Merge pull request #14296 from MicrosoftDocs/main

Publish 05/23/2022 3:30 PM PT

microsoft-365/admin/whats-new-in-preview.md

@@ -46,6 +46,34 @@ And if you'd like to know what's new with other Microsoft cloud services:
 - [Office updates](/OfficeUpdates/)
 - [How to check Windows release health](/windows/deployment/update/check-release-health)
 
+## May 2022
+
+<!-- ### Role based access controls (RBAC)
+
+There are new Azure AD built-in roles in the Microsoft 365 admin center. Give admins only the access they need to manage Virtual Visits.
+
+There are also 4 new roles in the Microsoft 365 admin center centered around management of custom security attributes. These roles are available for everyone to use in the Role assignments node under Roles.
+
+For more information about Azure AD built-in roles, see [Azure AD built-in roles](/azure/active-directory/roles/permissions-reference).
+
+**Virtual Visits Administrator**   Manage and share Virtual Visits information and metrics from admin centers or the Virtual Visits app.
+
+**Attribute Assignment Administrator**   Assign custom security attribute keys and values to supported Azure AD objects.
+
+**Attribute Assignment Reader**   Reads custom security attribute keys and values for supported Azure AD objects.
+
+**Attribute Definition Administrator**   Define and manage the definition of custom security attributes.
+
+**Attribute Definition Reader**   Reads the definition of custom security attributes. -->
+
+### Quick Assist
+
+We've moved Quick Assist to the Windows Store to enhance the performance and security of the app. The Windows Quick Assist app allows you and your end-users to receive or provide PC assistance over a remote connection.
+
+With the new Quick Assist Store app, you should see a significant improvement in passcode generation times and a reduction in application errors.
+
+For more information, see [Solve PC problems over a remote connection](https://support.microsoft.com/windows/solve-pc-problems-over-a-remote-connection-b077e31a-16f4-2529-1a47-21f6a9040bf3) and [Install Quick Assist](https://support.microsoft.com/windows/install-quick-assist-c17479b7-a49d-4d12-938c-dbfb97c88bca)
+
 ## April 2022
 
 ### NPS Sentiment Insights
@@ -189,62 +217,3 @@ We've added a couple of new categories to Search functionality.
 - You can now find simplified setup experiences through global search. This can help you and your team quickly get started with how to use new features. For example, search for **set password to never expire**.
 
