Merge pull request #2766 from MicrosoftDocs/main

Publish main to live, 02/13/25, 3:30 PM PT

Author: Ruchika-mittal01

CloudAppSecurityDocs/ops-guide/ops-guide-daily.md

@@ -146,7 +146,7 @@ Based on the data you review, you might want to create new or adjust app governa
 
 For more information, see:
 
-- [View and manage incidents and alerts](/microsoft-365/security/defender/mto-incidents-alerts)
+- [View and manage incidents and alerts](/unified-secops-platform/mto-incidents-alerts)
 - [View your app details with app governance](../app-governance-visibility-insights-view-apps.md)
 - [Create app policies in app governance](../app-governance-app-policies-create.md).
 
@@ -163,7 +163,7 @@ App governance uses machine learning-based detection algorithms to detect anomal
 
 For more information, see:
 
-- [View and manage incidents and alerts](/microsoft-365/security/defender/mto-incidents-alerts)
+- [View and manage incidents and alerts](/unified-secops-platform/mto-incidents-alerts)
 - [View your app details with app governance](../app-governance-visibility-insights-view-apps.md)
 - [Getting detailed information on an app](../app-governance-visibility-insights-view-apps.md#getting-detailed-information-on-an-app)
 
@@ -199,7 +199,7 @@ By default, there's no access or session policies deployed, and therefore no rel
 
 For more information, see:
 
-- [View and manage incidents and alerts](/microsoft-365/security/defender/mto-incidents-alerts)
+- [View and manage incidents and alerts](/unified-secops-platform/mto-incidents-alerts)
 - [Protect apps with Microsoft Defender for Cloud Apps Conditional Access app control](../proxy-intro-aad.md)
 - [Block and protect download of sensitive data to unmanaged or risky devices](../best-practices.md#block-and-protect-download-of-sensitive-data-to-unmanaged-or-risky-devices)
 - [Secure collaboration with external users by enforcing real-time session controls](../best-practices.md#secure-collaboration-with-external-users-by-enforcing-real-time-session-controls)
@@ -231,7 +231,7 @@ Create app discovery policies to start alerting and tagging newly discovered app
 
 For more information, see:
 
-- [View and manage incidents and alerts](/microsoft-365/security/defender/mto-incidents-alerts)
+- [View and manage incidents and alerts](/unified-secops-platform/mto-incidents-alerts)
 - [Cloud discovery policies](../policies-cloud-discovery.md)
 - [Create cloud discovery policies](../cloud-discovery-policies.md)
 - [Set up cloud discovery](../set-up-cloud-discovery.md)
@@ -298,7 +298,7 @@ Use the results of these queries to adjust existing file policies or create new
 
 For more information, see:
 
-- [View and manage incidents and alerts](/microsoft-365/security/defender/mto-incidents-alerts)
+- [View and manage incidents and alerts](/unified-secops-platform/mto-incidents-alerts)
 - [Information protection policies](../policies-information-protection.md).
 
 ## Related content

defender-endpoint/TOC.yml

@@ -1534,17 +1534,21 @@
     - name: Microsoft Security Resources
       items: 
         - name: Threat actor naming
-          href: /defender-xdr/microsoft-threat-actor-naming
+          href: /unified-secops-platform/microsoft-threat-actor-naming
+
         - name: Malware names
-          href: /defender-xdr/malware-naming
+          href: /unified-secops-platform/malware-naming
+
         - name: How Microsoft identifies malware and PUA
           href: /defender-xdr/criteria
         - name: Submit files for analysis
-          href: /defender-xdr/submission-guide
+          href: /unified-secops-platform/submission-guide
+
         - name: Troubleshoot MSI portal errors caused by admin block
           href: /defender-xdr/portal-submission-troubleshooting
         - name: Microsoft virus initiative
-          href: /defender-xdr/virus-initiative-criteria
+          href: /unified-secops-platform/virus-initiative-criteria
+
         - name: Software developer FAQ
           href: /defender-xdr/developer-faq        
     - name: Malware information

defender-endpoint/address-unwanted-behaviors-mde.md

@@ -116,7 +116,7 @@ In this scenario, a legitimate app is blocked from writing to folders that are p
 
 In this scenario, a third-party app that isn't a threat is detected and identified as malicious by Microsoft Defender Antivirus.
 
-**How to address**: Submit the app to Microsoft for analysis. See [How to submit a file to Microsoft for analysis](/defender-xdr/submission-guide#how-do-i-submit-a-file-to-microsoft-for-analysis).
+**How to address**: Submit the app to Microsoft for analysis. See [How to submit a file to Microsoft for analysis](/unified-secops-platform/submission-guide#how-do-i-submit-a-file-to-microsoft-for-analysis).
 
 ### An app is incorrectly detected and identified as malicious by Defender for Endpoint
 

defender-endpoint/behavior-monitor.md

@@ -133,7 +133,7 @@ withNames | join kind = fullouter DefUpdate on DeviceId
 
 ## Troubleshooting high CPU usage
 
-Detections related to behavior monitoring start with "[Behavior](/defender-xdr/malware-naming#type)".
+Detections related to behavior monitoring start with "[Behavior](/unified-secops-platform/malware-naming#type)".
 
 When investigating high CPU usage in `MsMpEng.exe`, you can temporarily disable behavior monitoring to see if the issues continue.
 

defender-endpoint/defender-endpoint-false-positives-negatives.md

@@ -322,7 +322,7 @@ You can submit entities, such as files and fileless detections, to Microsoft for
 
 If you have a file that was either wrongly detected as malicious or was missed, follow these steps to submit the file for analysis.
 
-1. Review the guidelines here: [Submit files for analysis](/windows/security/threat-protection/intelligence/submission-guide).
+1. Review the guidelines here: [Submit files for analysis](/unified-secops-platform/submission-guide).
 
 2. [Submit files in Defender for Endpoint](admin-submissions-mde.md) or visit the [Microsoft Security Intelligence submission site](https://www.microsoft.com/wdsi/filesubmission/) and submit your files.
 
@@ -336,7 +336,7 @@ If something was detected as malware based on behavior, and you don't have a fil
 
    A .cab file is generated that contains various diagnostic logs. The location of the file is specified in the output of the command prompt. By default, the location is `C:\ProgramData\Microsoft\Microsoft Defender\Support\MpSupportFiles.cab`.
 
-3. Review the guidelines here: [Submit files for analysis](/windows/security/threat-protection/intelligence/submission-guide).
+3. Review the guidelines here: [Submit files for analysis](/unified-secops-platform/submission-guide).
 
 4. Visit the [Microsoft Security Intelligence submission site](https://www.microsoft.com/wdsi/filesubmission) (https://www.microsoft.com/wdsi/filesubmission), and submit your .cab files.
 
@@ -353,7 +353,7 @@ For submissions that weren't already processed, they're prioritized for analysis
 To check for updates regarding your submission, sign in at the [Microsoft Security Intelligence submission site](https://www.microsoft.com/wdsi/filesubmission).
 
 > [!TIP]
-> To learn more, see [Submit files for analysis](/windows/security/threat-protection/intelligence/submission-guide#how-does-microsoft-prioritize-submissions).
+> To learn more, see [Submit files for analysis](/unified-secops-platform/submission-guide#how-does-microsoft-prioritize-submissions).
 
 ## Part 5: Review and adjust your threat protection settings
 

defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md

@@ -58,7 +58,7 @@ Here are some examples:
 - **Evasion software** that actively tries to evade detection by security products, including software that behaves differently in the presence of security products.
 
 > [!TIP]
-> For more examples and a discussion of the criteria we use to label applications for special attention from security features, see [How Microsoft identifies malware and potentially unwanted applications](/windows/security/threat-protection/intelligence/criteria).
+> For more examples and a discussion of the criteria we use to label applications for special attention from security features, see [How Microsoft identifies malware and potentially unwanted applications](/unified-secops-platform/criteria).
 
 Potentially unwanted applications can increase the risk of your network being infected with actual malware, make malware infections harder to identify, or cost your IT and security teams time and effort to clean them up. If your organization's subscription includes [Microsoft Defender for Endpoint](microsoft-defender-endpoint.md), you can also set Microsoft Defender Antivirus PUA to block, in order to block apps that are considered to be PUA on Windows devices.
 

defender-endpoint/evaluate-mda-using-mde-security-settings-management.md

@@ -26,7 +26,7 @@ In Windows 10 or later, and in Windows Server 2016 or later, you can use next-ge
 
 This article outlines the configuration options available in Windows 10 and later versions, as well as in Windows Server 2016 and later versions. It provides step-by-step guidance on how to activate and test the key protection features in Microsoft Defender Antivirus (MDAV) and Microsoft Defender for Endpoint (EG).
 
-If you have any questions about a detection that MDAV makes, or you discover a missed detection, you can submit a file to us at our [sample submission help site](/defender-xdr/submission-guide).
+If you have any questions about a detection that MDAV makes, or you discover a missed detection, you can submit a file to us at our [sample submission help site](/unified-secops-platform/submission-guide).
 
