Skip to content

Commit

Permalink
Merge branch 'public' into patch-1
Browse files Browse the repository at this point in the history
  • Loading branch information
denisebmsft authored Sep 19, 2024
2 parents a9528b0 + 992dca3 commit 484eee4
Show file tree
Hide file tree
Showing 8 changed files with 46 additions and 18 deletions.
16 changes: 7 additions & 9 deletions defender-endpoint/mac-whatsnew.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ author: dansimp
ms.author: dansimp
manager: deniseb
ms.localizationpriority: medium
ms.date: 08/27/2024
ms.date: 09/19/2024
audience: ITPro
ms.collection:
- m365-security
Expand Down Expand Up @@ -37,10 +37,10 @@ For more information on Microsoft Defender for Endpoint on other operating syste

**Known issues**

Apple fixed an issue on macOS [Ventura upgrade](https://developer.apple.com/documentation/macos-release-notes/macos-13_1-release-notes), and [Sonoma upgrade](https://developer.apple.com/forums/thread/737824#773449022) with the latest OS update. The issue impacts Microsoft Defender for Endpoint security extensions, and might result in losing Full Disk Access Authorization, impacting its ability to function properly.

In macOS Sonoma 14.3.1, Apple made a change to the [handling of Bluetooth devices](https://developer.apple.com/forums/thread/738748) that impacts Defender for Endpoint device controls ability to intercept and block access to Bluetooth devices. At this time, the recommended mitigation is to use a version of macOS less than 14.3.1.

> [!NOTE]
> - Apple fixed an issue on macOS [Ventura upgrade](https://developer.apple.com/documentation/macos-release-notes/macos-13_1-release-notes), and [Sonoma upgrade](https://developer.apple.com/forums/thread/737824#773449022) with the latest OS update. The issue impacts Microsoft Defender for Endpoint security extensions, and might result in losing Full Disk Access Authorization, impacting its ability to function properly.
> - In macOS Sonoma 14.3.1, Apple made a change to the [handling of Bluetooth devices](https://developer.apple.com/forums/thread/738748) that impacts Defender for Endpoint device controls ability to intercept and block access to Bluetooth devices. At this time, the recommended mitigation is to use a version of macOS less than 14.3.1.
> - In both macOS Sonoma and Sequoia builds, Network Protection capabilities may be impacted due to changes in Apple's internal networking structure resulting in crashes of the network extension (NetExt). This will result in intermittent network connectivity issues for end users. We are recommending that customers who have Network Protection enabled in their organization refrain from upgrading to Sonoma / Seqouia builds at this time.
**Sequoia support**

Microsoft Defender supports macOS Sequoia (15) in the current Defender release.
Expand Down Expand Up @@ -1022,11 +1022,9 @@ Live Response for macOS is now available for all Mac devices onboarded to Defend

> [!CAUTION]
> macOS 10.15 (Catalina) contains new security and privacy enhancements. Beginning with this version, by default, applications are not able to access certain locations on disk (such as Documents, Downloads, Desktop, etc.) without explicit consent. In the absence of this consent, Microsoft Defender for Endpoint is not able to fully protect your device.
>
> The mechanism for granting this consent depends on how you deployed Microsoft Defender for Endpoint:
>
> > The mechanism for granting this consent depends on how you deployed Microsoft Defender for Endpoint:
> - For manual deployments, see the updated instructions in the [Manual deployment topic](mac-install-manually.md#allow-full-disk-access).
> - For managed deployments, see the updated instructions in the [JAMF-based deployment](mac-install-with-jamf.md) and [Microsoft Intune-based deployment](mac-install-with-intune.md#create-system-configuration-profiles) topics.
- For managed deployments, see the updated instructions in the [JAMF-based deployment](mac-install-with-jamf.md) and [Microsoft Intune-based deployment](mac-install-with-intune.md#create-system-configuration-profiles) topics.

- Performance improvements & bug fixes

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,10 @@ description: Learn about Microsoft Defender Antivirus with other security produc
ms.service: defender-endpoint
ms.subservice: ngp
ms.localizationpriority: medium
ms.date: 09/07/2024
ms.date: 09/18/2024
ms.topic: conceptual
author: siosulli
ms.author: siosulli
author: denisebmsft
ms.author: deniseb
ms.custom:
- nextgen
- partner-contribution
Expand Down Expand Up @@ -128,7 +128,8 @@ In order for Microsoft Defender Antivirus to run in passive mode, endpoints must

- Operating system: Windows 10 or newer; Windows Server 2022, Windows Server 2019, or Windows Server, version 1803, or newer <br/>(Windows Server 2012 R2 and Windows Server 2016 if onboarded using the [modern, unified solution](configure-server-endpoints.md)).
- Microsoft Defender Antivirus must be installed.
- Another non-Microsoft antivirus/antimalware product must be installed and used as the primary antivirus solution.
- Another non-Microsoft antivirus/antimalware product must be installed and used as the primary antivirus solution. ([Add Microsoft Defender for Endpoint to your exclusion list for your existing solution](/defender-endpoint/switch-to-mde-phase-2)).

