Merge branch 'main' into docs-editor/whats-new-1755499423

aditisrivastava07 · web-flow · commit 090025cbf3ea · 2025-08-18T12:53:04.000+05:30
diff --git a/CloudAppSecurityDocs/investigate-anomaly-alerts.md b/CloudAppSecurityDocs/investigate-anomaly-alerts.md
@@ -8,7 +8,6 @@ ms.topic: how-to
 # How to investigate anomaly detection alerts
 
 
-
 Microsoft Defender for Cloud Apps provides security detections and alerts for malicious activities. The purpose of this guide is to provide you with general and practical information on each alert, to help with your investigation and remediation tasks. Included in this guide is general information about the conditions for triggering alerts. However, it's important to note that since anomaly detections are nondeterministic by nature, they're only triggered when there's behavior that deviates from the norm. Finally, some alerts might be in preview, so regularly review the official documentation for updated alert status.
 
 > [!IMPORTANT]
diff --git a/CloudAppSecurityDocs/protect-salesforce.md b/CloudAppSecurityDocs/protect-salesforce.md
@@ -55,7 +55,7 @@ You can use the following built-in policy templates to detect and notify you abo
 
 | Type | Name |
 | ---- | ---- |
-| Built-in anomaly detection policy | [Activity from anonymous IP addresses](anomaly-detection-policy.md#activity-from-anonymous-ip-addresses)<br />[Activity from infrequent country](anomaly-detection-policy.md#activity-from-infrequent-country)<br />[Activity from suspicious IP addresses](anomaly-detection-policy.md#activity-from-suspicious-ip-addresses)<br />[Impossible travel](anomaly-detection-policy.md#impossible-travel)<br />[Activity performed by terminated user](anomaly-detection-policy.md#activity-performed-by-terminated-user) (requires Microsoft Entra ID as IdP)<br />[Multiple failed login attempts](anomaly-detection-policy.md#multiple-failed-login-attempts)<br />[Unusual administrative activities](anomaly-detection-policy.md#unusual-activities-by-user)<br />[Unusual file deletion activities](anomaly-detection-policy.md#unusual-activities-by-user)<br />[Unusual file share activities](anomaly-detection-policy.md#unusual-activities-by-user)<br />[Unusual impersonated activities](anomaly-detection-policy.md#unusual-activities-by-user)<br />[Unusual multiple file download activities](anomaly-detection-policy.md#unusual-activities-by-user) |
+| Built-in anomaly detection policy | [Activity from anonymous IP addresses](anomaly-detection-policy.md#activity-from-anonymous-ip-addresses)<br />[Activity from infrequent country](anomaly-detection-policy.md#activity-from-infrequent-country)<br />[Activity from suspicious IP addresses](anomaly-detection-policy.md#activity-from-suspicious-ip-addresses)<br />[Impossible travel](anomaly-detection-policy.md#impossible-travel)<br />[Activity performed by terminated user](anomaly-detection-policy.md#activity-performed-by-terminated-user) (requires Microsoft Entra ID as IdP)<br />[Multiple failed login attempts](anomaly-detection-policy.md#multiple-failed-login-attempts)<br />[Unusual administrative activities](anomaly-detection-policy.md#unusual-activities-by-user)<br />[Unusual file deletion activities](anomaly-detection-policy.md#unusual-activities-by-user) (Temporarily not supported due to limitation in Salesforce API)<br />[Unusual file share activities](anomaly-detection-policy.md#unusual-activities-by-user)<br />[Unusual impersonated activities](anomaly-detection-policy.md#unusual-activities-by-user)<br />[Unusual multiple file download activities](anomaly-detection-policy.md#unusual-activities-by-user) |
 | Activity policy template | Logon from a risky IP address<br />Mass download by a single user|
 | File policy template | Detect a file shared with an unauthorized domain<br />Detect a file shared with personal email addresses|
 
diff --git a/unified-secops-platform/criteria.md b/unified-secops-platform/criteria.md
@@ -2,7 +2,8 @@
 title: How Microsoft identifies malware and potentially unwanted applications
 ms.reviewer: andanut, elahehsamani
 description: Learn how Microsoft reviews software for privacy violations and other negative behavior, to determine if it's malware or a potentially unwanted application.
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.localizationpriority: medium
 ms.author: dansimp
 author: dansimp
diff --git a/unified-secops-platform/defender-xdr-portal.md b/unified-secops-platform/defender-xdr-portal.md
@@ -2,7 +2,8 @@
 title: Microsoft Defender XDR in the Microsoft Defender Portal
 description: Learn about the services and features available with Microsoft Defender XDR in the Microsoft Defender portal.
 search.appverid: met150
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.author: bagol
 author: batamig
 ms.localizationpriority: medium
diff --git a/unified-secops-platform/detect-threats-overview.md b/unified-secops-platform/detect-threats-overview.md
@@ -2,7 +2,8 @@
 title: Threat detection in the Microsoft Defender portal
 description: Learn about the features that help detect threats in the Microsoft unified security platform
 search.appverid: met150
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.author: austinmc
 author: austinmccollum
 ms.localizationpriority: medium
diff --git a/unified-secops-platform/gov-support.md b/unified-secops-platform/gov-support.md
@@ -3,7 +3,8 @@ title: Microsoft Defender Portal Service Support for US Government Customers
 description: Learn about support in the Microsoft Defender portal for US Government clouds.
 author: batamig
 ms.author: bagol
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.topic: concept-article #Don't change.
 ms.date: 06/22/2025
 ms.collection:
diff --git a/unified-secops-platform/hunting-overview.md b/unified-secops-platform/hunting-overview.md
@@ -2,7 +2,8 @@
 title: Threat hunting features across the Microsoft Defender portal
 description: Learn about threat hunting features across the Microsoft Defender portal
 search.appverid: met150
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.author: austinmc
 author: austinmccollum
 ms.localizationpriority: medium
diff --git a/unified-secops-platform/index.yml b/unified-secops-platform/index.yml
@@ -6,7 +6,8 @@ summary: Bring together the full capabilities of Microsoft Sentinel, Microsoft D
 metadata:
   title: Unified security operations documentation # Required; page title displayed in search results. Include the brand. < 60 chars.
   description: Bring together the full capabilities of Microsoft Sentinel, Defender XDR, Microsoft Security Exposure Management, and generative AI into the Defender portal. # Required; article description that is displayed in search results. < 160 chars.
-  ms.service: unified-secops-platform #Required; use either service or product per approved list. 
+  ms.service: microsoft-defender
+  ms.subservice: unified-security-operations #Required; use either service or product per approved list. 
   ms.topic: landing-page # Required
   ms.collection: usx-security # Optional; Remove if no collection is used.
   ms.author: bagol
diff --git a/unified-secops-platform/malware-naming.md b/unified-secops-platform/malware-naming.md
@@ -1,7 +1,8 @@
 ---
 title: How Microsoft names malware
 description: Understand the malware naming convention used by Microsoft Defender Antivirus and other Microsoft antimalware.
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.localizationpriority: medium
 ms.author: dansimp
 author: dansimp
diff --git a/unified-secops-platform/microsoft-sentinel-onboard.md b/unified-secops-platform/microsoft-sentinel-onboard.md
@@ -1,7 +1,8 @@
 ---
 title: Connect Microsoft Sentinel to the Microsoft Defender portal
 description: Learn how to connect your Microsoft Sentinel environment to the Defender portal to unify your security operations.
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 f1.keywords: 
   - NOCSH
 ms.author: bagol
diff --git a/unified-secops-platform/microsoft-threat-actor-naming.md b/unified-secops-platform/microsoft-threat-actor-naming.md
@@ -2,7 +2,8 @@
 title: How Microsoft names threat actors
 ms.reviewer: 
 description: Learn how Microsoft names threat actors and how to use the naming convention to identify associated intelligence.
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.mktglfcycl: secure
 ms.sitesec: library
 ms.localizationpriority: medium
diff --git a/unified-secops-platform/mto-advanced-hunting.md b/unified-secops-platform/mto-advanced-hunting.md
@@ -2,7 +2,8 @@
 title: Advanced hunting in Microsoft Defender multitenant management
 description: Learn about advanced hunting in Microsoft Defender multitenant management
 search.appverid: met150
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.author: bagol
 author: batamig
 ms.localizationpriority: medium
diff --git a/unified-secops-platform/mto-dashboard.md b/unified-secops-platform/mto-dashboard.md
@@ -2,7 +2,8 @@
 title: Vulnerability management in multitenant management
 description: Learn about the capabilities of the vulnerability management dashboard in multitenant management in Microsoft Defender XDR
 search.appverid: met150
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.author: deniseb
 author: denisebmsft
 ms.localizationpriority: medium
diff --git a/unified-secops-platform/mto-distribution-profiles.md b/unified-secops-platform/mto-distribution-profiles.md
@@ -1,7 +1,8 @@
 ---
 title: Content distribution using distribution profiles in multitenant management
 description: Learn about content distribution across tenants in the Microsoft Defender multitenant portal.
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.author: bagol
 author: batamig
 ms.localizationpriority: medium
diff --git a/unified-secops-platform/mto-endpoint-security-policy.md b/unified-secops-platform/mto-endpoint-security-policy.md
@@ -1,7 +1,8 @@
 ---
 title: Endpoint security policies in multitenant management
 description: Learn how to manage endpoint security policies for Defender XDR multi-tenant management in the Microsoft Defender portal.
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.author: bagol
 author: batamig
 ms.localizationpriority: medium
diff --git a/unified-secops-platform/mto-incidents-alerts.md b/unified-secops-platform/mto-incidents-alerts.md
@@ -2,7 +2,8 @@
 title: View and manage incidents and alerts in Microsoft Defender multitenant management
 description: Learn about incidents and alerts in Microsoft Defender multitenant management
 search.appverid: met150
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.author: deniseb
 author: denisebmsft
 ms.localizationpriority: medium
diff --git a/unified-secops-platform/mto-manage-cases.md b/unified-secops-platform/mto-manage-cases.md
@@ -2,7 +2,8 @@
 title: View and manage cases across multiple tenants in the Microsoft Defender multitenant portal
 description: Learn how to use the Microsoft Defender multitenant portal to manage cases across multiple tenants.
 search.appverid: met150
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.author: yelevin
 author: yelevin
 ms.localizationpriority: medium
diff --git a/unified-secops-platform/mto-overview.md b/unified-secops-platform/mto-overview.md
@@ -1,7 +1,8 @@
 ---
 title: Microsoft Defender multitenant management
 description: Learn about multitenant management for Microsoft Defender XDR and Microsoft Sentinel in the Microsoft Defender portal.
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.author: deniseb
 author: denisebmsft
 ms.localizationpriority: medium
diff --git a/unified-secops-platform/mto-requirements.md b/unified-secops-platform/mto-requirements.md
@@ -1,7 +1,8 @@
 ---
 title: Set up Microsoft Defender multitenant management
 description: Learn what steps you need to take to get started with multitenant management for Microsoft Defender XDR and Microsoft Sentinel in the Defender portal.
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.author: deniseb
 author: denisebmsft
 ms.localizationpriority: medium
diff --git a/unified-secops-platform/mto-tenant-devices.md b/unified-secops-platform/mto-tenant-devices.md
@@ -2,7 +2,8 @@
 title: Devices in multitenant management 
 description: Learn about multitenant device view in multitenant management of the Microsoft Defender XDR.
 search.appverid: met150
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.author: deniseb
 author: denisebmsft
 ms.localizationpriority: medium
diff --git a/unified-secops-platform/mto-tenants.md b/unified-secops-platform/mto-tenants.md
@@ -2,7 +2,8 @@
 title: Manage tenants with Microsoft Defender multitenant management
 description: Learn about the tenant list in Microsoft Defender multitenant management
 search.appverid: met150
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.author: deniseb
 author: denisebmsft
 ms.localizationpriority: medium
diff --git a/unified-secops-platform/mto-troubleshoot.md b/unified-secops-platform/mto-troubleshoot.md
@@ -2,7 +2,8 @@
 title: Troubleshoot issues in Microsoft Defender multitenant management
 description: Learn about issues in Microsoft Defender multitenant management and how to fix or troubleshoot them.
 search.appverid: met150
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.author: diannegali
 author: diannegali
 ms.localizationpriority: medium
diff --git a/unified-secops-platform/mto-urbac.md b/unified-secops-platform/mto-urbac.md
@@ -1,7 +1,8 @@
 ---
 title: Manage unified role-based access control in multitenant management
 description: Overview of how to manage the unified role-based access control multitenant management in the Microsoft Defender portal.
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.author: bagol
 author: batamig
 ms.localizationpriority: medium
diff --git a/unified-secops-platform/overview-defender-portal.md b/unified-secops-platform/overview-defender-portal.md
@@ -2,7 +2,8 @@
 title: Microsoft Defender portal overview
 description: Learn about the Microsoft services and features available in the Microsoft Defender portal.
 search.appverid: met150
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.author: bagol
 author: batamig
 ms.localizationpriority: medium
diff --git a/unified-secops-platform/overview-deploy.md b/unified-secops-platform/overview-deploy.md
@@ -3,7 +3,8 @@ title: Deploy for Unified Security Operations | Microsoft Defender
 description: Deploy Microsoft Defender portal services for unified security operations, including Microsoft Defender XDR, Microsoft Sentinel, and other Microsoft Defender services.
 author: batamig
 ms.author: bagol
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.topic: how-to #Don't change.
 ms.date: 03/17/2025
 ms.collection:
diff --git a/unified-secops-platform/overview-msem-strategy.md b/unified-secops-platform/overview-msem-strategy.md
@@ -2,7 +2,8 @@
 title: "Enhancing your organization's security posture"
 description: Provides an overview of security posture management and risk reduction in the Microsoft Defender portal.
 search.appverid: met150
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.author: dlanger
 author: dlanger
 ms.localizationpriority: medium
diff --git a/unified-secops-platform/overview-plan.md b/unified-secops-platform/overview-plan.md
@@ -3,7 +3,8 @@ title: Planning Guidance for Unified Security Operations in the Microsoft Defend
 description: Plan to deploy unified security operations in the Microsoft Defender portal, including Microsoft Sentinel and other Microsoft Defender services.
 author: batamig
 ms.author: bagol
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.topic: concept-article #Don't change.
 ms.date: 07/16/2025
 ms.collection:
@@ -63,7 +64,7 @@ Before you deploy Microsoft Defender services for unified security operations, r
 | Microsoft Sentinel                                       | [Prerequisites to deploy Microsoft Sentinel](/azure/sentinel/prerequisites)  |
 | **Optional Microsoft Defender XDR services**              |                                                 |
 | Microsoft Defender for Office | [Microsoft Defender XDR prerequisites](/defender-xdr/prerequisites) |
-| Microsoft Defender for Identity                          | [Microsoft Defender for Identity prerequisites](/defender-for-identity/deploy/prerequisites)  |
+| Microsoft Defender for Identity                          | Microsoft Defender for Identity prerequisites:<br>[Sensor v2.x](/defender-for-identity/deploy/prerequisites-sensor-version-2) / [Sensor v3.x (Preview)](/defender-for-identity/deploy/prerequisites-sensor-version-3)  |
 | Microsoft Defender for Endpoint                          | [Set up Microsoft Defender for Endpoint deployment](/defender-endpoint/production-deployment)   |
 | Enterprise monitoring with Microsoft Defender for IoT    | [Prerequisites for Defender for IoT in the Defender portal](/defender-for-iot/prerequisites)   |
 | Microsoft Defender Vulnerability Management              | [Prerequisites & Permissions for Microsoft Defender Vulnerability Management](/defender-vulnerability-management/tvm-prerequisites)   |
@@ -249,4 +250,4 @@ For more information, see the [Zero Trust Guidance Center](/security/zero-trust/
 
 ## Next step
 
-[Deploy for unified security operations](overview-deploy.md)
+[Deploy for unified security operations](overview-deploy.md)
diff --git a/unified-secops-platform/overview-unified-security.md b/unified-secops-platform/overview-unified-security.md
@@ -2,7 +2,8 @@
 title: "What Are Unified Security Operations in the Microsoft Defender Portal?"
