Updates from: 04/13/2021 03:10:19
Category Microsoft Docs article Related commit history on GitHub Change details
compliance Advanced Audit https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/advanced-audit.md
Advanced Audit retains all Exchange, SharePoint, and Azure Active Directory audi
We're also releasing the capability to retain audit logs for 10 years. The 10-year retention of audit logs helps support long running investigations and respond to regulatory, legal, and internal obligations. > [!NOTE]
-> Retaining audit logs for 10 years will require an additional add-on license. This new license will be available in early 2021. For more information, see the [FAQs for Advanced Audit](#faqs-for-advanced-audit) section in this article.
+> Retaining audit logs for 10 years will require an additional add-on license. For more information, see the [FAQs for Advanced Audit](#faqs-for-advanced-audit) section in this article.
### Audit log retention policies
To benefit from user-level Advanced Audit capabilities, a user needs to be assig
For eligible customers and users that are assigned the appropriate license, there is no action to get access to crucial auditing events.
-**When will the new 10-year audit log retention add-on license be available?**
+**What happens to my organization's audit log data if I created a 10-year audit log retention policy when the feature was released to general availability but before the required add-on license was made available?**
-The new 10-year audit log retention add-on is now available for purchase by customers with E5 subscriptions.
-
-**What happens to my organization's audit log data if I created a 10-year audit log retention policy when the feature was released to general availability but before the required add-on license was made available in February 2021?**
-
-Any audit log data covered by a 10-year audit log retention policy that you created after general availability will be retained for 10 years. When the 10-year audit log retention add-on license is available in early 2021, you will need to purchase add-on licenses for users who's audit data is being retained by an existing 10-year audit retention policy.
+Any audit log data covered by a 10-year audit log retention policy that you created after the feature was released to general availability in the last quarter of 2020 will be retained for 10 years. This includes 10-yr audit log retention policies that were created before the required add-on license was released for purchase. However, since the 10-Year Audit Log Retention Add On license is now available, you'll need to purchase and assign those add-on licenses for any users whose audit data is covered by a 10-year audit retention policy.
**Are the new events in Advanced Audit available in the Office 365 Management Activity API?**
compliance Apply Retention Labels Automatically https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/apply-retention-labels-automatically.md
You can apply retention labels to content automatically when that content contai
When you create auto-apply retention label policies for sensitive information, you see the same list of policy templates as when you create a data loss prevention (DLP) policy. Each template is preconfigured to look for specific types of sensitive information. For example, the template shown here looks for U.S. ITIN, SSN, and passport numbers from the **Privacy** category, and **U.S Personally Identifiable Information (PII) Data** template:
-![Policy templates with sensitive information types](../media/dafd87d4-c7bb-439a-ac7b-193c018f98a5.png)
+![Policy templates with sensitive information types](../media/sensitive-info-configuration.png)
To learn more about the sensitivity information types, see [Sensitive information type entity definitions](sensitive-information-type-entity-definitions.md). Currently, [exact data matches](create-custom-sensitive-information-types-with-exact-data-match-based-classification.md) and [document fingerprinting](document-fingerprinting.md) are not supported for this scenario.
compliance Communication Compliance Feature Reference https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance-feature-reference.md
Communications are scanned every 24 hours from the time policies are created. Fo
There are five role groups used to configure permissions to manage communication compliance features. To make **Communication compliance** available as a menu option in Microsoft 365 compliance center and to continue with these configuration steps, you must be assigned to the *Communication Compliance* or *Communication Compliance Admin* role groups. To access and manage communication compliance features after initial configuration, users must be a member of at least one communication compliance role group.
-Depending on how you wish to manage communication policies and alerts, you'll need to assign users to specific role groups. You have the option to assign users with different compliance responsibilities to specific role groups to manage different areas of communication compliance features. Or you may decide to assign all user accounts for designated administrators, analysts, investigators, and viewers to the *Communication Compliance* role group. Use a single role group or multiple role groups to best fit your compliance management requirements.
+Depending on how you wish to manage communication policies and alerts, you'll need to assign users to specific role groups. You can choose to assign users with different compliance responsibilities to specific role groups to manage different areas of communication compliance features. Or you may decide to assign all user accounts for designated administrators, analysts, investigators, and viewers to the *Communication Compliance* role group. Use a single role group or multiple role groups to best fit your compliance management requirements.
Choose from these role group options when configuring communication compliance:
With communication compliance policies, you can choose to scan messages in one o
### Users
-You have the option to select **All users** or to define specific users in a communication compliance policy. Selecting **All users** applies the policy to all users and all groups that any user is included in as a member. Defining specific users applies the policy to the defined users and any groups the defined users are included in as a member.
+You can choose to select **All users** or to define specific users in a communication compliance policy. Selecting **All users** applies the policy to all users and all groups that any user is included in as a member. Defining specific users applies the policy to the defined users and any groups the defined users are included in as a member.
### Direction By default, the **Direction is** condition is displayed and can't be removed. Communication direction settings in a policy are chosen individually or together: -- **Inbound**: You can choose **Inbound** to review communications sent **to** the people you chose to supervise.-- **Outbound**: You can choose **Outbound** if you want to review communications sent **from** the people you chose to supervise.-- **Internal**: You can choose **Internal** to review communications sent **between** the people you identified in the policy.
+- **Inbound**: Detects communications sent **to** supervised users from external and internal senders, including other supervised users in the policy.
+- **Outbound**: Detects communications sent **from** supervised users to external and internal recipients, including other supervised users in the policy.
+- **Internal**: Detects communications **between** the supervised users or groups in the policy.
### Sensitive information types
Search-UnifiedAuditLog -StartDate $startDate -EndDate $endDate -Operations Super
Communication compliance policy matches are stored in a supervision mailbox for each policy. In some cases, you may need to check the size of your supervision mailbox for a policy to make sure you aren't approaching the current 50 GB limit. If the mailbox limit is reached, policy matches aren't captured and you'll need to create a new policy (with the same settings) to continue to capture matches for the same activities.
-To check the size of a supervision mailbox for a policy, complete the following:
+To check the size of a supervision mailbox for a policy, complete the following steps:
1. Use the [Connect-ExchangeOnline](/powershell/module/exchange/connect-exchangeonline) cmdlet in the Exchange Online PowerShell V2 module to connect to Exchange Online PowerShell using modern authentication.
-2. Run the following in PowerShell:
+2. Run the following command in PowerShell:
```PowerShell ForEach ($p in Get-SupervisoryReviewPolicyV2 | Sort-Object Name)
compliance Create A Litigation Hold https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-a-litigation-hold.md
f1.keywords:
Previously updated : 3/13/2018 Last updated : audience: ITPro
You can place a mailbox on Litigation Hold to retain all mailbox content, includ
Here's what happens when you create a Litigation Hold. - Items that are permanently deleted by the user are retained in the Recoverable Items folder in the user's mailbox for the duration of the hold.
-
+ - Items that are purged from the Recoverable Items folder by the user are retained for the duration of the hold.
-
+ - The storage quota for the Recoverable Items folder is increased from 30 GB to 110 GB.
-
+ - Items in the user's primary and the archive mailboxes are retained
-
+ ## Assign an Exchange Online Plan 2 license -- To place an Exchange Online mailbox on Litigation Hold, it must be assigned an Exchange Online Plan 2 license. If a mailbox is assigned an Exchange Online Plan 1 license, you would have to assign it a separate Exchange Online Archiving license to place it on hold.
-
+To place an Exchange Online mailbox on Litigation Hold, it must be assigned an Exchange Online Plan 2 license. If a mailbox is assigned an Exchange Online Plan 1 license, you would have to assign it a separate Exchange Online Archiving license to place it on hold.
+
+> [!NOTE]
+> For Office 365 Education organizations, Litigation Hold is supported in Office 365 A1 subscriptions, which include an Exchange Online Plan 1 license with supplemental features. For more information, see the "Exchange Online features" section in the [Office 365 Education service description](/office365/servicedescriptions/office-365-platform-service-description/office-365-education#exchange-online-features).
## Place a mailbox on Litigation Hold
You can also create a Litigation Hold by running the following command in [Excha
Set-Mailbox <username> -LitigationHoldEnabled $true ```
-The previous command preserves items indefinitely because the hold duration isn't specified. To created a time-based hold, using the following command:
+The previous command preserves items indefinitely because the hold duration isn't specified. To create a time-based hold, using the following command:
```powershell Set-Mailbox <username> -LitigationHoldEnabled $true -LitigationHoldDuration <number of days>
compliance Create Retention Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-retention-policies.md
When you have more than one retention policy, and when you also use retention la
For more information about retention policies for Teams, see [Retention policies in Microsoft Teams](/microsoftteams/retention-policies) from the Teams documentation.
+#### Known configuration issues
+
+- Although you can select the option to start the retention period when items were last modified, the value of **When items were created** is always used. For messages that are edited, a copy of the original message is saved with its original timestamp to identify when this pre-edited message was created, and the post-edited message has a newer timestamp.
+
+- When you select **Choose teams** for the **Teams channel messages** location, you might see Microsoft 365 groups that aren't also teams. Don't select these groups.
+
+- When you select **Choose users for the Teams chats** location, you might see guests and non-mailbox users. Retention policies aren't designed for these users, so don't select them.
++ #### Additional retention policy needed to support Teams Teams is more than just chats and channel messages. If you have teams that were created from a Microsoft 365 group (formerly Office 365 group), you should additionally configure a retention policy that includes that Microsoft 365 group by using the **Microsoft 365 Groups** location. This retention policy applies to content in the group's mailbox, site, and files.
To verify the syntax for your tenant and identify URLs for users, see [Get a lis
### Configuration information for Microsoft 365 Groups
-To retain or delete content for a Microsoft 365 group (formerly Office 365 group), use the **Microsoft 365 Groups** location. Even though a Microsoft 365 group has an Exchange mailbox, a retention policy that includes the entire **Exchange email** location won't include content in Microsoft 365 group mailboxes. In addition, although the **Exchange email** location initially allows you to specify a group mailbox to be included or excluded, when you try to save the retention policy, you receive an error that "RemoteGroupMailbox" is not a valid selection for the Exchange location.
+To retain or delete content for a Microsoft 365 group (formerly Office 365 group), use the **Microsoft 365 Groups** location. Even though a Microsoft 365 group has an Exchange mailbox, a retention policy that includes the entire **Exchange email** location won't include content in Microsoft 365 group mailboxes. Although the **Exchange email** location initially allows you to specify a group mailbox to be included or excluded, when you try to save the retention policy, you'll see an error that "RemoteGroupMailbox" is not a valid selection for the Exchange location.
+
+By default, a retention policy applied to a Microsoft 365 group includes the group mailbox and SharePoint teams site. Files stored in the SharePoint teams site are covered with this location, but not Teams chats or Teams channel messages that have their own retention policy locations.
+
+To change the default because you want the retention policy to apply to either just the Microsoft 365 mailboxes, or just the connected SharePoint teams sites, use the [Set-RetentionCompliancePolicy](/powershell/module/exchange/set-retentioncompliancepolicy) PowerShell cmdlet with the *Applications* parameter with one of the following values:
+
+- `Group:Exchange` for just Microsoft 365 mailboxes that are connected to the group.
+- `Group:SharePoint` for just SharePoint sites that are connected to the group.
-A retention policy applied to a Microsoft 365 group includes the group mailbox and SharePoint teams site. Files stored in the SharePoint teams site are covered with this location, but not Teams chats or Teams channel messages that have their own retention policy locations.
+To return to the default value of both the mailbox and SharePoint site for the selected Microsoft 365 groups, specify `Group:Exchange,SharePoint`.
### Configuration information for Skype for Business
Usually this update is fairly quick but can take several days. When the policy r
## Locking the policy to prevent changes
-If you need to ensure that no one can turn off the policy, delete the policy, or make it less restrictive, see [Use Preservation Lock to restrict changes to retention policies and retention label policies](retention-preservation-lock.md).
+If you need to ensure that no one can turn off the policy, delete the policy, or make it less restrictive, see [Use Preservation Lock to restrict changes to retention policies and retention label policies](retention-preservation-lock.md).
compliance Hold Distribution Errors https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/hold-distribution-errors.md
Title: "Troubleshoot eDiscovery legal hold errors"
+ Title: "Troubleshoot eDiscovery hold errors"
f1.keywords: - NOCSH
compliance Retention Policies Teams https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention-policies-teams.md
When the retention policy is retain-only, or delete-only, the content's paths ar
2. **If a chat or channel message is not deleted** by a user during the retention period: At the end of the retention period, the message is moved to the SubstrateHolds folder. This action typically takes between 1-7 days from the expiry date. The message is retained there for at least 1 day and then permanently deleted the next time the timer job runs (typically between 1-7 days).
+#### Example flows and timings for retention policies
+
+Use the following examples to see how the processes and timings explained in the previous sections apply to retention policies that have the following configurations:
+
+- [Example 1: Retain-only for 7 years](#example-1-retain-only-for-7-years)
+- [Example 2: Retain for 30 days and then delete](#example-2-retain-for-30-days-and-then-delete)
+- [Example 3: Delete-only after 1 day](#example-3-delete-only-after-1-day)
+
+For all examples that refer to permanent deletion, because of the [principles of retention](retention.md#the-principles-of-retention-or-what-takes-precedence), this action is suspended if the message is subject to another retention policy to retain the item or it is subject to an eDiscovery hold.
+
+##### Example 1: Retain-only for 7 years
+
+On day 1, a user creates a chat or channel message.
+
+On day 5, the user edits that message.
+
+On day 30, the user deletes the current message.
+
+Retention outcomes:
+
+- For the original message:
+ - On day 5, the message is copied to the SubstrateHolds folder where it can still be searched with eDiscovery tools for a minimum of 7 years from day 1 (the retention period).
+
+- For the current (edited) message:
+ - On day 30, the message moves to the SubstrateHolds folder where it can still be searched with eDiscovery tools for a minimum of 7 years from day 1 (the retention period).
+
+If the user had deleted the current message after the specified retention period, instead of within the retention period, the message would still be moved to the SubstrateHolds folder. However, now the retention period has expired, the message would be permanently deleted after the minimum of 1 day and then typically within 1-7 days.
+
+##### Example 2: Retain for 30 days and then delete
+
+On day 1, a user creates a chat or channel message.
+
+On day 10, the user edits that message.
+
+The user doesn't make further edits and doesn't delete the message.
+
+Retention outcomes:
+
+- For the original message:
+ - On day 10, the message is copied to the SubstrateHolds folder, where it can still be searched with eDiscovery tools.
+ - At the end of the retention period (30 days from day 1), the message is permanently deleted typically within 1-7 days after the minimum of 1 day, and then won't be returned with eDiscovery searches.
+
+- For the current (edited) message:
+ - At the end of the retention period (30 days from day 1), the message moves to the SubstrateHolds folder typically within 1-7 days, where it can still be searched with eDiscovery tools.
+ - The message is then permanently deleted typically within 1-7 days after the minimum of 1 day, and then won't be returned with eDiscovery searches.
+
+##### Example 3: Delete-only after 1 day
+
+> [!NOTE]
+> Because of the short one-day duration of this configuration and retention processes that operate within a time period of 1-7 days, this section shows example timings that are within the typical time ranges.
+
+On day 1, a user creates a chat or channel message.
+
+Example retention outcome if the user doesn't edit or delete the message:
+
+- Day 5 (typically 1-7 days after the start of the retention period on day 3):
+ - The message moves to the SubstrateHolds folder and remains there for at least 1 day where it can still be searched with eDiscovery tools.
+
+- Day 9 (typically 1-7 days after a minimum of 1 day in the SubstrateHolds folder):
+ - The message is permanently deleted and then won't be returned with eDiscovery searches.
+
+As this example shows, although you can configure a retention policy to delete messages after just one day, the service undergoes multiple processes to ensure a compliant deletion. As a result, a delete action after 1 day could take 18 days before the message is permanently deleted so that it's no longer returned in eDiscovery searches.
+ ## Skype for Business and Teams interop chats When a Skype for Business chat comes into Teams, it becomes a message in a Teams chat thread and is ingested into the appropriate mailbox. Teams retention policies will apply to these messages from the Teams thread.
If the user stored any files in Teams, see the [equivalent section](retention-po
## Limitations
-We're continuously working on optimizing retention functionality in Teams. In the meantime, here are a few limitations to be aware of when you use retention policies for Teams channel messages and chats:
+We're continuously working on optimizing retention functionality in Teams. In the meantime, be aware of the following limitation when you use retention policies for Teams channel messages and chats:
- **Incorrect display issue in Outlook**. If you create retention policies for Skype or Teams locations, one of those policies is shown as the default folder policy when a user views the properties of a mailbox folder in the Outlook desktop client. This is an incorrect display issue in Outlook and [a known issue](https://support.microsoft.com/help/4491013/outlook-client-displays-teams-or-skype-for-business-retention-policies). Instead, you should see the mailbox retention policy that's applied to the folder. The Skype or Teams retention policy is not applied to the user's mailbox. -- **Configuration issues**:
- - When you select **Choose teams** for the **Teams channel messages** location, you might see Microsoft 365 groups that aren't also teams. Don't select these groups.
-
- - When you select **Choose users** for the **Teams chats** location, you might see guests and non-mailbox users. Retention policies aren't designed for these users, so don't select them.
- ## Configuration guidance If you're new to configuring retention in Microsoft 365, see [Get started with retention policies and retention labels](get-started-with-retention.md).
compliance Sensitivity Labels Office Apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-office-apps.md
The numbers listed are the minimum Office application version required for each
|[Require users to apply a label to their email and documents](#require-users-to-apply-a-label-to-their-email-and-documents) | Rolling out: 2101+ | 16.43+ <sup>2</sup> | Under review | Under review | Yes | |[Audit label-related user activity](data-classification-activity-explorer.md) | 2011+ | Under review | Under review | Under review | Under review | |[Apply a sensitivity label to content automatically](apply-sensitivity-label-automatically.md) | 2009+ | 16.44+ <sup>2</sup> | Under review | Under review | Yes |
-|[Different settings for default label and mandatory labeling](#outlook-specific-options-for-default-label-and-mandatory-labeling) | Under review | Under review | Under review | Under review | Rolling out |
+|[Different settings for default label and mandatory labeling](#outlook-specific-options-for-default-label-and-mandatory-labeling) | Under review | Rolling out: 16.43.1108+ | Rolling out: 4.2111+ | Rolling out: 4.2111+ | Rolling out |
| **Footnotes:**
enterprise Routing With Expressroute https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/routing-with-expressroute.md
This table displays the wildcard FQDNs that are advertised to both the internet
Usually PAC files are intended to send network requests to ExpressRoute advertised endpoints directly to the circuit and all other network requests to your proxy. If you're configuring a PAC file like this, compose your PAC file in the following order:
-1. Include the sub-FQDNs from column two in the above table at the top of your PAC file, sending the traffic towards your proxy. We've built a sample PAC file for you to use in our article on [managing Office 365 endpoints](./managing-expressroute-for-connectivity.md).
+1. Include the sub-FQDNs from column two in the above table at the top of your PAC file, sending the traffic towards your proxy. We've built a sample PAC file for you to use in our article on [managing Office 365 endpoints](./managing-office-365-endpoints.md).
2. Include all FQDNs marked advertised to ExpressRoute in [this article](./urls-and-ip-address-ranges.md) below the first section, sending the traffic directly to your ExpressRoute circuit.
Here's a short link you can use to come back: [https://aka.ms/erorouting]()
[Office 365 URLs and IP address ranges](https://support.office.com/article/8548a211-3fe7-47cb-abb1-355ea5aa88a2)
-[Office 365 network and performance tuning](network-planning-and-performance.md)
+[Office 365 network and performance tuning](network-planning-and-performance.md)
includes Microsoft 365 Client Support Conditional Access Include https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/microsoft-365-client-support-conditional-access-include.md
|TO-DO|Planned|Planned|Planned|N/A|Planned| |VISIO|N/A|Γ£ö|N/A|Planned|N/A| |WHITEBOARD|N/A|Planned|N/A|N/A|Planned|
-|WORD|Γ£ö|Planned|Planned|Planned|Planned|
+|WORD|Γ£ö|Planned|Planned|Planned|Γ£ö|
|WORKPLACE ANALYTICS|N/A|N/A|N/A|N/A|N/A| |YAMMER|Planned|Planned|Planned|Planned|N/A|
includes Microsoft 365 Content Updates https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/microsoft-365-content-updates.md
+## Week of April 05, 2021
++
+| Published On |Topic title | Change |
+|||--|
+| 4/5/2021 | [Change history for Microsoft Managed Desktop documentation](/microsoft-365/managed-desktop/change-history-managed-desktop?view=o365-21vianet) | modified |
+| 4/5/2021 | [Configure Microsoft Defender for Endpoint for Android features](/microsoft-365/security/defender-endpoint/android-configure?view=o365-21vianet) | modified |
+| 4/5/2021 | [Deploy Microsoft Defender for Endpoint for Android with Microsoft Intune](/microsoft-365/security/defender-endpoint/android-intune?view=o365-21vianet) | modified |
+| 4/5/2021 | [Troubleshoot issues on Microsoft Defender for Endpoint for Android](/microsoft-365/security/defender-endpoint/android-support-signin?view=o365-21vianet) | modified |
+| 4/5/2021 | [Behavioral blocking and containment](/microsoft-365/security/defender-endpoint/behavioral-blocking-containment?view=o365-21vianet) | modified |
+| 4/5/2021 | [Client behavioral blocking](/microsoft-365/security/defender-endpoint/client-behavioral-blocking?view=o365-21vianet) | modified |
+| 4/5/2021 | [Configure device proxy and Internet connection settings](/microsoft-365/security/defender-endpoint/configure-proxy-internet?view=o365-21vianet) | modified |
+| 4/5/2021 | [Endpoint detection and response in block mode](/microsoft-365/security/defender-endpoint/edr-in-block-mode?view=o365-21vianet) | modified |
+| 4/5/2021 | [Investigate connection events that occur behind forward proxies](/microsoft-365/security/defender-endpoint/investigate-behind-proxy?view=o365-21vianet) | modified |
+| 4/5/2021 | [Investigate Microsoft Defender for Endpoint domains](/microsoft-365/security/defender-endpoint/investigate-domain?view=o365-21vianet) | modified |
+| 4/5/2021 | [Investigate devices in the Defender for Endpoint Devices list](/microsoft-365/security/defender-endpoint/investigate-machines?view=o365-21vianet) | modified |
+| 4/5/2021 | [Investigate a user account in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/investigate-user?view=o365-21vianet) | modified |
+| 4/5/2021 | [Investigation resource type](/microsoft-365/security/defender-endpoint/investigation?view=o365-21vianet) | modified |
+| 4/5/2021 | [Configure Microsoft Defender for Endpoint for iOS features](/microsoft-365/security/defender-endpoint/ios-configure-features?view=o365-21vianet) | modified |
+| 4/5/2021 | [App-based deployment for Microsoft Defender ATP for iOS](/microsoft-365/security/defender-endpoint/ios-install?view=o365-21vianet) | modified |
+| 4/5/2021 | [Privacy information - Microsoft Defender for Endpoint for iOS](/microsoft-365/security/defender-endpoint/ios-privacy?view=o365-21vianet) | modified |
+| 4/5/2021 | [Microsoft Defender ATP for iOS Application license terms](/microsoft-365/security/defender-endpoint/ios-terms?view=o365-21vianet) | modified |
+| 4/5/2021 | [Configure and validate exclusions for Microsoft Defender ATP for Linux](/microsoft-365/security/defender-endpoint/linux-exclusions?view=o365-21vianet) | modified |
+| 4/5/2021 | [Deploy Microsoft Defender for Endpoint for Linux manually](/microsoft-365/security/defender-endpoint/linux-install-manually?view=o365-21vianet) | modified |
+| 4/5/2021 | [Deploy Microsoft Defender ATP for Linux with Ansible](/microsoft-365/security/defender-endpoint/linux-install-with-ansible?view=o365-21vianet) | modified |
+| 4/5/2021 | [Deploy Microsoft Defender ATP for Linux with Puppet](/microsoft-365/security/defender-endpoint/linux-install-with-puppet?view=o365-21vianet) | modified |
+| 4/5/2021 | [Set preferences for Microsoft Defender ATP for Linux](/microsoft-365/security/defender-endpoint/linux-preferences?view=o365-21vianet) | modified |
+| 4/5/2021 | [Detect and block potentially unwanted applications with Microsoft Defender ATP for Linux](/microsoft-365/security/defender-endpoint/linux-pua?view=o365-21vianet) | modified |
+| 4/5/2021 | [Microsoft Defender ATP for Linux resources](/microsoft-365/security/defender-endpoint/linux-resources?view=o365-21vianet) | modified |
+| 4/5/2021 | [Microsoft Defender ATP for Linux static proxy discovery](/microsoft-365/security/defender-endpoint/linux-static-proxy-configuration?view=o365-21vianet) | modified |
+| 4/5/2021 | [Troubleshoot cloud connectivity issues for Microsoft Defender ATP for Linux](/microsoft-365/security/defender-endpoint/linux-support-connectivity?view=o365-21vianet) | modified |
+| 4/5/2021 | [Privacy for Microsoft Defender ATP for Mac](/microsoft-365/security/defender-endpoint/mac-privacy?view=o365-21vianet) | modified |
+| 4/5/2021 | [What's new in Microsoft Defender ATP](/microsoft-365/security/defender-endpoint/whats-new-in-microsoft-defender-atp?view=o365-21vianet) | modified |
+| 4/5/2021 | [Manage your allows and blocks in the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list?view=o365-21vianet) | modified |
+| 4/5/2021 | [Microsoft 365 group expiration policy](/microsoft-365/solutions/microsoft-365-groups-expiration-policy?view=o365-21vianet) | modified |
+| 4/5/2021 | [Information about eDiscovery experience during the migration from Microsoft Cloud Deutschland](/microsoft-365/enterprise/ms-cloud-germany-transition-add-scc?view=o365-21vianet) | added |
+| 4/5/2021 | [How to opt-in for migration from Microsoft Cloud Germany (Microsoft Cloud Deutschland) to Office 365 services in the new German datacenter regions](/microsoft-365/enterprise/ms-cloud-germany-migration-opt-in?view=o365-21vianet) | modified |
+| 4/5/2021 | [Post-migration activities for the migration from Microsoft Cloud Deutschland](/microsoft-365/enterprise/ms-cloud-germany-transition-add-experience?view=o365-21vianet) | modified |
+| 4/5/2021 | [Pre-migration activities for the migration from Microsoft Cloud Deutschland](/microsoft-365/enterprise/ms-cloud-germany-transition-add-pre-work?view=o365-21vianet) | modified |
+| 4/5/2021 | [What will change after the migration to Office 365 services in the new German datacenter regions](/microsoft-365/enterprise/ms-cloud-germany-transition-experience?view=o365-21vianet) | modified |
+| 4/5/2021 | [Migration phases actions and impacts for the migration from Microsoft Cloud Deutschland)](/microsoft-365/enterprise/ms-cloud-germany-transition-phases?view=o365-21vianet) | modified |
+| 4/5/2021 | [View the details and results of an automated investigation](/microsoft-365/security/defender-endpoint/autoir-investigation-results?view=o365-21vianet) | modified |
+| 4/5/2021 | [Investigate incidents in Microsoft 365 Defender](/microsoft-365/security/defender/investigate-incidents?view=o365-21vianet) | modified |
+| 4/5/2021 | [Go to the Action center to view and approve your automated investigation and remediation tasks](/microsoft-365/security/defender/m365d-action-center?view=o365-21vianet) | modified |
+| 4/5/2021 | [View and manage actions in the Action center](/microsoft-365/security/defender/m365d-autoir-actions?view=o365-21vianet) | modified |
+| 4/5/2021 | [Handle false positives or false negatives in AIR in Microsoft 365 Defender](/microsoft-365/security/defender/m365d-autoir-report-false-positives-negatives?view=o365-21vianet) | modified |
+| 4/5/2021 | [Details and results of an automated investigation](/microsoft-365/security/defender/m365d-autoir-results?view=o365-21vianet) | modified |
+| 4/5/2021 | [Automated investigation and response in Microsoft 365 Defender](/microsoft-365/security/defender/m365d-autoir?view=o365-21vianet) | modified |
+| 4/5/2021 | [Configure automated investigation and response capabilities in Microsoft 365 Defender](/microsoft-365/security/defender/m365d-configure-auto-investigation-response?view=o365-21vianet) | modified |
+| 4/5/2021 | [Remediation actions in Microsoft 365 Defender](/microsoft-365/security/defender/m365d-remediation-actions?view=o365-21vianet) | modified |
+| 4/5/2021 | [Troubleshoot Microsoft 365 Defender service issues](/microsoft-365/security/defender/troubleshoot?view=o365-21vianet) | modified |
+| 4/5/2021 | [Set up secure collaboration with Microsoft 365](/microsoft-365/solutions/setup-secure-collaboration-with-teams?view=o365-21vianet) | modified |
+| 4/5/2021 | [How to use DKIM for email in your custom domain](/microsoft-365/security/office-365-security/use-dkim-to-validate-outbound-email?view=o365-21vianet) | modified |
+| 4/6/2021 | [Manage auto-claim policies](/microsoft-365/commerce/licenses/manage-auto-claim-policies?view=o365-21vianet) | modified |
+| 4/6/2021 | [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-21vianet) | modified |
+| 4/6/2021 | [Supported file types in Advanced eDiscovery](/microsoft-365/compliance/supported-filetypes-ediscovery20?view=o365-21vianet) | modified |
+| 4/6/2021 | [How to configure Exchange Server on-premises to use Hybrid Modern Authentication](/microsoft-365/enterprise/configure-exchange-server-for-hybrid-modern-authentication?view=o365-21vianet) | modified |
+| 4/6/2021 | [About the Microsoft Defender for Office 365 trial](/microsoft-365/security/office-365-security/about-defender-for-office-365-trial?view=o365-21vianet) | modified |
+| 4/6/2021 | [Admin submissions](/microsoft-365/security/office-365-security/admin-submission?view=o365-21vianet) | modified |
+| 4/6/2021 | [Gain insights through Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-insights?view=o365-21vianet) | modified |
+| 4/6/2021 | [Best practices for configuring EOP](/microsoft-365/security/office-365-security/best-practices-for-configuring-eop?view=o365-21vianet) | modified |
+| 4/6/2021 | [Find and release quarantined messages as a user](/microsoft-365/security/office-365-security/find-and-release-quarantined-messages-as-a-user?view=o365-21vianet) | modified |
+| 4/6/2021 | [Give users access to the Security & Compliance Center](/microsoft-365/security/office-365-security/grant-access-to-the-security-and-compliance-center?view=o365-21vianet) | modified |
+| 4/6/2021 | [Outbound delivery pools](/microsoft-365/security/office-365-security/high-risk-delivery-pool-for-outbound-messages?view=o365-21vianet) | modified |
+| 4/6/2021 | [Identity and device access policies for allowing guest and external user B2B access - Microsoft 365 for enterprise \| Microsoft Docs](/microsoft-365/security/office-365-security/identity-access-policies-guest-access?view=o365-21vianet) | modified |
+| 4/6/2021 | [Manage groups in EOP](/microsoft-365/security/office-365-security/manage-groups-in-eop?view=o365-21vianet) | modified |
+| 4/6/2021 | [Manage quarantined messages and files as an admin](/microsoft-365/security/office-365-security/manage-quarantined-messages-and-files?view=o365-21vianet) | modified |
+| 4/6/2021 | [Recommended Microsoft Cloud App Security policies for SaaS apps - Microsoft 365 Enterprise \| Microsoft Docs](/microsoft-365/security/office-365-security/mcas-saas-access-policies?view=o365-21vianet) | modified |
+| 4/6/2021 | [The Microsoft Defender for Office 365 (MDO) email entity page](/microsoft-365/security/office-365-security/mdo-email-entity-page?view=o365-21vianet) | modified |
+| 4/6/2021 | [Queues insight in the Mail flow dashboard](/microsoft-365/security/office-365-security/mfi-queue-alerts-and-queues?view=o365-21vianet) | modified |
+| 4/6/2021 | [Identity and device access configurations - Microsoft 365 for enterprise](/microsoft-365/security/office-365-security/microsoft-365-policies-configurations?view=o365-21vianet) | modified |
+| 4/6/2021 | [Automated investigation and response in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/office-365-air?view=o365-21vianet) | modified |
+| 4/6/2021 | [Secure email recommended policies - Microsoft 365 for enterprise \| Microsoft Docs](/microsoft-365/security/office-365-security/secure-email-recommended-policies?view=o365-21vianet) | modified |
+| 4/6/2021 | [Set up SPF to help prevent spoofing](/microsoft-365/security/office-365-security/set-up-spf-in-office-365-to-help-prevent-spoofing?view=o365-21vianet) | modified |
+| 4/6/2021 | [SIEM server integration with Microsoft 365 services and applications](/microsoft-365/security/office-365-security/siem-server-integration?view=o365-21vianet) | modified |
+| 4/6/2021 | [Recommended Teams policies - Microsoft 365 for enterprise \| Microsoft Docs](/microsoft-365/security/office-365-security/teams-access-policies?view=o365-21vianet) | modified |
+| 4/6/2021 | [Threat Explorer and Real-time detections](/microsoft-365/security/office-365-security/threat-explorer?view=o365-21vianet) | modified |
+| 4/6/2021 | [View and release quarantined messages from shared mailboxes](/microsoft-365/security/office-365-security/view-and-release-quarantined-messages-from-shared-mailboxes?view=o365-21vianet) | modified |
+| 4/6/2021 | [View Defender for Office 365 reports in the Reports dashboard](/microsoft-365/security/office-365-security/view-reports-for-mdo?view=o365-21vianet) | modified |
+| 4/6/2021 | [Collaborating with people outside your organization](/microsoft-365/solutions/collaborate-with-people-outside-your-organization?view=o365-21vianet) | modified |
+| 4/6/2021 | [Steps to configure threat protection capabilities across Microsoft 365](/microsoft-365/solutions/deploy-threat-protection-configure?view=o365-21vianet) | modified |
+| 4/6/2021 | [Deploy threat protection capabilities across Microsoft 365](/microsoft-365/solutions/deploy-threat-protection?view=o365-21vianet) | modified |
+| 4/6/2021 | [Step-by-step threat protection stack in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/protection-stack-microsoft-defender-for-office365?view=o365-21vianet) | added |
+| 4/6/2021 | [Network device discovery and vulnerability management](/microsoft-365/security/defender-endpoint/network-devices?view=o365-21vianet) | added |
+| 4/6/2021 | [Explanation types](/microsoft-365/contentunderstanding/explanation-types-overview) | modified |
+| 4/6/2021 | [Subscriptions, licenses, accounts, and tenants for Microsoft's cloud offerings](/microsoft-365/enterprise/subscriptions-licenses-accounts-and-tenants-for-microsoft-cloud-offerings?view=o365-21vianet) | modified |
+| 4/6/2021 | [Configure Microsoft Defender Security Center settings](/microsoft-365/security/defender-endpoint/preferences-setup?view=o365-21vianet) | modified |
+| 4/6/2021 | [Advanced Hunting API](/microsoft-365/security/defender-endpoint/run-advanced-query-api?view=o365-21vianet) | modified |
+| 4/7/2021 | [What's new in Microsoft Defender for Endpoint for iOS](/microsoft-365/security/defender-endpoint/ios-whatsnew?view=o365-21vianet) | added |
+| 4/7/2021 | [Understand your bill or invoice for Microsoft 365 for business](/microsoft-365/commerce/billing-and-payments/understand-your-invoice2?view=o365-21vianet) | modified |
+| 4/7/2021 | [Add licenses to a subscription purchased through the Volume Licensing Service Center](/microsoft-365/commerce/licenses/add-licenses-bought-through-vlsc?view=o365-21vianet) | modified |
+| 4/7/2021 | [Add licenses to or extend a subscription paid for using a product key](/microsoft-365/commerce/licenses/add-licenses-using-product-key?view=o365-21vianet) | modified |
+| 4/7/2021 | [Buy or remove licenses](/microsoft-365/commerce/licenses/buy-licenses?view=o365-21vianet) | modified |
+| 4/7/2021 | [Cancel your subscription](/microsoft-365/commerce/subscriptions/cancel-your-subscription?view=o365-21vianet) | modified |
+| 4/7/2021 | [Move users to a different subscription](/microsoft-365/commerce/subscriptions/move-users-different-subscription?view=o365-21vianet) | modified |
+| 4/7/2021 | [Reactivate your subscription](/microsoft-365/commerce/subscriptions/reactivate-your-subscription?view=o365-21vianet) | modified |
+| 4/7/2021 | [Renew Microsoft 365 for business](/microsoft-365/commerce/subscriptions/renew-your-subscription?view=o365-21vianet) | modified |
+| 4/7/2021 | [What happens to my data and access when my subscription ends?](/microsoft-365/commerce/subscriptions/what-if-my-subscription-expires?view=o365-21vianet) | modified |
+| 4/7/2021 | [Why can't I switch Microsoft 365 for business plans?](/microsoft-365/commerce/subscriptions/why-can-t-i-switch-plans?view=o365-21vianet) | modified |
+| 4/7/2021 | [Data locations for the European Union](/microsoft-365/enterprise/eu-data-storage-locations?view=o365-21vianet) | modified |
+| 4/7/2021 | [Microsoft 365 global tenant performance optimization for China users](/microsoft-365/enterprise/microsoft-365-networking-china?view=o365-21vianet) | modified |
+| 4/7/2021 | AssignedIPAddresses() function in advanced hunting for Microsoft Defender for Endpoint | removed |
+| 4/7/2021 | Query best practices for advanced hunting | removed |
+| 4/7/2021 | DeviceEvents table in the advanced hunting schema | removed |
+| 4/7/2021 | DeviceFileCertificateInfo table in the advanced hunting schema | removed |
+| 4/7/2021 | DeviceFileEvents table in the advanced hunting schema | removed |
+| 4/7/2021 | DeviceImageLoadEvents table in the advanced hunting schema | removed |
+| 4/7/2021 | DeviceInfo table in the advanced hunting schema | removed |
+| 4/7/2021 | DeviceLogonEvents table in the advanced hunting schema | removed |
+| 4/7/2021 | DeviceNetworkEvents table in the advanced hunting schema | removed |
+| 4/7/2021 | DeviceNetworkInfo table in the advanced hunting schema | removed |
+| 4/7/2021 | DeviceProcessEvents table in the advanced hunting schema | removed |
+| 4/7/2021 | DeviceRegistryEvents table in the advanced hunting schema | removed |
+| 4/7/2021 | DeviceTvmSecureConfigurationAssessment table in the advanced hunting schema | removed |
+| 4/7/2021 | DeviceTvmSecureConfigurationAssessmentKB table in the advanced hunting schema | removed |
+| 4/7/2021 | DeviceTvmSoftwareInventory table in the advanced hunting schema | removed |
+| 4/7/2021 | DeviceTvmSoftwareInventoryVulnerabilities table in the advanced hunting schema | removed |
+| 4/7/2021 | DeviceTvmSoftwareVulnerabilities table in the advanced hunting schema | removed |
+| 4/7/2021 | DeviceTvmSoftwareVulnerabilitiesKB table in the advanced hunting schema | removed |
+| 4/7/2021 | Handle errors in advanced hunting for Microsoft Defender ATP | removed |
+| 4/7/2021 | Extend advanced hunting coverage with the right settings | removed |
+| 4/7/2021 | FileProfile() function in advanced hunting for Microsoft Defender for Endpoint | removed |
+| 4/7/2021 | Get relevant info about an entity with go hunt | removed |
+| 4/7/2021 | Advanced hunting limits in Microsoft Defender ATP | removed |
+| 4/7/2021 | [Overview of advanced hunting in Microsoft Defender ATP](/microsoft-365/security/defender-endpoint/advanced-hunting-overview?view=o365-21vianet) | modified |
+| 4/7/2021 | Learn the advanced hunting query language | removed |
+| 4/7/2021 | Work with advanced hunting query results in Microsoft Defender ATP | removed |
+| 4/7/2021 | [Advanced hunting schema reference](/microsoft-365/security/defender-endpoint/advanced-hunting-schema-reference?view=o365-21vianet) | modified |
+| 4/7/2021 | Use shared queries in advanced hunting | removed |
+| 4/7/2021 | Take action on advanced hunting query results in Microsoft Threat Protection | removed |
+| 4/7/2021 | Create custom detection rules in Microsoft Defender ATP | removed |
+| 4/7/2021 | View and manage custom detection rules in Microsoft Defender ATP | removed |
+| 4/7/2021 | [What's new in Microsoft Defender for Endpoint for Linux](/microsoft-365/security/defender-endpoint/linux-whatsnew?view=o365-21vianet) | modified |
+| 4/7/2021 | [What's new in Microsoft Defender for Endpoint for Mac](/microsoft-365/security/defender-endpoint/mac-whatsnew?view=o365-21vianet) | modified |
+| 4/7/2021 | [Microsoft Defender ATP for iOS overview](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-ios?view=o365-21vianet) | modified |
+| 4/7/2021 | Overview of custom detections in Microsoft Defender ATP | removed |
+| 4/7/2021 | [Identity and device access policies for allowing guest and external user B2B access - Microsoft 365 for enterprise \| Microsoft Docs](/microsoft-365/security/office-365-security/identity-access-policies-guest-access?view=o365-21vianet) | modified |
+| 4/7/2021 | [Identity and device access configurations - Microsoft 365 for enterprise](/microsoft-365/security/office-365-security/microsoft-365-policies-configurations?view=o365-21vianet) | modified |
+| 4/7/2021 | [Report junk and phishing email in Outlook on the web](/microsoft-365/security/office-365-security/report-junk-email-and-phishing-scams-in-outlook-on-the-web-eop?view=o365-21vianet) | modified |
+| 4/7/2021 | [Steps to configure threat protection capabilities across Microsoft 365](/microsoft-365/solutions/deploy-threat-protection-configure?view=o365-21vianet) | modified |
+| 4/7/2021 | [What's new in Microsoft Defender for Endpoint for iOS](/microsoft-365/security/defender-endpoint/ios-whatsnew?view=o365-21vianet) | modified |
+| 4/7/2021 | [Create a keyword dictionary](/microsoft-365/compliance/create-a-keyword-dictionary?view=o365-21vianet) | modified |
+| 4/7/2021 | [Data loss prevention and Microsoft Teams](/microsoft-365/compliance/dlp-microsoft-teams?view=o365-21vianet) | modified |
+| 4/7/2021 | [Security recommendations for priority accounts in Microsoft 365, priority accounts, priority accounts in Office 365, priority accounts in Microsoft 365](/microsoft-365/security/office-365-security/security-recommendations-for-priority-accounts?view=o365-21vianet) | modified |
+| 4/7/2021 | [User tags in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/user-tags?view=o365-21vianet) | modified |
+| 4/8/2021 | [Manage Microsoft feedback for your organization](/microsoft-365/admin/manage/manage-feedback-ms-org?view=o365-21vianet) | added |
+| 4/8/2021 | [Learn about Microsoft feedback for your organization](/microsoft-365/admin/misc/feedback-user-control?view=o365-21vianet) | added |
+| 4/8/2021 | [Microsoft 365 Reports in the admin center - Microsoft 365 Apps usage](/microsoft-365/admin/activity-reports/microsoft365-apps-usage-ww?view=o365-21vianet) | modified |
+| 4/8/2021 | [About admin roles in the Microsoft 365 admin center](/microsoft-365/admin/add-users/about-admin-roles?view=o365-21vianet) | modified |
+| 4/8/2021 | [Test and deploy Microsoft 365 Apps by partners in the Integrated apps portal](/microsoft-365/admin/manage/test-and-deploy-microsoft-365-apps?view=o365-21vianet) | modified |
+| 4/8/2021 | [Configure Focused Inbox for everyone in your organization](/microsoft-365/admin/setup/configure-focused-inbox?view=o365-21vianet) | modified |
+| 4/8/2021 | [Cancel your subscription](/microsoft-365/commerce/subscriptions/cancel-your-subscription?view=o365-21vianet) | modified |
+| 4/8/2021 | [What happens to my data and access when my subscription ends?](/microsoft-365/commerce/subscriptions/what-if-my-subscription-expires?view=o365-21vianet) | modified |
+| 4/8/2021 | [Pre-migration activities for the migration from Microsoft Cloud Deutschland](/microsoft-365/enterprise/ms-cloud-germany-transition-add-pre-work?view=o365-21vianet) | modified |
+| 4/8/2021 | [Migration phases actions and impacts for the migration from Microsoft Cloud Deutschland)](/microsoft-365/enterprise/ms-cloud-germany-transition-phases?view=o365-21vianet) | modified |
+| 4/8/2021 | [How to check Microsoft 365 service health](/microsoft-365/enterprise/view-service-health?view=o365-21vianet) | modified |
+| 4/8/2021 | [Configure device proxy and Internet connection settings](/microsoft-365/security/defender-endpoint/configure-proxy-internet?view=o365-21vianet) | modified |
+| 4/8/2021 | [Microsoft Defender for Endpoint data storage and privacy](/microsoft-365/security/defender-endpoint/data-storage-privacy?view=o365-21vianet) | modified |
+| 4/8/2021 | [Deploy Microsoft Defender for Endpoint for Linux manually](/microsoft-365/security/defender-endpoint/linux-install-manually?view=o365-21vianet) | modified |
+| 4/8/2021 | [Use network protection to help prevent connections to bad sites](/microsoft-365/security/defender-endpoint/network-protection?view=o365-21vianet) | modified |
+| 4/8/2021 | [Detect and Remediate Illicit Consent Grants](/microsoft-365/security/office-365-security/detect-and-remediate-illicit-consent-grants?view=o365-21vianet) | modified |
+| 4/8/2021 | [Safe Documents in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/safe-docs?view=o365-21vianet) | modified |
+| 4/8/2021 | [Safe Links](/microsoft-365/security/office-365-security/safe-links?view=o365-21vianet) | modified |
+| 4/8/2021 | [User submissions policy](/microsoft-365/security/office-365-security/user-submission?view=o365-21vianet) | modified |
+| 4/8/2021 | [Manage Microsoft feedback for your organization](/microsoft-365/admin/manage/manage-feedback-ms-org?view=o365-21vianet) | modified |
+| 4/8/2021 | [Learn about Microsoft feedback for your organization](/microsoft-365/admin/misc/feedback-user-control?view=o365-21vianet) | modified |
+| 4/8/2021 | [Microsoft Industry Updates](/microsoft-365/admin/misc/microsoft-bing-news-for-work?view=o365-21vianet) | modified |
+| 4/8/2021 | [Automatically apply a retention label to retain or delete content](/microsoft-365/compliance/apply-retention-labels-automatically?view=o365-21vianet) | modified |
+| 4/8/2021 | [Create a keyword dictionary](/microsoft-365/compliance/create-a-keyword-dictionary?view=o365-21vianet) | modified |
+| 4/8/2021 | [Use sensitivity labels as conditions in DLP policies](/microsoft-365/compliance/dlp-sensitivity-label-as-condition?view=o365-21vianet) | modified |
+| 4/8/2021 | [Learn about retention for Teams](/microsoft-365/compliance/retention-policies-teams?view=o365-21vianet) | modified |
+| 4/8/2021 | [Configure advanced features in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/advanced-features?view=o365-21vianet) | modified |
+| 4/8/2021 | [Address false positives/negatives in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/defender-endpoint-false-positives-negatives?view=o365-21vianet) | modified |
+| 4/8/2021 | [Microsoft 365 Defender](/microsoft-365/security/defender/microsoft-365-defender?view=o365-21vianet) | modified |
+| 4/8/2021 | [Anti-spam protection](/microsoft-365/security/office-365-security/anti-spam-protection?view=o365-21vianet) | modified |
+| 4/8/2021 | [Bulk complaint level values](/microsoft-365/security/office-365-security/bulk-complaint-level-values?view=o365-21vianet) | modified |
+| 4/8/2021 | [Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/defender-for-office-365?view=o365-21vianet) | modified |
+| 4/8/2021 | [The Microsoft Defender for Office 365 (MDO) email entity page](/microsoft-365/security/office-365-security/mdo-email-entity-page?view=o365-21vianet) | modified |
+| 4/8/2021 | [Protect against threats](/microsoft-365/security/office-365-security/protect-against-threats?view=o365-21vianet) | modified |
+| 4/8/2021 | [Configure your Microsoft 365 tenant for increased security](/microsoft-365/security/office-365-security/tenant-wide-setup-for-increased-security?view=o365-21vianet) | modified |
+| 4/8/2021 | [Steps to configure threat protection capabilities across Microsoft 365](/microsoft-365/solutions/deploy-threat-protection-configure?view=o365-21vianet) | modified |
+| 4/8/2021 | [Deploy threat protection capabilities across Microsoft 365](/microsoft-365/solutions/deploy-threat-protection?view=o365-21vianet) | modified |
+| 4/9/2021 | [Manage Microsoft feedback for your organization](/microsoft-365/admin/manage/manage-feedback-ms-org?view=o365-21vianet) | modified |
+| 4/9/2021 | [Create and publish sensitivity labels](/microsoft-365/compliance/create-sensitivity-labels?view=o365-21vianet) | modified |
+| 4/9/2021 | [Learn about retention for Teams](/microsoft-365/compliance/retention-policies-teams?view=o365-21vianet) | modified |
+| 4/9/2021 | [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-21vianet) | modified |
+| 4/9/2021 | [Network device discovery and vulnerability management](/microsoft-365/security/defender-endpoint/network-devices?view=o365-21vianet) | modified |
+| 4/9/2021 | [Overview - Advanced hunting](/microsoft-365/security/defender/advanced-hunting-overview?view=o365-21vianet) | modified |
+| 4/9/2021 | [Manage who can create Microsoft 365 Groups](/microsoft-365/solutions/manage-creation-of-groups?view=o365-21vianet) | modified |
+| 4/9/2021 | [Cloud-delivered protection and Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/cloud-protection-microsoft-defender-antivirus?view=o365-21vianet) | added |
+| 4/9/2021 | [Collect diagnostic data for Update Compliance and Windows Defender Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/collect-diagnostic-data-update-compliance?view=o365-21vianet) | added |
+| 4/9/2021 | [Collect diagnostic data of Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/collect-diagnostic-data?view=o365-21vianet) | added |
+| 4/9/2021 | [Use the command line to manage Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/command-line-arguments-microsoft-defender-antivirus?view=o365-21vianet) | added |
+| 4/9/2021 | [Common mistakes to avoid when defining exclusions](/microsoft-365/security/defender-endpoint/common-exclusion-mistakes-microsoft-defender-antivirus?view=o365-21vianet) | added |
+| 4/9/2021 | [Manage Windows Defender in your business](/microsoft-365/security/defender-endpoint/configuration-management-reference-microsoft-defender-antivirus?view=o365-21vianet) | added |
+| 4/9/2021 | [Configure scanning options for Microsoft Defender AV](/microsoft-365/security/defender-endpoint/configure-advanced-scan-types-microsoft-defender-antivirus?view=o365-21vianet) | added |
+| 4/9/2021 | [Enable block at first sight to detect malware in seconds](/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus?view=o365-21vianet) | added |
+| 4/9/2021 | [Configure the Microsoft Defender Antivirus cloud block timeout period](/microsoft-365/security/defender-endpoint/configure-cloud-block-timeout-period-microsoft-defender-antivirus?view=o365-21vianet) | added |
+| 4/9/2021 | [Configure how users can interact with Microsoft Defender AV](/microsoft-365/security/defender-endpoint/configure-end-user-interaction-microsoft-defender-antivirus?view=o365-21vianet) | added |
+| 4/9/2021 | [Set up exclusions for Microsoft Defender AV scans](/microsoft-365/security/defender-endpoint/configure-exclusions-microsoft-defender-antivirus?view=o365-21vianet) | added |
+| 4/9/2021 | [Configure and validate exclusions based on extension, name, or location](/microsoft-365/security/defender-endpoint/configure-extension-file-exclusions-microsoft-defender-antivirus?view=o365-21vianet) | added |
+| 4/9/2021 | [Configure local overrides for Microsoft Defender AV settings](/microsoft-365/security/defender-endpoint/configure-local-policy-overrides-microsoft-defender-antivirus?view=o365-21vianet) | added |
+| 4/9/2021 | [Configure Microsoft Defender Antivirus features](/microsoft-365/security/defender-endpoint/configure-microsoft-defender-antivirus-features?view=o365-21vianet) | added |
+| 4/9/2021 | [Configure and validate Microsoft Defender Antivirus network connections](/microsoft-365/security/defender-endpoint/configure-network-connections-microsoft-defender-antivirus?view=o365-21vianet) | added |
+| 4/9/2021 | [Configure Microsoft Defender Antivirus notifications](/microsoft-365/security/defender-endpoint/configure-notifications-microsoft-defender-antivirus?view=o365-21vianet) | added |
+| 4/9/2021 | [Configure exclusions for files opened by specific processes](/microsoft-365/security/defender-endpoint/configure-process-opened-file-exclusions-microsoft-defender-antivirus?view=o365-21vianet) | added |
+| 4/9/2021 | [Enable and configure Microsoft Defender Antivirus protection features](/microsoft-365/security/defender-endpoint/configure-protection-features-microsoft-defender-antivirus?view=o365-21vianet) | added |
+| 4/9/2021 | [Enable and configure Microsoft Defender Antivirus protection capabilities](/microsoft-365/security/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus?view=o365-21vianet) | added |
+| 4/9/2021 | [Configure remediation for Microsoft Defender Antivirus detections](/microsoft-365/security/defender-endpoint/configure-remediation-microsoft-defender-antivirus?view=o365-21vianet) | added |
+| 4/9/2021 | [Configure Microsoft Defender Antivirus exclusions on Windows Server](/microsoft-365/security/defender-endpoint/configure-server-exclusions-microsoft-defender-antivirus?view=o365-21vianet) | added |
+| 4/9/2021 | [Run and customize scheduled and on-demand scans](/microsoft-365/security/defender-endpoint/customize-run-review-remediate-scans-microsoft-defender-antivirus?view=o365-21vianet) | added |
+| 4/9/2021 | [Run and customize scheduled and on-demand scans](/microsoft-365/security/defender-endpoint/customize-run-review-remediate-scans-windows-defender-antivirus?view=o365-21vianet) | added |
+| 4/9/2021 | [Deploy, manage, and report on Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/deploy-manage-report-microsoft-defender-antivirus?view=o365-21vianet) | added |
+| 4/9/2021 | [Deploy and enable Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/deploy-microsoft-defender-antivirus?view=o365-21vianet) | added |
+| 4/9/2021 | [Microsoft Defender Antivirus Virtual Desktop Infrastructure deployment guide](/microsoft-365/security/defender-endpoint/deployment-vdi-microsoft-defender-antivirus?view=o365-21vianet) | added |
+| 4/9/2021 | [Block potentially unwanted applications with Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus?view=o365-21vianet) | added |
+| 4/9/2021 | [Turn on cloud-delivered protection in Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/enable-cloud-protection-microsoft-defender-antivirus?view=o365-21vianet) | added |
+| 4/9/2021 | [Evaluate Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/evaluate-microsoft-defender-antivirus?view=o365-21vianet) | added |
+| 4/9/2021 | [Enable the limited periodic Microsoft Defender Antivirus scanning feature](/microsoft-365/security/defender-endpoint/limited-periodic-scanning-microsoft-defender-antivirus?view=o365-21vianet) | added |
+| 4/9/2021 | [Apply Microsoft Defender Antivirus updates after certain events](/microsoft-365/security/defender-endpoint/manage-event-based-updates-microsoft-defender-antivirus?view=o365-21vianet) | added |
+| 4/9/2021 | [Apply Microsoft Defender AV protection updates to out of date endpoints](/microsoft-365/security/defender-endpoint/manage-outdated-endpoints-microsoft-defender-antivirus?view=o365-21vianet) | added |
+| 4/9/2021 | [Schedule Microsoft Defender Antivirus protection updates](/microsoft-365/security/defender-endpoint/manage-protection-update-schedule-microsoft-defender-antivirus?view=o365-21vianet) | added |
+| 4/9/2021 | [Manage how and where Microsoft Defender Antivirus receives updates](/microsoft-365/security/defender-endpoint/manage-protection-updates-microsoft-defender-antivirus?view=o365-21vianet) | added |
+| 4/9/2021 | [Manage Microsoft Defender Antivirus updates and apply baselines](/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus?view=o365-21vianet) | added |
+| 4/9/2021 | [Define how mobile devices are updated by Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/manage-updates-mobile-devices-vms-microsoft-defender-antivirus?view=o365-21vianet) | added |
+| 4/9/2021 | [Microsoft Defender Antivirus compatibility with other security products](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility?view=o365-21vianet) | added |
+| 4/9/2021 | [Next-generation protection](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-in-windows-10?view=o365-21vianet) | added |
+| 4/9/2021 | [Microsoft Defender Antivirus on Windows Server](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-on-windows-server?view=o365-21vianet) | added |
+| 4/9/2021 | [Microsoft Defender Offline in Windows 10](/microsoft-365/security/defender-endpoint/microsoft-defender-offline?view=o365-21vianet) | added |
+| 4/9/2021 | [Microsoft Defender Antivirus in the Windows Security app](/microsoft-365/security/defender-endpoint/microsoft-defender-security-center-antivirus?view=o365-21vianet) | added |
+| 4/9/2021 | [Better together - Microsoft Defender Antivirus and Office 365 (including OneDrive) - better protection from ransomware and cyberthreats](/microsoft-365/security/defender-endpoint/office-365-microsoft-defender-antivirus?view=o365-21vianet) | added |
+| 4/9/2021 | [Protect security settings with tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection?view=o365-21vianet) | added |
+| 4/9/2021 | [Hide the Microsoft Defender Antivirus interface](/microsoft-365/security/defender-endpoint/prevent-end-user-interaction-microsoft-defender-antivirus?view=o365-21vianet) | added |
+| 4/9/2021 | [Monitor and report on Microsoft Defender Antivirus protection](/microsoft-365/security/defender-endpoint/report-monitor-microsoft-defender-antivirus?view=o365-21vianet) | added |
+| 4/9/2021 | [Restore quarantined files in Microsoft Defender AV](/microsoft-365/security/defender-endpoint/restore-quarantined-files-microsoft-defender-antivirus?view=o365-21vianet) | added |
+| 4/9/2021 | [Review the results of Microsoft Defender AV scans](/microsoft-365/security/defender-endpoint/review-scan-results-microsoft-defender-antivirus?view=o365-21vianet) | added |
+| 4/9/2021 | [Run and customize on-demand scans in Microsoft Defender AV](/microsoft-365/security/defender-endpoint/run-scan-microsoft-defender-antivirus?view=o365-21vianet) | added |
+| 4/9/2021 | [Schedule regular quick and full scans with Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/scheduled-catch-up-scans-microsoft-defender-antivirus?view=o365-21vianet) | added |
+| 4/9/2021 | [Specify the cloud-delivered protection level for Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/specify-cloud-protection-level-microsoft-defender-antivirus?view=o365-21vianet) | added |
+| 4/9/2021 | [Troubleshoot Microsoft Defender Antivirus while migrating from a third-party solution](/microsoft-365/security/defender-endpoint/troubleshoot-microsoft-defender-antivirus-when-migrating?view=o365-21vianet) | added |
+| 4/9/2021 | [Microsoft Defender AV event IDs and error codes](/microsoft-365/security/defender-endpoint/troubleshoot-microsoft-defender-antivirus?view=o365-21vianet) | added |
+| 4/9/2021 | [Troubleshoot problems with reporting tools for Microsoft Defender AV](/microsoft-365/security/defender-endpoint/troubleshoot-reporting?view=o365-21vianet) | added |
+| 4/9/2021 | [Configure Microsoft Defender Antivirus with Group Policy](/microsoft-365/security/defender-endpoint/use-group-policy-microsoft-defender-antivirus?view=o365-21vianet) | added |
+| 4/9/2021 | [Configure Microsoft Defender Antivirus with Configuration Manager and Intune](/microsoft-365/security/defender-endpoint/use-intune-config-manager-microsoft-defender-antivirus?view=o365-21vianet) | added |
+| 4/9/2021 | [Use PowerShell cmdlets to configure and run Microsoft Defender AV](/microsoft-365/security/defender-endpoint/use-powershell-cmdlets-microsoft-defender-antivirus?view=o365-21vianet) | added |
+| 4/9/2021 | [Configure Microsoft Defender Antivirus with WMI](/microsoft-365/security/defender-endpoint/use-wmi-microsoft-defender-antivirus?view=o365-21vianet) | added |
+| 4/9/2021 | [Why you should use Microsoft Defender Antivirus together with Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/why-use-microsoft-defender-antivirus?view=o365-21vianet) | added |
+| 4/9/2021 | [Create a new topic in Microsoft Viva Topics](/microsoft-365/knowledge/create-a-topic) | modified |
+| 4/9/2021 | [Protect against threats](/microsoft-365/security/office-365-security/protect-against-threats?view=o365-21vianet) | modified |
+| 4/9/2021 | [Exchange Online Protection (EOP) overview](/microsoft-365/security/office-365-security/exchange-online-protection-overview?view=o365-21vianet) | modified |
+| 4/9/2021 | [Manage audit log retention policies](/microsoft-365/compliance/audit-log-retention-policies?view=o365-21vianet) | modified |
+| 4/9/2021 | [Anti-spoofing protection](/microsoft-365/security/office-365-security/anti-spoofing-protection?view=o365-21vianet) | modified |
++ ## Week of March 29, 2021
managed-desktop Register Devices Partner https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/get-started/register-devices-partner.md
Title: Steps for Partners to register devices description: How Partners can register devices so they can be managed by Microsoft Managed Desktop
-keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation
f1.keywords:
audience: Admin
# Steps for Partners to register devices
-This topic describes the steps for Partners to follow to register devices. The process for registering devices yourself is documented in [Register devices in Microsoft Managed Desktop yourself](register-devices-self.md).
+This article describes the steps for Partners to follow to register devices. The process for registering devices yourself is documented in [Register devices in Microsoft Managed Desktop yourself](register-devices-self.md).
Before completing registration for a customer, you must first establish a relati
## Register devices by using Partner Center
-Once you have established the relationship with your customers, you can leverage Partner Center to add devices to Autopilot for any of the customers that you have a relationship with by following these steps:
+Once you have established the relationship with your customers, you can use Partner Center to add devices to Autopilot for any of the customers that you have a relationship with by following these steps:
1. Navigate to [Partner Center](https://partner.microsoft.com/dashboard) 2. Select **Customers** from the Partner Center menu and then select the customer whose devices you want to manage. 3. On the customer's detail page, select **Devices**. 4. Under **Apply profiles** to devices, select **Add devices**.
-5. Enter **Microsoft365Managed_Autopilot** for the Group Name and then select **Browse** to upload the customer's list (in .csv file format) to Partner Center.
+5. Enter the appropriate Group Tag for the device profile you've selected (as shown in the following table) and then select **Browse** to upload the customer's list (in .csv file format) to Partner Center.
+|[Device profile](../service-description/profiles.md) |Group Tag |
+|||
+|Sensitive data |**Microsoft365Managed\_SensitiveData** |
+|Power user | **Microsoft365Managed\_PowerUser** |
+|Standard | **Microsoft365Managed\_Standard** |
> [!IMPORTANT]
-> The Group Name must match **Microsoft365Managed_Autopilot** exactly, including capitalization and special characters. This will allow the newly registered devices to be assigned with the Microsoft Managed Desktop Autopilot profile.
+> The Group Name must match those listed in the table exactly, including capitalization and special characters. This will allow the newly registered devices to be assigned with the Microsoft Managed Desktop Autopilot profile.
>[!NOTE]
-> You should have received this .csv file with your device purchase. If you didn't receive a .csv file, you can create one yourself by following the steps in [Adding devices to Windows Autopilot](/windows/deployment/windows-autopilot/add-devices#collecting-the-hardware-id-from-existing-devices-using-powershell). The Windows PowerShell script is different from the one used for the [Microsoft Managed Desktop Admin portal](./register-devices-self.md?view=o365-worldwide#obtain-the-hardware-hash). Partners should use [Get-WindowsAutoPilotInfo](https://www.powershellgallery.com/packages/Get-WindowsAutoPilotInfo) to register devices for Microsoft Managed Desktop devices in Partner Center.
+> You should have received this .csv file with your device purchase. If you didn't receive a .csv file, you can create one yourself by following the steps in [Adding devices to Windows Autopilot](/windows/deployment/windows-autopilot/add-devices#collecting-the-hardware-id-from-existing-devices-using-powershell). The Windows PowerShell script is different from the one used for the [Microsoft Managed Desktop Admin portal](./register-devices-self.md#obtain-the-hardware-hash). Partners should use [Get-WindowsAutoPilotInfo](https://www.powershellgallery.com/packages/Get-WindowsAutoPilotInfo) to register devices for Microsoft Managed Desktop devices in Partner Center.
If you get an error message while trying to upload the .csv file, check the format of the file. Make sure the column order matches what is described in [Use Windows Autopilot profiles on new devices to customize a customer's out-of-box experience](/partner-center/autopilot#add-devices-to-a-customers-account). You can also use the sample .csv file provided from the link next to **Add devices** to create a device list.
For more information about Autopilot in Partner scenarios, see [Add devices to a
Before completing registration for a customer, you must first establish a relationship with them. You should have a unique link to provide to your respective customers. See [How to establish OEM relationship](/windows/deployment/windows-autopilot/registration-auth#oem-authorization).
-Once you've established the relationship, you can start registering devices for customers using the Group Tag **Microsoft365Managed_Autopilot**.
+Once you've established the relationship, you can start registering devices for customers using the appropriate Group Tag for each device profile they've selected:
++
+|Device profile |Group Tag |
+|||
+|Sensitive data | **Microsoft365Managed\_SensitiveData** |
+|Power user | **Microsoft365Managed\_PowerUser** |
+|Standard | **Microsoft365Managed\_Standard** |
> [!IMPORTANT]
-> The group name must match **Microsoft365Managed_Autopilot** exactly, including capitalization and special characters. This will allow the newly registered devices to be assigned with the Microsoft Managed Desktop Autopilot profile.
+> The Group Tags must match those listed in the table exactly, including capitalization and special characters. This will allow the newly registered devices to be assigned with the Microsoft Managed Desktop Autopilot profile.
managed-desktop Register Devices Self https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/get-started/register-devices-self.md
Title: Register new devices yourself description: Register devices yourself so they can be managed by Microsoft Managed Desktop
-keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation
f1.keywords:
In [Microsoft Endpoint Manager](https://endpoint.microsoft.com/), select **Devic
Follow these steps: 1. In **File upload**, provide a path to the CSV file you created previously.
+2. Select a [device profile](../service-description/profiles.md) in the drop-down menu.
3. Select **Register devices**. The system will add the devices to your list of devices on **Devices**, marked as **Registration Pending**. Registration typically takes less than 10 minutes, and when successful the device will show as **Ready for user** meaning it's ready and waiting for a user to start using.
+> [!NOTE]
+> If you manually change the Azure Active Directory (AAD) group membership of a device, it will be automatically reassigned to the group for its device profile and removed from any conflicting groups.
You can monitor the progress of device registration on the main page. Possible states reported there include:
If your device has come from a Microsoft Managed Desktop partner supplier, the i
YouΓÇÖre also welcome to apply the image on your own if you prefer. To get started, contact the Microsoft representative youΓÇÖre working with and they will provide you the location and steps for applying the image.
+### Autopilot group tag
+
+When you use the Admin portal to register devices, we automatically assign the **Microsoft365Managed_Autopilot** Autopilot Group Tag.
+The service monitors all Microsoft Managed Desktop devices daily and assigns the group tag to any that don't already have it.
+ ### Deliver the device > [!IMPORTANT] > Before you hand off the device to your user, make sure you have obtained and applied the [appropriate licenses](../get-ready/prerequisites.md) for that user.
-If all the licenses are applied, you can [get your users ready to use devices](get-started-devices.md), and then your user can start up the device and proceed through the Windows setup experience.
+If all the licenses are applied, you can [get your users ready to use devices](get-started-devices.md), and then your user can start up the device and proceed through the Windows setup experience.
managed-desktop Register Reused Devices Self https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/get-started/register-reused-devices-self.md
Title: Register existing devices yourself description: Register reused devices you might already have yourself so they can be managed by Microsoft Managed Desktop
-keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation
f1.keywords:
In [Microsoft Endpoint Manager](https://endpoint.microsoft.com/), select **Devic
Follow these steps: 1. In **File upload**, provide a path to the CSV file you created previously.
+2. Select a [device profile](../service-description/profiles.md) in the drop-down menu.
+3. Select **Register devices**. The system will add the devices to your list of devices on the **Devices blade**, marked as **Registration Pending**. Registration typically takes less than 10 minutes, and when successful the device will show as **Ready for user** meaning it's ready and waiting for a user to start using.
-1. Select **Register devices**. The system will add the devices to your list of devices on the **Devices blade**, marked as **Registration Pending**. Registration typically takes less than 10 minutes, and when successful the device will show as **Ready for user** meaning it's ready and waiting for a user to start using.
-
+> [!NOTE]
+> If you manually change the Azure Active Directory (AAD) group membership of a device, it will be automatically reassigned to the group for its device profile and removed from any conflicting groups.
You can monitor the progress of device registration on the main page. Possible states reported there include:
managed-desktop Profiles https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/service-description/profiles.md
+
+ Title: Understand device profiles
+description: The various profiles that admins can assign to devices
+keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation
++
+f1.keywords:
+- NOCSH
+
+ms.localizationpriority: normal
+++
+audience: Admin
++
+# Device profiles
+
+You can assign different pre-set configurations ("device profiles") to devices, each optimized for the needs of specific types of users. Three device profiles are available:
+
+- Standard
+- Sensitive Data
+- Power user
+
+You can think of device profiles as being part of a hierarchy of device configuration options.
++
+Fundamentally, every Microsoft Managed Desktop device has a foundation that includes a standard security baseline, compliance policies, Windows Update settings, and groups. To work with Microsoft Managed Desktop, every device must include all of these elements, which can't be changed by admins without a request to Microsoft Managed Desktop.
+
+Device profiles appear at the next higher level. Every Microsoft Managed Desktop device must have one (and only one) profile assigned. Admins can choose which profile a device is assigned.
+
+At a still higher level are additional [customizations](customizing.md). Each device can have one or more (or no) customizations. They can either modify a lower-level layer (Device profiles or the foundational configuration), or be an entirely new request thatΓÇÖs layered on top of the standard configuration.
+
+At the top are your own modifications, such as network details or applications. A device can have any number of these modifications, which aren't managed or blocked by Microsoft Managed Desktop.
++
+## Device profile details
+
+The following table summarizes the settings and their default values for each setting configured by device profiles. (Behind the scenes, these settings are configured with OMA-URIs by using Custom Configuration Profiles in Microsoft Endpoint Manager.)
+
+| Feature | Sensitive Data | Power User | Standard |
+|--|-||--|
+| **Block External StorageΓÇï** | YesΓÇï | YesΓÇï | NoΓÇï |
+| **[Cloud Block Level](https://docs.microsoft.com/graph/api/resources/intune-deviceconfig-defendercloudblockleveltype)ΓÇï** | HighΓÇï | HighΓÇï | HighΓÇï |
+| **Disable Microsoft AccountsΓÇï** | YesΓÇï | YesΓÇï | NoΓÇï |
+| **Disable personal OneDriveΓÇï** | YesΓÇï | YesΓÇï | NoΓÇï |
+| **Switch to secure desktop for elevationΓÇï** | NoΓÇï | YesΓÇï | NoΓÇï |
+| **Microsoft Defender for Endpoint Device TagΓÇï** | M365Managed-SensitiveDataΓÇï | M365Managed-PowerUserΓÇï | M365Managed-StandardΓÇï |
+| **Admin on the device?ΓÇï** | NoΓÇï | YesΓÇï | NoΓÇï |
+| **Autopilot Profile** | MMD Standard | MMD Power User | MMD Standard |
+| **AppLockerΓÇï** | YesΓÇï | NoΓÇï | NoΓÇï |
+| **Block Public StoreΓÇï** | YesΓÇï | YesΓÇï | NoΓÇï |
+
+Each device profile also involves these items:
+
+- A dynamic membership Azure Active Directory (AAD) device group
+- A static membership AAD device group
+- A Microsoft Endpoint Manager Configuration profile
+
+> [!IMPORTANT]
+> DonΓÇÖt modify the membership of these groups directly. Use the interface as described in [Reassign profiles](../working-with-managed-desktop/change-device-profile.md).
+
+## Limitations
+
+You can request exceptions to the device profiles and their details as you would with any other policy. Keep in mind that you can only have one of each device profile in your Azure Active Directory organization ("tenant"). For example, you can't request that the Sensitive data device profile disables AppLocker for only some of your users. All devices with the Sensitive data profile must have the same configuration.
+
+Each device can only have one profile. If a given device is used by more than one user, all users on that device will have the same configuration.
managed-desktop Change Device Profile https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/working-with-managed-desktop/change-device-profile.md
+
+ Title: Reassign device profiles
+description: How to change a device profile for a device
+keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation
++
+f1.keywords:
+- NOCSH
+
+ms.localizationpriority: normal
+++
+audience: Admin
++
+# Reassign profiles
+
+You can change the [Device profiles](../service-description/profiles.md) assigned to a device by using the Admin Portal.
+
+> [!IMPORTANT]
+> Changing a device's profile will erase all data on the device and cause it to restart. Make sure youΓÇÖve selected the right devices before proceeding and back up any data you might want to preserve.
+
+The device profile you select will be applied to all devices you select in the first step. To move separate devices to different profiles, youΓÇÖll need to repeat this process for each device profile.
+
+1. In Microsoft Endpoint Manager, select **Devices** in the left pane. In the **Microsoft Managed Desktop** section of the menu, select **Devices**.
+2. Select the check boxes for the devices you want to modify.
+3. Select **Change device profile**; a fly-in opens.
+4. Use the drop-down menu to select the new device profile.
+5. Select **Change profile**.
++
security TOC https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/TOC.md
### [Overview of Microsoft Defender Security Center](use.md) ### [Portal overview](portal-overview.md) ### [Microsoft Defender for Endpoint for US Government customers](gov.md)
-### [Microsoft Defender for Endpoint for non-Windows platforms](non-windows.md)
+### [Microsoft Defender for Endpoint on non-Windows platforms](non-windows.md)
## [Evaluate capabilities](evaluation-lab.md)
### [Network devices](network-devices.md)
-### [Microsoft Defender for Endpoint for Mac]()
-#### [Overview of Microsoft Defender for Endpoint for Mac](microsoft-defender-endpoint-mac.md)
+### [Microsoft Defender for Endpoint on macOS]()
+#### [Overview of Microsoft Defender for Endpoint on macOS](microsoft-defender-endpoint-mac.md)
#### [What's New](mac-whatsnew.md) #### [Deploy]() ##### [Microsoft Intune-based deployment](mac-install-with-intune.md) ##### [JAMF Pro-based deployment]()
-###### [Deploying Microsoft Defender for Endpoint for macOS using Jamf Pro](mac-install-with-jamf.md)
+###### [Deploying Microsoft Defender for Endpoint on macOS using Jamf Pro](mac-install-with-jamf.md)
###### [Login to Jamf Pro](mac-install-jamfpro-login.md) ###### [Set up device groups](mac-jamfpro-device-groups.md) ###### [Set up policies](mac-jamfpro-policies.md)
#### [Privacy](mac-privacy.md) #### [Resources](mac-resources.md)
-### [Microsoft Defender for Endpoint for iOS]()
-#### [Overview of Microsoft Defender for Endpoint for iOS](microsoft-defender-endpoint-ios.md)
+### [Microsoft Defender for Endpoint on iOS]()
+#### [Overview of Microsoft Defender for Endpoint on iOS](microsoft-defender-endpoint-ios.md)
#### [Deploy]()
-##### [Deploy Microsoft Defender for Endpoint for iOS via Intune](ios-install.md)
+##### [Deploy Microsoft Defender for Endpoint on iOS via Intune](ios-install.md)
#### [Configure]() ##### [Configure iOS features](ios-configure-features.md) #### [Privacy](ios-privacy.md)
-### [Microsoft Defender for Endpoint for Linux]()
-#### [Overview of Microsoft Defender for Endpoint for Linux](microsoft-defender-endpoint-linux.md)
+### [Microsoft Defender for Endpoint on Linux]()
+#### [Overview of Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
#### [What's New](linux-whatsnew.md) #### [Deploy]() ##### [Manual deployment](linux-install-manually.md)
##### [Static proxy configuration](linux-static-proxy-configuration.md) ##### [Set preferences](linux-preferences.md) ##### [Detect and block Potentially Unwanted Applications](linux-pua.md)
-##### [Schedule scans with Microsoft Defender for Endpoint for Linux](linux-schedule-scan-atp.md)
+##### [Schedule scans with Microsoft Defender for Endpoint on Linux](linux-schedule-scan-atp.md)
##### [Schedule an update of the Microsoft Defender for Endpoint (Linux)](linux-update-MDE-Linux.md) #### [Troubleshoot]()
#### [Privacy](linux-privacy.md) #### [Resources](linux-resources.md)
-### [Microsoft Defender for Endpoint for Android]()
-#### [Overview of Microsoft Defender for Endpoint for Android](microsoft-defender-endpoint-android.md)
+### [Microsoft Defender for Endpoint on Android]()
+#### [Overview of Microsoft Defender for Endpoint on Android](microsoft-defender-endpoint-android.md)
#### [Deploy]()
-##### [Deploy Microsoft Defender for Endpoint for Android with Microsoft Intune](android-intune.md)
+##### [Deploy Microsoft Defender for Endpoint on Android with Microsoft Intune](android-intune.md)
#### [Configure]()
-##### [Configure Microsoft Defender for Endpoint for Android features](android-configure.md)
+##### [Configure Microsoft Defender for Endpoint on Android features](android-configure.md)
#### [Privacy]()
-##### [Microsoft Defender for Endpoint for Android - Privacy information](android-privacy.md)
+##### [Microsoft Defender for Endpoint on Android - Privacy information](android-privacy.md)
#### [Troubleshoot]() ##### [Troubleshoot issues](android-support-signin.md)
security Android Configure https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/android-configure.md
Title: Configure Microsoft Defender for Endpoint for Android features
-description: Describes how to configure Microsoft Defender for Endpoint for Android
+ Title: Configure Microsoft Defender for Endpoint on Android features
+description: Describes how to configure Microsoft Defender for Endpoint on Android
keywords: microsoft, defender, atp, mde, android, configuration search.product: eADQiWindows 10XVcnh search.appverid: met150
ms.technology: mde
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) ## Conditional Access with Defender for Endpoint for Android
-Microsoft Defender for Endpoint for Android along with Microsoft Intune and Azure Active
+Microsoft Defender for Endpoint on Android along with Microsoft Intune and Azure Active
Directory enables enforcing Device compliance and Conditional Access policies based on device risk levels. Defender for Endpoint is a Mobile Threat Defense (MTD) solution that you can deploy to leverage this capability via Intune.
Defender for Endpoint for Android allows IT Administrators the ability to config
For more information, see [Configure web protection on devices that run Android](https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection-manage-android). ## Related topics-- [Overview of Microsoft Defender for Endpoint for Android](microsoft-defender-endpoint-android.md)-- [Deploy Microsoft Defender for Endpoint for Android with Microsoft Intune](android-intune.md)
+- [Overview of Microsoft Defender for Endpoint on Android](microsoft-defender-endpoint-android.md)
+- [Deploy Microsoft Defender for Endpoint on Android with Microsoft Intune](android-intune.md)
security Android Intune https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/android-intune.md
Title: Deploy Microsoft Defender for Endpoint for Android with Microsoft Intune
-description: Describes how to deploy Microsoft Defender for Endpoint for Android with Microsoft Intune
+ Title: Deploy Microsoft Defender for Endpoint on Android with Microsoft Intune
+description: Describes how to deploy Microsoft Defender for Endpoint on Android with Microsoft Intune
keywords: microsoft, defender, atp, mde, android, installation, deploy, uninstallation, search.product: eADQiWindows 10XVcnh search.appverid: met150
ms.technology: mde
-# Deploy Microsoft Defender for Endpoint for Android with Microsoft Intune
+# Deploy Microsoft Defender for Endpoint on Android with Microsoft Intune
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
For more information on the enrollment options supported by Intune, see
**Currently, Personally owned devices with work profile and Corporate-owned fully managed user device enrollments are supported for deployment.**
-## Add Microsoft Defender for Endpoint for Android as a Managed Google Play app
+## Add Microsoft Defender for Endpoint on Android as a Managed Google Play app
Follow the steps below to add Microsoft Defender for Endpoint app into your managed Google Play.
The device configuration profile is now assigned to the selected user group.
## Complete onboarding and check status
-1. Confirm the installation status of Microsoft Defender for Endpoint for Android by
+1. Confirm the installation status of Microsoft Defender for Endpoint on Android by
clicking on the **Device Install Status**. Verify that the device is displayed here.
by navigating to the **Devices** page.
## Related topics-- [Overview of Microsoft Defender for Endpoint for Android](microsoft-defender-endpoint-android.md)-- [Configure Microsoft Defender for Endpoint for Android features](android-configure.md)
+- [Overview of Microsoft Defender for Endpoint on Android](microsoft-defender-endpoint-android.md)
+- [Configure Microsoft Defender for Endpoint on Android features](android-configure.md)
security Android Privacy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/android-privacy.md
ms.technology: mde
-# Microsoft Defender for Endpoint for Android - Privacy information
+# Microsoft Defender for Endpoint on Android - Privacy information
**Applies to:** - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
security Android Support Signin https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/android-support-signin.md
Title: Troubleshoot issues on Microsoft Defender for Endpoint for Android
-description: Troubleshoot issues for Microsoft Defender for Endpoint for Android
+ Title: Troubleshoot issues on Microsoft Defender for Endpoint on Android
+description: Troubleshoot issues for Microsoft Defender for Endpoint on Android
keywords: microsoft, defender, atp, mde, android, cloud, connectivity, communication search.product: eADQiWindows 10XVcnh search.appverid: met150
ms.technology: mde
-# Troubleshooting issues on Microsoft Defender for Endpoint for Android
+# Troubleshooting issues on Microsoft Defender for Endpoint on Android
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
security Android Terms https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/android-terms.md
hideEdit: true
ms.technology: mde
-# Microsoft Defender for Endpoint for Android application license terms
+# Microsoft Defender for Endpoint on Android application license terms
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
security Attack Surface Reduction https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/attack-surface-reduction.md
localization_priority: Normal
audience: ITPro -+ ms.technology: mde
For more information and to get your updates, see [Update for Microsoft Defender
### Cases where warn mode is not supported
-Warn mode is not supported for the following attack surface reduction rules:
+Warn mode is not supported for three attack surface reduction rules when you configure them in Microsoft Endpoint Manager. (If you use Group Policy to configure your attack surface reduction rules, warn mode is supported.) The three rules that do not support warn mode when you configure them in Microsoft Endpoint Manager are as follows:
- [Block JavaScript or VBScript from launching downloaded executable content](#block-javascript-or-vbscript-from-launching-downloaded-executable-content) (GUID `d3e037e1-3eb8-44c8-a917-57927947596d`) - [Block persistence through WMI event subscription](#block-persistence-through-wmi-event-subscription) (GUID `e6db77e5-3df2-4cf1-b95a-636979351e5b`)
security Configure Email Notifications https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-email-notifications.md
ms.technology: mde
-# Configure alert notifications in Microsoft Defender ATP
+# Configure alert notifications in Microsoft Defender for Endpoint
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
You can configure Defender for Endpoint to send email notifications to specified
> [!NOTE] > Only users with 'Manage security settings' permissions can configure email notifications. If you've chosen to use basic permissions management, users with Security Administrator or Global Administrator roles can configure email notifications.
-You can set the alert severity levels that trigger notifications. You can also add or remove recipients of the email notification. New recipients get notified about alerts encountered after they are added. For more information about alerts, see [View and organize the Alerts queue](alerts-queue.md).
+You can set the alert severity levels that trigger notifications. You can also add or remove recipients of the email notification. New recipients get notified about alerts triggered after they're added. For more information about alerts, see [View and organize the Alerts queue](alerts-queue.md).
If you're using role-based access control (RBAC), recipients will only receive notifications based on the device groups that were configured in the notification rule. Users with the proper permission can only create, edit, or delete notifications that are limited to their device group management scope.
You can create rules that determine the devices and alert severities to send ema
5. Enter the recipient's email address then click **Add recipient**. You can add multiple email addresses.
-6. Check that email recipients are able to receive the email notifications by selecting **Send test email**.
+6. Check that email recipients can receive the email notifications by selecting **Send test email**.
7. Click **Save notification rule**.
You can create rules that determine the devices and alert severities to send ema
## Troubleshoot email notifications for alerts This section lists various issues that you may encounter when using email notifications for alerts.
-**Problem:** Intended recipients report they are not getting the notifications.
+**Problem:** Intended recipients report they're not getting the notifications.
-**Solution:** Make sure that the notifications are not blocked by email filters:
+**Solution:** Make sure that the notifications aren't blocked by email filters:
-1. Check that the Defender for Endpoint email notifications are not sent to the Junk Email folder. Mark them as Not junk.
-2. Check that your email security product is not blocking the email notifications from Defender for Endpoint.
+1. Check that the Defender for Endpoint email notifications aren't sent to the Junk Email folder. Mark them as Not junk.
+2. Check that your email security product isn't blocking the email notifications from Defender for Endpoint.
3. Check your email application rules that might be catching and moving your Defender for Endpoint email notifications. ## Related topics
security Configure Endpoints Non Windows https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-endpoints-non-windows.md
ms.technology: mde
Defender for Endpoint provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in Microsoft Defender Security Center and better protect your organization's network. You'll need to know the exact Linux distros and macOS versions that are compatible with Defender for Endpoint for the integration to work. For more information, see:-- [Microsoft Defender for Endpoint for Linux system requirements](microsoft-defender-endpoint-linux.md#system-requirements) -- [Microsoft Defender for Endpoint for Mac system requirements](microsoft-defender-endpoint-mac.md#system-requirements).
+- [Microsoft Defender for Endpoint on Linux system requirements](microsoft-defender-endpoint-linux.md#system-requirements)
+- [Microsoft Defender for Endpoint on macOS system requirements](microsoft-defender-endpoint-mac.md#system-requirements).
## Onboarding non-Windows devices You'll need to take the following steps to onboard non-Windows devices: 1. Select your preferred method of onboarding:
- - For macOS devices, you can choose to onboard through Microsoft Defender ATP or through a third-party solution. For more information, see [Microsoft Defender for Endpoint for Mac](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-atp-mac).
- - For other non-Windows devices choose **Onboard non-Windows devices through third-party integration**.
-
- 1. In the navigation pane, select **Interoperability** > **Partners**. Make sure the third-party solution is listed.
-
- 2. In the **Partner Applications** tab, select the partner that supports your non-Windows devices.
+ - For macOS devices, you can choose to onboard through Microsoft Defender ATP or through a third-party solution. For more information, see [Microsoft Defender for Endpoint for Mac](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-mac).
- 3. Select **Open partner page** to open the partner's page. Follow the instructions provided on the page.
-
- 4. After creating an account or subscribing to the partner solution, you should get to a stage where a tenant Global Admin in your organization is asked to accept a permission request from the partner application. Read the permission request carefully to make sure that it is aligned with the service that you require.
+ - For other non-Windows devices choose **Onboard non-Windows devices through third-party integration**.
+ 1. In the navigation pane, select **Interoperability** > **Partners**. Make sure the third-party solution is listed.
+ 2. In the **Partner Applications** tab, select the partner that supports your non-Windows devices.
+ 3. Select **Open partner page** to open the partner's page. Follow the instructions provided on the page.
+ 4. After creating an account or subscribing to the partner solution, you should get to a stage where a tenant Global Admin in your organization is asked to accept a permission request from the partner application. Read the permission request carefully to make sure that it is aligned with the service that you require.
2. Run a detection test by following the instructions of the third-party solution.
security Enable Attack Surface Reduction https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/enable-attack-surface-reduction.md
localization_priority: Normal
audience: ITPro -+ ms.technology: mde+ # Enable attack surface reduction rules
ms.technology: mde
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
->Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink)
+> [!TIP]
+> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink)
[Attack surface reduction rules](attack-surface-reduction.md) (ASR rules) help prevent actions that malware often abuses to compromise devices and networks. You can set ASR rules for devices running any of the following editions and versions of Windows: - Windows 10 Pro, [version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) or later
ms.technology: mde
- Windows Server, [version 1803 (Semi-Annual Channel)](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) or later - [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19)
-Each ASR rule contains one of three settings:
+Each ASR rule contains one of four settings:
+
+- **Not configured**: Disable the ASR rule
+- **Block**: Enable the ASR rule
+- **Audit**: Evaluate how the ASR rule would impact your organization if enabled
+- **Warn**: Enable the ASR rule but alow the end user to bypass the block
-- Not configured: Disable the ASR rule-- Block: Enable the ASR rule-- Audit: Evaluate how the ASR rule would impact your organization if enabled
+> [!IMPORTANT]
+> Currently, warn mode is not supported for three ASR rules when you configure ASR rules in Microsoft Endpoint Manager (MEM). To learn more, see [Cases where warn mode is not supported](attack-surface-reduction.md#cases-where-warn-mode-is-not-supported).
It's highly recommended you use ASR rules with a Windows E5 license (or similar licensing SKU) to take advantage of the advanced monitoring and reporting capabilities available in [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection) (Defender for Endpoint). However, for other licenses like Windows Professional or E3 that don't have access to advanced monitoring and reporting capabilities, you can develop your own monitoring and reporting tools on top of the events that are generated at each endpoint when ASR rules are triggered (e.g., Event Forwarding).
The following is a sample for reference, using [GUID values for ASR rules](attac
`Value: 75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84=2|3B576869-A4EC-4529-8536-B80A7769E899=1|D4F940AB-401B-4EfC-AADC-AD5F3C50688A=2|D3E037E1-3EB8-44C8-A917-57927947596D=1|5BEB7EFE-FD9A-4556-801D-275E5FFC04CC=0|BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550=1`
-The values to enable, disable, or enable in audit mode are:
+The values to enable (Block), disable, warn, or enable in audit mode are:
-- Disable = 0-- Block (enable ASR rule) = 1-- Audit = 2
+- 0 : Disable (Disable the ASR rule)
+- 1 : Block (Enable the ASR rule)
+- 2 : Audit (Evaluate how the ASR rule would impact your organization if enabled)
+- 6 : Warn (Enable the ASR rule but allow the end-user to bypass the block)
Use the [./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionOnlyExclusions](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-attacksurfacereductiononlyexclusions) configuration service provider (CSP) to add exclusions.
Example:
Select **Show...** and enter the rule ID in the **Value name** column and your chosen state in the **Value** column as follows:
- - Disable = 0
- - Block (enable ASR rule) = 1
- - Audit = 2
+ - 0 : Disable (Disable the ASR rule)
+ - 1 : Block (Enable the ASR rule)
+ - 2 : Audit (Evaluate how the ASR rule would impact your organization if enabled)
+ - 6 : Warn (Enable the ASR rule but allow the end-user to bypass the block)
- ![Group policy setting showing a blank attack surface reduction rule ID and value of 1](/microsoft-365/security/defender-endpoint/images/asr-rules-gp)
+ :::image type="content" source="images/asr-rules-gp.png" alt-text="ASR rules in Group Policy":::
5. To exclude files and folders from ASR rules, select the **Exclude files and paths from Attack surface reduction rules** setting and set the option to **Enabled**. Select **Show** and enter each file or folder in the **Value name** column. Enter **0** in the **Value** column for each item.
Example:
1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and select **Run as administrator**.
-2. Enter the following cmdlet:
+2. Type the following cmdlet:
```PowerShell Set-MpPreference -AttackSurfaceReductionRules_Ids <rule ID> -AttackSurfaceReductionRules_Actions Enabled
Example:
Add-MpPreference -AttackSurfaceReductionRules_Ids <rule ID> -AttackSurfaceReductionRules_Actions AuditMode ```
+ To enable ASR rules in warn mode, use the following cmdlet:
+
+ ```PowerShell
+ Add-MpPreference -AttackSurfaceReductionRules_Ids <rule ID> -AttackSurfaceReductionRules_Actions Warn
+ ```
+ To turn off ASR rules, use the following cmdlet: ```PowerShell
Example:
You can also use the `Add-MpPreference` PowerShell verb to add new rules to the existing list. > [!WARNING]
- > `Set-MpPreference` will always overwrite the existing set of rules. If you want to add to the existing set, you should use `Add-MpPreference` instead.
+ > `Set-MpPreference` will always overwrite the existing set of rules. If you want to add to the existing set, use `Add-MpPreference` instead.
> You can obtain a list of rules and their current state by using `Get-MpPreference`. 3. To exclude files and folders from ASR rules, use the following cmdlet:
security Ios Configure Features https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/ios-configure-features.md
Title: Configure Microsoft Defender for Endpoint for iOS features
+ Title: Configure Microsoft Defender for Endpoint on iOS features
description: Describes how to deploy Microsoft Defender ATP for iOS features keywords: microsoft, defender, atp, ios, configure, features, ios search.product: eADQiWindows 10XVcnh
ms.technology: mde
-# Configure Microsoft Defender for Endpoint for iOS features
+# Configure Microsoft Defender for Endpoint on iOS features
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
ms.technology: mde
> Defender for Endpoint for iOS would use a VPN in order to provide the Web Protection feature. This is not a regular VPN and is a local/self-looping VPN that does not take traffic outside the device. ## Conditional Access with Defender for Endpoint for iOS
-Microsoft Defender for Endpoint for iOS along with Microsoft Intune and Azure Active Directory enables enforcing Device compliance and Conditional Access policies
+Microsoft Defender for Endpoint on iOS along with Microsoft Intune and Azure Active Directory enables enforcing Device compliance and Conditional Access policies
based on device risk levels. Defender for Endpoint is a Mobile Threat Defense (MTD) solution that you can deploy to leverage this capability via Intune. For more information about how to set up Conditional Access with Defender for Endpoint for iOS, see [Defender for Endpoint and Intune](https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection).
Apple iOS does not support multiple device-wide VPNs to be active simultaneously
To protect corporate data from being accessed on jailbroken iOS devices, we recommend that you set up the following compliance policy on Intune. > [!NOTE]
-> At this time Microsoft Defender for Endpoint for iOS does not provide protection against jailbreak scenarios. If used on a jailbroken device, then in specific scenarios data that is used by the application like your corporate email id and corporate profile picture (if available) can be exposed locally
+> At this time Microsoft Defender for Endpoint on iOS does not provide protection against jailbreak scenarios. If used on a jailbroken device, then in specific scenarios data that is used by the application like your corporate email id and corporate profile picture (if available) can be exposed locally
Follow the steps below to create a compliance policy against jailbroken devices.
security Ios Install https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/ios-install.md
ms.technology: mde
-# Deploy Microsoft Defender for Endpoint for iOS
+# Deploy Microsoft Defender for Endpoint on iOS
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
Deploy Defender for Endpoint for iOS via Intune Company Portal.
## Configure Microsoft Defender for Endpoint for Supervised Mode
-The Microsoft Defender for Endpoint for iOS app has specialized ability on supervised iOS/iPadOS devices, given the increased management capabilities provided by the platform on these types of devices. To take advantage of these capabilities, the Defender for Endpoint app needs to know if a device is in Supervised Mode.
+The Microsoft Defender for Endpoint on iOS app has specialized ability on supervised iOS/iPadOS devices, given the increased management capabilities provided by the platform on these types of devices. To take advantage of these capabilities, the Defender for Endpoint app needs to know if a device is in Supervised Mode.
### Configure Supervised Mode via Intune
security Ios Privacy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/ios-privacy.md
Title: Privacy information - Microsoft Defender for Endpoint for iOS
+ Title: Privacy information - Microsoft Defender for Endpoint on iOS
-description: Describes privacy information for Microsoft Defender for Endpoint for iOS
+description: Describes privacy information for Microsoft Defender for Endpoint on iOS
keywords: microsoft, defender, atp, ios, policy, overview search.product: eADQiWindows 10XVcnh search.appverid: met150
ms.technology: mde
-# Privacy information - Microsoft Defender for Endpoint for iOS
+# Privacy information - Microsoft Defender for Endpoint on iOS
**Applies to:** - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
security Ios Terms https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/ios-terms.md
hideEdit: true
ms.technology: mde
-# Microsoft Defender for Endpoint for iOS application license terms
+# Microsoft Defender for Endpoint on iOS application license terms
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
security Ios Whatsnew https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/ios-whatsnew.md
Title: What's new in Microsoft Defender for Endpoint for iOS
-description: Learn about the major changes for previous versions of Microsoft Defender for Endpoint for iOS.
+ Title: What's new in Microsoft Defender for Endpoint on iOS
+description: Learn about the major changes for previous versions of Microsoft Defender for Endpoint on iOS.
keywords: microsoft, defender, atp, mac, installation, macos, whatsnew search.product: eADQiWindows 10XVcnh search.appverid: met150
ms.technology: mde
-# What's new in Microsoft Defender for Endpoint for iOS
+# What's new in Microsoft Defender for Endpoint on iOS
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
security Linux Exclusions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/linux-exclusions.md
ms.technology: mde
-# Configure and validate exclusions for Microsoft Defender for Endpoint for Linux
+# Configure and validate exclusions for Microsoft Defender for Endpoint on Linux
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
security Linux Install Manually https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/linux-install-manually.md
Title: Deploy Microsoft Defender for Endpoint for Linux manually
+ Title: Deploy Microsoft Defender for Endpoint on Linux manually
description: Describes how to deploy Microsoft Defender ATP for Linux manually from the command line. keywords: microsoft, defender, atp, linux, installation, deploy, uninstallation, puppet, ansible, linux, redhat, ubuntu, debian, sles, suse, centos
ms.technology: mde
-# Deploy Microsoft Defender for Endpoint for Linux manually
+# Deploy Microsoft Defender for Endpoint on Linux manually
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
ms.technology: mde
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink)
-This article describes how to deploy Microsoft Defender for Endpoint for Linux manually. A successful deployment requires the completion of all of the following tasks:
+This article describes how to deploy Microsoft Defender for Endpoint on Linux manually. A successful deployment requires the completion of all of the following tasks:
-- [Deploy Microsoft Defender for Endpoint for Linux manually](#deploy-microsoft-defender-for-endpoint-for-linux-manually)
+- [Deploy Microsoft Defender for Endpoint on Linux manually](#deploy-microsoft-defender-for-endpoint-on-linux-manually)
- [Prerequisites and system requirements](#prerequisites-and-system-requirements) - [Configure the Linux software repository](#configure-the-linux-software-repository) - [RHEL and variants (CentOS and Oracle Linux)](#rhel-and-variants-centos-and-oracle-linux)
This article describes how to deploy Microsoft Defender for Endpoint for Linux m
## Prerequisites and system requirements
-Before you get started, see [Microsoft Defender for Endpoint for Linux](microsoft-defender-endpoint-linux.md) for a description of prerequisites and system requirements for the current software version.
+Before you get started, see [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md) for a description of prerequisites and system requirements for the current software version.
## Configure the Linux software repository
security Linux Install With Ansible https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/linux-install-with-ansible.md
Title: Deploy Microsoft Defender ATP for Linux with Ansible-+ description: Describes how to deploy Microsoft Defender ATP for Linux using Ansible. keywords: microsoft, defender, atp, linux, installation, deploy, uninstallation, puppet, ansible, linux, redhat, ubuntu, debian, sles, suse, centos search.product: eADQiWindows 10XVcnh
localization_priority: Normal audience: ITPro-+ - m365-security-compliance ms.technology: mde
-# Deploy Microsoft Defender for Endpoint for Linux with Ansible
+# Deploy Microsoft Defender for Endpoint on Linux with Ansible
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
Create a subtask or role files that contribute to an playbook or task.
baseurl: https://packages.microsoft.com/[distro]/[version]/[channel]/ gpgcheck: yes enabled: Yes
- when: ansible_os_family == "RedHat"
+ when: ansible_os_family == "RedHat"
``` - Create the Ansible install and uninstall YAML files.
Create a subtask or role files that contribute to an playbook or task.
tasks: - include: ../roles/onboarding_setup.yml - include: ../roles/add_apt_repo.yml
- - apt:
+ - name: Install MDATP
+ apt:
name: mdatp state: latest update_cache: yes
Create a subtask or role files that contribute to an playbook or task.
``` ```Output - hosts: servers
- tasks:
- - apt:
+ tasks:
+ - name: Uninstall MDATP
+ apt:
name: mdatp state: absent ```
- - For yum-based distributions use the following YAML file:
+ - For dnf-based distributions use the following YAML file:
```bash
- cat install_mdatp_yum.yml
+ cat install_mdatp_dnf.yml
``` ```Output - hosts: servers tasks: - include: ../roles/onboarding_setup.yml - include: ../roles/add_yum_repo.yml
- - yum:
- name: mdatp
- state: latest
- enablerepo: packages-microsoft-com-prod-[channel]
+ - name: Install MDATP
+ dnf:
+ name: mdatp
+ state: latest
+ enablerepo: packages-microsoft-com-prod-[channel]
``` ```bash
- cat uninstall_mdatp_yum.yml
+ cat uninstall_mdatp_dnf.yml
``` ```Output - hosts: servers
- tasks:
- - yum:
- name: mdatp
+ tasks:
+ - name: Uninstall MDATP
+ dnf:
+ name: mdatp
state: absent ```
When upgrading your operating system to a new major version, you must first unin
## References -- [Add or remove YUM repositories](https://docs.ansible.com/ansible/2.3/yum_repository_module.html)
+- [Add or remove YUM repositories](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/yum_repository_module.html)
-- [Manage packages with the yum package manager](https://docs.ansible.com/ansible/latest/modules/yum_module.html)
+- [Manage packages with the dnf package manager](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/dnf_module.html)
-- [Add and remove APT repositories](https://docs.ansible.com/ansible/latest/modules/apt_repository_module.html)
+- [Add and remove APT repositories](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/apt_repository_module.html)
-- [Manage apt-packages](https://docs.ansible.com/ansible/latest/modules/apt_module.html)
+- [Manage apt-packages](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/apt_module.html)
security Linux Install With Puppet https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/linux-install-with-puppet.md
ms.technology: mde
-# Deploy Microsoft Defender for Endpoint for Linux with Puppet
+# Deploy Microsoft Defender for Endpoint on Linux with Puppet
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
security Linux Preferences https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/linux-preferences.md
ms.technology: mde
-# Set preferences for Microsoft Defender for Endpoint for Linux
+# Set preferences for Microsoft Defender for Endpoint on Linux
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
security Linux Privacy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/linux-privacy.md
ms.technology: mde
-# Privacy for Microsoft Defender for Endpoint for Linux
+# Privacy for Microsoft Defender for Endpoint on Linux
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
Microsoft is committed to providing you with the information and controls you ne
This topic describes the privacy controls available within the product, how to manage these controls with policy settings and more details on the data events that are collected.
-## Overview of privacy controls in Microsoft Defender for Endpoint for Linux
+## Overview of privacy controls in Microsoft Defender for Endpoint on Linux
This section describes the privacy controls for the different types of data collected by Defender for Endpoint for Linux.
security Linux Pua https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/linux-pua.md
ms.technology: mde
-# Detect and block potentially unwanted applications with Microsoft Defender for Endpoint for Linux
+# Detect and block potentially unwanted applications with Microsoft Defender for Endpoint on Linux
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
security Linux Static Proxy Configuration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/linux-static-proxy-configuration.md
ms.technology: mde
-# Configure Microsoft Defender for Endpoint for Linux for static proxy discovery
+# Configure Microsoft Defender for Endpoint on Linux for static proxy discovery
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
security Linux Support Connectivity https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/linux-support-connectivity.md
ms.technology: mde
-# Troubleshoot cloud connectivity issues for Microsoft Defender for Endpoint for Linux
+# Troubleshoot cloud connectivity issues for Microsoft Defender for Endpoint on Linux
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
security Linux Support Events https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/linux-support-events.md
ms.technology: mde
-# Troubleshoot missing events or alerts issues for Microsoft Defender for Endpoint for Linux
+# Troubleshoot missing events or alerts issues for Microsoft Defender for Endpoint on Linux
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint for Linux](microsoft-defender-endpoint-linux.md)
+- [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
This article provides some general steps to mitigate missing events or alerts in the [security center](https://securitycenter.windows.com/) portal.
security Linux Support Install https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/linux-support-install.md
ms.technology: mde
-# Troubleshoot installation issues for Microsoft Defender for Endpoint for Linux
+# Troubleshoot installation issues for Microsoft Defender for Endpoint on Linux
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
security Linux Support Perf https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/linux-support-perf.md
ms.technology: mde
-# Troubleshoot performance issues for Microsoft Defender for Endpoint for Linux
+# Troubleshoot performance issues for Microsoft Defender for Endpoint on Linux
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
security Linux Update MDE Linux https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/linux-update-MDE-Linux.md
ms.technology: mde
# Schedule an update of the Microsoft Defender for Endpoint (Linux)
-To run an update on Microsoft Defender for Endpoint for Linux, see [Deploy updates for Microsoft Defender for Endpoint for Linux](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/linux-updates).
+To run an update on Microsoft Defender for Endpoint on Linux, see [Deploy updates for Microsoft Defender for Endpoint on Linux](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/linux-updates).
Linux (and Unix) have a tool called **crontab** (similar to Task Scheduler) to be able to run scheduled tasks.
security Linux Updates https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/linux-updates.md
ms.technology: mde
-# Deploy updates for Microsoft Defender for Endpoint for Linux
+# Deploy updates for Microsoft Defender for Endpoint on Linux
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
security Linux Whatsnew https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/linux-whatsnew.md
Title: What's new in Microsoft Defender for Endpoint for Linux
-description: List of major changes for Microsoft Defender ATP for Linux.
+ Title: What's new in Microsoft Defender for Endpoint on Linux
+description: List of major changes for Microsoft Defender ATP on Linux.
keywords: microsoft, defender, atp, linux, whatsnew, release search.product: eADQiWindows 10XVcnh search.appverid: met150
ms.technology: mde
-# What's new in Microsoft Defender for Endpoint for Linux
+# What's new in Microsoft Defender for Endpoint on Linux
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] ## 101.25.72 (30.121022.12563.0) -- Microsoft Defender for Endpoint for Linux is now available in preview for US Government customers. For more information, see [Microsoft Defender for Endpoint for US Government customers](gov.md).-- Fixed an issue where usage of Microsoft Defender for Endpoint for Linux on systems with FUSE filesystems was leading to OS hang
+- Microsoft Defender for Endpoint on Linux is now available in preview for US Government customers. For more information, see [Microsoft Defender for Endpoint for US Government customers](gov.md).
+- Fixed an issue where usage of Microsoft Defender for Endpoint on Linux on systems with FUSE filesystems was leading to OS hang
- Performance improvements & other bug fixes ## 101.25.63 (30.121022.12563.0)
security Live Response Command Examples https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/live-response-command-examples.md
run script.ps1
# Run PowerShell script from the library with arguments run get-process-by-name.ps1 -parameters "-processName Registry" ```-
+>[!NOTE]
+>
+> For long running commands such as '**run**' or '**getfile**', you may want to use the '**&**' symbol at the end of the command to perform that action in the background.
+> This will allow you to continue investigating the machine and return to the background command when done using '**fg**' [basic command](live-response.md#basic-commands).
+>
## scheduledtask ```
security Mac Device Control Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-device-control-overview.md
Title: Device control for macOS
-description: Learn how to configure Microsoft Defender for Endpoint for Mac to reduce threats from removable storage such as USB devices.
+description: Learn how to configure Microsoft Defender for Endpoint on Mac to reduce threats from removable storage such as USB devices.
keywords: microsoft, defender, atp, mac, device, control, usb, removable, media search.product: eADQiWindows 10XVcnh search.appverid: met150
Device control for macOS has the following prerequisites:
> ```bash > mdatp health --field real_time_protection_subsystem > ```
-> - Your device must be in `Beta` (previously called `InsiderFast`) Microsoft AutoUpdate update channel. For more information, seeΓÇ»[Deploy updates for Microsoft Defender for Endpoint for Mac](mac-updates.md).
+> - Your device must be in `Beta` (previously called `InsiderFast`) Microsoft AutoUpdate update channel. For more information, seeΓÇ»[Deploy updates for Microsoft Defender for Endpoint on Mac](mac-updates.md).
> > You can check the update channel using the following command: >
Device control for macOS has the following prerequisites:
> defaults write com.microsoft.autoupdate2 ChannelName -string Beta > ``` >
-> Alternatively, if you are in a managed environment (JAMF or Intune), you can configure the update channel remotely. For more information, seeΓÇ»[Deploy updates for Microsoft Defender for Endpoint for Mac](mac-updates.md).
+> Alternatively, if you are in a managed environment (JAMF or Intune), you can configure the update channel remotely. For more information, seeΓÇ»[Deploy updates for Microsoft Defender for Endpoint on Mac](mac-updates.md).
## Device control policy
The device control policy is included in the configuration profile used to confi
Within the configuration profile, the device control policy is defined in the following section:
-|||
+|Section|Value|
|:|:| | **Domain** | `com.microsoft.wdav` | | **Key** | deviceControl |
When the device control policy that you have put in place is enforced on a devic
When end users click this notification, a web page is opened in the default browser. You can configure the URL that is opened when end users click the notification.
-|||
+|Section|Value|
|:|:| | **Domain** | `com.microsoft.wdav` | | **Key** | navigationTarget |
The removable media section of the device control policy is used to restrict acc
> [!NOTE] > The following types of removable media are currently supported and can be included in the policy: USB storage devices.
-|||
+|Section|Value|
|:|:| | **Domain** | `com.microsoft.wdav` | | **Key** | removableMediaPolicy |
Under the removable media section, there is an option to set the enforcement lev
- `audit` - Under this enforcement level, if access to a device is restricted, a notification is displayed to the user, however the device can still be used. This enforcement level can be useful to evaluate the effectiveness of a policy. - `block` - Under this enforcement level, the operations that the user can perform on the device are limited to what is defined in the policy. Furthermore, a notification is raised to the user.
-|||
+|Section|Value|
|:|:| | **Domain** | `com.microsoft.wdav` | | **Key** | enforcementLevel |
This setting can be set to:
> [!NOTE] > The `execute` permission only refers to execution of Mach-O binaries. It does not include execution of scripts or other types of payloads.
-|||
+|Section|Value|
|:|:| | **Domain** | `com.microsoft.wdav` | | **Key** | permission |
At the top level of the removable media policy, you can optionally define more g
The `vendors` dictionary contains one or more entries, with each entry being identified by the vendor ID.
-|||
+|Section|Value|
|:|:| | **Domain** | `com.microsoft.wdav` | | **Key** | vendors |
The `vendors` dictionary contains one or more entries, with each entry being ide
For each vendor, you can specify the desired permission level for devices from that vendor.
-|||
+|Section|Value|
|:|:| | **Domain** | `com.microsoft.wdav` | | **Key** | permission |
For each vendor, you can specify the desired permission level for devices from t
Furthermore, you can optionally specify the set of products belonging to that vendor for which more granular permissions are defined. The `products` dictionary contains one or more entries, with each entry being identified by the product ID.
-|||
+|Section|Value|
|:|:| | **Domain** | `com.microsoft.wdav` | | **Key** | products |
Furthermore, you can optionally specify the set of products belonging to that ve
For each product, you can specify the desired permission level for that product.
-|||
+|Section|Value|
|:|:| | **Domain** | `com.microsoft.wdav` | | **Key** | permission |
Furthermore, you can specify an optional set of serial numbers for which more gr
The `serialNumbers` dictionary contains one or more entries, with each entry being identified by the serial number.
-|||
+|Section|Value|
|:|:| | **Domain** | `com.microsoft.wdav` | | **Key** | serialNumbers |
The `serialNumbers` dictionary contains one or more entries, with each entry bei
For each serial number, you can specify the desired permission level.
-|||
+|Section|Value|
|:|:| | **Domain** | `com.microsoft.wdav` | | **Key** | permission |
DeviceEvents
## Device control policy deployment
-The device control policy must be included next to the other product settings, as described in [Set preferences for Microsoft Defender for Endpoint for Mac](mac-preferences.md).
+The device control policy must be included next to the other product settings, as described in [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md).
This profile can be deployed using the instructions listed in [Configuration profile deployment](mac-preferences.md#configuration-profile-deployment).
In the above example, there is only one removable media device plugged in and it
## Related topics - [Examples of device control policies for Intune](mac-device-control-intune.md)-- [Examples of device control policies for JAMF](mac-device-control-jamf.md)
+- [Examples of device control policies for JAMF](mac-device-control-jamf.md)
security Mac Exclusions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-exclusions.md
ms.technology: mde
-# Configure and validate exclusions for Microsoft Defender for Endpoint for Mac
+# Configure and validate exclusions for Microsoft Defender for Endpoint on macOS
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
security Mac Install Manually https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-install-manually.md
Title: Manual deployment for Microsoft Defender for Endpoint for macOS
-description: Install Microsoft Defender for Endpoint for macOS manually, from the command line.
+ Title: Manual deployment for Microsoft Defender for Endpoint on macOS
+description: Install Microsoft Defender for Endpoint on macOS manually, from the command line.
keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, catalina, mojave, high sierra search.product: eADQiWindows 10XVcnh search.appverid: met150
ms.technology: mde
-# Manual deployment for Microsoft Defender for Endpoint for macOS
+# Manual deployment for Microsoft Defender for Endpoint on macOS
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
ms.technology: mde
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink)
-This topic describes how to deploy Microsoft Defender for Endpoint for macOS manually. A successful deployment requires the completion of all of the following steps:
+This topic describes how to deploy Microsoft Defender for Endpoint on macOS manually. A successful deployment requires the completion of all of the following steps:
- [Download installation and onboarding packages](#download-installation-and-onboarding-packages) - [Application installation (macOS 10.15 and older versions)](#application-installation-macos-1015-and-older-versions) - [Application installation (macOS 11 and newer versions)](#application-installation-macos-11-and-newer-versions)
This topic describes how to deploy Microsoft Defender for Endpoint for macOS man
## Prerequisites and system requirements
-Before you get started, see [the main Microsoft Defender for Endpoint for macOS page](microsoft-defender-endpoint-mac.md) for a description of prerequisites and system requirements for the current software version.
+Before you get started, see [the main Microsoft Defender for Endpoint on macOS page](microsoft-defender-endpoint-mac.md) for a description of prerequisites and system requirements for the current software version.
## Download installation and onboarding packages
To complete this process, you must have admin privileges on the device.
![System extension security preferences1](images/big-sur-install-3.png)
-5. Repeat steps 3 & 4 for all system extensions distributed with Microsoft Defender for Endpoint for Mac.
+5. Repeat steps 3 & 4 for all system extensions distributed with Microsoft Defender for Endpoint on Mac.
-6. As part of the Endpoint Detection and Response capabilities, Microsoft Defender for Endpoint for Mac inspects socket traffic and reports this information to the Microsoft Defender Security Center portal. When prompted to grant Microsoft Defender for Endpoint permissions to filter network traffic, select **Allow**.
+6. As part of the Endpoint Detection and Response capabilities, Microsoft Defender for Endpoint on Mac inspects socket traffic and reports this information to the Microsoft Defender Security Center portal. When prompted to grant Microsoft Defender for Endpoint permissions to filter network traffic, select **Allow**.
![System extension security preferences2](images/big-sur-install-4.png)
To complete this process, you must have admin privileges on the device.
## Client configuration
-1. Copy wdav.pkg and MicrosoftDefenderATPOnboardingMacOs.py to the device where you deploy Microsoft Defender for Endpoint for macOS.
+1. Copy wdav.pkg and MicrosoftDefenderATPOnboardingMacOs.py to the device where you deploy Microsoft Defender for Endpoint on macOS.
The client device isn't associated with org_id. Note that the *org_id* attribute is blank.
security Mac Install With Intune https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-install-with-intune.md
Title: Intune-based deployment for Microsoft Defender for Endpoint for Mac
-description: Install Microsoft Defender for Endpoint for Mac, using Microsoft Intune.
+ Title: Intune-based deployment for Microsoft Defender for Endpoint on macOS
+description: Install Microsoft Defender for Endpoint on macOS, using Microsoft Intune.
keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, catalina, mojave, high sierra search.product: eADQiWindows 10XVcnh search.appverid: met150
ms.technology: mde
-# Intune-based deployment for Microsoft Defender for Endpoint for Mac
+# Intune-based deployment for Microsoft Defender for Endpoint on macOS
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] > [!NOTE] > This documentation explains the legacy method for deploying and configuring Microsoft Defender for Endpoint on macOS devices. The native experience is now available in the MEM console. The release of the native UI in the MEM console provide admins with a much simpler way to configure and deploy the application and send it down to macOS devices. <br> <br>
->The blog post [MEM simplifies deployment of Microsoft Defender for Endpoint for macOS](https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/microsoft-endpoint-manager-simplifies-deployment-of-microsoft/ba-p/1322995) explains the new features. To configure the app, go to [Settings for Microsoft Defender for Endpoint for Mac in Microsoft InTune](https://docs.microsoft.com/mem/intune/protect/antivirus-microsoft-defender-settings-macos). To deploy the app, go to [Add Microsoft Defender for Endpoint to macOS devices using Microsoft Intune](https://docs.microsoft.com/mem/intune/apps/apps-advanced-threat-protection-macos).
+>The blog post [MEM simplifies deployment of Microsoft Defender for Endpoint for macOS](https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/microsoft-endpoint-manager-simplifies-deployment-of-microsoft/ba-p/1322995) explains the new features. To configure the app, go to [Settings for Microsoft Defender for Endpoint on macOS in Microsoft InTune](https://docs.microsoft.com/mem/intune/protect/antivirus-microsoft-defender-settings-macos). To deploy the app, go to [Add Microsoft Defender for Endpoint to macOS devices using Microsoft Intune](https://docs.microsoft.com/mem/intune/apps/apps-advanced-threat-protection-macos).
**Applies to:** -- [Microsoft Defender for Endpoint for Mac](microsoft-defender-endpoint-mac.md)
+- [Microsoft Defender for Endpoint on macOS](microsoft-defender-endpoint-mac.md)
-This topic describes how to deploy Microsoft Defender for Endpoint for Mac through Intune. A successful deployment requires the completion of all of the following steps:
+This topic describes how to deploy Microsoft Defender for Endpoint on macOS through Intune. A successful deployment requires the completion of all of the following steps:
1. [Download installation and onboarding packages](#download-installation-and-onboarding-packages) 1. [Client device setup](#client-device-setup)
This topic describes how to deploy Microsoft Defender for Endpoint for Mac throu
## Prerequisites and system requirements
-Before you get started, see [the main Microsoft Defender for Endpoint for Mac page](microsoft-defender-endpoint-mac.md) for a description of prerequisites and system requirements for the current software version.
+Before you get started, see [the main Microsoft Defender for Endpoint on macOS page](microsoft-defender-endpoint-mac.md) for a description of prerequisites and system requirements for the current software version.
## Overview
To approve the system extensions:
> > This configuration profile grants Full Disk Access to Microsoft Defender for Endpoint. If you previously configured Microsoft Defender for Endpoint through Intune, we recommend you update the deployment with this configuration profile.
-9. As part of the Endpoint Detection and Response capabilities, Microsoft Defender for Endpoint for Mac inspects socket traffic and reports this information to the Microsoft Defender Security Center portal. The following policy allows the network extension to perform this functionality. Download **netfilter.mobileconfig** from [our GitHub repository](https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/macos/mobileconfig/profiles/netfilter.mobileconfig), save it as netext.xml and deploy it using the same steps as in the previous sections. <a name = "create-system-configuration-profiles-step-9" id = "create-system-configuration-profiles-step-9"></a>
+9. As part of the Endpoint Detection and Response capabilities, Microsoft Defender for Endpoint on macOS inspects socket traffic and reports this information to the Microsoft Defender Security Center portal. The following policy allows the network extension to perform this functionality. Download **netfilter.mobileconfig** from [our GitHub repository](https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/macos/mobileconfig/profiles/netfilter.mobileconfig), save it as netext.xml and deploy it using the same steps as in the previous sections. <a name = "create-system-configuration-profiles-step-9" id = "create-system-configuration-profiles-step-9"></a>
-10. To allow Microsoft Defender for Endpoint for Mac and Microsoft Auto Update to display notifications in UI on macOS 10.15 (Catalina), download `notif.mobileconfig` from [our GitHub repository](https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/macos/mobileconfig/profiles/notif.mobileconfig) and import it as a custom payload. <a name = "create-system-configuration-profiles-step-10" id = "create-system-configuration-profiles-step-10"></a>
+10. To allow Microsoft Defender for Endpoint on macOS and Microsoft Auto Update to display notifications in UI on macOS 10.15 (Catalina), download `notif.mobileconfig` from [our GitHub repository](https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/macos/mobileconfig/profiles/notif.mobileconfig) and import it as a custom payload. <a name = "create-system-configuration-profiles-step-10" id = "create-system-configuration-profiles-step-10"></a>
11. Select **Manage > Assignments**. In the **Include** tab, select **Assign to All Users & All devices**.
Once the Intune changes are propagated to the enrolled devices, you can see them
6. Set *Ignore app version* to **Yes**. Other settings can be any arbitrary value. > [!CAUTION]
- > Setting *Ignore app version* to **No** impacts the ability of the application to receive updates through Microsoft AutoUpdate. See [Deploy updates for Microsoft Defender for Endpoint for Mac](mac-updates.md) for additional information about how the product is updated.
+ > Setting *Ignore app version* to **No** impacts the ability of the application to receive updates through Microsoft AutoUpdate. See [Deploy updates for Microsoft Defender for Endpoint on macOS](mac-updates.md) for additional information about how the product is updated.
>
- > If the version uploaded by Intune is lower than the version on the device, then the lower version will be installed, effectively downgrading Microsoft Defender for Endpoint. This could result in a non-functioning application. See [Deploy updates for Microsoft Defender for Endpoint for Mac](mac-updates.md) for additional information about how the product is updated. If you deployed Microsoft Defender for Endpoint with *Ignore app version* set to **No**, please change it to **Yes**. If Microsoft Defender for Endpoint still cannot be installed on a client device, then uninstall Microsoft Defender for Endpoint and push the updated policy.
+ > If the version uploaded by Intune is lower than the version on the device, then the lower version will be installed, effectively downgrading Microsoft Defender for Endpoint. This could result in a non-functioning application. See [Deploy updates for Microsoft Defender for Endpoint on macOS](mac-updates.md) for additional information about how the product is updated. If you deployed Microsoft Defender for Endpoint with *Ignore app version* set to **No**, please change it to **Yes**. If Microsoft Defender for Endpoint still cannot be installed on a client device, then uninstall Microsoft Defender for Endpoint and push the updated policy.
> [!div class="mx-imgBorder"] > ![Display of App information in App add](images/mdatp-8-intuneappinfo.png)
For more information on how to find the automatically generated log that is crea
## Uninstallation
-See [Uninstalling](mac-resources.md#uninstalling) for details on how to remove Microsoft Defender for Endpoint for Mac from client devices.
+See [Uninstalling](mac-resources.md#uninstalling) for details on how to remove Microsoft Defender for Endpoint on macOS from client devices.
security Mac Install With Jamf https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-install-with-jamf.md
ms.technology: mde
-# Deploying Microsoft Defender for Endpoint for macOS with Jamf Pro
+# Deploying Microsoft Defender for Endpoint on macOS with Jamf Pro
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
ms.technology: mde
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink)
-Learn how to deploy Microsoft Defender for Endpoint for macOS with Jamf Pro.
+Learn how to deploy Microsoft Defender for Endpoint on macOS with Jamf Pro.
> [!NOTE] > If you are using macOS Catalina (10.15.4) or newer versions of macOS, see [New configuration profiles for macOS Catalina and newer versions of macOS](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/mac-sysext-policies).
Learn how to deploy Microsoft Defender for Endpoint for macOS with Jamf Pro.
This is a multi step process. You'll need to complete all of the following steps: - [Login to the Jamf Portal](mac-install-jamfpro-login.md)-- [Setup the Microsoft Defender for Endpoint for macOS device groups in Jamf Pro](mac-jamfpro-device-groups.md)-- [Setup the Microsoft Defender for Endpoint for macOS policies in Jamf Pro](mac-jamfpro-policies.md)-- [Enroll the Microsoft Defender for Endpoint for macOS devices into Jamf Pro](mac-jamfpro-enroll-devices.md)
+- [Setup the Microsoft Defender for Endpoint on macOS device groups in Jamf Pro](mac-jamfpro-device-groups.md)
+- [Setup the Microsoft Defender for Endpoint on macOS policies in Jamf Pro](mac-jamfpro-policies.md)
+- [Enroll the Microsoft Defender for Endpoint on macOS devices into Jamf Pro](mac-jamfpro-enroll-devices.md)
security Mac Install With Other Mdm https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-install-with-other-mdm.md
ms.technology: mde
-# Deployment with a different Mobile Device Management (MDM) system for Microsoft Defender for Endpoint for Mac
+# Deployment with a different Mobile Device Management (MDM) system for Microsoft Defender for Endpoint on macOS
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
ms.technology: mde
## Prerequisites and system requirements
-Before you get started, see [the main Microsoft Defender for Endpoint for Mac page](microsoft-defender-endpoint-mac.md) for a description of prerequisites and system requirements for the current software version.
+Before you get started, see [the main Microsoft Defender for Endpoint on macOS page](microsoft-defender-endpoint-mac.md) for a description of prerequisites and system requirements for the current software version.
## Approach > [!CAUTION]
-> Currently, Microsoft officially supports only Intune and JAMF for the deployment and management of Microsoft Defender for Endpoint for Mac. Microsoft makes no warranties, express or implied, with respect to the information provided below.
+> Currently, Microsoft officially supports only Intune and JAMF for the deployment and management of Microsoft Defender for Endpoint on macOS. Microsoft makes no warranties, express or implied, with respect to the information provided below.
-If your organization uses a Mobile Device Management (MDM) solution that is not officially supported, this does not mean you are unable to deploy or run Microsoft Defender for Endpoint for Mac.
+If your organization uses a Mobile Device Management (MDM) solution that is not officially supported, this does not mean you are unable to deploy or run Microsoft Defender for Endpoint on macOS.
-Microsoft Defender for Endpoint for Mac does not depend on any vendor-specific features. It can be used with any MDM solution that supports the following features:
+Microsoft Defender for Endpoint on macOS does not depend on any vendor-specific features. It can be used with any MDM solution that supports the following features:
- Deploy a macOS .pkg to managed devices. - Deploy macOS system configuration profiles to managed devices.
In order to deploy the package to your enterprise, use the instructions associat
### License settings Set up [a system configuration profile](mac-install-with-jamf.md).
-Your MDM solution may call it something like "Custom Settings Profile", as Microsoft Defender for Endpoint for Mac is not part of macOS.
+Your MDM solution may call it something like "Custom Settings Profile", as Microsoft Defender for Endpoint on macOS is not part of macOS.
Use the property list, jamf/WindowsDefenderATPOnboarding.plist, which can be extracted from an onboarding package downloaded from [Microsoft Defender Security Center](mac-install-with-jamf.md). Your system may support an arbitrary property list in XML format. You can upload the jamf/WindowsDefenderATPOnboarding.plist file as-is in that case.
Grant Full Disk Access to the following components:
### Network extension policy
-As part of the Endpoint Detection and Response capabilities, Microsoft Defender for Endpoint for Mac inspects socket traffic and reports this information to the Microsoft Defender Security Center portal. The following policy allows the network extension to perform this functionality.
+As part of the Endpoint Detection and Response capabilities, Microsoft Defender for Endpoint on macOS inspects socket traffic and reports this information to the Microsoft Defender Security Center portal. The following policy allows the network extension to perform this functionality.
- Filter type: Plugin - Plugin bundle identifier: `com.microsoft.wdav`
security Mac Jamfpro Device Groups https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-jamfpro-device-groups.md
ms.technology: mde
-# Set up Microsoft Defender for Endpoint for macOS device groups in Jamf Pro
+# Set up Microsoft Defender for Endpoint on macOS device groups in Jamf Pro
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
Set up the device groups similar to Group policy organizational unite (OUs), Mi
![Image of Jamf Pro3](images/contoso-machine-group.png) ## Next step-- [Set up Microsoft Defender for Endpoint for macOS policies in Jamf Pro](mac-jamfpro-policies.md)
+- [Set up Microsoft Defender for Endpoint on macOS policies in Jamf Pro](mac-jamfpro-policies.md)
security Mac Jamfpro Enroll Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-jamfpro-enroll-devices.md
ms.technology: mde
-# Enroll Microsoft Defender for Endpoint for macOS devices into Jamf Pro
+# Enroll Microsoft Defender for Endpoint on macOS devices into Jamf Pro
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
security Mac Jamfpro Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-jamfpro-policies.md
ms.technology: mde
-# Set up the Microsoft Defender for Endpoint for macOS policies in Jamf Pro
+# Set up the Microsoft Defender for Endpoint on macOS policies in Jamf Pro
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
You'll need to take the following steps:
9. [Configure Network Extension](#step-9-configure-network-extension)
-10. [Schedule scans with Microsoft Defender for Endpoint for Mac](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp)
+10. [Schedule scans with Microsoft Defender for Endpoint on macOS](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp)
-11. [Deploy Microsoft Defender for Endpoint for macOS](#step-11-deploy-microsoft-defender-for-endpoint-for-macos)
+11. [Deploy Microsoft Defender for Endpoint on macOS](#step-11-deploy-microsoft-defender-for-endpoint-on-macos)
## Step 1: Get the Microsoft Defender for Endpoint onboarding package
These steps are applicable of macOS 10.15 (Catalina) or newer.
- **Distribution Method**: Install Automatically *(default)* - **Level**: Computer Level *(default)*
- ![Image of configuration settings mdatpmdav](images/c9820a5ff84aaf21635c04a23a97ca93.png)
+ ![Image of configuration profile settings mdatpmdav](images/c9820a5ff84aaf21635c04a23a97ca93.png)
- Tab **Notifications**, click **Add**, and enter the following values: - **Bundle ID**: `com.microsoft.wdav.tray`
Alternatively, you can download [kext.mobileconfig](https://github.com/microsoft
## Step 9: Configure Network Extension
-As part of the Endpoint Detection and Response capabilities, Microsoft Defender for Endpoint for Mac inspects socket traffic and reports this information to the Microsoft Defender Security Center portal. The following policy allows the network extension to perform this functionality.
+As part of the Endpoint Detection and Response capabilities, Microsoft Defender for Endpoint on macOS inspects socket traffic and reports this information to the Microsoft Defender Security Center portal. The following policy allows the network extension to perform this functionality.
These steps are applicable of macOS 10.15 (Catalina) or newer.
These steps are applicable of macOS 10.15 (Catalina) or newer.
Note that **Identifier**, **Socket Filter** and **Socket Filter Designated Requirement** exact values as specified above.
- ![Image of configuration settings mdatpmdav](images/netext-create-profile.png)
+ ![Image of configuration setting mdatpmdav](images/netext-create-profile.png)
3. Select the **Scope** tab.
These steps are applicable of macOS 10.15 (Catalina) or newer.
Alternatively, you can download [netfilter.mobileconfig](https://github.com/microsoft/mdatp-xplat/blob/master/macos/mobileconfig/profiles/netfilter.mobileconfig) and upload it to JAMF Configuration Profiles as described in [Deploying Custom Configuration Profiles using Jamf Pro|Method 2: Upload a Configuration Profile to Jamf Pro](https://www.jamf.com/jamf-nation/articles/648/deploying-custom-configuration-profiles-using-jamf-pro).
-## Step 10: Schedule scans with Microsoft Defender for Endpoint for Mac
-Follow the instructions on [Schedule scans with Microsoft Defender for Endpoint for Mac](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp).
+## Step 10: Schedule scans with Microsoft Defender for Endpoint on macOS
+Follow the instructions on [Schedule scans with Microsoft Defender for Endpoint on macOS](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp).
-## Step 11: Deploy Microsoft Defender for Endpoint for macOS
+## Step 11: Deploy Microsoft Defender for Endpoint on macOS
1. Navigate to where you saved `wdav.pkg`.
security Mac Preferences https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-preferences.md
ms.technology: mde
-# Set preferences for Microsoft Defender for Endpoint for Mac
+# Set preferences for Microsoft Defender for Endpoint on macOS
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint for Mac](microsoft-defender-endpoint-mac.md)
+- [Microsoft Defender for Endpoint on macOS](microsoft-defender-endpoint-mac.md)
>[!IMPORTANT]
->This article contains instructions for how to set preferences for Microsoft Defender for Endpoint for Mac in enterprise organizations. To configure Microsoft Defender for Endpoint for Mac using the command-line interface, see [Resources](mac-resources.md#configuring-from-the-command-line).
+>This article contains instructions for how to set preferences for Microsoft Defender for Endpoint on macOS in enterprise organizations. To configure Microsoft Defender for Endpoint on macOS using the command-line interface, see [Resources](mac-resources.md#configuring-from-the-command-line).
## Summary
-In enterprise organizations, Microsoft Defender for Endpoint for Mac can be managed through a configuration profile that is deployed by using one of several management tools. Preferences that are managed by your security operations team take precedence over preferences that are set locally on the device. Changing the preferences that are set through the configuration profile requires escalated privileges and is not available for users without administrative permissions.
+In enterprise organizations, Microsoft Defender for Endpoint on macOS can be managed through a configuration profile that is deployed by using one of several management tools. Preferences that are managed by your security operations team take precedence over preferences that are set locally on the device. Changing the preferences that are set through the configuration profile requires escalated privileges and is not available for users without administrative permissions.
This article describes the structure of the configuration profile, includes a recommended profile that you can use to get started, and provides instructions on how to deploy the profile.
The top level of the configuration profile includes product-wide preferences and
The *antivirusEngine* section of the configuration profile is used to manage the preferences of the antivirus component of Microsoft Defender for Endpoint.
-|||
+|Section|Value|
|:|:| | **Domain** | `com.microsoft.wdav` | | **Key** | antivirusEngine |
The *antivirusEngine* section of the configuration profile is used to manage the
Specify whether to enable real-time protection, which scans files as they are accessed.
-|||
+|Section|Value|
|:|:| | **Domain** | `com.microsoft.wdav` | | **Key** | enableRealTimeProtection |
Specify whether the antivirus engine runs in passive mode. Passive mode has the
- Security intelligence updates are turned on - Status menu icon is hidden
-|||
+|Section|Value|
|:|:| | **Domain** | `com.microsoft.wdav` | | **Key** | passiveMode |
Specify whether the antivirus engine runs in passive mode. Passive mode has the
Specify the merge policy for exclusions. This can be a combination of administrator-defined and user-defined exclusions (`merge`) or only administrator-defined exclusions (`admin_only`). This setting can be used to restrict local users from defining their own exclusions.
-|||
+|Section|Value|
|:|:| | **Domain** | `com.microsoft.wdav` | | **Key** | exclusionsMergePolicy |
Specify the merge policy for exclusions. This can be a combination of administra
Specify entities excluded from being scanned. Exclusions can be specified by full paths, extensions, or file names.
-|||
+|Section|Value|
|:|:| | **Domain** | `com.microsoft.wdav` | | **Key** | exclusions |
Specify entities excluded from being scanned. Exclusions can be specified by ful
Specify content excluded from being scanned by type.
-|||
+|Section|Value|
|:|:| | **Domain** | `com.microsoft.wdav` | | **Key** | $type |
Specify content excluded from being scanned by type.
Specify content excluded from being scanned by full file path.
-|||
+|Section|Value|
|:|:| | **Domain** | `com.microsoft.wdav` | | **Key** | path |
Specify content excluded from being scanned by full file path.
Indicate if the *path* property refers to a file or directory.
-|||
+|Section|Value|
|:|:| | **Domain** | `com.microsoft.wdav` | | **Key** | isDirectory |
Indicate if the *path* property refers to a file or directory.
Specify content excluded from being scanned by file extension.
-|||
+|Section|Value|
|:|:| | **Domain** | `com.microsoft.wdav` | | **Key** | extension |
Specify content excluded from being scanned by file extension.
Specify a process for which all file activity is excluded from scanning. The process can be specified either by its name (e.g. `cat`) or full path (e.g. `/bin/cat`).
-|||
+|Section|Value|
|:|:| | **Domain** | `com.microsoft.wdav` | | **Key** | name |
Specify a process for which all file activity is excluded from scanning. The pro
Specify threats by name that are not blocked by Defender for Endpoint for Mac. These threats will be allowed to run.
-|||
+|Section|Value|
|:|:| | **Domain** | `com.microsoft.wdav` | | **Key** | allowedThreats |
Specify threats by name that are not blocked by Defender for Endpoint for Mac. T
Restricts the actions that the local user of a device can take when threats are detected. The actions included in this list are not displayed in the user interface.
-|||
+|Section|Value|
|:|:| | **Domain** | `com.microsoft.wdav` | | **Key** | disallowedThreatActions |
Restricts the actions that the local user of a device can take when threats are
#### Threat type settings
-Specify how certain threat types are handled by Microsoft Defender for Endpoint for Mac.
+Specify how certain threat types are handled by Microsoft Defender for Endpoint on macOS.
-|||
+|Section|Value|
|:|:| | **Domain** | `com.microsoft.wdav` | | **Key** | threatTypeSettings |
Specify how certain threat types are handled by Microsoft Defender for Endpoint
Specify threat types.
-|||
+|Section|Value|
|:|:| | **Domain** | `com.microsoft.wdav` | | **Key** | key |
Specify what action to take when a threat of the type specified in the preceding
- **Block**: your device is protected against this type of threat and you are notified in the user interface and the security console. - **Off**: your device is not protected against this type of threat and nothing is logged.
-|||
+|Section|Value|
|:|:| | **Domain** | `com.microsoft.wdav` | | **Key** | value |
Specify what action to take when a threat of the type specified in the preceding
Specify the merge policy for threat type settings. This can be a combination of administrator-defined and user-defined settings (`merge`) or only administrator-defined settings (`admin_only`). This setting can be used to restrict local users from defining their own settings for different threat types.
-|||
+|Section|Value|
|:|:| | **Domain** | `com.microsoft.wdav` | | **Key** | threatTypeSettingsMergePolicy |
Specify the merge policy for threat type settings. This can be a combination of
Specify the number of days that results are retained in the scan history on the device. Old scan results are removed from the history. Old quarantined files that are also removed from the disk.
-|||
+|Section|Value|
|:|:| | **Domain** | `com.microsoft.wdav` | | **Key** | scanResultsRetentionDays |
Specify the number of days that results are retained in the scan history on the
Specify the maximum number of entries to keep in the scan history. Entries include all on-demand scans performed in the past and all antivirus detections.
-|||
+|Section|Value|
|:|:| | **Domain** | `com.microsoft.wdav` | | **Key** | scanHistoryMaximumItems |
Specify the maximum number of entries to keep in the scan history. Entries inclu
### Cloud-delivered protection preferences
-Configure the cloud-driven protection features of Microsoft Defender for Endpoint for Mac.
+Configure the cloud-driven protection features of Microsoft Defender for Endpoint on macOS.
-|||
+|Section|Value|
|:|:| | **Domain** | `com.microsoft.wdav` | | **Key** | cloudService |
Configure the cloud-driven protection features of Microsoft Defender for Endpoin
Specify whether to enable cloud-delivered protection the device or not. To improve the security of your services, we recommend keeping this feature turned on.
-|||
+|Section|Value|
|:|:| | **Domain** | `com.microsoft.wdav` | | **Key** | enabled |
Specify whether to enable cloud-delivered protection the device or not. To impro
Diagnostic data is used to keep Microsoft Defender for Endpoint secure and up-to-date, detect, diagnose and fix problems, and also make product improvements. This setting determines the level of diagnostics sent by Microsoft Defender for Endpoint to Microsoft.
-|||
+|Section|Value|
|:|:| | **Domain** | `com.microsoft.wdav` | | **Key** | diagnosticLevel |
Diagnostic data is used to keep Microsoft Defender for Endpoint secure and up-to
Determines whether suspicious samples (that are likely to contain threats) are sent to Microsoft. You are prompted if the submitted file is likely to contain personal information.
-|||
+|Section|Value|
|:|:| | **Domain** | `com.microsoft.wdav` | | **Key** | automaticSampleSubmission |
Determines whether suspicious samples (that are likely to contain threats) are s
Determines whether security intelligence updates are installed automatically:
-|||
+|Section|Value|
|:|:| | **Key** | automaticDefinitionUpdateEnabled | | **Data type** | Boolean |
Determines whether security intelligence updates are installed automatically:
### User interface preferences
-Manage the preferences for the user interface of Microsoft Defender for Endpoint for Mac.
+Manage the preferences for the user interface of Microsoft Defender for Endpoint on macOS.
-|||
+|Section|Value|
|:|:| | **Domain** | `com.microsoft.wdav` | | **Key** | userInterface |
Manage the preferences for the user interface of Microsoft Defender for Endpoint
Specify whether to show or hide the status menu icon in the top-right corner of the screen.
-|||
+|Section|Value|
|:|:| | **Domain** | `com.microsoft.wdav` | | **Key** | hideStatusMenuIcon |
Specify whether to show or hide the status menu icon in the top-right corner of
Specify whether users can submit feedback to Microsoft by going to `Help` > `Send Feedback`.
-|||
+|Section|Value|
|:|:| | **Domain** | `com.microsoft.wdav` | | **Key** | userInitiatedFeedback |
Specify whether users can submit feedback to Microsoft by going to `Help` > `Sen
### Endpoint detection and response preferences
-Manage the preferences of the endpoint detection and response (EDR) component of Microsoft Defender for Endpoint for Mac.
+Manage the preferences of the endpoint detection and response (EDR) component of Microsoft Defender for Endpoint on macOS.
-|||
+|Section|Value|
|:|:| | **Domain** | `com.microsoft.wdav` | | **Key** | edr |
Specify a tag name and its value.
- The GROUP tag, tags the device with the specified value. The tag is reflected in the portal under the device page and can be used for filtering and grouping devices.
-|||
+|Section|Value|
|:|:| | **Domain** | `com.microsoft.wdav` | | **Key** | tags |
Specify a tag name and its value.
Specifies the type of tag
-|||
+|Section|Value|
|:|:| | **Domain** | `com.microsoft.wdav` | | **Key** | key |
Specifies the type of tag
Specifies the value of tag
-|||
+|Section|Value|
|:|:| | **Domain** | `com.microsoft.wdav` | | **Key** | value |
The following configuration profile (or, in case of JAMF, a property list that c
## Full configuration profile example
-The following templates contain entries for all settings described in this document and can be used for more advanced scenarios where you want more control over Microsoft Defender for Endpoint for Mac.
+The following templates contain entries for all settings described in this document and can be used for more advanced scenarios where you want more control over Microsoft Defender for Endpoint on macOS.
### Property list for JAMF configuration profile
security Mac Privacy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-privacy.md
ms.technology: mde
-# Privacy for Microsoft Defender for Endpoint for Mac
+# Privacy for Microsoft Defender for Endpoint on macOS
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
ms.technology: mde
> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
-Microsoft is committed to providing you with the information and controls you need to make choices about how your data is collected and used when youΓÇÖre using Microsoft Defender for Endpoint for Mac.
+Microsoft is committed to providing you with the information and controls you need to make choices about how your data is collected and used when youΓÇÖre using Microsoft Defender for Endpoint on macOS.
This topic describes the privacy controls available within the product, how to manage these controls with policy settings and more details on the data events that are collected.
-## Overview of privacy controls in Microsoft Defender for Endpoint for Mac
+## Overview of privacy controls in Microsoft Defender for Endpoint on macOS
-This section describes the privacy controls for the different types of data collected by Microsoft Defender for Endpoint for Mac.
+This section describes the privacy controls for the different types of data collected by Microsoft Defender for Endpoint on macOS.
### Diagnostic data
When this feature is enabled and the sample that is collected is likely to conta
If you're an IT administrator, you might want to configure these controls at the enterprise level.
-The privacy controls for the various types of data described in the preceding section are described in detail in [Set preferences for Microsoft Defender for Endpoint for Mac](mac-preferences.md).
+The privacy controls for the various types of data described in the preceding section are described in detail in [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md).
As with any new policy settings, you should carefully test them out in a limited, controlled environment to ensure the settings that you configure have the desired effect before you implement the policy settings more widely in your organization.
The following fields are considered common for all events:
| org_id | Unique identifier associated with the enterprise that the device belongs to. Allows Microsoft to identify whether issues are impacting a select set of enterprises and how many enterprises are impacted. | | hostname | Local device name (without DNS suffix). Allows Microsoft to identify whether issues are impacting a select set of installs and how many users are impacted. | | product_guid | Unique identifier of the product. Allows Microsoft to differentiate issues impacting different flavors of the product. |
-| app_version | Version of the Microsoft Defender for Endpoint for Mac application. Allows Microsoft to identify which versions of the product are showing an issue so that it can correctly be prioritized.|
+| app_version | Version of the Microsoft Defender for Endpoint on macOS application. Allows Microsoft to identify which versions of the product are showing an issue so that it can correctly be prioritized.|
| sig_version | Version of security intelligence database. Allows Microsoft to identify which versions of the security intelligence are showing an issue so that it can correctly be prioritized. | | supported_compressions | List of compression algorithms supported by the application, for example `['gzip']`. Allows Microsoft to understand what types of compressions can be used when it communicates with the application. | | release_ring | Ring that the device is associated with (for example Insider Fast, Insider Slow, Production). Allows Microsoft to identify on which release ring an issue may be occurring so that it can correctly be prioritized. |
The following fields are collected:
| Field | Description | | - | -- |
-| version | Version of Microsoft Defender for Endpoint for Mac. |
+| version | Version of Microsoft Defender for Endpoint on macOS. |
| instance_id | Unique identifier generated on kernel extension startup. | | trace_level | Trace level of the kernel extension. | | subsystem | The underlying subsystem used for real-time protection. |
The following fields are collected:
Diagnostic logs are collected only with the consent of the user as part of the feedback submission feature. The following files are collected as part of the support logs: - All files under */Library/Logs/Microsoft/mdatp/*-- Subset of files under */Library/Application Support/Microsoft/Defender/* that are created and used by Microsoft Defender for Endpoint for Mac-- Subset of files under */Library/Managed Preferences* that are used by Microsoft Defender for Endpoint for Mac
+- Subset of files under */Library/Application Support/Microsoft/Defender/* that are created and used by Microsoft Defender for Endpoint on macOS
+- Subset of files under */Library/Managed Preferences* that are used by Microsoft Defender for Endpoint on macOS
- /Library/Logs/Microsoft/autoupdate.log - $HOME/Library/Preferences/com.microsoft.autoupdate2.plist
security Mac Pua https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-pua.md
ms.technology: mde
-# Detect and block potentially unwanted applications with Microsoft Defender for Endpoint for Mac
+# Detect and block potentially unwanted applications with Microsoft Defender for Endpoint on macOS
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
ms.technology: mde
> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
-The potentially unwanted application (PUA) protection feature in Microsoft Defender for Endpoint for Mac can detect and block PUA files on endpoints in your network.
+The potentially unwanted application (PUA) protection feature in Microsoft Defender for Endpoint on macOS can detect and block PUA files on endpoints in your network.
These applications are not considered viruses, malware, or other types of threats, but might perform actions on endpoints that adversely affect their performance or use. PUA can also refer to applications that are considered to have poor reputation.
These applications can increase the risk of your network being infected with mal
## How it works
-Microsoft Defender for Endpoint for Mac can detect and report PUA files. When configured in blocking mode, PUA files are moved to the quarantine.
+Microsoft Defender for Endpoint on macOS can detect and report PUA files. When configured in blocking mode, PUA files are moved to the quarantine.
-When a PUA is detected on an endpoint, Microsoft Defender for Endpoint for Mac presents a notification to the user, unless notifications have been disabled. The threat name will contain the word "Application".
+When a PUA is detected on an endpoint, Microsoft Defender for Endpoint on macOS presents a notification to the user, unless notifications have been disabled. The threat name will contain the word "Application".
## Configure PUA protection
-PUA protection in Microsoft Defender for Endpoint for Mac can be configured in one of the following ways:
+PUA protection in Microsoft Defender for Endpoint on macOS can be configured in one of the following ways:
- **Off**: PUA protection is disabled. - **Audit**: PUA files are reported in the product logs, but not in Microsoft Defender Security Center. No notification is presented to the user and no action is taken by the product.
mdatp threat policy set --type potentially_unwanted_application --action [off|au
### Use the management console to configure PUA protection:
-In your enterprise, you can configure PUA protection from a management console, such as JAMF or Intune, similarly to how other product settings are configured. For more information, see the [Threat type settings](mac-preferences.md#threat-type-settings) section of the [Set preferences for Microsoft Defender for Endpoint for Mac](mac-preferences.md) topic.
+In your enterprise, you can configure PUA protection from a management console, such as JAMF or Intune, similarly to how other product settings are configured. For more information, see the [Threat type settings](mac-preferences.md#threat-type-settings) section of the [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md) topic.
## Related topics -- [Set preferences for Microsoft Defender for Endpoint for Mac](mac-preferences.md)
+- [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
security Mac Resources https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-resources.md
ms.technology: mde
-# Resources for Microsoft Defender for Endpoint for Mac
+# Resources for Microsoft Defender for Endpoint on macOS
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
The detailed log will be saved to `/Library/Logs/Microsoft/mdatp/install.log`. I
## Uninstalling
-There are several ways to uninstall Microsoft Defender for Endpoint for Mac. Note that while centrally managed uninstall is available on JAMF, it is not yet available for Microsoft Intune.
+There are several ways to uninstall Microsoft Defender for Endpoint on macOS. Note that while centrally managed uninstall is available on JAMF, it is not yet available for Microsoft Intune.
### Interactive uninstallation
To enable autocompletion in zsh:
echo "autoload -Uz compinit && compinit" >> ~/.zshrc ``` -- Run the following commands to enable autocompletion for Microsoft Defender for Endpoint for Mac and restart the Terminal session:
+- Run the following commands to enable autocompletion for Microsoft Defender for Endpoint on macOS and restart the Terminal session:
```zsh sudo mkdir -p /usr/local/share/zsh/site-functions
security Mac Schedule Scan https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-schedule-scan.md
ms.technology: mde
-# Schedule scans with Microsoft Defender for Endpoint for Mac
+# Schedule scans with Microsoft Defender for Endpoint on macOS
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
security Mac Support Install https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-support-install.md
ms.technology: mde
-# Troubleshoot installation issues for Microsoft Defender for Endpoint for Mac
+# Troubleshoot installation issues for Microsoft Defender for Endpoint on macOS
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint for Mac](microsoft-defender-endpoint-mac.md)
+- [Microsoft Defender for Endpoint on macOS](microsoft-defender-endpoint-mac.md)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
security Mac Support Kext https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-support-kext.md
Title: Troubleshoot kernel extension issues in Microsoft Defender for Endpoint for Mac
-description: Troubleshoot kernel extension-related issues in Microsoft Defender for Endpoint for Mac.
+ Title: Troubleshoot kernel extension issues in Microsoft Defender for Endpoint on macOS
+description: Troubleshoot kernel extension-related issues in Microsoft Defender for Endpoint on macOS.
keywords: microsoft, defender, atp, mac, kernel, extension search.product: eADQiWindows 10XVcnh search.appverid: met150
ms.technology: mde
-# Troubleshoot kernel extension issues in Microsoft Defender for Endpoint for Mac
+# Troubleshoot kernel extension issues in Microsoft Defender for Endpoint on macOS
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint for Mac](microsoft-defender-endpoint-mac.md)
+- [Microsoft Defender for Endpoint on macOS](microsoft-defender-endpoint-mac.md)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
-This article provides information on how to troubleshoot issues with the kernel extension that is installed as part of Microsoft Defender for Endpoint for Mac.
+This article provides information on how to troubleshoot issues with the kernel extension that is installed as part of Microsoft Defender for Endpoint on macOS.
Starting with macOS High Sierra (10.13), macOS requires all kernel extensions to be explicitly approved before they're allowed to run on the device.
-If you didn't approve the kernel extension during the deployment/installation of Microsoft Defender for Endpoint for Mac, the application displays a banner prompting you to enable it:
+If you didn't approve the kernel extension during the deployment/installation of Microsoft Defender for Endpoint on macOS, the application displays a banner prompting you to enable it:
![RTP disabled screenshot](images/mdatp-32-main-app-fix.png)
real_time_protection_available : true
... ```
-The following sections provide guidance on how to address this issue, depending on the method that you used to deploy Microsoft Defender for Endpoint for Mac.
+The following sections provide guidance on how to address this issue, depending on the method that you used to deploy Microsoft Defender for Endpoint on macOS.
## Managed deployment
security Mac Support License https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-support-license.md
ms.technology: mde
-# Troubleshoot license issues for Microsoft Defender for Endpoint for Mac
+# Troubleshoot license issues for Microsoft Defender for Endpoint on macOS
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint for Mac](microsoft-defender-endpoint-mac.md)
+- [Microsoft Defender for Endpoint on macOS](microsoft-defender-endpoint-mac.md)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
-While you are going through [Microsoft Defender for Endpoint for Mac](microsoft-defender-endpoint-mac.md) and [Manual deployment](mac-install-manually.md) testing or a Proof Of Concept (PoC), you might get the following error:
+While you are going through [Microsoft Defender for Endpoint on macOS](microsoft-defender-endpoint-mac.md) and [Manual deployment](mac-install-manually.md) testing or a Proof Of Concept (PoC), you might get the following error:
![Image of license error](images/no-license-found.png)
Contact your administrator for help.
**Cause:**
-You deployed and/or installed the Microsoft Defender for Endpoint for macOS package ("Download installation package") but you might have run the configuration script ("Download onboarding package").
+You deployed and/or installed the Microsoft Defender for Endpoint on macOS package ("Download installation package") but you might have run the configuration script ("Download onboarding package").
**Solution:**
security Mac Support Perf https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-support-perf.md
Title: Troubleshoot performance issues for Microsoft Defender for Endpoint for Mac
-description: Troubleshoot performance issues in Microsoft Defender for Endpoint for Mac.
+ Title: Troubleshoot performance issues for Microsoft Defender for Endpoint on macOS
+description: Troubleshoot performance issues in Microsoft Defender for Endpoint on macOS.
keywords: microsoft, defender, atp, mac, performance search.product: eADQiWindows 10XVcnh search.appverid: met150
ms.technology: mde
-# Troubleshoot performance issues for Microsoft Defender for Endpoint for Mac
+# Troubleshoot performance issues for Microsoft Defender for Endpoint on macOS
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint for Mac](microsoft-defender-endpoint-mac.md)
+- [Microsoft Defender for Endpoint on macOS](microsoft-defender-endpoint-mac.md)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
-This topic provides some general steps that can be used to narrow down performance issues related to Microsoft Defender for Endpoint for Mac.
+This topic provides some general steps that can be used to narrow down performance issues related to Microsoft Defender for Endpoint on macOS.
-Real-time protection (RTP) is a feature of Microsoft Defender for Endpoint for Mac that continuously monitors and protects your device against threats. It consists of file and process monitoring and other heuristics.
+Real-time protection (RTP) is a feature of Microsoft Defender for Endpoint on macOS that continuously monitors and protects your device against threats. It consists of file and process monitoring and other heuristics.
-Depending on the applications that you're running and your device characteristics, you may experience suboptimal performance when running Microsoft Defender for Endpoint for Mac. In particular, applications or system processes that access many resources over a short timespan can lead to performance issues in Microsoft Defender for Endpoint for Mac.
+Depending on the applications that you're running and your device characteristics, you may experience suboptimal performance when running Microsoft Defender for Endpoint on macOS. In particular, applications or system processes that access many resources over a short timespan can lead to performance issues in Microsoft Defender for Endpoint on macOS.
The following steps can be used to troubleshoot and mitigate these issues:
-1. Disable real-time protection using one of the following methods and observe whether the performance improves. This approach helps narrow down whether Microsoft Defender for Endpoint for Mac is contributing to the performance issues.
+1. Disable real-time protection using one of the following methods and observe whether the performance improves. This approach helps narrow down whether Microsoft Defender for Endpoint on macOS is contributing to the performance issues.
If your device is not managed by your organization, real-time protection can be disabled using one of the following options:
- - From the user interface. Open Microsoft Defender for Endpoint for Mac and navigate to **Manage settings**.
+ - From the user interface. Open Microsoft Defender for Endpoint on macOS and navigate to **Manage settings**.
![Manage real-time protection screenshot](images/mdatp-36-rtp.png)
The following steps can be used to troubleshoot and mitigate these issues:
mdatp config real-time-protection --value disabled ```
- If your device is managed by your organization, real-time protection can be disabled by your administrator using the instructions in [Set preferences for Microsoft Defender for Endpoint for Mac](mac-preferences.md).
+ If your device is managed by your organization, real-time protection can be disabled by your administrator using the instructions in [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md).
If the performance problem persists while real-time protection is off, the origin of the problem could be the endpoint detection and response component. In this case, please contact customer support for further instructions and mitigation.
The following steps can be used to troubleshoot and mitigate these issues:
> [!NOTE] > The application stores statistics in memory and only keeps track of file activity since it was started and real-time protection was enabled. Processes that were launched before or during periods when real time protection was off are not counted. Additionally, only events which triggered scans are counted. >
-1. Configure Microsoft Defender for Endpoint for Mac with exclusions for the processes or disk locations that contribute to the performance issues and re-enable real-time protection.
+1. Configure Microsoft Defender for Endpoint on macOS with exclusions for the processes or disk locations that contribute to the performance issues and re-enable real-time protection.
- See [Configure and validate exclusions for Microsoft Defender for Endpoint for Mac](mac-exclusions.md) for details.
+ See [Configure and validate exclusions for Microsoft Defender for Endpoint on macOS](mac-exclusions.md) for details.
security Mac Sysext Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-sysext-policies.md
ms.technology: mde
> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
-In alignment with macOS evolution, we are preparing a Microsoft Defender for Endpoint for Mac update that leverages system extensions instead of kernel extensions. This update will only be applicable to macOS Catalina (10.15.4) and newer versions of macOS.
+In alignment with macOS evolution, we are preparing a Microsoft Defender for Endpoint on macOS update that leverages system extensions instead of kernel extensions. This update will only be applicable to macOS Catalina (10.15.4) and newer versions of macOS.
-If you have deployed Microsoft Defender for Endpoint for Mac in a managed environment (through JAMF, Intune, or another MDM solution), you must deploy new configuration profiles. Failure to do these steps will result in users getting approval prompts to run these new components.
+If you have deployed Microsoft Defender for Endpoint on macOS in a managed environment (through JAMF, Intune, or another MDM solution), you must deploy new configuration profiles. Failure to do these steps will result in users getting approval prompts to run these new components.
## JAMF
Add the following JAMF payload to grant Full Disk Access to the Microsoft Defend
### Network Extension Policy
-As part of the Endpoint Detection and Response capabilities, Microsoft Defender for Endpoint for Mac inspects socket traffic and reports this information to the Microsoft Defender Security Center portal. The following policy allows the network extension to perform this functionality.
+As part of the Endpoint Detection and Response capabilities, Microsoft Defender for Endpoint on macOS inspects socket traffic and reports this information to the Microsoft Defender Security Center portal. The following policy allows the network extension to perform this functionality.
>[!NOTE]
->JAMF doesnΓÇÖt have built-in support for content filtering policies, which are a pre-requisite for enabling the network extensions that Microsoft Defender for Endpoint for Mac installs on the device. Furthermore, JAMF sometimes changes the content of the policies being deployed.
+>JAMF doesnΓÇÖt have built-in support for content filtering policies, which are a pre-requisite for enabling the network extensions that Microsoft Defender for Endpoint on macOS installs on the device. Furthermore, JAMF sometimes changes the content of the policies being deployed.
>As such, the following steps provide a workaround that involve signing the configuration profile. 1. Save the following content to your device as `com.microsoft.network-extension.mobileconfig` using a text editor:
security Mac Sysext Preview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-sysext-preview.md
ms.technology: mde
-# Microsoft Defender for Endpoint for Mac - system extensions public preview)
+# Microsoft Defender for Endpoint on macOS - system extensions public preview)
**Applies to:** - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
security Mac Updates https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-updates.md
ms.technology: mde
-# Deploy updates for Microsoft Defender for Endpoint for Mac
+# Deploy updates for Microsoft Defender for Endpoint on macOS
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint for Mac](microsoft-defender-endpoint-mac.md)
+- [Microsoft Defender for Endpoint on macOS](microsoft-defender-endpoint-mac.md)
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
ms.technology: mde
Microsoft regularly publishes software updates to improve performance, security, and to deliver new features.
-To update Microsoft Defender for Endpoint for Mac, a program named Microsoft AutoUpdate (MAU) is used. By default, MAU automatically checks for updates daily, but you can change that to weekly, monthly, or manually.
+To update Microsoft Defender for Endpoint on macOS, a program named Microsoft AutoUpdate (MAU) is used. By default, MAU automatically checks for updates daily, but you can change that to weekly, monthly, or manually.
![MAU screenshot](images/MDATP-34-MAU.png)
If you decide to deploy updates by using your software distribution tools, you s
MAU includes a command-line tool, called *msupdate*, that is designed for IT administrators so that they have more precise control over when updates are applied. Instructions for how to use this tool can be found in [Update Office for Mac by using msupdate](https://docs.microsoft.com/deployoffice/mac/update-office-for-mac-using-msupdate).
-In MAU, the application identifier for Microsoft Defender for Endpoint for Mac is *WDAV00*. To download and install the latest updates for Microsoft Defender for Endpoint for Mac, execute the following command from a Terminal window:
+In MAU, the application identifier for Microsoft Defender for Endpoint on macOS is *WDAV00*. To download and install the latest updates for Microsoft Defender for Endpoint on macOS, execute the following command from a Terminal window:
``` ./msupdate --install --apps wdav00
The `Current` channel contains the most stable version of the product.
>[!TIP] >In order to preview new features and provide early feedback, it is recommended that you configure some devices in your enterprise to `Beta` or `Preview`.
-|||
+|Section|Value|
|:--|:--| | **Domain** | com.microsoft.autoupdate2 | | **Key** | ChannelName |
The `Current` channel contains the most stable version of the product.
||| >[!WARNING]
->This setting changes the channel for all applications that are updated through Microsoft AutoUpdate. To change the channel only for Microsoft Defender for Endpoint for Mac, execute the following command after replacing `[channel-name]` with the desired channel:
+>This setting changes the channel for all applications that are updated through Microsoft AutoUpdate. To change the channel only for Microsoft Defender for Endpoint on macOS, execute the following command after replacing `[channel-name]` with the desired channel:
> ```bash > defaults write com.microsoft.autoupdate2 Applications -dict-add "/Applications/Microsoft Defender ATP.app" " { 'Application ID' = 'WDAV00' ; 'App Domain' = 'com.microsoft.wdav' ; LCID = 1033 ; ChannelName = '[channel-name]' ; }" > ```
The `Current` channel contains the most stable version of the product.
Change how often MAU searches for updates.
-|||
+|Section|Value|
|:--|:--| | **Domain** | com.microsoft.autoupdate2 | | **Key** | UpdateCheckFrequency | | **Data type** | Integer | | **Default value** | 720 (minutes) | | **Comment** | This value is set in minutes. |
-|||
+ ### Change how MAU interacts with updates Change how MAU searches for updates.
-|||
+|Section|Value|
|:--|:--| | **Domain** | com.microsoft.autoupdate2 | | **Key** | HowToCheck | | **Data type** | String | | **Possible values** | Manual <br/> AutomaticCheck <br/> AutomaticDownload | | **Comment** | Note that AutomaticDownload will do a download and install silently if possible. |
-|||
+ ### Change whether the "Check for Updates" button is enabled Change whether local users will be able to click the "Check for Updates" option in the Microsoft AutoUpdate user interface.
-|||
+|Section|Value|
|:--|:--| | **Domain** | com.microsoft.autoupdate2 | | **Key** | EnableCheckForUpdatesButton | | **Data type** | Boolean | | **Possible values** | True (default) <br/> False |
-|||
+ ### Disable Insider checkbox Set to true to make the "Join the Office Insider Program..." checkbox unavailable / greyed out to users.
-|||
+|Section|Value|
|:--|:--| | **Domain** | com.microsoft.autoupdate2 | | **Key** | DisableInsiderCheckbox | | **Data type** | Boolean | | **Possible values** | False (default) <br/> True |
-|||
+ ### Limit the telemetry that is sent from MAU Set to false to send minimal heartbeat data, no application usage, and no environment details.
-|||
+|Section|Value|
|:--|:--| | **Domain** | com.microsoft.autoupdate2 | | **Key** | SendAllTelemetryEnabled | | **Data type** | Boolean | | **Possible values** | True (default) <br/> False |
-|||
+ ## Example configuration profile
security Mac Whatsnew https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-whatsnew.md
Title: What's new in Microsoft Defender for Endpoint for Mac
-description: Learn about the major changes for previous versions of Microsoft Defender for Endpoint for Mac.
+ Title: What's new in Microsoft Defender for Endpoint on Mac
+description: Learn about the major changes for previous versions of Microsoft Defender for Endpoint on Mac.
keywords: microsoft, defender, atp, mac, installation, macos, whatsnew search.product: eADQiWindows 10XVcnh search.appverid: met150
ms.technology: mde
-# What's new in Microsoft Defender for Endpoint for Mac
+# What's new in Microsoft Defender for Endpoint on Mac
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
ms.technology: mde
## 101.25.69 (20.121022.12569.0) -- Microsoft Defender for Endpoint for Mac is now available in preview for US Government customers. For more information, see [Microsoft Defender for Endpoint for US Government customers](gov.md).
+- Microsoft Defender for Endpoint on macOS is now available in preview for US Government customers. For more information, see [Microsoft Defender for Endpoint for US Government customers](gov.md).
- Performance improvements (specifically for the situation when the XCode Simulator app is used) & bug fixes ## 101.23.64 (20.121021.12364.0)
ms.technology: mde
> [!NOTE] > The old command-line tool syntax has been deprecated with this release. For information on the new syntax, see [Resources](mac-resources.md#configuring-from-the-command-line). -- Added a new command-line switch to disable the network extension: `mdatp system-extension network-filter disable`. This command can be useful to troubleshoot networking issues that could be related to Microsoft Defender for Endpoint for Mac
+- Added a new command-line switch to disable the network extension: `mdatp system-extension network-filter disable`. This command can be useful to troubleshoot networking issues that could be related to Microsoft Defender for Endpoint on Mac
- Performance improvements & bug fixes ## 101.19.21 (20.120101.11921.0)
ms.technology: mde
- This product version has been validated on macOS Big Sur 11 beta 9 -- The new syntax for the `mdatp` command-line tool is now the default one. For more information on the new syntax, see [Resources for Microsoft Defender for Endpoint for Mac](mac-resources.md#configuring-from-the-command-line)
+- The new syntax for the `mdatp` command-line tool is now the default one. For more information on the new syntax, see [Resources for Microsoft Defender for Endpoint on macOS](mac-resources.md#configuring-from-the-command-line)
> [!NOTE] > The old command-line tool syntax will be removed from the product on **January 1st, 2021**.
ms.technology: mde
## 100.90.27 -- You can now [set an update channel](mac-updates.md#set-the-channel-name) for Microsoft Defender for Endpoint for Mac that is different from the system-wide update channel
+- You can now [set an update channel](mac-updates.md#set-the-channel-name) for Microsoft Defender for Endpoint on macOS that is different from the system-wide update channel
- New product icon - Other user experience improvements - Bug fixes
ms.technology: mde
## 100.79.42 -- Fixed an issue where Microsoft Defender for Endpoint for Mac was sometimes interfering with Time Machine
+- Fixed an issue where Microsoft Defender for Endpoint on Mac was sometimes interfering with Time Machine
- Added a new switch to the command-line utility for testing the connectivity with the backend service ```bash mdatp connectivity test
security Manage Updates Baselines Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus.md
All our updates contain
<br/><br/> <details>
-<summary> March-2021 (Platform: 4.18.2103.6 | Engine: 1.1.18000.5)</summary>
+<summary> March-2021 (Platform: 4.18.2103.7 | Engine: 1.1.18000.5)</summary>
&ensp;Security intelligence update version: **1.335.36.0** &ensp;Released: **April 1, 2021**
-&ensp;Platform: **4.19.2103.6**
+&ensp;Platform: **4.19.2103.7**
&ensp;Engine: **1.1.18000.5** &ensp;Support phase: **Security and Critical Updates**
security Mcafee To Microsoft Defender Prepare https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mcafee-to-microsoft-defender-prepare.md
To enable communication between your devices and Microsoft Defender for Endpoint
|--|--|--| |[Endpoint detection and response](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/overview-endpoint-detection-response) (EDR) |- [Windows 10](https://docs.microsoft.com/windows/release-health/release-information) <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-health/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) |[Configure machine proxy and internet connectivity settings](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/configure-proxy-internet) | |EDR |- [Windows Server 2016](https://docs.microsoft.com/windows/release-health/status-windows-10-1607-and-windows-server-2016) <br/>- [Windows Server 2012 R2](https://docs.microsoft.com/windows/release-health/status-windows-8.1-and-windows-server-2012-r2)<br/>- [Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-health/status-windows-7-and-windows-server-2008-r2-sp1)<br/>- [Windows 8.1](https://docs.microsoft.com/windows/release-health/status-windows-8.1-and-windows-server-2012-r2)<br/>- [Windows 7 SP1](https://docs.microsoft.com/windows/release-health/status-windows-7-and-windows-server-2008-r2-sp1) |[Configure proxy and internet connectivity settings](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/onboard-downlevel#configure-proxy-and-internet-connectivity-settings) |
-|EDR |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra) |[Microsoft Defender for Endpoint for Mac: Network connections](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-atp-mac#network-connections) |
+|EDR |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra) |[Microsoft Defender for Endpoint on macOS: Network connections](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-atp-mac#network-connections) |
|[Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) |- [Windows 10](https://docs.microsoft.com/windows/release-health/release-information) <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-health/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) <br/>- [Windows Server 2016](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-2016) |[Configure and validate Microsoft Defender Antivirus network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus)<br/> |
-|Antivirus |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra) |[Microsoft Defender for Endpoint for Mac: Network connections](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-atp-mac#network-connections) |
-|Antivirus |Linux: <br/>- RHEL 7.2+<br/>- CentOS Linux 7.2+<br/>- Ubuntu 16 LTS, or higher LTS<br/>- SLES 12+<br/>- Debian 9+<br/>- Oracle Linux 7.2 |[Microsoft Defender for Endpoint for Linux: Network connections](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-atp-linux#network-connections)
+|Antivirus |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra) |[Microsoft Defender for Endpoint on macOS: Network connections](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-atp-mac#network-connections) |
+|Antivirus |Linux: <br/>- RHEL 7.2+<br/>- CentOS Linux 7.2+<br/>- Ubuntu 16 LTS, or higher LTS<br/>- SLES 12+<br/>- Debian 9+<br/>- Oracle Linux 7.2 |[Microsoft Defender for Endpoint on Linux: Network connections](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-atp-linux#network-connections)
## Next step
security Microsoft Defender Endpoint Android https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-android.md
Title: Microsoft Defender ATP for Android
+ Title: Microsoft Defender ATP on Android
description: Describes how to install and use Microsoft Defender ATP for Android keywords: microsoft, defender, atp, android, installation, deploy, uninstallation, intune
ms.technology: mde
-# Microsoft Defender for Endpoint for Android
+# Microsoft Defender for Endpoint on Android
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
This topic describes how to install, configure, update, and use Defender for End
> Running other third-party endpoint protection products alongside Defender for Endpoint for Android is likely to cause performance problems and unpredictable system errors.
-## How to install Microsoft Defender for Endpoint for Android
+## How to install Microsoft Defender for Endpoint on Android
### Prerequisites
This topic describes how to install, configure, update, and use Defender for End
- Access to the Microsoft Defender Security Center portal. > [!NOTE]
- > Microsoft Intune is the only supported Mobile Device Management (MDM) solution for deploying Microsoft Defender for Endpoint for Android. Currently only enrolled devices are supported for enforcing Defender for Endpoint for Android related device compliance policies in Intune.
+ > Microsoft Intune is the only supported Mobile Device Management (MDM) solution for deploying Microsoft Defender for Endpoint on Android. Currently only enrolled devices are supported for enforcing Defender for Endpoint for Android related device compliance policies in Intune.
- Access [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), to deploy the
This topic describes how to install, configure, update, and use Defender for End
### Installation instructions
-Microsoft Defender for Endpoint for Android supports installation on both modes of
+Microsoft Defender for Endpoint on Android supports installation on both modes of
enrolled devices - the legacy Device Administrator and Android Enterprise modes.
-**Currently, Personally-owned devices with work profile and Corporate-owned fully managed user device enrolments are supported in Android Enterprise. Support for other Android Enterprise modes will be announced when ready.**
+**Currently, Personally-owned devices with work profile and Corporate-owned fully managed user device enrollments are supported in Android Enterprise. Support for other Android Enterprise modes will be announced when ready.**
-Deployment of Microsoft Defender for Endpoint for Android is via Microsoft Intune (MDM).
-For more information, see [Deploy Microsoft Defender for Endpoint for Android with Microsoft Intune](android-intune.md).
+Deployment of Microsoft Defender for Endpoint on Android is via Microsoft Intune (MDM).
+For more information, see [Deploy Microsoft Defender for Endpoint on Android with Microsoft Intune](android-intune.md).
> [!NOTE]
-> **Microsoft Defender for Endpoint for Android is available on [Google Play](https://play.google.com/store/apps/details?id=com.microsoft.scmx) now.** <br> You can connect to Google Play from Intune to deploy Microsoft Defender for Endpoint app, across Device Administrator and Android Enterprise entrollment modes.
+> **Microsoft Defender for Endpoint on Android is available on [Google Play](https://play.google.com/store/apps/details?id=com.microsoft.scmx) now.** <br> You can connect to Google Play from Intune to deploy Microsoft Defender for Endpoint app, across Device Administrator and Android Enterprise entrollment modes.
-## How to Configure Microsoft Defender for Endpoint for Android
+## How to Configure Microsoft Defender for Endpoint on Android
-Guidance on how to configure Microsoft Defender for Endpoint for Android features is available in [Configure Microsoft Defender for Endpoint for Android features](android-configure.md).
+Guidance on how to configure Microsoft Defender for Endpoint on Android features is available in [Configure Microsoft Defender for Endpoint on Android features](android-configure.md).
## Related topics-- [Deploy Microsoft Defender for Endpoint for with Microsoft Intune](android-intune.md)-- [Configure Microsoft Defender for Endpoint for Android features](android-configure.md)
+- [Deploy Microsoft Defender for Endpoint on Android with Microsoft Intune](android-intune.md)
+- [Configure Microsoft Defender for Endpoint on Android features](android-configure.md)
security Microsoft Defender Endpoint Ios https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-ios.md
ms.technology: mde
-# Microsoft Defender for Endpoint for iOS
+# Microsoft Defender for Endpoint on iOS
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
ms.technology: mde
> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
-**Microsoft Defender for Endpoint for iOS** will offer protection against phishing and unsafe network connections from websites, emails, and apps. All alerts will be available through a single pane of glass in the Microsoft Defender Security Center. The portal gives security teams a centralized view of threats on
+**Microsoft Defender for Endpoint on iOS** will offer protection against phishing and unsafe network connections from websites, emails, and apps. All alerts will be available through a single pane of glass in the Microsoft Defender Security Center. The portal gives security teams a centralized view of threats on
iOS devices along with other platforms. > [!CAUTION]
iOS devices along with other platforms.
- Access to the Microsoft Defender Security Center portal. > [!NOTE]
- > Microsoft Intune is the only supported Mobile Device Management (MDM) solution for deploying Microsoft Defender for Endpoint for iOS. Currently only enrolled devices are supported for enforcing Defender for Endpoint for iOS related device compliance policies in Intune.
+ > Microsoft Intune is the only supported Mobile Device Management (MDM) solution for deploying Microsoft Defender for Endpoint on iOS. Currently only enrolled devices are supported for enforcing Defender for Endpoint for iOS related device compliance policies in Intune.
- Access to [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), to deploy the app to enrolled user groups in your organization.
iOS devices along with other platforms.
## Installation instructions
-Deployment of Microsoft Defender for Endpoint for iOS is via Microsoft Intune (MDM) and both supervised and unsupervised devices are supported.
-For more information, see [Deploy Microsoft Defender for Endpoint for iOS](ios-install.md).
+Deployment of Microsoft Defender for Endpoint on iOS is via Microsoft Intune (MDM) and both supervised and unsupervised devices are supported.
+For more information, see [Deploy Microsoft Defender for Endpoint on iOS](ios-install.md).
## Resources -- Stay informed about upcoming releases by visiting [What's new in Microsoft Defender for Endpoint for iOS](ios-whatsnew.md) or our [blog](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/bg-p/MicrosoftDefenderATPBlog/label-name/iOS).
+- Stay informed about upcoming releases by visiting [What's new in Microsoft Defender for Endpoint on iOS](ios-whatsnew.md) or our [blog](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/bg-p/MicrosoftDefenderATPBlog/label-name/iOS).
- Provide feedback through in-app feedback system or through [SecOps portal](https://securitycenter.microsoft.com) ## Next steps -- [Deploy Microsoft Defender for Endpoint for iOS](ios-install.md)-- [Configure Microsoft Defender for Endpoint for iOS features](ios-configure-features.md)
+- [Deploy Microsoft Defender for Endpoint on iOS](ios-install.md)
+- [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
security Microsoft Defender Endpoint Linux https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-linux.md
Title: Microsoft Defender for Endpoint for Linux
+ Title: Microsoft Defender for Endpoint on Linux
description: Describes how to install and use Microsoft Defender ATP for Linux. keywords: microsoft, defender, atp, linux, installation, deploy, uninstallation, puppet, ansible, linux, redhat, ubuntu, debian, sles, suse, centos
ms.technology: mde
-# Microsoft Defender for Endpoint for Linux
+# Microsoft Defender for Endpoint on Linux
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
ms.technology: mde
> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
-This topic describes how to install, configure, update, and use Microsoft Defender for Endpoint for Linux.
+This topic describes how to install, configure, update, and use Microsoft Defender for Endpoint on Linux.
> [!CAUTION]
-> Running other third-party endpoint protection products alongside Microsoft Defender for Endpoint for Linux is likely to lead to performance problems and unpredictable side effects. If non-Microsoft endpoint protection is an absolute requirement in your environment, you can still safely take advantage of Defender for Endpoint for Linux EDR functionality after configuring the antivirus functionality to run in [Passive mode](linux-preferences.md#enable--disable-passive-mode).
+> Running other third-party endpoint protection products alongside Microsoft Defender for Endpoint on Linux is likely to lead to performance problems and unpredictable side effects. If non-Microsoft endpoint protection is an absolute requirement in your environment, you can still safely take advantage of Defender for Endpoint for Linux EDR functionality after configuring the antivirus functionality to run in [Passive mode](linux-preferences.md#enable--disable-passive-mode).
-## How to install Microsoft Defender for Endpoint for Linux
+## How to install Microsoft Defender for Endpoint on Linux
### Prerequisites
This topic describes how to install, configure, update, and use Microsoft Defend
### Installation instructions
-There are several methods and deployment tools that you can use to install and configure Microsoft Defender for Endpoint for Linux.
+There are several methods and deployment tools that you can use to install and configure Microsoft Defender for Endpoint on Linux.
In general you need to take the following steps: - Ensure that you have a Microsoft Defender for Endpoint subscription, and that you have access to the [Microsoft Defender for Endpoint portal](microsoft-defender-security-center.md).-- Deploy Microsoft Defender for Endpoint for Linux using one of the following deployment methods:
+- Deploy Microsoft Defender for Endpoint on Linux using one of the following deployment methods:
- The command-line tool: - [Manual deployment](linux-install-manually.md) - Third-party management tools: - [Deploy using Puppet configuration management tool](linux-install-with-puppet.md) - [Deploy using Ansible configuration management tool](linux-install-with-ansible.md)
-If you experience any installation failures, refer to [Troubleshooting installation failures in Microsoft Defender for Endpoint for Linux](linux-support-install.md).
+If you experience any installation failures, refer to [Troubleshooting installation failures in Microsoft Defender for Endpoint on Linux](linux-support-install.md).
### System requirements
After you've enabled the service, you may need to configure your network or fire
- Audit framework (`auditd`) must be enabled. > [!NOTE]
- > System events captured by rules added to `/etc/audit/rules.d/` will add to `audit.log`(s) and might affect host auditing and upstream collection. Events added by Microsoft Defender for Endpoint for Linux will be tagged with `mdatp` key.
+ > System events captured by rules added to `/etc/audit/rules.d/` will add to `audit.log`(s) and might affect host auditing and upstream collection. Events added by Microsoft Defender for Endpoint on Linux will be tagged with `mdatp` key.
### Network connections
If a proxy or firewall is blocking anonymous traffic, make sure that anonymous t
> [!WARNING] > PAC, WPAD, and authenticated proxies are not supported. Ensure that only a static proxy or transparent proxy is being used. >
-> SSL inspection and intercepting proxies are also not supported for security reasons. Configure an exception for SSL inspection and your proxy server to directly pass through data from Defender for Endpoint for Linux to the relevant URLs without interception. Adding your interception certificate to the global store will not allow for interception.
+> SSL inspection and intercepting proxies are also not supported for security reasons. Configure an exception for SSL inspection and your proxy server to directly pass through data from Defender for Endpoint on Linux to the relevant URLs without interception. Adding your interception certificate to the global store will not allow for interception.
-For troubleshooting steps, see [Troubleshoot cloud connectivity issues for Microsoft Defender for Endpoint for Linux](linux-support-connectivity.md).
+For troubleshooting steps, see [Troubleshoot cloud connectivity issues for Microsoft Defender for Endpoint on Linux](linux-support-connectivity.md).
-## How to update Microsoft Defender for Endpoint for Linux
+## How to update Microsoft Defender for Endpoint on Linux
-Microsoft regularly publishes software updates to improve performance, security, and to deliver new features. To update Microsoft Defender for Endpoint for Linux, refer to [Deploy updates for Microsoft Defender for Endpoint for Linux](linux-updates.md).
+Microsoft regularly publishes software updates to improve performance, security, and to deliver new features. To update Microsoft Defender for Endpoint on Linux, refer to [Deploy updates for Microsoft Defender for Endpoint on Linux](linux-updates.md).
-## How to configure Microsoft Defender for Endpoint for Linux
+## How to configure Microsoft Defender for Endpoint on Linux
-Guidance for how to configure the product in enterprise environments is available in [Set preferences for Microsoft Defender for Endpoint for Linux](linux-preferences.md).
+Guidance for how to configure the product in enterprise environments is available in [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md).
## Resources
security Microsoft Defender Endpoint Mac https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-mac.md
Title: Microsoft Defender for Endpoint for Mac
+ Title: Microsoft Defender for Endpoint on Mac
-description: Learn how to install, configure, update, and use Microsoft Defender for Endpoint for Mac.
+description: Learn how to install, configure, update, and use Microsoft Defender for Endpoint on Mac.
keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, big sur, catalina, mojave, mde for mac search.product: eADQiWindows 10XVcnh search.appverid: met150
ms.technology: mde
-# Microsoft Defender for Endpoint for Mac
+# Microsoft Defender for Endpoint on Mac
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
ms.technology: mde
> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
-This topic describes how to install, configure, update, and use Defender for Endpoint for Mac.
+This topic describes how to install, configure, update, and use Defender for Endpoint on Mac.
> [!CAUTION]
-> Running other third-party endpoint protection products alongside Microsoft Defender for Endpoint for Mac is likely to lead to performance problems and unpredictable side effects. If non-Microsoft endpoint protection is an absolute requirement in your environment, you can still safely take advantage of Defender for Endpoint for Mac EDR functionality after configuring the antivirus functionality to run in [Passive mode](mac-preferences.md#enable--disable-passive-mode).
+> Running other third-party endpoint protection products alongside Microsoft Defender for Endpoint on Mac is likely to lead to performance problems and unpredictable side effects. If non-Microsoft endpoint protection is an absolute requirement in your environment, you can still safely take advantage of Defender for Endpoint on Mac EDR functionality after configuring the antivirus functionality to run in [Passive mode](mac-preferences.md#enable--disable-passive-mode).
## WhatΓÇÖs new in the latest release [What's new in Microsoft Defender for Endpoint](whats-new-in-microsoft-defender-atp.md)
-[What's new in Microsoft Defender for Endpoint for Mac](mac-whatsnew.md)
+[What's new in Microsoft Defender for Endpoint on Mac](mac-whatsnew.md)
> [!TIP]
-> If you have any feedback that you would like to share, submit it by opening Microsoft Defender for Endpoint for Mac on your device and navigating to **Help** > **Send feedback**.
+> If you have any feedback that you would like to share, submit it by opening Microsoft Defender for Endpoint on Mac on your device and navigating to **Help** > **Send feedback**.
To get the latest features, including preview capabilities (such as endpoint detection and response for your Mac devices), configure your macOS device running Microsoft Defender for Endpoint to be an "Insider" device.
-## How to install Microsoft Defender for Endpoint for Mac
+## How to install Microsoft Defender for Endpoint on Mac
### Prerequisites
To get the latest features, including preview capabilities (such as endpoint det
### Installation instructions
-There are several methods and deployment tools that you can use to install and configure Defender for Endpoint for Mac.
+There are several methods and deployment tools that you can use to install and configure Defender for Endpoint on Mac.
- Third-party management tools: - [Microsoft Intune-based deployment](mac-install-with-intune.md)
After you've enabled the service, you may need to configure your network or fire
### Licensing requirements
-Microsoft Defender for Endpoint for Mac requires one of the following Microsoft Volume Licensing offers:
+Microsoft Defender for Endpoint on Mac requires one of the following Microsoft Volume Licensing offers:
- Microsoft 365 E5 (M365 E5) - Microsoft 365 E5 Security
If a proxy or firewall is blocking anonymous traffic, make sure that anonymous t
> [!WARNING] > Authenticated proxies are not supported. Ensure that only PAC, WPAD, or a static proxy is being used. >
-> SSL inspection and intercepting proxies are also not supported for security reasons. Configure an exception for SSL inspection and your proxy server to directly pass through data from Microsoft Defender for Endpoint for Mac to the relevant URLs without interception. Adding your interception certificate to the global store will not allow for interception.
+> SSL inspection and intercepting proxies are also not supported for security reasons. Configure an exception for SSL inspection and your proxy server to directly pass through data from Microsoft Defender for Endpoint on macOS to the relevant URLs without interception. Adding your interception certificate to the global store will not allow for interception.
To test that a connection is not blocked, open [https://x.cp.wd.microsoft.com/api/report](https://x.cp.wd.microsoft.com/api/report) and [https://cdn.x.cp.wd.microsoft.com/ping](https://cdn.x.cp.wd.microsoft.com/ping) in a browser.
Once Microsoft Defender for Endpoint is installed, connectivity can be validated
mdatp connectivity test ```
-## How to update Microsoft Defender for Endpoint for Mac
+## How to update Microsoft Defender for Endpoint on Mac
-Microsoft regularly publishes software updates to improve performance, security, and to deliver new features. To update Microsoft Defender for Endpoint for Mac, a program named Microsoft AutoUpdate (MAU) is used. To learn more, see [Deploy updates for Microsoft Defender for Endpoint for Mac](mac-updates.md).
+Microsoft regularly publishes software updates to improve performance, security, and to deliver new features. To update Microsoft Defender for Endpoint on Mac, a program named Microsoft AutoUpdate (MAU) is used. To learn more, see [Deploy updates for Microsoft Defender for Endpoint on Mac](mac-updates.md).
-## How to configure Microsoft Defender for Endpoint for Mac
+## How to configure Microsoft Defender for Endpoint on Mac
-Guidance for how to configure the product in enterprise environments is available in [Set preferences for Microsoft Defender for Endpoint for Mac](mac-preferences.md).
+Guidance for how to configure the product in enterprise environments is available in [Set preferences for Microsoft Defender for Endpoint on Mac](mac-preferences.md).
## macOS kernel and system extensions
-In alignment with macOS evolution, we are preparing a Microsoft Defender for Endpoint for Mac update that leverages system extensions instead of kernel extensions. For relevant details, see [What's new in Microsoft Defender for Endpoint for Mac](mac-whatsnew.md).
+In alignment with macOS evolution, we are preparing a Microsoft Defender for Endpoint on Mac update that leverages system extensions instead of kernel extensions. For relevant details, see [What's new in Microsoft Defender for Endpoint on Mac](mac-whatsnew.md).
## Resources -- For more information about logging, uninstalling, or other topics, see [Resources for Microsoft Defender for Endpoint for Mac](mac-resources.md).
+- For more information about logging, uninstalling, or other topics, see [Resources for Microsoft Defender for Endpoint on Mac](mac-resources.md).
-- [Privacy for Microsoft Defender for Endpoint for Mac](mac-privacy.md).
+- [Privacy for Microsoft Defender for Endpoint on Mac](mac-privacy.md).
security Minimum Requirements https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/minimum-requirements.md
The hardware requirements for Defender for Endpoint on devices are the same for
### Other supported operating systems-- Android-- iOS-- Linux-- macOS
+- [Android](microsoft-defender-endpoint-android.md)
+- [iOS](microsoft-defender-endpoint-ios.md)
+- [Linux](microsoft-defender-endpoint-linux.md)
+- [macOS](microsoft-defender-endpoint-mac.md)
> [!NOTE] > You'll need to confirm the Linux distributions and versions of Android, iOS and macOS you've are compatible with Defender for Endpoint for the integration to work.
security Network Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/network-protection.md
ms.technology: mde Previously updated : 03/08/2021
Network protection helps reduce the attack surface of your devices from Internet-based events. It prevents employees from using any application to access dangerous domains that might host phishing scams, exploits, and other malicious content on the Internet. Network protection expands the scope of [Microsoft Defender SmartScreen](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview) to block all outbound HTTP(s) traffic that attempts to connect to low-reputation sources (based on the domain or hostname).
-Network protection is supported on Windows, beginning with Windows 10, version 1709.
+Network protection is supported on Windows, beginning with Windows 10, version 1709. Network protection is not yet supported on other operating systems, but web protection is supported using th new Microsoft Edge based on Chromium. To learn more, see [Web protection](web-protection-overview.md).
+
+network protection extends the protection in [Web protection](web-protection-overview.md) to the operating system level. It provides web protection functionality in Edge to other supported browsers and non-browser applications. In addition, network protection provides visibility and blocking of indicators of compromise (IOCs) when used with [Endpoint detection and response](overview-endpoint-detection-response.md). For example, network protection works with your [custom indicators](manage-indicators.md).
For more information about how to enable network protection, see [Enable network protection](enable-network-protection.md). Use Group Policy, PowerShell, or MDM CSPs to enable and manage network protection in your network. > [!TIP] > See the Microsoft Defender ATP testground site at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to see how network protection works.
-Network protection works best with [Microsoft Defender for Endpoint](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-advanced-threat-protection), which gives you detailed reporting into exploit protection events and blocks as part of [alert investigation scenarios](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/investigate-alerts).
+Network protection works best with [Microsoft Defender for Endpoint](microsoft-defender-endpoint.md), which gives you detailed reporting into exploit protection events and blocks as part of [alert investigation scenarios](investigate-alerts.md).
When network protection blocks a connection, a notification is displayed from the Action Center. Your security operations team can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your organization's details and contact information. In addition, individual attack surface reduction rules can be enabled and customized to suit certain techniques to monitor.
Network protection requires Windows 10 Pro or Enterprise, and Microsoft Defender
| Windows version | Microsoft Defender Antivirus | |:|:|
-| Windows 10 version 1709 or later <p>Windows Server 1803 or later | [Microsoft Defender Antivirus real-time protection](https://docs.microsoft.com/windows/security/threat-protection/configure-real-time-protection-microsoft-defender-antivirus.md) and [cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/enable-cloud-protection-microsoft-defender-antivirus.md) must be enabled |
+| Windows 10 version 1709 or later <p>Windows Server 1803 or later | [Microsoft Defender Antivirus real-time protection](configure-real-time-protection-microsoft-defender-antivirus.md) and [cloud-delivered protection](enable-cloud-protection-microsoft-defender-antivirus.md) must be enabled |
After you have enabled the services, you might need to configure your network or firewall to allow the connections between the services and your devices (also referred to as endpoints). -- .smartscreen.microsoft.com-- .smartscreen-prod.microsoft.com
+- `.smartscreen.microsoft.com`
+- `.smartscreen-prod.microsoft.com`
## Review network protection events in the Microsoft Defender for Endpoint Security Center
-Microsoft Defender for Endpoint provides detailed reporting into events and blocks as part of its [alert investigation scenarios](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/investigate-alerts).
+Microsoft Defender for Endpoint provides detailed reporting into events and blocks as part of its [alert investigation scenarios](investigate-alerts.md).
-You can query Microsoft Defender for Endpoint data by using [Advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection). If you're using [audit mode](audit-windows-defender.md), you can use advanced hunting to see how network protection settings would affect your environment if they were enabled.
+You can query Microsoft Defender for Endpoint data by using [advanced hunting](advanced-hunting-overview.md). If you're using [audit mode](audit-windows-defender.md), you can use advanced hunting to see how network protection settings would affect your environment if they were enabled.
Here is an example query
This procedure creates a custom view that filters to only show the following eve
| 1125 | Event when network protection fires in audit mode | | 1126 | Event when network protection fires in block mode |
+## Considerations for Windows virtual desktop running Windows 10 Enterprise Multi-Session
+
+Due to the multi-user nature of Windows 10 Enterprise, keep the following points in mind:
+
+1. Network protection is a device-wide feature and cannot be targeted to specific user sessions.
+
+2. Web content filtering policies are also device wide.
+
+3. If you need to differentiate between user groups, consider creating separate Windows Virtual Desktop host pools and assignments.
+
+4. Test network protection in audit mode to assess its behavior before rolling out.
+
+5. Consider resizing your deployment if you have a large number of users or a large number of multi-user sessions.
+
+### Alternative option for network protection
+
+For Windows 10 Enterprise Multi-Session 1909 and up, used in Windows Virtual Desktop on Azure, network protection for Microsoft Edge can be enabled using the following method:
+
+1. Use [Turn on network protection](enable-network-protection.md) and follow the instructions to apply your policy.
+
+2. Execute the following PowerShell command: `Set-MpPreference -AllowNetworkProtectionOnWinServer 1`
+ ## Network protection troubleshooting
-Due to the environment where Network Protection runs, Microsoft might not be able to detect operating system proxy settings. In some cases, Network Protection clients are unable to reach Cloud Service. To resolve the connectivity problem, customers with E5 licenses should configure one of the following Defender registry keys:
+Due to the environment where Network Protection runs, Microsoft might not be able to detect operating system proxy settings. In some cases, network protection clients are unable to reach Cloud Service. To resolve the connectivity problem, customers with E5 licenses should configure one of the following Defender registry keys:
```console reg add "HKLM\Software\Microsoft\Windows Defender" /v ProxyServer /d "<proxy IP address: Port>" /f
security Non Windows https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/non-windows.md
Customers can obtain Microsoft Defender for Endpoint on macOS through a standalo
Microsoft Defender for Endpoint license, as part of Microsoft 365 A5/E5, or Microsoft 365 Security.
-Recently announced capabilities of Microsoft Defender for Endpoint for Android and iOS
+Recently announced capabilities of Microsoft Defender for Endpoint on Android and iOS
are included in the above mentioned offers as part of the five qualified devices for eligible licensed users.
security Onboarding https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/onboarding.md
Title: Onboard to the Microsoft Defender ATP service
-description: Learn how to onboard endpoints to Microsoft Defender ATP service
+ Title: Onboard to the Microsoft Defender for Endpoint service
+description: Learn how to onboard endpoints to Microsoft Defender for Endpoint service
keywords: search.product: eADQiWindows 10XVcnh ms.prod: m365-security
The following table lists the available tools based on the endpoint that you nee
| Endpoint | Tool options | |--||
-| **Windows** | [Local script (up to 10 devices)](configure-endpoints-script.md) <br> [Group Policy](configure-endpoints-gp.md) <br> [Microsoft Endpoint Manager/ Mobile Device Manager](configure-endpoints-mdm.md) <br> [Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md) <br> [VDI scripts](configure-endpoints-vdi.md) |
+| **Windows** | [Local script (up to 10 devices)](configure-endpoints-script.md) <br> [Group Policy](configure-endpoints-gp.md) <br> [Microsoft Endpoint Manager/ Mobile Device Manager](configure-endpoints-mdm.md) <br> [Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md) <br> [VDI scripts](configure-endpoints-vdi.md) <br> [Azure Security Center](configure-server-endpoints.md#integration-with-azure-security-center) |
| **macOS** | [Local scripts](mac-install-manually.md) <br> [Microsoft Endpoint Manager](mac-install-with-intune.md) <br> [JAMF Pro](mac-install-with-jamf.md) <br> [Mobile Device Management](mac-install-with-other-mdm.md) | | **Linux Server** | [Local script](linux-install-manually.md) <br> [Puppet](linux-install-with-puppet.md) <br> [Ansible](linux-install-with-ansible.md)| | **iOS** | [App-based](ios-install.md) |
security Raw Data Export Storage https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/raw-data-export-storage.md
Title: Stream Microsoft Defender for Endpoint events to your Storage account
-description: Learn how to configure Microsoft Defender ATP to stream Advanced Hunting events to your Storage account.
+description: Learn how to configure Microsoft Defender for Endpoint to stream Advanced Hunting events to your Storage account.
keywords: raw data export, streaming API, API, Event Hubs, Azure storage, storage account, Advanced Hunting, raw data sharing search.product: eADQiWindows 10XVcnh search.appverid: met150
security Raw Data Export https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/raw-data-export.md
Title: Stream Microsoft Defender for Endpoint event
-description: Learn how to configure Microsoft Defender ATP to stream Advanced Hunting events to Event Hubs or Azure storage account
+description: Learn how to configure Microsoft Defender for Endpoint to stream Advanced Hunting events to Event Hubs or Azure storage account
keywords: raw data export, streaming API, API, Event hubs, Azure storage, storage account, Advanced Hunting, raw data sharing search.product: eADQiWindows 10XVcnh search.appverid: met150
security Respond Machine Alerts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/respond-machine-alerts.md
Title: Take response actions on a device in Microsoft Defender ATP
+ Title: Take response actions on a device in Microsoft Defender for Endpoint
description: Take response actions on a device such as isolating devices, collecting an investigation package, managing tags, running av scan, and restricting app execution. keywords: respond, isolate, isolate device, collect investigation package, action center, restrict, manage tags, av scan, restrict app search.product: eADQiWindows 10XVcnh
security Run Detection Test https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/run-detection-test.md
Title: Run a detection test on a newly onboarded Microsoft Defender ATP device
-description: Run the detection script on a newly onboarded device to verify that it is properly onboarded to the Microsoft Defender ATP service.
+ Title: Run a detection test on a newly onboarded Microsoft Defender for Endpoint device
+description: Run the detection script on a newly onboarded device to verify that it is properly onboarded to the Microsoft Defender for Endpoint service.
keywords: detection test, detection, powershell, script, verify, onboarding, microsoft defender for endpoint onboarding, clients, servers, test search.product: eADQiWindows 10XVcnh search.appverid: met150
security Service Status https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/service-status.md
Title: Check the Microsoft Defender ATP service health
-description: Check Microsoft Defender ATP service health, see if the service is experiencing issues and review previous issues that have been resolved.
+ Title: Check the Microsoft Defender for Endpoint service health
+description: Check Microsoft Defender for Endpoint service health, see if the service is experiencing issues and review previous issues that have been resolved.
keywords: dashboard, service, issues, service health, current status, status history, summary of impact, preliminary root cause, resolution, resolution time, expected resolution time search.product: eADQiWindows 10XVcnh search.appverid: met150
security Switch To Microsoft Defender Onboard https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-onboard.md
To verify that your onboarded devices are properly connected to Microsoft Defend
|Operating system |Guidance | ||| |- Windows 10 <br/>- Windows Server 2019 <br/>- Windows Server, version 1803 <br/>- Windows Server 2016 <br/>- Windows Server 2012 R2 |See [Run a detection test](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/run-detection-test). <br/><br/>Visit the Microsoft Defender for Endpoint demo scenarios site ([https://demo.wd.microsoft.com](https://demo.wd.microsoft.com)) and try one or more of the scenarios. For example, try the **Cloud-delivered protection** demo scenario. |
-|macOS<br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave)<br/>- 10.13 (High Sierra) |Download and use the DIY app at [https://aka.ms/mdatpmacosdiy](https://aka.ms/mdatpmacosdiy). <br/><br/>For more information, see [Microsoft Defender for Endpoint for Mac](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-atp-mac). |
-|Linux:<br/>- RHEL 7.2+<br/>- CentOS Linux 7.2+<br/>- Ubuntu 16 LTS, or higher LTS<br/>- SLES 12+<br/>- Debian 9+<br/>- Oracle Linux 7.2 |1. Run the following command, and look for a result of **1**: <br/>`mdatp health --field real_time_protection_enabled`. <br/><br/>2. Open a Terminal window, and run the following command: <br/>`curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt`. <br/><br/>3. Run the following command to list any detected threats: <br/>`mdatp threat list`. <br/><br/>For more information, see [Microsoft Defender ATP for Linux](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-atp-linux). |
+|macOS<br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave)<br/>- 10.13 (High Sierra) |Download and use the DIY app at [https://aka.ms/mdatpmacosdiy](https://aka.ms/mdatpmacosdiy). <br/><br/>For more information, see [Microsoft Defender for Endpoint on macOS](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-atp-mac). |
+|Linux:<br/>- RHEL 7.2+<br/>- CentOS Linux 7.2+<br/>- Ubuntu 16 LTS, or higher LTS<br/>- SLES 12+<br/>- Debian 9+<br/>- Oracle Linux 7.2 |1. Run the following command, and look for a result of **1**: <br/>`mdatp health --field real_time_protection_enabled`. <br/><br/>2. Open a Terminal window, and run the following command: <br/>`curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt`. <br/><br/>3. Run the following command to list any detected threats: <br/>`mdatp threat list`. <br/><br/>For more information, see [Microsoft Defender for Endpoint on Linux](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-linux). |
## Uninstall your non-Microsoft solution
security Switch To Microsoft Defender Prepare https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-prepare.md
To enable communication between your devices and Microsoft Defender for Endpoint
|--|--|--| |[Endpoint detection and response](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/overview-endpoint-detection-response) (EDR) |- [Windows 10](https://docs.microsoft.com/windows/release-health/release-information) <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-health/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) |[Configure machine proxy and internet connectivity settings](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/configure-proxy-internet) | |EDR |- [Windows Server 2016](https://docs.microsoft.com/windows/release-health/status-windows-10-1607-and-windows-server-2016) <br/>- [Windows Server 2012 R2](https://docs.microsoft.com/windows/release-health/status-windows-8.1-and-windows-server-2012-r2)<br/>- [Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-health/status-windows-7-and-windows-server-2008-r2-sp1)<br/>- [Windows 8.1](https://docs.microsoft.com/windows/release-health/status-windows-8.1-and-windows-server-2012-r2)<br/>- [Windows 7 SP1](https://docs.microsoft.com/windows/release-health/status-windows-7-and-windows-server-2008-r2-sp1) |[Configure proxy and internet connectivity settings](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/onboard-downlevel#configure-proxy-and-internet-connectivity-settings) |
-|EDR |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra) |[Microsoft Defender for Endpoint for Mac: Network connections](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-atp-mac#network-connections) |
+|EDR |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra) |[Microsoft Defender for Endpoint on macOS: Network connections](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-atp-mac#network-connections) |
|[Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) |- [Windows 10](https://docs.microsoft.com/windows/release-health/release-information) <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-health/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) <br/>- [Windows Server 2016](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-2016) |[Configure and validate Microsoft Defender Antivirus network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus)<br/> |
-|Antivirus |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra) |[Microsoft Defender for Endpoint for Mac: Network connections](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-atp-mac#network-connections) |
-|Antivirus |Linux: <br/>- RHEL 7.2+<br/>- CentOS Linux 7.2+<br/>- Ubuntu 16 LTS, or higher LTS<br/>- SLES 12+<br/>- Debian 9+<br/>- Oracle Linux 7.2 |[Microsoft Defender for Endpoint for Linux: Network connections](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-atp-linux#network-connections) |
+|Antivirus |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra) |[Microsoft Defender for Endpoint on macOS: Network connections](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-atp-mac#network-connections) |
+|Antivirus |Linux: <br/>- RHEL 7.2+<br/>- CentOS Linux 7.2+<br/>- Ubuntu 16 LTS, or higher LTS<br/>- SLES 12+<br/>- Debian 9+<br/>- Oracle Linux 7.2 |[Microsoft Defender for Endpoint on Linux: Network connections](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-atp-linux#network-connections) |
## Next step
security Symantec To Microsoft Defender Atp Onboard https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/symantec-to-microsoft-defender-atp-onboard.md
To verify that your onboarded devices are properly connected to Microsoft Defend
|Operating system |Guidance | ||| |- Windows 10 <br/>- Windows Server 2019 <br/>- Windows Server, version 1803 <br/>- Windows Server 2016 <br/>- Windows Server 2012 R2 |See [Run a detection test](run-detection-test.md). <br/><br/>Visit the Microsoft Defender for Endpoint demo scenarios site ([https://demo.wd.microsoft.com](https://demo.wd.microsoft.com)) and try one or more of the scenarios. For example, try the **Cloud-delivered protection** demo scenario. |
-|macOS<br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave)<br/>- 10.13 (High Sierra) |Download and use the DIY app at [https://aka.ms/mdatpmacosdiy](https://aka.ms/mdatpmacosdiy). <br/><br/>For more information, see [Microsoft Defender for Endpoint for Mac](microsoft-defender-endpoint-mac.md). |
-|Linux:<br/>- RHEL 7.2+<br/>- CentOS Linux 7.2+<br/>- Ubuntu 16 LTS, or higher LTS<br/>- SLES 12+<br/>- Debian 9+<br/>- Oracle Linux 7.2 |1. Run the following command, and look for a result of **1**: <br/>`mdatp health --field real_time_protection_enabled`. <br/><br/>2. Open a Terminal window, and run the following command: <br/>`curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt`. <br/><br/>3. Run the following command to list any detected threats: <br/>`mdatp threat list`. <br/><br/>For more information, see [Microsoft Defender for Endpoint for Linux](microsoft-defender-endpoint-linux.md). |
+|macOS<br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave)<br/>- 10.13 (High Sierra) |Download and use the DIY app at [https://aka.ms/mdatpmacosdiy](https://aka.ms/mdatpmacosdiy). <br/><br/>For more information, see [Microsoft Defender for Endpoint on macOS](microsoft-defender-endpoint-mac.md). |
+|Linux:<br/>- RHEL 7.2+<br/>- CentOS Linux 7.2+<br/>- Ubuntu 16 LTS, or higher LTS<br/>- SLES 12+<br/>- Debian 9+<br/>- Oracle Linux 7.2 |1. Run the following command, and look for a result of **1**: <br/>`mdatp health --field real_time_protection_enabled`. <br/><br/>2. Open a Terminal window, and run the following command: <br/>`curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt`. <br/><br/>3. Run the following command to list any detected threats: <br/>`mdatp threat list`. <br/><br/>For more information, see [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md). |
## Uninstall Symantec
security Symantec To Microsoft Defender Atp Prepare https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/symantec-to-microsoft-defender-atp-prepare.md
To enable communication between your devices and Microsoft Defender for Endpoint
|:-|:-|:| |[Endpoint detection and response](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/overview-endpoint-detection-response) (EDR) |- [Windows 10](https://docs.microsoft.com/windows/release-health/release-information/) <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-health/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) |[Configure machine proxy and internet connectivity settings](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/configure-proxy-internet) | |EDR |- [Windows Server 2016](https://docs.microsoft.com/windows/release-health/status-windows-10-1607-and-windows-server-2016) <br/>- [Windows Server 2012 R2](https://docs.microsoft.com/windows/release-health/status-windows-8.1-and-windows-server-2012-r2)<br/>- [Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/release-health/status-windows-7-and-windows-server-2008-r2-sp1)<br/>- [Windows 8.1](https://docs.microsoft.com/windows/release-health/status-windows-8.1-and-windows-server-2012-r2)<br/>- [Windows 7 SP1](https://docs.microsoft.com/windows/release-health/status-windows-7-and-windows-server-2008-r2-sp1) |[Configure proxy and internet connectivity settings](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/onboard-downlevel#configure-proxy-and-internet-connectivity-settings) |
-|EDR |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra) |[Microsoft Defender for Endpoint for Mac: Network connections](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-atp-mac#network-connections) |
+|EDR |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra) |[Microsoft Defender for Endpoint on macOS: Network connections](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-atp-mac#network-connections) |
|[Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) |- [Windows 10](https://docs.microsoft.com/windows/release-health/release-information/) <br/>- [Windows Server 2019](https://docs.microsoft.com/windows/release-health/status-windows-10-1809-and-windows-server-2019)<br/>- [Windows Server 1803 or later](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) <br/>- [Windows Server 2016](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-2016) |[Configure and validate Microsoft Defender Antivirus network connections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus)<br/> | |Antivirus |macOS: <br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave) <br/>- 10.13 (High Sierra) |[Microsoft -Defender for Endpoint for Mac: Network connections](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-atp-mac#network-connections) |
-|Antivirus |Linux: <br/>- RHEL 7.2+<br/>- CentOS Linux 7.2+<br/>- Ubuntu 16 LTS, or higher LTS<br/>- SLES 12+<br/>- Debian 9+<br/>- Oracle Linux 7.2 |[Microsoft Defender for Endpoint for Linux: Network connections](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-atp-linux#network-connections) |
+|Antivirus |Linux: <br/>- RHEL 7.2+<br/>- CentOS Linux 7.2+<br/>- Ubuntu 16 LTS, or higher LTS<br/>- SLES 12+<br/>- Debian 9+<br/>- Oracle Linux 7.2 |[Microsoft Defender for Endpoint on Linux: Network connections](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-atp-linux#network-connections) |
## Next step
security Threat Analytics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/threat-analytics.md
Title: Track and respond to emerging threats with Microsoft Defender ATP threat analytics
+ Title: Track and respond to emerging threats with Microsoft Defender for Endpoint threat analytics
description: Learn about emerging threats and attack techniques and how to stop them. Assess their impact to your organization and evaluate your organizational resilience. keywords: threat analytics, risk evaluation, OS mitigation, microcode mitigation, mitigation status
security Threat Protection Reports https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/threat-protection-reports.md
Title: Threat protection report in Microsoft Defender ATP
+ Title: Threat protection report in Microsoft Defender for Endpoint
description: Track alert detections, categories, and severity using the threat protection report keywords: alert detection, source, alert by category, alert severity, alert classification, determination search.product: eADQiWindows 10XVcnh
security Troubleshoot Cloud Connect Mdemac https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/troubleshoot-cloud-connect-mdemac.md
Title: Troubleshoot cloud connectivity issues for Microsoft Defender for Endpoint for Mac
-description: This topic describes how to troubleshoot cloud connectivity issues for Microsoft Defender for Endpoint for Mac
+ Title: Troubleshoot cloud connectivity issues for Microsoft Defender for Endpoint on macOS
+description: This topic describes how to troubleshoot cloud connectivity issues for Microsoft Defender for Endpoint on macOS
keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, catalina, mojave, high sierra search.product: eADQiWindows 10XVcnh search.appverid: met150
ms.technology: mde
-# Troubleshoot cloud connectivity issues for Microsoft Defender for Endpoint for Mac
+# Troubleshoot cloud connectivity issues for Microsoft Defender for Endpoint on macOS
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
ms.technology: mde
**Platform** macOS
-This topic describes how to Troubleshoot cloud connectivity issues for Microsoft Defender for Endpoint for Mac.
+This topic describes how to Troubleshoot cloud connectivity issues for Microsoft Defender for Endpoint on macOS.
## Run the connectivity test To test if Defender for Endpoint for Mac can communicate to the cloud with the current network settings, run a connectivity test from the command line:
Use the following procedure to test that a connection is not blocked in an envir
If a proxy or firewall is blocking anonymous traffic, make sure that anonymous traffic is permitted in the previously listed URLs. > [!WARNING]
-> Authenticated proxies are not supported. Ensure that only PAC, WPAD, or a static proxy is being used. SSL inspection and intercepting proxies are also not supported for security reasons. Configure an exception for SSL inspection and your proxy server to directly pass through data from Microsoft Defender for Endpoint for Mac to the relevant URLs without interception. Adding your interception certificate to the global store will not allow for interception.
+> Authenticated proxies are not supported. Ensure that only PAC, WPAD, or a static proxy is being used. SSL inspection and intercepting proxies are also not supported for security reasons. Configure an exception for SSL inspection and your proxy server to directly pass through data from Microsoft Defender for Endpoint on macOS to the relevant URLs without interception. Adding your interception certificate to the global store will not allow for interception.
To test that a connection is not blocked: In a browser such as Microsoft Edge for Mac or Safari open https://x.cp.wd.microsoft.com/api/report and https://cdn.x.cp.wd.microsoft.com/ping.
security Troubleshoot Live Response https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/troubleshoot-live-response.md
Title: Troubleshoot Microsoft Defender ATP live response issues
-description: Troubleshoot issues that might arise when using live response in Microsoft Defender ATP
+ Title: Troubleshoot Microsoft Defender for Endpoint live response issues
+description: Troubleshoot issues that might arise when using live response in Microsoft Defender for Endpoint
keywords: troubleshoot live response, live, response, locked, file search.product: eADQiWindows 10XVcnh search.appverid: met150
security Troubleshoot Onboarding https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/troubleshoot-onboarding.md
Title: Troubleshoot Microsoft Defender ATP onboarding issues
-description: Troubleshoot issues that might arise during the onboarding of devices or to the Microsoft Defender ATP service.
+ Title: Troubleshoot Microsoft Defender for Endpoint onboarding issues
+description: Troubleshoot issues that might arise during the onboarding of devices or to the Microsoft Defender for Endpoint service.
keywords: troubleshoot onboarding, onboarding issues, event viewer, data collection and preview builds, sensor data and diagnostics search.product: eADQiWindows 10XVcnh search.appverid: met150
security Troubleshoot Siem https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/troubleshoot-siem.md
Title: Troubleshoot SIEM tool integration issues in Microsoft Defender ATP
-description: Troubleshoot issues that might arise when using SIEM tools with Microsoft Defender ATP.
+ Title: Troubleshoot SIEM tool integration issues in Microsoft Defender for Endpoint
+description: Troubleshoot issues that might arise when using SIEM tools with Microsoft Defender for Endpoint.
keywords: troubleshoot, siem, client secret, secret search.product: eADQiWindows 10XVcnh search.appverid: met150
security Tvm Assign Device Value https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/tvm-assign-device-value.md
Title: Assign device value - threat and vulnerability management description: Learn how to assign a low, normal, or high value to a device to help you differentiate between asset priorities.
-keywords: microsoft defender atp device value, threat and vulnerability management device value, high value devices, device value exposure score
+keywords: microsoft defender for endpoint device value, threat and vulnerability management device value, high value devices, device value exposure score
search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: m365-security
security Tvm Exception https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/tvm-exception.md
Title: Create and view exceptions for security recommendations - threat and vulnerability management description: Create and monitor exceptions for security recommendations in threat and vulnerability management.
-keywords: microsoft defender atp tvm remediation, mdatp tvm, threat and vulnerability management, threat & vulnerability management, threat & vulnerability management remediation, tvm remediation intune, tvm remediation sccm
+keywords: microsoft defender for endpoint tvm remediation, mdatp tvm, threat and vulnerability management, threat & vulnerability management, threat & vulnerability management remediation, tvm remediation intune, tvm remediation sccm
search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: m365-security
A flyout will appear where you can search and choose device groups you want incl
### Global exceptions
-If you have global administrator permissions (called Microsoft Defender ATP administrator), you will be able to create and cancel a global exception. It affects **all** current and future device groups in your organization, and only a user with similar permission would be able to change it. The recommendation state will change from ΓÇ£activeΓÇ¥ to ΓÇ£full exception.ΓÇ¥
+If you have global administrator permissions, you will be able to create and cancel a global exception. It affects **all** current and future device groups in your organization, and only a user with similar permission would be able to change it. The recommendation state will change from ΓÇ£activeΓÇ¥ to ΓÇ£full exception.ΓÇ¥
![Showing global exception option.](images/tvm-exception-global.png)
security Tvm Remediation https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/tvm-remediation.md
Title: Remediate vulnerabilities with threat and vulnerability management description: Remediate security weaknesses discovered through security recommendations, and create exceptions if needed, in threat and vulnerability management.
-keywords: microsoft defender atp tvm remediation, mdatp tvm, threat and vulnerability management, threat & vulnerability management, threat & vulnerability management remediation, tvm remediation intune, tvm remediation sccm
+keywords: microsoft defender for endpoint tvm remediation, mdatp tvm, threat and vulnerability management, threat & vulnerability management, threat & vulnerability management remediation, tvm remediation intune, tvm remediation sccm
search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: m365-security
security Tvm Software Inventory https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/tvm-software-inventory.md
Title: Software inventory in threat and vulnerability management
-description: The software inventory page for Microsoft Defender ATP's threat and vulnerability management shows how many weaknesses and vulnerabilities have been detected in software.
-keywords: threat and vulnerability management, microsoft defender atp, microsoft defender atp software inventory, mdatp threat & vulnerability management, mdatp threat & vulnerability management software inventory, mdatp tvm software inventory, tvm software inventory
+description: The software inventory page for Microsoft Defender for Endpoint's threat and vulnerability management shows how many weaknesses and vulnerabilities have been detected in software.
+keywords: threat and vulnerability management, microsoft defender for endpoint, microsoft defender for endpoint software inventory, mdatp threat & vulnerability management, mdatp threat & vulnerability management software inventory, mdatp tvm software inventory, tvm software inventory
search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: m365-security
security Tvm Weaknesses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/tvm-weaknesses.md
Title: Vulnerabilities in my organization - threat and vulnerability management
-description: Lists the common vulnerabilities and exposures (CVE) ID of weaknesses found in the software running in your organization. Discovered by the Microsoft Defender ATP threat and vulnerability management capability.
+description: Lists the common vulnerabilities and exposures (CVE) ID of weaknesses found in the software running in your organization. Discovered by the Microsoft Defender for Endpoint threat and vulnerability management capability.
keywords: mdatp threat & vulnerability management, threat and vulnerability management, mdatp tvm weaknesses page, finding weaknesses through tvm, tvm vulnerability list, vulnerability details in tvm search.product: eADQiWindows 10XVcnh search.appverid: met150
security Update Alert https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/update-alert.md
Title: Update alert entity API
-description: Learn how to update a Microsoft Defender ATP alert by using this API. You can update the status, determination, classification, and assignedTo properties.
+description: Learn how to update a Microsoft Defender for Endpoint alert by using this API. You can update the status, determination, classification, and assignedTo properties.
keywords: apis, graph api, supported apis, get, alert, information, id search.product: eADQiWindows 10XVcnh ms.prod: m365-security
security Web Content Filtering https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/web-content-filtering.md
Title: Web content filtering
-description: Use web content filtering in Microsoft Defender ATP to track and regulate access to websites based on their content categories.
+description: Use web content filtering in Microsoft Defender for Endpoint to track and regulate access to websites based on their content categories.
keywords: web protection, web threat protection, web browsing, monitoring, reports, cards, domain list, security, phishing, malware, exploit, websites, network protection, Edge, Internet Explorer, Chrome, Firefox, web browser search.product: eADQiWindows 10XVcnh search.appverid: met150
security Web Protection Monitoring https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/web-protection-monitoring.md
Title: Monitoring web browsing security in Microsoft Defender ATP
-description: Use web protection in Microsoft Defender ATP to monitor web browsing security
+ Title: Monitoring web browsing security in Microsoft Defender for Endpoint
+description: Use web protection in Microsoft Defender for Endpoint to monitor web browsing security
keywords: web protection, web threat protection, web browsing, monitoring, reports, cards, domain list, security, phishing, malware, exploit, websites, network protection, Edge, Internet Explorer, Chrome, Firefox, web browser search.product: eADQiWindows 10XVcnh search.appverid: met150
security Web Protection Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/web-protection-overview.md
Title: Web protection
-description: Learn about the web protection in Microsoft Defender ATP and how it can protect your organization
+description: Learn about the web protection in Microsoft Defender for Endpoint and how it can protect your organization
keywords: web protection, web threat protection, web browsing, security, phishing, malware, exploit, websites, network protection, Edge, Internet Explorer, Chrome, Firefox, web browser, malicious websites search.product: eADQiWindows 10XVcnh search.appverid: met150
security Web Protection Response https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/web-protection-response.md
Title: Respond to web threats in Microsoft Defender ATP
+ Title: Respond to web threats in Microsoft Defender for Endpoint
description: Respond to alerts related to malicious and unwanted websites. Understand how web threat protection informs end users through their web browsers and Windows notifications keywords: web protection, web threat protection, web browsing, alerts, response, security, phishing, malware, exploit, websites, network protection, Edge, Internet Explorer, Chrome, Firefox, web browser, notifications, end users, Windows notifications, blocking page, search.product: eADQiWindows 10XVcnh
security Web Threat Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/web-threat-protection.md
Title: Protect your organization against web threats
-description: Learn about web protection in Microsoft Defender ATP and how it can protect your organization.
+description: Learn about web protection in Microsoft Defender for Endpoint and how it can protect your organization.
keywords: web protection, web threat protection, web browsing, security, phishing, malware, exploit, websites, network protection, Edge, Internet Explorer, Chrome, Firefox, web browser search.product: eADQiWindows 10XVcnh search.appverid: met150
security Whats New In Microsoft Defender Atp https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/whats-new-in-microsoft-defender-atp.md
Title: What's new in Microsoft Defender ATP
-description: See what features are generally available (GA) in the latest release of Microsoft Defender ATP, as well as security features in Windows 10 and Windows Server.
-keywords: what's new in microsoft defender atp, ga, generally available, capabilities, available, new
+ Title: What's new in Microsoft Defender for Endpoint
+description: See what features are generally available (GA) in the latest release of Microsoft Defender for Endpoint, as well as security features in Windows 10 and Windows Server.
+keywords: what's new in microsoft defender for endpoint, ga, generally available, capabilities, available, new
search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: m365-security
For more information preview features, see [Preview features](https://docs.micro
- [Windows Virtual Desktop](https://azure.microsoft.com/services/virtual-desktop/) <br> Microsoft Defender for Endpoint now adds support for Windows Virtual Desktop. ## December 2020-- [Microsoft Defender for Endpoint for iOS](microsoft-defender-endpoint-ios.md) <br> Microsoft Defender for Endpoint now adds support for iOS. Learn how to install, configure, update, and use Microsoft Defender for Endpoint for iOS.
+- [Microsoft Defender for Endpoint on iOS](microsoft-defender-endpoint-ios.md) <br> Microsoft Defender for Endpoint now adds support for iOS. Learn how to install, configure, update, and use Microsoft Defender for Endpoint on iOS.
## September 2020-- [Microsoft Defender for Endpoint for Android](microsoft-defender-endpoint-android.md) <br> Microsoft Defender for Endpoint now adds support for Android. Learn how to install, configure, update, and use Microsoft Defender for Endpoint for Android.
+- [Microsoft Defender for Endpoint on Android](microsoft-defender-endpoint-android.md) <br> Microsoft Defender for Endpoint now adds support for Android. Learn how to install, configure, update, and use Microsoft Defender for Endpoint on Android.
- [Threat and vulnerability management macOS support](tvm-supported-os.md)<br> Threat and vulnerability management for macOS is now in public preview, and will continuously detect vulnerabilities on your macOS devices to help you prioritize remediation by focusing on risk. Learn more from this [Microsoft Tech Community blog post](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/microsoft-defender-for-endpoint-adds-depth-and-breadth-to-threat/ba-p/1695824). ## August 2020-- [Microsoft Defender for Endpoint for Android](microsoft-defender-endpoint-android.md) <br> Microsoft Defender for Endpoint now adds support for Android. Learn how to install, configure, and use Microsoft Defender for Endpoint for Android.
+- [Microsoft Defender for Endpoint on Android](microsoft-defender-endpoint-android.md) <br> Microsoft Defender for Endpoint now adds support for Android. Learn how to install, configure, and use Microsoft Defender for Endpoint on Android.
## July 2020 - [Create indicators for certificates](manage-indicators.md) <br> Create indicators to allow or block certificates. ## June 2020-- [Microsoft Defender for Endpoint for Linux](microsoft-defender-endpoint-linux.md) <br> Microsoft Defender for Endpoint now adds support for Linux. Learn how to install, configure, update, and use Microsoft Defender for Endpoint for Linux.
+- [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md) <br> Microsoft Defender for Endpoint now adds support for Linux. Learn how to install, configure, update, and use Microsoft Defender for Endpoint on Linux.
- [Attack simulators in the evaluation lab](evaluation-lab.md#threat-simulator-scenarios) <br> Microsoft Defender for Endpoint has partnered with various threat simulation platforms to give you convenient access to test the capabilities of the platform right from the within the portal.
For more information preview features, see [Preview features](https://docs.micro
## November-December 2019 -- [Microsoft Defender for Endpoint for Mac](microsoft-defender-endpoint-mac.md) <BR> Microsoft Defender for Endpoint for Mac brings the next-generation protection to Mac devices. Core components of the unified endpoint security platform will now be available for Mac devices, including [endpoint detection and response](microsoft-defender-endpoint-mac.md).
+- [Microsoft Defender for Endpoint on macOS](microsoft-defender-endpoint-mac.md) <BR> Microsoft Defender for Endpoint on macOS brings the next-generation protection to Mac devices. Core components of the unified endpoint security platform will now be available for Mac devices, including [endpoint detection and response](microsoft-defender-endpoint-mac.md).
- [Threat & Vulnerability Management application and application version end-of-life information](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/tvm-security-recommendation) <BR>Applications and application versions which have reached their end-of-life are tagged or labeled as such so you are aware that they will no longer be supported, and can take action to either uninstall or replace. Doing so will help lessen the risks related to various vulnerability exposures due to unpatched applications.
security Anti Spam Message Headers https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/anti-spam-message-headers.md
The individual fields and values are described in the following table.
|`LANG`|The language in which the message was written, as specified by the country code (for example, ru_RU for Russian).| |`PTR:[ReverseDNS]`|The PTR record (also known as the reverse DNS lookup) of the source IP address.| |`SCL`|The spam confidence level (SCL) of the message. A higher value indicates the message is more likely to be spam. For more information, see [Spam confidence level (SCL)](spam-confidence-levels.md).|
-|`SFTY`|The message was identified as phishing and will also be marked with one of the following values: <ul><li>9.1: Default value. The message contains some or all of the following elements: a phishing URL, other phishing content, or was marked as phishing by on-premises Exchange.</li><li>9.11: [Intra-org or self-to-self spoofing](anti-spoofing-protection.md#different-types-of-spoofing). The safety tip for intra-org spoofing will be added to the message.</li><li>9.19: Domain impersonation. The sending domain is attempting to [impersonate a protected domain](set-up-anti-phishing-policies.md#impersonation-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365). The safety tip for domain impersonation is added to the message (if it's enabled).</li><li>9.20: User impersonation. The sending user is attempting to impersonate a user in the recipient's organization, or a protected user that's specified in an anti-phishing policy in Microsoft Defender for office 365. The safety tip for user impersonation is added to the message (if it's enabled).</li><li>9.21: [Cross-domain spoofing](anti-spoofing-protection.md#different-types-of-spoofing). The message failed anti-spoofing checks. The sender's email domain in the From header does not authenticate and is an external domain. Used in combination with [composite authentication](#authentication-results-message-header-fields).</li><li>9.22: Same as 9.21, except that the user has a safe sender that was overridden.</li><li>9.23: Same as 9.22, except that the organization has an allowed sender or domain that was overridden.</li><li>9.24: Same as 9.23, except that the user has an Exchange mail flow rule (also known as a transport rule) that was overridden.</li></ul>|
+|`SFTY`|The message was identified as phishing and will also be marked with one of the following values: <ul><li>9.19: Domain impersonation. The sending domain is attempting to [impersonate a protected domain](set-up-anti-phishing-policies.md#impersonation-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365). The safety tip for domain impersonation is added to the message (if it's enabled).</li><li>9.20: User impersonation. The sending user is attempting to impersonate a user in the recipient's organization, or [a protected user that's specified in an anti-phishing policy](set-up-anti-phishing-policies.md#impersonation-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365) in Microsoft Defender for office 365. The safety tip for user impersonation is added to the message (if it's enabled).</li></ul>|
|`SFV:BLK`|Filtering was skipped and the message was blocked because it was sent from an address in a user's Blocked Senders list. <p> For more information about how admins can manage a user's Blocked Senders list, see [Configure junk email settings on Exchange Online mailboxes](configure-junk-email-settings-on-exo-mailboxes.md).| |`SFV:NSPM`|Spam filtering marked the message as non-spam and the message was sent to the intended recipients.| |`SFV:SFE`|Filtering was skipped and the message was allowed because it was sent from an address in a user's Safe Senders list. <p> For more information about how admins can manage a user's Safe Senders list, see [Configure junk email settings on Exchange Online mailboxes](configure-junk-email-settings-on-exo-mailboxes.md).|
security How Policies And Protections Are Combined https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/how-policies-and-protections-are-combined.md
Title: Order and precedence of email protection
-keywords: security, malware, Microsoft 365, M365, security center, ATP, Microsoft Defender ATP, Office 365 ATP, Azure ATP
+keywords: security, malware, Microsoft 365, M365, security center, ATP, Microsoft Defender for Endpoint, Office 365 ATP, Azure ATP
f1.keywords: - NOCSH