MicrosoftDocs
diff --git a/‎defender-xdr/TOC.yml‎
Lines changed: 3 additions & 3 deletions b/‎defender-xdr/TOC.yml‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎defender-xdr/auditing.md‎
Lines changed: 6 additions & 5 deletions b/‎defender-xdr/auditing.md‎
Lines changed: 6 additions & 5 deletions
diff --git a/‎defender-xdr/before-you-begin-defender-experts.md‎
Lines changed: 28 additions & 11 deletions b/‎defender-xdr/before-you-begin-defender-experts.md‎
Lines changed: 28 additions & 11 deletions
diff --git a/‎defender-xdr/before-you-begin-xdr.md‎
Lines changed: 4 additions & 3 deletions b/‎defender-xdr/before-you-begin-xdr.md‎
Lines changed: 4 additions & 3 deletions
diff --git a/‎defender-xdr/communicate-defender-experts-xdr.md‎
Lines changed: 3 additions & 2 deletions b/‎defender-xdr/communicate-defender-experts-xdr.md‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎defender-xdr/defender-experts-for-hunting.md‎
Lines changed: 11 additions & 6 deletions b/‎defender-xdr/defender-experts-for-hunting.md‎
Lines changed: 11 additions & 6 deletions
diff --git a/‎defender-xdr/defender-experts-scoped-coverage.md‎
Lines changed: 6 additions & 5 deletions b/‎defender-xdr/defender-experts-scoped-coverage.md‎
Lines changed: 6 additions & 5 deletions
@@ -365,14 +365,14 @@
             href: access-den-graph-api.md
           - name: Ask Defender Experts
             href: experts-on-demand.md
+          - name: Understand Defender Experts for Hunting reports
+            href: defender-experts-report.md
         - name: Frequently asked questions
           items: 
           - name: General information
             href: faq-defender-experts-hunting.md
           - name: Server and cloud workload coverage
             href: faq-cloud-coverage-defender-experts.md
-        - name: Understand Defender Experts for Hunting reports
-          href: defender-experts-report.md
       - name: Collaborate with Microsoft Defender Experts for XDR
         items:
         - name: Overview
@@ -387,7 +387,7 @@
             href: managed-detection-and-response-xdr.md
           - name: Scoped coverage
             href: defender-experts-scoped-coverage.md  
-          - name: Communicate with Defender Experts for XDR
+          - name: Communicate with Defender Experts
             href: communicate-defender-experts-xdr.md
           - name: Reports
             href: reports-xdr.md
 
@@ -3,10 +3,10 @@ title: How to search the audit logs for actions performed by Defender Experts
 ms.reviewer:
 description: As a tenant administrator, you can use Microsoft Purview to search the audit logs for the actions Microsoft Defender Experts did in your tenant to perform their investigations
 ms.service: defender-experts-for-xdr
-ms.author: vpattnaik
-author: vpattnai
+ms.author: pauloliveria
+author: poliveria
 ms.localizationpriority: medium
-manager: dansimp
+manager: orspodek
 audience: ITPro
 ms.collection:
   - m365-security
@@ -17,14 +17,15 @@ ms.custom:
 - cx-ti
 - cx-dex
 search.appverid: met150
-ms.date: 01/14/2025
+ms.date: 08/01/2025
 ---
 
 # Auditing
 
 **Applies to:**
 
-- [Microsoft Defender XDR](microsoft-365-defender.md)
+- [Microsoft Defender Experts for XDR](dex-xdr-overview.md)
+- Microsofot Defender Experts for Servers
 
 As a tenant administrator, you can use Microsoft Purview to search the audit logs for the times Microsoft Defender Experts signed into your tenant and the actions they did there to perform their investigations. You can also search the audit logs for the changes done by your tenant administrators to the Defender Experts settings.
 
 
@@ -3,10 +3,10 @@ title: Before you begin using the Microsoft Defender Experts for Hunting service
 ms.reviewer:
 description: To enable us to get started with the defender experts managed service, we require the following prerequisites
 ms.service: defender-experts-for-hunting
-ms.author: vpattnaik
-author: vpattnai
+ms.author: pauloliveria
+author: poliveria
 ms.localizationpriority: medium
-manager: dansimp
+manager: orspodek
 audience: ITPro
 ms.collection:
   - m365-security
@@ -18,7 +18,7 @@ ms.custom:
 - cx-ti
 - cx-ean
 search.appverid: met150
-ms.date: 04/24/2025
+ms.date: 08/01/2025
 ---
 
 # Before you begin using Defender Experts for Hunting
@@ -28,7 +28,6 @@ ms.date: 04/24/2025
 **Applies to:**
 
 - [Microsoft Defender XDR](microsoft-365-defender.md)
-- [Microsoft Defender Experts for XDR](dex-xdr-overview.md)
 
 [Microsoft Defender Experts for Hunting](defender-experts-for-hunting.md) is a managed service that provides hunting capabilities for novel emerging threats that aren't yet well known in the industry. The analysts for the hunting service review trends in the threat actor evolution based on world-renowned Microsoft Threat Intelligence and Research. They then apply the insights they gather to hunt for emerging attack vectors within the customer ecosystem.
 