 description: Provides an overview of features and functionality in the Microsoft Defender portal for unified security operations.
 search.appverid: met150
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.author: bagol
 author: batamig
 ms.localizationpriority: medium
diff --git a/unified-secops-platform/reduce-risk-overview.md b/unified-secops-platform/reduce-risk-overview.md
@@ -2,7 +2,8 @@
 title: "Improve Security Posture and Reduce Risk"
 description: Provides an overview of solutions that help reduce security risk in the Microsoft Defender portal.
 search.appverid: met150
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.author: bagol
 author: batamig
 ms.localizationpriority: medium
diff --git a/unified-secops-platform/respond-threats-overview.md b/unified-secops-platform/respond-threats-overview.md
@@ -2,7 +2,8 @@
 title: Threat Response in the Defender Portal
 description: Learn about the features that help respond to threats in the Microsoft Defender portal, ensuring comprehensive protection.
 search.appverid: met150
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.author: bagol
 author: batamig
 ms.localizationpriority: medium
diff --git a/unified-secops-platform/submission-guide.md b/unified-secops-platform/submission-guide.md
@@ -2,7 +2,8 @@
 title: Submit files for analysis by Microsoft
 description: Learn how to submit files to Microsoft for malware analysis, how to track your submissions, and dispute detections.
 ms.reviewer:
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.localizationpriority: medium
 ms.author: dansimp
 author: dansimp
diff --git a/unified-secops-platform/threat-intelligence-overview.md b/unified-secops-platform/threat-intelligence-overview.md
@@ -3,7 +3,8 @@ title: Uncover adversaries with threat intelligence across the Defender portal
 ms.reviewer: 
 description: Learn about threat intelligence features across the Microsoft Defender portal.
 search.appverid: met150
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.author: pauloliveria
 author: poliveria
 ms.localizationpriority: medium
diff --git a/unified-secops-platform/virus-initiative-criteria.md b/unified-secops-platform/virus-initiative-criteria.md
@@ -2,7 +2,8 @@
 title: Microsoft Virus Initiative
 ms.reviewer: 
 description: The Microsoft Virus Initiative (MVI) helps organizations that make antivirus or antimalware products integrate with Windows and share telemetry with Microsoft.
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.localizationpriority: medium
 ms.author: dansimp
 author: dansimp
diff --git a/unified-secops-platform/whats-new.md b/unified-secops-platform/whats-new.md
@@ -2,7 +2,8 @@
 title: "What's new for Microsoft's unified security operations?"
 description: Lists the new features and functionality available for Microsoft unified security operations.
 search.appverid: met150
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.author: bagol
 author: batamig
 ms.localizationpriority: medium
diff --git a/unified-secops-platform/zero-trust.md b/unified-secops-platform/zero-trust.md
@@ -3,7 +3,8 @@ title: Zero Trust with unified security operations | Microsoft Defender
 description: Learn how implementing unified security operations in the Defender portal can help you deploy a Zero Trust architecture.
 author: batamig
 ms.author: bagol
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.topic: concept-article #Don't change.
 ms.date: 01/16/2025
 ms.collection:
