Merge pull request #8806 from BenAlfasi/patch-6

Update edr-in-block-mode.md
2025-06-18 20:03:40 +00:00 · 2020-12-14 09:56:21 -08:00
parent 8e0b899ef6 6c4c19be60
commit 8633c11341
3 changed files with 13 additions and 19 deletions
--- a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md
@ -15,7 +15,7 @@ ms.localizationpriority: medium
 ms.custom: 
 - next-gen
 - edr
-ms.date: 12/10/2020
+ms.date: 12/14/2020
 ms.collection: 
 - m365-security-compliance 
 - m365initiative-defender-endpoint 
@ -43,7 +43,7 @@ EDR in block mode is also integrated with [threat & vulnerability management](ht

 ## What happens when something is detected?

-When EDR in block mode is turned on, and a malicious artifact is detected, blocking and remediation actions are taken. You'll see detection status as **Blocked** or **Remediated** as completed actions in the [Action center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts#check-activity-details-in-action-center).
+When EDR in block mode is turned on, and a malicious artifact is detected, blocking and remediation actions are taken. You'll see detection status as **Blocked** or **Prevented** as completed actions in the [Action center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts#check-activity-details-in-action-center).

 The following image shows an instance of unwanted software that was detected and blocked through EDR in block mode:

@ -83,11 +83,11 @@ The following image shows an instance of unwanted software that was detected and

 ### Do I need to turn EDR in block mode on even when I have Microsoft Defender Antivirus running on devices?

-We recommend keeping EDR in block mode on, whether Microsoft Defender Antivirus is running in passive mode or in active mode. EDR in block mode gives you an added layer of defense with Microsoft Defender for Endpoint. It allows Microsoft Defender for Endpoint to take actions based on post-breach behavioral EDR detections. 
+We recommend keeping EDR in block mode on, whether Microsoft Defender Antivirus is running in passive mode or in active mode. EDR in block mode gives you an added layer of defense with Microsoft Defender for Endpoint. It allows Defender for Endpoint to take actions based on post-breach behavioral EDR detections. 

 ### Will EDR in block mode have any impact on a user's antivirus protection? 

-No. EDR in block mode does not affect third-party antivirus protection running on users' devices. EDR in block mode kicks in if the primary antivirus solution misses something, or if there is a post-breach detection. EDR in block mode works just like [Microsoft Defender Antivirus in passive mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility#functionality-and-features-available-in-each-state), with the additional steps of blocking and remediating malicious artifacts or behaviors that are detected. 
+EDR in block mode does not affect third-party antivirus protection running on users' devices. EDR in block mode works if the primary antivirus solution misses something, or if there is a post-breach detection. EDR in block mode works just like [Microsoft Defender Antivirus in passive mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility#functionality-and-features-available-in-each-state), with the additional steps of blocking and remediating malicious artifacts or behaviors that are detected. 

 ### Why do I need to keep Microsoft Defender Antivirus up to date? 

@ -99,9 +99,7 @@ Cloud protection is needed to turn on the feature on the device. Cloud protectio

 ## See also

-[Tech Community blog: Introducing EDR in block mode: Stopping attacks in their tracks](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/introducing-edr-in-block-mode-stopping-attacks-in-their-tracks/ba-p/1596617)
-
-[Behavioral blocking and containment](behavioral-blocking-containment.md)
-
-[Better together: Microsoft Defender Antivirus and Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-antivirus)
+- [Tech Community blog: Introducing EDR in block mode: Stopping attacks in their tracks](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/introducing-edr-in-block-mode-stopping-attacks-in-their-tracks/ba-p/1596617)
+- [Behavioral blocking and containment](behavioral-blocking-containment.md)
+- [Better together: Microsoft Defender Antivirus and Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-antivirus)

--- a/windows/security/threat-protection/microsoft-defender-atp/get-started-partner-integration.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-started-partner-integration.md
@ -52,16 +52,12 @@ To have your company listed as a partner in the in-product partner page, you wil
 6. Include the User-Agent field in each API call made to Microsoft Defender for Endpoint public set of APIs or Graph Security APIs. This will be used for statistical purposes, troubleshooting, and partner recognition. In addition, this step is a requirement for membership in Microsoft Intelligent Security Association (MISA).

    Follow these steps:
-    1.	Identify a name adhering to the following nomenclature that includes your company name and the Microsoft Defender for Endpoint-integrated product with the version of the product that includes this integration. 
-      - ISV Nomenclature: `MdatpPartner-{CompanyName}-{ProductName}/{Version}`
-      - Security partner Nomenclature: `MdatpPartner-{CompanyName}-{ProductName}/{TenantID}` 
-
-
-   	- Set the User-Agent field in each HTTP request header to the name based on the Following nomenclature.
-
-    - `MsdePartner-{CompanyName}-{ProductName}/{Version}`
    
-    - For example, User-Agent: `MdatpPartner-Contoso-ContosoCognito/1.0.0`
+   	- Set the User-Agent field in each HTTP request header to the below format.
+
+    - `MdePartner-{CompanyName}-{ProductName}/{Version}`
+    
+    - For example, User-Agent: `MdePartner-Contoso-ContosoCognito/1.0.0`
    
    - For more information, see [RFC 2616 section-14.43](https://tools.ietf.org/html/rfc2616#section-14.43).

--- a/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md
@ -46,7 +46,7 @@ Clicking on an alert's name in Defender for Endpoint will land you on its alert

 ![An alert page when you first land on it](images/alert-landing-view.png)

-Note the detection status for your alert. Blocked, prevented, or remediated means actions were already taken by Defender for Endpoint.
+Note the detection status for your alert. Blocked, or prevented means actions were already taken by Defender for Endpoint.
 Start by reviewing the *automated investigation details* in your alert's [details pane](#take-action-from-the-details-pane), to see which actions were already taken, as well as reading the alert's description for recommended actions.

 ![A snippet of the details pane with the alert description and automatic investigation sections highlighted](images/alert-air-and-alert-description.png)