 ## Use Microsoft Defender Endpoint Security Settings Management (Endpoint security policies) to enable the features
 
@@ -244,4 +244,4 @@ If yo find that your settings aren't taking effect, you might have a conflict. F
 To information on how to make False Negatives (FNs) submissions, see:
 
 - [Submit files in Microsoft Defender for Endpoint](admin-submissions-mde.md) if you have Microsoft XDR, Microsoft Defender for Endpoint P2/P1, or Microsoft Defender for Business.
-- [Submit files for analysis](/defender-xdr/submission-guide) if you have Microsoft Defender Antivirus.
+- [Submit files for analysis](/unified-secops-platform/submission-guide) if you have Microsoft Defender Antivirus.

defender-endpoint/find-defender-malware-name.md

@@ -25,7 +25,7 @@ ms.date: 06/26/2023
 
 As malware naming schemes vary depending on who is first to report it, how it's referred to in the media, and how some companies use specific naming conventions, it can be confusing to understand how Defender for Endpoint detects specific malware families.
 
-Microsoft names specific malware according to the [Computer Antivirus Research Organization (CARO)](/microsoft-365/security/intelligence/malware-naming). For example, Microsoft detects the Sunburst cyberattack as **Trojan:MSIL/Solorigate.BR!dha**.
+Microsoft names specific malware according to the [Computer Antivirus Research Organization (CARO)](/unified-secops-platform/malware-naming). For example, Microsoft detects the Sunburst cyberattack as **Trojan:MSIL/Solorigate.BR!dha**.
 
 To understand how Microsoft Defender for Endpoint detects specific malware families, you can follow the steps in [Find the detection name for a malware family](#find-the-detection-name-for-a-malware-family).
 
@@ -35,11 +35,11 @@ To find the detection name of a malware family, you need to search the internet
 
 1. Get the name of the malware family
 2. Search the web for *malware family* + **cyberattack + hash** to find the hash
-3. Look up the hash in [Virus Total](https://www.virustotal.com/)
+3. Look up the hash in [VirusTotal](https://www.virustotal.com/)
 4. Find the Microsoft row and how we name the malware
-5. Look up the malware name in the [Microsoft Defender Security Intelligence website] (https://www.microsoft.com/en-us/wdsi/threats). You should see Microsoft information and guidance specific to that malware.
+5. Look up the malware name in the [Microsoft Defender Security Intelligence website](https://www.microsoft.com/wdsi/threats). You should see Microsoft information and guidance specific to that malware.
 
-For example, search for the "Sunburst cyberattack hash". One of the websites returned in the search results should have the hash. In this example, the hash is **a25cadd48d70f6ea0c4a241d99c5241269e6faccb4054e62d16784640f8e53bc**. Then, look up this hash in [Virus Total](https://www.virustotal.com/).
+For example, search for the "Sunburst cyberattack hash". One of the websites returned in the search results should have the hash. In this example, the hash is **a25cadd48d70f6ea0c4a241d99c5241269e6faccb4054e62d16784640f8e53bc**. Then, look up this hash in [VirusTotal](https://www.virustotal.com/).
 
 The results show the Microsoft row detects this malware as **Trojan:MSIL/Solorigate.BR!dha**. When you look up this malware name in the Microsoft Defender Security Intelligence website, you find information specific to that malware, including technical details and mitigation steps.
 

defender-endpoint/microsoft-defender-antivirus-on-windows-server.md

@@ -135,7 +135,7 @@ Sample submission allows Microsoft to collect samples of potentially malicious s
 
 ### Submit a file
 
-1. Review the [submission guide](/windows/security/threat-protection/intelligence/submission-guide).
+1. Review the [submission guide](/unified-secops-platform/submission-guide).
 
 2. Visit the [sample submission portal](https://www.microsoft.com/wdsi/filesubmission), and submit your file.
 

defender-endpoint/navigate-defender-endpoint-antivirus-exclusions.md

@@ -37,7 +37,7 @@ Creating an exclusion is one possible approach for addressing these types of iss
 
 | Example scenario | Steps to consider |
 |:---|:----|
-| [False positive](defender-endpoint-false-positives-negatives.md): An entity, such as a file or a process, was detected and identified as malicious, even though the entity isn't a threat. | 1. [Review and classify alerts](defender-endpoint-false-positives-negatives.md#part-1-review-and-classify-alerts) that were generated as a result of the detected entity. <br/>2. [Suppress an alert](defender-endpoint-false-positives-negatives.md#suppress-an-alert) for a known entity. <br/>3. [Review remediation actions](defender-endpoint-false-positives-negatives.md#part-2-review-remediation-actions) that were taken for the detected entity. <br/>4. [Submit the false positive to Microsoft](/defender-xdr/submission-guide) for analysis. <br/>5. [Define an indicator or an exclusion](defender-endpoint-false-positives-negatives.md#part-3-review-or-define-exclusions) for the entity (only if necessary). |
+| [False positive](defender-endpoint-false-positives-negatives.md): An entity, such as a file or a process, was detected and identified as malicious, even though the entity isn't a threat. | 1. [Review and classify alerts](defender-endpoint-false-positives-negatives.md#part-1-review-and-classify-alerts) that were generated as a result of the detected entity. <br/>2. [Suppress an alert](defender-endpoint-false-positives-negatives.md#suppress-an-alert) for a known entity. <br/>3. [Review remediation actions](defender-endpoint-false-positives-negatives.md#part-2-review-remediation-actions) that were taken for the detected entity. <br/>4. [Submit the false positive to Microsoft](/unified-secops-platform/submission-guide) for analysis. <br/>5. [Define an indicator or an exclusion](defender-endpoint-false-positives-negatives.md#part-3-review-or-define-exclusions) for the entity (only if necessary). |
 | [Performance issues](troubleshoot-performance-issues.md) such as one of the following issues:<br/>- A system is having high CPU usage or other performance issues.<br/>- A system is having memory leak issues.<br/>- An app is slow to load on devices.<br/>- An app is slow to open a file on devices. | 1. [Collect diagnostic data](collect-diagnostic-data.md) for Microsoft Defender Antivirus.<br/>2. If you're using a non-Microsoft antivirus solution, [Check with the vendor for known issues with antivirus products](troubleshoot-performance-issues.md#check-with-the-vendor-for-known-issues-with-antivirus-products).<br/>3. Review performance logs (see [Troubleshoot Microsoft Defender Antivirus performance issues with WPRUI](troubleshoot-av-performance-issues-with-wprui.md)) to determine the estimated performance impact. For performance-specific issues related to Microsoft Defender Antivirus, use the [Performance analyzer for Microsoft Defender Antivirus](tune-performance-defender-antivirus.md).<br/>4. [Define an exclusion for Microsoft Defender Antivirus](configure-exclusions-microsoft-defender-antivirus.md) (if necessary).<br/>5. [Create an indicator for Defender for Endpoint](indicators-overview.md) (only if necessary). |
 | [Compatibility issues](microsoft-defender-antivirus-compatibility.md) with non-Microsoft antivirus products. <br/>Example: Defender for Endpoint relies on security intelligence updates for devices, whether they're running Microsoft Defender Antivirus or a non-Microsoft antivirus solution.  | 1. If you're using a non-Microsoft antivirus product as your primary antivirus/antimalware solution, [set Microsoft Defender Antivirus to passive mode](microsoft-defender-antivirus-compatibility.md#requirements-for-microsoft-defender-antivirus-to-run-in-passive-mode).<br/>2. If you're switching from a non-Microsoft antivirus/antimalware solution to Defender for Endpoint, see [Make the switch to Defender for Endpoint](switch-to-mde-overview.md). This guidance includes:<br/>- [Exclusions you might need to define for the non-Microsoft antivirus/antimalware solution](switch-to-mde-phase-2.md#step-3-add-microsoft-defender-for-endpoint-to-the-exclusion-list-for-your-existing-solution);<br/>- [Exclusions you might need to define for Microsoft Defender Antivirus](switch-to-mde-phase-2.md#step-4-add-your-existing-solution-to-the-exclusion-list-for-microsoft-defender-antivirus); and <br/>- [Troubleshooting information](switch-to-mde-troubleshooting.md) (just in case something goes wrong while migrating). |
 | Compatibility with applications. <br/>Example: Applications are crashing or experiencing unexpected behaviors after a device is onboarded to Microsoft Defender for Endpoint.  |  See [Address unwanted behaviors in Microsoft Defender for Endpoint with exclusions, indicators, and other techniques](address-unwanted-behaviors-mde.md). |
@@ -55,7 +55,7 @@ If you have a file that you think is wrongly detected as malware (a false positi
 
 Submitting files for analysis helps reduce false positives and false negatives for all customers. To learn more, see the following articles:
 
-- [Submit files for analysis](/microsoft-365/security/intelligence/submission-guide) (available to all customers)
+- [Submit files for analysis](/unified-secops-platform/submission-guide) (available to all customers)
 - [Submit files using the new unified submissions portal in Defender for Endpoint](admin-submissions-mde.md) (available to customers who have Defender for Endpoint Plan 2 or Microsoft Defender XDR)
 
 ### Suppressing alerts