| Category | Microsoft Docs article | Related commit history on GitHub | Change details |
|---|---|---|---|
| security | Advanced Features | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/advanced-features.md | Enabling this setting forwards Defender for Endpoint signals to Microsoft Defend > [!NOTE] > This feature will be available with an E5 license for [Enterprise Mobility + Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security) on devices running Windows 10, version 1709 (OS Build 16299.1085 with [KB4493441](https://support.microsoft.com/help/4493441)), Windows 10, version 1803 (OS Build 17134.704 with [KB4493464](https://support.microsoft.com/help/4493464)), Windows 10, version 1809 (OS Build 17763.379 with [KB4489899](https://support.microsoft.com/help/4489899)), later Windows 10 versions, or Windows 11. -## Microsoft Secure Score --Forwards Microsoft Defender for Endpoint signals to Microsoft Secure Score in the Microsoft 365 Defender portal. Turning on this feature gives Microsoft Secure Score visibility into the device's security posture. Forwarded data is stored and processed in the same location as your Microsoft Secure Score data. - ### Enable the Microsoft Defender for Endpoint integration from the Microsoft Defender for Identity portal To receive contextual device integration in Microsoft Defender for Identity, you'll also need to enable the feature in the Microsoft Defender for Identity portal. |
| security | Enable Attack Surface Reduction | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/enable-attack-surface-reduction.md | You can use Microsoft Endpoint Manager (MEM) OMA-URI to configure custom ASR rul - In **Platform**, select **Windows 10 and later** - In **Profile type**, select **Templates**+ - If ASR rules are already set through Endpoint security, in **Profile type**, select **Settings Catalog**. Select **Custom**, and then select **Create**. |
| security | Onboard Windows Multi Session Device | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/onboard-windows-multi-session-device.md | Also, if you're using FSlogix user profiles, we recommend you exclude the follow Note on licensing: When using Windows Enterprise multi-session, depending on your requirements, you can choose to either have all users licensed through Microsoft Defender for Endpoint (per user), Windows Enterprise E5, Microsoft 365 Security, or Microsoft 365 E5, or have the VM licensed through Microsoft Defender for Cloud. Licensing requirements for Microsoft Defender for Endpoint can be found at: [Licensing requirements](minimum-requirements.md#licensing-requirements). +### Known issues and limitations ++Only Microsoft Edge is supported for web filtering in Windows 10 multi-session. + #### Related Links [Add exclusions for Defender for Endpoint via PowerShell](/azure/architecture/example-scenario/wvd/windows-virtual-desktop-fslogix#add-exclusions-for-microsoft-defender-by-using-powershell) |
| security | Turn On Protocol Recognition | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/turn-on-protocol-recognition.md | ms.sitesec: library ms.localizationpriority: medium Previously updated : 05/07/2021 Last updated : 02/21/2022 +[!IMPORTANT] +This setting is now deprecated. + ## Use Group Policy to configure protocol recognition 1. On your Group Policy management endpoint, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)). This policy setting allows you to configure protocol recognition for network pro - [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md) - [Enable cloud-delivered protection](enable-cloud-protection-microsoft-defender-antivirus.md)-- [How to create and deploy antimalware policies: Cloud-protection service](/configmgr/protect/deploy-use/endpoint-antimalware-policies#cloud-protection-service)+- [How to create and deploy antimalware policies: Cloud-protection service](/configmgr/protect/deploy-use/endpoint-antimalware-policies#cloud-protection-service) |
| security | Web Content Filtering | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/web-content-filtering.md | Use the time range filter at the top left of the page to select a time period. Y Only Microsoft Edge is supported if your device's OS configuration is Server (**cmd** \> **Systeminfo** \> **OS Configuration**). Network Protection is only supported in Inspect mode on Server devices, which is responsible for securing traffic across supported third-party browsers. +Only Microsoft Edge is supported and Network Protection is not supported on Windows 10 Azure Virtual Desktop multi-session hosts. + Network Protection does not currently support SSL inspection, which may result in some sites being allowed by Web Content Filtering that would normally be blocked. Sites would be allowed due to a lack of visibility into encrypted traffic after the TLS handshake has taken place and an inability to parse certain redirects. This includes redirections from some web-based mail login pages to the mailbox page. As an accepted workaround, you can create a custom block indicator for the login page to ensure no users are able to access the site. Keep in mind, this may block their access to other services associated with the same website. ## See also |
| security | Eval Defender Identity Architecture | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/eval-defender-identity-architecture.md | The following table identified key concepts that are important to understand whe | Network Name Resolution | Network Name Resolution (NNR) is a component of MDI functionality which captures activities based on network traffic, Windows events, ETW, etc. and correlates this raw data to the relevant computers involved in each activity. | [What is Network Name Resolution?](/defender-for-identity/nnr-policy) | | Reports | Defender for Identity reports allow you to schedule or immediately generate and download reports that provide system and entity status information. You can create reports about system health, security alerts, and potential lateral movement paths detected in your environment. | [Microsoft Defender for Identity Reports ](/defender-for-identity/reports) | | Role groups | Defender for Identity offers role-based groups and delegated access to safeguard data according to your organization's specific security and compliance needs which includes Administrators, Users and Viewers. | [Microsoft Defender for Identity role groups](/defender-for-identity/role-groups) |-| Administrative portal | In addition to the Microsoft 365 Defender portal, the Defender for Identity portal cab be used to monitor and respond to suspicious activity. | [Working with the Microsoft Defender for Identity portal](/defender-for-identity/workspace-portal) | +| Administrative portal | In addition to the Microsoft 365 Defender portal, the Defender for Identity portal can be used to monitor and respond to suspicious activity. | [Working with the Microsoft Defender for Identity portal](/defender-for-identity/workspace-portal) | | Microsoft Defender for Cloud Apps integration | Microsoft Defender for Cloud Apps integrates with Microsoft Defender for Identity to provide user entity behavioral analytics (UEBA) across a hybrid environment - both cloud app and on-premises | Microsoft Defender for Identity integration | | | | | |