@@ -38,12 +37,14 @@ With deep product expertise powered by threat intelligence, we're uniquely posit
 1. Get detailed, step-by-step, and actionable guidance from our experts so you can respond to these emerging threats.
 1. [Seek assistance](#ask-defender-experts) from Defender Experts.
 
-This document outlines the key infrastructure requirements you must meet and important information on data access and compliance you must know before purchasing the Microsoft Defender Experts for Hunting service. Microsoft understands that customers who use our managed services entrust us with their most valued asset, their data.
+This document outlines the key infrastructure requirements you must meet and important information on data access and compliance you must know before purchasing the **Microsoft Defender Experts for Hunting - XDR** service and its add-on, **Microsoft Defender Experts for Hunting - Servers**. Microsoft understands that customers who use our managed services entrust us with their most valued asset, their data.
 
 ## Eligibility and licensing
 
 Defender Experts for Hunting is a separate service from your existing Microsoft Defender products. Before enrolling in this service, make sure that you have the necessary license and access.
 
+**Microsoft Defender Experts for Hunting – XDR**
+
 We require the following licensing prerequisites to enable us to get started with this threat hunting service:
 
 - Microsoft Defender for Endpoint P2 must be licensed and enabled on eligible devices
@@ -60,20 +61,33 @@ The following product is **not** covered by this service:
 - Microsoft Defender for IoT
 - Other Microsoft services not mentioned in the previous lists
 
+**Microsoft Defender Experts for Hunting - Servers**
+
+Customers who wish to have Defender Experts hunting coverage for Microsoft Defender for Cloud servers must have the following:
+
+-	Defender Experts for Hunting - XDR service enrollment
+-	Defender for Servers Plan 1 or Plan 2 in Microsoft Defender for Cloud
+
 > [!NOTE]
-> Licensing for Microsoft Defender Experts for Hunting is applied at the tenant level and all identities and devices will be included in your license.
+> Defender Experts for Hunting coverage is applied at the tenant level and all identities and devices will be included.
 
 ### Defender Experts for Hunting coverage
 
-Defender Experts for Hunting relies on event signals from Defender for Endpoint, Defender for Office 365, Defender for Cloud Apps, Defender for Identity. It also relies on proprietary Microsoft Threat Intelligence sources.
+**Microsoft Defender Experts for Hunting – XDR**
+
+Defender Experts for Hunting - XDR relies on event signals from Defender for Endpoint, Defender for Office 365, Defender for Cloud Apps, Defender for Identity. It also relies on proprietary Microsoft Threat Intelligence sources.
 
-This service also covers servers—whether on premises or on a hyperscale cloud service provider—that have Defender for Endpoint deployed on them with a Microsoft Defender for Endpoint for Servers license.
+This service also covers servers that have Defender for Endpoint deployed on them with a **Microsoft Defender for Endpoint for Servers** license.
 
 Any detection that's not from Microsoft Defender products (for example, detections from other security vendors) isn't within the scope of Defender Experts for Hunting.
 
+**Microsoft Defender Experts for Hunting - Servers**
+
+Defender Experts for Hunting – Servers provides add-on server coverage, including hybrid and multicloud servers from Defender for Servers. 
+
 ### Ask Defender Experts
 
-[Ask Defender Experts](experts-on-demand.md) is intended to provide a better understanding of complex threats affecting your organization. It focuses on products included in Microsoft Defender XDR (Defender for Endpoint, Defender for Office 365, Defender for Cloud Apps, and Defender for Identity). [See sample questions you can ask Defender Experts](experts-on-demand.md#sample-questions-you-can-ask-from-defender-experts).
+[Ask Defender Experts](experts-on-demand.md) is intended to provide a better understanding of complex threats affecting your organization. It focuses on products included in Microsoft Defender Experts services. [See sample questions you can ask Defender Experts](experts-on-demand.md#sample-questions-you-can-ask-from-defender-experts).
 
 Defender Experts for Hunting customers are assigned 10 Ask Defender Experts credits, which you can use to submit questions, at the start of each calendar quarter. Unused credits from the current quarter roll up to the next one. You can use up to 20 credits only per quarter. All unused credits expire by the end of the calendar year or at the end of your subscription term, whichever comes first.
 
@@ -87,7 +101,7 @@ You might need certain roles and permissions to fully access the service capabil
 
 ## Service availability and data protection
 
-Defender Experts for Hunting is a managed threat hunting service that proactively hunts for threats across endpoints, email, identity, and cloud apps. To carry out hunting on your behalf, Microsoft experts need access to your Microsoft Defender XDR advanced hunting data. Enrolling in this service means you're granting permission to Microsoft experts to access the said data.
+Defender Experts for Hunting - XDR and Defender Experts for Hunting - Servers are managed threat hunting services that proactively hunts for threats across endpoints, email, identity, cloud apps, and servers. To carry out hunting on your behalf, Microsoft experts need access to your Microsoft Defender XDR advanced hunting data. Enrolling in this service means you're granting permission to Microsoft experts to access the said data.
 
 The following sections enumerate additional information about the service's data usage, compliance, and availability. For more information about Microsoft's commitment in valuing and protecting your data, visit the [Trust Center](https://www.microsoft.com/trust-center/product-overview) then scroll down to **Additional products and services** > **Managed Security Services** > **Microsoft Defender Experts**.
 
@@ -99,6 +113,9 @@ Defender Experts for Hunting operational data, such as case tickets and analyst
 
 Microsoft experts hunt over [advanced hunting logs](advanced-hunting-schema-tables.md) in Microsoft Defender XDR advanced hunting tables. The data in these tables depend on the set of Defender services the customer is enabled for (for example, Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Defender for Identity, Microsoft Defender for Cloud Apps, and Microsoft Entra ID). Experts also use a large set of internal threat intelligence data to inform their hunting and automation.
 
+> [!NOTE]
+> Microsoft Defender for Cloud is integrated with Microsoft Defender XDR. This integration allows security teams to access Defender for Cloud alerts and incidents within the Microsoft Defender portal. The Defender Experts for Hunting - Servers add-on service accesses data through the Defender portal, so the same data collection, usage, and retention policies apply to this service.
+
 ### Security and compliance
 
 When you purchase and onboard to Defender Experts for Hunting, you're granting permission to Microsoft experts to access your advanced hunting data.
 
@@ -24,7 +24,8 @@ ms.date: 08/01/2025
 
 **Applies to:**
 
-- [Microsoft Defender XDR](microsoft-365-defender.md)
+- [Microsoft Defender Experts for XDR](dex-xdr-overview.md)
+- Microsofot Defender Experts for Servers
 
 This document outlines the key prerequisites you must meet and essential information you must know before purchasing the Microsoft Defender Experts for XDR service and its add-on offering, Microsoft Defender Experts for Servers.
 
@@ -61,7 +62,7 @@ The following product isn't covered by this service:
 
 **Microsoft Defender Experts for Servers**
 
-To enable the Defender Experts for Severs coverage, Defender for Servers Plan 1 or Plan 2 in Defender for Cloud must be enabled. Endpoint protection should also be turned on for both Windows and Linux devices that allow protection powered by Defender for Endpoint, including automatic agent deployment to your servers, and security data integration with Defender for Cloud. 
+To enable the Defender Experts for Severs coverage, Defender for Servers Plan 1 or Plan 2 in Defender for Cloud must be enabled. [Endpoint protection](/azure/defender-for-cloud/integration-defender-for-endpoint) should also be turned on for Windows and Linux devices that allow protection powered by Defender for Endpoint, including automatic agent deployment to your servers, and security data integration with Defender for Cloud. 
 
 Depending on the coverage you're looking for, you can enable the Defender for Servers plan for a Microsoft Azure subscription, Amazon Web Services account, or Google Cloud Platform project.
 
@@ -78,7 +79,7 @@ We recommend ensuring that at least one product, such as Defender for Endpoint o
 
 For maximum, native coverage, we recommend deploying the full Microsoft Defender XDR suite and enabling all eligible products in active mode.
 
-Defender Experts for XDR also covers servers—whether on premises or on a hyperscale cloud service provider—that have Defender for Endpoint deployed on them with a Microsoft Defender for Endpoint for Server license. For Defender Experts coverage, a server is considered as a user account for billing. 
+Defender Experts for XDR also covers servers that have Defender for Endpoint deployed on them with a **Microsoft Defender for Endpoint for Server** license. For Defender Experts coverage, a server is considered as a user account for billing. 
 [Learn more about specific hardware and software requirements](/defender-endpoint/minimum-requirements)
 
 ### Ask Defender Experts
 
@@ -17,14 +17,15 @@ ms.custom:
 - cx-ti
 - cx-dex
 search.appverid: met150
-ms.date: 03/05/2025
+ms.date: 08/01/2025
 ---
 
 # Communicating with experts in the Microsoft Defender Experts for XDR service
 
 **Applies to:**
 
-- [Microsoft Defender XDR](microsoft-365-defender.md)
+- [Microsoft Defender Experts for XDR](dex-xdr-overview.md)
+- Microsofot Defender Experts for Servers
 
 Microsoft Defender Experts for XDR provides you with multiple channels of communication to discuss incidents with our experts, ask them questions on demand, or get service readiness or operations support from your service delivery managers (SDMs), if included in your service.
 
 
@@ -3,10 +3,10 @@ title: What is Microsoft Defender Experts for Hunting offering
 ms.reviewer:
 description: Microsoft  Defender Experts for Hunting is a proactive threat hunting service that goes beyond the endpoint to hunt across endpoints
 ms.service: defender-experts-for-hunting
-ms.author: vpattnaik
-author: vpattnai
+ms.author: pauloliveria
+author: poliveria
 ms.localizationpriority: medium
-manager: dansimp
+manager: orspodek
 audience: ITPro
 ms.collection:
   - m365-security
@@ -17,7 +17,7 @@ search.appverid: met150
 ms.custom: 
 - cx-ti
 - cx-ean
-ms.date: 10/30/2024
+ms.date: 08/01/2025
 ---
 
 # Microsoft Defender Experts for Hunting
@@ -29,12 +29,17 @@ ms.date: 10/30/2024
 - [Microsoft Defender XDR](microsoft-365-defender.md)
 
 > [!IMPORTANT]
-> Microsoft Defender Experts for Hunting is sold separately from other Microsoft Defender XDR products. If you're a Microsoft Defender XDR customer and are interested in purchasing Defender Experts for Hunting, complete a [customer interest form](https://aka.ms/DEX4HuntingCustomerInterestForm).
+> Microsoft Defender Experts for Hunting is sold separately from other Microsoft Defender XDR products. If you're a Microsoft Defender XDR customer and are interested in purchasing Microsoft Defender Experts for Hunting - XDR and the Microsoft Defender Experts for Hunting - Servers add-on, complete this [customer interest form](https://aka.ms/DEX4HuntingCustomerInterestForm).
 
 > [!NOTE]
 > Any incident response services offered by Defender Experts will be offered under the Defender Experts Service Terms.
 
-Microsoft Defender Experts for Hunting was created for customers who have a robust security operations center but want Microsoft to help them proactively hunt threats using Microsoft Defender data. Defender Experts for Hunting is a proactive threat hunting service that goes beyond the endpoint to hunt across endpoints, Office 365, cloud applications, and identity. Our experts will investigate anything they find, then hand off the contextual alert information along with remediation instructions, so you can quickly respond.
+Microsoft Defender Experts for Hunting was created for customers who have a robust security operations center but want Microsoft to help them proactively hunt threats using Microsoft Defender data:
+
+- **Microsoft Defender Experts for Hunting - XDR** is a proactive threat hunting service that goes beyond the endpoint to hunt across endpoints, Microsoft 365, cloud applications, and identity
+- **Microsoft Defender Experts for Hunting - Servers** is an add-on to Defender Experts for Hunting - XDR, providing proactive threat hunting for hybrid and multicloud servers
+
+Our experts will investigate anything they find, then hand off the contextual alert information along with remediation instructions, so you can quickly respond.
 
 The following capabilities included in this managed threat hunting service could also help with your daily SecOps work:
 
 
@@ -4,10 +4,10 @@ ms.reviewer:
 description: Defender Experts scoped coverage covers a specific section of the organization where SOC support is limited.
 ms.service: defender-experts
 ms.subservice: dex-xdr
-ms.author: vpattnaik
-author: vpattnai
+ms.author: pauloliveria
+author: poliveria
 ms.localizationpriority: medium
-manager: dansimp
+manager: orspodek
 audience: ITPro
 ms.collection:
   - m365-security
@@ -17,14 +17,15 @@ ms.custom:
 - cx-ti
 - cx-dex
 search.appverid: met150
-ms.date: 12/24/2024
+ms.date: 08/01/2025
 ---
 
 # Scoped coverage in Microsoft Defender Experts for XDR
 
 **Applies to:**
 
-- [Microsoft Defender XDR](microsoft-365-defender.md)
+- [Microsoft Defender Experts for XDR](dex-xdr-overview.md)
+- Microsofot Defender Experts for Servers
 
 Microsoft Defender Experts for XDR offers scoped coverage for customers who wish to have Defender Experts cover only a section of their organization (for example, specific geography, subsidiary, or function) that requires security operations center (SOC) support or where their security support is limited.