Merge pull request #21267 from MicrosoftDocs/main

publish main to live, Monday 7/3 10 AM

Author: American-Dipper

microsoft-365/enterprise/connect-to-microsoft-365-powershell.md

@@ -3,7 +3,7 @@ title: "Connect to Microsoft 365 with PowerShell"
 ms.author: kvice
 author: kelleyvice-msft
 manager: scotv
-ms.date: 08/10/2020
+ms.date: 06/30/2023
 audience: ITPro
 ms.topic: article
 ms.service: microsoft-365-enterprise
@@ -140,12 +140,13 @@ These steps are required only one time on your computer. But you'll likely need
   
 1.  If you're not running Windows 10, install the 32-bit version of the Microsoft Online Services Sign-in Assistant: [Microsoft Online Services Sign-in Assistant for IT Professionals RTW](https://download.microsoft.com/download/7/1/E/71EF1D05-A42C-4A1F-8162-96494B5E615C/msoidcli_32bit.msi).
     
-2. Follow these steps to install the Microsoft Azure Active Directory Module for Windows PowerShell:
+2. Follow these steps to install and import the Microsoft Azure Active Directory Module for Windows PowerShell:
     
    1. Open an elevated Windows PowerShell command prompt (run Windows PowerShell as an administrator).
    1.  Run the **Install-Module MSOnline** command.
    1. If you're prompted to install the NuGet provider, type **Y** and press Enter.
    1. If you're prompted to install the module from PSGallery, type **Y** and press Enter.
+   1. Run the **Import-Module MSOnline** command to import the module.
     
 ### Step 2: Connect to Azure AD for your Microsoft 365 subscription
 

microsoft-365/enterprise/desktop-deployment-center-home.md

@@ -5,7 +5,7 @@ f1.keywords:
 ms.author: kvice
 author: kelleyvice-msft
 manager: scotv
-ms.date: 08/10/2020
+ms.date: 06/30/2023
 audience: ITPro
 ms.topic: article
 ms.service: microsoft-365-enterprise

microsoft-365/includes/microsoft-365-content-updates.md

@@ -34,15 +34,15 @@ Devices must be enrolled in Microsoft Intune. For more information on enrollment
 
 
 > [!NOTE]
-> If data doesn’t show up for a specific tenant, verify that the policy is enabled. From the tenant’s deployment plan, under **Set up device enrollment**, verify that **Device health monitoring policy** is compliant. If not compliant, deploy the policy.
+> If data doesn't show up for a specific tenant, verify that the policy is enabled. From the tenant's deployment plan, under **Set up device enrollment**, verify that **Device health monitoring policy** is compliant. If not compliant, deploy the policy.
 
 ## Overview tab
 
 The Overview tab provides a multi-tenant view of device health, including the total number of restarts and blue screens. Select a tenant from the list to see device-specific details.
 
 The Overview tab also includes the following options:
 
-- **Tenant filter:** Filter by tenant or tag.
+- **Tenants filter:** Filter by tenant or tag.
 
 - **Date filter:** Filter by date range.
 
@@ -70,7 +70,7 @@ Select a device from the list for more detailed device information, including a
 
 The Devices tab also includes the following options:
 
-- **Tenant filter:** Filter by tenant or tag.
+- **Tenants filter:** Filter by tenant or tag.
 
 - **Date filter:** Filter by date range.
 

microsoft-365/lighthouse/m365-lighthouse-device-health-overview.md

@@ -103,7 +103,7 @@ Tags that are currently assigned have a check mark to the right of the name. You
 
 ## Next steps
 
-After you've created and assigned tags, you can use them to filter your tenants. Go to any of the other pages (Users, Devices, Threat management, or Windows 365) and select one or more tags from the Tenant filter. You can create new tags to support specific views based on each page.
+After you've created and assigned tags, you can use them to filter your tenants. Go to any of the other pages (Users, Devices, Threat management, or Windows 365) and select one or more tags from the Tenants filter. You can create new tags to support specific views based on each page.
 
 ## Related content
 

microsoft-365/lighthouse/m365-lighthouse-manage-tenant-list.md

@@ -37,19 +37,23 @@ The Tenants page also includes the following options:
 
 ## Tenant list
 
-The tenant list provides insights into the different customer tenants that you have a contract with, including their Lighthouse management status. The tenant list also lets you tag tenants to provide different filters throughout Lighthouse, and drill down to learn more about a given tenant and the status of its deployment plan.
+The tenant list provides insights into the different customer tenants that you have a contract with, including their Lighthouse management status. The tenant list also lets you tag tenants to provide different filters throughout Lighthouse, manage services for tenants in the applicable admin center, and drill down to learn more about a given tenant and the status of its deployment plan.
 
 After your customer tenants meet the [Lighthouse onboarding requirements](m365-lighthouse-requirements.md), their status will show as **Active** in the tenant list.
 
 The tenant list lets you:
 
+- Access applicable admin centers to manage services for your customer tenants.
 - Automatically sort tenants by active, inactive, and ineligible.
 - Export the tenant list.
 - Assign and manage tags.
 - Search for tenants by name.
 - Filter tenants by status, delegated admin privilege (DAP), and tags.
 
-To inactivate a tenant or view and manage tags, select the three dots (more actions) next to the tenant name. You can view individual tenants by either selecting the tenant name or by selecting one of the tags assigned to the tenant.
+To inactivate a tenant, manage tenant services, or view and manage tags, select the three dots (more actions) next to the tenant name. You can view individual tenants by either selecting the tenant name or by selecting one of the tags assigned to the tenant.
+
+> [!TIP]
+> You can also use the Tenants filter at the top of any page in Lighthouse to select a tenant and then access applicable admin centers to manage services for that tenant.
 
 For information on how to add customer tenants, see [Add and manage multiple tenants in your Partner Center account](/partner-center/multi-tenant-account).
 

microsoft-365/lighthouse/m365-lighthouse-tenants-page-overview.md

@@ -7,7 +7,7 @@ manager: dansimp
 ms.reviewer: joshbregman
 ms.service: microsoft-365-security
 ms.subservice: mde
-ms.date: 06/01/2023
+ms.date: 07/04/2023
 ms.topic: overview
 ms.collection: 
 - tier1
@@ -104,11 +104,29 @@ Attackers can be preventing from discovering existing antivirus exclusions by en
 
 When tampering is detected, an alert is raised. Some of the alert titles for tampering are:
 
+- Attempt to bypass Microsoft Defender for Endpoint client protection
+- Attempt to stop Microsoft Defender for Endpoint sensor
+- Attempt to tamper with Microsoft Defender on multiple devices
+- Attempt to turn off Microsoft Defender Antivirus protection
+- Defender detection bypass
+- Driver-based tampering attempt blocked
+- Image file execution options set for tampering purposes
+- Microsoft Defender Antivirus protection turned off
+- Microsoft Defender Antivirus tampering
+- Modification attempt in Microsoft Defender Antivirus exclusion list
+- Pending file operations mechanism abused for tampering purposes
 - Possible Antimalware Scan Interface (AMSI) tampering
+- Possible remote tampering
+- Possible sensor tampering in memory
 - Potential attempt to tamper with MDE via drivers
+- Security software tampering
+- Suspicious Microsoft Defender Antivirus exclusion
 - Tamper protection bypass
+- Tampering activity typical to ransomware attacks
+- Tampering with Microsoft Defender for Endpoint sensor communication
+- Tampering with Microsoft Defender for Endpoint sensor settings 
 - Tampering with the Microsoft Defender for Endpoint sensor
-- Possible tampering with protected processes
+
 
 If the [Block abuse of exploited vulnerable signed drivers](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference#block-abuse-of-exploited-vulnerable-signed-drivers) attack surface reduction (ASR) rule is triggered, the event is viewable in the [ASR Report](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-report) and in [Advanced Hunting](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-operationalize#asr-rules-advanced-hunting)
 

microsoft-365/security/defender-endpoint/tamper-resiliency.md

@@ -84,7 +84,7 @@ The table below lists the changes in navigation between Microsoft Defender for I
 | **Defender for** Identity  | **Microsoft 365 Defender**                                   |
 | -------------------------- | ------------------------------------------------------------ |
 | **Timeline**                   |- Microsoft 365 Defender Alerts/Incidents queue                |
-| **Reports**                    |- Lateral movement path and passwords exposed in cleartext reports are covered by the [Identity security posture assessments](/defender-for-identity/security-assessment#assessment-reports) (ISPM)<br><br>- Health issues are available in **Settings** -> **Identities** -> **Health issues**<br><br>- View a summary of alerts by exporting the alerts queue or from the **Advanced hunting** page, which provides 30 days of data<br><br>- Modify sensitive groups from the **Advanced hunting** page<br><br>**Tip**: Use the **Advanced hunting** page to create customized reports in Microsoft 365 Defender.                                    |
+| **Reports**                    |The following types of reports are available from the **Settings > Identities > Report management** page in Microsoft 365 Defender, either for immediate download or scheduled for a periodic email delivery: <br><br>- A summary report of alerts and health issues you should take care of. <br>- A list of each time a modification is made to sensitive groups. <br>- A list of source computer and account passwords that are detected as being sent in clear text.<br>- A list of the sensitive accounts exposed in lateral movement paths. <br><br>For more information, see [Report management](/defender-for-identity/reports).  |
 | **Identity page**                  | Microsoft 365 Defender user details page                             |
 | **Device page**                | Microsoft 365 Defender device details page                           |
 | **Group page**                 | Microsoft 365 Defender groups side pane                      |