Merge branch 'main' into patch-18

Author: aditisrivastava07

ATPDocs/deploy/event-collection-overview.md

@@ -50,7 +50,7 @@ The following event is required for Microsoft Entra Connect servers:
 
 - 4624: An account was successfully logged on
 
-For more information, see [Configure auditing on Microsoft Entra Connect](../configure-windows-event-collection.md#configure-auditing-for-entra-connect).
+For more information, see [Configure auditing on Microsoft Entra Connect](../configure-windows-event-collection.md#configure-auditing-on-microsoft-entra-connect).
 
 ### Other required Windows events
 

ATPDocs/deploy/remote-calls-sam.md

@@ -34,12 +34,16 @@ To ensure that Windows clients and servers allow your Defender for Identity Dire
 
 **To configure required permissions**:
 
-1. Locate the policy. In your **Computer configuration > Windows settings > Security settings > Local policies > Security options**, select the **Network access - Restrict clients allowed to make remote calls to SAM** policy. For example:
+1. Create a new group policy or use an existing one. 
+1. In your **Computer configuration > Windows settings > Security settings > Local policies > Security options**, select the **Network access - Restrict clients allowed to make remote calls to SAM** policy. For example:
 
     :::image type="content" source="../media/samr-policy-location.png" alt-text="Screenshot of the Network access policy selected." lightbox="../media/samr-policy-location.png":::
 
 1. Add the DSA to the list of approved accounts able to perform this action, together with any other account that you've discovered during audit mode.
 
+   :::image type="content" source="../media/restrict-clients-allowed-to-make-remote-calls-to-sam.png" alt-text="Screenshot of the Network access policy settings." lightbox="../media/restrict-clients-allowed-to-make-remote-calls-to-sam.png":::
+
+
    For more information, see [Network access: Restrict clients allowed to make remote calls to SAM](/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls).
 
 ## Make sure the DSA is allowed to access computers from the network (optional)
@@ -60,6 +64,8 @@ To ensure that Windows clients and servers allow your Defender for Identity Dire
     >
     > The [Microsoft Security Compliance Toolkit](https://www.microsoft.com/download/details.aspx?id=55319) recommends replacing the default *Everyone* with *Authenticated Users* to prevent anonymous connections from performing network sign-ins. Review your local policy settings before managing the [Access this computer from the network](/windows/security/threat-protection/security-policy-settings/access-this-computer-from-the-network) setting from a GPO, and consider including *Authenticated Users* in the GPO if needed.
 
+     :::image type="content" source="../media/define-security-policy-setting.png" alt-text="Screenshot of Security Policy Settings." lightbox="../media/define-security-policy-setting.png":::
+
 ## Configure a Device profile for Microsoft Entra hybrid joined devices only
 
 This procedure describes how to use the [Microsoft Intune admin center](https://intune.microsoft.com/) to configure the policies in a Device profile if you're working with Microsoft Entra hybrid joined devices.

ATPDocs/media/define-security-policy-setting.png

@@ -24,6 +24,19 @@ For updates about versions and features released six months ago or earlier, see
 
 ## February 2025
 
+### DefenderForIdentity PowerShell module updates (version 1.0.0.3)
+
+New Features and Improvements:
+- Support for getting, testing, and setting the Active Directory Recycle Bin in Get/Set/Test MDIConfiguration.
+- Support for getting, testing, and setting the proxy configuration on new MDI sensor.
+- The Active Directory Certificate Services registry value for audit filtering now properly sets the type.
+- New-MDIConfigurationReport now shows the name of the tested GPO and supports Server and Identity arguments.
+
+Bug Fixes:
+- Improved reliability for DeletedObjects container permissions on non-English operating systems.
+- Fixed extraneous output for KDS root key creation.
+- Other reliability fixes.
+
 ### New attack paths tab on the Identity profile page
 
 This tab provides visibility into potential attack paths leading to a critical identity or involving it within the path, helping assess security risks. For more information, see [Overview of attack path within Exposure Management.](/security-exposure-management/work-attack-paths-overview) 

ATPDocs/media/restrict-clients-allowed-to-make-remote-calls-to-SAM.png

@@ -138,7 +138,7 @@ Windows authenticated scan will officially be deprecated on November 30, 2025. A
 
 ### What happens to my data after the product is deprecated?
 
-All user data is handled according to our [data storage and privacy policy](tvm-prerequisites.md#data-storage-and-privacy). We recommend that you export any important data before the deprecation date.
+All user data is handled according to our [Data storage and privacy](defender-vulnerability-management.md#data-storage-and-privacy). We recommend that you export any important data before the deprecation date.
 
 ### Will the product be replaced?
 

ATPDocs/whats-new.md

@@ -13,7 +13,7 @@ ms.collection:
 - essentials-overview
 search.appverid: met150
 audience: ITPro
-ms.date: 04/03/2024
+ms.date: 02/23/2025
 ---
 
 # What is Microsoft Defender Vulnerability Management
@@ -94,6 +94,10 @@ See the following articles for related Defender for Endpoint APIs:
 - [Vulnerability APIs](/defender-endpoint/api/vulnerability)
 - [List vulnerabilities by machine and software](/defender-endpoint/api/get-all-vulnerabilities-by-machines)
 
+## Data storage and privacy
+
+The same data security and privacy practices for Microsoft Defender for Endpoint apply to Microsoft Defender Vulnerability Management, for more information, see [Microsoft Defender for Endpoint data storage and privacy](/defender-endpoint/data-storage-privacy).
+
 ## Next steps
 
 - [Compare security features in Microsoft Defender Vulnerability Management](defender-vulnerability-management-capabilities.md)

defender-vulnerability-management/defender-vulnerability-management-faq.md

@@ -14,36 +14,34 @@ ms.collection:
 - m365-security
 - tier1
 - essentials-get-started
-ms.date: 08/14/2023
+ms.date: 02/23/2025
 ---
 
 # Sign up for Microsoft Defender Vulnerability Management
 
 > [!NOTE]
-> Microsoft Defender Vulnerability Management isn't currently available to Microsoft Defender for Business customers.
-
-## Starting a trial
-
-> [!NOTE]
+> Microsoft Defender Vulnerability Management isn't currently available in [Microsoft Defender for Business](/defender-business/mdb-overview).
 > The Microsoft Defender Vulnerability Management trial isn't currently available to US Government customers using GCC High, and DoD.
-> 
 > For more information on purchase options available, see [Microsoft Defender Vulnerability Management](https://www.microsoft.com/security/business/threat-protection/microsoft-defender-vulnerability-management-pricing?msockid=17c438e9b0b8628c22d52cd3b1c763eb).
 
-Microsoft Defender Vulnerability Management is available as a standalone and as an add-on for Microsoft Defender for Endpoint Plan 2 customers.
+
+## Starting a trial
+
+Microsoft Defender Vulnerability Management is available as a standalone subscription or as an add-on for [Microsoft Defender for Endpoint Plan 2](/defender-endpoint/microsoft-defender-endpoint) customers.
 
 - If you're a new customer or an existing Defender for Endpoint P1 or Microsoft 365 E3 customer sign up to try the [Defender Vulnerability Management Standalone Trial](#try-defender-vulnerability-management-standalone)
 - If you already have Defender for Endpoint Plan 2, sign up to try the [Defender Vulnerability Management Add-on Trial](#try-defender-vulnerability-management-add-on-trial-for-defender-for-endpoint-plan-2-customers)
 
-> [!NOTE]
-> Trials will be available to customers using the New Commerce Experience (NCE) for a 30 day period. After the 30 day period customers will be able to purchase Microsoft Defender Vulnerability Management through NCE.
-
+Trials are available to customers using the New Commerce Experience (NCE) for a 30 day period. After the 30 day period customers are able to purchase Microsoft Defender Vulnerability Management through NCE.
 
 ## Required roles for starting the trial
 
 As a Global Administrator, you can start the trial or you can allow to users start the trial on behalf of your organization by enabling this option:
 
 1. In the Microsoft 365 admin center, go to **Settings** > **Org settings** > **Services** > **User owned apps and services**
+
 2. Check **Let users start trials on behalf of your organization**
+
 3. Select **Save**
 
 :::image type="content" source="/defender/media/defender-vulnerability-management/mdvm-user-starttrial.png" alt-text="Screenshot of Microsoft Defender Vulnerability Management user trial setting.":::
@@ -57,17 +55,19 @@ It can take a few hours for the changes to take effect. Once it does, return to
 
 ## Try Defender Vulnerability Management Standalone
 
-If you're a new customer or an existing Defender for Endpoint P1 or Microsoft 365 E3 customer, you will sign up to trial the **Defender Vulnerability Management Standalone trial**.
+If you're a new customer or an existing Defender for Endpoint P1 or Microsoft 365 E3 customer, you can sign up for the **Defender Vulnerability Management Standalone trial**.
 
 > [!IMPORTANT]
 > You must be logged into the tenant as a global administrator to perform this task.
 
 To sign up:
 
-1. Log in as a global admin to the tenant where the Defender Vulnerability Management Standalone trial service will be added.
-2. Visit [Microsoft Defender Vulnerability Management Trial](https://aka.ms/MdvmStandaloneStartTrial).
-3. Follow the prompts to sign in. This will differ depending on whether you already have a Microsoft 365 subscription or not.
-4. Once you have signed in, select the **Try now** button to confirm your order of the 90 day subscription of the Defender Vulnerability Management Standalone trial.
+1. Sign in to the [Microsoft Defender portal](https://security.microsoft.com) for the tenant where the Defender Vulnerability Management Standalone trial service will be added.
+
+2. Go to [Microsoft Defender Vulnerability Management Trial](https://aka.ms/MdvmStandaloneStartTrial), and follow the prompts.
+
+3. Select the **Try now** button to confirm your order of the 90 day subscription of the Defender Vulnerability Management Standalone trial.
+
 5. Select **Continue**. You'll now be directed to the Microsoft Defender portal.
 
 > [!NOTE]
@@ -78,8 +78,11 @@ To sign up:
 If you already have Defender for Endpoint Plan 2, sign up to the **Defender Vulnerability Management Add-on trial** to get access to the additional capabilities. To sign up:
 
 1. Visit [Microsoft Defender Vulnerability Management Add-on Trial](https://aka.ms/MdvmAddonStartTrial).
+
 2. Follow the prompts to sign in. This will differ depending on whether you already have a Microsoft 365 subscription or not.
+
 3. Once you have signed in, select the **Try now** button to confirm your order of the 90 day subscription of the Microsoft Defender Vulnerability Add-on trial.
+
 4. Select **Continue**. You'll now be directed to the Microsoft Defender portal.
 
 > [!NOTE]