Merge branch 'master' into repo_sync_working_branch

windows/security/threat-protection/TOC.md

@@ -536,7 +536,8 @@
 ####### [Alert methods and properties](microsoft-defender-atp/alerts.md)
 ####### [List alerts](microsoft-defender-atp/get-alerts.md)
 ####### [Create alert](microsoft-defender-atp/create-alert-by-reference.md)
-####### [Update Alert](microsoft-defender-atp/update-alert.md)
+####### [Update alert](microsoft-defender-atp/update-alert.md)
+####### [Batch update alert](microsoft-defender-atp/batch-update-alerts.md)
 ####### [Get alert information by ID](microsoft-defender-atp/get-alert-info-by-id.md)
 ####### [Get alert related domains information](microsoft-defender-atp/get-alert-related-domain-info.md)
 ####### [Get alert related file information](microsoft-defender-atp/get-alert-related-files-info.md)

windows/security/threat-protection/microsoft-defender-atp/batch-update-alerts.md

@@ -0,0 +1,108 @@
+---
+title: Batch Update alert entities API
+description: Learn how to update Microsoft Defender for Endpoint alerts in a batch by using this API. You can update the status, determination, classification, and assignedTo properties.
+keywords: apis, graph api, supported apis, get, alert, information, id
+search.product: eADQiWindows 10XVcnh
+ms.prod: m365-security
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: article
+ms.technology: mde
+---
+
+# Batch update alerts
+
+[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
+
+
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+
+[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
+
+[!include[Improve request performance](../../includes/improve-request-performance.md)]
+
+
+## API description
+Updates properties of a batch of existing [Alerts](alerts.md).
+<br>Submission of **comment** is available with or without updating properties.
+<br>Updatable properties are: `status`, `determination`, `classification` and `assignedTo`.
+
+
+## Limitations
+1. You can update alerts that are available in the API. See [List Alerts](get-alerts.md) for more information.
+2. Rate limitations for this API are 10 calls per minute and 500 calls per hour.
+
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md)
+
+Permission type |	Permission	|	Permission display name
+:---|:---|:---
+Application |	Alerts.ReadWrite.All |	'Read and write all alerts'
+Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
+
+>[!Note]
+> When obtaining a token using user credentials:
+>- The user needs to have at least the following role permission: 'Alerts investigation' (See [Create and manage roles](user-roles.md) for more information)
+>- The user needs to have access to the device associated with the alert, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)
+
+## HTTP request
+```http
+POST /api/alerts/batchUpdate
+```
+
+## Request headers
+
+Name | Type | Description
+:---|:---|:---
+Authorization | String | Bearer {token}. **Required**.
+Content-Type | String | application/json. **Required**.
+
+
+## Request body
+In the request body, supply the IDs of the alerts to be updated and the values of the relevant fields that you wish to update for these alerts.
+<br>Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values. 
+<br>For best performance you shouldn't include existing values that haven't changed.
+
+Property | Type | Description
+:---|:---|:---
+alertIds | List&lt;String&gt;| A list of the IDs of the alerts to be updated. **Required**
+status | String | Specifies the updated status of the specified alerts. The property values are: 'New', 'InProgress' and 'Resolved'.
+assignedTo | String | Owner of the specified alerts
+classification | String | Specifies the specification of the specified alerts. The property values are: 'Unknown', 'FalsePositive', 'TruePositive'. 
+determination | String | Specifies the determination of the specified alerts. The property values are: 'NotAvailable', 'Apt', 'Malware', 'SecurityPersonnel', 'SecurityTesting', 'UnwantedSoftware', 'Other'
+comment | String | Comment to be added to the specified alerts.
+
+## Response
+If successful, this method returns 200 OK, with an empty response body.
+
+
+## Example
+
+**Request**
+
+Here is an example of the request.
+
+```http
+POST https://api.securitycenter.microsoft.com/api/alerts/batchUpdate
+```
+
+```json
+{
+    "alertIds": ["da637399794050273582_760707377", "da637399989469816469_51697947354"],
+    "status": "Resolved",
+    "assignedTo": "secop2@contoso.com",
+    "classification": "FalsePositive",
+    "determination": "Malware",
+    "comment": "Resolve my alert and assign to secop2"
+}
+```

windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md

@@ -27,8 +27,6 @@ ms.technology: mde
 **Applies to:**
 - Virtual desktop infrastructure (VDI) devices
 
->[!WARNING]
-> Microsoft Defender for Endpoint support for Windows Virtual Desktop multi-user scenarios is currently in Preview and limited up to 25 concurrent sessions per host/VM. However single session scenarios on Windows Virtual Desktop are fully supported.
 
 >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configvdi-abovefoldlink)
 

windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md

@@ -30,7 +30,11 @@ ms.technology: mde
 > [!IMPORTANT]
 > Support for macOS 10.13 (High Sierra) will be discontinued on February 15th, 2021.
 
-## 101.19.48
+## 101.19.88 (20.121011.11988.0)
+
+- Performance improvements & bug fixes
+
+## 101.19.48 (20.120121.11948.0)
 
 > [!NOTE]
 > The old command-line tool syntax has been deprecated with this release. For information on the new syntax, see [Resources](mac-resources.md#configuring-from-the-command-line).
@@ -38,17 +42,17 @@ ms.technology: mde
 - Added a new command-line switch to disable the network extension: `mdatp system-extension network-filter disable`. This command can be useful to troubleshoot networking issues that could be related to Microsoft Defender for Endpoint for Mac
 - Performance improvements & bug fixes
 
-## 101.19.21
+## 101.19.21 (20.120101.11921.0)
 
 - Bug fixes
 
-## 101.15.26
+## 101.15.26 (20.120102.11526.0)
 
 - Improved the reliability of the agent when running on macOS 11 Big Sur
 - Added a new command-line switch (`--ignore-exclusions`) to ignore AV exclusions during custom scans (`mdatp scan custom`)
 - Performance improvements & bug fixes
 
-## 101.13.75
+## 101.13.75 (20.120101.11375.0)
 
 - Removed conditions when Microsoft Defender for Endpoint was triggering a macOS 11 (Big Sur) bug that manifests into a kernel panic
 - Fixed a memory leak in the Endpoint Security system extension when running on mac 11 (Big Sur)