endpoint/download-client-analyzer.md b/defender-endpoint/download-client-analyzer.md index 624173dd70..50656abfe8 100644 --- a/defender-endpoint/download-client-analyzer.md +++ b/defender-endpoint/download-client-analyzer.md @@ -4,8 +4,8 @@ description: Learn how to download the Microsoft Defender for Endpoint Client An ms.service: defender-endpoint f1.keywords: - NOCSH -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/edr-block-mode-faqs.yml b/defender-endpoint/edr-block-mode-faqs.yml index 0c49f48991..570bb2340d 100644 --- a/defender-endpoint/edr-block-mode-faqs.yml +++ b/defender-endpoint/edr-block-mode-faqs.yml @@ -6,8 +6,8 @@ metadata: ms.subservice: ngp ms.localizationpriority: medium audience: ITPro - author: siosulli - ms.author: siosulli + author: denisebmsft + ms.author: deniseb ms.reviewer: sugamar, kausd manager: deniseb ms.custom: diff --git a/defender-endpoint/edr-detection.md b/defender-endpoint/edr-detection.md index 5d8f00d1f1..cc069e2fc4 100644 --- a/defender-endpoint/edr-detection.md +++ b/defender-endpoint/edr-detection.md @@ -2,8 +2,8 @@ title: EDR detection test for verifying device's onboarding and reporting service description: EDR detection test to verify the device's proper onboarding and reporting to the service. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/edr-in-block-mode.md b/defender-endpoint/edr-in-block-mode.md index 0e87996e61..a603bf5e13 100644 --- a/defender-endpoint/edr-in-block-mode.md +++ b/defender-endpoint/edr-in-block-mode.md @@ -1,8 +1,8 @@ --- title: Endpoint detection and response in block mode description: Learn about endpoint detection and response in block mode -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb ms.reviewer: pahuijbr, kausd audience: ITPro diff --git a/defender-endpoint/enable-attack-surface-reduction.md b/defender-endpoint/enable-attack-surface-reduction.md index a4c0d83742..27d381de5b 100644 --- a/defender-endpoint/enable-attack-surface-reduction.md +++ b/defender-endpoint/enable-attack-surface-reduction.md @@ -4,8 +4,8 @@ description: Enable attack surface reduction rules to protect your devices from ms.service: defender-endpoint ms.localizationpriority: medium audience: ITPro -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb ms.subservice: asr ms.topic: how-to diff --git a/defender-endpoint/enable-cloud-protection-microsoft-defender-antivirus.md b/defender-endpoint/enable-cloud-protection-microsoft-defender-antivirus.md index 3da6cf59ba..d4907af3a6 100644 --- a/defender-endpoint/enable-cloud-protection-microsoft-defender-antivirus.md +++ b/defender-endpoint/enable-cloud-protection-microsoft-defender-antivirus.md @@ -4,8 +4,8 @@ description: Turn on cloud protection to benefit from fast and advanced protecti ms.service: defender-endpoint ms.localizationpriority: medium ms.topic: how-to -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.date: 04/03/2024 ms.reviewer: pahuijbr manager: deniseb diff --git a/defender-endpoint/enable-controlled-folders.md b/defender-endpoint/enable-controlled-folders.md index 43d13d33a0..d4b8c2f8f0 100644 --- a/defender-endpoint/enable-controlled-folders.md +++ b/defender-endpoint/enable-controlled-folders.md @@ -5,8 +5,8 @@ ms.service: defender-endpoint ms.topic: conceptual ms.localizationpriority: medium audience: ITPro -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.reviewer: sugamar; moeghasemi manager: deniseb ms.subservice: asr diff --git a/defender-endpoint/enable-exploit-protection.md b/defender-endpoint/enable-exploit-protection.md index fe40079c8e..2706f0f362 100644 --- a/defender-endpoint/enable-exploit-protection.md +++ b/defender-endpoint/enable-exploit-protection.md @@ -4,8 +4,8 @@ description: Learn how to enable exploit protection in Windows. Exploit protecti ms.service: defender-endpoint ms.localizationpriority: medium audience: ITPro -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.reviewer: ksarens manager: deniseb ms.subservice: asr diff --git a/defender-endpoint/enable-troubleshooting-mode.md b/defender-endpoint/enable-troubleshooting-mode.md index 389a6c9803..d2d45b7c4f 100644 --- a/defender-endpoint/enable-troubleshooting-mode.md +++ b/defender-endpoint/enable-troubleshooting-mode.md @@ -3,8 +3,8 @@ title: Get started with troubleshooting mode in Microsoft Defender for Endpoint description: Turn on the Microsoft Defender for Endpoint troubleshooting mode to address various antivirus issues. search.appverid: met150 ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb ms.reviewer: pricci diff --git a/defender-endpoint/enable-update-mdav-to-latest-ws.md b/defender-endpoint/enable-update-mdav-to-latest-ws.md index ab2e1927eb..4962120fe9 100644 --- a/defender-endpoint/enable-update-mdav-to-latest-ws.md +++ b/defender-endpoint/enable-update-mdav-to-latest-ws.md @@ -2,8 +2,8 @@ title: Enable and update Microsoft Defender Antivirus on Windows Server description: Learn how to enable and update Microsoft Defender Antivirus on Windows Server ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: high ms.date: 05/08/2024 manager: deniseb diff --git a/defender-endpoint/evaluate-controlled-folder-access.md b/defender-endpoint/evaluate-controlled-folder-access.md index 7a3f604f3f..ac7b45021c 100644 --- a/defender-endpoint/evaluate-controlled-folder-access.md +++ b/defender-endpoint/evaluate-controlled-folder-access.md @@ -5,8 +5,8 @@ ms.service: defender-endpoint ms.localizationpriority: medium audience: ITPro ms.topic: conceptual -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.reviewer: sugamar, moeghasemi manager: deniseb ms.subservice: asr diff --git a/defender-endpoint/evaluate-exploit-protection.md b/defender-endpoint/evaluate-exploit-protection.md index 4ec3b10720..a3fd180106 100644 --- a/defender-endpoint/evaluate-exploit-protection.md +++ b/defender-endpoint/evaluate-exploit-protection.md @@ -4,8 +4,8 @@ description: See how Exploit Protection can prevent suspicious behaviors from oc ms.service: defender-endpoint ms.localizationpriority: medium audience: ITPro -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.reviewer: manager: deniseb ms.subservice: asr diff --git a/defender-endpoint/evaluate-mdav-using-gp.md b/defender-endpoint/evaluate-mdav-using-gp.md index edfac9252c..c6bfa46c67 100644 --- a/defender-endpoint/evaluate-mdav-using-gp.md +++ b/defender-endpoint/evaluate-mdav-using-gp.md @@ -4,7 +4,7 @@ description: Use this guide to evaluate and test the protection offered by Micro ms.service: defender-endpoint ms.localizationpriority: medium ms.topic: conceptual -author: deniseb +author: denisebmsft ms.author: deniseb ms.custom: nextgen ms.date: 05/10/2024 diff --git a/defender-endpoint/evaluate-network-protection.md b/defender-endpoint/evaluate-network-protection.md index e615584aae..4cdb97d5d6 100644 --- a/defender-endpoint/evaluate-network-protection.md +++ b/defender-endpoint/evaluate-network-protection.md @@ -5,8 +5,8 @@ ms.service: defender-endpoint ms.localizationpriority: medium audience: ITPro ms.topic: conceptual -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.reviewer: yongrhee manager: deniseb ms.subservice: asr diff --git a/defender-endpoint/event-error-codes.md b/defender-endpoint/event-error-codes.md index 551697bba3..d2cc8bc353 100644 --- a/defender-endpoint/event-error-codes.md +++ b/defender-endpoint/event-error-codes.md @@ -2,8 +2,8 @@ title: Review events and errors using Event Viewer description: Get descriptions and further troubleshooting steps (if necessary) for all events reported by the Microsoft Defender for Endpoint service. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/exclude-devices.md b/defender-endpoint/exclude-devices.md index 479d5bf0fd..e1330955d6 100644 --- a/defender-endpoint/exclude-devices.md +++ b/defender-endpoint/exclude-devices.md @@ -2,8 +2,8 @@ title: Exclude devices in Microsoft Defender for Endpoint description: Exclude devices from the device inventory list ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/exploit-protection-reference.md b/defender-endpoint/exploit-protection-reference.md index df467aa29b..88ab46e046 100644 --- a/defender-endpoint/exploit-protection-reference.md +++ b/defender-endpoint/exploit-protection-reference.md @@ -4,8 +4,8 @@ description: Details on how the exploit protection feature works in Windows ms.service: defender-endpoint ms.localizationpriority: medium audience: ITPro -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.reviewer: cjacks manager: deniseb ms.custom: asr diff --git a/defender-endpoint/exploit-protection.md b/defender-endpoint/exploit-protection.md index a4ac79418c..08243d8810 100644 --- a/defender-endpoint/exploit-protection.md +++ b/defender-endpoint/exploit-protection.md @@ -4,8 +4,8 @@ description: Protect devices against exploits with Windows 10 or Windows 11. Win ms.service: defender-endpoint ms.localizationpriority: high audience: ITPro -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.reviewer: manager: deniseb ms.custom: asr diff --git a/defender-endpoint/faqs-on-tamper-protection.yml b/defender-endpoint/faqs-on-tamper-protection.yml index c5ec434a3c..7430012b1f 100644 --- a/defender-endpoint/faqs-on-tamper-protection.yml +++ b/defender-endpoint/faqs-on-tamper-protection.yml @@ -6,8 +6,8 @@ metadata: ms.subservice: ngp ms.localizationpriority: medium audience: ITPro - author: siosulli - ms.author: siosulli + author: denisebmsft + ms.author: deniseb ms.reviewer: joshbregman, sugamar manager: deniseb ms.topic: faq diff --git a/defender-endpoint/feedback-loop-blocking.md b/defender-endpoint/feedback-loop-blocking.md index 2cc3b13ec0..fbfabc0420 100644 --- a/defender-endpoint/feedback-loop-blocking.md +++ b/defender-endpoint/feedback-loop-blocking.md @@ -2,8 +2,8 @@ title: Feedback-loop blocking description: Feedback-loop blocking, also called rapid protection, is part of behavioral blocking and containment capabilities in Microsoft Defender for Endpoint keywords: behavioral blocking, rapid protection, feedback blocking, Microsoft Defender for Endpoint -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb ms.reviewer: shwetaj audience: ITPro diff --git a/defender-endpoint/find-defender-malware-name.md b/defender-endpoint/find-defender-malware-name.md index 557356ed2b..c4a34d2236 100644 --- a/defender-endpoint/find-defender-malware-name.md +++ b/defender-endpoint/find-defender-malware-name.md @@ -3,8 +3,8 @@ title: Find malware detection names for Microsoft Defender for Endpoint description: How to find the names for the latest malware detections in Defender for Endpoint ms.service: defender-endpoint ms.subservice: edr -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/fix-unhealthy-sensors.md b/defender-endpoint/fix-unhealthy-sensors.md index 78f455dd2a..24252ec846 100644 --- a/defender-endpoint/fix-unhealthy-sensors.md +++ b/defender-endpoint/fix-unhealthy-sensors.md @@ -2,8 +2,8 @@ title: Fix unhealthy sensors in Microsoft Defender for Endpoint description: Fix device sensors that are reporting as misconfigured or inactive so that the service receives data from the device. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/get-started-partner-integration.md b/defender-endpoint/get-started-partner-integration.md index 6459847696..1659a922e7 100644 --- a/defender-endpoint/get-started-partner-integration.md +++ b/defender-endpoint/get-started-partner-integration.md @@ -4,8 +4,8 @@ ms.reviewer: description: Learn the steps and requirements to integrate your solution with Microsoft Defender for Endpoint and be a partner. ms.service: defender-endpoint ms.subservice: onboard -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/gov.md b/defender-endpoint/gov.md index 9c34b3c5fd..9e90e92d62 100644 --- a/defender-endpoint/gov.md +++ b/defender-endpoint/gov.md @@ -3,11 +3,11 @@ title: Microsoft Defender for Endpoint for US Government customers description: Learn about the Microsoft Defender for Endpoint for US Government customers requirements and capabilities available search.appverid: met150 ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.reviewer: jesquive ms.localizationpriority: medium -ms.date: 05/08/2024 +ms.date: 09/24/2024 manager: deniseb audience: ITPro ms.collection: @@ -182,6 +182,8 @@ These are the features and known gaps for [Mobile Threat Defense (Microsoft Defe > [!NOTE] > -> 1 The Defender Vulnerability Management Report inaccuracy functionality is not available for GCC, GCC High and DoD customers. +> 1 The following Defender Vulnerability Management functionality is not available for GCC, GCC High and DoD customers: +> - Report inaccuracy +> - Request CVE support [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)] diff --git a/defender-endpoint/grant-mssp-access.md b/defender-endpoint/grant-mssp-access.md index e23b27f8ec..6d921d5729 100644 --- a/defender-endpoint/grant-mssp-access.md +++ b/defender-endpoint/grant-mssp-access.md @@ -3,8 +3,8 @@ title: Grant access to managed security service provider (MSSP) description: Take the necessary steps to configure MSSP integration with the Microsoft Defender for Endpoint. ms.service: defender-endpoint ms.subservice: onboard -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/health-status.md b/defender-endpoint/health-status.md index a5717929a3..b042f75141 100644 --- a/defender-endpoint/health-status.md +++ b/defender-endpoint/health-status.md @@ -2,8 +2,8 @@ title: Investigate agent health issues description: Learn about the values returned when running the mdatp health command ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/host-firewall-reporting.md b/defender-endpoint/host-firewall-reporting.md index 84c6a3bf8d..7f51ff7c19 100644 --- a/defender-endpoint/host-firewall-reporting.md +++ b/defender-endpoint/host-firewall-reporting.md @@ -6,8 +6,8 @@ ms.localizationpriority: medium ms.date: 04/11/2024 audience: ITPro ms.topic: conceptual -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb ms.subservice: asr ms.collection: diff --git a/defender-endpoint/import-export-exploit-protection-emet-xml.md b/defender-endpoint/import-export-exploit-protection-emet-xml.md index eb198b4dc8..b92a3ac6ca 100644 --- a/defender-endpoint/import-export-exploit-protection-emet-xml.md +++ b/defender-endpoint/import-export-exploit-protection-emet-xml.md @@ -5,8 +5,8 @@ ms.service: defender-endpoint ms.localizationpriority: medium audience: ITPro ms.topic: conceptual -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.reviewer: manager: deniseb ms.subservice: asr diff --git a/defender-endpoint/indicator-certificates.md b/defender-endpoint/indicator-certificates.md index f6bc911026..5ea6575e82 100644 --- a/defender-endpoint/indicator-certificates.md +++ b/defender-endpoint/indicator-certificates.md @@ -3,8 +3,8 @@ title: Create indicators based on certificates ms.reviewer: description: Create indicators based on certificates that define the detection, prevention, and exclusion of entities. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/indicator-file.md b/defender-endpoint/indicator-file.md index 789bfe7d4a..9f76936715 100644 --- a/defender-endpoint/indicator-file.md +++ b/defender-endpoint/indicator-file.md @@ -3,8 +3,8 @@ title: Create indicators for files ms.reviewer: yongrhee description: Create indicators for a file hash that define the detection, prevention, and exclusion of entities. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium ms.date: 09/03/2024 manager: deniseb diff --git a/defender-endpoint/indicator-ip-domain.md b/defender-endpoint/indicator-ip-domain.md index e30096fbf3..c00198dd66 100644 --- a/defender-endpoint/indicator-ip-domain.md +++ b/defender-endpoint/indicator-ip-domain.md @@ -3,8 +3,8 @@ title: Create indicators for IPs and URLs/domains ms.reviewer: thdoucet description: Create indicators for IPs and URLs/domains that define the detection, prevention, and exclusion of entities. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/indicator-manage.md b/defender-endpoint/indicator-manage.md index f05c98c823..c90288d458 100644 --- a/defender-endpoint/indicator-manage.md +++ b/defender-endpoint/indicator-manage.md @@ -3,8 +3,8 @@ title: Manage indicators ms.reviewer: description: Manage indicators for a file hash, IP address, URLs, or domains that define the detection, prevention, and exclusion of entities. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/information-protection-investigation.md b/defender-endpoint/information-protection-investigation.md index 1c988ccfe7..75b45219a3 100644 --- a/defender-endpoint/information-protection-investigation.md +++ b/defender-endpoint/information-protection-investigation.md @@ -2,8 +2,8 @@ title: Use Microsoft Defender for Endpoint sensitivity labels to protect your data and prioritize security incident response description: Learn how to use Defender for Endpoint sensitivity labels to protect, prioritize, and investigate incidents that involve data loss, dlp, security incidents. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/internet-facing-devices.md b/defender-endpoint/internet-facing-devices.md index 9d06a72fad..f6eaecadab 100644 --- a/defender-endpoint/internet-facing-devices.md +++ b/defender-endpoint/internet-facing-devices.md @@ -3,8 +3,8 @@ title: Identify internet-facing devices in Microsoft Defender for Endpoint description: Identify internet-facing devices in the device inventory list ms.service: defender-endpoint ms.subservice: onboard -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/investigate-alerts.md b/defender-endpoint/investigate-alerts.md index 20884cb9a8..d3f27b2d9b 100644 --- a/defender-endpoint/investigate-alerts.md +++ b/defender-endpoint/investigate-alerts.md @@ -2,8 +2,8 @@ title: Investigate Microsoft Defender for Endpoint alerts description: Use the investigation options to get details on alerts are affecting your network, what they mean, and how to resolve them. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/investigate-behind-proxy.md b/defender-endpoint/investigate-behind-proxy.md index 8c8f7d0293..f00b4a9578 100644 --- a/defender-endpoint/investigate-behind-proxy.md +++ b/defender-endpoint/investigate-behind-proxy.md @@ -2,8 +2,8 @@ title: Investigate connection events that occur behind forward proxies description: Learn how to use advanced HTTP level monitoring through network protection in Microsoft Defender for Endpoint, which surfaces a real target, instead of a proxy. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/investigate-incidents.md b/defender-endpoint/investigate-incidents.md index 571a9c8a05..7db99e625d 100644 --- a/defender-endpoint/investigate-incidents.md +++ b/defender-endpoint/investigate-incidents.md @@ -3,8 +3,8 @@ title: Investigate incidents in Microsoft Defender for Endpoint description: See associated alerts, manage the incident, and see alert metadata to help you investigate an incident search.appverid: met150 ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/investigate-ip.md b/defender-endpoint/investigate-ip.md index 3024788f32..4078222196 100644 --- a/defender-endpoint/investigate-ip.md +++ b/defender-endpoint/investigate-ip.md @@ -2,8 +2,8 @@ title: Investigate an IP address associated with an alert description: Use the investigation options to examine possible communication between devices and external IP addresses. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/investigate-machines.md b/defender-endpoint/investigate-machines.md index 3029c5178a..f6a0d331fa 100644 --- a/defender-endpoint/investigate-machines.md +++ b/defender-endpoint/investigate-machines.md @@ -2,8 +2,8 @@ title: Investigate devices in the Defender for Endpoint Devices list description: Investigate affected devices by reviewing alerts, network connection information, adding device tags and groups, and checking the service health. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/investigate-user.md b/defender-endpoint/investigate-user.md index 8c2f44f536..ba6901d845 100644 --- a/defender-endpoint/investigate-user.md +++ b/defender-endpoint/investigate-user.md @@ -2,8 +2,8 @@ title: Investigate a user account in Microsoft Defender for Endpoint description: Investigate a user account for potential compromised credentials or pivot on the associated user account during an investigation. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/ios-configure-features.md b/defender-endpoint/ios-configure-features.md index 27eaf4a264..62a7eb28cb 100644 --- a/defender-endpoint/ios-configure-features.md +++ b/defender-endpoint/ios-configure-features.md @@ -2,8 +2,8 @@ title: Configure Microsoft Defender for Endpoint on iOS features description: Describes how to deploy Microsoft Defender for Endpoint on iOS features. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/ios-install-unmanaged.md b/defender-endpoint/ios-install-unmanaged.md index 539c961e69..871a04f419 100644 --- a/defender-endpoint/ios-install-unmanaged.md +++ b/defender-endpoint/ios-install-unmanaged.md @@ -2,8 +2,8 @@ title: Deploy Microsoft Defender for Endpoint on iOS with Mobile Application Management description: Describes how to deploy Microsoft Defender for Endpoint on unenrolled iOS devices. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.reviewer: sunasing ms.localizationpriority: medium manager: deniseb diff --git a/defender-endpoint/ios-install.md b/defender-endpoint/ios-install.md index b18d4678ad..1572cee192 100644 --- a/defender-endpoint/ios-install.md +++ b/defender-endpoint/ios-install.md @@ -3,8 +3,8 @@ title: Deploy Microsoft Defender for Endpoint on iOS with Microsoft Intune ms.reviewer: description: Describes how to deploy Microsoft Defender for Endpoint on iOS using an app. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/ios-privacy.md b/defender-endpoint/ios-privacy.md index 761de0dbad..9e047dc68c 100644 --- a/defender-endpoint/ios-privacy.md +++ b/defender-endpoint/ios-privacy.md @@ -3,8 +3,8 @@ title: Privacy information - Microsoft Defender for Endpoint on iOS ms.reviewer: description: Describes privacy information for Microsoft Defender for Endpoint on iOS ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/ios-troubleshoot.md b/defender-endpoint/ios-troubleshoot.md index 5abb5b12ef..32d62c0e0c 100644 --- a/defender-endpoint/ios-troubleshoot.md +++ b/defender-endpoint/ios-troubleshoot.md @@ -2,8 +2,8 @@ title: Troubleshoot issues and find answers on FAQs related to Microsoft Defender for Endpoint on iOS description: Troubleshooting and FAQ - Microsoft Defender for Endpoint on iOS ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/ios-whatsnew.md b/defender-endpoint/ios-whatsnew.md index 760d2d9781..3e5b548ea3 100644 --- a/defender-endpoint/ios-whatsnew.md +++ b/defender-endpoint/ios-whatsnew.md @@ -2,8 +2,8 @@ title: What's new in Microsoft Defender for Endpoint on iOS description: Learn about the major changes for previous versions of Microsoft Defender for Endpoint on iOS. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.reviewer: sunasing ms.localizationpriority: medium ms.date: 06/12/2024 diff --git a/defender-endpoint/limited-periodic-scanning-microsoft-defender-antivirus.md b/defender-endpoint/limited-periodic-scanning-microsoft-defender-antivirus.md index 08ccab2ad9..9417de509b 100644 --- a/defender-endpoint/limited-periodic-scanning-microsoft-defender-antivirus.md +++ b/defender-endpoint/limited-periodic-scanning-microsoft-defender-antivirus.md @@ -4,8 +4,8 @@ description: Limited periodic scanning lets you use Microsoft Defender Antivirus ms.service: defender-endpoint ms.localizationpriority: medium ms.topic: conceptual -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.custom: nextgen ms.date: 02/18/2024 ms.reviewer: yongrhee diff --git a/defender-endpoint/linux-deploy-defender-for-endpoint-with-chef.md b/defender-endpoint/linux-deploy-defender-for-endpoint-with-chef.md index c51a9200b1..5c893303c5 100644 --- a/defender-endpoint/linux-deploy-defender-for-endpoint-with-chef.md +++ b/defender-endpoint/linux-deploy-defender-for-endpoint-with-chef.md @@ -2,8 +2,8 @@ title: How to Deploy Defender for Endpoint on Linux with Chef description: Learn how to deploy Defender for Endpoint on Linux with Chef. ms.service: defender-endpoint -ms.author: dansimp -author: dansimp +ms.author: deniseb +author: denisebmsft ms.reviewer: gopkr ms.localizationpriority: medium manager: deniseb diff --git a/defender-endpoint/linux-exclusions.md b/defender-endpoint/linux-exclusions.md index c52d809a78..9f95385a71 100644 --- a/defender-endpoint/linux-exclusions.md +++ b/defender-endpoint/linux-exclusions.md @@ -2,8 +2,8 @@ title: Configure and validate exclusions for Microsoft Defender for Endpoint on Linux description: Provide and validate exclusions for Microsoft Defender for Endpoint on Linux. Exclusions can be set for files, folders, and processes. ms.service: defender-endpoint -ms.author: dansimp -author: dansimp +ms.author: deniseb +author: denisebmsft ms.reviewer: gopkr, ardeshmukh ms.localizationpriority: medium manager: deniseb diff --git a/defender-endpoint/linux-install-manually.md b/defender-endpoint/linux-install-manually.md index 500f6c9d17..7bb0dd1417 100644 --- a/defender-endpoint/linux-install-manually.md +++ b/defender-endpoint/linux-install-manually.md @@ -2,8 +2,8 @@ title: Deploy Microsoft Defender for Endpoint on Linux manually description: Describes how to deploy Microsoft Defender for Endpoint on Linux manually from the command line. ms.service: defender-endpoint -ms.author: dansimp -author: dansimp +ms.author: deniseb +author: denisebmsft ms.reviewer: gopkr ms.localizationpriority: medium manager: deniseb diff --git a/defender-endpoint/linux-install-with-ansible.md b/defender-endpoint/linux-install-with-ansible.md index 22fc3215f8..012590641e 100644 --- a/defender-endpoint/linux-install-with-ansible.md +++ b/defender-endpoint/linux-install-with-ansible.md @@ -3,8 +3,8 @@ title: Deploy Microsoft Defender for Endpoint on Linux with Ansible ms.reviewer: gopkr description: Describes how to deploy Microsoft Defender for Endpoint on Linux using Ansible. ms.service: defender-endpoint -ms.author: dansimp -author: dansimp +ms.author: deniseb +author: deniseb ms.localizationpriority: medium manager: deniseb audience: ITPro @@ -15,7 +15,7 @@ ms.collection: ms.topic: conceptual ms.subservice: linux search.appverid: met150 -ms.date: 07/10/2024 +ms.date: 09/19/2024 --- # Deploy Microsoft Defender for Endpoint on Linux with Ansible @@ -192,8 +192,12 @@ Create a subtask or role files that contribute to a playbook or task. ```Output - hosts: servers tasks: - - include: ../roles/onboarding_setup.yml - - include: ../roles/add_apt_repo.yml + - name: include onboarding tasks + import_tasks: + file: ../roles/onboarding_setup.yml + - name: add apt repository + import_tasks: + file: ../roles/add_apt_repo.yml - name: Install MDATP apt: name: mdatp @@ -221,8 +225,12 @@ Create a subtask or role files that contribute to a playbook or task. ```Output - hosts: servers tasks: - - include: ../roles/onboarding_setup.yml - - include: ../roles/add_yum_repo.yml + - name: include onboarding tasks + import_tasks: + file: ../roles/onboarding_setup.yml + - name: add apt repository + import_tasks: + file: ../roles/add_yum_repo.yml - name: Install MDATP dnf: name: mdatp diff --git a/defender-endpoint/linux-install-with-puppet.md b/defender-endpoint/linux-install-with-puppet.md index 8b80ada594..96a27fe229 100644 --- a/defender-endpoint/linux-install-with-puppet.md +++ b/defender-endpoint/linux-install-with-puppet.md @@ -3,8 +3,8 @@ title: Deploy Microsoft Defender for Endpoint on Linux with Puppet ms.reviewer: gopkr description: Describes how to deploy Microsoft Defender for Endpoint on Linux using Puppet. ms.service: defender-endpoint -ms.author: dansimp -author: dansimp +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/linux-install-with-saltack.md b/defender-endpoint/linux-install-with-saltack.md index ad56882fd4..42e191961a 100644 --- a/defender-endpoint/linux-install-with-saltack.md +++ b/defender-endpoint/linux-install-with-saltack.md @@ -3,8 +3,8 @@ title: Deploy Microsoft Defender for Endpoint on Linux with SaltStack ms.reviewer: dmcwee, gopkr description: Describes how to deploy Microsoft Defender for Endpoint on Linux using Saltstack. ms.service: defender-endpoint -ms.author: dansimp -author: dansimp +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/linux-preferences.md b/defender-endpoint/linux-preferences.md index 19234a6add..c80caa518c 100644 --- a/defender-endpoint/linux-preferences.md +++ b/defender-endpoint/linux-preferences.md @@ -3,8 +3,8 @@ title: Set preferences for Microsoft Defender for Endpoint on Linux ms.reviewer: gopkr, ardeshmukh description: Describes how to configure Microsoft Defender for Endpoint on Linux in enterprises. ms.service: defender-endpoint -ms.author: dansimp -author: dansimp +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium ms.date: 08/28/2024 manager: deniseb diff --git a/defender-endpoint/linux-privacy.md b/defender-endpoint/linux-privacy.md index bb99cc32fd..cbef2bb3b7 100644 --- a/defender-endpoint/linux-privacy.md +++ b/defender-endpoint/linux-privacy.md @@ -2,8 +2,8 @@ title: Privacy for Microsoft Defender for Endpoint on Linux description: Privacy controls, how to configure policy settings that impact privacy and information about the diagnostic data that is collected in Microsoft Defender for Endpoint on Linux. ms.service: defender-endpoint -ms.author: dansimp -author: dansimp +ms.author: deniseb +author: denisebmsft ms.reviewer: gopkr ms.localizationpriority: medium manager: deniseb diff --git a/defender-endpoint/linux-pua.md b/defender-endpoint/linux-pua.md index 6b5b6ead9a..aeefebea13 100644 --- a/defender-endpoint/linux-pua.md +++ b/defender-endpoint/linux-pua.md @@ -2,8 +2,8 @@ title: Detect and block potentially unwanted applications with Microsoft Defender for Endpoint on Linux description: Detect and block Potentially Unwanted Applications (PUA) using Microsoft Defender for Endpoint on Linux. ms.service: defender-endpoint -ms.author: dansimp -author: dansimp +ms.author: deniseb +author: denisebmsft ms.reviewer: gopkr ms.localizationpriority: medium manager: deniseb diff --git a/defender-endpoint/linux-resources.md b/defender-endpoint/linux-resources.md index 3f4989e23c..8a9fb510f6 100644 --- a/defender-endpoint/linux-resources.md +++ b/defender-endpoint/linux-resources.md @@ -3,8 +3,8 @@ title: Microsoft Defender for Endpoint on Linux resources ms.reviewer: gopkr description: Describes resources for Microsoft Defender for Endpoint on Linux, including how to uninstall it, how to collect diagnostic logs, CLI commands, and known issues with the product. ms.service: defender-endpoint -ms.author: dansimp -author: dansimp +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/linux-schedule-scan-mde.md b/defender-endpoint/linux-schedule-scan-mde.md index 664fbe9edb..0db471d8d8 100644 --- a/defender-endpoint/linux-schedule-scan-mde.md +++ b/defender-endpoint/linux-schedule-scan-mde.md @@ -2,8 +2,8 @@ title: How to schedule scans with Microsoft Defender for Endpoint (Linux) description: Learn how to schedule an automatic scanning time for Microsoft Defender for Endpoint (Linux) to better protect your organization's assets. ms.service: defender-endpoint -ms.author: dansimp -author: dansimp +ms.author: deniseb +author: denisebmsft ms.reviewer: gopkr ms.localizationpriority: medium manager: deniseb diff --git a/defender-endpoint/linux-static-proxy-configuration.md b/defender-endpoint/linux-static-proxy-configuration.md index 566c60d41b..135ea57c0c 100644 --- a/defender-endpoint/linux-static-proxy-configuration.md +++ b/defender-endpoint/linux-static-proxy-configuration.md @@ -3,8 +3,8 @@ title: Microsoft Defender for Endpoint on Linux static proxy discovery ms.reviewer: gopkr description: Describes how to configure Microsoft Defender for Endpoint on Linux, for static proxy discovery. ms.service: defender-endpoint -ms.author: dansimp -author: dansimp +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/linux-support-connectivity.md b/defender-endpoint/linux-support-connectivity.md index 19ada531d5..79b014642d 100644 --- a/defender-endpoint/linux-support-connectivity.md +++ b/defender-endpoint/linux-support-connectivity.md @@ -3,8 +3,8 @@ title: Troubleshoot cloud connectivity issues for Microsoft Defender for Endpoin ms.reviewer: gopkr description: Learn how to troubleshoot cloud connectivity issues for Microsoft Defender for Endpoint on Linux. ms.service: defender-endpoint -ms.author: dansimp -author: dansimp +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/linux-support-ebpf.md b/defender-endpoint/linux-support-ebpf.md index 4b80e22656..8088745d32 100644 --- a/defender-endpoint/linux-support-ebpf.md +++ b/defender-endpoint/linux-support-ebpf.md @@ -2,8 +2,8 @@ title: Use eBPF-based sensor for Microsoft Defender for Endpoint on Linux description: eBPF-based sensor deployment in Microsoft Defender for Endpoint on Linux. ms.service: defender-endpoint -ms.author: dansimp -author: dansimp +ms.author: deniseb +author: deniseb ms.reviewer: gopkr ms.localizationpriority: medium manager: deniseb diff --git a/defender-endpoint/linux-support-events.md b/defender-endpoint/linux-support-events.md index 0096b9065b..58ed63079c 100644 --- a/defender-endpoint/linux-support-events.md +++ b/defender-endpoint/linux-support-events.md @@ -2,8 +2,8 @@ title: Troubleshoot missing events or alerts issues for Microsoft Defender for Endpoint on Linux description: Troubleshoot missing events or alerts issues in Microsoft Defender for Endpoint on Linux. ms.service: defender-endpoint -ms.author: dansimp -author: dansimp +ms.author: deniseb +author: deniseb ms.reviewer: gopkr ms.localizationpriority: medium manager: deniseb diff --git a/defender-endpoint/linux-support-install.md b/defender-endpoint/linux-support-install.md index 9ea7ca1456..6cd565f1da 100644 --- a/defender-endpoint/linux-support-install.md +++ b/defender-endpoint/linux-support-install.md @@ -3,8 +3,8 @@ title: Troubleshoot installation issues for Microsoft Defender for Endpoint on L ms.reviewer: gopkr description: Troubleshoot installation issues for Microsoft Defender for Endpoint on Linux. ms.service: defender-endpoint -ms.author: dansimp -author: dansimp +ms.author: deniseb +author: deniseb ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/linux-support-offline-security-intelligence-update.md b/defender-endpoint/linux-support-offline-security-intelligence-update.md index 91f0ba0d33..86939a40da 100644 --- a/defender-endpoint/linux-support-offline-security-intelligence-update.md +++ b/defender-endpoint/linux-support-offline-security-intelligence-update.md @@ -3,8 +3,8 @@ title: Configure Offline Security Intelligence Update for Microsoft Defender for description: Offline Security Intelligence Update in Microsoft Defender for Endpoint on Linux. ms.service: defender-endpoint ms.subservice: linux -ms.author: dansimp -author: dansimp +ms.author: deniseb +author: deniseb ms.reviewer: gopkr ms.localizationpriority: medium manager: deniseb diff --git a/defender-endpoint/linux-support-perf.md b/defender-endpoint/linux-support-perf.md index 082ef0454d..e910e9ccd7 100644 --- a/defender-endpoint/linux-support-perf.md +++ b/defender-endpoint/linux-support-perf.md @@ -2,8 +2,8 @@ title: Troubleshoot performance issues for Microsoft Defender for Endpoint on Linux description: Troubleshoot performance issues in Microsoft Defender for Endpoint on Linux. ms.service: defender-endpoint -ms.author: dansimp -author: dansimp +ms.author: deniseb +author: deniseb ms.reviewer: gopkr ms.localizationpriority: medium ms.date: 05/01/2024 diff --git a/defender-endpoint/linux-support-rhel.md b/defender-endpoint/linux-support-rhel.md index 33d387b433..82d04e9492 100644 --- a/defender-endpoint/linux-support-rhel.md +++ b/defender-endpoint/linux-support-rhel.md @@ -3,8 +3,8 @@ title: Troubleshoot issues for Microsoft Defender for Endpoint on Linux RHEL6 description: Troubleshoot cloud connectivity issues for Microsoft Defender for Endpoint on Linux search.appverid: met150 ms.service: defender-endpoint -ms.author: dansimp -author: dansimp +ms.author: deniseb +author: deniseb ms.reviewer: gopkr ms.localizationpriority: medium manager: deniseb diff --git a/defender-endpoint/linux-update-mde-linux.md b/defender-endpoint/linux-update-mde-linux.md index 697cf3a0d3..ad36907588 100644 --- a/defender-endpoint/linux-update-mde-linux.md +++ b/defender-endpoint/linux-update-mde-linux.md @@ -2,8 +2,8 @@ title: How to schedule an update of the Microsoft Defender for Endpoint (Linux) description: Learn how to schedule an update of the Microsoft Defender for Endpoint (Linux) to better protect your organization's assets. ms.service: defender-endpoint -ms.author: dansimp -author: dansimp +ms.author: deniseb +author: denisebmsft ms.reviewer: gopkr ms.localizationpriority: medium manager: deniseb diff --git a/defender-endpoint/linux-updates.md b/defender-endpoint/linux-updates.md index c2ddf2f7a9..008da06f80 100644 --- a/defender-endpoint/linux-updates.md +++ b/defender-endpoint/linux-updates.md @@ -2,8 +2,8 @@ title: Deploy updates for Microsoft Defender for Endpoint on Linux description: Describes how to deploy updates for Microsoft Defender for Endpoint on Linux in enterprise environments. ms.service: defender-endpoint -ms.author: dansimp -author: dansimp +ms.author: deniseb +author: deniseb ms.reviewer: gopkr ms.localizationpriority: medium manager: deniseb diff --git a/defender-endpoint/linux-whatsnew.md b/defender-endpoint/linux-whatsnew.md index 150385ed68..fce594e31f 100644 --- a/defender-endpoint/linux-whatsnew.md +++ b/defender-endpoint/linux-whatsnew.md @@ -2,11 +2,11 @@ title: What's new in Microsoft Defender for Endpoint on Linux description: List of major changes for Microsoft Defender for Endpoint on Linux. ms.service: defender-endpoint -ms.author: dansimp -author: dansimp +ms.author: deniseb +author: denisebmsft ms.reviewer: kumasumit, gopkr ms.localizationpriority: medium -ms.date: 08/22/2024 +ms.date: 09/20/2024 manager: deniseb audience: ITPro ms.collection: @@ -42,8 +42,26 @@ This article is updated frequently to let you know what's new in the latest rele > > Review your current Defender for Endpoint on Linux deployment, and begin planning your migration to the eBPF-supported build. For more information on eBPF and how it works, see [Use eBPF-based sensor for Microsoft Defender for Endpoint on Linux](/defender-endpoint/linux-support-ebpf). > -> If you have any concerns or need assistance during this transition, please reach out to our support team. +> If you have any concerns or need assistance during this transition, contact support. +
+ Sept-2024 (Build: 101.24072.0001 | Release version: 30.124072.0001.0) + +## Sept-2024 Build: 101.24072.0001 | Release version: 30.124072.0001.0 + + Released: **September 23, 2024**
+ Published: **September 23, 2024**
+ Build: **101.24072.0001**
+ Release version: **30.124072.0001.0**
+ Engine version: **1.1.24060.6**
+ Signature version: **1.415.228.0**
+ +**What's new** + +- Added support for Ubuntu 24.04 +- Updated default engine version to `1.1.24060.6` and default signatures version to `1.415.228.0`. + +
July-2024 (Build: 101.24062.0001 | Release version: 30.124062.0001.0) @@ -71,14 +89,14 @@ There are multiple fixes and new changes in this release.
- June-2024 (Build: 101.24052.0002 | Release version: 30.24052.0002.0) + June-2024 (Build: 101.24052.0002 | Release version: 30.124052.0002.0) ## June-2024 Build: 101.24052.0002 | Release version: 30.124052.0002.0  Released: **June 24, 2024**
 Published: **June 24, 2024**
 Build: **101.24052.0002**
- Release version: **30.24052.0002.0**
+ Release version: **30.124052.0002.0**
 Engine version: **1.1.24040.2**
 Signature version: **1.411.153.0**
@@ -93,14 +111,14 @@ There are multiple fixes and new changes in this release.
- May-2024 (Build: 101.24042.0002 | Release version: 30.24042.0002.0) + May-2024 (Build: 101.24042.0002 | Release version: 30.124042.0002.0) ## May-2024 Build: 101.24042.0002 | Release version: 30.124042.0002.0  Released: **May 29, 2024**
 Published: **May 29, 2024**
 Build: **101.24042.0002**
- Release version: **30.24042.0002.0**
+ Release version: **30.124042.0002.0**
 Engine version: **1.1.24030.4**
 Signature version: **1.407.521.0**
diff --git a/defender-endpoint/live-response-library-methods.md b/defender-endpoint/live-response-library-methods.md index 07237c5d9d..17364f81b5 100644 --- a/defender-endpoint/live-response-library-methods.md +++ b/defender-endpoint/live-response-library-methods.md @@ -5,8 +5,8 @@ search.appverid: met150 ms.service: defender-endpoint f1.keywords: - NOCSH -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/mac-troubleshoot-netext-mde.md b/defender-endpoint/mac-troubleshoot-netext-mde.md new file mode 100644 index 0000000000..22aad570c9 --- /dev/null +++ b/defender-endpoint/mac-troubleshoot-netext-mde.md @@ -0,0 +1,215 @@ +--- +title: Troubleshoot Network Extension issues in Microsoft Defender for Endpoint on Mac +description: Learn how to troubleshoot issues with the network extension (NetExt) that's installed as part of Microsoft Defender for Endpoint on macOS. +ms.service: defender-endpoint +author: denisebmsft +ms.author: deniseb +manager: deniseb +ms.reviewer: yongrhee +ms.localizationpriority: medium +audience: ITPro +ms.collection: +- m365-security +- tier3 +- mde-macos +ms.topic: conceptual +ms.subservice: macos +search.appverid: met150 +ms.date: 09/20/2024 +--- + +# Troubleshoot Network Extension (NetExt) issues in Defender for Endpoint on Mac + +[!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)] + +**Applies to:** + +- [Microsoft Defender for Endpoint on macOS](microsoft-defender-endpoint-mac.md) +- [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md) +- [Microsoft Defender for Endpoint Plan 1](microsoft-defender-endpoint.md) +- [Microsoft Defender XDR](/defender-xdr) + +> [!NOTE] +> You can submit feedback by opening Microsoft Defender for Endpoint on Mac on your device, and going to **Help** > **Send feedback**. Another option is to submit feedback via the Microsoft Defender portal. Go to [security.microsoft.com](https://security.microsoft.com), and selecting the **Give feedback** tab. + +## Overview + +This article provides information on how to troubleshoot issues with the network extension (NetExt) that's installed as part of Microsoft Defender for Endpoint on macOS. + +NetExt is used by [Network Protection](network-protection-macos.md) is enabled on Mac devices. + +**Symptom**: + +You might notice issues with network related latencies when using your browser or copying files over the network or using a chat/meeting application. + +**Temporary solution**: + +This article describes how to temporarily disable NetExt which will temporarily disable network protection, and resolve network stack-related issues by using Intune, JamF, or a manual process on Mac. + +At a high level, these are the steps to follow for [Intune](#intune-method) and [JamF](#jamf-method): + +1. Create a new "Devices with NetExt disabled" group. +2. Exclude that group from the existing NetExt configuration. +3. Assign the existing configuration to the "Devices with NetExt disabled" device group. + +The following sections describe these steps in more detail. + +## Intune method + +The following sections describe how to set up a new "Devices with NetExt disabled" device group, exclude it from the NetExt configuration, and then assign the existing configuration to your new device group. + +### Create a device group called "Devices with NetExt disabled" + +1. In the [Intune admin center](https://intune.microsoft.com), select **Groups**, and then select **New group**. + +2. Set up the device group as follows: + + - Group type: `Security` + - Group name: `Devices with NetExt disabled` + - Group description: Add a description. + - Membership type: `Assigned` + + Then select **Refresh**. + +3. Double-click on your new group `Devices with NetExt disabled`. + +4. Select **Members**, and then select **Add members**. + +5. On the **Devices** tab, select the devices for which you want to disable NetExt. Then click **Select**. + +6. Select **Refresh**. You should now be able to see your devices. + +### Exclude the "Devices with NetExt disabled" device group from the existing NetExt configuration + +1. In the [Intune admin center](https://intune.microsoft.com), select **Devices**. + +2. Under **By platform**, select **macOS**, and then select **Configuration**. + +3. Select your current policy for NetExt. For example, `NetFilter-prod-macOS-Default-MDE`. + +4. Next to **Assignments**, select **Edit**. + +5. Under **Excluded groups**, select **Add groups**, and then select the "Devices with NetExt disabled" device group. Then click **Select**. + +6. Select **Review + save**, and then select **Save**. + +### Assign the existing configuration to the "Devices with NetExt disabled" device group + +1. In the [Intune admin center](https://intune.microsoft.com), select **Devices**. + +2. Under **By platform**, select **macOS**, and then select **Configuration**. + +3. Select a current policy, such as your policy for Accessibility. For example, `Accessibility-prod-macOS-Default-MDE`. + +4. Next to **Assignments**, select **Edit**. + +5. Under **Add groups**, select the device group that you created earlier (for example, `Devices with NetExt disabled`). Then click **Select**. + +6. Select **Review + save**, and then select **Save**. + +7. Repeat this procedure for each of your existing policies for Defender for Endpoint on Mac. Examples include: + + - Auto-Update + - Background Services + - Behavior Monitoring + - Device Control + - Full Disk Access + - Network Protection + - Notifications + - Scheduled Scan + - Settings Preferences + - System Extensions + + > [!CAUTION] + > Do not repeat this procedure for NetExt. + + After you complete these steps, see if you're able to reproduce the issue. + +## JamF method + +The following sections describe how to create a new "Devices with NetExt disabled" group, exclude the group from the existing NetExt configuration, and then assign the existing configuration to the new group. + +### Create a "Devices with NetExt disabled" group + +1. In your JamF portal, select **Computers**, and then select **Static device groups**. + +2. Select **New**. + +3. On the **Computer Group** tab (default), under **Display name**, add the group name `Devices with NetExt disabled`. + +4. Select the **Assignments** tab. + +5. Select the devices select the devices for which you want to disable NetExt. Then select **Save**. + + Under **Computers - Static Computer Groups**, you should be able to see your new group. + +### Exclude your "Devices with NetExt disabled" group from the existing NetExt configuration + +1. In your JamF portal, select **Computers**, and then select **Configuration Profiles**. + +2. Select your current policy for NetExt. For example, `NetFilter-prod-macOS-Default-MDE`. + +3. On the **Scope** tab, select **Edit**. + +4. On the **Exclusions** tab, select **Add**, and then select **Computer Groups**. + +5. Find your "Devices with NetExt disabled" group, and then select **Add**. + +6. Select **Done**, and then select **Save**. + +### Assign the existing configuration to the "Devices with NetExt disabled" group + +1. In your JamF portal, select **Computers**, and then select **Configuration Profiles**. + +2. Select a current policy, such as one for Accessibility. For example, `Accessibility-prod-macOS-Default-MDE`. + +3. On the **Scope** tab, select **Edit**. + +4. On the **Targets** tab, select **Add**, and then select **Computer Groups**. + +5. Find your "Devices with NetExt disabled" group, and then select **Add**. + +6. Select **Done**, and then select **Save**. + +7. Repeat this procedure for each of your existing policies for Defender for Endpoint on Mac. Examples include: + + - Auto-Update + - Background Services + - Behavior Monitoring + - Device Control + - Full Disk Access + - Network Protection + - Notifications + - Scheduled Scan + - Settings Preferences + - System Extensions + + > [!CAUTION] + > Do not repeat this procedure for NetExt. + + After you complete these steps, see if you're able to reproduce the issue. + +## Manual method + +If you have Defender for Endpoint installed on your Mac, you can remove the NetExt extension temporarily by following these steps: + +1. On your Mac, open **System Settings**. + +2. Go to **General** > **Login items & Extensions**, and then scroll down until you see **Network Extensions**. There, you see the following extensions: + + - Microsoft Defender + - Microsoft Defender Network Extension + +3. Set the toggle to turn off Microsoft Defender Network Extension. Type your password, and then select **OK**. + +4. You should see the following message: + + `Note: Disabling the system extension will make sure that it will not be launched after reboot, but it does not guarantee that it will be terminated immediately.` + +5. Select **OK**, and then select **Done**. + + After you complete these steps, see if you're able to reproduce the issue. + +## See also + +[What's new in Microsoft Defender for Endpoint on Mac](mac-whatsnew.md) \ No newline at end of file diff --git a/defender-endpoint/mac-whatsnew.md b/defender-endpoint/mac-whatsnew.md index e63793668b..10e1d980a9 100644 --- a/defender-endpoint/mac-whatsnew.md +++ b/defender-endpoint/mac-whatsnew.md @@ -2,11 +2,11 @@ title: What's new in Microsoft Defender for Endpoint on Mac description: Learn about the major changes for previous versions of Microsoft Defender for Endpoint on Mac. ms.service: defender-endpoint -author: dansimp -ms.author: dansimp +author: deniseb +ms.author: deniseb manager: deniseb ms.localizationpriority: medium -ms.date: 08/27/2024 +ms.date: 09/20/2024 audience: ITPro ms.collection: - m365-security @@ -37,13 +37,15 @@ For more information on Microsoft Defender for Endpoint on other operating syste **Known issues** -Apple fixed an issue on macOS [Ventura upgrade](https://developer.apple.com/documentation/macos-release-notes/macos-13_1-release-notes), and [Sonoma upgrade](https://developer.apple.com/forums/thread/737824#773449022) with the latest OS update. The issue impacts Microsoft Defender for Endpoint security extensions, and might result in losing Full Disk Access Authorization, impacting its ability to function properly. +- Apple fixed an issue on macOS [Ventura upgrade](https://developer.apple.com/documentation/macos-release-notes/macos-13_1-release-notes) and macOS [Sonoma upgrade](https://developer.apple.com/forums/thread/737824#773449022) with the latest OS update. The issue impacts Microsoft Defender for Endpoint security extensions, and might result in losing Full Disk Access Authorization, impacting its ability to function properly. -In macOS Sonoma 14.3.1, Apple made a change to the [handling of Bluetooth devices](https://developer.apple.com/forums/thread/738748) that impacts Defender for Endpoint device controls ability to intercept and block access to Bluetooth devices. At this time, the recommended mitigation is to use a version of macOS less than 14.3.1. +- In macOS Sonoma 14.3.1, Apple made a change to the [handling of Bluetooth devices](https://developer.apple.com/forums/thread/738748) that impacts Defender for Endpoint device controls ability to intercept and block access to Bluetooth devices. At this time, the recommended mitigation is to use a version of macOS earlier than 14.3.1. + +- In macOS Sequoia (version 15.0), if you have Network Protection enabled, you might see crashes of the network extension (NetExt). This will result in intermittent network connectivity issues for end users. We are recommending that customers who have Network Protection enabled in their organization refrain from upgrading to Sequoia builds at this time. To work around the issue, see [Troubleshoot NetExt issues in Microsoft Defender for Endpoint on Mac](mac-troubleshoot-netext-mde.md). **Sequoia support** -Microsoft Defender supports macOS Sequoia (15) in the current Defender release. +Microsoft Defender is collaborating with Apple to provide our mutual customers a solution when Network Protection is enabled in Microsoft Defender for Endpoint on macOS Sequoia (version 15.0). **macOS Deprecation** @@ -87,7 +89,7 @@ Behavior monitoring monitors process behavior to detect and analyze potential th ##### What's new -- [[device control](mac-device-control-overview.md)] Secure Digital cards are not recognized on newer macOS +- [[device control](mac-device-control-overview.md)] Secure Digital cards aren't recognized on newer macOS - Bug and performance fixes ### May-2024 (Build: 101.24042.0008 | Release version: 20.124042.8.0) @@ -1022,11 +1024,9 @@ Live Response for macOS is now available for all Mac devices onboarded to Defend > [!CAUTION] > macOS 10.15 (Catalina) contains new security and privacy enhancements. Beginning with this version, by default, applications are not able to access certain locations on disk (such as Documents, Downloads, Desktop, etc.) without explicit consent. In the absence of this consent, Microsoft Defender for Endpoint is not able to fully protect your device. -> -> The mechanism for granting this consent depends on how you deployed Microsoft Defender for Endpoint: -> +> > The mechanism for granting this consent depends on how you deployed Microsoft Defender for Endpoint: > - For manual deployments, see the updated instructions in the [Manual deployment topic](mac-install-manually.md#allow-full-disk-access). -> - For managed deployments, see the updated instructions in the [JAMF-based deployment](mac-install-with-jamf.md) and [Microsoft Intune-based deployment](mac-install-with-intune.md#create-system-configuration-profiles) topics. +- For managed deployments, see the updated instructions in the [JAMF-based deployment](mac-install-with-jamf.md) and [Microsoft Intune-based deployment](mac-install-with-intune.md#create-system-configuration-profiles) articles. - Performance improvements & bug fixes diff --git a/defender-endpoint/machine-groups.md b/defender-endpoint/machine-groups.md index b5addfbd45..a98d56816b 100644 --- a/defender-endpoint/machine-groups.md +++ b/defender-endpoint/machine-groups.md @@ -2,8 +2,8 @@ title: Create and manage device groups in Microsoft Defender for Endpoint description: Create device groups and set automated remediation levels on them by confirming the rules that apply on the group ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/machine-tags.md b/defender-endpoint/machine-tags.md index c5c2efc423..6a2be81dd4 100644 --- a/defender-endpoint/machine-tags.md +++ b/defender-endpoint/machine-tags.md @@ -2,8 +2,8 @@ title: Create and manage device tags description: Use device tags to group devices to capture context and enable dynamic list creation as part of an incident ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/machines-view-overview.md b/defender-endpoint/machines-view-overview.md index 74865b05da..0d4df43d71 100644 --- a/defender-endpoint/machines-view-overview.md +++ b/defender-endpoint/machines-view-overview.md @@ -2,8 +2,8 @@ title: Device inventory description: Learn about the available features that you can use from the Devices list such as sorting, filtering, and exporting the list to enhance investigations. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.reviewer: yongrhee ms.localizationpriority: medium manager: deniseb diff --git a/defender-endpoint/manage-alerts.md b/defender-endpoint/manage-alerts.md index 02cdf426e5..8682434b22 100644 --- a/defender-endpoint/manage-alerts.md +++ b/defender-endpoint/manage-alerts.md @@ -2,8 +2,8 @@ title: Manage Microsoft Defender for Endpoint alerts description: Change the status of alerts, create suppression rules to hide alerts, submit comments, and review change history for individual alerts with the Manage Alert menu. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/manage-auto-investigation.md b/defender-endpoint/manage-auto-investigation.md index 463b325c1e..ba613abfe2 100644 --- a/defender-endpoint/manage-auto-investigation.md +++ b/defender-endpoint/manage-auto-investigation.md @@ -2,8 +2,8 @@ title: Review remediation actions following automated investigations description: Review and approve (or reject) remediation actions following an automated investigation. ms.service: defender-endpoint -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.localizationpriority: medium ms.date: 07/13/2023 manager: deniseb diff --git a/defender-endpoint/manage-automation-folder-exclusions.md b/defender-endpoint/manage-automation-folder-exclusions.md index cd8b4359fb..f7f342b49f 100644 --- a/defender-endpoint/manage-automation-folder-exclusions.md +++ b/defender-endpoint/manage-automation-folder-exclusions.md @@ -2,8 +2,8 @@ title: Manage automation folder exclusions description: Add automation folder exclusions to control the files that are excluded from an automated investigation. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/manage-event-based-updates-microsoft-defender-antivirus.md b/defender-endpoint/manage-event-based-updates-microsoft-defender-antivirus.md index 292cfe1391..40c4a6125f 100644 --- a/defender-endpoint/manage-event-based-updates-microsoft-defender-antivirus.md +++ b/defender-endpoint/manage-event-based-updates-microsoft-defender-antivirus.md @@ -4,8 +4,8 @@ description: Manage how Microsoft Defender Antivirus applies security intelligen ms.service: defender-endpoint ms.localizationpriority: medium ms.topic: conceptual -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.custom: nextgen ms.date: 02/27/2024 ms.reviewer: pahuijbr diff --git a/defender-endpoint/manage-gradual-rollout.md b/defender-endpoint/manage-gradual-rollout.md index aa93d7437c..d9d7226bdf 100644 --- a/defender-endpoint/manage-gradual-rollout.md +++ b/defender-endpoint/manage-gradual-rollout.md @@ -4,8 +4,8 @@ description: Learn about the gradual update process and controls. ms.service: defender-endpoint f1.keywords: - NOCSH -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/manage-incidents.md b/defender-endpoint/manage-incidents.md index afe2b4bbcb..f8ca9a6fe7 100644 --- a/defender-endpoint/manage-incidents.md +++ b/defender-endpoint/manage-incidents.md @@ -3,8 +3,8 @@ title: Manage Microsoft Defender for Endpoint incidents description: Manage incidents by assigning it, updating its status, or setting its classification. search.appverid: met150 ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/manage-outdated-endpoints-microsoft-defender-antivirus.md b/defender-endpoint/manage-outdated-endpoints-microsoft-defender-antivirus.md index b746887760..b1ba8c41ff 100644 --- a/defender-endpoint/manage-outdated-endpoints-microsoft-defender-antivirus.md +++ b/defender-endpoint/manage-outdated-endpoints-microsoft-defender-antivirus.md @@ -4,8 +4,8 @@ description: Define when and how updates should be applied for endpoints that ha ms.service: defender-endpoint ms.localizationpriority: medium ms.topic: conceptual -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.custom: nextgen ms.reviewer: manager: deniseb diff --git a/defender-endpoint/manage-profiles-approve-sys-extensions-intune.md b/defender-endpoint/manage-profiles-approve-sys-extensions-intune.md index 4e428c89fc..4774add833 100644 --- a/defender-endpoint/manage-profiles-approve-sys-extensions-intune.md +++ b/defender-endpoint/manage-profiles-approve-sys-extensions-intune.md @@ -2,8 +2,8 @@ title: Manage profiles and approve extensions using Intune description: Manage profiles and approve extensions using Intune for Microsoft Defender for Endpoint to work properly on macOS. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/manage-protection-update-schedule-microsoft-defender-antivirus.md b/defender-endpoint/manage-protection-update-schedule-microsoft-defender-antivirus.md index 1796068f45..4946dc3e52 100644 --- a/defender-endpoint/manage-protection-update-schedule-microsoft-defender-antivirus.md +++ b/defender-endpoint/manage-protection-update-schedule-microsoft-defender-antivirus.md @@ -6,8 +6,8 @@ search.appverid: met150 ms.localizationpriority: medium ms.date: 12/20/2022 ms.topic: conceptual -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.custom: nextgen ms.reviewer: pahuijbr manager: deniseb diff --git a/defender-endpoint/manage-security-policies.md b/defender-endpoint/manage-security-policies.md index 8ee86e1b63..b0947a2832 100644 --- a/defender-endpoint/manage-security-policies.md +++ b/defender-endpoint/manage-security-policies.md @@ -2,8 +2,8 @@ title: Manage endpoint security policies in Microsoft Defender for Endpoint description: Learn how to set windows, mac, and linux endpoint security policies such as antivirus, firewall, endpoint detection and response in Microsoft Defender for Endpoint. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/manage-suppression-rules.md b/defender-endpoint/manage-suppression-rules.md index fdb78ff1f9..2434303ac6 100644 --- a/defender-endpoint/manage-suppression-rules.md +++ b/defender-endpoint/manage-suppression-rules.md @@ -2,8 +2,8 @@ title: Manage Microsoft Defender for Endpoint suppression rules description: You might need to prevent alerts from appearing in the portal by using suppression rules. Learn how to manage your suppression rules in Microsoft Defender for Endpoint. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/manage-sys-extensions-manual-deployment.md b/defender-endpoint/manage-sys-extensions-manual-deployment.md index 7277d48940..06daef93ee 100644 --- a/defender-endpoint/manage-sys-extensions-manual-deployment.md +++ b/defender-endpoint/manage-sys-extensions-manual-deployment.md @@ -2,8 +2,8 @@ title: Manage system extensions using the manual methods of deployment description: Manage system extensions using the manual methods of deployment. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/manage-sys-extensions-using-jamf.md b/defender-endpoint/manage-sys-extensions-using-jamf.md index 10a139718a..ea74e7c3c8 100644 --- a/defender-endpoint/manage-sys-extensions-using-jamf.md +++ b/defender-endpoint/manage-sys-extensions-using-jamf.md @@ -2,8 +2,8 @@ title: Manage system extensions using Jamf description: Manage system extensions using Jamf for Microsoft Defender for Endpoint to work properly on macOS. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/manage-tamper-protection-configuration-manager.md b/defender-endpoint/manage-tamper-protection-configuration-manager.md index 51a50efd7e..375fce7561 100644 --- a/defender-endpoint/manage-tamper-protection-configuration-manager.md +++ b/defender-endpoint/manage-tamper-protection-configuration-manager.md @@ -8,8 +8,8 @@ ms.localizationpriority: medium ms.date: 09/05/2023 audience: ITPro ms.topic: conceptual -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.custom: - nextgen - admindeeplinkDEFENDER diff --git a/defender-endpoint/manage-tamper-protection-individual-device.md b/defender-endpoint/manage-tamper-protection-individual-device.md index 330835da7e..c31bc53430 100644 --- a/defender-endpoint/manage-tamper-protection-individual-device.md +++ b/defender-endpoint/manage-tamper-protection-individual-device.md @@ -8,8 +8,8 @@ ms.localizationpriority: medium ms.date: 10/24/2023 audience: ITPro ms.topic: conceptual -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.custom: - nextgen - admindeeplinkDEFENDER diff --git a/defender-endpoint/manage-tamper-protection-intune.md b/defender-endpoint/manage-tamper-protection-intune.md index 29b0634ba8..a5bc9048df 100644 --- a/defender-endpoint/manage-tamper-protection-intune.md +++ b/defender-endpoint/manage-tamper-protection-intune.md @@ -8,8 +8,8 @@ ms.localizationpriority: medium ms.date: 08/15/2024 audience: ITPro ms.topic: how-to -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.custom: - nextgen - admindeeplinkDEFENDER diff --git a/defender-endpoint/manage-tamper-protection-microsoft-365-defender.md b/defender-endpoint/manage-tamper-protection-microsoft-365-defender.md index ad687f637f..0784960880 100644 --- a/defender-endpoint/manage-tamper-protection-microsoft-365-defender.md +++ b/defender-endpoint/manage-tamper-protection-microsoft-365-defender.md @@ -8,8 +8,8 @@ ms.localizationpriority: medium ms.date: 10/24/2023 audience: ITPro ms.topic: conceptual -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.custom: - nextgen - admindeeplinkDEFENDER diff --git a/defender-endpoint/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md b/defender-endpoint/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md index 698ca27529..693b7ba976 100644 --- a/defender-endpoint/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md +++ b/defender-endpoint/manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md @@ -4,8 +4,8 @@ description: Manage how mobile devices, such as laptops, should be updated with ms.service: defender-endpoint ms.localizationpriority: medium ms.topic: conceptual -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.custom: nextgen ms.reviewer: manager: deniseb diff --git a/defender-endpoint/mde-p1-setup-configuration.md b/defender-endpoint/mde-p1-setup-configuration.md index d7d8aa8b1e..341802367d 100644 --- a/defender-endpoint/mde-p1-setup-configuration.md +++ b/defender-endpoint/mde-p1-setup-configuration.md @@ -2,8 +2,8 @@ title: Set up and configure Microsoft Defender for Endpoint Plan 1 description: Learn how to set up and configure Defender for Endpoint Plan 1. Review the requirements, plan your rollout, and set up your environment. search.appverid: MET150 -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb audience: ITPro ms.topic: overview diff --git a/defender-endpoint/mde-plan1-getting-started.md b/defender-endpoint/mde-plan1-getting-started.md index f4d7429d3e..95df68cfe0 100644 --- a/defender-endpoint/mde-plan1-getting-started.md +++ b/defender-endpoint/mde-plan1-getting-started.md @@ -2,8 +2,8 @@ title: Get started with Microsoft Defender for Endpoint Plan 1 description: Get started using Defender for Endpoint Plan 1. Learn how to use the Microsoft Defender portal, manage alerts and devices, and view reports. search.appverid: MET150 -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb audience: ITPro ms.topic: overview diff --git a/defender-endpoint/mde-planning-guide.md b/defender-endpoint/mde-planning-guide.md index 7d405e57bb..334b8f37d7 100644 --- a/defender-endpoint/mde-planning-guide.md +++ b/defender-endpoint/mde-planning-guide.md @@ -2,8 +2,8 @@ title: Get started with your Microsoft Defender for Endpoint deployment description: Learn how to get started with the deploy, setup, licensing validation, tenant configuration, network configuration stages. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/mde-sdp-strategy.md b/defender-endpoint/mde-sdp-strategy.md index f4b3eeeef4..5f6a6a8a55 100644 --- a/defender-endpoint/mde-sdp-strategy.md +++ b/defender-endpoint/mde-sdp-strategy.md @@ -2,8 +2,8 @@ title: Use safe deployment practices to safeguard your environment description: Plan, implement, adopt, and manage safe deployment practices to safeguard and manage your environment keywords: mde safe deployment practices -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb ms.date: 09/16/2024 ms.topic: conceptual @@ -35,7 +35,7 @@ Defender for Endpoint’s kernel drivers capture system-wide signals like proces The process for rolling out software and driver updates for Defender for Endpoint is shown in this image: -:::image type="content" alt-text="process for rolling out software and driver updates for Defender for Endpoint" source="/defender/media/defender-endpoint/mde-software-driver-updates.png" lightbox="/defender/media/defender-endpoint/mde-software-driver-updates.png"::: +:::image type="content" alt-text="Screenshot that shows the process for rolling out software and driver updates for Defender for Endpoint." source="/defender/media/defender-endpoint/mde-software-driver-updates.png" lightbox="/defender/media/defender-endpoint/mde-software-driver-updates.png"::: ### Microsoft SDP for monthly updates diff --git a/defender-endpoint/mde-sec-ops-guide.md b/defender-endpoint/mde-sec-ops-guide.md index 61ec72dc58..63a14385c4 100644 --- a/defender-endpoint/mde-sec-ops-guide.md +++ b/defender-endpoint/mde-sec-ops-guide.md @@ -8,8 +8,8 @@ ms.localizationpriority: medium ms.date: 02/07/2023 audience: ITPro ms.topic: conceptual -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.custom: - nextgen - admindeeplinkDEFENDER diff --git a/defender-endpoint/microsoft-cloud-app-security-config.md b/defender-endpoint/microsoft-cloud-app-security-config.md index e7e2998ab1..0722115ed8 100644 --- a/defender-endpoint/microsoft-cloud-app-security-config.md +++ b/defender-endpoint/microsoft-cloud-app-security-config.md @@ -4,8 +4,8 @@ ms.reviewer: description: Learn how to turn on the settings to enable the Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud Apps. ms.service: defender-endpoint ms.subservice: onboard -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/microsoft-cloud-app-security-integration.md b/defender-endpoint/microsoft-cloud-app-security-integration.md index 4b0d0945ff..136ce7cd0b 100644 --- a/defender-endpoint/microsoft-cloud-app-security-integration.md +++ b/defender-endpoint/microsoft-cloud-app-security-integration.md @@ -4,8 +4,8 @@ ms.reviewer: description: Microsoft Defender for Endpoint integrates with Defender for Cloud Apps by forwarding all cloud app networking activities. ms.service: defender-endpoint ms.subservice: onboard -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/microsoft-defender-antivirus-compatibility.md b/defender-endpoint/microsoft-defender-antivirus-compatibility.md index 77525d0a8e..c1230236f8 100644 --- a/defender-endpoint/microsoft-defender-antivirus-compatibility.md +++ b/defender-endpoint/microsoft-defender-antivirus-compatibility.md @@ -4,10 +4,10 @@ description: Learn about Microsoft Defender Antivirus with other security produc ms.service: defender-endpoint ms.subservice: ngp ms.localizationpriority: medium -ms.date: 09/07/2024 +ms.date: 09/18/2024 ms.topic: conceptual -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.custom: - nextgen - partner-contribution @@ -128,7 +128,8 @@ In order for Microsoft Defender Antivirus to run in passive mode, endpoints must - Operating system: Windows 10 or newer; Windows Server 2022, Windows Server 2019, or Windows Server, version 1803, or newer
(Windows Server 2012 R2 and Windows Server 2016 if onboarded using the [modern, unified solution](configure-server-endpoints.md)). - Microsoft Defender Antivirus must be installed. -- Another non-Microsoft antivirus/antimalware product must be installed and used as the primary antivirus solution. +- Another non-Microsoft antivirus/antimalware product must be installed and used as the primary antivirus solution. ([Add Microsoft Defender for Endpoint to your exclusion list for your existing solution](/defender-endpoint/switch-to-mde-phase-2)). + - Endpoints must be onboarded to Defender for Endpoint. > [!IMPORTANT] diff --git a/defender-endpoint/microsoft-defender-antivirus-on-windows-server.md b/defender-endpoint/microsoft-defender-antivirus-on-windows-server.md index b8757ef8b0..a7d29678ee 100644 --- a/defender-endpoint/microsoft-defender-antivirus-on-windows-server.md +++ b/defender-endpoint/microsoft-defender-antivirus-on-windows-server.md @@ -4,8 +4,8 @@ description: Learn how to enable and configure Microsoft Defender Antivirus on W ms.service: defender-endpoint ms.subservice: ngp ms.localizationpriority: medium -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.reviewer: pahuijbr manager: deniseb ms.topic: conceptual diff --git a/defender-endpoint/microsoft-defender-antivirus-pilot-ring-deployment-group-policy-wsus.md b/defender-endpoint/microsoft-defender-antivirus-pilot-ring-deployment-group-policy-wsus.md index 1033902afe..739ba9c6ac 100644 --- a/defender-endpoint/microsoft-defender-antivirus-pilot-ring-deployment-group-policy-wsus.md +++ b/defender-endpoint/microsoft-defender-antivirus-pilot-ring-deployment-group-policy-wsus.md @@ -2,8 +2,8 @@ title: Pilot ring deployment using Group Policy and Windows Server Update Services description: Microsoft Defender Antivirus is an enterprise endpoint security platform that helps defend against advanced persistent threats. This article provides information about how to use a ring deployment method to update your Microsoft Defender Antivirus pilot clients using Group Policy and Windows Server Update Services (WSUS). ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: high manager: deniseb audience: ITPro diff --git a/defender-endpoint/microsoft-defender-antivirus-production-ring-deployment-group-policy-wsus.md b/defender-endpoint/microsoft-defender-antivirus-production-ring-deployment-group-policy-wsus.md index 5a4909ac19..4d1452c7c2 100644 --- a/defender-endpoint/microsoft-defender-antivirus-production-ring-deployment-group-policy-wsus.md +++ b/defender-endpoint/microsoft-defender-antivirus-production-ring-deployment-group-policy-wsus.md @@ -2,8 +2,8 @@ title: Production ring deployment using Group Policy and Windows Server Update Services description: Microsoft Defender Antivirus is an enterprise endpoint security platform that helps defend against advanced persistent threats. This article provides information about how to use a ring deployment method to update your Microsoft Defender Antivirus production clients using Group Policy and Windows Server Update Services (WSUS). ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: high manager: deniseb audience: ITPro diff --git a/defender-endpoint/microsoft-defender-antivirus-ring-deployment-group-policy-microsoft-update.md b/defender-endpoint/microsoft-defender-antivirus-ring-deployment-group-policy-microsoft-update.md index 5e9e264ea1..a04e1fe62a 100644 --- a/defender-endpoint/microsoft-defender-antivirus-ring-deployment-group-policy-microsoft-update.md +++ b/defender-endpoint/microsoft-defender-antivirus-ring-deployment-group-policy-microsoft-update.md @@ -2,8 +2,8 @@ title: Production ring deployment using Group Policy and Microsoft Update (MU) description: Microsoft Defender Antivirus is an enterprise endpoint security platform that helps defend against advanced persistent threats. This article provides information about how to use a ring deployment method to update your Microsoft Defender Antivirus clients using Group Policy and Microsoft Update (MU). ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: high manager: deniseb audience: ITPro diff --git a/defender-endpoint/microsoft-defender-antivirus-ring-deployment-group-policy-network-share.md b/defender-endpoint/microsoft-defender-antivirus-ring-deployment-group-policy-network-share.md index 07e444a3e3..0ccd8768ad 100644 --- a/defender-endpoint/microsoft-defender-antivirus-ring-deployment-group-policy-network-share.md +++ b/defender-endpoint/microsoft-defender-antivirus-ring-deployment-group-policy-network-share.md @@ -2,8 +2,8 @@ title: Production ring deployment using Group Policy and network share description: Microsoft Defender Antivirus is an enterprise endpoint security platform that helps defend against advanced persistent threats. This article provides information about how to use a ring deployment method to update your Microsoft Defender Antivirus clients using Group Policy over a network share. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.reviewer: yongrhee ms.localizationpriority: high manager: deniseb diff --git a/defender-endpoint/microsoft-defender-antivirus-ring-deployment-group-policy-wsus-appendices.md b/defender-endpoint/microsoft-defender-antivirus-ring-deployment-group-policy-wsus-appendices.md index 58c99b6f7c..04148d8329 100644 --- a/defender-endpoint/microsoft-defender-antivirus-ring-deployment-group-policy-wsus-appendices.md +++ b/defender-endpoint/microsoft-defender-antivirus-ring-deployment-group-policy-wsus-appendices.md @@ -2,8 +2,8 @@ title: Appendices for ring deployment using Group Policy and Windows Server Update Services (WSUS) description: Microsoft Defender for Endpoint is an enterprise endpoint security platform that helps defend against advanced persistent threats. This article provides supplemental information to the Microsoft Defender Antivirus Group Policy WSUS ring deployment guide. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: high manager: deniseb audience: ITPro diff --git a/defender-endpoint/microsoft-defender-antivirus-ring-deployment-intune-microsoft-update.md b/defender-endpoint/microsoft-defender-antivirus-ring-deployment-intune-microsoft-update.md index c06434db46..8974134b60 100644 --- a/defender-endpoint/microsoft-defender-antivirus-ring-deployment-intune-microsoft-update.md +++ b/defender-endpoint/microsoft-defender-antivirus-ring-deployment-intune-microsoft-update.md @@ -2,8 +2,8 @@ title: Ring deployment using Intune and Microsoft Update (MU) description: Microsoft Defender Antivirus is an enterprise endpoint security platform that helps defend against advanced persistent threats. This article provides information about how to use a ring deployment method to update your Microsoft Defender Antivirus clients using Intune and Microsoft Update (MU). ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.reviewer: yongrhee ms.localizationpriority: high manager: deniseb diff --git a/defender-endpoint/microsoft-defender-antivirus-ring-deployment-sscm-wsus.md b/defender-endpoint/microsoft-defender-antivirus-ring-deployment-sscm-wsus.md index 3e6870a55f..2edc71d909 100644 --- a/defender-endpoint/microsoft-defender-antivirus-ring-deployment-sscm-wsus.md +++ b/defender-endpoint/microsoft-defender-antivirus-ring-deployment-sscm-wsus.md @@ -2,8 +2,8 @@ title: Ring deployment using System Center Configuration Manager and Windows Server Update Services description: Microsoft Defender Antivirus is an enterprise endpoint security platform that helps defend against advanced persistent threats. This article provides information about how to use a ring deployment method to update your Microsoft Defender Antivirus clients using System Center Configuration Manager (SCCM) and Windows Server Update Services (WSUS). ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: high manager: deniseb audience: ITPro diff --git a/defender-endpoint/microsoft-defender-antivirus-ring-deployment.md b/defender-endpoint/microsoft-defender-antivirus-ring-deployment.md index ed62412bec..a9989f45aa 100644 --- a/defender-endpoint/microsoft-defender-antivirus-ring-deployment.md +++ b/defender-endpoint/microsoft-defender-antivirus-ring-deployment.md @@ -2,8 +2,8 @@ title: Microsoft Defender Antivirus ring deployment guide overview description: Microsoft Defender Antivirus is an enterprise endpoint security platform that helps defend against advanced persistent threats. This article provides an overview about how to use ring deployment methods to update your Microsoft Defender Antivirus clients. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: high manager: deniseb audience: ITPro diff --git a/defender-endpoint/microsoft-defender-antivirus-updates.md b/defender-endpoint/microsoft-defender-antivirus-updates.md index 91851327ea..79cf309860 100644 --- a/defender-endpoint/microsoft-defender-antivirus-updates.md +++ b/defender-endpoint/microsoft-defender-antivirus-updates.md @@ -3,11 +3,11 @@ title: Microsoft Defender Antivirus security intelligence and product updates description: Manage how Microsoft Defender Antivirus receives protection and product updates. ms.service: defender-endpoint ms.localizationpriority: high -ms.date: 08/12/2024 +ms.date: 09/19/2024 audience: ITPro ms.topic: reference -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.custom: nextgen ms.reviewer: pahuijbr, tudobril, yongrhee manager: deniseb @@ -108,11 +108,11 @@ All our updates contain: ### What's new -- Added a new parameter to get-mppreference cmdlet (ControlledFolderAccessDefaultProtectedFolders) to show default protected folders for Controlled Folder Access (CFA). -- Fixed an issue with Device Control regarding printer security checks. -- Resolved an issue with platform rollback after an upgrade from Windows 10 to 11. +- Added a new parameter (`ControlledFolderAccessDefaultProtectedFolders`) to [Get-MpPreference](/powershell/module/defender/get-mppreference) cmdlet to show default protected folders for [controlled folder access](enable-controlled-folders.md). +- Fixed an issue with device control regarding printer security checks. +- Resolved an issue with platform rollback after an upgrade from Windows 10 to Windows 11. - Fixed an issue where volume exclusions weren't properly enforced in real-time protection after the completion of OOBE. -- Removed support for Windows RT devices, for example, Surface RT, that use 32-bit ARM processors and have reached their end-of-servicing date. +- Removed support for Windows RT devices, like Surface RT, that use 32-bit ARM processors and have reached their end-of-servicing date. ### July-2024 (Platform: 4.18.24070.5 | Engine: 1.1.24070.3) @@ -125,11 +125,11 @@ All our updates contain: ### What's new - False positive detections are no longer reported as `ThreatNotFound` in the Microsoft Defender portal. -- Optimized Network Protection calls to the backend that occur as a result of suspicious connection checks. -- Fixed the [PerformanceModeStatus](/windows/client-management/mdm/defender-csp#configurationperformancemodestatus) configuration key in Defender CSP so changing this value in the console takes effect on the endpoint. -- Resolved an issue where File Evidence Location was not always captured in scenarios where the Remote Location is inaccessible. -- New event log added (5016) to report Microsoft Defender Antivirus self-healed when a deadlock is detected during shutdown. -- Fixed a prioritization issue with full scans initiated from the portal that resulted in longer than expected full scan duration. +- Optimized [network protection](network-protection.md) calls to the backend that occur as a result of suspicious connection checks. +- Fixed the [PerformanceModeStatus](/windows/client-management/mdm/defender-csp#configurationperformancemodestatus) configuration key in the [Defender CSP](/windows/client-management/mdm/defender-csp) so that changing this value in the console takes effect on the endpoint. +- Resolved an issue where file evidence location was not always captured in scenarios where the remote location is inaccessible. +- New event log added (`5016`) to report Microsoft Defender Antivirus self-healed when a deadlock is detected during shutdown. +- Fixed a prioritization issue with [full scans](mdav-scan-best-practices.md) initiated from the portal that resulted in longer than expected full scan duration. ### June-2024 (Platform: 4.18.24060.7 | Engine: 1.1.24060.5) @@ -151,21 +151,6 @@ All our updates contain: - Fixed an issue where an Outlook exclusion for the ASR rule [Block Office applications from injecting code into other processes](/defender-endpoint/attack-surface-reduction-rules-reference#block-office-applications-from-injecting-code-into-other-processes) was not honored. - Fixed a race condition during the startup of [endpoint data loss prevention](/purview/endpoint-dlp-getting-started) such that, in certain environments, some system files could be corrupted. -### May-2024 (Engine: 1.1.24050.5 | Platform: 4.18.24050.7) - -- Security intelligence update version: **1.413.1.0** -- Release date: **May 30, 2024** (Engine) / **June 4, 2024** (Platform) -- Engine: **1.1.24050.5** -- Platform: **4.18.24050.7** -- Support phase: **Security and Critical Updates** - -#### What's new - -- Improved performance when running configuration queries. -- Optimized how scans are prioritized. -- Fixed a crash caused by a race condition with a device control driver. -- Added Event Viewer Logging for scan start event where the scan originates from PowerShell. - ### Previous version updates: Technical upgrade support only After a new package version is released, support for the previous two versions is reduced to technical support only. For more information about previous versions, see [Microsoft Defender Antivirus updates: Previous versions for technical upgrade support](msda-updates-previous-versions-technical-upgrade-support.md). @@ -228,14 +213,13 @@ Updates are released for x86, x64, and ARM64 Windows architecture. For more information, see [Microsoft Defender update for Windows operating system installation images](https://support.microsoft.com/help/4568292/defender-update-for-windows-operating-system-installation-images). -After a new package version is released, support for the previous two versions is reduced to technical support only. To view a list of previous versions, see [Previous DISM updates (no longer supported)](msda-updates-previous-versions-technical-upgrade-support.md#previous-dism-updates-no-longer-supported). +After a new package version is released, support for the previous two versions is reduced to technical support only. To view a list of previous versions, see [Previous DISM updates](msda-updates-previous-versions-technical-upgrade-support.md#previous-dism-updates-no-longer-supported). -### 1.415.295.0 +### 1.417.472.0 -- Defender package version: `1.415.295.0` -- Security intelligence version: `1.415.295.0` -- Engine version: `1.24070.1` -- Platform version: `4.18.24070.5` +- Defender package version: `1.417.472.0` +- Security intelligence version: `1.417.472.0` +- Engine version: `1.24080.9` #### Fixes @@ -245,10 +229,10 @@ After a new package version is released, support for the previous two versions i - None -### 1.415.235.0 +### 1.415.295.0 -- Defender package version: `1.415.235.0` -- Security intelligence version: `1.415.235.0` +- Defender package version: `1.415.295.0` +- Security intelligence version: `1.415.295.0` - Engine version: `1.24070.1` - Platform version: `4.18.24070.5` @@ -260,12 +244,12 @@ After a new package version is released, support for the previous two versions i - None -### 1.411.111.0 +### 1.415.235.0 -- Defender package version: `1.411.111.0` -- Security intelligence version: `1.411.111.0` -- Engine version: `1.24050.2` -- Platform version: `4.18.24050.7` +- Defender package version: `1.415.235.0` +- Security intelligence version: `1.415.235.0` +- Engine version: `1.24070.1` +- Platform version: `4.18.24070.5` #### Fixes diff --git a/defender-endpoint/microsoft-defender-antivirus-using-powershell.md b/defender-endpoint/microsoft-defender-antivirus-using-powershell.md index 6f883a06d6..39701fd12d 100644 --- a/defender-endpoint/microsoft-defender-antivirus-using-powershell.md +++ b/defender-endpoint/microsoft-defender-antivirus-using-powershell.md @@ -4,8 +4,8 @@ description: Businesses of all sizes can use this guide to evaluate and test the ms.service: defender-endpoint ms.localizationpriority: medium ms.topic: conceptual -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.custom: nextgen ms.date: 10/18/2018 ms.reviewer: diff --git a/defender-endpoint/microsoft-defender-antivirus-windows.md b/defender-endpoint/microsoft-defender-antivirus-windows.md index b3bb97dee1..d2ca713d80 100644 --- a/defender-endpoint/microsoft-defender-antivirus-windows.md +++ b/defender-endpoint/microsoft-defender-antivirus-windows.md @@ -5,8 +5,8 @@ ms.service: defender-endpoint ms.localizationpriority: high ms.date: 05/02/2024 ms.topic: conceptual -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.reviewer: mkaminska, yonghree, pahuijbr manager: deniseb ms.custom: nextgen @@ -80,8 +80,8 @@ The following table describes what to expect when Microsoft Defender Antivirus i | Mode | What happens | |---|---| | Active mode | In active mode, Microsoft Defender Antivirus is used as the primary antivirus app on the device. Files are scanned, threats are remediated, and detected threats are listed in your organization's security reports and in your Windows Security app. | -| Passive mode | In passive mode, Microsoft Defender Antivirus is not used as the primary antivirus app on the device. Files are scanned, and detected threats are reported, but threats are not remediated by Microsoft Defender Antivirus.

**IMPORTANT**: Microsoft Defender Antivirus can run in passive mode only on endpoints that are onboarded to Microsoft Defender for Endpoint. See [Requirements for Microsoft Defender Antivirus to run in passive mode](microsoft-defender-antivirus-compatibility.md#requirements-for-microsoft-defender-antivirus-to-run-in-passive-mode). | -| Disabled or uninstalled | When disabled or uninstalled, Microsoft Defender Antivirus is not used. Files are not scanned, and threats are not remediated. In general, we do not recommend disabling or uninstalling Microsoft Defender Antivirus. | +| Passive mode | In passive mode, Microsoft Defender Antivirus isn't used as the primary antivirus app on the device. Files are scanned, and detected threats are reported, but threats aren't remediated by Microsoft Defender Antivirus.

**IMPORTANT**: Microsoft Defender Antivirus can run in passive mode only on endpoints that are onboarded to Microsoft Defender for Endpoint. See [Requirements for Microsoft Defender Antivirus to run in passive mode](microsoft-defender-antivirus-compatibility.md#requirements-for-microsoft-defender-antivirus-to-run-in-passive-mode). | +| Disabled or uninstalled | When disabled or uninstalled, Microsoft Defender Antivirus isn't used. Files aren't scanned, and threats aren't remediated. In general, we don't recommend disabling or uninstalling Microsoft Defender Antivirus. | To learn more, see [Microsoft Defender Antivirus compatibility](microsoft-defender-antivirus-compatibility.md). @@ -117,9 +117,9 @@ You'll see the name of your antivirus/antimalware solution on the security provi - **Normal** means Microsoft Defender Antivirus is running in active mode. - - **Passive mode** means Microsoft Defender Antivirus running, but is not the primary antivirus/antimalware product on your device. Passive mode is only available for devices that are onboarded to Microsoft Defender for Endpoint and that meet certain requirements. To learn more, see [Requirements for Microsoft Defender Antivirus to run in passive mode](microsoft-defender-antivirus-compatibility.md#requirements-for-microsoft-defender-antivirus-to-run-in-passive-mode). + - **Passive mode** means Microsoft Defender Antivirus running, but isn't the primary antivirus/antimalware product on your device. Passive mode is only available for devices that are onboarded to Microsoft Defender for Endpoint and that meet certain requirements. To learn more, see [Requirements for Microsoft Defender Antivirus to run in passive mode](microsoft-defender-antivirus-compatibility.md#requirements-for-microsoft-defender-antivirus-to-run-in-passive-mode). - - **EDR Block Mode** means Microsoft Defender Antivirus is running and [Endpoint detection and response (EDR) in block mode](edr-in-block-mode.md), a capability in Microsoft Defender for Endpoint, is enabled. Check the **ForceDefenderPassiveMode** registry key. If its value is 0, it is running in normal mode; otherwise, it is running in passive mode. + - **EDR Block Mode** means Microsoft Defender Antivirus is running and [Endpoint detection and response (EDR) in block mode](edr-in-block-mode.md), a capability in Microsoft Defender for Endpoint, is enabled. Check the **ForceDefenderPassiveMode** registry key. If its value is 0, it's running in normal mode; otherwise, it's running in passive mode. - **SxS Passive Mode** means Microsoft Defender Antivirus is running alongside another antivirus/antimalware product, and [limited periodic scanning is used](limited-periodic-scanning-microsoft-defender-antivirus.md). diff --git a/defender-endpoint/microsoft-defender-endpoint-android.md b/defender-endpoint/microsoft-defender-endpoint-android.md index ab430c55d8..966a451d8e 100644 --- a/defender-endpoint/microsoft-defender-endpoint-android.md +++ b/defender-endpoint/microsoft-defender-endpoint-android.md @@ -3,8 +3,8 @@ title: Microsoft Defender for Endpoint on Android ms.reviewer: description: Describes how to install and use Microsoft Defender for Endpoint on Android ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/microsoft-defender-endpoint-ios.md b/defender-endpoint/microsoft-defender-endpoint-ios.md index c9108cce6d..38b59c7e14 100644 --- a/defender-endpoint/microsoft-defender-endpoint-ios.md +++ b/defender-endpoint/microsoft-defender-endpoint-ios.md @@ -3,8 +3,8 @@ title: Microsoft Defender for Endpoint on iOS ms.reviewer: description: Describes how to install and use Microsoft Defender for Endpoint on iOS ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/microsoft-defender-endpoint-linux.md b/defender-endpoint/microsoft-defender-endpoint-linux.md index 3047740503..c4846806a1 100644 --- a/defender-endpoint/microsoft-defender-endpoint-linux.md +++ b/defender-endpoint/microsoft-defender-endpoint-linux.md @@ -3,8 +3,8 @@ title: Microsoft Defender for Endpoint on Linux ms.reviewer: gopkr, pahuijbr, megphapriya description: Describes how to install and use Microsoft Defender for Endpoint on Linux. ms.service: defender-endpoint -ms.author: dansimp -author: dansimp +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/microsoft-defender-endpoint-mac.md b/defender-endpoint/microsoft-defender-endpoint-mac.md index 2a6f235f23..936fed8e3a 100644 --- a/defender-endpoint/microsoft-defender-endpoint-mac.md +++ b/defender-endpoint/microsoft-defender-endpoint-mac.md @@ -3,8 +3,8 @@ title: Microsoft Defender for Endpoint on Mac ms.reviewer: yongrhee, pahuijbr description: Learn how to install, configure, update, and use Microsoft Defender for Endpoint on Mac. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro @@ -15,7 +15,7 @@ ms.collection: ms.topic: conceptual ms.subservice: macos search.appverid: met150 -ms.date: 08/06/2024 +ms.date: 09/19/2024 --- # Microsoft Defender for Endpoint on Mac @@ -71,9 +71,13 @@ There are several methods and deployment tools that you can use to install and c The three most recent major releases of macOS are supported. -- 15 (Sequoia), 14 (Sonoma), 13 (Ventura), 12 (Monterey) +- 14 (Sonoma) - > [!IMPORTANT] +- 13 (Ventura) + +- 12 (Monterey) + + > [!IMPORTANT] > On macOS 11 (Big Sur) and above, Microsoft Defender for Endpoint requires additional configuration profiles. If you are an existing customer upgrading from earlier versions of macOS, make sure to deploy the additional configuration profiles listed on [New configuration profiles for macOS Big Sur and newer versions of macOS](mac-sysext-policies.md). - Supported processors: x64 and ARM64 diff --git a/defender-endpoint/microsoft-defender-endpoint.md b/defender-endpoint/microsoft-defender-endpoint.md index 9747ebbc57..da9d3cf957 100644 --- a/defender-endpoint/microsoft-defender-endpoint.md +++ b/defender-endpoint/microsoft-defender-endpoint.md @@ -2,8 +2,8 @@ title: Microsoft Defender for Endpoint description: Microsoft Defender for Endpoint is an enterprise endpoint security platform that helps defend against advanced persistent threats. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: high manager: deniseb audience: ITPro diff --git a/defender-endpoint/microsoft-defender-security-center-antivirus.md b/defender-endpoint/microsoft-defender-security-center-antivirus.md index a11fec4348..dbab97e6ec 100644 --- a/defender-endpoint/microsoft-defender-security-center-antivirus.md +++ b/defender-endpoint/microsoft-defender-security-center-antivirus.md @@ -4,8 +4,8 @@ description: With Microsoft Defender Antivirus now included in the Windows Secur ms.service: defender-endpoint ms.localizationpriority: medium ms.topic: conceptual -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.custom: nextgen ms.reviewer: manager: deniseb diff --git a/defender-endpoint/migrate-devices-streamlined.md b/defender-endpoint/migrate-devices-streamlined.md index e9c516638b..88aae8903c 100644 --- a/defender-endpoint/migrate-devices-streamlined.md +++ b/defender-endpoint/migrate-devices-streamlined.md @@ -3,8 +3,8 @@ title: Migrate devices to use the streamlined onboarding method description: Learn how to migrate devices to Defender for Endpoint using the streamlined connectivity method. search.appverid: met150 ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/migrating-asr-rules.md b/defender-endpoint/migrating-asr-rules.md index 7a70a6bd7c..318de7a127 100644 --- a/defender-endpoint/migrating-asr-rules.md +++ b/defender-endpoint/migrating-asr-rules.md @@ -5,8 +5,8 @@ ms.topic: conceptual ms.service: defender-endpoint ms.localizationpriority: medium audience: ITPro -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb ms.custom: asr ms.subservice: asr diff --git a/defender-endpoint/migrating-mde-server-to-cloud.md b/defender-endpoint/migrating-mde-server-to-cloud.md index 37dafdd540..615318a06a 100644 --- a/defender-endpoint/migrating-mde-server-to-cloud.md +++ b/defender-endpoint/migrating-mde-server-to-cloud.md @@ -1,8 +1,8 @@ --- title: Migrating servers from Microsoft Defender for Endpoint to Microsoft Defender for Cloud description: Learn how to migrate servers from Microsoft Defender for Endpoint to Microsoft Defender for Cloud. -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb audience: ITPro ms.topic: conceptual diff --git a/defender-endpoint/migration-guides.md b/defender-endpoint/migration-guides.md index 410efff8fa..0baab95f7f 100644 --- a/defender-endpoint/migration-guides.md +++ b/defender-endpoint/migration-guides.md @@ -1,8 +1,8 @@ --- title: Migration and setup guides to move to Microsoft Defender for Endpoint description: Learn how to make the switch from a non-Microsoft Defender XDR solution to Microsoft Defender for Endpoint -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb audience: ITPro ms.topic: conceptual diff --git a/defender-endpoint/minimum-requirements.md b/defender-endpoint/minimum-requirements.md index 2ea3dad9d5..fe933b53bf 100644 --- a/defender-endpoint/minimum-requirements.md +++ b/defender-endpoint/minimum-requirements.md @@ -2,8 +2,8 @@ title: Minimum requirements for Microsoft Defender for Endpoint description: Understand the licensing requirements and requirements for onboarding devices to the service ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.reviewer: pahuijbr ms.localizationpriority: medium ms.date: 07/17/2024 diff --git a/defender-endpoint/mobile-resources-defender-endpoint.md b/defender-endpoint/mobile-resources-defender-endpoint.md index 24d8355e18..a2d02426b2 100644 --- a/defender-endpoint/mobile-resources-defender-endpoint.md +++ b/defender-endpoint/mobile-resources-defender-endpoint.md @@ -3,8 +3,8 @@ title: Resources for Microsoft Defender for Endpoint for mobile devices description: Learn about the configurations and privacy settings for all the features in Defender for Endpoint on mobile devices. ms.service: defender-endpoint ms.reviewer: priyankagill -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/monthly-security-summary-report.md b/defender-endpoint/monthly-security-summary-report.md index 3a4b37e27c..49bb95202a 100644 --- a/defender-endpoint/monthly-security-summary-report.md +++ b/defender-endpoint/monthly-security-summary-report.md @@ -3,8 +3,8 @@ title: Monthly security summary reporting in Microsoft Defender for Endpoint description: Use the monthly security summary to see threats detected and prevented, current status from Microsoft Secure Score, and recommended actions. search.appverid: met150 ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium ms.date: 06/12/2023 manager: deniseb diff --git a/defender-endpoint/msda-updates-previous-versions-technical-upgrade-support.md b/defender-endpoint/msda-updates-previous-versions-technical-upgrade-support.md index b7e5b807b6..0ea01fa0e8 100644 --- a/defender-endpoint/msda-updates-previous-versions-technical-upgrade-support.md +++ b/defender-endpoint/msda-updates-previous-versions-technical-upgrade-support.md @@ -2,11 +2,11 @@ title: Microsoft Defender Antivirus updates - Previous versions for technical upgrade support description: Understand the type of technical support offered for previous versions of Microsoft Defender Antivirus ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium ms.reviewer: pahuijbr -ms.date: 08/12/2024 +ms.date: 09/19/2024 manager: deniseb audience: ITPro ms.collection: @@ -29,6 +29,21 @@ Microsoft regularly releases [security intelligence updates and product updates ## Engine and platform updates +### May-2024 (Engine: 1.1.24050.5 | Platform: 4.18.24050.7) + +- Security intelligence update version: **1.413.1.0** +- Release date: **May 30, 2024** (Engine) / **June 4, 2024** (Platform) +- Engine: **1.1.24050.5** +- Platform: **4.18.24050.7** +- Support phase: **Technical upgrade support (only)** + +#### What's new + +- Improved performance when running configuration queries. +- Optimized how scans are prioritized. +- Fixed a crash caused by a race condition with a device control driver. +- Added Event Viewer Logging for scan start event where the scan originates from PowerShell. + ### April-2024 (Engine: 1.1.24040.1 | Platform: 4.18.24040.4) - Security intelligence update version: **1.411.7.0** @@ -1106,6 +1121,21 @@ Microsoft regularly releases [security intelligence updates and product updates The versions listed in this section are no longer supported. To view current versions, see [Updates for Deployment Image Servicing and Management (DISM)](microsoft-defender-antivirus-updates.md#updates-for-deployment-image-servicing-and-management-dism). +### 1.411.111.0 + +- Defender package version: `1.411.111.0` +- Security intelligence version: `1.411.111.0` +- Engine version: `1.24050.2` +- Platform version: `4.18.24050.7` + +#### Fixes + +- None + +#### Additional information + +- None + ### 1.411.9.0 - Defender package version: `1.411.9.0` diff --git a/defender-endpoint/mtd.md b/defender-endpoint/mtd.md index 7d0dace446..59afcae8d1 100644 --- a/defender-endpoint/mtd.md +++ b/defender-endpoint/mtd.md @@ -4,8 +4,8 @@ ms.reviewer: tdoucette, sunasing description: Overview of Mobile Threat Defense in Microsoft Defender for Endpoint ms.service: defender-endpoint ms.subservice: onboard -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium ms.date: 09/05/2024 manager: deniseb diff --git a/defender-endpoint/defender-endpoint-antivirus-exclusions.md b/defender-endpoint/navigate-defender-endpoint-antivirus-exclusions.md similarity index 59% rename from defender-endpoint/defender-endpoint-antivirus-exclusions.md rename to defender-endpoint/navigate-defender-endpoint-antivirus-exclusions.md index 05f17a58a9..a3faeaec95 100644 --- a/defender-endpoint/defender-endpoint-antivirus-exclusions.md +++ b/defender-endpoint/navigate-defender-endpoint-antivirus-exclusions.md @@ -1,15 +1,15 @@ --- -title: Manage exclusions for Microsoft Defender for Endpoint and Microsoft Defender Antivirus -description: Learn about exclusions for Defender for Endpoint and Microsoft Defender Antivirus. Suppress alerts, submit files for analysis, and define exclusions and indicators to reduce noise and risk for your organization. +title: Exclusions overview +description: Learn how to navigate exclusions for Defender for Endpoint and Microsoft Defender Antivirus. ms.service: defender-endpoint ms.subservice: ngp ms.localizationpriority: medium ms.topic: how-to -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.custom: nextgen -ms.date: 08/07/2023 -ms.reviewer: pahuijbr, yongrhee, tudobril +ms.date: 09/23/2024 +ms.reviewer: joshbregman manager: deniseb ms.collection: - m365-security @@ -18,7 +18,7 @@ ms.collection: search.appverid: met150 --- -# Manage exclusions for Microsoft Defender for Endpoint and Microsoft Defender Antivirus +# Exclusions overview [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)] @@ -28,65 +28,21 @@ search.appverid: met150 - [Microsoft Defender for Endpoint Plan 1](microsoft-defender-endpoint.md) - [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md) -**Platforms** - -- Windows - > [!NOTE] > As a Microsoft MVP, [Fabian Bader](https://cloudbrothers.info) contributed to and provided material feedback for this article. -[Microsoft Defender for Endpoint](microsoft-defender-endpoint.md) includes a wide range of capabilities to prevent, detect, investigate, and respond to advanced cyberthreats. These capabilities include [Next-generation protection](next-generation-protection.md) (which includes Microsoft Defender Antivirus). As with any endpoint protection or antivirus solution, sometimes files, folders, or processes that aren't actually a threat can be detected as malicious by Defender for Endpoint or Microsoft Defender Antivirus. These entities can be blocked or sent to quarantine, even though they're not really a threat. - -You can take certain actions to prevent false positives and similar issues from occurring. These actions include: +[Microsoft Defender for Endpoint](microsoft-defender-endpoint.md) includes a wide range of capabilities to prevent, detect, investigate, and respond to advanced cyberthreats. These capabilities include [Next-generation protection](next-generation-protection.md) (which includes Microsoft Defender Antivirus). -- [Submitting a file to Microsoft for analysis](#submitting-files-for-analysis) -- [Suppressing an alert](#suppressing-alerts) -- [Adding an exclusion or indicator](#exclusions-and-indicators) +As with any endpoint protection or antivirus solution, sometimes files, folders, or processes that aren't actually a threat can be detected as malicious by Defender for Endpoint or Microsoft Defender Antivirus. These entities can be blocked or sent to quarantine, even though they're not really a threat. -This article explains how these actions work, and describes the various types of exclusions that can be defined for Defender for Endpoint and Microsoft Defender Antivirus. +This article explains the various types of exclusions that can be defined or actions that can be taken for Defender for Endpoint and Microsoft Defender Antivirus to help manage these situations. > [!CAUTION] > **Defining exclusions reduces the level of protection offered by Defender for Endpoint and Microsoft Defender Antivirus**. Use exclusions as a last resort, and make sure to define only the exclusions that are necessary. Make sure to review your exclusions periodically, and remove the ones you no longer need. See [Important points about exclusions](configure-exclusions-microsoft-defender-antivirus.md#important-points-about-exclusions) and [Common mistakes to avoid](common-exclusion-mistakes-microsoft-defender-antivirus.md). -## Submissions, suppressions, and exclusions - -When you're dealing with false positives, or known entities that are generating alerts, you don't necessarily need to add an exclusion. Sometimes classifying and suppressing an alert is enough. We recommend submitting false positives (and false negatives) to Microsoft for analysis as well. The following table describes some scenarios and what steps to take with respect to file submissions, alert suppressions, and exclusions. - -| Scenario | Steps to consider | -|:---|:----| -| [False positive](defender-endpoint-false-positives-negatives.md): An entity, such as a file or a process, was detected and identified as malicious, even though the entity isn't a threat. | 1. [Review and classify alerts](defender-endpoint-false-positives-negatives.md#part-1-review-and-classify-alerts) that were generated as a result of the detected entity.
