Merge branch 'main' into docs-editor/defender-endpoint-demonstratio-1705427731

Author: Dansimp

copilot/index.yml

@@ -25,8 +25,8 @@ additionalContent:
         # Card
         - title: Get ready for Copilot for Microsoft 365
           links:
-            - text: Copilot for Microsoft 365 overview
-              url: microsoft-365-copilot-overview.md
+            - text: Apply principles of Zero Trust to Microsoft Copilot for Microsoft 365
+              url: /security/zero-trust/zero-trust-microsoft-365-copilot
             - text: Sensitivity labels
               url: /microsoft-365/compliance/sensitivity-labels
             - text: Review current access, Entra ID
@@ -40,10 +40,14 @@ additionalContent:
         # Card
         - title: Get started with Copilot for Microsoft 365
           links:
+            - text: Copilot for Microsoft 365 overview
+              url: microsoft-365-copilot-overview.md
             - text: Requirements
               url: microsoft-365-copilot-requirements.md
-            - text: Setup
+            - text: Get started
               url: microsoft-365-copilot-setup.md
+            - text: Wizard-based setup guide
+              url: https://go.microsoft.com/fwlink/?linkid=2249661
             - text: Change update channel of Microsoft 365 Apps to enable Copilot
               url: /deployoffice/updates/change-channel-for-copilot
             - text: Enable users
@@ -55,23 +59,23 @@ additionalContent:
           links:
             - text: Data, Privacy, and Security
               url: microsoft-365-copilot-privacy.md
-            - text: Apply principles of Zero Trust to Microsoft 365 Copilot
-              url: /security/zero-trust/zero-trust-microsoft-365-copilot
             - text: Zero trust illustrations
               url: /security/zero-trust/zero-trust-tech-illus#zero-trust-for-microsoft-365-copilot
             - text: Microsoft Purview data security and compliance protections for Microsoft Copilot
               url: /purview/ai-microsoft-purview
             - text: Isolation controls
               url: /compliance/assurance/assurance-microsoft-365-isolation-controls
         # Card
-        - title: Manage and extend Copilot for Microsoft 365
+        - title: Manage Copilot for Microsoft 365
           links:
             - text: Manage Copilot for Microsoft 365 with the Copilot page
               url: microsoft-365-copilot-page.md
             - text: Manage Plugins in Integrated Apps (PREVIEW)
               url: /microsoft-365/admin/manage/manage-plugins-for-copilot-in-integrated-apps
-            - text: Related admin controls
+            - text: Related Microsoft 365 admin controls
               url: /microsoft-365/solutions/tenant-management-overview
+            - text: Manage Copilot with commercial data protection
+              url: /copilot/overview
 
         # Card
         - title: Get trained on Copilot for Microsoft 365

microsoft-365/commerce/licenses/product-keys-faq.yml

@@ -34,7 +34,7 @@ sections:
           For more information, see [Online Service Activation for Open programs FAQ](/licensing/online-service-activation-faq).
 
       - question: |
-          How do I find product keys in the Microsoft 365 admin center?
+          How to find product keys in the Microsoft 365 admin center
         answer: |
           1. Sign into the Microsoft 365 admin center. 
           2. Go to **Billing** > **Your products** > **Volume licensing** > **Downloads & keys** > hover on product and select **View keys**.
@@ -44,14 +44,14 @@ sections:
           Select **Download all product keys** to download the keys displayed for a license to a local drive.
 
       - question: |
-          How do I find SQL Server product keys?
+          How to find SQL Server product keys
         answer: |
           The SQL license key is embedded in the software's activation wizard rather than displayed in the admin center and is detected automatically during installation. For more information, see [The SQL Server Installation Guide](/sql/database-engine/install-windows/install-sql-server).
 
           You can also find the key by downloading the SQL ISO file from the admin center > ..\x64 folder > DefaultSetup.ini file. Make sure to back up any existing version before installing or upgrading SQL editions. If you need help with troubleshooting technical issues during product installation or online service activation, contact Microsoft Technical Support by submitting a [Technical Support request](https://support.microsoft.com/oas).
 
       - question: |
-          How do I find a product key for Volume Licensing purchase?
+          How to find a product key for Volume Licensing purchase
         answer: |
           If your agreement authorizes access to a product that requires a key, you can find those keys by going to **Billing** > **Your products** > **Volume licensing** > **Downloads & keys**. 
 
@@ -159,7 +159,7 @@ sections:
           The number of activations available for a product won't always match the number of licenses purchased. Usually, you receive more activations in case you need to reinstall and activate some of your products. Check the Licensing Summary section of your agreement to view the number of licenses.
 
       - question: |
-          How do I request an increase to MAK activation limits?
+          How to request an increase to MAK activation limits
         answer: |
           Increases to MAK activation quantity can be requested via web form and are granted by exception. For Canada and the United States, submit [Volume Licensing Support Requests](https://support.microsoft.com/supportrequestform/2afa6f15-b710-db46-909a-8346017c802f). For all other countries/regions, submit a [Support Web Form](/licensing/contact-us). 
 
@@ -172,7 +172,7 @@ sections:
             - Business justification or reason for deployment.
 
       - question: |
-          How do I activate licenses using a Multiple Activation Key (MAK)?
+          How to activate licenses using a Multiple Activation Key (MAK)
         answer: |
           You can activate licenses in one of two ways using MAK:
 
@@ -223,7 +223,7 @@ sections:
             - Run a Windows Server virtual machine on a newer version of Windows Server.
 
       - question: |
-          How do I activate Windows Terminal Server and Remote Desktop Service (RDS)?
+          How to activate Windows Terminal Server and Remote Desktop Service (RDS)
         answer: |
           After you download your server media from the VLSC you can activate it by using the product activation wizard. You don't need to locate a volume license key or product set up key in the VLSC. Completing all the activation wizard steps prompts the Server to connect with the Microsoft Clearing House via the internet to validate the data. Alternatively, for offline servers the activation wizard offers phone or web activation.
 
@@ -249,7 +249,7 @@ sections:
           For more information on re-imaging rights, see [Product licensing briefs](https://www.microsoft.com/licensing/docs/view/Licensing-Briefs).
 
       - question: |
-          How do I download my keys to a local file?
+          How to download my keys to a local file
         answer: |
           The Microsoft 365 admin center offers an option to download product keys to a local file for later use. When you download product keys from the Downloads and Keys page, the file contains all Volume License Keys associated with agreements in your admin center profile. However, if you download keys from the Licensing ID view on the Relationship Summary page, the file contains only the keys associated with the Licensing ID you're viewing.
 
@@ -266,7 +266,7 @@ sections:
   - name: Support
     questions:
       - question: |
-          How do I contact support?
+          How to contact support
         answer: |
           Microsoft 365 admin center customers can contact support by phone or by web form. Microsoft responds to web form submissions within 24 hours. To contact support, see [Contact Us](/licensing/contact-us).
           

microsoft-365/security/defender-endpoint/defender-endpoint-demonstration-attack-surface-reduction-rules.md

@@ -19,15 +19,17 @@ ms.collection:
 - demo
 ms.topic: article
 ms.subservice: asr
-ms.date: 10/21/2022
+ms.date: 01/15/2024
 ---
 
 # Attack surface reduction rules demonstrations
 
 **Applies to:**
 
-- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037)
 - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- [Microsoft Defender for Business](https://www.microsoft.com/security/business/endpoint-security/microsoft-defender-business)
+- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- [Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)
 
 Attack surface reduction rules target specific behaviors that are typically used by malware and malicious apps to infect machines, such as:
 
@@ -37,8 +39,8 @@ Attack surface reduction rules target specific behaviors that are typically used
 
 ## Scenario requirements and setup
 
-- Windows 10 1709 build 16273
-- Windows 10 1803 build (1803 rules)
+- Windows 11, Windows 10 1709 build 16273 or later
+- Windows Server 2022, Windows Server 2019, Windows Server 2016 and Windows Server 2012 R2 with the unified MDE client.
 - Microsoft Defender AV
 - Microsoft Office (required for Office rules and sample)
 - [Download attack surface reduction PowerShell scripts](https://demo.wd.microsoft.com/Content/WindowsDefender_ASR_scripts.zip)
@@ -132,7 +134,7 @@ You should immediately see an "Action blocked" notification.
 
 You should immediately see an "Action blocked" notification.
 
-### Scenario 3 (1803): ASR rule blocks unsigned USB content from executing
+### Scenario 3 (Windows 10 version 1803 or later): ASR rule blocks unsigned USB content from executing
 
 1. Configure the rule for USB protection (B2B3F03D-6A65-4F7B-A9C7-1C7EF74A9BA4).
 
@@ -162,6 +164,7 @@ Download and run this [clean-up script](https://demo.wd.microsoft.com/Content/AS
 
 Alternately, you can perform these manual steps:
 
+
 ```powershell
 Add-MpPreference -AttackSurfaceReductionRules_Ids BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550 -AttackSurfaceReductionRules_Actions Disabled
 Add-MpPreference -AttackSurfaceReductionRules_Ids D4F940AB-401B-4EfC-AADC-AD5F3C50688A -AttackSurfaceReductionRules_Actions Disabled
@@ -174,10 +177,15 @@ Add-MpPreference -AttackSurfaceReductionRules_Ids D1E49AAC-8F56-4280-B9BA-993A6D
 Add-MpPreference -AttackSurfaceReductionRules_Ids B2B3F03D-6A65-4F7B-A9C7-1C7EF74A9BA4 -AttackSurfaceReductionRules_Actions Disabled
 Add-MpPreference -AttackSurfaceReductionRules_Ids C1DB55AB-C21A-4637-BB3F-A12568109D35 -AttackSurfaceReductionRules_Actions Disabled
 Add-MpPreference -AttackSurfaceReductionRules_Ids 01443614-CD74-433A-B99E-2ECDC07BFC25 -AttackSurfaceReductionRules_Actions Disabled
+Add-MpPreference -AttackSurfaceReductionRules_Ids 56a863a9-875e-4185-98a7-b882c64b5ce5 -AttackSurfaceReductionRules_Actions Disabled
+Add-MpPreference -AttackSurfaceReductionRules_Ids 9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2 -AttackSurfaceReductionRules_Actions Disabled
+Add-MpPreference -AttackSurfaceReductionRules_Ids e6db77e5-3df2-4cf1-b95a-636979351e5b -AttackSurfaceReductionRules_Actions Disabled
+Add-MpPreference -AttackSurfaceReductionRules_Ids a8f5898e-1dc8-49a9-9878-85004b8a61e6 -AttackSurfaceReductionRules_Actions Disabled
 Add-MpPreference -AttackSurfaceReductionRules_Ids 26190899-1602-49E8-8B27-EB1D0A1CE869 -AttackSurfaceReductionRules_Actions Disabled
 Add-MpPreference -AttackSurfaceReductionRules_Ids 7674BA52-37EB-4A4F-A9A1-F0F9A1619A2C -AttackSurfaceReductionRules_Actions Disabled
 ```
 
+  
 Cleanup **c:\demo** encryption by running the [encrypt/decrypt file](https://demo.wd.microsoft.com/Content/ransomware_cleanup_encrypt_decrypt.exe)
 
 ## See also

microsoft-365/security/defender-endpoint/defender-endpoint-demonstration-block-at-first-sight-bafs.md

@@ -26,14 +26,19 @@ ms.date: 10/21/2022
 
 **Applies to:**
 
-- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037)
 - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- [Microsoft Defender for Business](https://www.microsoft.com/security/business/endpoint-security/microsoft-defender-business)
+- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- [Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)
+- [Microsoft Defender for Individuals](https://www.microsoft.com/microsoft-365/microsoft-defender-for-individuals)
 
 Block at First Sight, is a feature of Microsoft Defender Antivirus cloud-delivered protection that provides a way to detect and block new malware within seconds. You can test that it is working as expected by downloading a fake malware file.
 
 ## Scenario requirements and setup
 
-- Windows 10 Anniversary update (1607) or later
+- Windows 11, Windows 10 Anniversary update (1607) or later
+- Windows Server 2022, Windows Server 2019, Windows Server 2016, and Windows Server 2012 R2 with the new unified Defender for Endpoint client. 
+
 - Cloud protection is enabled
 - You can [download and use the Powershell script](https://www.powershellgallery.com/packages/WindowsDefender_InternalEvaluationSettings/) to enable this setting and others
 

microsoft-365/security/defender-endpoint/defender-endpoint-demonstration-potentially-unwanted-applications.md

@@ -26,15 +26,20 @@ ms.date: 11/20/2023
 
 **Applies to:**
 
-- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037)
 - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- [Microsoft Defender for Business](https://www.microsoft.com/security/business/endpoint-security/microsoft-defender-business)
+- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- [Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)
+- [Microsoft Defender for Individuals](https://www.microsoft.com/microsoft-365/microsoft-defender-for-individuals)
 
 The Potentially Unwanted Applications (PUA) protection feature in Microsoft Defender Antivirus can identify and block PUAs from downloading and installing on endpoints in your network. These applications aren't considered viruses, malware, or other types of threats, but might perform actions on endpoints that adversely affect their performance or use.
 
 ## Scenario requirements and setup
 
-- Windows 10, Windows 11
-
+- Windows 11 or Windows 10
+- Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, and Windows Server 2008 R2 SP1
+- macOS
+- Linux
 - Enable PUA protection. For more information, see the [Detect and block Potentially Unwanted Applications](detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md) article.
 - You can also [download and use the PowerShell script](https://www.powershellgallery.com/packages/WindowsDefender_InternalEvaluationSettings/) to enable this setting and others.
 

microsoft-365/security/defender-endpoint/defender-endpoint-demonstration-smartscreen-url-reputation.md

@@ -19,20 +19,22 @@ ms.collection:
 - demo
 ms.topic: article
 ms.subservice: asr
-ms.date: 10/21/2022
+ms.date: 01/15/2024
 ---
 
 # URL reputation demonstrations
 
 **Applies to:**
 
-- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037)
 - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- [Microsoft Defender for Business](https://www.microsoft.com/security/business/endpoint-security/microsoft-defender-business)
+- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037)
 
 Test how Microsoft Defender SmartScreen helps you identify phishing and malware websites based on URL reputation.
 Scenario requirements and setup
 
-- Windows 10 or 11
+- Windows 11 or Windows
+- Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2 and Windows Server 2008 R2 SP1.
 - Microsoft Edge browser required
 - For more information, see [Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)
 

microsoft-365/security/defender-endpoint/edr-detection.md

@@ -19,14 +19,70 @@ ms.custom: admindeeplinkDEFENDER
 ms.topic: conceptual
 ms.subservice: mde
 search.appverid: met150
-ms.date: 11/17/2023
+ms.date: 01/15/2024
 ---
+
 # EDR detection test for verifying device's onboarding and reporting services
 
+#### Applies to:
+
+- [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- [Microsoft Defender for Business](https://www.microsoft.com/security/business/endpoint-security/microsoft-defender-business)
+
+## Scenario requirements and setup
+
+- Windows 11, Windows 10 version 1709 build 16273 or newer, Windows 8.1, or Windows 7 SP1.
+- Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, and Windows Server 2008 R2 SP1.
+- Linux
+- macOS
+- Microsoft Defender for Endpoint
+- Microsoft Defender for Endpoint on Linux
+- Microsoft Defender for Endpoint on macOS
+
 Endpoint detection and response for Endpoint provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats.
 
 Run an EDR detection test to verify that the device is properly onboarded and reporting to the service. Perform the following steps on the newly onboarded device:
 
+### Windows
+
+1. Open a Command Prompt window
+
+2. At the prompt, copy and run the command below. The Command Prompt window will close automatically.
+
+
+```powershell
+powershell.exe -NoExit -ExecutionPolicy Bypass -WindowStyle Hidden $ErrorActionPreference= 'silentlycontinue';(New-Object System.Net.WebClient).DownloadFile('http://127.0.0.1/1.exe', 'C:\\test-WDATP-test\\invoice.exe');Start-Process 'C:\\test-WDATP-test\\invoice.exe'
+```
+
+3. If successful, the detection test will be marked as completed and a new alert will appear in few minutes.
+
+### Linux
+
+1. Download [script file](https://aka.ms/LinuxDIY) to an onboarded Linux server 
+
+
+```bash
+curl -o ~/Downloads/MDE Linux DIY.zip https://aka.ms/LinuxDIY
+```
+
+1. Extract the zip 
+
+```bash
+unzip ~/Downloads/MDE Linux DIY.zip
+```
+
+1. And run the following command: 
+
+```bash
+./mde_linux_edr_diy.sh
+```
+
+After a few minutes, a detection should be raised in Microsoft Defender XDR.
+
+3. Look at the alert details, machine timeline, and perform your typical investigation steps.
+
+### macOS
+
 1. In your browser, Microsoft Edge for Mac or Safari, download *MDATP MacOS DIY.zip* from [https://aka.ms/mdatpmacosdiy](https://aka.ms/mdatpmacosdiy) and extract.
 
       The following prompt appears:
@@ -45,7 +101,7 @@ Run an EDR detection test to verify that the device is properly onboarded and re
    >
    > > **"MDATP MacOS DIY" cannot be opened because the developer cannot be verifier.**<br/>
    > > macOS cannot verify that this app is free from malware.<br/>
-   > > **\[Move to Trash\]** **\[Cancel\]**
+   > > **[Move to Trash]** **[Cancel]**
 
 7. Click **Cancel**.