From 94543435e6783db31fc0b9b630cb8a532b880a74 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha Date: Mon, 1 Mar 2021 14:28:24 +0530 Subject: [PATCH 01/14] Update network-protection.md update per 4906123 --- .../microsoft-defender-atp/network-protection.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/network-protection.md b/windows/security/threat-protection/microsoft-defender-atp/network-protection.md index 065da4f483..c5ffa6ec3a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/network-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/network-protection.md @@ -45,6 +45,9 @@ When network protection blocks a connection, a notification will be displayed fr You can also use [audit mode](audit-windows-defender.md) to evaluate how Network protection would impact your organization if it were enabled. +> [!NOTE] +> If network protection is enabled and platform updates are managed, it could cause some systems to lose network connectivity if their systems aren't updated. As a result, some devices might lose network connectivity.In a managed environment, make sure that configuration manager Auto deployment rule is updating the platform. Make sure this is fully deployed to all clients before turning on network protection. + ## Requirements Network protection requires Windows 10 Pro or Enterprise, and Microsoft Defender Antivirus real-time protection. From e1886b03a7d332ddb61d9776725d23996041e4eb Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Tue, 9 Mar 2021 18:00:11 -0800 Subject: [PATCH 02/14] Restore ios-whatsnew.md from PR 9225 --- .../microsoft-defender-atp/ios-whatsnew.md | 36 +++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/ios-whatsnew.md diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/ios-whatsnew.md new file mode 100644 index 0000000000..b8d75b40e7 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-whatsnew.md @@ -0,0 +1,36 @@ +--- +title: What's new in Microsoft Defender for Endpoint for iOS +description: Learn about the major changes for previous versions of Microsoft Defender for Endpoint for iOS. +keywords: microsoft, defender, atp, mac, installation, macos, whatsnew +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: m365-security +ms.mktglfcycl: security +ms.sitesec: library +ms.pagetype: security +ms.author: sunasing +author: sunasing +ms.localizationpriority: medium +manager: sunasing +audience: ITPro +ms.collection: + - m365-security-compliance + - m365initiative-defender-endpoint +ms.topic: conceptual +ms.technology: mde +--- + +# What's new in Microsoft Defender for Endpoint for iOS + +[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] + +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) + +Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +## 1.1.15010101 + +- With this version, we are announcing support for iPadOS/iPad devices. +- Bug fixes. From 2953122c4f793002b0df0666a5d5237d589a2f71 Mon Sep 17 00:00:00 2001 From: adirdidi <68847945+adirdidi@users.noreply.github.com> Date: Wed, 10 Mar 2021 16:00:12 +0200 Subject: [PATCH 03/14] Update gov.md 1. Linux, macOS and integration with third-party products is rolling out. 2. Email notifications are now available in all Gov clouds. --- .../threat-protection/microsoft-defender-atp/gov.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/gov.md b/windows/security/threat-protection/microsoft-defender-atp/gov.md index f94220e3bd..7aabf92500 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/gov.md +++ b/windows/security/threat-protection/microsoft-defender-atp/gov.md @@ -86,8 +86,8 @@ Windows 8.1 Enterprise | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/ Windows 8 Pro | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) Windows 7 SP1 Enterprise | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) Windows 7 SP1 Pro | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) -Linux | ![No](../images/svg/check-no.svg) In development | ![No](../images/svg/check-no.svg) In development | ![No](../images/svg/check-no.svg) In development -macOS | ![No](../images/svg/check-no.svg) In development | ![No](../images/svg/check-no.svg) In development | ![No](../images/svg/check-no.svg) In development +Linux | ![No](../images/svg/check-no.svg) Rolling out | ![No](../images/svg/check-no.svg) Rolling out | ![No](../images/svg/check-no.svg) Rolling out +macOS | ![No](../images/svg/check-no.svg) Rolling out | ![No](../images/svg/check-no.svg) Rolling out | ![No](../images/svg/check-no.svg) Rolling out Android | ![No](../images/svg/check-no.svg) On engineering backlog | ![No](../images/svg/check-no.svg) On engineering backlog | ![No](../images/svg/check-no.svg) On engineering backlog iOS | ![No](../images/svg/check-no.svg) On engineering backlog | ![No](../images/svg/check-no.svg) On engineering backlog | ![No](../images/svg/check-no.svg) On engineering backlog @@ -140,16 +140,16 @@ SIEM | `https://wdatp-alertexporter-us.gcc.securitycenter.windows.us` | `https:/ ## Feature parity with commercial Defender for Endpoint doesn't have complete parity with the commercial offering. While our goal is to deliver all commercial features and functionality to our US Government customers, there are some capabilities not yet available we want to highlight. -These are the known gaps as of February 2021: +These are the known gaps as of March 2021: Feature name | GCC | GCC High | DoD (PREVIEW) :---|:---|:---|:--- Automated investigation and remediation: Live response | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) Automated investigation and remediation: Response to Office 365 alerts | ![No](../images/svg/check-no.svg) On engineering backlog | ![No](../images/svg/check-no.svg) On engineering backlog | ![No](../images/svg/check-no.svg) On engineering backlog -Email notifications | ![No](../images/svg/check-no.svg) Rolling out | ![No](../images/svg/check-no.svg) Rolling out | ![No](../images/svg/check-no.svg) Rolling out +Email notifications | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) Evaluation lab | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) Management and APIs: Device health and compliance report | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) -Management and APIs: Integration with third-party products | ![No](../images/svg/check-no.svg) In development | ![No](../images/svg/check-no.svg) In development | ![No](../images/svg/check-no.svg) In development +Management and APIs: Integration with third-party products | ![No](../images/svg/check-no.svg) Rolling out | ![No](../images/svg/check-no.svg) Rolling out | ![No](../images/svg/check-no.svg) Rolling out Management and APIs: Streaming API | ![Yes](../images/svg/check-yes.svg) | ![No](../images/svg/check-no.svg) In development | ![No](../images/svg/check-no.svg) In development Management and APIs: Threat protection report | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) Threat & vulnerability management | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) From a59ffeda7300f2226f2557ee36324114ce01c857 Mon Sep 17 00:00:00 2001 From: adirdidi <68847945+adirdidi@users.noreply.github.com> Date: Wed, 10 Mar 2021 16:19:57 +0200 Subject: [PATCH 04/14] Update gov.md Adding M365 G5 DoD bundles. --- .../security/threat-protection/microsoft-defender-atp/gov.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/gov.md b/windows/security/threat-protection/microsoft-defender-atp/gov.md index 7aabf92500..ad6e8b4bf1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/gov.md +++ b/windows/security/threat-protection/microsoft-defender-atp/gov.md @@ -37,8 +37,8 @@ Microsoft Defender for Endpoint for US Government customers requires one of the GCC | GCC High | DoD :---|:---|:--- Windows 10 Enterprise E5 GCC | Windows 10 Enterprise E5 for GCC High | Windows 10 Enterprise E5 for DOD -| | Microsoft 365 E5 for GCC High | -| | Microsoft 365 G5 Security for GCC High | +| | Microsoft 365 E5 for GCC High | Microsoft 365 G5 for DOD +| | Microsoft 365 G5 Security for GCC High | Microsoft 365 G5 Security for DOD Microsoft Defender for Endpoint - GCC | Microsoft Defender for Endpoint for GCC High | Microsoft Defender for Endpoint for DOD ### Server licensing From 6a0988c538d510dfb9206fa45efa0dfe07a30349 Mon Sep 17 00:00:00 2001 From: adirdidi <68847945+adirdidi@users.noreply.github.com> Date: Wed, 10 Mar 2021 18:57:31 +0200 Subject: [PATCH 05/14] Update production-deployment.md Updating the Azure link + region names. --- .../production-deployment.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md index 700cdefdad..e159ac7939 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md +++ b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md @@ -235,15 +235,15 @@ If you network devices don't support the URLs listed in the prior section, you c Defender for Endpoint is built on Azure cloud, deployed in the following regions: -- \+\ -- \+\ -- \+\ -- \+\ -- \+\ -- \+\ -- \+\ +- AzureCloud.eastus +- AzureCloud.eastus2 +- AzureCloud.westcentralus +- AzureCloud.northeurope +- AzureCloud.westeurope +- AzureCloud.uksouth +- AzureCloud.ukwest -You can find the Azure IP range on [Microsoft Azure Datacenter IP Ranges](https://www.microsoft.com/en-us/download/details.aspx?id=41653). +You can find the Azure IP range on [Azure IP Ranges and Service Tags – Public Cloud](https://www.microsoft.com/download/details.aspx?id=56519). > [!NOTE] > As a cloud-based solution, the IP address range can change. It's recommended you move to DNS resolving setting. From 0d5061428d4cf41db999287f3ad24b65735cbc8f Mon Sep 17 00:00:00 2001 From: adirdidi <68847945+adirdidi@users.noreply.github.com> Date: Wed, 10 Mar 2021 19:07:07 +0200 Subject: [PATCH 06/14] Update production-deployment.md Acrolinx. --- .../production-deployment.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md index e159ac7939..c889aafd8f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md +++ b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md @@ -1,6 +1,6 @@ --- -title: Set up Microsoft Defender ATP deployment -description: Learn how to setup the deployment for Microsoft Defender ATP +title: Set up Microsoft Defender for Endpoint deployment +description: Learn how to set up the deployment for Microsoft Defender for Endpoint keywords: deploy, setup, licensing validation, tenant configuration, network configuration search.product: eADQiWindows 10XVcnh search.appverid: met150 @@ -47,7 +47,7 @@ In this deployment scenario, you'll be guided through the steps on: >[!NOTE] ->For the purpose of guiding you through a typical deployment, this scenario will only cover the use of Microsoft Endpoint Configuration Manager. Defender for Endpoint supports the use of other onboarding tools but will not cover those scenarios in the deployment guide. For more information, see [Onboard devices to Microsoft Defender for Endpoint](onboard-configure.md). +>For the purpose of guiding you through a typical deployment, this scenario will only cover the use of Microsoft Endpoint Configuration Manager. Defender for Endpoint supports the use of other onboarding tools but won't cover those scenarios in the deployment guide. For more information, see [Onboard devices to Microsoft Defender for Endpoint](onboard-configure.md). ## Check license state @@ -59,7 +59,7 @@ Checking for the license state and whether it got properly provisioned, can be d 1. Alternately, in the admin center, navigate to **Billing** > **Subscriptions**. - On the screen, you will see all the provisioned licenses and their current **Status**. + On the screen, you'll see all the provisioned licenses and their current **Status**. ![Image of billing licenses](images/atp-billing-subscriptions.png) @@ -93,7 +93,7 @@ When accessing Microsoft Defender Security Center for the first time, a wizard t 4. Set up preferences. - **Data storage location** - It's important to set this up correctly. Determine where the customer wants to be primarily hosted: US, EU, or UK. You cannot change the location after this set up and Microsoft will not transfer the data from the specified geolocation. + **Data storage location** - It's important to set this up correctly. Determine where the customer wants to be primarily hosted: US, EU, or UK. You can't change the location after this set up and Microsoft won't transfer the data from the specified geolocation. **Data retention** - The default is six months. @@ -109,7 +109,7 @@ When accessing Microsoft Defender Security Center for the first time, a wizard t ## Network configuration -If the organization does not require the endpoints to use a Proxy to access the +If the organization doesn't require the endpoints to use a Proxy to access the Internet, skip this section. The Microsoft Defender for Endpoint sensor requires Microsoft Windows HTTP (WinHTTP) to @@ -127,12 +127,12 @@ the following discovery methods: - Web Proxy Autodiscovery Protocol (WPAD) -If a Transparent proxy or WPAD has been implemented in the network topology, +If a Transparent proxy or WPAD has been implemented in the network topology, there is no need for special configuration settings. For more information on Microsoft Defender for Endpoint URL exclusions in the proxy, see the Appendix section in this document for the URLs allow list or on [Microsoft -Docs](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection#enable-access-to-windows-defender-atp-service-urls-in-the-proxy-server). +Docs](configure-proxy-internet.md#enable-access-to-microsoft-defender-for-endpoint-service-urls-in-the-proxy-server). > [!NOTE] > For a detailed list of URLs that need to be allowed, please see [this article](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus). From efc0f56eceeae915f143a95938c9de2933c63742 Mon Sep 17 00:00:00 2001 From: adirdidi <68847945+adirdidi@users.noreply.github.com> Date: Wed, 10 Mar 2021 19:17:24 +0200 Subject: [PATCH 07/14] Update production-deployment.md --- .../microsoft-defender-atp/production-deployment.md | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md index c889aafd8f..6843a5298e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md +++ b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md @@ -130,12 +130,8 @@ the following discovery methods: If a Transparent proxy or WPAD has been implemented in the network topology, there is no need for special configuration settings. For more information on Microsoft Defender for Endpoint URL exclusions in the proxy, see the -Appendix section in this document for the URLs allow list or on -[Microsoft -Docs](configure-proxy-internet.md#enable-access-to-microsoft-defender-for-endpoint-service-urls-in-the-proxy-server). - -> [!NOTE] -> For a detailed list of URLs that need to be allowed, please see [this article](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus). +[Proxy Service URLs](production-deployment.md#proxy-service-urls) section in this document for the URLs allow list or on +[Configure device proxy and Internet connectivity settings](configure-proxy-internet.md#enable-access-to-microsoft-defender-for-endpoint-service-urls-in-the-proxy-server). **Manual static proxy configuration:** From 799359c4dd4b62e9b7e43da6153db58dc8408aa7 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Wed, 10 Mar 2021 09:17:35 -0800 Subject: [PATCH 08/14] Update network-protection.md --- .../microsoft-defender-atp/network-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/network-protection.md b/windows/security/threat-protection/microsoft-defender-atp/network-protection.md index b0dd0411a8..7ff00a13e3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/network-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/network-protection.md @@ -44,7 +44,7 @@ When network protection blocks a connection, a notification is displayed from th You can also use [audit mode](audit-windows-defender.md) to evaluate how network protection would impact your organization if it were enabled. > [!NOTE] -> If network protection is enabled and platform updates are managed, it could cause some systems to lose network connectivity if their systems aren't updated. As a result, some devices might lose network connectivity.In a managed environment, make sure that configuration manager Auto deployment rule is updating the platform. Make sure this is fully deployed to all clients before turning on network protection. +> If network protection is enabled and platform updates are managed, it could cause some systems to lose network connectivity if their systems aren't updated. As a result, some devices might lose network connectivity. In a managed environment, make sure that Configuration Manager auto deployment rule is updating the platform. Make sure this is fully deployed to all clients before turning on network protection. ## Requirements From bf4750b522b8cce3d89783192562243db56e8a0e Mon Sep 17 00:00:00 2001 From: adirdidi <68847945+adirdidi@users.noreply.github.com> Date: Wed, 10 Mar 2021 19:34:06 +0200 Subject: [PATCH 09/14] Update gov.md --- .../microsoft-defender-atp/gov.md | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/gov.md b/windows/security/threat-protection/microsoft-defender-atp/gov.md index ad6e8b4bf1..985f1d4595 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/gov.md +++ b/windows/security/threat-protection/microsoft-defender-atp/gov.md @@ -23,7 +23,7 @@ ms.technology: mde **Applies to:** - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) -Microsoft Defender for Endpoint for US Government customers, built in the US Azure Government environment, uses the same underlying technologies as Defender for Endpoint in Azure Commercial. +Microsoft Defender for Endpoint for US Government customers, built in the Azure US Government environment, uses the same underlying technologies as Defender for Endpoint in Azure Commercial. This offering is available to GCC, GCC High, and DoD customers and is based on the same prevention, detection, investigation, and remediation as the commercial version. However, there are some differences in the availability of capabilities for this offering. @@ -124,6 +124,20 @@ For more information, see [Configure device proxy and Internet connectivity sett > > When filtering, look for the records labeled as "US Gov" and your specific cloud under the geography column. +### Service backend IP ranges + +If your network devices don't support DNS rules and you can't use the URLs listed in the spreadsheet above, use IP ranges instead. + +Defender for Endpoint for US Government customers is built in the Azure US Government environment, deployed in the following regions: + +- AzureCloud.usgovtexas +- AzureCloud.usgovvirginia + +You can find the Azure IP ranges in [Azure IP Ranges and Service Tags – US Government Cloud](https://www.microsoft.com/download/details.aspx?id=57063). + +> [!NOTE] +> As a cloud-based solution, the IP address ranges can change. It's recommended you move to a DNS resolving setting. +
## API @@ -138,7 +152,7 @@ SIEM | `https://wdatp-alertexporter-us.gcc.securitycenter.windows.us` | `https:/
## Feature parity with commercial -Defender for Endpoint doesn't have complete parity with the commercial offering. While our goal is to deliver all commercial features and functionality to our US Government customers, there are some capabilities not yet available we want to highlight. +Defender for Endpoint for US Government customers doesn't have complete parity with the commercial offering. While our goal is to deliver all commercial features and functionality to our US Government customers, there are some capabilities not yet available we want to highlight. These are the known gaps as of March 2021: From 8e64878b239d79c2c073080752729eaa96b2c9b0 Mon Sep 17 00:00:00 2001 From: adirdidi <68847945+adirdidi@users.noreply.github.com> Date: Wed, 10 Mar 2021 19:39:18 +0200 Subject: [PATCH 10/14] Update gov.md --- .../security/threat-protection/microsoft-defender-atp/gov.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/gov.md b/windows/security/threat-protection/microsoft-defender-atp/gov.md index 985f1d4595..3a35ff95fa 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/gov.md +++ b/windows/security/threat-protection/microsoft-defender-atp/gov.md @@ -126,7 +126,7 @@ For more information, see [Configure device proxy and Internet connectivity sett ### Service backend IP ranges -If your network devices don't support DNS rules and you can't use the URLs listed in the spreadsheet above, use IP ranges instead. +If your network devices don't support DNS-based rules, use IP ranges instead. Defender for Endpoint for US Government customers is built in the Azure US Government environment, deployed in the following regions: From 91b644f5abc8aa85b18d3a959deb756419897db7 Mon Sep 17 00:00:00 2001 From: adirdidi <68847945+adirdidi@users.noreply.github.com> Date: Wed, 10 Mar 2021 19:44:16 +0200 Subject: [PATCH 11/14] Update gov.md --- .../security/threat-protection/microsoft-defender-atp/gov.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/gov.md b/windows/security/threat-protection/microsoft-defender-atp/gov.md index 3a35ff95fa..e4709b7cc2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/gov.md +++ b/windows/security/threat-protection/microsoft-defender-atp/gov.md @@ -136,7 +136,7 @@ Defender for Endpoint for US Government customers is built in the Azure US Gover You can find the Azure IP ranges in [Azure IP Ranges and Service Tags – US Government Cloud](https://www.microsoft.com/download/details.aspx?id=57063). > [!NOTE] -> As a cloud-based solution, the IP address ranges can change. It's recommended you move to a DNS resolving setting. +> As a cloud-based solution, the IP address ranges can change. It's recommended you move to a DNS-based rules.
From 3fa9f998c30481dea4158f7b93cc8120a582a2b0 Mon Sep 17 00:00:00 2001 From: adirdidi <68847945+adirdidi@users.noreply.github.com> Date: Wed, 10 Mar 2021 19:47:20 +0200 Subject: [PATCH 12/14] Update production-deployment.md --- .../microsoft-defender-atp/production-deployment.md | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md index 6843a5298e..3abbeec81e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md +++ b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md @@ -225,11 +225,11 @@ The following downloadable spreadsheet lists the services and their associated U |![Thumb image for Microsoft Defender for Endpoint URLs spreadsheet](images/mdatp-urls.png)
| Spreadsheet of specific DNS records for service locations, geographic locations, and OS.

