Merge branch 'main' of https://github.com/MicrosoftDocs/defender-docs-pr

Author: DebLanger

defender-xdr/access-den-graph-api.md

@@ -3,7 +3,7 @@ title: Accessing incident notifications and DENs using Graph security API
 ms.reviewer:
 description: The method to access Defender Experts Notifications using Graph security API
 ms.service: defender-experts
-ms.subservice: dex-xdr
+ms.subservice: dex-hunting
 ms.author: vpattnaik
 author: vpattnai
 ms.localizationpriority: medium
@@ -15,7 +15,7 @@ ms.collection:
   - essentials-overview
 ms.topic: conceptual
 search.appverid: met150
-ms.date: 04/29/2024
+ms.date: 08/14/2024
 ---
 
 # Access incident notifications using Graph API

defender-xdr/before-you-begin-defender-experts.md

@@ -3,6 +3,7 @@ title: Key infrastructure requirements before enrolling in the Microsoft Defende
 ms.reviewer:
 description: This section outlines the key infrastructure requirements you must meet and important information on data access and compliance
 ms.service: defender-experts
+ms.subservice: dex-hunting
 ms.author: vpattnaik
 author: vpattnai
 ms.localizationpriority: medium
@@ -14,7 +15,7 @@ ms.collection:
   - tier1
 ms.topic: conceptual
 search.appverid: met150
-ms.date: 06/19/2024
+ms.date: 08/14/2024
 ---
 
 # Before you begin using Defender Experts for Hunting

defender-xdr/deception-overview.md

@@ -3,20 +3,20 @@ title: Manage the deception capability in Microsoft Defender XDR
 description: Detect human-operated attacks with lateral movement in the early stages using high confidence signals from the deception feature in Microsoft Defender XDR.
 ms.service: defender-xdr
 f1.keywords: 
-  - NOCSH
+- NOCSH
 ms.author: diannegali
 author: diannegali
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-  - m365-security
-  - tier1
+- m365-security
+- tier1
 ms.topic: conceptual
 search.appverid: 
-  - MOE150
-  - MET150
-ms.date: 08/08/2024
+- MOE150
+- MET150
+ms.date: 08/14/2024
 ---
 
 # Manage the deception capability in Microsoft Defender XDR
@@ -79,7 +79,7 @@ There are two types of lures available in the deception feature:
 
 You can specify decoys, lures, and the scope in a deception rule. See [Configure the deception feature](configure-deception.md) to learn more about how to create and modify deception rules.  
 
-When an attacker uses a decoy or a lure on any Defender for Endpoint-onboarded client, the deception capability triggers an alert that indicates possible attacker activity, regardless of whether deception was deployed on the client or not.
+When an attacker uses a decoy on any Defender for Endpoint-onboarded client, the deception capability triggers an alert that indicates possible attacker activity, regardless of whether deception was deployed on the client or not.
 
 ## Identify incidents and alerts activated by deception
 

defender-xdr/defender-experts-for-hunting.md

@@ -3,6 +3,7 @@ title: What is Microsoft Defender Experts for Hunting offering
 ms.reviewer:
 description: Microsoft  Defender Experts for Hunting is a proactive threat hunting service that goes beyond the endpoint to hunt across endpoints
 ms.service: defender-experts
+ms.subservice: dex-hunting
 ms.author: vpattnaik
 author: vpattnai
 ms.localizationpriority: medium

defender-xdr/defender-experts-report.md

@@ -4,7 +4,7 @@ ms.reviewer:
 description: The Defender Experts for Hunting service publishes reports to help you understand all the threats the hunting service surfaced in your environment
 search.appverid: met150
 ms.service: defender-experts
-ms.subservice: dex-xdr
+ms.subservice: dex-hunting
 f1.keywords:
 - NOCSH
 ms.author: vpattnaik
@@ -17,7 +17,7 @@ ms.collection:
 - tier1
 - essentials-manage
 ms.topic: conceptual
-ms.date: 10/17/2023
+ms.date: 08/14/2023
 ---
 
 # Understand the Defender Experts for Hunting report in Microsoft Defender XDR

defender-xdr/experts-on-demand.md

@@ -4,6 +4,7 @@ ms.reviewer:
 description: Select Ask Defender Experts directly inside the Microsoft Defender security portal to get swift and accurate responses to all your threat hunting questions.
 search.product: Windows 10
 ms.service: defender-experts
+ms.subservice: dex-hunting
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -18,7 +19,7 @@ ms.collection:
   - essentials-get-started
 ms.topic: conceptual
 search.appverid: met150
-ms.date: 04/18/2024
+ms.date: 08/14/2024
 ---
 
 # Collaborate with experts on demand

defender-xdr/onboarding-defender-experts-for-hunting.md

@@ -3,6 +3,7 @@ title: How to subscribe to Microsoft Defender Experts for Hunting
 ms.reviewer:
 description: If you're new to Microsoft Defender XDR and Defender Experts for Hunting, this is how you onboard, receive, and set up Defender experts notifications.
 ms.service: defender-experts
+ms.subservice: dex-hunting
 ms.author: vpattnaik
 author: vpattnai
 ms.localizationpriority: medium

exposure-management/TOC.yml

@@ -6,6 +6,8 @@
       items:
       - name: What is Microsoft Security Exposure Management?
         href: microsoft-security-exposure-management.md
+      - name: What's new 
+        href: whats-new.md      
       - name: Compare Secure Score and Security Exposure Management
         href: compare-secure-score-security-exposure-management.md      
     - name: Get started
@@ -29,7 +31,9 @@
       - name: Overview
         href: critical-asset-management.md
       - name: Review and classify critical assets
-        href: classify-critical-assets.md  
+        href: classify-critical-assets.md
+      - name: Predefined classifications
+        href: predefined-classification-rules-and-levels.md
     - name: Work with attack paths
       items:      
         - name: Overview

exposure-management/exposure-insights-overview.md

@@ -164,10 +164,7 @@ Events measure the score drop or worsening in the metric status. Events include:
 
 - **Metric score drop events**: These events are issued with there's a decrease of at least 2% in metric score (exposure grew by 2%) since yesterday.
 - **Initiative score drop events**: These events are issued when there's a decrease of at least 2% in initiative score since yesterday.
-
-
-On the **Events** page for an initiative, you can view and filter events.
-
+- **New Initiave event**: These events are issued when a new inititave is available in MSEM.
 
 ## Next steps
 

exposure-management/get-started-exposure-management.md

@@ -101,4 +101,4 @@ You can hover over points on the timeline to see what the score of the key initi
 
 - [Overview of attack paths](work-attack-paths-overview.md).
 - [Identify and manage critical assets](critical-asset-management.md).
-- [Improve security insights with exposure insights](exposure-insights-overview.md).
+- [Improve security insights with exposure insights](exposure-insights-overview.md).