Merge pull request #1884 from MicrosoftDocs/main

Published main to live, Wednesday 10:30 AM PST, 11/13

defender-endpoint/linux-whatsnew.md

@@ -6,7 +6,7 @@ ms.author: deniseb
 author: denisebmsft
 ms.reviewer: kumasumit, gopkr
 ms.localizationpriority: medium
-ms.date: 10/14/2024
+ms.date: 11/13/2024
 manager: deniseb
 audience: ITPro
 ms.collection:
@@ -39,6 +39,20 @@ This article is updated frequently to let you know what's new in the latest rele
 >
 > If you have any concerns or need assistance during this transition, contact support.
 
+<details> <summary> Nov-2024 (Build: 101.24092.0002 | Release version: 30.124092.0002.0)</summary>
+
+Nov-2024 Build: 101.24092.0002 | Release version: 30.124092.0002.0
+
+ Released: **November 14, 2024**  Published: **November 14, 2024**  Build: **101.24092.0002**  Release version: **30.124092.0002**  Engine version: 1.1.24080.9  Signature version: 1.417.659.0
+
+**What's new**
+
+- Support added for hardened installations on non-executable `/var` partitions. Beginning with this release, antivirus signatures are installed at `/opt/microsoft/mdatp/definitions.noindex` by default, instead of `/var/opt/microsoft/mdatp/definitions.noindex`. During upgrades, the installer attempts to migrate older definitions to the new path unless it detects that the path is already customized (using `mdatp definitions path set`).
+
+- Beginning with this version, Defender for Endpoint on Linux no longer needs executable permissions for `/var/log`. If these permissions are not available, log files are automatically be redirected to `/opt`.
+
+</details>
+
 <details>
 <summary> Oct-2024 (Build: 101.24082.0004 | Release version: 30.124082.0004.0)</summary>
 
@@ -213,6 +227,9 @@ There are multiple fixes and new changes in this release:
 </details>
 
 
+
+
+
 <details>
 <summary> March-2024 (Build: 101.24012.0001 | Release version: 30.124012.0001.0)</summary>
 
@@ -399,6 +416,18 @@ sudo systemctl disable mdatp
 
 
 
+
+
+
+
+
+
+
+
+
+
+
+
 ## October-2023 Build: 101.23082.0009 | Release version: 30.123082.0009.0
 
 &ensp;Released: **October 9,2023**<br/>
@@ -443,6 +472,18 @@ sudo systemctl disable mdatp
 
 
 
+
+
+
+
+
+
+
+
+
+
+
+
 ## October-2023 Build: 101.23082.0006 | Release version: 30.123082.0006.0
 
 &ensp;Released: **October 9,2023**<br/>
@@ -519,6 +560,18 @@ sudo systemctl disable mdatp
 
 
 
+
+
+
+
+
+
+
+
+
+
+
+
 ## September-2023 Build: 101.23072.0021 | Release version: 30.123072.0021.0
 
 &ensp;Released: **September 11,2023**<br/>
@@ -568,6 +621,18 @@ sudo systemctl disable mdatp
 
 
 
+
+
+
+
+
+
+
+
+
+
+
+
 ## July-2023 Build: 101.23062.0010 | Release version: 30.123062.0010.0
 
 &ensp;Released: **July 26,2023**<br/>
@@ -626,6 +691,18 @@ sudo systemctl disable mdatp
 
 
 
+
+
+
+
+
+
+
+
+
+
+
+
 ## July-2023 Build: 101.23052.0009 | Release version: 30.123052.0009.0
 
 &ensp;Released: **July 10,2023**<br/>
@@ -675,6 +752,18 @@ sudo systemctl disable mdatp
 
 
 
+
+
+
+
+
+
+
+
+
+
+
+
 ## June-2023 Build: 101.98.89 | Release version: 30.123042.19889.0
 
 &ensp;Released: **June 12,2023**<br/>
@@ -726,6 +815,18 @@ sudo systemctl disable mdatp
 
