Merge branch 'main' into WI446820-find-all-mdi-docs-with-the-word-on-prem

Author: DeCohen

defender-endpoint/troubleshoot-microsoft-defender-antivirus.yml

@@ -886,9 +886,9 @@ sections:
 
           - BM state: Behavior Monitoring state (Enabled or Disabled)
 
-          - Antivirus signature age: Antivirus signature age (in days)
+          - Antivirus signature age: Antivirus signature age (in days). Calculated as the time starting from the Security Intelligence Update (SIU) release date, to the current date. Before a signature is updated for the first time, it'll display an age of 65535 days.
 
-          - Antispyware signature age: Antispyware signature age (in days)
+          - Antispyware signature age: Antispyware signature age (in days). Timestamp reflecting the Security Intelligence Update (SIU) release date (not the local installation time). Before the timestamp is updated for the first time, its value is null.
 
           - Last quick scan age: Last quick scan age (in days)
 

defender-for-identity/deploy/activate-sensor.md

@@ -19,7 +19,8 @@ The **Activation** page displays all servers from your device inventory. Defende
 
 You can choose to activate eligible domain controllers either automatically, where Defender for Identity activates them as soon as they're discovered, or manually, by selecting specific domain controllers from the list of eligible servers.
 
-   [![Screenshot that shows the Defender for Identity sensor activation page.](media/activate-capabilities/activation-page.png)](media/activate-capabilities/activation-page.png#lightbox)
+   
+[![Screenshot that shows how to auto and manual activation.](media/activate-sensor/1.png)](media/activate-sensor/1.png#lightbox)
 
 |Activation State  |Next steps  |
 |---------|---------|
@@ -39,12 +40,13 @@ The process for activating the sensor depends on your configuration.
 1. In the [Microsoft Defender portal](https://security.microsoft.com), go to **System** > **Settings** > **Identities** > **Activation**.
 1. Select the domain controller where you want to activate Defender for Identity, and select **Activate**. Confirm your selection when prompted. 
 
-   [![Screenshot that shows how to activate the new sensor.](media/activate-capabilities/activate.png)](media/activate-capabilities/activate.png#lightbox)
-
+   [![Screenshot that shows how to activate an new server.](media/activate-sensor/image.png)](media/activate-sensor/image.png#lightbox)
+   
+   
 1. When the activation is complete, a green success banner shows. In the banner, select **Click here to see the onboarded servers**. This takes you to the **Sensors** page, where you can check your sensor health.
-
-    [![Screenshot that shows how to see the onboarded servers.](media/activate-capabilities/successfully-activated.png)](media/activate-capabilities/successfully-activated.png#lightbox)
-
+   
+   [![Screenshot that shows successful activation.](media/activate-sensor/image1.png)](media/activate-sensor/image1.png#lightbox)
+   
 <!--## Onboard the domain controller 
 
 If the domain controller has not been onboarded to Defender for Endpoint for Servers, follow these steps to activate the sensor.

defender-for-identity/deploy/media/activate-sensor/1.png

@@ -35,6 +35,7 @@ This API allows customers to:
 * Enable or disable the automatic activation of eligible servers
 * Activate or deactivate the agent on eligible servers
  ​
+
 For more information, see [Managing unified agent actions through Graph API](/graph/api/resources/security-api-overview?view=graph-rest-beta).
 
 ### Microsoft Defender for Identity sensor version updates

defender-for-identity/deploy/media/activate-sensor/image.png

@@ -8,7 +8,7 @@ author: chrisda
 ms.author: chrisda
 manager: bagol
 ms.localizationpriority: medium
-ms.date: 09/12/2025
+ms.date: 09/15/2025
 audience: ITPro
 ms.collection:
   - m365-security
@@ -48,7 +48,7 @@ For more information on what's new with other Microsoft Defender security produc
   - Standard, shared, and private channels
   - Meeting conversations
 
-[User reported settings](submissions-user-reported-messages-custom-mailbox.md) determine whether reported messages are sent to the specified reporting mailbox, to Microsoft, or both.
+[User reported settings](submissions-user-reported-messages-custom-mailbox.md) determine whether reported messages are sent to the specified reporting mailbox, to Microsoft, or both. Also added support for Teams message reporting on Teams mobile client.
 
 ## Aug 2025
 

defender-for-identity/deploy/media/activate-sensor/image1.png

@@ -118,7 +118,7 @@ Managing permissions in Defender for Office 365 or Microsoft Purview gives users
 |**Privacy Management Investigators**|Investigators of privacy management solution that can investigate policy matches, view message content, and take remediation actions.|Case Management <br/><br/> Compliance Manager Reader <br/><br/> Data Classification Content Viewer <br/><br/> Data Classification List Viewer <br/><br/> Privacy Management Investigation <br/><br/> View-Only Case|
 |**Privacy Management Viewers**|Viewer of privacy management solution that can access the available dashboards and widgets.|Compliance Manager Reader <br/><br/> Data Classification List Viewer <br/><br/> Privacy Management Viewer|
 |**Purview Administrators**|Create, edit, and delete domains and perform role assignments.|Admin Unit Extension Manager <br/><br/> Purview Domain Manager <br/><br/> Role Management|
-|Purview Agent Management|To enable, setup and manage the AI agents withing Purview|Purview Content Analyst|
+|Purview Agent Management|To enable, setup and manage the AI agents within Purview|Purview Content Analyst|
 |**Quarantine Administrator**|Members can access all Quarantine actions. For more information, see [Manage quarantined messages and files as an admin](quarantine-admin-manage-messages-files.md)|Quarantine|
 |**Records Management**|Members can configure all aspects of records management, including retention labels and disposition reviews.|Disposition Management <br/><br/> RecordManagement <br/><br/> Retention Management <br/><br/> Scope Manager|
 |**Reviewer**|Members can access review sets in [eDiscovery (Premium)](/purview/ediscovery-overview) cases. Members of this role group can see and open the list of cases on the **eDiscovery > Advanced** page in the Microsoft Purview portal that they're members of. After the user accesses an eDiscovery (Premium) case, they can select **Review sets** to access case data. This role doesn't allow the user to preview the results of a collection search that's associated with the case or do other search or case management tasks. Members of this role group can only access the data in a review set.|Review|

