Merge branch 'public' into patch-1

Author: denisebmsft

CloudAppSecurityDocs/protect-egnyte.md

@@ -79,7 +79,7 @@ This section describes how to connect Microsoft Defender for Cloud Apps to your
 >[!NOTE]
 >- Microsoft recommends using a short lived access token. Egnyte doesn't currently support short lived tokens. We recommend our customers to refresh the access token every 6 months as a security best practice. To refresh the access token, revoke the old token by following [Revoking an oAuth token](https://developers.egnyte.com/docs/read/Public_API_Authentication#Revoking-an-OAuth-Token). Once the old token is revoked, reconnect the Egnyte connector by following the process documented above.
 >
->- Defender for Cloud Apps intentionally provides a lower rate limit than Egnyte's maximum to avoid exceeding the API constraints. For more infomration, see the relevant Egnyte documentation: [Rate limiting](https://developers.egnyte.com/docs/read/Best_Practices) | [Audit Reporting API v2](https://developers.egnyte.com/docs/read/Audit_Reporting_API_V2)
+>- Defender for Cloud Apps intentionally provides a lower rate limit than Egnyte's maximum to avoid exceeding the API constraints. For more information, see the relevant Egnyte documentation: [Rate limiting](https://developers.egnyte.com/docs/read/Best_Practices) | [Audit Reporting API v2](https://developers.egnyte.com/docs/read/Audit_Reporting_API_V2)
 
 ## Next steps
 

defender-xdr/investigate-alerts.md

@@ -1,28 +1,24 @@
 ---
 title: Investigate alerts in Microsoft Defender XDR
 description: Investigate alerts seen across devices, users, and mailboxes.
-keywords: incidents, alerts, investigate, analyze, response, correlation, attack, machines, devices, users, identities, identity, mailbox, email, 365, microsoft, m365
 ms.service: defender-xdr
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
 f1.keywords:
-  - NOCSH
+- NOCSH
 ms.author: diannegali
 author: diannegali
 ms.localizationpriority: medium
 manager: deniseb
 audience: ITPro
 ms.collection:
-  - m365-security
-  - m365initiative-m365-defender
-  - tier1
+- m365-security
+- m365initiative-m365-defender
+- tier1
 ms.custom: admindeeplinkDEFENDER
 ms.topic: conceptual
 search.appverid:
-  - MOE150
-  - met150
-ms.date: 1/17/2025
+- MOE150
+- met150
+ms.date: 01/17/2025
 ---
 
 # Investigate alerts in Microsoft Defender XDR
@@ -192,10 +188,9 @@ The **Manage alert** pane allows you to view or specify:
 - A comment on the alert.
 
 > [!NOTE]
-> Around August 29th, 2022, previously supported alert determination values ('Apt' and 'SecurityPersonnel') will be deprecated and no longer available via the API.
-
-> [!NOTE]
-> One way of managing alerts it through the use of tags. The tagging capability for Microsoft Defender for Office 365 is incrementally being rolled out and is currently in preview.
+> - In August 2022, previously supported alert determination values (`Apt` and `SecurityPersonnel`) were deprecated and are no longer available via the API.
+>
+> - One way of managing alerts it through the use of tags. The tagging capability for Microsoft Defender for Office 365 is currently in preview, rolling out incrementally.
 >
 > Currently, modified tag names are only applied to alerts created *after* the update. Alerts that were generated before the modification will not reflect the updated tag name.
 
@@ -288,6 +283,7 @@ Create alert tuning rules from the Microsoft Defender XDR **Settings** area or f
 
 > [!NOTE]
 > The **alert title (Name)** is based on the **alert type (IoaDefinitionId)**, which decides the alert title. Two alerts that have the same alert type can change to a different alert title. 
+> The *Hide alert* feature is only available in Defender for Endpoint alerts.
 
 <!--what does this mean?-->
 

unified-secops-platform/overview-plan.md

@@ -32,10 +32,10 @@ Microsoft Defender XDR services include:
 
 | Service | Description |
 | ------- | ----------- |
-| [**Microsoft Defender for Identity**](/defender-for-identity/what-is) | Identifies, detects, and investigates threats from both on-premises Active Directory and cloud identities like Microsoft Entra ID. |
 | [**Microsoft Defender for Office 365**](/defender-office-365/mdo-about) | Protects against threats posed by email messages, URL links, and Office 365 collaboration tools. |
+| [**Microsoft Defender for Identity**](/defender-for-identity/what-is) | Identifies, detects, and investigates threats from both on-premises Active Directory and cloud identities like Microsoft Entra ID. |
 | [**Microsoft Defender for Endpoint**](/defender-endpoint/microsoft-defender-endpoint) | Monitors and protects endpoint devices, detects and investigates device breaches, and automatically responds to security threats. |
-| **Enterprise IoT monitoring** from [Microsoft Defender for IoT](/defender-for-iot/microsoft-defender-iot) | Provides both IoT device discovery and security value for IoT devices. |
+| [**Microsoft Defender for IoT**](/defender-for-iot/microsoft-defender-iot) | Provides both IoT device discovery and security value for IoT devices. |
 | [**Microsoft Defender Vulnerability Management**](/defender-vulnerability-management/defender-vulnerability-management) | Identifies assets and software inventory, and assesses device posture to find security vulnerabilities. |
 | [**Microsoft Defender for Cloud Apps**](/defender-cloud-apps/what-is-defender-for-cloud-apps) | Protects and controls access to SaaS cloud apps. |
 
@@ -51,17 +51,18 @@ Other services supported in the Microsoft Defender portal as part of Microsoft's
 
 ## Review service prerequisites
 
-Before you deploy Microsoft's unified security operations platform, review the prerequisites for each service you plan to use. The following table lists the services and links to their prerequisites:
+Before you deploy Microsoft's unified security operations platform, review the prerequisites for each service you plan to use. The following table lists the services and links for more information:
 
-| Security service         | Link to prerequisites                  |
-| ------------------------ | --------------------------------------- |
+| Security service         | Prerequisites                  |
+| ------------------------ | ------------------------------ |
 | **Required for unified SecOps**       |      |
-| Microsoft Defender XDR and Microsoft Defender for Office | [Microsoft Defender XDR prerequisites](/defender-xdr/prerequisites) |
+| Microsoft Defender XDR | [Microsoft Defender XDR prerequisites](/defender-xdr/prerequisites) |
 | Microsoft Sentinel                                       | [Prerequisites to deploy Microsoft Sentinel](/azure/sentinel/prerequisites)  |
 | **Optional Microsoft Defender XDR services**              |                                                 |
+| Microsoft Defender for Office | [Microsoft Defender XDR prerequisites](/defender-xdr/prerequisites) |
 | Microsoft Defender for Identity                          | [Microsoft Defender for Identity prerequisites](/defender-for-identity/deploy/prerequisites)  |
 | Microsoft Defender for Endpoint                          | [Set up Microsoft Defender for Endpoint deployment](/defender-endpoint/production-deployment)   |
-| Enterprise monitoring with Microsoft Defender for IoT    | [Prerequisites for Enterprise IoT security](/azure/defender-for-iot/organizations/eiot-defender-for-endpoint#prerequisites)   |
+| Enterprise monitoring with Microsoft Defender for IoT    | [Prerequisites for Defender for IoT in the Defender portal](/defender-for-iot/prerequisites)   |
 | Microsoft Defender Vulnerability Management              | [Prerequisites & Permissions for Microsoft Defender Vulnerability Management](/defender-vulnerability-management/tvm-prerequisites)   |
 | Microsoft Defender for Cloud Apps                        | [Get started with Microsoft Defender for Cloud Apps](/defender-cloud-apps/get-started)   |
 | **Other services supported in the Microsoft Defender portal**   |   |
@@ -71,6 +72,29 @@ Before you deploy Microsoft's unified security operations platform, review the p
 | Microsoft Defender Threat Intelligence                   | [Prerequisites for Defender Threat Intelligence](/defender/threat-intelligence/learn-how-to-access-microsoft-defender-threat-intelligence-and-make-customizations-in-your-portal#prerequisites) |
 | Microsoft Entra ID Protection                            | [Prerequisites for Microsoft Entra ID Protection](/entra/id-protection/how-to-deploy-identity-protection#prerequisites) |
 
+## Review data security and privacy practices
+
+Before you deploy Microsoft's unified security operations platform, make sure that you understand the data security and privacy practices for each service you plan to use. The following table lists the services and links for more information. Note that several services use the data security and retention practices for Microsoft Defender XDR instead of have separate practices of their own.
+
+| Security service         | Data security and privacy |
+| ------------------------ |--------------------------------------- |
+| **Required for unified SecOps**       | |
+| Microsoft Defender XDR | [Data security and retention in Microsoft Defender XDR](/defender-xdr/data-privacy) |
+| Microsoft Sentinel | [Geographical availability and data residency in Microsoft Sentinel](/azure/sentinel/geographical-availability-data-residency) |
+| **Optional Microsoft Defender XDR services** | |
+| Microsoft Defender for Office | [Data security and retention in Microsoft Defender XDR](/defender-xdr/data-privacy) |
+| Microsoft Defender for Identity | [Privacy with Microsoft Defender for Identity](/defender-for-identity/privacy-compliance) |
+| Microsoft Defender for Endpoint | [Microsoft Defender for Endpoint data storage and privacy](/defender-endpoint/data-storage-privacy) |
+| Enterprise monitoring with Microsoft Defender for IoT | [Data security and retention in Microsoft Defender XDR](/defender-xdr/data-privacy) |
+| Microsoft Defender Vulnerability Management | [Microsoft Defender for Endpoint data storage and privacy](/defender-endpoint/data-storage-privacy) |
+| Microsoft Defender for Cloud Apps | [Privacy with Microsoft Defender for Cloud Apps](/defender-cloud-apps/cas-compliance-trust) |
+| **Other services supported in the Microsoft Defender portal** | |
+| Microsoft Security Exposure Management | [Data freshness, retention, and related functionality](/security-exposure-management/microsoft-security-exposure-management#data-freshness-retention-and-related-functionality) |
+| Microsoft Security Copilot | [Privacy and data security in Microsoft Security Copilot](/copilot/security/privacy-data-security) |
+| Microsoft Defender for Cloud | [Microsoft Defender for Cloud data security](/azure/defender-for-cloud/data-security) |
+| Microsoft Defender Threat Intelligence | [Data security and retention in Microsoft Defender XDR](/defender-xdr/data-privacy) |
+| Microsoft Entra ID Protection | [Microsoft Entra data retention](/entra/identity/monitoring-health/reference-reports-data-retention) |
+
 ## Plan your Log Analytics workspace architecture
 
 To use Microsoft's unified SecOps platform, you need a Log Analytics workspace enabled for Microsoft Sentinel. A single Log Analytics workspace might be sufficient for many environments, but many organizations create multiple workspaces to optimize costs and better meet different business requirements. Microsoft's unified SecOps platform supports only a single workspace.