 To learn more about search in the admin center, see [Search in the Microsoft 365 admin center](manage/search-in-the-mac.md).
-
-## May 2021
-
-### Admin mobile app
-
-### Keep track of support ticket updates using the Admin mobile app
-
-For all the service requests created in your tenant you can now keep track of the ticket status, view ticket details and provide / request additional information by adding notes & attachments.
-
-:::image type="content" source="../media/Keep-track-support-ticket-updates2.PNG" alt-text="Screenshot: Track support ticket updates":::
-
-### Stay on top of all the major updates to the app and your Microsoft 365 subscription
-
-- Stay on top of all the major updates to your Microsoft 365 subscription through Message Center push notifications (now enabled by default).
-
-- Keep track of the latest features available in the app using the **What's New** section. Go to **Settings** > **What’s new?**
-
-:::image type="content" source="../media/Stay-on-top-of-updates.PNG" alt-text="Screenshot: Track major updates and features":::
-
-## April 2021
-
-### Admin mobile app
-
-### Manage licenses and bills from the Admin mobile app
-
-- You can now view all available and assigned licenses for your subscriptions. You can also assign or un-assign licenses to users, and add or remove licenses.
-- You can now view detailed invoices in the app.
-- These updates are available on both [Android](https://go.microsoft.com/fwlink/p/?linkid=2159786) and [iOS](https://go.microsoft.com/fwlink/p/?linkid=2159787) devices.
-
-:::image type="content" source="../media/assign-license-mobile-app2.png" alt-text="Screenshot: Admin mobile app assign license page":::
-:::image type="content" source="../media/license-screen-mobile-app2.png" alt-text="Screenshot: Admin mobile app screen with users and their licenses":::
-:::image type="content" source="../media/invoice-summary-mobile-app.png" alt-text="Screenshot: Admin mobile app invoice summary page":::
-
-### Updated Message center feed in the Admin mobile app
-
-- You now have a more flexible reading experience of the Message center feed. You now have the ability to filter messages based on service or tags and mark messages as favorite. Bulk actions for marking messages as read, unread or archived has also been added.
-- These updates are available on both [Android](https://go.microsoft.com/fwlink/p/?linkid=2159786) and [iOS](https://go.microsoft.com/fwlink/p/?linkid=2159787) devices.
-
-:::image type="content" source="../media/mc-feed-mobile-app.png" alt-text="Screenshot: Admin mobile app Message center feed page":::
-
-## Ignite 2021 (March)
-
-Welcome to Microsoft Ignite. We hope you were able to attend some of one of our sessions: [Microsoft Ignite 2021](https://myignite.microsoft.com/sessions). Here's a few of the things we talked about at Ignite.
-> [!NOTE]
-> Not all features are going to be available to everyone right away. If you aren't seeing the new features, [join Targeted Release](manage/release-options-in-office-365.md).
-
-### Message center
-
-We’ve revamped the Message center to help you discover relevant messages and added a more flexible reading experience. We've added a new **Service** column to help you scan which Service a message applies to and filter messages by Service and other metadata. You can favorite a message to mark it for follow-up, choose which columns appear in the message list, and navigate between messages with the back and next buttons. We've also improved the process to make it easier to give feedback on Message center posts.
-
-:::image type="content" source="../media/message-center.png" alt-text="Screenshot: Message center home page showing inbox and messages":::
-
-To learn more about the new features, check out [Message center](manage/message-center.md).
-
-### What's new features
-
-We've made improvements to how you view the "What's new" features for users in the Office apps. You can now see the rich content in the What's new pane that your users can see. You can also learn more about the feature before you decide to let your users know about the feature. For more info, check out [Manage which Office features appear in What's New](manage/show-hide-new-features.md).
-
-:::image type="content" source="../media/power-bi-whats-new2.png" alt-text="Screenshot: Office apps what's new page showing improvements to Power BI":::

microsoft-365/compliance/auditing-solutions-overview.md

@@ -95,14 +95,14 @@ The following sections identify the licensing requirements for Audit (Standard)
 
 ### Audit (Standard)
 
-- Microsoft Purview Business Basic subscription
-- Microsoft Purview Apps for Business subscription
-- Microsoft Purview Enterprise E3 subscription
-- Microsoft Purview Business Premium
-- Microsoft Purview Education A3 subscription
-- Microsoft Purview Government G3 subscription
-- Microsoft Purview Government G1 subscription
-- Microsoft Purview Frontline F1 or F3 subscription, or F5 Security add-on
+- Microsoft Business Basic subscription
+- Microsoft 365 Apps for Business subscription
+- Microsoft 365 Enterprise E3 subscription
+- Microsoft 365 Business Premium
+- Microsoft 365 Education A3 subscription
+- Microsoft 365 Government G3 subscription
+- Microsoft 365 Government G1 subscription
+- Microsoft 365 Frontline F1 or F3 subscription, or F5 Security add-on
 - Office 365 Enterprise E3 subscription
 - Office 365 Enterprise E1 subscription
 - Office 365 Education A1 subscription
@@ -153,7 +153,7 @@ If your organization has a subscription that supports Audit (Premium), perform t
 
    - Turning on the Audit (Premium) app/service plan must be for those users.
 
-   - Enabling the auditing of crucial events and then turning on the Audit (Premium)ing app/service plan for those users.
+   - Enabling the auditing of crucial events and then turning on the Audit (Premium) app/service plan for those users.
 
 2. Enable Audit (Premium) events to be logged when users perform searches in Exchange Online and SharePoint Online.
 

microsoft-365/compliance/dlp-policy-reference.md

@@ -535,7 +535,7 @@ The user notifications and policy tips configuration options vary depending on t
 
 You can enable/disable user notifications for various Microsoft apps, see [Data Loss Prevention policy tips reference](dlp-policy-tips-reference.md#data-loss-prevention-policy-tips-reference)
 
-- You can enable/disable **Notifying users in Office 365 service** with a policy tip.
+- You can enable/disable notifications with a policy tip.
     - email notifications to the user who sent, shared, or last modified the content
     OR
     - notify specific people

microsoft-365/compliance/enable-archive-mailboxes.md

@@ -50,11 +50,10 @@ If you don't see the **Archive** page in the Microsoft Purview compliance portal
    > [!NOTE]
    > The **Archive** page shows a maximum of 500 users. Use the search box if you can't immediately see the name of the user you want.
 