2. [Suppress an alert](defender-endpoint-false-positives-negatives.md#suppress-an-alert) for a known entity.
3. [Review remediation actions](defender-endpoint-false-positives-negatives.md#part-2-review-remediation-actions) that were taken for the detected entity.
4. [Submit the false positive to Microsoft](/defender-xdr/submission-guide) for analysis.
5. [Define an exclusion](defender-endpoint-false-positives-negatives.md#part-3-review-or-define-exclusions) for the entity (only if necessary). | -| [Performance issues](troubleshoot-performance-issues.md) such as one of the following issues:
- A system is having high CPU usage or other performance issues.
- A system is having memory leak issues.
- An app is slow to load on devices.
- An app is slow to open a file on devices. | 1. [Collect diagnostic data](collect-diagnostic-data.md) for Microsoft Defender Antivirus.
2. If you're using a non-Microsoft antivirus solution, [check with the vendor for any needed exclusions](troubleshoot-performance-issues.md#check-with-vendor-for-antivirus-exclusions).
3. [Analyze the Microsoft Protection Log](troubleshoot-performance-issues.md#analyze-the-microsoft-protection-log) to see the estimated performance impact.
4. [Define an exclusion for Microsoft Defender Antivirus](configure-exclusions-microsoft-defender-antivirus.md) (if necessary).
5. [Create an indicator for Defender for Endpoint](manage-indicators.md) (only if necessary). | -| [Compatibility issues](microsoft-defender-antivirus-compatibility.md) with non-Microsoft antivirus products.
Example: Defender for Endpoint relies on security intelligence updates for devices, whether they're running Microsoft Defender Antivirus or a non-Microsoft antivirus solution. | 1. If you're using a non-Microsoft antivirus product as your primary antivirus/antimalware solution, [set Microsoft Defender Antivirus to passive mode](microsoft-defender-antivirus-compatibility.md#requirements-for-microsoft-defender-antivirus-to-run-in-passive-mode).
2. If you're switching from a non-Microsoft antivirus/antimalware solution to Defender for Endpoint, see [Make the switch to Defender for Endpoint](switch-to-mde-overview.md). This guidance includes:
- [Exclusions you might need to define for the non-Microsoft antivirus/antimalware solution](switch-to-mde-phase-2.md#step-3-add-microsoft-defender-for-endpoint-to-the-exclusion-list-for-your-existing-solution);
- [Exclusions you might need to define for Microsoft Defender Antivirus](switch-to-mde-phase-2.md#step-4-add-your-existing-solution-to-the-exclusion-list-for-microsoft-defender-antivirus); and
- [Troubleshooting information](switch-to-mde-troubleshooting.md) (just in case something goes wrong while migrating). | - -> [!IMPORTANT] -> An "allow" indicator is the strongest type of exclusion you can define in Defender for Endpoint. Make sure to use indicators sparingly (only when necessary), and review all exclusions periodically. - -## Submitting files for analysis - -If you have a file that you think is wrongly detected as malware (a false positive), or a file that you suspect might be malware even though it wasn't detected (a false negative), you can submit the file to Microsoft for analysis. Your submission is scanned immediately, and will then be reviewed by Microsoft security analysts. You're able to check the status of your submission on the [submission history page](https://www.microsoft.com/wdsi/submissionhistory). - -Submitting files for analysis helps reduce false positives and false negatives for all customers. To learn more, see the following articles: - -- [Submit files for analysis](/microsoft-365/security/intelligence/submission-guide) (available to all customers) -- [Submit files using the new unified submissions portal in Defender for Endpoint](admin-submissions-mde.md) (available to customers who have Defender for Endpoint Plan 2 or Microsoft Defender XDR) +## Types of exclusions -## Suppressing alerts - -If you're getting alerts in the Microsoft Defender portal for tools or processes that you know aren't actually a threat, you can suppress those alerts. To suppress an alert, you create a suppression rule, and specify what actions to take for that on other, identical alerts. You can create suppression rules for a specific alert on a single device, or for all alerts that have the same title across your organization. - -To learn more, see the following articles: - -- [Suppress alerts](manage-alerts.md#suppress-alerts) -- [Introducing the new alert suppression experience](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/introducing-the-new-alert-suppression-experience/ba-p/3562719) (for Defender for Endpoint) - -## Exclusions and indicators - -Sometimes, the term *exclusions* is used to refer to exceptions that apply across Defender for Endpoint and Microsoft Defender Antivirus. A more accurate way to describe these exceptions is as follows: - -- [Indicators for Defender for Endpoint](manage-indicators.md); (which apply across Defender for Endpoint and Microsoft Defender Antivirus); and -- [Exclusions for Microsoft Defender Antivirus](configure-exclusions-microsoft-defender-antivirus.md). - -The following table summarizes exclusion types that can be defined for Defender for Endpoint and Microsoft Defender Antivirus. +The following table summarizes the different exclusion types and capabilites in Defender for Endpoint and Microsoft Defender Antivirus. Select each type to see more information about it. > [!TIP] > @@ -94,28 +50,23 @@ The following table summarizes exclusion types that can be defined for Defender > - [Defender for Endpoint Plan 2](microsoft-defender-endpoint.md) is available as a standalone plan, and is included in Microsoft 365 E5. > - If you have Microsoft 365 E3 or E5, make sure to [set up your Defender for Endpoint capabilities](deployment-strategy.md). -| Product/service | Exclusion types | -|:---|:----| -| [Microsoft Defender Antivirus](microsoft-defender-antivirus-windows.md)
[Defender for Endpoint Plan 1 or Plan 2](microsoft-defender-endpoint.md) | - [Automatic exclusions](#automatic-exclusions) (for active roles on Windows Server 2016 and later)
- [Built-in exclusions](#built-in-exclusions) (for operating system files in Windows)
- [Custom exclusions](#custom-exclusions), such as process-based exclusions, folder location-based exclusions, file extension exclusions, or contextual file and folder exclusions
- [Custom remediation actions](#custom-remediation-actions) based on threat severity or for specific threats

*The standalone versions of Defender for Endpoint Plan 1 and Plan 2 don't include server licenses. To onboard servers, you need another license, such as Microsoft Defender for Endpoint for Servers or [Microsoft Defender for Servers Plan 1 or 2](/azure/defender-for-cloud/defender-for-servers-introduction). To learn more, see [Defender for Endpoint onboarding Windows Server](onboard-windows-server.md).*

*If you're a small or medium-sized business using [Microsoft Defender for Business](/defender-business/mdb-overview), you can get [Microsoft Defender for Business servers](/defender-business/get-defender-business#how-to-get-microsoft-defender-for-business-servers).* | -| [Defender for Endpoint Plan 1 or Plan 2](microsoft-defender-endpoint.md) | - [Indicators](#defender-for-endpoint-indicators) for files, certificates, or IP addresses, URLs/domains
- [Attack surface reduction exclusions](#attack-surface-reduction-exclusions)
- [Controlled folder access exclusions](#controlled-folder-access-exclusions) | -| [Defender for Endpoint Plan 2](microsoft-defender-endpoint.md) | [Automation folder exclusions](#automation-folder-exclusions) (for automated investigation and remediation) | - -The following sections describe these exclusions in more detail: - -- [Microsoft Defender Antivirus exclusions](#microsoft-defender-antivirus-exclusions) -- [Defender for Endpoint indicators](#defender-for-endpoint-indicators) -- [Attack surface reduction exclusions](#attack-surface-reduction-exclusions) -- [Controlled folder access exclusions](#controlled-folder-access-exclusions) -- [Automation folder exclusions](#automation-folder-exclusions) (for automated investigation and remediation) +| Exclusion types | Configuration | Description | +|:---|:----| :----| +| [Automatic Microsoft Defender Antivirus exclusions](#automatic-exclusions) | Automatic | Automatic Exclusions for server roles and features in Windows Server. When you install a role on Windows Server 2016 or later, Microsoft Defender Antivirus includes automatic exclusions for the server role and any files that are added while installing the role.
_Note: for active roles on Windows Server 2016 and later_. | +| [Built-in Microsoft Defender Antivirus exclusions](#built-in-exclusions) | Automatic |Microsoft Defender Antivirus includes built in exclusions for operating system files on all versions of Windows.| +| [Custom Microsoft Defender Antivirus exclusions](#custom-exclusions) | Customer | You can add an exclusion for a file, folder, or process that was detected and identified as malicious, even though it isn't a threat. The files, folders, or processes you exclude will be skipped by scheduled scans, on-demand scans, and real-time protection. | +| [Defender for Endpoint attack surface reduction exclusions](#attack-surface-reduction-exclusions) | Customer | If attack surface reducion rules cause ununexpected behavior in your organization, you can define exclusions for certain files and folders. Such exclusions are applied to all attack surface reduction rules.| +| [Defender for Endpoint Indicators](#defender-for-endpoint-indicators) | Customer | You can define indicators with specific actions for entities, such as files, IP addresses, URLs/domains, and certificates. When you define your indicators, you can specify actions such as "Allow" where Defender for Endpoint won't block files, IP addresses, URLs/domains, or certificates that have Allow indicators. | +| [Defender for Endpoint controlled folder access exclusions](#controlled-folder-access-exclusions) | Customer | You can allow certain apps or signed executables to access protected folders by defining exclusions.| +| [Defender for Endpoint automation folder exclusions](#automation-folder-exclusions) | Customer | Automated investigation and remediation in Defender for Endpoint examines alerts and takes immediate action to automatically resolve detected breaches. You can specify folders, file extensions in a specific directory, and file names to be excluded from automated investigation and remediation capabilities.| + +> [!Note] +> Microsoft Defender Antivirus exclusions can apply to antivirus scans and/or to real-time protection. -## Microsoft Defender Antivirus exclusions +> [!Note] +> The standalone versions of Defender for Endpoint Plan 1 and Plan 2 don't include server licenses. To onboard servers, you need another license, such as Microsoft Defender for Endpoint for Servers or [Microsoft Defender for Servers Plan 1 or 2](/azure/defender-for-cloud/defender-for-servers-introduction). To learn more, see [Defender for Endpoint onboarding Windows Server](onboard-windows-server.md).

If you're a small or medium-sized business using [Microsoft Defender for Business](/defender-business/mdb-overview), you can get [Microsoft Defender for Business servers](/defender-business/get-defender-business#how-to-get-microsoft-defender-for-business-servers).| -Microsoft Defender Antivirus exclusions can apply to antivirus scans and/or to real-time protection. These exclusions include: - -- [Automatic exclusions](#automatic-exclusions) (for server roles on Windows Server 2016 and later) -- [Built-in exclusions](#built-in-exclusions) (for operating system files in all versions of Windows) -- [Custom exclusions](#custom-exclusions) (for files and folders that you specify, if necessary) -- [Custom remediation actions](#custom-remediation-actions) (to determine what happens with detected threats) +The following sections describe these exclusions in more detail. ### Automatic exclusions @@ -160,7 +111,19 @@ The list of built-in exclusions in Windows is kept up to date as the threat land When Microsoft Defender Antivirus detects a potential threat while running a scan, it attempts to remediate or remove the detected threat. You can define custom remediation actions to configure how Microsoft Defender Antivirus should address certain threats, whether a restore point should be created before remediating, and when threats should be removed. [Configure remediation actions for Microsoft Defender Antivirus detections](configure-remediation-microsoft-defender-antivirus.md). -## Defender for Endpoint indicators +### Attack surface reduction exclusions + +[Attack surface reduction rules](attack-surface-reduction.md) (also known as ASR rules) target certain software behaviors, such as: + +- Launching executable files and scripts that attempt to download or run files +- Running scripts that seem to be obfuscated or otherwise suspicious +- Performing behaviors that apps don't usually initiate during normal day-to-day work + +Sometimes, legitimate applications exhibit software behaviors that could be blocked by attack surface reduction rules. If that's occurring in your organization, you can define exclusions for certain files and folders. Such exclusions are applied to all attack surface reduction rules. See [Enable attack surface reduction rules](attack-surface-reduction-rules-deployment-implement.md#exclude-files-and-folders). + +Also note that while most ASR rules exclusions are independent from Microsoft Defender Antivirus exclusions, some ASR rules do honor some Microsoft Defender Antivirus exclusions. See [Attack surface reduction rules reference - Microsoft Defender Antivirus exclusions and ASR rules](attack-surface-reduction-rules-reference.md#microsoft-defender-antivirus-exclusions-and-asr-rules). + +### Defender for Endpoint indicators You can define [indicators](manage-indicators.md) with specific actions for entities, such as files, IP addresses, URLs/domains, and certificates. In Defender for Endpoint, indicators are referred to as Indicators of Compromise (IoCs), and less often, as custom indicators. When you define your indicators, you can specify one of the following actions: @@ -194,23 +157,11 @@ The following table summarizes IoC types and available actions: > - [Create indicators based on certificates](indicator-certificates.md) > - [Manage indicators](indicator-manage.md) -## Attack surface reduction exclusions - -[Attack surface reduction rules](attack-surface-reduction.md) (also known as ASR rules) target certain software behaviors, such as: - -- Launching executable files and scripts that attempt to download or run files -- Running scripts that seem to be obfuscated or otherwise suspicious -- Performing behaviors that apps don't usually initiate during normal day-to-day work - -Sometimes, legitimate applications exhibit software behaviors that could be blocked by attack surface reduction rules. If that's occurring in your organization, you can define exclusions for certain files and folders. Such exclusions are applied to all attack surface reduction rules. See [Enable attack surface reduction rules](attack-surface-reduction-rules-deployment-implement.md#exclude-files-and-folders). - -Also note that while most ASR rules exclusions are independent from Microsoft Defender Antivirus exclusions, some ASR rules do honor some Microsoft Defender Antivirus exclusions. See [Attack surface reduction rules reference - Microsoft Defender Antivirus exclusions and ASR rules](attack-surface-reduction-rules-reference.md#microsoft-defender-antivirus-exclusions-and-asr-rules). - -## Controlled folder access exclusions +### Controlled folder access exclusions [Controlled folder access](controlled-folders.md) monitors apps for activities that are detected as malicious and protects the contents of certain (protected) folders on Windows devices. Controlled folder access allows only trusted apps to access protected folders, such as common system folders (including boot sectors) and other folders that you specify. You can allow certain apps or signed executables to access protected folders by defining exclusions. See [Customize controlled folder access](customize-controlled-folders.md). -## Automation folder exclusions +### Automation folder exclusions Automation folder exclusions apply to [automated investigation and remediation](automated-investigations.md) in Defender for Endpoint, which is designed to examine alerts and take immediate action to resolve detected breaches. As alerts are triggered, and an automated investigation runs, a verdict (Malicious, Suspicious, or No threats found) is reached for each piece of evidence investigated. Depending on the [automation level](automation-levels.md) and other security settings, remediation actions can occur automatically or only upon approval by your security operations team. @@ -285,8 +236,8 @@ Depending on what you're using, you might need to refer to the documentation for ## See also +- [Submissions, suppressions and exclusions](submissions-suppressions-exclusions.md) - [Important points about exclusions](configure-exclusions-microsoft-defender-antivirus.md#important-points-about-exclusions) - [Common mistakes to avoid when defining exclusions](common-exclusion-mistakes-microsoft-defender-antivirus.md) -- [Blog post: The Hitchhiker's Guide to Microsoft Defender for Endpoint exclusions](https://cloudbrothers.info/en/guide-to-defender-exclusions/) [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)] diff --git a/defender-endpoint/network-devices.md b/defender-endpoint/network-devices.md index 7548d751e6..2e43726bf9 100644 --- a/defender-endpoint/network-devices.md +++ b/defender-endpoint/network-devices.md @@ -3,8 +3,8 @@ title: Network device discovery and vulnerability management description: Security recommendations and vulnerability detection are now available for operating systems of switches, routers, WLAN controllers, and firewalls. ms.service: defender-endpoint ms.subservice: onboard -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/network-protection-linux.md b/defender-endpoint/network-protection-linux.md index 565e92462d..e76298b663 100644 --- a/defender-endpoint/network-protection-linux.md +++ b/defender-endpoint/network-protection-linux.md @@ -4,8 +4,8 @@ description: Protect your network by preventing Linux users from accessing known ms.service: defender-endpoint ms.localizationpriority: medium audience: ITPro -author: dansimp -ms.author: dansimp +author: denisebmsft +ms.author: deniseb manager: deniseb ms.subservice: linux ms.topic: overview diff --git a/defender-endpoint/network-protection-macos.md b/defender-endpoint/network-protection-macos.md index 8d931b2385..2962a33094 100644 --- a/defender-endpoint/network-protection-macos.md +++ b/defender-endpoint/network-protection-macos.md @@ -5,8 +5,8 @@ ms.service: defender-endpoint ms.localizationpriority: medium ms.date: 08/22/2024 audience: ITPro -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.reviewer: manager: deniseb ms.custom: asr diff --git a/defender-endpoint/network-protection.md b/defender-endpoint/network-protection.md index 11d75a209e..dc6996e16b 100644 --- a/defender-endpoint/network-protection.md +++ b/defender-endpoint/network-protection.md @@ -5,8 +5,8 @@ ms.service: defender-endpoint ms.localizationpriority: medium ms.date: 02/28/2024 audience: ITPro -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.reviewer: mkaminska manager: deniseb ms.custom: asr diff --git a/defender-endpoint/next-generation-protection.md b/defender-endpoint/next-generation-protection.md index b83a71aad7..4730a96f1c 100644 --- a/defender-endpoint/next-generation-protection.md +++ b/defender-endpoint/next-generation-protection.md @@ -4,8 +4,8 @@ description: Get an overview of next-generation protection in Microsoft Defender ms.service: defender-endpoint ms.localizationpriority: high ms.topic: conceptual -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.reviewer: yongrhee manager: deniseb ms.custom: nextgen diff --git a/defender-endpoint/non-windows.md b/defender-endpoint/non-windows.md index 7b13e2c847..1c0791b0e1 100644 --- a/defender-endpoint/non-windows.md +++ b/defender-endpoint/non-windows.md @@ -2,8 +2,8 @@ title: Microsoft Defender for Endpoint on other platforms description: Learn about Microsoft Defender for Endpoint capabilities on other platforms ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/offboard-machines.md b/defender-endpoint/offboard-machines.md index 67339fddbe..82bf17f167 100644 --- a/defender-endpoint/offboard-machines.md +++ b/defender-endpoint/offboard-machines.md @@ -2,8 +2,8 @@ title: Offboard devices description: Onboard Windows devices, servers, non-Windows devices from the Microsoft Defender for Endpoint service ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/office-365-microsoft-defender-antivirus.md b/defender-endpoint/office-365-microsoft-defender-antivirus.md index e88526b78f..fcb3d9ebea 100644 --- a/defender-endpoint/office-365-microsoft-defender-antivirus.md +++ b/defender-endpoint/office-365-microsoft-defender-antivirus.md @@ -5,8 +5,8 @@ ms.service: defender-endpoint ms.localizationpriority: medium audience: ITPro ms.topic: conceptual -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.custom: - nextgen - admindeeplinkDEFENDER diff --git a/defender-endpoint/onboard-configure.md b/defender-endpoint/onboard-configure.md index 6ad481e5a8..343340f461 100644 --- a/defender-endpoint/onboard-configure.md +++ b/defender-endpoint/onboard-configure.md @@ -2,8 +2,8 @@ title: Onboard devices and configure Microsoft Defender for Endpoint capabilities description: Onboard Windows 10 and Windows 11 devices, servers, non-Windows devices and learn how to run a detection test. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/onboard-downlevel.md b/defender-endpoint/onboard-downlevel.md index 3126651395..b140620286 100644 --- a/defender-endpoint/onboard-downlevel.md +++ b/defender-endpoint/onboard-downlevel.md @@ -2,8 +2,8 @@ title: Onboard previous versions of Windows on Microsoft Defender for Endpoint description: Onboard supported previous versions of Windows devices so that they can send sensor data to the Microsoft Defender for Endpoint sensor ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb ms.reviewer: pahuijbr diff --git a/defender-endpoint/onboard-windows-client.md b/defender-endpoint/onboard-windows-client.md index 5e11271da9..3f1615d7b2 100644 --- a/defender-endpoint/onboard-windows-client.md +++ b/defender-endpoint/onboard-windows-client.md @@ -2,8 +2,8 @@ title: Defender for Endpoint onboarding Windows Client description: Onboard Windows Client devices to Microsoft Defender for Endpoint. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/onboard-windows-multi-session-device.md b/defender-endpoint/onboard-windows-multi-session-device.md index aea40412f8..9135a9c60e 100644 --- a/defender-endpoint/onboard-windows-multi-session-device.md +++ b/defender-endpoint/onboard-windows-multi-session-device.md @@ -5,8 +5,8 @@ ms.service: defender-endpoint ms.localizationpriority: medium audience: ITPro ms.topic: conceptual -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.custom: nextgen ms.reviewer: thdoucet manager: deniseb diff --git a/defender-endpoint/onboard-windows-server.md b/defender-endpoint/onboard-windows-server.md index 28c052f3df..13dc471064 100644 --- a/defender-endpoint/onboard-windows-server.md +++ b/defender-endpoint/onboard-windows-server.md @@ -2,8 +2,8 @@ title: Defender for Endpoint onboarding Windows Server description: Onboard Windows Server to Microsoft Defender for Endpoint. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/onboarding-endpoint-configuration-manager.md b/defender-endpoint/onboarding-endpoint-configuration-manager.md index b38f7592e6..8294a5bf6f 100644 --- a/defender-endpoint/onboarding-endpoint-configuration-manager.md +++ b/defender-endpoint/onboarding-endpoint-configuration-manager.md @@ -2,8 +2,8 @@ title: Onboarding using Microsoft Configuration Manager description: Learn how to onboard to Microsoft Defender for Endpoint using Microsoft Configuration Manager ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/onboarding-endpoint-manager.md b/defender-endpoint/onboarding-endpoint-manager.md index 96895e77d3..18f9f38258 100644 --- a/defender-endpoint/onboarding-endpoint-manager.md +++ b/defender-endpoint/onboarding-endpoint-manager.md @@ -2,8 +2,8 @@ title: Onboarding using Microsoft Intune description: Learn how to onboard to Microsoft Defender for Endpoint using Microsoft Intune. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/onboarding-notification.md b/defender-endpoint/onboarding-notification.md index bf9acefb11..737e371065 100644 --- a/defender-endpoint/onboarding-notification.md +++ b/defender-endpoint/onboarding-notification.md @@ -3,8 +3,8 @@ title: Create an onboarding or offboarding notification rule description: Get a notification when a local onboarding or offboarding script is used. search.appverid: met150 ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/onboarding.md b/defender-endpoint/onboarding.md index 463317bd95..99b3375372 100644 --- a/defender-endpoint/onboarding.md +++ b/defender-endpoint/onboarding.md @@ -2,8 +2,8 @@ title: Onboard to Microsoft Defender for Endpoint description: Learn how to onboard endpoints to Microsoft Defender for Endpoint service. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: deniseb ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/overview-attack-surface-reduction.md b/defender-endpoint/overview-attack-surface-reduction.md index 578f2589aa..bf2b7ff27d 100644 --- a/defender-endpoint/overview-attack-surface-reduction.md +++ b/defender-endpoint/overview-attack-surface-reduction.md @@ -3,8 +3,8 @@ title: Understand and use attack surface reduction ms.reviewer: niwelton, joshbregman description: Learn about the attack surface reduction capabilities of Microsoft Defender for Endpoint. ms.service: defender-endpoint -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/overview-client-analyzer.md b/defender-endpoint/overview-client-analyzer.md index 8d8f270477..f8689a9cb9 100644 --- a/defender-endpoint/overview-client-analyzer.md +++ b/defender-endpoint/overview-client-analyzer.md @@ -4,8 +4,8 @@ description: Troubleshoot sensor health on devices to identify potential configu ms.service: defender-endpoint f1.keywords: - NOCSH -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/overview-endpoint-detection-response.md b/defender-endpoint/overview-endpoint-detection-response.md index 225a016ecc..1def261029 100644 --- a/defender-endpoint/overview-endpoint-detection-response.md +++ b/defender-endpoint/overview-endpoint-detection-response.md @@ -3,8 +3,8 @@ title: Overview of endpoint detection and response capabilities ms.reviewer: description: Learn about the endpoint detection and response capabilities in Microsoft Defender for Endpoint ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/partner-applications.md b/defender-endpoint/partner-applications.md index ae055da844..221ee4a13c 100644 --- a/defender-endpoint/partner-applications.md +++ b/defender-endpoint/partner-applications.md @@ -4,8 +4,8 @@ ms.reviewer: description: View supported partner applications to enhance the detection, investigation, and threat intelligence capabilities of the platform ms.service: defender-endpoint ms.subservice: reference -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro @@ -14,7 +14,7 @@ ms.collection: - tier3 ms.topic: conceptual search.appverid: met150 -ms.date: 09/12/2024 +ms.date: 09/20/2024 --- # Partner applications in Microsoft Defender for Endpoint @@ -95,7 +95,7 @@ Microsoft Defender for Endpoint seamlessly integrates with existing security sol |Logo|Partner name|Description| |---|---|---| |![Logo for Bitdefender.](media/bitdefender-logo.png)|[Bitdefender](https://go.microsoft.com/fwlink/?linkid=860032)|Bitdefender GravityZone is a layered next generation endpoint protection platform offering comprehensive protection against the full spectrum of sophisticated cyber threats | -|![Logo for Better Mobile.](media/bettermobile-logo.png)|[Better Mobile](https://go.microsoft.com/fwlink/?linkid=2086214)|AI-based MTD solution to stop mobile threats & phishing. Private internet browsing to protect user privacy | +|![Logo for Better Mobile.](media/bettermobile-logo.png)|[Better Mobile](https://appsource.microsoft.com/en-us/product/web-apps/bettermobilesecurityinc.bettermobile)|AI-based MTD solution to stop mobile threats & phishing. Private internet browsing to protect user privacy | |![Logo for Corrata.](media/corrata-new.png)|[Corrata](https://go.microsoft.com/fwlink/?linkid=2081148)|Mobile solution - Protect your mobile devices with granular visibility and control from Corrata | | ![Logo for Darktrace.](media/partner-applications/darktrace.png) | [Darktrace](https://darktrace.com/products/endpoint) | Network and endpoint protection. Darktrace and Microsoft disrupt cyberattacks at machine speed, offering full visibility and enhanced XDR capabilities. | |![Logo for Lookout.](media/lookout-logo.png)|[Lookout](https://go.microsoft.com/fwlink/?linkid=866935)|Get Lookout Mobile Threat Protection telemetry for Android and iOS mobile devices | diff --git a/defender-endpoint/partner-integration.md b/defender-endpoint/partner-integration.md index f52262e399..5328fe9eb6 100644 --- a/defender-endpoint/partner-integration.md +++ b/defender-endpoint/partner-integration.md @@ -4,8 +4,8 @@ ms.reviewer: description: Learn how you can extend existing security offerings on top of the open framework and a rich set of APIs to build extensions and integrations with Microsoft Defender for Endpoint. ms.service: defender-endpoint ms.subservice: onboard -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/preferences-setup.md b/defender-endpoint/preferences-setup.md index be88d8ac3c..2a0bc4bd77 100644 --- a/defender-endpoint/preferences-setup.md +++ b/defender-endpoint/preferences-setup.md @@ -1,9 +1,9 @@ --- title: Configure general Defender for Endpoint settings -description: Use the settings page to configure general settings, permissions, apis, and rules. +description: Use the settings page to configure general settings, permissions, APIs, and rules. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro @@ -35,7 +35,7 @@ Use the **Settings > Endpoints** menu to modify general settings, advanced featu Topic | Description :---|:--- General settings | Modify your general settings that were previously defined as part of the onboarding process. -Permissions | Manage portal access using RBAC as well as device groups. +Permissions | Manage portal access using RBAC and device groups. APIs | Enable the threat intel and SIEM integration. Rules | Configure suppressions rules and automation settings. Device management | Onboard and offboard devices. diff --git a/defender-endpoint/prepare-deployment.md b/defender-endpoint/prepare-deployment.md index 7b3f24ee46..34276a98ec 100644 --- a/defender-endpoint/prepare-deployment.md +++ b/defender-endpoint/prepare-deployment.md @@ -2,8 +2,8 @@ title: Assign roles and permissions description: Configure permissions deploying Microsoft Defender for Endpoint ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection.md b/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection.md index 6525a2392e..a864800546 100644 --- a/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection.md @@ -8,8 +8,8 @@ ms.localizationpriority: medium ms.date: 05/17/2024 audience: ITPro ms.topic: conceptual -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.custom: - nextgen - admindeeplinkDEFENDER diff --git a/defender-endpoint/prevent-end-user-interaction-microsoft-defender-antivirus.md b/defender-endpoint/prevent-end-user-interaction-microsoft-defender-antivirus.md index 0b72444d60..23c09b29da 100644 --- a/defender-endpoint/prevent-end-user-interaction-microsoft-defender-antivirus.md +++ b/defender-endpoint/prevent-end-user-interaction-microsoft-defender-antivirus.md @@ -3,8 +3,8 @@ title: Hide the Microsoft Defender Antivirus interface description: You can hide virus and threat protection tile in the Windows Security app. ms.service: defender-endpoint ms.localizationpriority: medium -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.custom: nextgen ms.date: 07/26/2023 ms.reviewer: pahuijbr diff --git a/defender-endpoint/production-deployment.md b/defender-endpoint/production-deployment.md index ddf7c7230f..76415124c2 100644 --- a/defender-endpoint/production-deployment.md +++ b/defender-endpoint/production-deployment.md @@ -2,8 +2,8 @@ title: Set up Microsoft Defender for Endpoint deployment description: Learn how to set up the deployment for Microsoft Defender for Endpoint. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/professional-services.md b/defender-endpoint/professional-services.md index eb83c6a5f7..d5ea2fa022 100644 --- a/defender-endpoint/professional-services.md +++ b/defender-endpoint/professional-services.md @@ -3,8 +3,8 @@ title: Professional services supported by Microsoft Defender XDR description: See the list of professional services that Microsoft Defender XDR can integrate with. ms.service: defender-endpoint ms.subservice: reference -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/rbac.md b/defender-endpoint/rbac.md index eb2998b9f7..af56696fe8 100644 --- a/defender-endpoint/rbac.md +++ b/defender-endpoint/rbac.md @@ -2,8 +2,8 @@ title: Use role-based access control to grant fine-grained access to Microsoft Defender portal description: Create roles and groups within your security operations to grant access to the portal. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/restore-quarantined-files-microsoft-defender-antivirus.md b/defender-endpoint/restore-quarantined-files-microsoft-defender-antivirus.md index fbd0cf87f4..1009a146a5 100644 --- a/defender-endpoint/restore-quarantined-files-microsoft-defender-antivirus.md +++ b/defender-endpoint/restore-quarantined-files-microsoft-defender-antivirus.md @@ -3,8 +3,8 @@ title: Restore quarantined files in Microsoft Defender Antivirus description: You can restore quarantined files and folders in Microsoft Defender Antivirus. ms.service: defender-endpoint ms.localizationpriority: medium -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.custom: nextgen ms.date: 08/28/2023 ms.reviewer: pahuijbr diff --git a/defender-endpoint/run-analyzer-macos-linux.md b/defender-endpoint/run-analyzer-macos-linux.md index cfa409fff1..ffabe90d78 100644 --- a/defender-endpoint/run-analyzer-macos-linux.md +++ b/defender-endpoint/run-analyzer-macos-linux.md @@ -4,8 +4,8 @@ description: Learn how to run the Microsoft Defender for Endpoint Client Analyze ms.service: defender-endpoint f1.keywords: - NOCSH -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium ms.date: 06/28/2024 manager: deniseb diff --git a/defender-endpoint/run-analyzer-windows.md b/defender-endpoint/run-analyzer-windows.md index f102e9efe8..0e7f0bf22c 100644 --- a/defender-endpoint/run-analyzer-windows.md +++ b/defender-endpoint/run-analyzer-windows.md @@ -4,8 +4,8 @@ description: Learn how to run the Microsoft Defender for Endpoint Client Analyze ms.service: defender-endpoint f1.keywords: - NOCSH -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.reviewer: younghree ms.localizationpriority: medium manager: deniseb diff --git a/defender-endpoint/run-detection-test.md b/defender-endpoint/run-detection-test.md index 51598213b0..655b087029 100644 --- a/defender-endpoint/run-detection-test.md +++ b/defender-endpoint/run-detection-test.md @@ -3,8 +3,8 @@ title: Run a detection test on a device recently onboarded to Microsoft Defender description: Run the detection test script on a device recently onboarded to the Microsoft Defender for Endpoint service to verify that it's properly added. search.appverid: met150 ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium ms.date: 04/03/2024 manager: deniseb diff --git a/defender-endpoint/safety-scanner-download.md b/defender-endpoint/safety-scanner-download.md index 34e04f0e1d..c82219fd80 100644 --- a/defender-endpoint/safety-scanner-download.md +++ b/defender-endpoint/safety-scanner-download.md @@ -8,8 +8,8 @@ ms.subservice: reference ms.mktglfcycl: secure ms.sitesec: library ms.localizationpriority: medium -ms.author: dansimp -author: dansimp +ms.author: deniseb +author: denisebmsft manager: deniseb audience: ITPro ms.collection: diff --git a/defender-endpoint/schedule-antivirus-scan-in-mde.md b/defender-endpoint/schedule-antivirus-scan-in-mde.md index be4a81bf69..310c36fc60 100644 --- a/defender-endpoint/schedule-antivirus-scan-in-mde.md +++ b/defender-endpoint/schedule-antivirus-scan-in-mde.md @@ -2,8 +2,8 @@ title: How to schedule an antivirus scan using Anacron in Microsoft Defender for Endpoint on Linux description: Learn how to schedule an antivirus scan in Microsoft Defender for Endpoint on Linux for better protection of your organization's assets. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium ms.date: 12/02/2023 manager: deniseb diff --git a/defender-endpoint/schedule-antivirus-scans-group-policy.md b/defender-endpoint/schedule-antivirus-scans-group-policy.md index fcf858cab5..bda5e525c1 100644 --- a/defender-endpoint/schedule-antivirus-scans-group-policy.md +++ b/defender-endpoint/schedule-antivirus-scans-group-policy.md @@ -3,8 +3,8 @@ title: Schedule antivirus scans using Group Policy description: Use Group Policy to set up antivirus scans ms.service: defender-endpoint ms.localizationpriority: medium -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.custom: nextgen ms.date: 09/07/2024 ms.reviewer: pauhijbr, ksarens diff --git a/defender-endpoint/schedule-antivirus-scans-powershell.md b/defender-endpoint/schedule-antivirus-scans-powershell.md index 27d687f530..90148276f6 100644 --- a/defender-endpoint/schedule-antivirus-scans-powershell.md +++ b/defender-endpoint/schedule-antivirus-scans-powershell.md @@ -3,8 +3,8 @@ title: Schedule antivirus scans using PowerShell description: Schedule antivirus scans using PowerShell ms.service: defender-endpoint ms.localizationpriority: medium -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.custom: nextgen ms.date: 10/18/2021 ms.reviewer: pauhijbr, ksarens diff --git a/defender-endpoint/schedule-antivirus-scans-wmi.md b/defender-endpoint/schedule-antivirus-scans-wmi.md index eeeee093eb..b2e5c81883 100644 --- a/defender-endpoint/schedule-antivirus-scans-wmi.md +++ b/defender-endpoint/schedule-antivirus-scans-wmi.md @@ -3,8 +3,8 @@ title: Schedule antivirus scans using Windows Management Instrumentation description: Schedule antivirus scans using WMI ms.service: defender-endpoint ms.localizationpriority: medium -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.custom: nextgen ms.date: 02/21/2024 ms.reviewer: pauhijbr, ksarens, yongrhee diff --git a/defender-endpoint/schedule-antivirus-scans.md b/defender-endpoint/schedule-antivirus-scans.md index 6ae17a7d56..9831c43079 100644 --- a/defender-endpoint/schedule-antivirus-scans.md +++ b/defender-endpoint/schedule-antivirus-scans.md @@ -3,8 +3,8 @@ title: Schedule regular quick and full scans with Microsoft Defender Antivirus description: Set up recurring (scheduled) scans, including when they should run and whether they run as full or quick scans ms.service: defender-endpoint ms.localizationpriority: medium -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.custom: nextgen ms.date: 05/16/2024 ms.reviewer: pauhijbr, ksarens, yongrhee, bsabetghadam diff --git a/defender-endpoint/security-intelligence-update-tshoot.md b/defender-endpoint/security-intelligence-update-tshoot.md index 0673a75687..30ca890e2c 100644 --- a/defender-endpoint/security-intelligence-update-tshoot.md +++ b/defender-endpoint/security-intelligence-update-tshoot.md @@ -1,8 +1,8 @@ --- title: Security Intelligence update troubleshooting from Microsoft Update source description: Learn how to troubleshoot security intelligence updates from your Microsoft Update source. -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb ms.date: 04/10/2024 ms.topic: troubleshooting diff --git a/defender-endpoint/server-migration.md b/defender-endpoint/server-migration.md index c7325b87d4..ac048bb4fd 100644 --- a/defender-endpoint/server-migration.md +++ b/defender-endpoint/server-migration.md @@ -3,8 +3,8 @@ title: Server migration scenarios for the new version of Microsoft Defender for description: Read this article to get an overview of how to migrate your servers from the previous, MMA-based solution to the current Defender for Endpoint unified solution package. search.appverid: met150 ms.service: defender-endpoint -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.localizationpriority: medium ms.date: 09/19/2022 manager: deniseb diff --git a/defender-endpoint/specify-cloud-protection-level-microsoft-defender-antivirus.md b/defender-endpoint/specify-cloud-protection-level-microsoft-defender-antivirus.md index ae1bae888f..3258c465c8 100644 --- a/defender-endpoint/specify-cloud-protection-level-microsoft-defender-antivirus.md +++ b/defender-endpoint/specify-cloud-protection-level-microsoft-defender-antivirus.md @@ -4,8 +4,8 @@ description: Set your level of cloud protection for Microsoft Defender Antivirus ms.service: defender-endpoint ms.localizationpriority: medium ms.topic: how-to -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.date: 07/25/2024 manager: deniseb ms.custom: nextgen diff --git a/defender-endpoint/submissions-suppressions-exclusions.md b/defender-endpoint/submissions-suppressions-exclusions.md new file mode 100644 index 0000000000..f65f0c97c2 --- /dev/null +++ b/defender-endpoint/submissions-suppressions-exclusions.md @@ -0,0 +1,95 @@ +--- +title: Submissions, suppressions, and exclusions for Microsoft Defender for Endpoint and Microsoft Defender Antivirus +description: Learn about suppressing alerts, submitting files for analysis, and defining exclusions and indicators to reduce noise and risk for your organization. +ms.service: defender-endpoint +ms.subservice: ngp +ms.localizationpriority: medium +ms.topic: how-to +author: denisebmsft +ms.author: deniseb +ms.custom: nextgen +ms.date: 09/19/2024 +ms.reviewer: joshbregman +manager: deniseb +ms.collection: +- m365-security +- tier2 +- mde-ngp +search.appverid: met150 +--- + +# Submissions, suppressions, and exclusions for Microsoft Defender for Endpoint and Microsoft Defender Antivirus + +[!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)] + +**Applies to:** + +- Microsoft Defender Antivirus +- [Microsoft Defender for Endpoint Plan 1](microsoft-defender-endpoint.md) +- [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md) + +**Platforms** + +- Windows + +> [!NOTE] +> As a Microsoft MVP, [Fabian Bader](https://cloudbrothers.info) contributed to and provided material feedback for this article. + +[Microsoft Defender for Endpoint](microsoft-defender-endpoint.md) includes a wide range of capabilities to prevent, detect, investigate, and respond to advanced cyberthreats. These capabilities include [Next-generation protection](next-generation-protection.md) (which includes Microsoft Defender Antivirus). As with any endpoint protection or antivirus solution, sometimes files, folders, or processes that aren't actually a threat can be detected as malicious by Defender for Endpoint or Microsoft Defender Antivirus. These entities can be blocked or sent to quarantine, even though they're not really a threat. + +This article describes the most common scenarios where this behavior occurs and the capabilites available in Defender for Endpoint and Microsoft Defender Antivirus to safely prevent or address it without impacting your productivity. These actions include: + +- [Submitting a file to Microsoft for analysis](#submitting-files-for-analysis) +- [Suppressing an alert](#suppressing-alerts) +- [Adding an exclusion or indicator](#using-exclusions-and-indicators) + +> [!CAUTION] +> **Defining exclusions reduces the level of protection offered by Defender for Endpoint and Microsoft Defender Antivirus**. Use exclusions as a last resort, and make sure to define only the exclusions that are necessary. Make sure to review your exclusions periodically, and remove the ones you no longer need. See [Important points about exclusions](configure-exclusions-microsoft-defender-antivirus.md#important-points-about-exclusions) and [Common mistakes to avoid](common-exclusion-mistakes-microsoft-defender-antivirus.md). + +## Submissions, suppressions, and exclusions + +When you're dealing with false positives, or known entities that are generating alerts, you don't necessarily need to add an exclusion. Sometimes classifying and suppressing an alert is enough. We recommend submitting false positives (and false negatives) to Microsoft for analysis as well. The following table describes some scenarios and what steps to take with respect to file submissions, alert suppressions, and exclusions. + +| Scenario | Steps to consider | +|:---|:----| +| [False positive](defender-endpoint-false-positives-negatives.md): An entity, such as a file or a process, was detected and identified as malicious, even though the entity isn't a threat. | 1. [Review and classify alerts](defender-endpoint-false-positives-negatives.md#part-1-review-and-classify-alerts) that were generated as a result of the detected entity.
2. [Suppress an alert](defender-endpoint-false-positives-negatives.md#suppress-an-alert) for a known entity.
3. [Review remediation actions](defender-endpoint-false-positives-negatives.md#part-2-review-remediation-actions) that were taken for the detected entity.
4. [Submit the false positive to Microsoft](/defender-xdr/submission-guide) for analysis.
5. [Define an exclusion](defender-endpoint-false-positives-negatives.md#part-3-review-or-define-exclusions) for the entity (only if necessary). | +| [Performance issues](troubleshoot-performance-issues.md) such as one of the following issues:
- A system is having high CPU usage or other performance issues.
- A system is having memory leak issues.
- An app is slow to load on devices.
- An app is slow to open a file on devices. | 1. [Collect diagnostic data](collect-diagnostic-data.md) for Microsoft Defender Antivirus.
2. If you're using a non-Microsoft antivirus solution, [check with the vendor for any needed exclusions](troubleshoot-performance-issues.md#check-with-vendor-for-antivirus-exclusions).
3. [Analyze the Microsoft Protection Log](troubleshoot-performance-issues.md#analyze-the-microsoft-protection-log) to see the estimated performance impact.
4. [Define an exclusion for Microsoft Defender Antivirus](configure-exclusions-microsoft-defender-antivirus.md) (if necessary).
5. [Create an indicator for Defender for Endpoint](manage-indicators.md) (only if necessary). | +| [Compatibility issues](microsoft-defender-antivirus-compatibility.md) with non-Microsoft antivirus products.
Example: Defender for Endpoint relies on security intelligence updates for devices, whether they're running Microsoft Defender Antivirus or a non-Microsoft antivirus solution. | 1. If you're using a non-Microsoft antivirus product as your primary antivirus/antimalware solution, [set Microsoft Defender Antivirus to passive mode](microsoft-defender-antivirus-compatibility.md#requirements-for-microsoft-defender-antivirus-to-run-in-passive-mode).
2. If you're switching from a non-Microsoft antivirus/antimalware solution to Defender for Endpoint, see [Make the switch to Defender for Endpoint](switch-to-mde-overview.md). This guidance includes:
- [Exclusions you might need to define for the non-Microsoft antivirus/antimalware solution](switch-to-mde-phase-2.md#step-3-add-microsoft-defender-for-endpoint-to-the-exclusion-list-for-your-existing-solution);
- [Exclusions you might need to define for Microsoft Defender Antivirus](switch-to-mde-phase-2.md#step-4-add-your-existing-solution-to-the-exclusion-list-for-microsoft-defender-antivirus); and
- [Troubleshooting information](switch-to-mde-troubleshooting.md) (just in case something goes wrong while migrating). | + +> [!IMPORTANT] +> An "allow" indicator is the strongest type of exclusion you can define in Defender for Endpoint. Make sure to use indicators sparingly (only when necessary), and review all exclusions periodically. + +## Submitting files for analysis + +If you have a file that you think is wrongly detected as malware (a false positive), or a file that you suspect might be malware even though it wasn't detected (a false negative), you can submit the file to Microsoft for analysis. Your submission is scanned immediately, and will then be reviewed by Microsoft security analysts. You're able to check the status of your submission on the [submission history page](https://www.microsoft.com/wdsi/submissionhistory). + +Submitting files for analysis helps reduce false positives and false negatives for all customers. To learn more, see the following articles: + +- [Submit files for analysis](/microsoft-365/security/intelligence/submission-guide) (available to all customers) +- [Submit files using the new unified submissions portal in Defender for Endpoint](admin-submissions-mde.md) (available to customers who have Defender for Endpoint Plan 2 or Microsoft Defender XDR) + +## Suppressing alerts + +If you're getting alerts in the Microsoft Defender portal for tools or processes that you know aren't actually a threat, you can suppress those alerts. To suppress an alert, you create a suppression rule, and specify what actions to take for that on other, identical alerts. You can create suppression rules for a specific alert on a single device, or for all alerts that have the same title across your organization. + +To learn more, see the following articles: + +- [Suppress alerts](manage-alerts.md#suppress-alerts) +- [Introducing the new alert suppression experience](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/introducing-the-new-alert-suppression-experience/ba-p/3562719) (for Defender for Endpoint) + +## Using exclusions and indicators + +Sometimes, the term *exclusions* is used to refer to exceptions that apply across Defender for Endpoint and Microsoft Defender Antivirus. A more accurate way to describe these exceptions is as follows: + +- [Indicators for Defender for Endpoint](manage-indicators.md); (which apply across Defender for Endpoint and Microsoft Defender Antivirus); and +- [Exclusions for Microsoft Defender Antivirus](configure-exclusions-microsoft-defender-antivirus.md). + +For more information, see [Exclusions overview](navigate-defender-endpoint-antivirus-exclusions.md). + +## See also + +- [Important points about exclusions](configure-exclusions-microsoft-defender-antivirus.md#important-points-about-exclusions) +- [Common mistakes to avoid when defining exclusions](common-exclusion-mistakes-microsoft-defender-antivirus.md) +- [Blog post: The Hitchhiker's Guide to Microsoft Defender for Endpoint exclusions](https://cloudbrothers.info/en/guide-to-defender-exclusions/) + +[!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)] diff --git a/defender-endpoint/supported-capabilities-by-platform.md b/defender-endpoint/supported-capabilities-by-platform.md index 38e63d7f4d..78d23931e9 100644 --- a/defender-endpoint/supported-capabilities-by-platform.md +++ b/defender-endpoint/supported-capabilities-by-platform.md @@ -13,7 +13,7 @@ ms.collection: ms.topic: conceptual ms.subservice: onboard search.appverid: met150 -ms.date: 09/18/2024 +ms.date: 09/23/2024 --- # Supported Microsoft Defender for Endpoint capabilities by platform @@ -58,20 +58,18 @@ The following table gives information about the supported Microsoft Defender for |[Device response capabilities: collect investigation package ](respond-machine-alerts.md) | ![Yes.](media/svg/check-yes.svg) | ![Yes.](media/svg/check-yes.svg) | ![Yes.](media/svg/check-yes.svg) [3] | ![Yes.](media/svg/check-yes.svg) [3] | |[Device response capabilities: run antivirus scan](respond-machine-alerts.md) | ![Yes.](media/svg/check-yes.svg) | ![Yes.](media/svg/check-yes.svg) | ![Yes.](media/svg/check-yes.svg) | ![Yes.](media/svg/check-yes.svg) | |[Device isolation](respond-machine-alerts.md) | ![Yes.](media/svg/check-yes.svg) | ![Yes.](media/svg/check-yes.svg) | ![Yes.](media/svg/check-yes.svg) | ![Yes.](media/svg/check-yes.svg) | -|File response capabilities: collect file, deep analysis, block file, stop, and quarantine processes | ![Yes.](media/svg/check-yes.svg) | ![Yes.](media/svg/check-yes.svg) | ![Yes.](media/svg/check-yes.svg) [6] | ![Yes.](media/svg/check-yes.svg) [6] | +|File response capabilities: collect file, deep analysis, block file, stop, and quarantine processes | ![Yes.](media/svg/check-yes.svg) | ![Yes.](media/svg/check-yes.svg) | ![Yes.](media/svg/check-yes.svg) [4] | ![Yes.](media/svg/check-yes.svg) [4] | |[Live Response](live-response.md) | ![Yes.](media/svg/check-yes.svg) | ![Yes.](media/svg/check-yes.svg) | ![Yes.](media/svg/check-yes.svg) | ![Yes.](media/svg/check-yes.svg) | [1] Refers to the modern, unified solution for Windows Server 2012 R2 and Windows Server 2016. For more information, see [Onboard Windows Servers to the Defender for Endpoint service](configure-server-endpoints.md). -[2] Feature is currently in preview ([Microsoft Defender for Endpoint preview features](/defender-xdr/preview)) +[2] Feature is currently in preview ([Microsoft Defender for Endpoint preview features](/defender-xdr/preview)). -[3] Response capabilities using Live Response [2] +[3] Feature is currently in preview ([Microsoft Defender for Endpoint preview features](/defender-xdr/preview)). Or you can also use Live Response [2]. -[4] Collect file only, using Live Response [2] +[4] Collect file only. Or, you can use Live Response [2]. -[5] Endpoint & network device discovery is supported on Windows Server 2019 or later, Windows 10, and Windows 11 - -[6] Collect file feature is currently in preview ([Microsoft Defender for Endpoint preview features](/defender-xdr/preview)). Currently does not support "Deep analysis" or "Block file, stop, and quarantine process". +[5] Endpoint & network device discovery is supported on Windows Server 2019 or later, Windows 10, and Windows 11. > [!NOTE] > Windows 7, 8.1, Windows Server 2008 R2 include support for the EDR sensor, and antivirus using System Center Endpoint Protection (SCEP). diff --git a/defender-endpoint/switch-to-mde-overview.md b/defender-endpoint/switch-to-mde-overview.md index 89a7aab0bf..224aa200ba 100644 --- a/defender-endpoint/switch-to-mde-overview.md +++ b/defender-endpoint/switch-to-mde-overview.md @@ -2,8 +2,8 @@ title: Migrate to Microsoft Defender for Endpoint from non-Microsoft endpoint protection description: Move to Microsoft Defender for Endpoint, which includes Microsoft Defender Antivirus for your endpoint protection solution. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/switch-to-mde-phase-1.md b/defender-endpoint/switch-to-mde-phase-1.md index a14b6943fc..752dadd620 100644 --- a/defender-endpoint/switch-to-mde-phase-1.md +++ b/defender-endpoint/switch-to-mde-phase-1.md @@ -3,8 +3,8 @@ title: Migrate to Microsoft Defender for Endpoint - Prepare description: Get ready to move to Microsoft Defender for Endpoint. Update your devices and configure your network connections. ms.service: defender-endpoint ms.subservice: onboard -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/switch-to-mde-phase-2.md b/defender-endpoint/switch-to-mde-phase-2.md index e511f5f70d..f403adea76 100644 --- a/defender-endpoint/switch-to-mde-phase-2.md +++ b/defender-endpoint/switch-to-mde-phase-2.md @@ -3,8 +3,8 @@ title: Migrate to Microsoft Defender for Endpoint - Setup description: Move to Defender for Endpoint. Review the setup process, which includes installing Microsoft Defender Antivirus. ms.service: defender-endpoint ms.subservice: onboard -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium ms.date: 09/13/2024 manager: deniseb diff --git a/defender-endpoint/switch-to-mde-phase-3.md b/defender-endpoint/switch-to-mde-phase-3.md index 9d4c162bc2..5d03a80902 100644 --- a/defender-endpoint/switch-to-mde-phase-3.md +++ b/defender-endpoint/switch-to-mde-phase-3.md @@ -3,8 +3,8 @@ title: Migrate to Microsoft Defender for Endpoint - Onboard description: Move to Microsoft Defender for Endpoint. Onboard devices and then uninstall your non-Microsoft solution. ms.service: defender-endpoint ms.subservice: onboard -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/switch-to-mde-troubleshooting.md b/defender-endpoint/switch-to-mde-troubleshooting.md index 51ac1c432a..11eab90a09 100644 --- a/defender-endpoint/switch-to-mde-troubleshooting.md +++ b/defender-endpoint/switch-to-mde-troubleshooting.md @@ -2,8 +2,8 @@ title: Troubleshooting issues when moving to Microsoft Defender for Endpoint description: Learn how to troubleshoot issues when you migrate to Microsoft Defender for Endpoint. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/tamper-resiliency.md b/defender-endpoint/tamper-resiliency.md index 2f2eae8f9a..aabb6cf803 100644 --- a/defender-endpoint/tamper-resiliency.md +++ b/defender-endpoint/tamper-resiliency.md @@ -1,8 +1,8 @@ --- title: Tamper resiliency with Microsoft Defender for Endpoint description: Learn about the anti-tampering capabilities of Microsoft Defender for Endpoint. -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb ms.reviewer: joshbregman ms.service: defender-endpoint diff --git a/defender-endpoint/tamperprotection-macos.md b/defender-endpoint/tamperprotection-macos.md index a1e19f9918..0ca575c692 100644 --- a/defender-endpoint/tamperprotection-macos.md +++ b/defender-endpoint/tamperprotection-macos.md @@ -2,8 +2,8 @@ title: Protect macOS security settings with tamper protection description: Use tamper protection to prevent malicious apps from changing important macOS security settings. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/technological-partners.md b/defender-endpoint/technological-partners.md index efce514f4c..0a102012bb 100644 --- a/defender-endpoint/technological-partners.md +++ b/defender-endpoint/technological-partners.md @@ -4,8 +4,8 @@ ms.reviewer: description: View technological partners of Microsoft 365 Defender to enhance detection, investigation, and threat intelligence capabilities of the platform. ms.service: defender-endpoint ms.subservice: reference -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/threat-indicator-concepts.md b/defender-endpoint/threat-indicator-concepts.md index db28df9c3d..1c9e828951 100644 --- a/defender-endpoint/threat-indicator-concepts.md +++ b/defender-endpoint/threat-indicator-concepts.md @@ -2,8 +2,8 @@ title: Understand threat intelligence concepts in Microsoft Defender for Endpoint description: Create custom threat alerts for your organization and learn the concepts around threat intelligence in Microsoft Defender for Endpoint ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/threat-protection-integration.md b/defender-endpoint/threat-protection-integration.md index d40998f7a2..07168c5f77 100644 --- a/defender-endpoint/threat-protection-integration.md +++ b/defender-endpoint/threat-protection-integration.md @@ -1,8 +1,8 @@ --- title: Integrate Microsoft Defender for Endpoint with other Microsoft solutions description: Learn how Microsoft Defender for Endpoint integrates with other Microsoft solutions, including Microsoft Defender for Identity and Microsoft Defender for Cloud. -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.service: defender-endpoint ms.subservice: onboard ms.localizationpriority: medium diff --git a/defender-endpoint/threat-protection-reports.md b/defender-endpoint/threat-protection-reports.md index 8f5200d0be..76c8f2c8c4 100644 --- a/defender-endpoint/threat-protection-reports.md +++ b/defender-endpoint/threat-protection-reports.md @@ -2,8 +2,8 @@ title: Threat protection report in Microsoft Defender for Endpoint description: Track alert detections, categories, and severity using the threat protection report. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/time-settings.md b/defender-endpoint/time-settings.md index aed005693a..1d901ddf75 100644 --- a/defender-endpoint/time-settings.md +++ b/defender-endpoint/time-settings.md @@ -2,8 +2,8 @@ title: Microsoft Defender XDR time zone settings description: Use the info contained here to configure the Microsoft Defender XDR time zone settings and view license information. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/troubleshoot-asr-rules.md b/defender-endpoint/troubleshoot-asr-rules.md index abcd20b126..e9873af92c 100644 --- a/defender-endpoint/troubleshoot-asr-rules.md +++ b/defender-endpoint/troubleshoot-asr-rules.md @@ -4,8 +4,8 @@ description: This article describes how to report and troubleshoot Microsoft Def ms.service: defender-endpoint ms.localizationpriority: medium audience: ITPro -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.reviewer: manager: deniseb ms.custom: diff --git a/defender-endpoint/troubleshoot-asr.md b/defender-endpoint/troubleshoot-asr.md index b0b166fef9..31bad268cb 100644 --- a/defender-endpoint/troubleshoot-asr.md +++ b/defender-endpoint/troubleshoot-asr.md @@ -4,8 +4,8 @@ description: Resources and sample code to troubleshoot issues with attack surfac ms.service: defender-endpoint ms.localizationpriority: medium audience: ITPro -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.date: 07/28/2023 ms.reviewer: manager: deniseb diff --git a/defender-endpoint/troubleshoot-cloud-connect-mdemac.md b/defender-endpoint/troubleshoot-cloud-connect-mdemac.md index 858a07f654..32af7dc69e 100644 --- a/defender-endpoint/troubleshoot-cloud-connect-mdemac.md +++ b/defender-endpoint/troubleshoot-cloud-connect-mdemac.md @@ -2,8 +2,8 @@ title: Troubleshoot cloud connectivity issues for Microsoft Defender for Endpoint on macOS description: This topic describes how to troubleshoot cloud connectivity issues for Microsoft Defender for Endpoint on macOS ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/troubleshoot-collect-support-log.md b/defender-endpoint/troubleshoot-collect-support-log.md index cfc36d1724..f1a18acf2e 100644 --- a/defender-endpoint/troubleshoot-collect-support-log.md +++ b/defender-endpoint/troubleshoot-collect-support-log.md @@ -2,8 +2,8 @@ title: Collect support logs in Microsoft Defender for Endpoint using live response description: Learn how to collect logs using live response to troubleshoot Microsoft Defender for Endpoint issues ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/troubleshoot-exploit-protection-mitigations.md b/defender-endpoint/troubleshoot-exploit-protection-mitigations.md index 37b6d7be40..bb104fa130 100644 --- a/defender-endpoint/troubleshoot-exploit-protection-mitigations.md +++ b/defender-endpoint/troubleshoot-exploit-protection-mitigations.md @@ -5,8 +5,8 @@ ms.service: defender-endpoint ms.localizationpriority: medium ms.topic: conceptual audience: ITPro -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.date: 08/09/2018 ms.reviewer: manager: deniseb diff --git a/defender-endpoint/troubleshoot-live-response.md b/defender-endpoint/troubleshoot-live-response.md index b68d75cf74..6555831e53 100644 --- a/defender-endpoint/troubleshoot-live-response.md +++ b/defender-endpoint/troubleshoot-live-response.md @@ -2,8 +2,8 @@ title: Troubleshoot Microsoft Defender for Endpoint live response issues description: Troubleshoot issues that might arise when using live response in Microsoft Defender for Endpoint. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/troubleshoot-mdatp.md b/defender-endpoint/troubleshoot-mdatp.md index 0fbd7bd44c..32aab8b562 100644 --- a/defender-endpoint/troubleshoot-mdatp.md +++ b/defender-endpoint/troubleshoot-mdatp.md @@ -3,8 +3,8 @@ title: Troubleshoot Microsoft Defender for Endpoint service issues description: Find solutions and workarounds to known issues such as server errors when trying to access the service. ms.service: defender-endpoint ms.subservice: onboard -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/troubleshoot-microsoft-defender-antivirus-when-migrating.yml b/defender-endpoint/troubleshoot-microsoft-defender-antivirus-when-migrating.yml index 4d97e93e46..b8f64b4309 100644 --- a/defender-endpoint/troubleshoot-microsoft-defender-antivirus-when-migrating.yml +++ b/defender-endpoint/troubleshoot-microsoft-defender-antivirus-when-migrating.yml @@ -5,8 +5,8 @@ metadata: ms.service: defender-endpoint ms.localizationpriority: medium ms.topic: faq - author: siosulli - ms.author: siosulli + author: denisebmsft + ms.author: deniseb ms.custom: nextgen ms.reviewer: manager: deniseb diff --git a/defender-endpoint/troubleshoot-microsoft-defender-antivirus.yml b/defender-endpoint/troubleshoot-microsoft-defender-antivirus.yml index 5902de0128..a8a5175dfd 100644 --- a/defender-endpoint/troubleshoot-microsoft-defender-antivirus.yml +++ b/defender-endpoint/troubleshoot-microsoft-defender-antivirus.yml @@ -2,8 +2,8 @@ metadata: title: Microsoft Defender Antivirus event IDs and error codes description: Look up the causes and solutions for Microsoft Defender Antivirus event IDs and errors. - author: siosulli - ms.author: siosulli + author: denisebmsft + ms.author: deniseb ms.service: defender-endpoint ms.topic: troubleshooting ms.date: 02/16/2024 diff --git a/defender-endpoint/troubleshoot-np.md b/defender-endpoint/troubleshoot-np.md index fd85141126..07bc9bc207 100644 --- a/defender-endpoint/troubleshoot-np.md +++ b/defender-endpoint/troubleshoot-np.md @@ -4,8 +4,8 @@ description: Resources and sample code to troubleshoot issues with Network prote ms.service: defender-endpoint ms.localizationpriority: medium audience: ITPro -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.reviewer: oogunrinde, yongrhee manager: deniseb ms.subservice: asr diff --git a/defender-endpoint/troubleshoot-onboarding-error-messages.md b/defender-endpoint/troubleshoot-onboarding-error-messages.md index 39b8524496..c85877ce14 100644 --- a/defender-endpoint/troubleshoot-onboarding-error-messages.md +++ b/defender-endpoint/troubleshoot-onboarding-error-messages.md @@ -2,8 +2,8 @@ title: Troubleshoot onboarding issues and error messages description: Troubleshoot onboarding issues and error message while completing setup of Microsoft Defender for Endpoint. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/troubleshoot-onboarding.md b/defender-endpoint/troubleshoot-onboarding.md index 62737b31ca..62a315c596 100644 --- a/defender-endpoint/troubleshoot-onboarding.md +++ b/defender-endpoint/troubleshoot-onboarding.md @@ -2,8 +2,8 @@ title: Troubleshoot Microsoft Defender for Endpoint onboarding issues description: Troubleshoot issues that might arise during the onboarding of devices or to the Microsoft Defender for Endpoint service. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/troubleshoot-problems-with-tamper-protection.yml b/defender-endpoint/troubleshoot-problems-with-tamper-protection.yml index e0c9262262..ac1d76bf70 100644 --- a/defender-endpoint/troubleshoot-problems-with-tamper-protection.yml +++ b/defender-endpoint/troubleshoot-problems-with-tamper-protection.yml @@ -5,8 +5,8 @@ metadata: ms.service: defender-endpoint ms.localizationpriority: medium ms.topic: faq - author: siosulli - ms.author: siosulli + author: denisebmsft + ms.author: deniseb ms.custom: nextgen ms.reviewer: manager: deniseb @@ -27,7 +27,7 @@ sections: - question: | Tamper protection is preventing my security team from managing a device. What should we do? answer: | - If tamper protection prevents your IT or security team from performing a necessary task on a device, consider using [troubleshooting mode](enable-troubleshooting-mode.md). After troubleshooting mode ends, any changes made to tamper-protected settings are reverted to their configured state. + If your IT or security team is prevented from performing a necessary task on a device, consider using [troubleshooting mode](enable-troubleshooting-mode.md). After troubleshooting mode ends, any changes made to tamper-protected settings are reverted to their configured state. - question: | Changes to Microsoft Defender Antivirus settings using Group Policy are ignored. Why is this happening, and what can we do about it? @@ -57,7 +57,7 @@ sections: - If **ManagedDefenderProductType** has a value of `6`, then the device is managed by Intune only (*this value is required to protect Microsoft Defender Antivirus exclusions*). - - If **ManagedDefenderProductType** has a value of `7`, then the device is comanaged, such as by Intune and Configuration Manager (*this value indicates that exclusions aren't currently tamper protected*). + - If **ManagedDefenderProductType** has a value of `7`, then the device is co-managed, such as by Intune and Configuration Manager (*this value indicates that exclusions aren't currently tamper protected*). 3. Confirm that tamper protection is deployed and that Microsoft Defender Antivirus exclusions are protected. Go to `Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features` (or `HKLM\SOFTWARE\Microsoft\Windows Defender\Features`), and look for a `REG_DWORD` entry called **TPExclusions**. diff --git a/defender-endpoint/troubleshoot-security-config-mgt.md b/defender-endpoint/troubleshoot-security-config-mgt.md index 0fdf5144e1..17bd4d4137 100644 --- a/defender-endpoint/troubleshoot-security-config-mgt.md +++ b/defender-endpoint/troubleshoot-security-config-mgt.md @@ -2,8 +2,8 @@ title: Troubleshoot onboarding issues related to Security Management for Microsoft Defender for Endpoint description: Troubleshoot issues that might arise during the onboarding of devices using Security Management for Microsoft Defender for Endpoint. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/troubleshoot-settings.md b/defender-endpoint/troubleshoot-settings.md index b2477b9dd4..d4b0f4faf9 100644 --- a/defender-endpoint/troubleshoot-settings.md +++ b/defender-endpoint/troubleshoot-settings.md @@ -1,8 +1,8 @@ --- title: Troubleshoot Microsoft Defender Antivirus settings description: Find out where settings for Microsoft Defender Antivirus are coming from. -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb ms.reviewer: yongrhee ms.service: defender-endpoint diff --git a/defender-endpoint/troubleshoot-siem.md b/defender-endpoint/troubleshoot-siem.md index aac860d3dd..f65e5a650f 100644 --- a/defender-endpoint/troubleshoot-siem.md +++ b/defender-endpoint/troubleshoot-siem.md @@ -3,8 +3,8 @@ title: Troubleshoot SIEM tool integration issues in Microsoft Defender for Endpo description: Troubleshoot issues that might arise when using SIEM tools with Microsoft Defender for Endpoint. ms.service: defender-endpoint ms.subservice: onboard -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/troubleshooting-mode-scenarios.md b/defender-endpoint/troubleshooting-mode-scenarios.md index 8ca7e27ab7..ef0d9872f0 100644 --- a/defender-endpoint/troubleshooting-mode-scenarios.md +++ b/defender-endpoint/troubleshooting-mode-scenarios.md @@ -3,8 +3,8 @@ title: Troubleshooting mode scenarios in Microsoft Defender for Endpoint description: Use the Microsoft Defender for Endpoint troubleshooting mode to address various antivirus issues. search.appverid: met150 ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.reviewer: pricci ms.localizationpriority: medium manager: deniseb diff --git a/defender-endpoint/tune-performance-defender-antivirus.md b/defender-endpoint/tune-performance-defender-antivirus.md index 77bcc04394..890054f52b 100644 --- a/defender-endpoint/tune-performance-defender-antivirus.md +++ b/defender-endpoint/tune-performance-defender-antivirus.md @@ -4,9 +4,9 @@ description: Describes the procedure to tune the performance of Microsoft Defend ms.service: defender-endpoint ms.localizationpriority: medium audience: ITPro -author: siosulli -ms.author: siosulli -ms.date: 06/26/2024 +author: denisebmsft +ms.author: deniseb +ms.date: 09/20/2024 manager: deniseb ms.collection: - m365-security diff --git a/defender-endpoint/update-agent-mma-windows.md b/defender-endpoint/update-agent-mma-windows.md index 12719a1a4a..9826281c3b 100644 --- a/defender-endpoint/update-agent-mma-windows.md +++ b/defender-endpoint/update-agent-mma-windows.md @@ -3,8 +3,8 @@ title: Update your agent on devices for Microsoft Defender for Endpoint description: Learn about your options for updating or replacing your MMA agent on Windows devices for Defender for Endpoint. ms.service: defender-endpoint ms.subservice: onboard -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium ms.date: 10/05/2023 manager: deniseb diff --git a/defender-endpoint/use-group-policy-microsoft-defender-antivirus.md b/defender-endpoint/use-group-policy-microsoft-defender-antivirus.md index fc13d77592..1964503059 100644 --- a/defender-endpoint/use-group-policy-microsoft-defender-antivirus.md +++ b/defender-endpoint/use-group-policy-microsoft-defender-antivirus.md @@ -3,8 +3,8 @@ title: Configure Microsoft Defender Antivirus with Group Policy description: Learn how to use a Group Policy to configure and manage Microsoft Defender Antivirus on your endpoints in Microsoft Defender for Endpoint. ms.service: defender-endpoint ms.localizationpriority: medium -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.custom: nextgen ms.date: 04/03/2024 ms.reviewer: ksarens, jtoole, pahuijbr diff --git a/defender-endpoint/use-intune-config-manager-microsoft-defender-antivirus.md b/defender-endpoint/use-intune-config-manager-microsoft-defender-antivirus.md index 84b8048ff3..51fed3ffb1 100644 --- a/defender-endpoint/use-intune-config-manager-microsoft-defender-antivirus.md +++ b/defender-endpoint/use-intune-config-manager-microsoft-defender-antivirus.md @@ -3,8 +3,8 @@ title: Configure Microsoft Defender Antivirus using Microsoft Intune description: Use Microsoft Intune to configure Microsoft Defender Antivirus and Endpoint Protection ms.service: defender-endpoint ms.localizationpriority: medium -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.custom: nextgen ms.date: 07/25/2024 ms.reviewer: phuijbr, yongrhee diff --git a/defender-endpoint/use-powershell-cmdlets-microsoft-defender-antivirus.md b/defender-endpoint/use-powershell-cmdlets-microsoft-defender-antivirus.md index b14854b9d3..d149ad8104 100644 --- a/defender-endpoint/use-powershell-cmdlets-microsoft-defender-antivirus.md +++ b/defender-endpoint/use-powershell-cmdlets-microsoft-defender-antivirus.md @@ -3,8 +3,8 @@ title: Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus description: In Windows 10 and Windows 11, you can use PowerShell cmdlets to run scans, update Security intelligence, and change settings in Microsoft Defender Antivirus. ms.service: defender-endpoint ms.localizationpriority: medium -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.custom: nextgen ms.date: 02/18/2024 ms.reviewer: yongrhee diff --git a/defender-endpoint/use-wmi-microsoft-defender-antivirus.md b/defender-endpoint/use-wmi-microsoft-defender-antivirus.md index d792d98ca9..9fde69ea9b 100644 --- a/defender-endpoint/use-wmi-microsoft-defender-antivirus.md +++ b/defender-endpoint/use-wmi-microsoft-defender-antivirus.md @@ -3,8 +3,8 @@ title: Configure Microsoft Defender Antivirus with WMI description: Learn how to configure and manage Microsoft Defender Antivirus by using WMI scripts to retrieve, modify, and update settings in Microsoft Defender for Endpoint. ms.service: defender-endpoint ms.localizationpriority: medium -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.custom: nextgen ms.date: 10/18/2018 ms.reviewer: pahuijbr diff --git a/defender-endpoint/user-roles.md b/defender-endpoint/user-roles.md index 72edaed4bf..5109ef1fe2 100644 --- a/defender-endpoint/user-roles.md +++ b/defender-endpoint/user-roles.md @@ -3,8 +3,8 @@ title: Create and manage roles for role-based access control description: Create roles and define the permissions assigned to the role as part of the role-based access control implementation in the Microsoft Defender XDR ms.service: defender-endpoint ms.subservice: onboard -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/validate-antimalware.md b/defender-endpoint/validate-antimalware.md index 8c89311c1f..bad881154a 100644 --- a/defender-endpoint/validate-antimalware.md +++ b/defender-endpoint/validate-antimalware.md @@ -3,8 +3,8 @@ title: AV detection test for verifying device's onboarding and reporting service description: AV detection test to verify the device's proper onboarding and reporting to the service. ms.service: defender-endpoint ms.subservice: reference -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/verify-connectivity.md b/defender-endpoint/verify-connectivity.md index e05db2da67..204a227e99 100644 --- a/defender-endpoint/verify-connectivity.md +++ b/defender-endpoint/verify-connectivity.md @@ -3,8 +3,8 @@ title: Verify client connectivity to Microsoft Defender for Endpoint service URL description: Learn how to verify client connectivity to Defender for Endpoint service URLs search.appverid: met150 ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.reviewer: mkaminska ms.localizationpriority: medium manager: deniseb diff --git a/defender-endpoint/view-incidents-queue.md b/defender-endpoint/view-incidents-queue.md index 382e1a6083..c8cac4daa3 100644 --- a/defender-endpoint/view-incidents-queue.md +++ b/defender-endpoint/view-incidents-queue.md @@ -3,8 +3,8 @@ title: View and organize the Incidents queue ms.reviewer: description: See the list of incidents and learn how to apply filters to limit the list and get a more focused view. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/web-content-filtering.md b/defender-endpoint/web-content-filtering.md index f962c3f34b..dc96d3340a 100644 --- a/defender-endpoint/web-content-filtering.md +++ b/defender-endpoint/web-content-filtering.md @@ -2,8 +2,8 @@ title: Web content filtering description: Use web content filtering in Microsoft Defender for Endpoint to track and regulate access to websites based on their content categories. ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.reviewer: tdoucett ms.localizationpriority: medium ms.date: 08/15/2024 diff --git a/defender-endpoint/web-protection-monitoring.md b/defender-endpoint/web-protection-monitoring.md index 62933b0b70..7f6058b8b0 100644 --- a/defender-endpoint/web-protection-monitoring.md +++ b/defender-endpoint/web-protection-monitoring.md @@ -3,8 +3,8 @@ title: Monitoring web browsing security in Microsoft Defender for Endpoint description: Use web protection in Microsoft Defender for Endpoint to monitor web browsing security search.appverid: met150 ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/web-protection-overview.md b/defender-endpoint/web-protection-overview.md index 738f387dc5..fa365a6e71 100644 --- a/defender-endpoint/web-protection-overview.md +++ b/defender-endpoint/web-protection-overview.md @@ -3,8 +3,8 @@ title: Web protection description: Learn about the web protection in Microsoft Defender for Endpoint and how it can protect your organization. search.appverid: met150 ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium ms.date: 04/03/2024 manager: deniseb diff --git a/defender-endpoint/web-protection-response.md b/defender-endpoint/web-protection-response.md index e4a3fccff5..70170be579 100644 --- a/defender-endpoint/web-protection-response.md +++ b/defender-endpoint/web-protection-response.md @@ -2,8 +2,8 @@ title: Respond to web threats in Microsoft Defender for Endpoint description: Respond to alerts related to malicious and unwanted websites. Understand how web threat protection informs end users through their web browsers and Windows notifications ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-endpoint/web-threat-protection.md b/defender-endpoint/web-threat-protection.md index ca4d2bd885..8d06dc4882 100644 --- a/defender-endpoint/web-threat-protection.md +++ b/defender-endpoint/web-threat-protection.md @@ -3,8 +3,8 @@ title: Protect your organization against web threats description: Learn about web protection in Microsoft Defender for Endpoint and how it can protect your organization. search.appverid: met150 ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium ms.date: 07/25/2024 manager: deniseb diff --git a/defender-endpoint/whats-new-in-microsoft-defender-endpoint.md b/defender-endpoint/whats-new-in-microsoft-defender-endpoint.md index 311b425099..ede1f86ec9 100644 --- a/defender-endpoint/whats-new-in-microsoft-defender-endpoint.md +++ b/defender-endpoint/whats-new-in-microsoft-defender-endpoint.md @@ -3,8 +3,8 @@ title: What's new in Microsoft Defender for Endpoint description: See what features are generally available (GA) in the latest release of Microsoft Defender for Endpoint, and security features in Windows 10 and Windows Server. search.appverid: met150 ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.reviewer: noamhadash, pahuijbr, yongrhee ms.localizationpriority: medium ms.date: 08/26/2024 diff --git a/defender-endpoint/whats-new-mde-archive.md b/defender-endpoint/whats-new-mde-archive.md index 55a39d5d7d..1ce1750f56 100644 --- a/defender-endpoint/whats-new-mde-archive.md +++ b/defender-endpoint/whats-new-mde-archive.md @@ -4,8 +4,8 @@ description: See what features were available for Microsoft Defender for Endpoin search.appverid: met150 ms.service: defender-endpoint ms.subservice: reference -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium ms.date: 03/25/2024 manager: deniseb diff --git a/defender-endpoint/why-use-microsoft-defender-antivirus.md b/defender-endpoint/why-use-microsoft-defender-antivirus.md index 84c6dc09b3..679e145fac 100644 --- a/defender-endpoint/why-use-microsoft-defender-antivirus.md +++ b/defender-endpoint/why-use-microsoft-defender-antivirus.md @@ -5,8 +5,8 @@ ms.service: defender-endpoint ms.localizationpriority: medium audience: ITPro ms.topic: conceptual -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb ms.custom: nextgen ms.reviewer: yongrhee manager: deniseb diff --git a/defender-endpoint/windows-whatsnew.md b/defender-endpoint/windows-whatsnew.md index a5a7661582..84b132a58b 100644 --- a/defender-endpoint/windows-whatsnew.md +++ b/defender-endpoint/windows-whatsnew.md @@ -3,8 +3,8 @@ title: What's new in Microsoft Defender for Endpoint on Windows description: Learn about the latest feature releases of Microsoft Defender for Endpoint on Windows Client and Server. search.appverid: met150 ms.service: defender-endpoint -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium ms.date: 05/30/2024 manager: deniseb diff --git a/defender-endpoint/zero-trust-with-microsoft-defender-endpoint.md b/defender-endpoint/zero-trust-with-microsoft-defender-endpoint.md index 564f9d973a..35ef173546 100644 --- a/defender-endpoint/zero-trust-with-microsoft-defender-endpoint.md +++ b/defender-endpoint/zero-trust-with-microsoft-defender-endpoint.md @@ -5,8 +5,8 @@ search.appverid: met150 ms.service: microsoft-365-zero-trust f1.keywords: - NOCSH -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium ms.date: 05/10/2024 manager: deniseb diff --git a/defender-for-iot/includes/site-association.md b/defender-for-iot/includes/site-association.md new file mode 100644 index 0000000000..93d1e51dc8 --- /dev/null +++ b/defender-for-iot/includes/site-association.md @@ -0,0 +1,12 @@ +--- +author: limwainstein +ms.author: lwainstein +ms.date: 06/24/2024 +ms.topic: include +ms.service: microsoft-defender-iot +--- + +>[!NOTE] +> +>Currently, devices discovered in the Defender portal aren't synchronized with the Azure portal, and therefore the list of devices discovered could be different in each portal. +> diff --git a/defender-for-iot/manage-devices-inventory.md b/defender-for-iot/manage-devices-inventory.md index 064c197b62..adf12c3c50 100644 --- a/defender-for-iot/manage-devices-inventory.md +++ b/defender-for-iot/manage-devices-inventory.md @@ -40,6 +40,8 @@ To customize the device inventory views: - [Use filters](/defender-endpoint/machines-view-overview#use-filters-to-customize-the-device-inventory-views) - [Use columns](/defender-endpoint/machines-view-overview#use-columns-to-customize-the-device-inventory-views) +[!INCLUDE [defender-iot-site-association](includes/site-association.md)] + ## Manage OT devices - [Explore the device inventory](/defender-endpoint/machines-view-overview#explore-the-device-inventory) including search, export to CSV, and more. diff --git a/defender-for-iot/set-up-sites.md b/defender-for-iot/set-up-sites.md index 49969e8c17..bf6def5f67 100644 --- a/defender-for-iot/set-up-sites.md +++ b/defender-for-iot/set-up-sites.md @@ -69,6 +69,8 @@ In this stage, you configure Defender for IoT to associate OT devices to the sit 1. Select **Next** to review the site details. +[!INCLUDE [defender-iot-site-association](includes/site-association.md)] + ## Review site details Review that information for the site you want to create: diff --git a/defender-for-iot/whats-new.md b/defender-for-iot/whats-new.md index 1c5d4a39ee..0b4895bcb6 100644 --- a/defender-for-iot/whats-new.md +++ b/defender-for-iot/whats-new.md @@ -20,13 +20,11 @@ This article describes features available in Microsoft Defender for IoT in the D |Service area |Updates | |---------|---------| -| **OT networks** | - [New Device Category Added – Building Management Systems (BMS)](#new-device-category-added--building-management-systems-bms) | +| **OT networks** | - [New Building Management Systems (BMS) device category](#new-building-management-systems-bms-device-category) | -### New Device Category Added – Building Management Systems (BMS) +### New Building Management Systems (BMS) device category -A new BMS device category has been added to the MDIoT license aiming to improve BMS device discovery and security. The BMS category includes a subset of Smart Facility and Surveillance devices (previously under the IoT category) such as fire alarms, humidity sensors, security radars, etc. These devices now require an Microsoft Defender for IoT site-based license for full protection. - -Cameras devices will remain under the IoT category. +We now support the new BMS device category in Defender for IoT that improves BMS device discovery and security. The BMS category includes a subset of Smart Facility and Surveillance devices (previously under the IoT category) such as fire alarms, humidity sensors, security radars, etc. Camera devices remain under the IoT category. For more information, see [overview of device discovery](device-discovery.md). diff --git a/defender-office-365/anti-spam-bulk-complaint-level-bcl-about.md b/defender-office-365/anti-spam-bulk-complaint-level-bcl-about.md index 077c1ba740..ee5d2018e7 100644 --- a/defender-office-365/anti-spam-bulk-complaint-level-bcl-about.md +++ b/defender-office-365/anti-spam-bulk-complaint-level-bcl-about.md @@ -53,8 +53,6 @@ Messages that meet or exceed the configured BCL threshold have the following def The [View data by Email \> Spam and Chart breakdown by Detection Technology](reports-email-security.md#view-data-by-email--spam-and-chart-breakdown-by-detection-technology) view in the Threat protection status report has a **Bulk complaint level** slider. This slider is available in :::image type="icon" source="media/m365-cc-sc-filter-icon.png" border="false"::: **Filter** when you also select the **Detection** value **Bulk**. Using this slider shows you the results of increasing or decreasing the BCL value in the report. -> [!TIP] -> The bulk senders insight is currently in Preview, isn't available in all organizations, and is subject to change. If you select **Edit spam threshold and properties** at the bottom of the **Bulk email threshold & spam properties** section in the details flyout of the default anti-spam policy or a custom anti-spam policy that you select from the **Anti-spam policies** page at , the **Bulk email threshold** section contains the bulk senders insight: information about the number of messages that were detected as bulk at all BCL levels by all anti-spam policies over the last 60 days. diff --git a/defender-office-365/attack-simulation-training-faq.md b/defender-office-365/attack-simulation-training-faq.md index 7a06cc944c..f9c945337d 100644 --- a/defender-office-365/attack-simulation-training-faq.md +++ b/defender-office-365/attack-simulation-training-faq.md @@ -19,7 +19,7 @@ ms.custom: - seo-marvel-apr2020 description: Admins can learn about deployment considerations and frequently asked questions regarding Attack simulation and training in Microsoft 365 E5 or Microsoft Defender for Office 365 Plan 2 organizations. ms.service: defender-office-365 -ms.date: 06/14/2024 +ms.date: 09/23/2024 appliesto: - ✅ Microsoft Defender for Office 365 Plan 2 --- @@ -361,4 +361,16 @@ A: Yes. First you archive the payload, then you delete the archived payload. For ### Q: Can I modify the built-in payloads? -A: Not directly. You can copy the payload and then modify the copy. For instructions, see [Copy payloads](attack-simulation-training-payloads.md#copy-payloads). \ No newline at end of file +A: Not directly. You can copy the built-in payload and then modify the copy. For instructions, see [Copy payloads](attack-simulation-training-payloads.md#copy-payloads). + +### Q: I'm trying to run a QR code simulation, but scanning the QR code shows me 'ping successful' instead of the landing page? + +A: When you insert a QR code in the payload editor, it maps to the base phishing URL that you selected in the **Phishing link** section \> **Select URL**. The QR code is inserted in the email message as an image. If you switch from the **Text** tab to the **Code** tab, you see the inserted image in Base64 format. The beginning of the image contains `
`. Make sure to verify that the finished payload contains `
` before you use it in a simulation. + +During simulation creation, if you scan the QR code or you use **Send a Test** to review the payload, the QR code points to the base phishing URL that you selected. + +When the payload is used in a simulation, the service replaces the QR code with a dynamically generated QR code to track click and compromise metrics. The size, position, and shape of the QR code matches the configuration options you configured in the payload. Scanning the QR code during an actual simulation takes you to the configured landing page. + +### Q: I'm trying to create a payload in HTML, but the payload editor seems to remove certain content from my design? + +A: Currently, the following HTML tags aren't supported in the payload editor: `applet, base, basefont, command, embed, frame, frameset, iframe, keygen, link, meta, noframes, noscript, param, script, object, title`. diff --git a/defender-office-365/attack-simulation-training-insights.md b/defender-office-365/attack-simulation-training-insights.md index 88f45b6736..e04fcffd46 100644 --- a/defender-office-365/attack-simulation-training-insights.md +++ b/defender-office-365/attack-simulation-training-insights.md @@ -459,7 +459,7 @@ How user activity signals are captured is described in the following table. |Opened Attachment|A user opened the attachment.|The signal comes from the client (for example, Outlook or Word).| |Read Message|The user read the simulation message.|Message read signals might experience issues in the following scenarios:
  • The user reported the message as phishing in Outlook without leaving the reading pane, and **Mark items as read when viewed in the Reading Pane** wasn't configured (default).
  • The user reported the unread message as phishing in Outlook, the message was deleted, and **Mark messages as read when deleted** wasn't configured (default).
| |Out of Office|Determines whether the user is out of office.|Currently calculated by the Automatic replies setting from Outlook.| -|Compromised User|The user was compromised. The compromise signal varies based on the social engineering technique.|
  • **Credential Harvest**: The user entered their credentials on the login page (credentials aren't stored by Microsoft).¹
  • **Malware Attachment**: The user opened the payload attachment and selected **Enable Editing** in [Protected View](https://support.microsoft.com/office/d6f09ac7-e6b9-4495-8e43-2bbcdbcb6653).
  • **Link in Attachment**: The user opened the attachment and clicked on the payload link.
  • **Link to Malware**: The user clicked on the payload link and entered their credentials.
  • **Drive by URL**: The user clicked on the payload link (entering credentials isn't required).¹
  • **OAuth Consent Grant**: The user clicked on the payload link and accepted the prompt to share permissions.¹
| +|Compromised User|The user was compromised. The compromise signal varies based on the social engineering technique.|
  • **Credential Harvest**: The user entered their credentials on the login page (credentials aren't stored by Microsoft).¹
  • **Malware Attachment**: The user opened the payload attachment and selected **Enable Editing** in [Protected View](https://support.microsoft.com/office/d6f09ac7-e6b9-4495-8e43-2bbcdbcb6653).
  • **Link in Attachment**: The user opened the attachment and entered their credentials after clicking on the payload link.
  • **Link to Malware**: The user clicked on the payload link and entered their credentials.
  • **Drive by URL**: The user clicked on the payload link (entering credentials isn't required).¹
  • **OAuth Consent Grant**: The user clicked on the payload link and accepted the prompt to share permissions.¹
| |Clicked Message Link|The user clicked on the payload link in the simulation message.|The URL in the simulation is unique for each user, which allows individual user activity tracking. Third-party filtering services or email forwarding can lead to false positives. For more information, see [I see clicks or compromise events from users who insist they didn't click the link in the simulation message](attack-simulation-training-faq.md#i-see-clicks-or-compromise-events-from-users-who-insist-they-didnt-click-the-link-in-the-simulation-message).| |Forwarded Message|The user forwarded the message.|| |Replied to Message|The user replied to the message.|| diff --git a/defender-office-365/defender-for-office-365-whats-new.md b/defender-office-365/defender-for-office-365-whats-new.md index db53d025b9..877a29ebdc 100644 --- a/defender-office-365/defender-for-office-365-whats-new.md +++ b/defender-office-365/defender-for-office-365-whats-new.md @@ -49,7 +49,7 @@ For more information on what's new with other Microsoft Defender security produc - **Tenant Allow/Block List in Microsoft 365 GCC, GCC High, DoD, and Office 365 operated by 21Vianet environments**: The [Tenant Allow/Block List](tenant-allow-block-list-about.md) is now available these environments. They are on parity with the WW commercial experiences. -- **45 days after last used date**: The value **Remove allow entry after** \> **45 days after last used date** is now the default on new allow entries from submissions and existing allow entries in the [Tenant Allow/Block List](tenant-allow-block-list-about.md). The allow entry is triggered and the **LastUsedDate** property is updated when the entity is encountered and identified as malicious during mail flow or at time of click. After the filtering system determines that the entity is clean, the allow entry is automatically removed after 45 days. By default, allow entries for spoofed senders never expire. +- **45 days after last used date**: The value **Remove allow entry after** \> **45 days after last used date** is now the default on new allow entries from submissions. The existing allow entries in the [Tenant Allow/Block List](tenant-allow-block-list-about.md) can also be modified to include the value **Remove allow entry after** \> **45 days after last used date**. The allow entry is triggered and the **LastUsedDate** property is updated when the entity is encountered and identified as malicious during mail flow or at time of click. After the filtering system determines that the entity is clean, the allow entry is automatically removed after 45 days. By default, allow entries for spoofed senders never expire. - (GA) Learning hub resources have moved from the Microsoft Defender portal to [learn.microsoft.com](https://go.microsoft.com/fwlink/?linkid=2273118). Access Microsoft Defender XDR Ninja training, learning paths, training modules and more. Browse the [list of learning paths](/training/browse/?products=m365-ems-cloud-app-security%2Cdefender-for-cloud-apps%2Cdefender-identity%2Cm365-information-protection%2Cm365-threat-protection%2Cmdatp%2Cdefender-office365&expanded=m365%2Coffice-365), and filter by product, role, level, and subject. diff --git a/defender-office-365/submissions-admin.md b/defender-office-365/submissions-admin.md index ffc22c1fa2..89e858b64d 100644 --- a/defender-office-365/submissions-admin.md +++ b/defender-office-365/submissions-admin.md @@ -306,7 +306,7 @@ After a few moments, the associated allow entries appear on the **Domains & addr > - If the sender email address is not found to be malicious by our filtering system, submitting the email message to Microsoft won't create an allow entry in the Tenant Allow/Block List. > - When an allowed domain or email address, spoofed sender, URL, or file (_entity_) is encountered again, all filters that are associated with the entity are skipped. For email messages, all other entities are still evaluated by the filtering system before making a decision. > - During mail flow, if messages from the allowed domain or email address pass other checks in the filtering stack, the messages are delivered. For example, if a message passes [email authentication checks](email-authentication-about.md), a message from an allowed sender email address are delivered. -> - By default, allow entries for domains and email addresses exist for 30 days. During those 30 days, Microsoft learns from the allow entries and [removes them or automatically extends them](https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/automatic-tenant-allow-block-list-expiration-management-is-now/ba-p/3723447). After Microsoft learns from the removed allow entries, messages from those domains or email addresses are delivered, unless something else in the message is detected as malicious. By default, allow entries for spoofed senders never expire. +> - By default, allow entries for domains and email addresses are kept for 45 days after the filtering system determines that the entity is clean, and then the allow entry is removed. Or you can set allow entries to expire up to 30 days after you create them. By default, allow entries for spoofed senders never expire. > - For messages that were incorrectly blocked by [domain or user impersonation protection](anti-phishing-policies-about.md#impersonation-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365), the allow entry for the domain or sender is not created in the Tenant Allow/Block List. Instead, the domain or sender is added to the **Trusted senders and domains** section in the [anti-phishing policy](anti-phishing-policies-mdo-configure.md#use-the-microsoft-defender-portal-to-modify-anti-phishing-policies) that detected the message. > - When you override the verdict in the spoof intelligence insight, the spoofed sender becomes a manual allow or block entry that only appears on the **Spoofed senders** on the **Tenant Allow/Block Lists** page at . @@ -362,7 +362,7 @@ After a few moments, the allow entry is available on the **Files** tab on the ** > [!IMPORTANT] > -> - By default, allow entries for files exist for 30 days. During those 30 days, Microsoft learns from the allow entries and [removes them or automatically extends them](https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/automatic-tenant-allow-block-list-expiration-management-is-now/ba-p/3723447). After Microsoft learns from the removed allow entries, messages that contain those files are delivered, unless something else in the message is detected as malicious. +> - By default, allow entries for files are kept for 45 days after the filtering system determines that the entity is clean, and then the allow entry is removed. Or you can set allow entries to expire up to 30 days after you create them. > - When the file is encountered again during mail flow, [Safe Attachments](safe-attachments-about.md) detonation or file reputation checks and all other file-based filters are overridden. If the filtering system determines that all other entities in the email message are clean, the message are delivered. > - During selection, all file-based filters, including [Safe Attachments](safe-attachments-about.md) detonation or file reputation checks are overridden, allowing user access to the file. @@ -420,7 +420,7 @@ After a few moments, the allow entry is available on the **URL** tab on the **Te > [!NOTE] > -> - By default, allow entries for URLs exist for 30 days. During those 30 days, Microsoft learns from the allow entries and [removes them or automatically extends them](https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/automatic-tenant-allow-block-list-expiration-management-is-now/ba-p/3723447). After Microsoft learns from the removed allow entries, messages that contain those URLs are delivered, unless something else in the message is detected as malicious. +> - By default, allow entries for URLs are kept for 45 days after the filtering system determines that the entity is clean, and then the allow entry is removed. Or you can set allow entries to expire up to 30 days after you create them. > - When the URL is encountered again during mail flow, [Safe Links](safe-links-about.md) detonation or URL reputation checks and all other URL-based filters are overridden. If the filtering system determines that all other entities in the email message are clean, the message are delivered. > - During selection, all URL-based filters, including [Safe Links](safe-links-about.md) detonation or URL reputation checks are overridden, allowing user access to content at the URL. diff --git a/defender-office-365/tenant-allow-block-list-about.md b/defender-office-365/tenant-allow-block-list-about.md index e35b588224..eaa00be14b 100644 --- a/defender-office-365/tenant-allow-block-list-about.md +++ b/defender-office-365/tenant-allow-block-list-about.md @@ -8,7 +8,7 @@ manager: deniseb audience: ITPro ms.topic: how-to ms.localizationpriority: medium -ms.date: 07/18/2024 +ms.date: 09/19/2024 search.appverid: - MET150 ms.collection: @@ -34,7 +34,7 @@ In Microsoft 365 organizations with mailboxes in Exchange Online or standalone E The Tenant Allow/Block List in the Microsoft Defender portal gives you a way to manually override the Defender for Office 365 or EOP filtering verdicts. The list is used during mail flow for incoming messages from external senders. -The Tenant Allow/Block List doesn't apply to internal messages sent within the organization. But block entries for **Domains and email addresses** also prevent users in the organization from *sending* email to those blocked domains and addresses. +Entries for **Domains and email addresses** and **Spoofed senders** apply to internal messages sent within the organization. Block entries for **Domains and email addresses** also prevent users in the organization from *sending* email to those blocked domains and addresses. The Tenant Allow/Block list is available in the Microsoft Defender portal at **Email & collaboration** \> **Policies & rules** \> **Threat Policies** \> **Rules** section \> **Tenant Allow/Block Lists**. Or, to go directly to the **Tenant Allow/Block Lists** page, use . diff --git a/defender-vulnerability-management/defender-vulnerability-management-capabilities.md b/defender-vulnerability-management/defender-vulnerability-management-capabilities.md index bc8fa609da..57aca63b1c 100644 --- a/defender-vulnerability-management/defender-vulnerability-management-capabilities.md +++ b/defender-vulnerability-management/defender-vulnerability-management-capabilities.md @@ -2,8 +2,8 @@ title: Compare Microsoft Defender Vulnerability Management plans and capabilities description: Compare Defender Vulnerability Management Offerings. Learn about the differences between the plans and select the plan that suits your organization's needs. search.appverid: MET150 -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb audience: ITPro ms.topic: overview diff --git a/defender-vulnerability-management/defender-vulnerability-management-faq.md b/defender-vulnerability-management/defender-vulnerability-management-faq.md index 02a51fe1b5..c07c8595dd 100644 --- a/defender-vulnerability-management/defender-vulnerability-management-faq.md +++ b/defender-vulnerability-management/defender-vulnerability-management-faq.md @@ -4,8 +4,8 @@ description: Find answers to frequently asked questions (FAQs) about MDVM ms.service: defender-vuln-mgmt f1.keywords: - NOCSH -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-vulnerability-management/defender-vulnerability-management-trial.md b/defender-vulnerability-management/defender-vulnerability-management-trial.md index ada86fd595..2c83eacd95 100644 --- a/defender-vulnerability-management/defender-vulnerability-management-trial.md +++ b/defender-vulnerability-management/defender-vulnerability-management-trial.md @@ -4,8 +4,8 @@ description: Learn about the Microsoft Defender Vulnerability Management trial ms.service: defender-vuln-mgmt f1.keywords: - NOCSH -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-vulnerability-management/defender-vulnerability-management.md b/defender-vulnerability-management/defender-vulnerability-management.md index 3fa65300e1..966ccb95f2 100644 --- a/defender-vulnerability-management/defender-vulnerability-management.md +++ b/defender-vulnerability-management/defender-vulnerability-management.md @@ -1,8 +1,8 @@ --- title: Microsoft Defender Vulnerability Management description: Microsoft Defender Vulnerability Management uses a risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations. -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb ms.topic: overview ms.service: defender-vuln-mgmt diff --git a/defender-vulnerability-management/device-restart-status.md b/defender-vulnerability-management/device-restart-status.md index 500c466c8b..cbfea21436 100644 --- a/defender-vulnerability-management/device-restart-status.md +++ b/defender-vulnerability-management/device-restart-status.md @@ -3,8 +3,8 @@ title: Device restart status description: Learn about the device restart status tag in Microsoft Defender Vulnerability Management ms.service: defender-vuln-mgmt ms.pagetype: security -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-vulnerability-management/fixed-reported-inaccuracies.md b/defender-vulnerability-management/fixed-reported-inaccuracies.md index b6e849d211..6964ed8323 100644 --- a/defender-vulnerability-management/fixed-reported-inaccuracies.md +++ b/defender-vulnerability-management/fixed-reported-inaccuracies.md @@ -4,8 +4,8 @@ description: List the reported inaccuracies that were fixed search.appverid: MET150 ms.service: defender-vuln-mgmt ms.pagetype: security -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft manager: deniseb audience: ITPro ms.collection: @@ -13,7 +13,7 @@ ms.collection: - tier2 ms.localizationpriority: medium ms.topic: troubleshooting -ms.date: 07/02/2024 +ms.date: 09/19/2024 --- # Vulnerability support in Microsoft Defender Vulnerability Management @@ -42,6 +42,8 @@ The following tables present the relevant vulnerability information organized by | 61457 | Fixed inaccurate detections in Mozilla Firefox | 03-Sept-24 | | - | Fixed inaccuracy in Microsoft Visual Studio 2015 | 03-Sept-24 | | - | Fixed inaccurate detections in Microsoft Teams by excluding downloads file path | 08-Sept-24 | +| - | Fixed inaccuracy in Suse Kernel-Default-Devel | 09-Sept-24 | +| 73287 | Fixed inaccuracy in CVE-2024-2800 | 09-Sept-24 | | - | Fixed inaccuracy in Python vulnerability - CVE-2024-7592 | 10-Sept-24 | | 54061 | Defender Vulnerability Management doesn't currently support Flock | 10-Sept-24 | | 68097 | Fixed inaccuracy in OpenSSL vulnerabilities - CVE-2024-4603, CVE-2024-4741 & CVE-2024-5535 | 10-Sept-24 | @@ -54,6 +56,10 @@ The following tables present the relevant vulnerability information organized by | 71626 | Fixed inaccuracy in MongoDB vulnerability - CVE-2024-7553 | 10-Sept-24 | | - | Fixed inaccuracy in Cisco Anyconnect Secure Mobility Client vulnerabilities - CVE-2023-20241 & CVE-2023-20240 | 10-Sept-24 | | - | Fixed inaccuracy in Plantronics vulnerability - CVE-2024-27460 | 10-Sept-24 | +| 72402 | Fixed inaccurate detections in FileZilla by excluding server.app path | 10-Sept-24 | +| - | Added Microsoft Defender Vulnerability Management support to Kusto Explorer | 11-Sept-24 | +| - | Fixed bad detections in Greenshot | 11-Sept-24 | +| 71056 | Fixed inaccuracy in ExpressVPN | 11-Sept-24 | ## August 2024 diff --git a/defender-vulnerability-management/get-defender-vulnerability-management.md b/defender-vulnerability-management/get-defender-vulnerability-management.md index b4e17e2adf..08ab3897d6 100644 --- a/defender-vulnerability-management/get-defender-vulnerability-management.md +++ b/defender-vulnerability-management/get-defender-vulnerability-management.md @@ -2,8 +2,8 @@ title: Sign up for Microsoft Defender Vulnerability Management description: Get Microsoft Defender Vulnerability Management search.appverid: MET150 -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb audience: Admin ms.topic: overview diff --git a/defender-vulnerability-management/index.yml b/defender-vulnerability-management/index.yml index 07420ba14b..c608df8dae 100644 --- a/defender-vulnerability-management/index.yml +++ b/defender-vulnerability-management/index.yml @@ -12,8 +12,8 @@ metadata: - essentials-navigation - tier1 ms.custom: intro-hub-or-landing - author: siosulli - ms.author: siosulli + author: denisebmsft + ms.author: deniseb ms.date: 03/03/2022 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new diff --git a/defender-vulnerability-management/mdvm-onboard-devices.md b/defender-vulnerability-management/mdvm-onboard-devices.md index d255e2400a..a030a3e984 100644 --- a/defender-vulnerability-management/mdvm-onboard-devices.md +++ b/defender-vulnerability-management/mdvm-onboard-devices.md @@ -1,8 +1,8 @@ --- title: Onboard to Microsoft Defender Vulnerability Management description: Learn how to onboard endpoints to Microsoft Defender Vulnerability Management service -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-vulnerability-management/threat-and-vuln-mgt-event-timeline.md b/defender-vulnerability-management/threat-and-vuln-mgt-event-timeline.md index d133d048d1..5eef27a8d0 100644 --- a/defender-vulnerability-management/threat-and-vuln-mgt-event-timeline.md +++ b/defender-vulnerability-management/threat-and-vuln-mgt-event-timeline.md @@ -2,8 +2,8 @@ title: Event timeline description: Event timeline is a risk news feed that helps you interpret how risk is introduced into the organization, and which mitigations happened to reduce it. ms.service: defender-vuln-mgmt -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-vulnerability-management/trial-user-guide-defender-vulnerability-management.md b/defender-vulnerability-management/trial-user-guide-defender-vulnerability-management.md index 802ed26af1..e175fd3863 100644 --- a/defender-vulnerability-management/trial-user-guide-defender-vulnerability-management.md +++ b/defender-vulnerability-management/trial-user-guide-defender-vulnerability-management.md @@ -2,8 +2,8 @@ title: Trial user guide - Microsoft Defender Vulnerability Management description: Learn how Microsoft Defender Vulnerability Management can help you protect all your users and data. ms.service: defender-vuln-mgmt -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-vulnerability-management/tvm-assign-device-value.md b/defender-vulnerability-management/tvm-assign-device-value.md index 5a4ca68418..462d38a616 100644 --- a/defender-vulnerability-management/tvm-assign-device-value.md +++ b/defender-vulnerability-management/tvm-assign-device-value.md @@ -2,8 +2,8 @@ title: Assign device value description: Learn how to assign a low, normal, or high value to a device to help you differentiate between asset priorities. ms.service: defender-vuln-mgmt -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-vulnerability-management/tvm-block-vuln-apps.md b/defender-vulnerability-management/tvm-block-vuln-apps.md index b61bc48597..67e877cccb 100644 --- a/defender-vulnerability-management/tvm-block-vuln-apps.md +++ b/defender-vulnerability-management/tvm-block-vuln-apps.md @@ -3,8 +3,8 @@ title: Block vulnerable applications. description: Use Microsoft Defender Vulnerability Management to block vulnerable applications. ms.service: defender-vuln-mgmt ms.pagetype: security -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-vulnerability-management/tvm-browser-extensions.md b/defender-vulnerability-management/tvm-browser-extensions.md index 897dc6b65b..c50af6ee31 100644 --- a/defender-vulnerability-management/tvm-browser-extensions.md +++ b/defender-vulnerability-management/tvm-browser-extensions.md @@ -3,8 +3,8 @@ title: Browser extensions assessment description: Find out about the browsers extensions installed in your environment ms.service: defender-vuln-mgmt ms.pagetype: security -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-vulnerability-management/tvm-certificate-inventory.md b/defender-vulnerability-management/tvm-certificate-inventory.md index 0d9b80fb8e..1d2620ad37 100644 --- a/defender-vulnerability-management/tvm-certificate-inventory.md +++ b/defender-vulnerability-management/tvm-certificate-inventory.md @@ -2,8 +2,8 @@ title: Certificate inventory description: Find out about the certificates installed in your environment. ms.service: defender-vuln-mgmt -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-vulnerability-management/tvm-dashboard-insights.md b/defender-vulnerability-management/tvm-dashboard-insights.md index e6cf2c146a..5adcfb08aa 100644 --- a/defender-vulnerability-management/tvm-dashboard-insights.md +++ b/defender-vulnerability-management/tvm-dashboard-insights.md @@ -2,8 +2,8 @@ title: Microsoft Defender Vulnerability Management dashboard description: The Microsoft Defender Vulnerability Management dashboard can help SecOps and security admins address cybersecurity threats and build their organization's security resilience. ms.service: defender-vuln-mgmt -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-vulnerability-management/tvm-end-of-support-software.md b/defender-vulnerability-management/tvm-end-of-support-software.md index 78385dda90..38e1e9367d 100644 --- a/defender-vulnerability-management/tvm-end-of-support-software.md +++ b/defender-vulnerability-management/tvm-end-of-support-software.md @@ -2,8 +2,8 @@ title: Plan for end-of-support software and software versions description: Discover and plan for software and software versions that are no longer supported and won't receive security updates. ms.service: defender-vuln-mgmt -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-vulnerability-management/tvm-exception.md b/defender-vulnerability-management/tvm-exception.md index 79b98ea0b6..d3a3730080 100644 --- a/defender-vulnerability-management/tvm-exception.md +++ b/defender-vulnerability-management/tvm-exception.md @@ -2,8 +2,8 @@ title: Create and view exceptions for security recommendations description: Create and monitor exceptions for security recommendations in Microsoft Defender Vulnerability Management. ms.service: defender-vuln-mgmt -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-vulnerability-management/tvm-exposure-score.md b/defender-vulnerability-management/tvm-exposure-score.md index 89e3a84fff..7889bc3853 100644 --- a/defender-vulnerability-management/tvm-exposure-score.md +++ b/defender-vulnerability-management/tvm-exposure-score.md @@ -2,8 +2,8 @@ title: Exposure score in Defender Vulnerability Management description: The Microsoft Defender Vulnerability Management exposure score reflects how vulnerable your organization is to cybersecurity threats. ms.service: defender-vuln-mgmt -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-vulnerability-management/tvm-hardware-and-firmware.md b/defender-vulnerability-management/tvm-hardware-and-firmware.md index de308b4c14..23f176b0aa 100644 --- a/defender-vulnerability-management/tvm-hardware-and-firmware.md +++ b/defender-vulnerability-management/tvm-hardware-and-firmware.md @@ -2,8 +2,8 @@ title: Firmware and hardware assessment description: Find out about the firmware and hardware installed in your environment ms.service: defender-vuln-mgmt -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-vulnerability-management/tvm-hunt-exposed-devices.md b/defender-vulnerability-management/tvm-hunt-exposed-devices.md index 41d0840bb1..32833390c0 100644 --- a/defender-vulnerability-management/tvm-hunt-exposed-devices.md +++ b/defender-vulnerability-management/tvm-hunt-exposed-devices.md @@ -2,8 +2,8 @@ title: Hunt for exposed devices description: Learn how Microsoft Defender Vulnerability Management can be used to help security admins, IT admins, and SecOps collaborate. ms.service: defender-vuln-mgmt -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-vulnerability-management/tvm-manage-Log4shell-guidance.md b/defender-vulnerability-management/tvm-manage-Log4shell-guidance.md index e28378794b..f5dffd9d6c 100644 --- a/defender-vulnerability-management/tvm-manage-Log4shell-guidance.md +++ b/defender-vulnerability-management/tvm-manage-Log4shell-guidance.md @@ -4,8 +4,8 @@ description: Learn how to mitigate the Log4Shell vulnerability in Microsoft Defe ms.service: defender-vuln-mgmt f1.keywords: - NOCSH -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-vulnerability-management/tvm-microsoft-secure-score-devices.md b/defender-vulnerability-management/tvm-microsoft-secure-score-devices.md index 6550d525bd..c135489dd7 100644 --- a/defender-vulnerability-management/tvm-microsoft-secure-score-devices.md +++ b/defender-vulnerability-management/tvm-microsoft-secure-score-devices.md @@ -2,8 +2,8 @@ title: Microsoft Secure Score for Devices description: Your score for devices shows the collective security configuration state of your devices across application, operating system, network, accounts, and security controls. ms.service: defender-vuln-mgmt -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-vulnerability-management/tvm-network-share-assessment.md b/defender-vulnerability-management/tvm-network-share-assessment.md index dcec6253f5..37b5d47b37 100644 --- a/defender-vulnerability-management/tvm-network-share-assessment.md +++ b/defender-vulnerability-management/tvm-network-share-assessment.md @@ -2,8 +2,8 @@ title: Network share configuration assessment description: Learn review recommendations related to network shares in your environment through vulnerability management. ms.service: defender-vuln-mgmt -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-vulnerability-management/tvm-prerequisites.md b/defender-vulnerability-management/tvm-prerequisites.md index 627b282978..f2170f487a 100644 --- a/defender-vulnerability-management/tvm-prerequisites.md +++ b/defender-vulnerability-management/tvm-prerequisites.md @@ -2,8 +2,8 @@ title: Prerequisites & permissions for Microsoft Defender Vulnerability Management description: Before you begin using Microsoft Defender Vulnerability Management, make sure you have the relevant configurations and permissions. ms.service: defender-vuln-mgmt -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-vulnerability-management/tvm-remediation.md b/defender-vulnerability-management/tvm-remediation.md index 10e97306fd..23b55dcfe4 100644 --- a/defender-vulnerability-management/tvm-remediation.md +++ b/defender-vulnerability-management/tvm-remediation.md @@ -2,8 +2,8 @@ title: Remediate vulnerabilities description: Remediate security weaknesses discovered through security recommendations, and create exceptions if needed, in defender vulnerability management. ms.service: defender-vuln-mgmt -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-vulnerability-management/tvm-security-baselines.md b/defender-vulnerability-management/tvm-security-baselines.md index 168f8117e3..3c3909372f 100644 --- a/defender-vulnerability-management/tvm-security-baselines.md +++ b/defender-vulnerability-management/tvm-security-baselines.md @@ -2,8 +2,8 @@ title: Security baselines assessment description: Find out about the security baselines in your environment ms.service: defender-vuln-mgmt -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-vulnerability-management/tvm-security-recommendation.md b/defender-vulnerability-management/tvm-security-recommendation.md index 732c633afe..e6a34ed3d3 100644 --- a/defender-vulnerability-management/tvm-security-recommendation.md +++ b/defender-vulnerability-management/tvm-security-recommendation.md @@ -2,8 +2,8 @@ title: Security recommendations description: Get actionable security recommendations prioritized by threat, likelihood to be breached, and value, in vulnerability management. ms.service: defender-vuln-mgmt -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-vulnerability-management/tvm-software-inventory.md b/defender-vulnerability-management/tvm-software-inventory.md index b74222f004..3f15ddccfd 100644 --- a/defender-vulnerability-management/tvm-software-inventory.md +++ b/defender-vulnerability-management/tvm-software-inventory.md @@ -2,8 +2,8 @@ title: Software inventory description: The software inventory page for Microsoft Defender for Endpoint's Vulnerability Management shows how many weaknesses and vulnerabilities have been detected in software. ms.service: defender-vuln-mgmt -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-vulnerability-management/tvm-supported-os.md b/defender-vulnerability-management/tvm-supported-os.md index 5258d46196..c840c0ab98 100644 --- a/defender-vulnerability-management/tvm-supported-os.md +++ b/defender-vulnerability-management/tvm-supported-os.md @@ -2,8 +2,8 @@ title: Supported operating systems platforms and capabilities description: Ensure that you meet the operating system or platform requisites for Microsoft Defender Vulnerability Management, so the activities in your all devices are properly accounted for. ms.service: defender-vuln-mgmt -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.reviewer: yongrhee ms.localizationpriority: medium manager: deniseb diff --git a/defender-vulnerability-management/tvm-usage-insights.md b/defender-vulnerability-management/tvm-usage-insights.md index 60bb38d66d..65a5f815f7 100644 --- a/defender-vulnerability-management/tvm-usage-insights.md +++ b/defender-vulnerability-management/tvm-usage-insights.md @@ -2,8 +2,8 @@ title: Software usage insights description: Use Microsoft Defender Vulnerability Management to assess software usage ms.service: defender-vuln-mgmt -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-vulnerability-management/tvm-vulnerable-components.md b/defender-vulnerability-management/tvm-vulnerable-components.md index 51c22b2524..ad80e09d4c 100644 --- a/defender-vulnerability-management/tvm-vulnerable-components.md +++ b/defender-vulnerability-management/tvm-vulnerable-components.md @@ -2,8 +2,8 @@ title: Vulnerable components description: The Vulnerable components page lists components with known critical vulnerabilities. ms.service: defender-vuln-mgmt -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-vulnerability-management/tvm-vulnerable-devices-report.md b/defender-vulnerability-management/tvm-vulnerable-devices-report.md index aa019e87c9..e648393a16 100644 --- a/defender-vulnerability-management/tvm-vulnerable-devices-report.md +++ b/defender-vulnerability-management/tvm-vulnerable-devices-report.md @@ -2,8 +2,8 @@ title: Vulnerable devices report description: A report showing vulnerable device trends and current statistics so you can understand the breath and scope of your device exposure. ms.service: defender-vuln-mgmt -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-vulnerability-management/tvm-weaknesses-security-advisories.md b/defender-vulnerability-management/tvm-weaknesses-security-advisories.md index 89615a2999..b3c1cfd438 100644 --- a/defender-vulnerability-management/tvm-weaknesses-security-advisories.md +++ b/defender-vulnerability-management/tvm-weaknesses-security-advisories.md @@ -2,8 +2,8 @@ title: Security advisories description: Lists the firmware security advisories for devices in your organization. Discovered by the Microsoft Defender vulnerability management capabilities. ms.service: defender-vuln-mgmt -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro @@ -12,12 +12,12 @@ ms.collection: - Tier1 ms.topic: conceptual search.appverid: met150 -ms.date: 01/25/2024 +ms.date: 09/20/2024 --- # Security advisories -Security advisories provide an efficient way to view, track, and monitor firmware advisories for affected devices. You can filter on exposed devices and view advisories that affect specific devices. By monitoring these advisories, security teams can take action more quickly to prevent attackers from targeting firmware vulnerabilities. +Security advisories provide an efficient way to view, track, and monitor firmware advisories for affected devices. You can filter on exposed devices and view advisories that affect specific devices. With these advisories, security teams can take action more quickly to prevent attackers from targeting firmware vulnerabilities. > [!NOTE] > This capability is currently available in public preview and may be substantially modified before it's commercially released. @@ -42,7 +42,7 @@ To view firmware security advisories: :::image type="content" alt-text="Screenshot of the security advisory filtered view." source="/defender/media/defender-vulnerability-management/security-advisory-view.png" lightbox="/defender/media/defender-vulnerability-management/security-advisory-view.png"::: -Security advisories include information about specific version of affected devices or software in your organization that are affected and, if available, instructions for how to update the firmware to address the vulnerability. +Security advisories include information about specific versions of affected devices or software in your organization that are affected and, if available, instructions for how to update the firmware to address the vulnerability. > [!NOTE] > Security Advisories are available for the following vendors: Lenovo, Dell, HP. diff --git a/defender-vulnerability-management/tvm-weaknesses.md b/defender-vulnerability-management/tvm-weaknesses.md index 9af9070bb7..1d0662e736 100644 --- a/defender-vulnerability-management/tvm-weaknesses.md +++ b/defender-vulnerability-management/tvm-weaknesses.md @@ -2,8 +2,8 @@ title: Vulnerabilities in my organization description: Lists the common vulnerabilities and exposures (CVE) ID of weaknesses found in the software running in your organization. Discovered by the Microsoft Defender vulnerability management capabilities. ms.service: defender-vuln-mgmt -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro @@ -12,7 +12,7 @@ ms.collection: - Tier1 ms.topic: conceptual search.appverid: met150 -ms.date: 07/31/2024 +ms.date: 09/24/2024 --- # Vulnerabilities in my organization @@ -81,7 +81,7 @@ If you select a CVE from the weaknesses page, a flyout panel opens with more inf For each CVE, you can see a list of the exposed devices and the affected software. -## Exploit Prediction Scoring System (EPSS) +## Exploit Prediction Scoring System (EPSS) The Exploit Prediction Scoring System (EPSS) generates a data-driven score for the probability of a known software vulnerability being exploited in the wild. EPSS uses current threat information from the CVE and real-world exploit data. For each CVE, the EPSS model produces a probability score between 0 and 1 (0% and 100%). The higher the score, the greater the probability that a vulnerability will be exploited. Learn more about [EPSS](https://www.first.org/epss/). @@ -96,7 +96,7 @@ When the EPSS is greater than 0.9, the **Threats** column tooltip is updated wit :::image type="content" source="/defender/media/defender-vulnerability-management/tvm-weaknesses-epss-tip.png" alt-text="Screenshot of the weaknesses epss score in the threat tooltip." lightbox="/defender/media/defender-vulnerability-management/tvm-weaknesses-epss-tip.png"::: > [!NOTE] - > Note that if the EPSS score is smaller than 0.001, it’s considered to be 0. +> Note that if the EPSS score is smaller than 0.001, it’s considered to be 0. You can use the [Vulnerability API](/defender-endpoint/api/vulnerability) to see the EPSS score. @@ -126,9 +126,12 @@ You can request for support to be added to Defender Vulnerability Management for 1. Select the CVE from the [Weaknesses](https://security.microsoft.com/vulnerabilities/cves) page in the Microsoft Defender portal 2. Select **Please support this CVE** from the Vulnerability details tab -The request is sent to Microsoft and will assist us in prioritizing this CVE among others in our system. + The request is sent to Microsoft and will assist us in prioritizing this CVE among others in our system. -:::image type="content" alt-text="Weakness flyout with support CVE button example." source="/defender/media/defender-vulnerability-management/weaknesses-support-cve.png" lightbox="/defender/media/defender-vulnerability-management/weaknesses-support-cve.png"::: + > [!NOTE] + > Request CVE support functionality is not available for GCC, GCC High and DoD customers. + + :::image type="content" alt-text="Weakness flyout with support CVE button example." source="/defender/media/defender-vulnerability-management/weaknesses-support-cve.png" lightbox="/defender/media/defender-vulnerability-management/weaknesses-support-cve.png"::: ## View Common Vulnerabilities and Exposures (CVE) entries in other places @@ -136,7 +139,7 @@ The request is sent to Microsoft and will assist us in prioritizing this CVE amo 1. Go to the [Defender Vulnerability Management dashboard](tvm-dashboard-insights.md) and scroll down to the **Top vulnerable software** widget. You'll see the number of vulnerabilities found in each software, along with threat information and a high-level view of device exposure over time. -:::image type="content" alt-text="Top vulnerable software card." source="/defender/media/defender-vulnerability-management/tvm-top-vulnerable-software500.png" lightbox="/defender/media/defender-vulnerability-management/tvm-top-vulnerable-software500.png"::: + :::image type="content" alt-text="Top vulnerable software card." source="/defender/media/defender-vulnerability-management/tvm-top-vulnerable-software500.png" lightbox="/defender/media/defender-vulnerability-management/tvm-top-vulnerable-software500.png"::: 2. Select the software you want to investigate. 3. Select the **Discovered vulnerabilities** tab. @@ -161,9 +164,9 @@ To see the detection logic: 2. Select **Open device page** and select **Discovered vulnerabilities** from the device page. 3. Select the vulnerability you want to investigate. -A flyout opens and the **Detection logic** section shows the detection logic and source. + A flyout opens and the **Detection logic** section shows the detection logic and source. -:::image type="content" alt-text="Detection Logic example that lists the software detected on the device and the KBs." source="/defender/media/defender-vulnerability-management/tvm-cve-detection-logic.png"::: + :::image type="content" alt-text="Detection Logic example that lists the software detected on the device and the KBs." source="/defender/media/defender-vulnerability-management/tvm-cve-detection-logic.png"::: The "OS Feature" category is also shown in relevant scenarios. This is when a CVE would affect devices that run a vulnerable OS if a specific OS component is enabled. For example, if Windows Server 2019 or Windows Server 2022 has vulnerability in its DNS component we only attach this CVE to the Windows Server 2019 and Windows Server 2022 devices with the DNS capability enabled in their OS. @@ -177,7 +180,7 @@ Report a false positive when you see any vague, inaccurate, or incomplete inform 4. Fill in the requested details about the inaccuracy. This varies depending on the issue you're reporting. 5. Select **Submit**. Your feedback is immediately sent to the Microsoft Defender Vulnerability Management experts. -:::image type="content" alt-text="Report inaccuracy options." source="/defender/media/defender-vulnerability-management/report-inaccuracy-software.png" lightbox="/defender/media/defender-vulnerability-management/report-inaccuracy-software.png"::: + :::image type="content" alt-text="Report inaccuracy options." source="/defender/media/defender-vulnerability-management/report-inaccuracy-software.png" lightbox="/defender/media/defender-vulnerability-management/report-inaccuracy-software.png"::: ## Related articles diff --git a/defender-vulnerability-management/tvm-zero-day-vulnerabilities.md b/defender-vulnerability-management/tvm-zero-day-vulnerabilities.md index ce03e4805a..1e03e41003 100644 --- a/defender-vulnerability-management/tvm-zero-day-vulnerabilities.md +++ b/defender-vulnerability-management/tvm-zero-day-vulnerabilities.md @@ -2,8 +2,8 @@ title: Mitigate zero-day vulnerabilities description: Learn how to find and mitigate zero-day vulnerabilities in your environment through Microsoft Defender Vulnerability Management. ms.service: defender-vuln-mgmt -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-vulnerability-management/whats-new-in-microsoft-defender-vulnerability-management.md b/defender-vulnerability-management/whats-new-in-microsoft-defender-vulnerability-management.md index 1ae21f3718..e528179f3b 100644 --- a/defender-vulnerability-management/whats-new-in-microsoft-defender-vulnerability-management.md +++ b/defender-vulnerability-management/whats-new-in-microsoft-defender-vulnerability-management.md @@ -3,8 +3,8 @@ title: What's new in Microsoft Defender Vulnerability Management description: See what features are available in the latest release of Microsoft Defender for Vulnerability Management search.appverid: met150 ms.service: defender-vuln-mgmt -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-vulnerability-management/windows-authenticated-scan.md b/defender-vulnerability-management/windows-authenticated-scan.md index 21057ba96f..cade6c9012 100644 --- a/defender-vulnerability-management/windows-authenticated-scan.md +++ b/defender-vulnerability-management/windows-authenticated-scan.md @@ -2,14 +2,14 @@ title: Authenticated scan for Windows in Defender Vulnerability Management description: Find out about how to create Authenticated scans for Windows search.appverid: MET150 -author: siosulli -ms.author: siosulli +author: denisebmsft +ms.author: deniseb manager: deniseb audience: Admin ms.topic: conceptual ms.service: defender-vuln-mgmt ms.localizationpriority: medium -ms.date: 05/12/2022 +ms.date: 09/20/2024 ms.collection: - m365-security - Tier1 diff --git a/defender-xdr/TOC.yml b/defender-xdr/TOC.yml index fffadbb7bf..54256a18bd 100644 --- a/defender-xdr/TOC.yml +++ b/defender-xdr/TOC.yml @@ -444,6 +444,8 @@ href: copilot-in-defender-file-analysis.md - name: Generate device summaries href: copilot-in-defender-device-summary.md + - name: Summarize identities + href: security-copilot-defender-identity-summary.md - name: Use guided responses href: security-copilot-m365d-guided-response.md - name: Generate KQL queries diff --git a/defender-xdr/advanced-hunting-deviceevents-table.md b/defender-xdr/advanced-hunting-deviceevents-table.md index 551e3805c7..d019f452a9 100644 --- a/defender-xdr/advanced-hunting-deviceevents-table.md +++ b/defender-xdr/advanced-hunting-deviceevents-table.md @@ -68,7 +68,7 @@ For information on other tables in the advanced hunting schema, [see the advance | `InitiatingProcessSHA1` | `string` | SHA-1 of the process (image file) that initiated the event | | `InitiatingProcessSHA256` | `string` | SHA-256 of the process (image file) that initiated the event. This field is usually not populated — use the SHA1 column when available. | | `InitiatingProcessMD5` | `string` | MD5 hash of the process (image file) that initiated the event | -| `InitiatingProcessFileName` | `string` | Name of the process that initiated the event | +| `InitiatingProcessFileName` | `string` | Name of the process file that initiated the event; if unavailable, the name of the process that initiated the event might be shown instead | | `InitiatingProcessFileSize` | `long` | Size of the file that ran the process responsible for the event | | `InitiatingProcessFolderPath` | `string` | Folder containing the process (image file) that initiated the event | | `InitiatingProcessId` | `long` | Process ID (PID) of the process that initiated the event | diff --git a/defender-xdr/advanced-hunting-devicefileevents-table.md b/defender-xdr/advanced-hunting-devicefileevents-table.md index df030d31e2..ef1ec0ab1c 100644 --- a/defender-xdr/advanced-hunting-devicefileevents-table.md +++ b/defender-xdr/advanced-hunting-devicefileevents-table.md @@ -60,7 +60,7 @@ For information on other tables in the advanced hunting schema, [see the advance | `InitiatingProcessSHA1` | `string` | SHA-1 of the process (image file) that initiated the event | | `InitiatingProcessSHA256` | `string` | SHA-256 of the process (image file) that initiated the event. This field is usually not populated — use the SHA1 column when available. | | `InitiatingProcessFolderPath` | `string` | Folder containing the process (image file) that initiated the event | -| `InitiatingProcessFileName` | `string` | Name of the process that initiated the event | +| `InitiatingProcessFileName` | `string` | Name of the process file that initiated the event; if unavailable, the name of the process that initiated the event might be shown instead | | `InitiatingProcessFileSize` | `long` | Size of the process (image file) that initiated the event | | `InitiatingProcessVersionInfoCompanyName` | `string` | Company name from the version information of the process (image file) responsible for the event | | `InitiatingProcessVersionInfoProductName` | `string` | Product name from the version information of the process (image file) responsible for the event | diff --git a/defender-xdr/advanced-hunting-deviceimageloadevents-table.md b/defender-xdr/advanced-hunting-deviceimageloadevents-table.md index 9b2d775cda..3e82cf76c3 100644 --- a/defender-xdr/advanced-hunting-deviceimageloadevents-table.md +++ b/defender-xdr/advanced-hunting-deviceimageloadevents-table.md @@ -56,7 +56,7 @@ For information on other tables in the advanced hunting schema, [see the advance | `InitiatingProcessSHA1` | `string` | SHA-1 of the process (image file) that initiated the event | | `InitiatingProcessSHA256` | `string` | SHA-256 of the process (image file) that initiated the event. This field is usually not populated — use the SHA1 column when available. | | `InitiatingProcessMD5` | `string` | MD5 hash of the process (image file) that initiated the event | -| `InitiatingProcessFileName` | `string` | Name of the process that initiated the event | +| `InitiatingProcessFileName` | `string` | Name of the process file that initiated the event; if unavailable, the name of the process that initiated the event might be shown instead | | `InitiatingProcessFileSize` | `long` | Size of the file that ran the process responsible for the event | | `InitiatingProcessVersionInfoCompanyName` | `string` | Company name from the version information of the process (image file) responsible for the event | | `InitiatingProcessVersionInfoProductName` | `string` | Product name from the version information of the process (image file) responsible for the event | diff --git a/defender-xdr/advanced-hunting-devicelogonevents-table.md b/defender-xdr/advanced-hunting-devicelogonevents-table.md index ccb36bb3cf..5a7cf10ad7 100644 --- a/defender-xdr/advanced-hunting-devicelogonevents-table.md +++ b/defender-xdr/advanced-hunting-devicelogonevents-table.md @@ -64,7 +64,7 @@ For information on other tables in the advanced hunting schema, [see the advance | `InitiatingProcessSHA1` | `string` | SHA-1 hash of the process (image file) that initiated the event | | `InitiatingProcessSHA256` | `string` | SHA-256 hash of the process (image file) that initiated the event. This field is usually not populated - use the SHA1 column when available. | | `InitiatingProcessMD5` | `string` | MD5 hash of the process (image file) that initiated the event | -| `InitiatingProcessFileName` | `string` | Name of the process that initiated the event | +| `InitiatingProcessFileName` | `string` | Name of the process file that initiated the event; if unavailable, the name of the process that initiated the event might be shown instead| | `InitiatingProcessFileSize` | `long` | Size of the file that ran the process responsible for the event | | `InitiatingProcessVersionInfoCompanyName` | `string` | Company name from the version information of the process (image file) responsible for the event | | `InitiatingProcessVersionInfoProductName` | `string` | Product name from the version information of the process (image file) responsible for the event | diff --git a/defender-xdr/advanced-hunting-devicenetworkevents-table.md b/defender-xdr/advanced-hunting-devicenetworkevents-table.md index 388c1cd589..4d27a073ef 100644 --- a/defender-xdr/advanced-hunting-devicenetworkevents-table.md +++ b/defender-xdr/advanced-hunting-devicenetworkevents-table.md @@ -53,7 +53,7 @@ For information on other tables in the advanced hunting schema, [see the advance | `InitiatingProcessSHA1` | `string` | SHA-1 of the process (image file) that initiated the event | | `InitiatingProcessSHA256` | `string` | SHA-256 of the process (image file) that initiated the event. This field is usually not populated — use the SHA1 column when available. | | `InitiatingProcessMD5` | `string` | MD5 hash of the process (image file) that initiated the event | -| `InitiatingProcessFileName` | `string` | Name of the process that initiated the event | +| `InitiatingProcessFileName` | `string` | Name of the process file that initiated the event; if unavailable, the name of the process that initiated the event might be shown instead | | `InitiatingProcessFileSize` | `long` | Size of the file that ran the process responsible for the event | | `InitiatingProcessVersionInfoCompanyName` | `string` | Company name from the version information of the process (image file) responsible for the event | | `InitiatingProcessVersionInfoProductName` | `string` | Product name from the version information of the process (image file) responsible for the event | diff --git a/defender-xdr/advanced-hunting-deviceprocessevents-table.md b/defender-xdr/advanced-hunting-deviceprocessevents-table.md index 17d1fb9087..979b5485e6 100644 --- a/defender-xdr/advanced-hunting-deviceprocessevents-table.md +++ b/defender-xdr/advanced-hunting-deviceprocessevents-table.md @@ -76,7 +76,7 @@ For information on other tables in the advanced hunting schema, [see the advance | `InitiatingProcessSHA1` | `string` | SHA-1 hash of the process (image file) that initiated the event | | `InitiatingProcessSHA256` | `string` | SHA-256 of the process (image file) that initiated the event. This field is usually not populated — use the SHA1 column when available. | | `InitiatingProcessMD5` | `string` | MD5 hash of the process (image file) that initiated the event | -| `InitiatingProcessFileName` | `string` | Name of the process that initiated the event | +| `InitiatingProcessFileName` | `string` | Name of the process file that initiated the event; if unavailable, the name of the process that initiated the event might be shown instead | | `InitiatingProcessFileSize` | `long` | Size of the file that ran the process responsible for the event | | `InitiatingProcessVersionInfoCompanyName` | `string` | Company name from the version information of the process (image file) responsible for the event | | `InitiatingProcessVersionInfoProductName` | `string` | Product name from the version information of the process (image file) responsible for the event | diff --git a/defender-xdr/advanced-hunting-deviceregistryevents-table.md b/defender-xdr/advanced-hunting-deviceregistryevents-table.md index a7e8dd620a..33d6bfaf57 100644 --- a/defender-xdr/advanced-hunting-deviceregistryevents-table.md +++ b/defender-xdr/advanced-hunting-deviceregistryevents-table.md @@ -55,7 +55,7 @@ For information on other tables in the advanced hunting schema, [see the advance | `InitiatingProcessSHA1` | `string` | SHA-1 of the process (image file) that initiated the event | | `InitiatingProcessSHA256` | `string` | SHA-256 of the process (image file) that initiated the event. This field is usually not populated — use the SHA1 column when available. | | `InitiatingProcessMD5` | `string` | MD5 hash of the process (image file) that initiated the event | -| `InitiatingProcessFileName` | `string` | Name of the process that initiated the event | +| `InitiatingProcessFileName` | `string` | Name of the process file that initiated the event; if unavailable, the name of the process that initiated the event might be shown instead | | `InitiatingProcessFileSize` | `long` | Size of the file that ran the process responsible for the event | | `InitiatingProcessVersionInfoCompanyName` | `string` | Company name from the version information of the process (image file) responsible for the event | | `InitiatingProcessVersionInfoProductName` | `string` | Product name from the version information of the process (image file) responsible for the event | diff --git a/defender-xdr/compare-rbac-roles.md b/defender-xdr/compare-rbac-roles.md index 49aa8df59d..ef1b023ccf 100644 --- a/defender-xdr/compare-rbac-roles.md +++ b/defender-xdr/compare-rbac-roles.md @@ -2,8 +2,8 @@ title: Map Microsoft Defender XDR Unified role-based access control (RBAC) permissions description: Compare permissions and access to Microsoft Defender XDR Security portal experiences using role-based access control (RBAC) ms.service: defender-xdr -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: dansimp audience: ITPro diff --git a/defender-xdr/configure-asset-rules.md b/defender-xdr/configure-asset-rules.md index 19c6303a02..ce96a9bba9 100644 --- a/defender-xdr/configure-asset-rules.md +++ b/defender-xdr/configure-asset-rules.md @@ -2,8 +2,8 @@ title: Asset rule management - Dynamic rules description: You can use Microsoft Defender for Endpoint to configure dynamic tagging ms.service: defender-xdr -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: dansimp audience: ITPro diff --git a/defender-xdr/copilot-in-defender-device-summary.md b/defender-xdr/copilot-in-defender-device-summary.md index 44013a91b5..ac971b4f71 100644 --- a/defender-xdr/copilot-in-defender-device-summary.md +++ b/defender-xdr/copilot-in-defender-device-summary.md @@ -53,7 +53,7 @@ You can access the device summary capability through the following ways: :::image type="content" source="/defender/media/copilot-in-defender/device-summary/copilot-defender-device-summary-device-page-small.png" alt-text="Screenshot of the device summary results in Copilot in Defender." lightbox="/defender/media/copilot-in-defender/device-summary/copilot-defender-device-summary-device-page.png"::: -- From an incident page, you can choose a device on the incident graph and then select **Device details** (1). On the device pane, select **Summarize** (2) to generate the device summary. The summary is displayed in the Copilot pane. +- From an incident page, you can choose a device on the incident graph and then (1) select **Device details**. On the device pane, (2) select **Summarize** to generate the device summary. The summary is displayed in the Copilot pane. :::image type="content" source="/defender/media/copilot-in-defender/device-summary/copilot-defender-device-summary-device-page-small.png" alt-text="Screenshot highlighting the steps to access the device summary in an incident page in Copilot in Defender." lightbox="/defender/media/copilot-in-defender/device-summary/copilot-defender-device-summary-device-page-small.png"::: diff --git a/defender-xdr/custom-permissions-details.md b/defender-xdr/custom-permissions-details.md index 8d3a9b5ba5..8cf7688092 100644 --- a/defender-xdr/custom-permissions-details.md +++ b/defender-xdr/custom-permissions-details.md @@ -2,8 +2,8 @@ title: Details of custom permissions in Microsoft Defender XDR Unified role-based access control (RBAC) description: Learn about the custom permissions available in Microsoft Defender XDR Security role-based access control (RBAC) ms.service: defender-xdr -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: dansimp audience: ITPro diff --git a/defender-xdr/microsoft-secure-score-history-metrics-trends.md b/defender-xdr/microsoft-secure-score-history-metrics-trends.md index f26f93e05d..d0cfd171c8 100644 --- a/defender-xdr/microsoft-secure-score-history-metrics-trends.md +++ b/defender-xdr/microsoft-secure-score-history-metrics-trends.md @@ -6,8 +6,8 @@ ms.mktglfcycl: deploy ms.localizationpriority: medium f1.keywords: - NOCSH -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft manager: dansimp audience: ITPro ms.collection: diff --git a/defender-xdr/microsoft-secure-score-improvement-actions.md b/defender-xdr/microsoft-secure-score-improvement-actions.md index fe169972d8..5c5cccda08 100644 --- a/defender-xdr/microsoft-secure-score-improvement-actions.md +++ b/defender-xdr/microsoft-secure-score-improvement-actions.md @@ -5,8 +5,8 @@ ms.service: defender-xdr ms.localizationpriority: medium f1.keywords: - NOCSH -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft manager: dansimp audience: ITPro ms.collection: diff --git a/defender-xdr/microsoft-secure-score.md b/defender-xdr/microsoft-secure-score.md index 27c9bc1708..23b3703876 100644 --- a/defender-xdr/microsoft-secure-score.md +++ b/defender-xdr/microsoft-secure-score.md @@ -5,8 +5,8 @@ ms.service: defender-xdr ms.localizationpriority: medium f1.keywords: - NOCSH -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft manager: dansimp audience: ITPro ms.collection: diff --git a/defender-xdr/mto-advanced-hunting.md b/defender-xdr/mto-advanced-hunting.md index feca96fb0f..f6a5a4a539 100644 --- a/defender-xdr/mto-advanced-hunting.md +++ b/defender-xdr/mto-advanced-hunting.md @@ -3,8 +3,8 @@ title: Advanced hunting in Microsoft Defender multitenant management description: Learn about advanced hunting in Microsoft Defender multitenant management search.appverid: met150 ms.service: defender-xdr -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: dansimp audience: ITPro diff --git a/defender-xdr/mto-dashboard.md b/defender-xdr/mto-dashboard.md index 0a7ece5868..b6128ba094 100644 --- a/defender-xdr/mto-dashboard.md +++ b/defender-xdr/mto-dashboard.md @@ -3,8 +3,8 @@ title: Vulnerability management in multitenant management description: Learn about the capabilities of the vulnerability management dashboard in multitenant management in Microsoft Defender XDR search.appverid: met150 ms.service: defender-xdr -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: dansimp audience: ITPro diff --git a/defender-xdr/mto-incidents-alerts.md b/defender-xdr/mto-incidents-alerts.md index 55d9e3d9fd..2390e19294 100644 --- a/defender-xdr/mto-incidents-alerts.md +++ b/defender-xdr/mto-incidents-alerts.md @@ -3,8 +3,8 @@ title: View and manage incidents and alerts in Microsoft Defender multitenant ma description: Learn about incidents and alerts in Microsoft Defender multitenant management search.appverid: met150 ms.service: defender-xdr -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: dansimp audience: ITPro diff --git a/defender-xdr/mto-overview.md b/defender-xdr/mto-overview.md index a656a66486..e219434bab 100644 --- a/defender-xdr/mto-overview.md +++ b/defender-xdr/mto-overview.md @@ -2,8 +2,8 @@ title: Microsoft Defender multitenant management description: Learn about multitenant management for Microsoft Defender XDR and Microsoft Sentinel in the Microsoft unified security operations platform. ms.service: defender-xdr -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: dansimp audience: ITPro diff --git a/defender-xdr/mto-requirements.md b/defender-xdr/mto-requirements.md index 384f743949..43d824bce5 100644 --- a/defender-xdr/mto-requirements.md +++ b/defender-xdr/mto-requirements.md @@ -2,8 +2,8 @@ title: Set up Microsoft Defender multitenant management description: Learn what steps you need to take to get started with multitenant management for Microsoft Defender XDR and the Microsoft unified security operations platform. ms.service: defender-xdr -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: dansimp audience: ITPro diff --git a/defender-xdr/mto-tenant-devices.md b/defender-xdr/mto-tenant-devices.md index 53e8ba829c..13432580c4 100644 --- a/defender-xdr/mto-tenant-devices.md +++ b/defender-xdr/mto-tenant-devices.md @@ -3,8 +3,8 @@ title: Devices in multitenant management description: Learn about multitenant device view in multitenant management of the Microsoft Defender XDR. search.appverid: met150 ms.service: defender-xdr -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: dansimp audience: ITPro diff --git a/defender-xdr/mto-tenants.md b/defender-xdr/mto-tenants.md index cb476bf8ba..db5d101cf4 100644 --- a/defender-xdr/mto-tenants.md +++ b/defender-xdr/mto-tenants.md @@ -3,8 +3,8 @@ title: Manage tenants with Microsoft Defender multitenant management description: Learn about the tenant list in Microsoft Defender multitenant management search.appverid: met150 ms.service: defender-xdr -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: dansimp audience: ITPro diff --git a/defender-xdr/secure-score-data-storage-privacy.md b/defender-xdr/secure-score-data-storage-privacy.md index 7c159916de..400578a534 100644 --- a/defender-xdr/secure-score-data-storage-privacy.md +++ b/defender-xdr/secure-score-data-storage-privacy.md @@ -2,8 +2,8 @@ title: Microsoft Secure score data storage and privacy description: Learn about how Microsoft Secure score handles privacy and data that it collects. ms.service: defender-xdr -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: dansimp audience: ITPro diff --git a/defender-xdr/security-copilot-defender-identity-summary.md b/defender-xdr/security-copilot-defender-identity-summary.md new file mode 100644 index 0000000000..081d3fb2a2 --- /dev/null +++ b/defender-xdr/security-copilot-defender-identity-summary.md @@ -0,0 +1,88 @@ +--- +title: Summarize identity information with Microsoft Copilot in Microsoft Defender +description: Summarize an identity information with Microsoft Copilot in Microsoft Defender to investigate identities. +ms.service: defender-xdr +f1.keywords: + - NOCSH +ms.author: diannegali +author: diannegali +ms.localizationpriority: medium +manager: deniseb +audience: ITPro +ms.collection: + - m365-security + - tier1 + - security-copilot +ms.topic: conceptual +search.appverid: + - MOE150 + - MET150 +ms.date: 09/23/2024 +appliesto: +- Microsoft Defender XDR +- Microsoft Sentinel in the unified security operations center (SOC) platform +--- + +# Summarize identity information with Microsoft Copilot in Microsoft Defender + +[!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)] + +Security operations teams investigating users can easily understand identity information with the identity summary capability in [Microsoft Copilot for Security](/security-copilot/microsoft-security-copilot) in Microsoft Defender. Through generative AI and harnessing the power of Microsoft Defender for Identity, Copilot creates contextual insights about an identity in an organization, helping analysts quickly understand important data to speed up their investigation. + +With the identity summary capability, analysts can immediately identify suspicious or risky identity-related changes and actions that can negatively impact an organization. The summary also includes potential misconfigurations that affects an identity. Using natural language, Copilot delivers clear and actionable user information that analysts can use in their incident investigation activities. The capability currently focuses on users and will include service accounts in its next iteration. + +The identity summary contains essential information about an identity, including: + +- The date when a user account is created, and whether the user account is of high, medium, or low criticality +- Any unusual behavioral patterns related to sign in locations, sign in frequency, or frequency of failed sign in attempts +- A user’s current role, including their department and position, and whether there are notable role changes compared to the user’s job title and department to highlight inconsistencies +- Data about a user’s last sign in to a device, whether or not the device is associated to the user, in the last 30 days +- Authentication methods and applications used +- Risks associated with a user based on Microsoft Entra ID +- General information like a user’s professional title and contact information, department, and their manager’s contact information + +The identity summary capability is available in the Microsoft Defender portal for customers who have provisioned access to Copilot for Security. Users who access the Copilot for Security standalone portal can use this capability through the Microsoft Defender XDR plugin. Know more about [preinstalled plugins in Copilot for Security](/security-copilot/manage-plugins#preinstalled-plugins). + +This guide describes what the script analysis capability is and how it works, including how you can provide feedback on the results generated. + +## Summarize identity information + +You can access the identity summary capability in the following ways: + +- From an incident page, choose an identity on the incident graph and then (1) select **User details**. In the user details pane, (2) select **Summarize**. The results are displayed in the Copilot side panel. + + :::image type="content" source="/defender/media/copilot-in-defender/identity-summary/identity-summary-incident-small.png" alt-text="Screenshot showing the Summarize option in the user details pane." lightbox="/defender/media/copilot-in-defender/identity-summary/identity-summary-incident.png"::: + +- Alternatively, you can select **Go to user page** on the bottom of the user details pane to open the user page. Copilot automatically generates the identity summary and displays the side panel upon opening the user page. + +- You can also access the identity summary capability by choosing a user in the **Assets** tab of an incident. Select **Summarize** in the user details pane to generate the identity summary. + + :::image type="content" source="/defender/media/copilot-in-defender/identity-summary/identity-summary-assets-small.png" alt-text="Screenshot showing the Assets tab and a user account highlighted." lightbox="/defender/media/copilot-in-defender/identity-summary/identity-summary-assets.png"::: + +- In an alert page, select a user then select **Summarize** in the user details pane to generate the identity summary. + +- In the advanced hunting page, you can access the identity summary capability by selecting a user in the results table, then selecting the link to the user page. Copilot automatically generates the identity summary and displays the side panel upon opening the user page. + +- From the main menu, navigate to **Assets > Identities**. Select a username from the list, then select **View user page** to open the user page. Copilot automatically generates the identity summary and displays the side panel upon opening the user page. + + :::image type="content" source="/defender/media/copilot-in-defender/identity-summary/identity-summary-viewuser-small.png" alt-text="Screenshot highlighting the view user page option in an username search within Identities." lightbox="/defender/media/copilot-in-defender/identity-summary/identity-summary-viewuser.png"::: + +- Type a username in the Microsoft Defender portal’s **search box** then select the username from the search results. In the user details side panel, select **Summarize** to generate the identity summary. + +Review the identity summary results. You can copy the results to clipboard, regenerate the results, or open Security Copilot by selecting the More actions ellipsis (...) on top of the identity summary card. You can extend your investigation of identity using prompts and other plugins in the Copilot for Security portal. + +> [!TIP] +> When investigating users in the Copilot for Security portal, Microsoft recommends including the word ***Defender*** in your prompts to ensure that the identity summary capability delivers the results. For example, you can use the prompt *Show the Defender summary of this user in the last {time frame}* to generate the identity summary of a user account within the time frame indicated. You can specify up to 120 days on the time frame, with the default being 30 days when you don’t indicate one. + +Microsoft highly encourages you to provide feedback to Copilot, as it’s crucial for a capability’s continuous improvement. To provide feedback, navigate to the bottom of the Copilot side panel and select the feedback icon ![Screenshot of the feedback icon for Copilot in Defender cards](/defender/media/copilot-in-defender/create-report/copilot-defender-feedback.png). + + :::image type="content" source="/defender/media/copilot-in-defender/identity-summary/feedback-textbox.png" alt-text="Screenshot that shows the Feedback text box where you can share your feedback."::: + +Fill in the dedicated text box to share your thoughts, experiences, and requests. Microsoft values your feedback and takes it seriously in our commitment to enhance Copilot’s performance and user experience. + +## See also + +- [Get started with Microsoft Copilot for Security](/security-copilot/get-started-security-copilot) +- [Learn about other Copilot for Security embedded experiences](/security-copilot/experiences-security-copilot) + +[!INCLUDE [Microsoft Defender XDR rebranding](../includes/defender-m3d-techcommunity.md)] \ No newline at end of file diff --git a/defender-xdr/security-copilot-in-microsoft-365-defender.md b/defender-xdr/security-copilot-in-microsoft-365-defender.md index 091b05c74a..ab1051062c 100644 --- a/defender-xdr/security-copilot-in-microsoft-365-defender.md +++ b/defender-xdr/security-copilot-in-microsoft-365-defender.md @@ -17,17 +17,18 @@ ms.topic: conceptual search.appverid: - MOE150 - MET150 -ms.date: 08/20/2024 +ms.date: 09/23/2024 +appliesto: +- Microsoft Defender XDR +- Microsoft Sentinel in the Microsoft Defender portal --- # Microsoft Copilot in Microsoft Defender [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)] -**Applies to:** - -- Microsoft Defender XDR -- Microsoft Sentinel in the Microsoft Defender portal +> [!NOTE] +> Microsoft Defender XDR provides a unified XDR experience for Microsoft Defender for Endpoint, Microsoft Defender for Identity, Microsoft Defender for Office 365, Microsoft Defender for Cloud Apps, and Microsoft Defender for Vulnerability Management. Learn more about this pre- and post-breach defense suite in [What is Microsoft Defender XDR?](microsoft-365-defender.md) [Microsoft Copilot for Security](/security-copilot/microsoft-security-copilot) brings together the power of AI and human expertise to help security teams respond to attacks faster and more effectively. Copilot for Security is embedded in the Microsoft Defender portal to enable security teams to efficiently summarize incidents, analyze scripts and codes, analyze files, summarize device information, use guided responses to resolve incidents, generate KQL queries, and create incident reports. @@ -73,6 +74,12 @@ Copilot helps security teams quickly assess and understand suspicious files with :::image type="content" source="/defender/media/copilot-in-defender/file-analysis/copilot-defender-file-analysis-hide-small.png" alt-text="Screenshot of the file analysis results in Copilot in Defender with the Hide details option highlighted." lightbox="/defender/media/copilot-in-defender/file-analysis/copilot-defender-file-analysis-hide.png"::: +### Investigate identities immediately + +Quickly assess a user’s risk by generating an [identity summary](security-copilot-defender-identity-summary.md) with Copilot. Identify when an identity is at risk or suspicious with contextualized information about a user’s role and role changes, sign in behaviors, devices signed in to, and relevant contact information. + +:::image type="content" source="/defender/media/copilot-in-defender/identity-summary/identity-incident-graph-small.png" alt-text="Screenshot showing the Summarize option in the user details pane." lightbox="/defender/media/copilot-in-defender/identity-summary/identity-incident-graph.png"::: + ### Write incident reports efficiently Security operations teams usually write reports to record important information, including what response actions were taken and the corresponding results, the team members involved, and other information to aid future security decisions and learning. Oftentimes, documenting incidents can be time-consuming. For an incident report to be effective, it must contain an incident's summary along with the actions taken, including what actions were taken by whom and when. Copilot [generates an incident report](security-copilot-m365d-create-incident-report.md) by quickly consolidating these pieces of information. @@ -108,9 +115,9 @@ Because of its continuing evolution, Copilot might miss some things. Reviewing a All Copilot in Defender capabilities have an option for providing feedback. To provide feedback, perform the following steps: 1. Select the feedback icon ![Screenshot of the feedback icon for Copilot in Defender cards.](/defender/media/copilot-in-defender/copilot-defender-feedback.png) located at the bottom of any results card in the Copilot side panel. -2. Select **Confirmed, it looks great** if the results are accurate based on your assessment. You can provide more information in the next dialog box. -3. Select **Off-target, inaccurate** if any detail is incorrect or incomplete based on your assessment. You can provide more information about your assessment in the next dialog box and submit this assessment to Microsoft. -4. You can also report the results if it contains questionable or ambiguous information by selecting **Potentially harmful, inappropriate**. Provide more information about the results in the next dialog box and select Submit. +2. Select **Looks right** if you deem the results accurate. You can provide more information in the next dialog box. +3. Select **Needs improvement** if you assessed the result as lacking or incomplete. You can provide more information about your assessment in the next dialog box and submit this assessment to Microsoft. +4. You can also report the results if it contains questionable or ambiguous information by selecting **Inappropriate**. Provide more information about the results in the next dialog box and select Submit. diff --git a/defender-xdr/whats-new-in-microsoft-defender-urbac.md b/defender-xdr/whats-new-in-microsoft-defender-urbac.md index 666446b39f..ecd44ea302 100644 --- a/defender-xdr/whats-new-in-microsoft-defender-urbac.md +++ b/defender-xdr/whats-new-in-microsoft-defender-urbac.md @@ -3,8 +3,8 @@ title: What's new in Microsoft Defender XDR Unified role-based access control (R description: See what features are available in the latest release of Microsoft Defender XDR Unified role-based access control (RBAC) search.appverid: met150 ms.service: defender-xdr -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.localizationpriority: medium manager: deniseb audience: ITPro diff --git a/defender-xdr/whats-new.md b/defender-xdr/whats-new.md index 81a40db042..4a130507f9 100644 --- a/defender-xdr/whats-new.md +++ b/defender-xdr/whats-new.md @@ -6,7 +6,7 @@ ms.service: defender-xdr ms.author: diannegali author: diannegali ms.localizationpriority: medium -ms.date: 08/12/2024 +ms.date: 09/23/2024 manager: dansimp audience: ITPro ms.collection: @@ -31,6 +31,7 @@ You can also get product updates and important notifications through the [messag ## September 2024 +- (GA) Copilot in Defender now includes the identity summary capability, providing instant insights into a user's risk level, sign in activity, and more. For more information, see [Summarize identity information with Copilot in Defender](security-copilot-defender-identity-summary.md). - [Microsoft Defender Threat Intelligence](/defender/threat-intelligence/what-is-microsoft-defender-threat-intelligence-defender-ti) customers can now view the [latest featured threat intelligence articles](/defender/threat-intelligence/learn-how-to-access-microsoft-defender-threat-intelligence-and-make-customizations-in-your-portal#featured-threat-intelligence-articles-widget) in the Microsoft Defender portal home page. The **Intel explorer** page now also has an [article digest](/defender/threat-intelligence/learn-how-to-access-microsoft-defender-threat-intelligence-and-make-customizations-in-your-portal#article-digest) that notifies them of the number of new Defender TI articles that were published since they last accessed the Defender portal. - [Microsoft Defender XDR Unified RBAC permissions](experts-on-demand.md#required-permissions-for-using-ask-defender-experts) are added to submit inquiries and view responses from [Microsoft Defender Experts](experts-on-demand.md). You can also [view responses](experts-on-demand.md#where-to-view-responses-from-defender-experts) to inquires submitted to Ask Defender Experts through your listed email addresses when submitting your inquiry or in the Defender portal by navigating to **Reports** > **Defender Experts messages**. - (GA) **Advanced hunting context panes** are now available in more experiences. This allows you to access the advanced hunting feature without leaving your current workflow. diff --git a/defender/media/copilot-in-defender/identity-summary/feedback-textbox.png b/defender/media/copilot-in-defender/identity-summary/feedback-textbox.png new file mode 100644 index 0000000000..4f3cea78d7 Binary files /dev/null and b/defender/media/copilot-in-defender/identity-summary/feedback-textbox.png differ diff --git a/defender/media/copilot-in-defender/identity-summary/identity-summary-assets-small.png b/defender/media/copilot-in-defender/identity-summary/identity-summary-assets-small.png new file mode 100644 index 0000000000..98d83b289e Binary files /dev/null and b/defender/media/copilot-in-defender/identity-summary/identity-summary-assets-small.png differ diff --git a/defender/media/copilot-in-defender/identity-summary/identity-summary-assets.png b/defender/media/copilot-in-defender/identity-summary/identity-summary-assets.png new file mode 100644 index 0000000000..b218765b95 Binary files /dev/null and b/defender/media/copilot-in-defender/identity-summary/identity-summary-assets.png differ diff --git a/defender/media/copilot-in-defender/identity-summary/identity-summary-incident-small.png b/defender/media/copilot-in-defender/identity-summary/identity-summary-incident-small.png new file mode 100644 index 0000000000..9f84a2d68d Binary files /dev/null and b/defender/media/copilot-in-defender/identity-summary/identity-summary-incident-small.png differ diff --git a/defender/media/copilot-in-defender/identity-summary/identity-summary-incident.png b/defender/media/copilot-in-defender/identity-summary/identity-summary-incident.png new file mode 100644 index 0000000000..ed69787469 Binary files /dev/null and b/defender/media/copilot-in-defender/identity-summary/identity-summary-incident.png differ diff --git a/defender/media/copilot-in-defender/identity-summary/identity-summary-viewuser-small.png b/defender/media/copilot-in-defender/identity-summary/identity-summary-viewuser-small.png new file mode 100644 index 0000000000..a96fb05f96 Binary files /dev/null and b/defender/media/copilot-in-defender/identity-summary/identity-summary-viewuser-small.png differ diff --git a/defender/media/copilot-in-defender/identity-summary/identity-summary-viewuser.png b/defender/media/copilot-in-defender/identity-summary/identity-summary-viewuser.png new file mode 100644 index 0000000000..ab679f8916 Binary files /dev/null and b/defender/media/copilot-in-defender/identity-summary/identity-summary-viewuser.png differ diff --git a/defender/threat-intelligence/security-copilot-and-defender-threat-intelligence.md b/defender/threat-intelligence/security-copilot-and-defender-threat-intelligence.md index a335bd362c..58b46ba8d2 100644 --- a/defender/threat-intelligence/security-copilot-and-defender-threat-intelligence.md +++ b/defender/threat-intelligence/security-copilot-and-defender-threat-intelligence.md @@ -53,13 +53,16 @@ This article introduces you to Copilot and includes sample prompts that can help ![Screenshot of the prompt bar in Microsoft Copilot for Security with the Sources icon highlighted.](media/defender-ti-and-copilot/copilot-prompts-bar-sources.png) - In the **Manage sources** pop-up window that appears, under **Plugins**, confirm that the **Microsoft Defender Threat Intelligence** toggle is turned on, then close the window. - - ![Screenshot of the Manage plugins pop-up window with the Microsoft Defender Threat Intelligence plugin highlighted.](media/defender-ti-and-copilot/copilot-manage-plugins.png) + In the **Manage sources** pop-up window that appears, under **Plugins**, confirm that the **Microsoft Threat Intelligence** toggle is turned on, then close the window. > [!NOTE] > Some roles can turn the toggle on or off for plugins like Defender TI. For more information, read [Manage plugins in Microsoft Copilot for Security](/security-copilot/manage-plugins). + + + 3. Enter your prompt in the prompt bar. ### Built-in system features diff --git a/defender/threat-intelligence/using-copilot-threat-intelligence-defender-xdr.md b/defender/threat-intelligence/using-copilot-threat-intelligence-defender-xdr.md index 56af7d2eb9..2cbaa08c37 100644 --- a/defender/threat-intelligence/using-copilot-threat-intelligence-defender-xdr.md +++ b/defender/threat-intelligence/using-copilot-threat-intelligence-defender-xdr.md @@ -26,7 +26,7 @@ ms.date: 04/01/2024 Microsoft Copilot in Defender applies the capabilities of [Microsoft Copilot for Security](/security-copilot/microsoft-security-copilot) to deliver Microsoft Defender Threat Intelligence (Defender TI) information about threat actors and tools, as well as contextual threat intelligence, directly into the Microsoft Defender portal. Based on threat analytics reports, intel profiles, and other available Defender TI content, you can use Copilot in Defender to summarize the latest threats affecting your organization, know which threats to prioritize based on your exposure level, or gain more knowledge about your organization's or the global threat landscape. > [!NOTE] -> Defender TI capabilities are also available in Copilot for Security standalone experience through the Microsoft Defender Threat Intelligence plugin. [Learn more about Defender TI integration with Copilot for Security](security-copilot-and-defender-threat-intelligence.md) +> Defender TI capabilities are also available in Copilot for Security standalone experience through the Microsoft Threat Intelligence plugin. [Learn more about Defender TI integration with Copilot for Security](security-copilot-and-defender-threat-intelligence.md) ## Technical requirements diff --git a/exposure-management/predefined-classification-rules-and-levels.md b/exposure-management/predefined-classification-rules-and-levels.md index 7c76f526c2..24e93d8d70 100644 --- a/exposure-management/predefined-classification-rules-and-levels.md +++ b/exposure-management/predefined-classification-rules-and-levels.md @@ -40,6 +40,7 @@ Current asset types are: | Network Admin Device | Device | Medium | Critical devices used to configure, manage, and monitor the network assets within the organization are vital for network administration and are at high risk of cyber threats. They require top-level security to prevent unauthorized access. | | VMware ESXi | Device | High | The VMware ESXi hypervisor is essential for running and managing virtual machines within your infrastructure. As a bare-metal hypervisor, it's providing the foundation for creating and managing virtual resources. | | VMware vCenter | Device | High | The VMware vCenter Server is crucial for managing virtual environments. It provides centralized management of virtual machines and ESXi hosts. If it fails, it could disrupt the administration and control of your virtual infrastructure, including provisioning, migration, load balancing of virtual machines, and datacenter automation. However, as there are often redundant vCenter Servers and High Availability configurations, the immediate halt of all operations might not occur. Its failure could still cause significant inconvenience and potential performance issues | +| Hyper-V Server | Device | High | The Hyper-V hypervisor is essential for running and managing virtual machines within your infrastructure, serving as the core platform for their creation and management. If the Hyper-V host fails, it can lead to the unavailability of hosted virtual machines, potentially causing downtime and disrupting business operations. Moreover, it can result in significant performance degradation and operational challenges. Ensuring the reliability and stability of Hyper-V hosts is therefore critical for maintaining seamless operations in a virtual environment. | ##### Identity diff --git a/exposure-management/whats-new.md b/exposure-management/whats-new.md index db2cac67fa..9040f3eb50 100644 --- a/exposure-management/whats-new.md +++ b/exposure-management/whats-new.md @@ -27,6 +27,14 @@ Security Exposure Management is currently in public preview. ## September 2024 +### New predefined classifications + +The following predefined classification rule was added to the critical assets list: + +| Classification | Description | +| ------------------------------------------------------------ | ------------------------------------------------------------ | +| **Hyper-V Server** | This rule applies to devices identified as Hyper-V servers within a domain. These servers are essential for running and managing virtual machines within your infrastructure, serving as the core platform for their creation and management. | + ### Enhanced visibility for scoped users This change now allows users who have been granted access to only some of the organization's devices to see the list of affected assets in metrics, recommendations, events, and initiative history within their specific scope. diff --git a/includes/mde-automated-setup-guide.md b/includes/mde-automated-setup-guide.md index 5553d647a8..d2116a5256 100644 --- a/includes/mde-automated-setup-guide.md +++ b/includes/mde-automated-setup-guide.md @@ -4,8 +4,8 @@ description: Learn about the Defender for Endpoint automated setup guide. ms.reviewer: ms.date: 05/28/2024 manager: deniseb -ms.author: siosulli -author: siosulli +ms.author: deniseb +author: denisebmsft ms.service: microsoft-365-security ms.subservice: mdo search.appverid: met150