diff --git a/memdocs/intune/protect/mde-security-integration.md b/memdocs/intune/protect/mde-security-integration.md index 32a7139696..2c9c5b09af 100644 --- a/memdocs/intune/protect/mde-security-integration.md +++ b/memdocs/intune/protect/mde-security-integration.md @@ -304,7 +304,7 @@ To support use with Microsoft Defender security settings management, your polici - **[Firewall](endpoint-security-firewall-policy.md)** policies focus on the Defender firewall on your devices. -- **Firewall Rules** are a type of profile for [Firewall](endpoint-security-firewall-policy.md) policy that are comprised of are granular rules for Firewalls, including specific ports, protocols, applications, and networks. +- **Firewall Rules** are a type of profile for [Firewall](endpoint-security-firewall-policy.md) policy that is comprised of granular rules for Firewalls, including specific ports, protocols, applications, and networks. ## Configure your tenant to support Defender for Endpoint security settings management @@ -326,10 +326,6 @@ In the Microsoft Defender portal, as a security administrator: 2. Initially, we recommend testing the feature for each platform by selecting the platforms option for **On tagged devices**, and then tagging the devices with the `MDE-Management` tag. - > [!IMPORTANT] - > - > Use of [*Microsoft Defender for Endpoint's Dynamic tag capability*](/microsoft-365/security/defender/configure-asset-rules?view=o365-worldwide&preserve-view=true) to tag devices with *MDE-Management* isn't currently supported with security settings management. Devices tagged through this capability won't successfully enroll. This issue remains under investigation. - > [!TIP] > > Use the proper device tags to test and validate your rollout on a small number of devices. @@ -413,7 +409,7 @@ You can create groups for these devices [in Microsoft Entra](/azure/active-direc > Custom scripts and [Microsoft Entra dynamic device groups](/azure/active-directory/enterprise-users/groups-dynamic-membership) created before this change that specify rules that reference only *Windows* might exclude *Windows Servers* when used with the Security Management for Microsoft Defender for Endpoint solution. For example: > > - If you have a rule that uses the `equals` or `not equals` operator to identify *Windows*, this change will affect your rule. That is because previously both *Windows* and *Windows Server* were reported as *Windows*. To continue to include both, you must update the rule to also reference *Windows Server*. -> - If you have a rule that use the `contains` or `like` operator to specify *Windows*, then the rule won't be affected by this change. These operators can find both *Windows* and *Windows Server*. +> - If you have a rule that uses the `contains` or `like` operator to specify *Windows*, then the rule won't be affected by this change. These operators can find both *Windows* and *Windows Server*. > [!TIP] > diff --git a/memdocs/intune/protect/security-baselines.md b/memdocs/intune/protect/security-baselines.md index d5336636fd..b52ddc1169 100644 --- a/memdocs/intune/protect/security-baselines.md +++ b/memdocs/intune/protect/security-baselines.md @@ -138,7 +138,7 @@ You can view the list of available baselines in the [Microsoft Intune admin cent To view more information about the baseline versions you use, select a baseline type, like *Security Baseline for Windows 10 and later* to open its *Profiles* pane, and then select **Versions**. Intune displays details about the versions of that baseline that are in use by your profiles. The details include the most recent and current baseline version. You can select a single version to view deeper details about the profiles that use that version. -You can choose to [change of the version](../protect/security-baselines-configure.md#update-a-profile-to-the-latest-version) of a baseline that's in use with a given profile. When you change the version, you don't have to create a new baseline profile to take advantage of updated versions. Instead you can select a baseline profile and use the built-in option to change the instance version for that profile to a new one. +You can choose to [change the version](../protect/security-baselines-configure.md#update-a-profile-to-the-latest-version) of a baseline that's in use with a given profile. When you change the version, you don't have to create a new baseline profile to take advantage of updated versions. Instead you can select a baseline profile and use the built-in option to change the instance version for that profile to a new one. ## Avoid conflicts @@ -177,7 +177,7 @@ Migrating from on-premises Active Directory group policies to a pure cloud solut ### Where can I find details about using or configuring the settings that are available in a security baseline? -Each security baseline manages device configurations by applying the options found in a configuration service provider on a device. For example, settings that apply to Microsoft Defender are taken from th Microsoft Defender CSP. Because Intune is a configuration vehicle for those options and doesn’t determine their functionality or scope, the CSP documentation owns the content for how to configure each option. +Each security baseline manages device configurations by applying the options found in a configuration service provider on a device. For example, settings that apply to Microsoft Defender are taken from the Microsoft Defender CSP. Because Intune is a configuration vehicle for those options and doesn’t determine their functionality or scope, the CSP documentation owns the content for how to configure each option. Within the Intune security baseline policy UI, Intune provides information text that is taken from the source CSP and provides a link to that CSP. In some cases, the CSP might be part of a larger content set that includes proactive guidance that remains beyond the scope of Intune to include or duplicate in our content. However, Intune does document the list of settings in each security baseline version and its default configuration.