From 86912bbf6d91eb1db46ebc713eed52ec8e0fed6d Mon Sep 17 00:00:00 2001 From: Daniel Williams <96486477+strongestgeek@users.noreply.github.com> Date: Tue, 1 Oct 2024 10:57:48 +0100 Subject: [PATCH 1/3] Update mac-install-with-intune.md Removed a tenant ID from the link, it looks like this was causing issues when users clicked on the link and tried to sign in. The error message: "Selected user account does not exist in tenant 'Microsoft' and cannot access the application '80ccca67-54bd-44ab-8625-4b79c4dc7775' in that tenant. The account needs to be added as an external user in the tenant first. Please use a different account." --- defender-endpoint/mac-install-with-intune.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/defender-endpoint/mac-install-with-intune.md b/defender-endpoint/mac-install-with-intune.md index f4b396d161..ef59e4905c 100644 --- a/defender-endpoint/mac-install-with-intune.md +++ b/defender-endpoint/mac-install-with-intune.md @@ -335,7 +335,7 @@ Set policies using Microsoft Defender Portal by implementing the following instr 1. Go through [Configure Microsoft Defender for Endpoint in Intune](/mem/intune/protect/advanced-threat-protection-configure) before setting the security policies using Microsoft Defender for Endpoint Security Settings Management. -2. In the [Microsoft Defender portal](https://sip.security.microsoft.com/homepage?tid=72f988bf-86f1-41af-91ab-2d7cd011db47), go to **Configuration management** > **Endpoint security policies** > **Mac policies** > **Create new policy**. +2. In the [Microsoft Defender portal](https://sip.security.microsoft.com/homepage), go to **Configuration management** > **Endpoint security policies** > **Mac policies** > **Create new policy**. 3. Under **Select Platform**, select **macOS**. From 7b6a4463c48de074be555d21dd9a63b677020eaa Mon Sep 17 00:00:00 2001 From: Chris Davis Date: Tue, 1 Oct 2024 10:25:34 -0700 Subject: [PATCH 2/3] Update threat-explorer-threat-hunting.md Updates per email request --- defender-office-365/threat-explorer-threat-hunting.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/defender-office-365/threat-explorer-threat-hunting.md b/defender-office-365/threat-explorer-threat-hunting.md index a1cf5fad1c..6621e45dc6 100644 --- a/defender-office-365/threat-explorer-threat-hunting.md +++ b/defender-office-365/threat-explorer-threat-hunting.md @@ -7,7 +7,7 @@ author: chrisda manager: deniseb audience: ITPro ms.topic: conceptual -ms.date: 06/12/2024 +ms.date: 10/01/2024 ms.localizationpriority: medium ms.collection: - m365-security @@ -163,7 +163,7 @@ After you determine that an email message is a threat, the next step is remediat > > If you select 101 to 200,000 entries, only the following actions are available in the **Take action** wizard: > - > - **Threat Explorer**: **Move to mailbox** and **Propose remediation** are available, but they're mutually exclusive (you can select one or the other). + > - **Threat Explorer**: **Move or delete** and **Propose remediation** are available, but they're mutually exclusive (you can select one or the other). > - **Real-time detections**: Only **Submit to Microsoft for review** and creating corresponding allow/block entries in the Tenant Allow/Block list are available. - Click on the **Subject** value of an entry in the table. The details flyout that opens contains :::image type="icon" source="media/m365-cc-sc-take-actions-icon.png" border="false"::: **Take action** at the top of the flyout. @@ -176,7 +176,7 @@ Selecting :::image type="icon" source="media/m365-cc-sc-take-actions-icon.png" b |Action|Defender for
Office 365 Plan 2|Defender for
Office 365 Plan 1| |---|:---:|:---:| -|**Move to mailbox folder**|✔¹|| +|**Move or delete**|✔¹|| |  Release quarantined messages to some or all original recipients²|✔|| |**Submit to Microsoft for review**|✔|✔| |  **Allow or block entries in the Tenant Allow/Block List**³|✔|✔| @@ -197,11 +197,11 @@ The **Take action** wizard is described in the following list: By default, some actions are unavailable/grayed out based on the **Latest delivery location** value of the message. To show all available response actions, slide the toggle to :::image type="icon" source="media/scc-toggle-on.png" border="false"::: **On**. - - **Move to mailbox folder**: Select one of the available values that appear: + - **Move or delete**: Select one of the available values that appear: - **Junk**: Move the message to the Junk Email folder. - **Inbox**: Move the message to the Inbox. Selecting this value might also reveal the following options: - - **Move back to Sent Items folder**: If the message was sent by an internal sender and the message was soft deleted (moved to the Recoverable Items\Deletions folder), selecting this option tries to move the message back to the Sent Items folder. This option is an undo action if you previously selected **Move to mailbox folder** \> **Soft deleted items** and also selected **Delete sender's copy** on a message. + - **Move back to Sent Items folder**: If the message was sent by an internal sender and the message was soft deleted (moved to the Recoverable Items\Deletions folder), selecting this option tries to move the message back to the Sent Items folder. This option is an undo action if you previously selected **Move or delete** \> **Soft deleted items** and also selected **Delete sender's copy** on a message. - For messages with the value **Quarantine** for the **Latest delivery location** property, selecting **Inbox** releases the message from quarantine, so the following options are also available: - **Release to one or more of the original recipients of the e-mail**: If you select this value, a box appears where you can select or deselect the original recipients of the quarantined message. From 91a5164a6a955cf623039f12c8b6bfa3ce4d6adb Mon Sep 17 00:00:00 2001 From: Chris Davis Date: Tue, 1 Oct 2024 10:53:49 -0700 Subject: [PATCH 3/3] Update quarantine-admin-manage-messages-files.md --- defender-office-365/quarantine-admin-manage-messages-files.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/defender-office-365/quarantine-admin-manage-messages-files.md b/defender-office-365/quarantine-admin-manage-messages-files.md index 8c43a6ae19..648559bdbe 100644 --- a/defender-office-365/quarantine-admin-manage-messages-files.md +++ b/defender-office-365/quarantine-admin-manage-messages-files.md @@ -288,7 +288,7 @@ If you don't release or remove a message, it's automatically deleted from quaran > > - Admins can use [message trace](message-trace-defender-portal.md) to determine if a released message was delivered to the recipient's Inbox. > -> - Selecting **Move to mailbox folder** \> **Inbox** on quarantined messages in :::image type="icon" source="media/m365-cc-sc-take-actions-icon.png" border="false"::: **Take action** from other Defender for Office 365 features (for example, Explorer (Threat Explorer) or the Email entity page) also allows you to release messages from quarantine. For more information, see [Threat hunting: The Take action wizard](threat-explorer-threat-hunting.md#the-take-action-wizard). +> - Selecting **Move or delete** \> **Inbox** on quarantined messages in :::image type="icon" source="media/m365-cc-sc-take-actions-icon.png" border="false"::: **Take action** from other Defender for Office 365 features (for example, Explorer (Threat Explorer) or the Email entity page) also allows you to release messages from quarantine. For more information, see [Threat hunting: The Take action wizard](threat-explorer-threat-hunting.md#the-take-action-wizard). After you select the message, use either of the following methods to release it: