Merge pull request #3837 from MicrosoftDocs/main

[AutoPublish] main to live - 05/20 04:29 PDT | 05/20 16:59 IST

Author: padmagit77

defender-xdr/advanced-hunting-cloudappevents-table.md

@@ -30,13 +30,13 @@ ms.date: 05/15/2025
 
 The `CloudAppEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about events involving accounts and objects in Office 365 and other [cloud apps and services](#apps-and-services-covered). Use this reference to construct queries that return information from this table.
 
-## Get access
+## Prerequisites
 
 To make sure the `CloudAppEvents` data is populated:
 
 1.  Go to the Defender portal and select **Settings > Cloud apps > App connectors**.
 
-1.  In the Microsoft 365 connector portal, select the **Pull activities** checkbox.
+1.  In the **Select Microsoft 365 components** page, select the **Microsoft 365 activities** checkbox.
 
  For detailed instructions, see: [Connect Microsoft 365 to Microsoft Defender for Cloud Apps](/defender-cloud-apps/protect-office-365#prerequisites)
 

defender/index.yml

@@ -185,8 +185,8 @@ conceptualContent:
            text: See more
            url: /defender-for-iot/    
 
-        - title: Microsoft's unified security operations platform
-          summary: End-to-end SecOps with Microsoft Sentinel
+        - title: Microsoft Sentinel
+          summary: End-to-end security operations
           links:
           - url: /unified-secops-platform/overview-unified-security
             itemType: overview

exposure-management/get-started-exposure-management.md

@@ -19,6 +19,10 @@ On the Exposure Management > **Overview** dashboard, you can review the overall
 
 Use the dashboard as a starting point for a snapshot of organizational posture and exposure, and drill down to details as needed.
 
+You can filter the list of affected devices based on their scope, ensuring that data presentation is aligned with your specific needs. The filter selection persists even when switching between Exposure Management experiences, allowing you to maintain you preferred view and focus on specific devices without reapplying filters.
+
+Initiative scores will reflect the selected scope, whether defined by the admin or adjusted by the end user, ensuring users see accurate and relevant scores based on their access scope.
+
 :::image type="content" source="./media/get-started-exposure-management/exposure-management-overview.png" alt-text="Screenshot of the security exposure management overview page." lightbox="./media/get-started-exposure-management/exposure-management-overview.png":::
 
 ## Connecting your external security and asset management products

exposure-management/initiatives.md

@@ -1,12 +1,13 @@
 ---
-title: Review security initiatives in Microsoft Security Exposure Management
-description: Learn how to work with security Initiatives in Microsoft Security Exposure Management.
+title: Review security initiatives in Security Exposure Management
+description: Learn how to effectively manage and track security initiatives using Microsoft Security Exposure Management to improve your organization's security posture.
+#customer intent: As a security administrator, I want to understand and manage security initiatives so that I can improve my organization's security posture.
 ms.author: dlanger
 author: dlanger
-manager: rayne-wiselman
-ms.topic: overview
+manager: ornat-spodek
+ms.topic: how-to
 ms.service: exposure-management
-ms.date: 11/04/2024
+ms.date: 05/04/2025
 ---
 
 # Review security initiatives
@@ -21,24 +22,37 @@ ms.date: 11/04/2024
 
 ## View initiatives page
 
+The initiatives page provides detailed insights into your security initiatives and their progress.
+
+> [!NOTE]
+> All information shown on the Initiative pages that is related to Endpoints data is based on the user's scope. This includes, initiative scores, metrics progress, and history reasoning.
+
 1. Navigate to the [Microsoft Defender portal](https://security.microsoft.com/).
 
-1. From the Exposure management section on the navigation bar, select **Exposure insights -> Initiatives** to open the [initiatives](https://security.microsoft.com/exposure-initiatives) page.
+2. From the Exposure management section on the navigation bar, select **Exposure insights -> Initiatives** to open the [initiatives](https://security.microsoft.com/exposure-initiatives) page.
 
     :::image type="content" source="./media/initiatives/initiatives-window.png" alt-text="Screenshot of the Security Exposure Management Initiatives window.":::
 
-1. At the top of the initiatives page, review the highlighted key initiatives by scrolling and drilling down per your needs.
+3. Use the **Filter by device groups** positioned at the top right corner to refine the filter.
+
+:::image type="content" source="media/initiatives/filter-by-dg.png" alt-text="Screenshot of device group filter":::
+
+4. Choose the device groups relevant for you, and the iniatives data will be recalculated (only when related to Endpoints data).
 
-1. To set an initiative to appear in the top initiative bar in the dashboard or on the initiatives page, select the **star** icon in the initiatives window or **Mark as favorite** in the individual initiative.
+:::image type="content" source="media/initiatives/filter-by-dg-pane.png" alt-text="Screenshot of the filter by device groups side pane.":::
 
-1. You can review the following information for all initiatives:
+5. At the top of the initiatives page, review the highlighted key initiatives by scrolling and drilling down per your needs.
+
+6. To set an initiative to appear in the top initiative bar in the dashboard or on the initiatives page, select the **star** icon in the initiatives window or **Mark as favorite** in the individual initiative.
+
+7. You can review the following information for all initiatives:
     - **14 day change trend graph** highlighting how the initiative score changes over the past 14 days
     - **Initiative name**
     - **Favorite** indicator (toggle on/off) to display in the key initiatives banner
     - **Current score** of the initiative
     - **Programs** or workloads contributing to or required by this initiative
 
-1. Select an initiative to open the small overview and then select **Open initiative page** to review or remediate issues. The initiative page includes additional information including:
+8. Select an initiative to open the small overview and then select **Open initiative page** to review or remediate issues. The initiative page includes additional information including:
     - Your target score for the initiative
     - A means to set a custom target score appropriate to your organization's needs
     - Description
@@ -67,7 +81,7 @@ The changes in your score provide you with useful feedback about how well you're
 
 ## Check history
 
-1. Select an initiative to open the small overview and then select **Open initiative page-> History** to view changes over time.
+1. Select an initiative to open the small overview and then select **Open initiative page-> History** to view changes over time. 
 
 1. Browse to the time table to choose a specific time point to examine.
     1. If needed, filter for specific time points.
@@ -81,6 +95,7 @@ The changes in your score provide you with useful feedback about how well you're
 
 1. To review metrics associated with your initiative, select **Exposure insights -> Initiatives-> Security metrics**.
 1. Sort by heading, as needed.
+
 1. Select **Exposure insights -> Initiatives-> Security recommendations** to view recommendations related to your initiative.
 
     You only see those recommendations that are *currently* applied to assets and active in Microsoft Secure Score or Microsoft Defender for Cloud.

exposure-management/media/get-started-exposure-management/exposure-management-overview.png

@@ -24,6 +24,19 @@ Learn more about MSEM by reading the blogs, [here](https://techcommunity.microso
 >
 > `https://aka.ms/msem/rss`
 
+## May 2025
+
+### Enhanced support for device groups scoping
+
+The device groups scoping within Exposure Management has been expanded. This update enhances the existing capability to filter the list of affected devices based on your assigned scope by extending it to security metrics and exposed entities in recommendations. With this enhancement, initiative scores, metric progress, security events, and historical insights will now be calculated and displayed according to your specific user scope. As a result, the data presented, including on the Overview page, will be tailored to align with your designated scope.
+
+We will also support the device groups filter, which is already available in Microsoft Defender Vulnerability Management experiences. This filter enables end users to refine their view within their access scope, allowing them to focus on specific devices as needed. Once the filter is adjusted based on the user’s selection, all related data will be refreshed accordingly.
+
+> [!NOTE]
+> The device groups scoping capability applies only to data associated with Endpoint devices.
+
+For more information, see [Review security initiatives](initiatives.md)
+
 ## March 2025
 
 ### New predefined classifications