- Endpoints must be onboarded to Defender for Endpoint.

> [!IMPORTANT]
Expand Down
14 changes: 9 additions & 5 deletions defender-endpoint/microsoft-defender-endpoint-mac.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@ title: Microsoft Defender for Endpoint on Mac
ms.reviewer: yongrhee, pahuijbr
description: Learn how to install, configure, update, and use Microsoft Defender for Endpoint on Mac.
ms.service: defender-endpoint
ms.author: siosulli
author: siosulli
ms.author: deniseb
author: denisebmsft
ms.localizationpriority: medium
manager: deniseb
audience: ITPro
Expand All @@ -15,7 +15,7 @@ ms.collection:
ms.topic: conceptual
ms.subservice: macos
search.appverid: met150
ms.date: 08/06/2024
ms.date: 09/17/2024
---

# Microsoft Defender for Endpoint on Mac
Expand Down Expand Up @@ -71,9 +71,13 @@ There are several methods and deployment tools that you can use to install and c

The three most recent major releases of macOS are supported.

- 15 (Sequoia), 14 (Sonoma), 13 (Ventura), 12 (Monterey)
- 15 (Sequoia)

> [!IMPORTANT]
- 14 (Sonoma)

- 13 (Ventura)

> [!IMPORTANT]
> On macOS 11 (Big Sur) and above, Microsoft Defender for Endpoint requires additional configuration profiles. If you are an existing customer upgrading from earlier versions of macOS, make sure to deploy the additional configuration profiles listed on [New configuration profiles for macOS Big Sur and newer versions of macOS](mac-sysext-policies.md).
- Supported processors: x64 and ARM64
Expand Down
12 changes: 12 additions & 0 deletions defender-for-iot/includes/site-association.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
---
author: limwainstein
ms.author: lwainstein
ms.date: 06/24/2024
ms.topic: include
ms.service: microsoft-defender-iot
---

>[!NOTE]
>
>Currently, devices discovered in the Defender XDR portal aren't synchronized with Azure, and therefore the list of devices discovered could be different in each portal.
>
2 changes: 2 additions & 0 deletions defender-for-iot/manage-devices-inventory.md
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,8 @@ To customize the device inventory views:
- [Use filters](/defender-endpoint/machines-view-overview#use-filters-to-customize-the-device-inventory-views)
- [Use columns](/defender-endpoint/machines-view-overview#use-columns-to-customize-the-device-inventory-views)

[!INCLUDE [defender-iot-site-association](includes/site-association.md)]

## Manage OT devices

- [Explore the device inventory](/defender-endpoint/machines-view-overview#explore-the-device-inventory) including search, export to CSV, and more.
Expand Down
2 changes: 2 additions & 0 deletions defender-for-iot/set-up-sites.md
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,8 @@ In this stage, you configure Defender for IoT to associate OT devices to the sit

1. Select **Next** to review the site details.

[!INCLUDE [defender-iot-site-association](includes/site-association.md)]

## Review site details

Review that information for the site you want to create:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ Current asset types are:
| Network Admin Device | Device | Medium | Critical devices used to configure, manage, and monitor the network assets within the organization are vital for network administration and are at high risk of cyber threats. They require top-level security to prevent unauthorized access. |
| VMware ESXi | Device | High | The VMware ESXi hypervisor is essential for running and managing virtual machines within your infrastructure. As a bare-metal hypervisor, it's providing the foundation for creating and managing virtual resources. |
| VMware vCenter | Device | High | The VMware vCenter Server is crucial for managing virtual environments. It provides centralized management of virtual machines and ESXi hosts. If it fails, it could disrupt the administration and control of your virtual infrastructure, including provisioning, migration, load balancing of virtual machines, and datacenter automation. However, as there are often redundant vCenter Servers and High Availability configurations, the immediate halt of all operations might not occur. Its failure could still cause significant inconvenience and potential performance issues |
| Hyper-V Server | Device | High | The Hyper-V hypervisor is essential for running and managing virtual machines within your infrastructure, serving as the core platform for their creation and management. If the Hyper-V host fails, it can lead to the unavailability of hosted virtual machines, potentially causing downtime and disrupting business operations. Moreover, it can result in significant performance degradation and operational challenges. Ensuring the reliability and stability of Hyper-V hosts is therefore critical for maintaining seamless operations in a virtual environment. |

##### Identity

Expand Down
8 changes: 8 additions & 0 deletions exposure-management/whats-new.md
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,14 @@ Security Exposure Management is currently in public preview.
## September 2024

### New predefined classifications

The following predefined classification rule was added to the critical assets list:

| Classification | Description |
| ------------------------------------------------------------ | ------------------------------------------------------------ |
| **Hyper-V Server** | This rule applies to devices identified as Hyper-V servers within a domain. These servers are essential for running and managing virtual machines within your infrastructure, serving as the core platform for their creation and management. |

### Enhanced visibility for scoped users

This change now allows users who have been granted access to only some of the organization's devices to see the list of affected assets in metrics, recommendations, events, and initiative history within their specific scope.
Expand Down

0 comments on commit 484eee4

Please sign in to comment.