[Download the spreadsheet here.](https://download.microsoft.com/download/8/a/5/8a51eee5-cd02-431c-9d78-a58b7f77c070/mde-urls.xlsx) -### Microsoft Defender for Endpoint service backend IP range +### Microsoft Defender for Endpoint service backend IP ranges -If you network devices don't support the URLs listed in the prior section, you can use the following information. +If your network devices don't support DNS-based rules, use IP ranges instead. -Defender for Endpoint is built on Azure cloud, deployed in the following regions: +Defender for Endpoint is built in Azure cloud, deployed in the following regions: - AzureCloud.eastus - AzureCloud.eastus2 @@ -239,10 +239,13 @@ Defender for Endpoint is built on Azure cloud, deployed in the following regions - AzureCloud.uksouth - AzureCloud.ukwest -You can find the Azure IP range on [Azure IP Ranges and Service Tags – Public Cloud](https://www.microsoft.com/download/details.aspx?id=56519). +You can find the Azure IP ranges in [Azure IP Ranges and Service Tags – Public Cloud](https://www.microsoft.com/download/details.aspx?id=56519). > [!NOTE] -> As a cloud-based solution, the IP address range can change. It's recommended you move to DNS resolving setting. +> As a cloud-based solution, the IP address ranges can change. It's recommended you move to a DNS-based rules. + +> [!NOTE] +> If you are a US Government customer, please see the corresponding section in the [Defender for Endpoint for US Government](gov.md#service-backend-ip-ranges) page. ## Next step From 0943de90581534c2bd10e626df26f73031ac6ab4 Mon Sep 17 00:00:00 2001 From: adirdidi <68847945+adirdidi@users.noreply.github.com> Date: Wed, 10 Mar 2021 19:47:50 +0200 Subject: [PATCH 13/14] Update gov.md --- .../security/threat-protection/microsoft-defender-atp/gov.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/gov.md b/windows/security/threat-protection/microsoft-defender-atp/gov.md index e4709b7cc2..e40a3ed5d3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/gov.md +++ b/windows/security/threat-protection/microsoft-defender-atp/gov.md @@ -136,7 +136,7 @@ Defender for Endpoint for US Government customers is built in the Azure US Gover You can find the Azure IP ranges in [Azure IP Ranges and Service Tags – US Government Cloud](https://www.microsoft.com/download/details.aspx?id=57063). > [!NOTE] -> As a cloud-based solution, the IP address ranges can change. It's recommended you move to a DNS-based rules. +> As a cloud-based solution, the IP address ranges can change. It's recommended you move to DNS-based rules.
From 9b5ce2ca19d56ba9e3265dc1656fa12033abadcd Mon Sep 17 00:00:00 2001 From: adirdidi <68847945+adirdidi@users.noreply.github.com> Date: Wed, 10 Mar 2021 19:48:14 +0200 Subject: [PATCH 14/14] Update production-deployment.md --- .../microsoft-defender-atp/production-deployment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md index 3abbeec81e..5a69318c36 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md +++ b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md @@ -242,7 +242,7 @@ Defender for Endpoint is built in Azure cloud, deployed in the following regions You can find the Azure IP ranges in [Azure IP Ranges and Service Tags – Public Cloud](https://www.microsoft.com/download/details.aspx?id=56519). > [!NOTE] -> As a cloud-based solution, the IP address ranges can change. It's recommended you move to a DNS-based rules. +> As a cloud-based solution, the IP address ranges can change. It's recommended you move to DNS-based rules. > [!NOTE] > If you are a US Government customer, please see the corresponding section in the [Defender for Endpoint for US Government](gov.md#service-backend-ip-ranges) page.