defender-for-identity/whats-new.md

@@ -16,7 +16,7 @@ ms.collection:
 ms.custom:
 description: "Admins can configure whether users can report malicious message in Microsoft Teams."
 ms.service: defender-office-365
-ms.date: 09/11/2025
+ms.date: 09/15/2025
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 2</a>
   - ✅ <a href="https://learn.microsoft.com/defender-xdr/microsoft-365-defender" target="_blank">Microsoft Defender XDR</a>
@@ -26,9 +26,14 @@ appliesto:
 
 [!INCLUDE [MDO Trial banner](../includes/mdo-trial-banner.md)]
 
-In organizations with Microsoft Defender for Office 365 Plan 2 or Microsoft Defender XDR, admins can decide whether users can report messages in Microsoft Teams. Admins can also get visibility into the Teams messages that users are reporting.
+In organizations with Microsoft Defender for Office 365 Plan 2 or Microsoft Defender XDR, admins can decide whether users can report messages in Microsoft Teams. The following clients support message reporting:
 
-Users can report messages in Teams from chats, standard, private and shared channels, and meeting conversations. Users can report messages as malicious or non-malicious.
+- The Microsoft Teams desktop client.
+- The Microsoft Teams Web App.
+- The Microsoft Teams app for iOS/iPadOS: Version 7.15 or later.
+- The Microsoft Teams for Android: Version 1416/1.0.0.2025153104 or later. 
+
+Users can report mmessages as malicious or non-malicious in Teams from chats, standard, private and shared channels, and meeting conversations. Admins can also get visibility into Teams messages that users are reporting.
 
 > [!NOTE]
 > User reporting of messages in Teams is not supported in U.S. Government organizations (Microsoft 365 GCC, GCC High, and DoD).

defender-office-365/defender-for-office-365-whats-new.md

@@ -30,7 +30,7 @@ appliesto:
 [!INCLUDE [MDO Trial banner](../includes/mdo-trial-banner.md)]
 
 > [!IMPORTANT]
-> The Microsoft Report Message and Report Phishing add-ins are now in maintenance mode and will eventually be deprecated. We recommend transitioning from the add-ins to the built-in **Report** button. The **Report** button is supported in virtuall all consumer and entrprise Outlook clients. For more information, see the [Frequently asked questions](#frequently-asked-questions) section in this article.
+> The Microsoft Report Message and Report Phishing add-ins are now in maintenance mode and will eventually be deprecated. We recommend transitioning from the add-ins to the built-in **Report** button. The **Report** button is supported in virtually all consumer and enterprise Outlook clients. For more information, see the [Frequently asked questions](#frequently-asked-questions) section in this article.
 
 The built-in **Report** button in [supported versions of Outlook](submissions-outlook-report-messages.md#use-the-built-in-report-button-in-outlook) makes it easy for users to report false positives and false negatives to Microsoft for analysis. False positives are good email that was blocked or sent to the Junk Email folder. False negatives are unwanted email or phishing that was delivered to the Inbox.
 
@@ -178,7 +178,7 @@ We recommend that you try the built-in **Report** button. If you're still facing
 
 ### Q: I can't scope the built-in Report button, which prevents me from rolling it out. What can I do?
 
-A: This behavior is by design. We think the built-in **Report** button provides a base level of protection for all users, including shared and delegate mailboxes. Scoping the built-in **Report** button to a limited number of users can result in forgetting about those users, which leavs a security gap that can be exploited by attackers. Many customers totaling more than a million users migrated smoothly to the the built-in **Report** button smoothly without scoping ability. Instead, they scoped non-Microsoft add-in buttons or the Microsoft add-ins as they rolled out the built-in **Report** button across the organization.
+A: This behavior is by design. We think the built-in **Report** button provides a base level of protection for all users, including shared and delegate mailboxes. Scoping the built-in **Report** button to a limited number of users can result in forgetting about those users, which leaves a security gap that can be exploited by attackers. Many customers totaling more than a million users migrated smoothly to the built-in **Report** button without scoping ability. Instead, they scoped non-Microsoft add-in buttons or the Microsoft add-ins as they rolled out the built-in **Report** button across the organization.
 
 If you're looking to scope the functionality for experimentation, we recommend using a test environment.
 
@@ -192,7 +192,7 @@ A: No. Unfortunately, due to the previously stated reasons, the add-ins will be
 
 ### Q: What is the recommendation for moving from the add-ins to a non-Microsoft reporting add-in?
 
-A: After you, remove the add-in from the integrated apps from the **Deployed apps** tab of the **Integrated apps** page as previously described, install the non-Microsoft add-in as per their instructions.
+A: After you remove the add-in from the **Deployed apps** tab of the **Integrated apps** page as previously described, install the non-Microsoft add-in according to their instructions.
 
 On the [User reported settings page](submissions-user-reported-messages-custom-mailbox.md) in the Defender portal, you need to do the following steps: