Merge pull request #2181 from MicrosoftDocs/main

Publish main to live, 12/12/24, 3:30 PM PT

defender-endpoint/behavior-monitor-macos.md

@@ -276,11 +276,15 @@ NRI should have a low impact on network performance. Instead of holding the conn
 
    ```
 
-4. Enable network real-time inspection (NRI):
+1. Enable network real-time inspection (NRI):
 
    ```Bash
-
+   
    sudo mdatp network-protection remote-settings-override set --value "{\"enableNriMpengineMetadata\" : true}"
 
+
    ```
-
+
+   > [!NOTE]
+   > While in Public Preview, since the setting is set via a command line, network real-time inspection (NRI) will not persist reboots. You will need to re-enable it.
+   

defender-endpoint/device-control-deploy-manage-gpo.md

@@ -61,7 +61,7 @@ To configure the device types that a device control policy is applied, follow th
 
 1. On a computer running Windows, go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **Device Control** > **Turn on device control for specific device types**.
 
-2. In the **Turn on device control for specific types** window, specify the product family IDs, separate by a pipe (`|`). Product family IDs include `RemovableMediaDevices`, `CdRomDevices`, `WpdDevices`, or `PrinterDevices`.
+1. In the **Turn on device control for specific types** window, specify the product family IDs, separate by a pipe (`|`). This setting must be a single string with no spaces or it will be parsed incorrectly by the device control engine causing unexpected behaviors. Product family IDs include `RemovableMediaDevices`, `CdRomDevices`, `WpdDevices`, or `PrinterDevices`.
 
 ## Define groups
 

defender-endpoint/device-control-deploy-manage-intune.md

@@ -93,7 +93,7 @@ In the following table, identify the setting you want to configure, and then use
 | Setting | OMA-URI, data type, & values |
 |---|---|
 | **Device control default enforcement** <br/>Default enforcement establishes what decisions are made during device control access checks when none of the policy rules match | `./Vendor/MSFT/Defender/Configuration/DefaultEnforcement`<br/><br/>Integer: <br/>- `DefaultEnforcementAllow` = `1`<br/>- `DefaultEnforcementDeny` = `2` |
-| **Device types** <br/>Device types, identified by their Primary IDs, with device control protection turned on | `./Vendor/MSFT/Defender/Configuration/SecuredDevicesConfiguration`<br/><br/>String:<br/>- `RemovableMediaDevices`<br/>- `CdRomDevices`<br/>- `WpdDevices`<br/>- `PrinterDevices` |
+| **Device types** <br/>Device types, identified by their Primary IDs, with device control protection turned on. You must specify the product family IDs, separated by a pipe. When selecting multiple devices types you need to ensure the string is all one word with no spaces. A configuration that does not follow this syntax will cause unexpected behavior.  | `./Vendor/MSFT/Defender/Configuration/SecuredDevicesConfiguration`<br/><br/>String:<br/>- `RemovableMediaDevices`<br/>- `CdRomDevices`<br/>- `WpdDevices`<br/>- `PrinterDevices` |
 | **Enable device control** <br/>Enable or disable device control on the device | `./Vendor/MSFT/Defender/Configuration/DeviceControlEnabled`<br/><br/>Integer:<br/>- Disable = `0`<br/>- Enable = `1` |
 
 ### Creating policies with OMA-URI

defender-endpoint/ios-whatsnew.md

@@ -32,7 +32,7 @@ Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](
 
 ## Defender for Endpoint on iOS now supports iOS/iPadOS 16.x as the minimum version
 
-Defender for Endpoint on iOS is ending support for iOS/iPadOS 15, as iOS/iPadOS 18 became available in September 2024. Microsoft typically supports the current version and two previous versions (n-2). This change takes effect beginning on January 31, 2025.
+Defender for Endpoint is ending support for iOS/iPadOS 15 on January 31, 2025. Moving forward, only devices running iOS/iPadOS 16 and later are supported.
 
 **How does this affect you or your users?**
 

defender-endpoint/microsoft-defender-endpoint-ios.md

@@ -78,7 +78,7 @@ ms.date: 12/11/2024
 - The device is either enrolled with the [Intune Company Portal app](https://apps.apple.com/us/app/intune-company-portal/id719171358) or is registered with Microsoft Entra ID through [Microsoft Authenticator](https://apps.apple.com/app/microsoft-authenticator/id983156458) with the same account.
 
 > [!IMPORTANT]
-> Microsoft Defender for Endpoint is ending support for devices running iOS/iPadOS 15 and previous versions on January 31, 2025. Moving forward, only devices running iOS/iPadOS 16 and later are supported.
+> Microsoft Defender for Endpoint is ending support for devices running iOS/iPadOS 15 on January 31, 2025. Moving forward, only devices running iOS/iPadOS 16 and later are supported.
 
 > [!NOTE]
 > - Microsoft Defender for Endpoint on iOS isn't supported on user-less or shared devices.

defender-endpoint/network-protection.md

@@ -3,7 +3,7 @@ title: Use network protection to help prevent connections to malicious or suspic
 description: Protect your network by preventing users from accessing known malicious and suspicious network addresses
 ms.service: defender-endpoint
 ms.localizationpriority: medium
-ms.date: 11/10/2024
+ms.date: 12/12/2024
 audience: ITPro
 author: denisebmsft
 ms.author: deniseb
@@ -55,14 +55,15 @@ The following table summarizes network protection areas of coverage.
 > [!NOTE]
 > On Mac and Linux, you must have network protection in block mode to get support for these features in Edge.
 > On Windows, network protection does not monitor Microsoft Edge. For processes other than Microsoft Edge and Internet Explorer, web protection scenarios leverage network protection for inspection and enforcement.
-> - IP is supported for all three protocols (TCP, HTTP, and HTTPS (TLS)).
-> - Only single IP addresses are supported (no CIDR blocks or IP ranges) in custom indicators.
-> - Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge).
+- IP is supported for all three protocols (TCP, HTTP, and HTTPS (TLS)).
+- Only single IP addresses are supported (no CIDR blocks or IP ranges) in custom indicators.
+- Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge).
 > - Encrypted URLs (FQDN only) can be blocked in third party browsers (i.e. other than Internet Explorer, Edge).
+> - URLs loaded via HTTP connection coalescing, such as content loaded by modern CDN's, can only be blocked on first party browsers (Internet Explorer, Edge), unless the CDN URL itself is added to the indicator list.
 > - Full URL path blocks can be applied for unencrypted URLs.
->
+> 
 > There might be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked.
-
+> 
 Watch this video to learn how Network protection helps reduce the attack surface of your devices from phishing scams, exploits, and other malicious content:
 
 > [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4r4yZ]

defender-xdr/access-den-graph-api.md

@@ -2,8 +2,7 @@
 title: Accessing incident notifications and DENs using Graph security API
 ms.reviewer:
 description: The method to access Defender Experts Notifications using Graph security API
-ms.service: defender-experts
-ms.subservice: dex-hunting
+ms.service: defender-experts-for-hunting
 ms.author: vpattnaik
 author: vpattnai
 ms.localizationpriority: medium

defender-xdr/before-you-begin-defender-experts.md

@@ -2,8 +2,7 @@
 title: Key infrastructure requirements before enrolling in the Microsoft Defender Experts for Hunting service
 ms.reviewer:
 description: This section outlines the key infrastructure requirements you must meet and important information on data access and compliance
-ms.service: defender-experts
-ms.subservice: dex-hunting
+ms.service: defender-experts-for-hunting
 ms.author: vpattnaik
 author: vpattnai
 ms.localizationpriority: medium

defender-xdr/defender-experts-for-hunting.md

@@ -2,8 +2,7 @@
 title: What is Microsoft Defender Experts for Hunting offering
 ms.reviewer:
 description: Microsoft  Defender Experts for Hunting is a proactive threat hunting service that goes beyond the endpoint to hunt across endpoints
-ms.service: defender-experts
-ms.subservice: dex-hunting
+ms.service: defender-experts-for-hunting
 ms.author: vpattnaik
 author: vpattnai
 ms.localizationpriority: medium

defender-xdr/defender-experts-report.md

@@ -3,8 +3,7 @@ title: Understand the Defender Experts for Hunting report in Microsoft Defender
 ms.reviewer: 
 description: The Defender Experts for Hunting service publishes reports to help you understand all the threats the hunting service surfaced in your environment
 search.appverid: met150
-ms.service: defender-experts
-ms.subservice: dex-hunting
+ms.service: defender-experts-for-hunting
 f1.keywords:
 - NOCSH
 ms.author: vpattnaik

defender-xdr/experts-on-demand.md

@@ -3,8 +3,7 @@ title: Collaborate with Experts on Demand using Ask Defender Experts
 ms.reviewer:
 description: Select Ask Defender Experts directly inside the Microsoft Defender security portal to get swift and accurate responses to all your threat hunting questions.
 search.product: Windows 10
-ms.service: defender-experts
-ms.subservice: dex-hunting
+ms.service: defender-experts-for-hunting
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security

defender-xdr/onboarding-defender-experts-for-hunting.md

@@ -2,8 +2,7 @@
 title: How to subscribe to Microsoft Defender Experts for Hunting
 ms.reviewer:
 description: If you're new to Microsoft Defender XDR and Defender Experts for Hunting, this is how you onboard, receive, and set up Defender experts notifications.
-ms.service: defender-experts
-ms.subservice: dex-hunting
+ms.service: defender-experts-for-hunting
 ms.author: vpattnaik
 author: vpattnai
 ms.localizationpriority: medium