Merge branch 'main' into repo_sync_working_branch

Author: Ruchika-mittal01

ATPDocs/investigate-assets.md

@@ -63,9 +63,10 @@ When you investigate a specific identity, you'll see the following details on an
 |[Remediation actions](/microsoft-365/security/defender/investigate-users#remediation-actions)      |     Respond to compromised users by disabling their accounts or resetting their password. After taking action on users, you can check on the activity details in the Microsoft Defender XDR **Action center.|
 
 > [!NOTE]
-> **Investigation Priority Score** has been deprecated on December 3, 2025. As a result, both the Investigation Priority Score breakdown and the scored activity timeline cards have been removed from the UI. 
+> **Investigation Priority Score** has been deprecated on December 3, 2024. As a result, both the Investigation Priority Score breakdown and the scored activity timeline cards have been removed from the UI. 
+
+
 
-  
 For more information, see [Investigate users](/microsoft-365/security/defender/investigate-users) in the Microsoft Defender XDR documentation.
 
 ## Investigation steps for suspicious groups

ATPDocs/whats-new.md

@@ -24,6 +24,10 @@ For updates about versions and features released six months ago or earlier, see
 
 ## March 2025
 
+### New Health Issue
+
+New [health issue](health-alerts.md#network-configuration-mismatch-for-sensors-running-on-vmware) for cases where sensors running on VMware have network configuration mismatch.
+
 ### Enhanced Identity Inventory (Preview)
 
 The Identities page under *Assets* has been updated to provide better visibility and management of identities across your environment.  

defender-office-365/mdo-support-teams-about.md

@@ -160,5 +160,5 @@ For detailed syntax and parameter information, see [Set-TeamsProtectionPolicyRul
 - [Microsoft Teams](/microsoftteams/teams-overview)
 - [Managing Teams quarantined messages](quarantine-admin-manage-messages-files.md#use-the-microsoft-defender-portal-to-manage-microsoft-teams-quarantined-messages)
 - [Get started using Attack simulation training in Defender for Office 365](attack-simulation-training-get-started.md)
-- [Get started with Defender for Cloud Apps for Microsoft Teams] (/defender-cloud-apps/what-is-defender-for-cloud-apps)
+- [Get started with Defender for Cloud Apps for Microsoft Teams](/defender-cloud-apps/what-is-defender-for-cloud-apps)
 - [Get started with Compliance and DLP protection for Microsoft Teams](/microsoftteams/security-compliance-overview)

defender-office-365/submissions-users-report-message-add-in-configure.md

@@ -168,9 +168,9 @@ A: We recommend you update clients in the Microsoft admin center or ask users to
 
 ### Q: The Report phishing add-in offers a single report option but the built-in Report button has more options. What can I do?
 
-A: This design was finalized after partnership with more than 50 customers and a Private Preview of approximately two and half years. Many customers who had this question are actually much more comfortable with the built-in **Report** button.
+A: This design was finalized after partnership with more than 50 customers and a Private Preview of approximately two and half years. Many customers who had this question are actually much more comfortable with the built-in **Report** button. They have transitioned completely to the built-in **Report** button.
 
-They transitioned completely to the built-in **Report** button. Users were instructed to use the default action (split) for reporting messages as phishing, and to use the side menu to report messages as other types (Junk or Not junk).
+The built-in **Report** button is a split button. Clicking on the button without using the dropdown list reports the message as phishing. Use the dropdown list to report messages as junk or not junk.
 
 We recommend that you try the built-in **Report** button. If you're still facing issues, you can always reach out to us via Microsoft Support.
 

defender-xdr/investigate-users.md

@@ -60,7 +60,7 @@ The user page shows the Microsoft Entra organization as well as groups, helping
 The **Entity details** panel on the left side of the page provides information about the user, such as the Microsoft Entra identity risk level, the insider risk severity level (Preview), the number of devices the user is signed in to, when the user was first and last seen, the user's accounts, groups that the user belongs to, contact information, and more. You see other details depending on the integration features you enabled.
 
 > [!NOTE]
-> **Investigation Priority Score** has been deprecated on December 3, 2025. As a result, both the Investigation Priority Score breakdown and the Scored activities cards have been removed from the UI. 
+> **Investigation Priority Score** has been deprecated on December 3, 2024. As a result, both the Investigation Priority Score breakdown and the Scored activities cards have been removed from the UI. 
 
 > [!NOTE]
 > (Preview) Microsoft Defender XDR users with access to [Microsoft Purview Insider Risk Management](/purview/insider-risk-management-solution-overview) can now see a user's insider risk severity and gain insights on a user's suspicious activities in the user page. Select the **insider risk severity** under Entity details to see the risk insights about the user.