-3. In the list of mailboxes, select the user to enable their mailbox for archive, and then select the **Enable Archive** option:
-
+3. In the list of mailboxes, select the user to enable their mailbox for archive, and then select the **Enable archive** option:
+    
    ![Enable archive option for a selected user.](../media/enable-archive-option.png)
-
-
+
    A warning is displayed saying that if you enable the archive mailbox, items in the user's mailbox that are older than the archiving policy assigned to the mailbox will be moved to the new archive mailbox. The default archive policy that is part of the retention policy assigned to Exchange Online mailboxes moves items to the archive mailbox two years after the date the item was delivered to the mailbox or created by the user. For more information, see [Learn about archive mailboxes](archive-mailboxes.md).
 
 5. Select **Enable** to confirm.

microsoft-365/includes/improve-request-performance.md

@@ -16,8 +16,9 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
->[!TIP]
->For better performance, you can use server closer to your geo location:
+> [!TIP]
+> For better performance, you can use server closer to your geo location:
+>
 > - api-us.securitycenter.microsoft.com
 > - api-eu.securitycenter.microsoft.com
 > - api-uk.securitycenter.microsoft.com

microsoft-365/includes/machineactionsnote.md

@@ -9,5 +9,5 @@ author: mjcaparas
 ms.prod: w10
 ---
 
->[!Note]
+> [!NOTE]
 > This page focuses on performing a machine action via API. See [take response actions on a machine](/microsoft-365/security/defender-endpoint/respond-machine-alerts) for more information about response actions functionality via Microsoft Defender for Endpoint.

microsoft-365/includes/microsoft-defender-api-usgov.md

@@ -16,5 +16,5 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
->[!NOTE]
->If you are a US Government customer, please use the URIs listed in [Microsoft Defender for Endpoint for US Government customers](/microsoft-365/security/defender-endpoint/gov#api).
+> [!NOTE]
+> If you are a US Government customer, please use the URIs listed in [Microsoft Defender for Endpoint for US Government customers](/microsoft-365/security/defender-endpoint/gov#api).

microsoft-365/lighthouse/m365-lighthouse-deploy-standard-tenant-configurations-overview.md

@@ -38,6 +38,7 @@ Lighthouse baseline configurations are designed to make sure all managed tenants
 | Require MFA for end users | A Conditional Access policy that requires multi-factor authentication for all users.  It's required for all cloud applications. For more information about this baseline, see [Conditional Access: Require MFA for all users](/azure/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa). |
 | Block legacy authentication | A Conditional Access policy to block legacy client authentication. For more information about this baseline, see [Block legacy authentication to Azure AD with Conditional Access](/azure/active-directory/conditional-access/block-legacy-authentication).|
 | Set up device enrollment | Device enrollment to allow your tenant devices to enroll in Microsoft Endpoint Manager. This is done by setting up Auto Enrollment between Azure Active Directory and Microsoft Endpoint Manager. For more information about this baseline, see [Set up enrollment for Windows devices](/mem/intune/enrollment/windows-enroll). |
+| Setup Exchange Online Protection and Microsoft Defender for Office 365 | A policy to apply recommended anti-spam, anti-malware, anti-phishing, safe links and safe attachment policies to your tenants Exchange Online mailboxes. |
 | Configure Microsoft Defender Antivirus for Windows 10 and later | A device configuration profile for Windows devices with pre-configured Microsoft Defender Antivirus settings. For more information about this baseline, see [Configure Microsoft Defender for Endpoint in Intune](/mem/intune/protect/advanced-threat-protection-configure).|
 | Configure Microsoft Defender Firewall for Windows 10 and later | A firewall policy to help secure devices by preventing unwanted and unauthorized network traffic. For more information about this baseline, see [Best practices for configuring Windows Defender Firewall](/windows/security/threat-protection/windows-firewall/best-practices-configuring).  |
 | Configure a device compliance policy for Windows 10 and later | A Windows device policy with pre-configured settings to meet basic compliance requirements. For more information about this baseline, see [Conditional Access: Require compliant or hybrid Azure AD joined device](/azure/active-directory/conditional-access/howto-conditional-access-policy-compliant-device). |

microsoft-365/security/defender-endpoint/host-firewall-reporting.md

@@ -25,7 +25,7 @@ ms.custom: admindeeplinkDEFENDER
 - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
 - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
 
-If you are an Global or security administrator, you can now host firewall reporting to the [Microsoft 365 Defender portal](https://security.microsoft.com). This feature enables you to view Windows 10, Windows 11, Windows Server 2019, and Windows Server 2022 firewall reporting from a centralized location.
+If you are a Global or security administrator, you can now host firewall reporting to the [Microsoft 365 Defender portal](https://security.microsoft.com). This feature enables you to view Windows 10, Windows 11, Windows Server 2019, and Windows Server 2022 firewall reporting from a centralized location.
 
 ## What do you need to know before you begin?
 
@@ -38,6 +38,38 @@ If you are an Global or security administrator, you can now host firewall report
   - The two PowerShell commands are:
     - **auditpol /set /subcategory:"Filtering Platform Packet Drop" /failure:enable**
     - **auditpol /set /subcategory:"Filtering Platform Connection" /failure:enable**
+```powershell
+param (
+    [switch]$remediate
+)
+try {
+
+    $categories = "Filtering Platform Packet Drop,Filtering Platform Connection"
+    $current = auditpol /get /subcategory:"$($categories)" /r | ConvertFrom-Csv    
+    if ($current."Inclusion Setting" -ne "failure") {
+        if ($remediate.IsPresent) {
+            Write-Host "Remediating. No Auditing Enabled. $($current | ForEach-Object {$_.Subcategory + ":" + $_.'Inclusion Setting' + ";"})"
+            $output = auditpol /set /subcategory:"$($categories)" /failure:enable
+            if($output -eq "The command was successfully executed.") {
+                Write-Host "$($output)"
+                exit 0
+            }
+            else {
+                Write-Host "$($output)"
+                exit 1
+            }
+        }
+        else {
+            Write-Host "Remediation Needed. $($current | ForEach-Object {$_.Subcategory + ":" + $_.'Inclusion Setting' + ";"})."
+            exit 1
+        }
+    }
+
+}
+catch {
+    throw $_
+} 
+```
 
 ## The process
 

microsoft-365/security/defender-endpoint/linux-whatsnew.md

@@ -24,6 +24,15 @@ ms.technology: mde
 **Applies to:**
 - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
 
+## 101.68.80 (30.122042.16880.0)
+
+- Added support for kernel version `2.6.32-754.47.1.el6.x86_64` when running on RHEL 6
+- On RHEL 6, product can now be installed on devices running Unbreakable Enterprise Kernel (UEK)
+- Fixed an issue where the process name was sometimes incorrectly displayed as `unknown` when running `mdatp diagnostic real-time-protection-statistics`
+- Fixed a bug where the product sometimes was incorrectly detecting files inside the quarantine folder
+- Fixed an issue where the `mdatp` command-line tool was not working when `/opt` was mounted as a soft-link
+- Performance improvements & bug fixes
+
 ## 101.65.77 (30.122032.16577.0)
 
 - Improved the `conflicting_applications` field in `mdatp health` to show only the most recent 10 processes and also to include the process names. This makes it easier to identify which processes are potentially conflicting with Microsoft Defender for Endpoint for Linux.

microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-linux.md

@@ -127,6 +127,7 @@ If you experience any installation failures, refer to [Troubleshooting installat
        - 2.6.32-754.39.1.el6.x86_64
        - 2.6.32-754.41.2.el6.x86_64
        - 2.6.32-754.43.1.el6.x86_64
+       - 2.6.32-754.47.1.el6.x86_64
        - 2.6.32-754.6.3.el6.x86_64
        - 2.6.32-754.9.1.el6.x86_64