 
 
+
+
+
+
+
+
+
+
+
+
+
+
 ## May-2023 Build: 101.98.64 | Release version: 30.123032.19864.0
 
 &ensp;Released: **May 3,2023**<br/>
@@ -780,6 +881,18 @@ sudo systemctl disable mdatp
 
 
 
+
+
+
+
+
+
+
+
+
+
+
+
 ## April-2023 Build: 101.98.58 | Release version: 30.123022.19858.0
 
 &ensp;Released: **April 20,2023**<br/>
@@ -837,6 +950,18 @@ sudo systemctl disable mdatp
 
 
 
+
+
+
+
+
+
+
+
+
+
+
+
 ## March-2023 Build: 101.98.30 | Release version: 30.123012.19830.0
 
 &ensp;Released: **March , 20,2023**<br/>
@@ -1377,7 +1502,6 @@ As an alternative approach, follow the instructions to [uninstall](linux-resourc
 
   <p><b>What's new</b></p>
 
-
   - Beginning with this version, we're bringing Microsoft Defender for Endpoint support to the following distros:
 
     - RHEL6.7-6.10 and CentOS6.7-6.10 versions.
@@ -1452,7 +1576,6 @@ As an alternative approach, follow the instructions to [uninstall](linux-resourc
 
    <p><b>What's new</b></p>
 
-
 - Microsoft Defender for Endpoint on Linux is now available in preview for US Government customers. For more information, see [Microsoft Defender for Endpoint for US Government customers](gov.md).
    - Fixed an issue where usage of Microsoft Defender for Endpoint on Linux on systems with FUSE filesystems was leading to OS hang
    - Performance improvements & other bug fixes
@@ -1467,7 +1590,6 @@ As an alternative approach, follow the instructions to [uninstall](linux-resourc
 
    <p><b>What's new</b></p>
 
-
 - Performance improvements & bug fixes
 
    </details>
@@ -1493,12 +1615,10 @@ As an alternative approach, follow the instructions to [uninstall](linux-resourc
 
   <p>What's new</b></p>
 
-
 - EDR for Linux is now [generally available](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/edr-for-linux-is-now-is-generally-available/ba-p/2048539)
-   - Added a new command-line switch (`--ignore-exclusions`) to ignore AV exclusions during custom scans (`mdatp scan custom`)
+
+  - Added a new command-line switch (`--ignore-exclusions`) to ignore AV exclusions during custom scans (`mdatp scan custom`)
    - Extended `mdatp diagnostic create` with a new parameter (`--path [directory]`) that allows the diagnostic logs to be saved to a different directory
   - Performance improvements & bug fixes
 
-   </details>
-
 </details><!--This </details> closes "2021 releases"-->

defender-office-365/tenant-allow-block-list-email-spoof-configure.md

@@ -55,10 +55,10 @@ This article describes how admins can manage entries for email senders in the Mi
 
 - You need to be assigned permissions before you can do the procedures in this article. You have the following options:
   - [Microsoft Defender XDR Unified role based access control (RBAC)](/defender-xdr/manage-rbac) (If **Email & collaboration** \> **Defender for Office 365** permissions is :::image type="icon" source="media/scc-toggle-on.png" border="false"::: **Active**. Affects the Defender portal only, not PowerShell): **Authorization and settings/Security settings/Detection tuning (manage)** or **Authorization and settings/Security settings/Core security settings (read)**.
-  - [Exchange Online permissions](/exchange/permissions-exo/permissions-exo) in the  **Exchange admin center** at <https://admin.exchange.microsoft.com> \> **Roles** \> **Admin Roles**:
+  - [Exchange Online permissions](/exchange/permissions-exo/permissions-exo):
     - *Add and remove entries from the Tenant Allow/Block List*: Membership in one of the following role groups:
       - **Organization Management** or **Security Administrator** (Security admin role).
-      - **Security Operator** (Tenant AllowBlockList Manager role)
+      - **Security Operator** (Tenant AllowBlockList Manager role): This permission works only when assigned directly in the **Exchange admin center** at <https://admin.exchange.microsoft.com> \> **Roles** \> **Admin Roles**.
     - *Read-only access to the Tenant Allow/Block List*: Membership in one of the following role groups:
       - **Global Reader**
       - **Security Reader**

defender-office-365/tenant-allow-block-list-files-configure.md

@@ -58,7 +58,7 @@ This article describes how admins can manage entries for files in the Microsoft
   - [Exchange Online permissions](/exchange/permissions-exo/permissions-exo):
     - _Add and remove entries from the Tenant Allow/Block List_: Membership in one of the following role groups:
       - **Organization Management** or **Security Administrator** (Security admin role).
-      - **Security Operator** (Tenant AllowBlockList Manager).
+      - **Security Operator** (Tenant AllowBlockList Manager role): This permission works only when assigned directly in the **Exchange admin center** at <https://admin.exchange.microsoft.com> \> **Roles** \> **Admin Roles**.
     - _Read-only access to the Tenant Allow/Block List_: Membership in one of the following role groups:
       - **Global Reader**
       - **Security Reader**

defender-office-365/tenant-allow-block-list-ip-addresses-configure.md

@@ -53,7 +53,7 @@ This article describes how admins can manage entries for IPv6 addresses in the M
   - [Exchange Online permissions](/exchange/permissions-exo/permissions-exo):
     - _Add and remove entries from the Tenant Allow/Block List_: Membership in one of the following role groups:
       - **Organization Management** or **Security Administrator** (Security admin role).
-      - **Security Operator** (Tenant AllowBlockList Manager).
+      - **Security Operator** (Tenant AllowBlockList Manager role): This permission works only when assigned directly in the **Exchange admin center** at <https://admin.exchange.microsoft.com> \> **Roles** \> **Admin Roles**.
     - _Read-only access to the Tenant Allow/Block List_: Membership in one of the following role groups:
       - **Global Reader**
       - **Security Reader**

defender-office-365/tenant-allow-block-list-urls-configure.md

@@ -60,7 +60,7 @@ This article describes how admins can manage entries for URLs in the Microsoft D
   - [Exchange Online permissions](/exchange/permissions-exo/permissions-exo):
     - *Add and remove entries from the Tenant Allow/Block List*: Membership in one of the following role groups:
       - **Organization Management** or **Security Administrator** (Security admin role).
-      - **Security Operator** (Tenant AllowBlockList Manager).
+      - **Security Operator** (Tenant AllowBlockList Manager role): This permission works only when assigned directly in the **Exchange admin center** at <https://admin.exchange.microsoft.com> \> **Roles** \> **Admin Roles**.
     - *Read-only access to the Tenant Allow/Block List*: Membership in one of the following role groups:
       - **Global Reader**
       - **Security Reader**

defender-vulnerability-management/fixed-reported-inaccuracies.md

@@ -13,7 +13,7 @@ ms.collection:
   - tier2
 ms.localizationpriority: medium
 ms.topic: troubleshooting
-ms.date: 10/11/2024
+ms.date: 11/13/2024
 ---
 
 # Vulnerability support in Microsoft Defender Vulnerability Management
@@ -40,6 +40,14 @@ The following tables present the relevant vulnerability information organized by
 | 70377 | Fixed incorrect detections in Microsoft Teams by excluding Vida from the Teams normalization rule | 09-Oct-24 |
 | 74420 | Fixed incorrect detections in Toggl Track by excluding WeChat from the Toggl Track normalization rule | 09-Oct-24 |
 | 76607 | Fixed inaccuracy in Scooter Software | 09-Oct-24 |
+| 71665 | Fixed inaccuracy in Hoppscotch vulnerabilities - CVE-2023-34097 & CVE-2024-27092 | 29-Oct-24 |
+| 74054 | Fixed inaccuracy in Acronis vulnerability - CVE-2022-45449 | 29-Oct-24 |
+| 75229 | Fixed inaccuracy in OpenSSL vulnerability- CVE-2024-6119 | 29-Oct-24 |
+| 75353 | Fixed inaccuracy in Primx vulnerability- CVE-2018-16518 | 29-Oct-24 |
+| 76133 | Fixed inaccuracy in Microsoft Teams vulnerability - CVE-2024-38197 | 29-Oct-24 |
+| 79136 | Fixed inaccuracy in Acronis vulnerability -CVE-2023-48678 | 29-Oct-24 |
+| 75671 | Fixed inaccurate published date in CVE-2024-26167 | 29-Oct-24 |
+| - | Fixed inaccuracy in 4 CVEs - CVE-2016-6297, CVE-2016-6296, CVE-2016-6290 and CVE-2016-4694 by removing macOS CPEs | 29-Oct-24 |
 
 ## September 2024
 

exposure-management/enterprise-exposure-map.md

@@ -6,7 +6,7 @@ author: dlanger
 manager: rayne-wiselman
 ms.topic: overview
 ms.service: exposure-management
-ms.date: 08/20/2024
+ms.date: 11/13/2024
 ---
 
 # Explore with the attack surface map
@@ -43,9 +43,16 @@ The exposure map gives you visibility into asset connections.
     - **Focus on asset**: Provides a way to refocus the graph visualization on the specific node you want to explore, similar to the **Graph** view when selecting an individual [attack path](review-attack-paths.md).
     - **Search**: Helps you to discover items by node type. By selecting **all results**, search the particular type for specific results. You can also filter your search by devices, identity, or cloud assets from the initial screen.
 
-
     :::image type="content" source="./media/enterprise-exposure-map/attack-surface-exposure-map.png" alt-text="Screenshot of the attack surface exposure map." lightbox="./media/enterprise-exposure-map/attack-surface-exposure-map.png":::
 
+1. Open the side panel to view asset details.
+   - **General**: View general information about the asset, including **Type**, **IDs**, and **Discovery source**.
+   - **All data**: View all data about the asset, including **Categories**, **Node Properties**, **Metadata**, and **IDs**.
+   - **Top Vulnerabilities**: View up to the top 100 CVEs (by severity) on the asset.
+   - **Findings**: View all the security findings on the asset.
+
+    :::image type="content" source="media/enterprise-exposure-map/attack-surface-exposure-map-sidepane.png" alt-text="Screenshot of attack surface map side pane" lightbox="media/enterprise-exposure-map/attack-surface-exposure-map-sidepane.png":::
+
 ## Next steps
 
 [Work with attack paths](work-attack-paths-overview.md).

exposure-management/work-attack-paths-overview.md

@@ -6,7 +6,7 @@ author: dlanger
 manager: rayne-wiselman
 ms.topic: overview
 ms.service: exposure-management
-ms.date: 08/20/2024
+ms.date: 11/13/2024
 ---
 
 # Overview of attack paths
@@ -43,8 +43,7 @@ Here's how Exposure Management helps you to identify and resolve attack paths.
   - **Grouping**: Security Exposure Management groups choke point nodes where multiple attack paths flow or intersect on the way to a critical asset.
   - **Strategic Mitigation**: Choke point visibility enables you to focus mitigation efforts strategically, addressing multiple attack paths by securing these critical points.
   - **Protection**: Ensuring that choke points are secure protects your assets from threats.
-- **Blast radius**: Allows users to visually explore the paths from a choke point. It provides a detailed visualization showing how the compromise of one asset could affect others, enabling security teams to assess the broader implications of an attack and prioritize mitigation strategies more effectively.
-
+- **Blast radius**: Allows users to visually explore the highest-risk paths from a choke point. It provides a detailed visualization showing how the compromise of one asset could affect others, enabling security teams to assess the broader implications of an attack and prioritize mitigation strategies more effectively.
 
 ## Next steps