MicrosoftDocs
diff --git a/‎defender-endpoint/comprehensive-guidance-on-linux-deployment.md‎
Lines changed: 1 addition & 1 deletion b/‎defender-endpoint/comprehensive-guidance-on-linux-deployment.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎defender-endpoint/troubleshoot-collect-support-log.md‎
Lines changed: 2 additions & 2 deletions b/‎defender-endpoint/troubleshoot-collect-support-log.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎defender-office-365/TOC.yml‎
Lines changed: 1 addition & 1 deletion b/‎defender-office-365/TOC.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎defender-office-365/address-compromised-users-quickly.md‎
Lines changed: 2 additions & 2 deletions b/‎defender-office-365/address-compromised-users-quickly.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎defender-office-365/air-about.md‎
Lines changed: 32 additions & 65 deletions b/‎defender-office-365/air-about.md‎
Lines changed: 32 additions & 65 deletions
diff --git a/‎defender-office-365/air-custom-reporting.md‎
Lines changed: 9 additions & 7 deletions b/‎defender-office-365/air-custom-reporting.md‎
Lines changed: 9 additions & 7 deletions
@@ -102,7 +102,7 @@ Use the following steps to check the network connectivity of Microsoft Defender
 3. Verify that the traffic isn't being inspected by SSL inspection (TLS inspection). This is the most common network related issue when setting up Microsoft Defender Endpoint, see [Verify SSL inspection isn't being performed on the network traffic](#step-3-verify-ssl-inspection-isnt-being-performed-on-the-network-traffic).
 
 > [!NOTE]
-> - It is generally recommended that traffic for Defender for Endpoint is not inspected by SSL inspection (TLS inspection). This applies to all supported operating systems (Windows, Linux, and MacOS).
+> - Traffic for Defender for Endpoint should NOT be inspected by SSL inspection (TLS inspection). This applies to all supported operating systems (Windows, Linux, and MacOS).
 > - To allow connectivity to the consolidated set of URLs or IP addresses, ensure your devices are running the latest component versions. See [Onboarding devices using streamlined connectivity for Microsoft Defender for Endpoint](configure-device-connectivity.md) for more information.
 
 For more information see [Troubleshoot cloud connectivity issues](#troubleshoot-cloud-connectivity-issues).
 
@@ -14,7 +14,7 @@ ms.collection:
 ms.topic: troubleshooting
 ms.subservice: edr
 search.appverid: met150
-ms.date: 06/05/2024
+ms.date: 08/01/2024
 ---
 
 # Collect support logs in Microsoft Defender for Endpoint using live response
@@ -69,7 +69,7 @@ This article provides instructions on how to run the tool via Live Response on W
    ```console
    PutFile MDEClientAnalyzerPreview.zip -overwrite
    Run MDELiveAnalyzer.ps1
-   GetFile "C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Downloads\MDEClientAnalyzerResult.zip"
+   GetFile "C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Downloads\MDECA\MDEClientAnalyzerResult.zip"
    ```
 
 - For more information on gathering data locally on a machine in case the machine isn't communicating with Microsoft Defender for Endpoint cloud services, or doesn't appear in Microsoft Defender for Endpoint portal as expected, see [Verify client connectivity to Microsoft Defender for Endpoint service URLs](verify-connectivity.md).
 
@@ -437,7 +437,7 @@
            items:
            - name: AIR overview
              href: air-about.md
-           - name: How automated investigation and response works
+           - name: AIR examples
              href: air-examples.md
          - name: Review and approve (or reject) pending actions
            href: air-review-approve-pending-completed-actions.md
 
@@ -47,7 +47,7 @@ When a user account is compromised, alerts are triggered. And in some cases, tha
 - [View details about automated investigations](#view-details-about-automated-investigations)
 
 > [!IMPORTANT]
-> You must have appropriate permissions to perform the following tasks. See [Required permissions to use AIR capabilities](air-about.md#required-permissions-to-use-air-capabilities).
+> You must have appropriate permissions to perform the following tasks. For more information, see [Required permissions to use AIR capabilities](air-about.md#required-permissions-and-licensing-for-air).
 
 Watch this short video to learn how you can detect and respond to user compromise in Microsoft Defender for Office 365 using Automated Investigation and Response (AIR) and compromised user alerts.
 
@@ -81,7 +81,7 @@ To learn more, see [View details of an investigation](air-view-investigation-res
 
 ## Next steps
 
-- [Review the required permissions to use AIR capabilities](air-about.md#required-permissions-to-use-air-capabilities)
+- [Review the required permissions to use AIR capabilities](air-about.md#required-permissions-and-licensing-for-air)
 
 - [Find and investigate malicious email in Office 365](threat-explorer-investigate-delivered-malicious-email.md)
 
 
@@ -1,34 +1,36 @@
 ---
 title: Custom reporting solutions with automated investigation and response
-f1.keywords: 
+f1.keywords:
 - NOCSH
 author: chrisda
 ms.author: chrisda
 manager: deniseb
 audience: ITPro
 ms.topic: conceptual
 ms.localizationpriority: medium
-search.appverid: 
+search.appverid:
 - MET150
 - MOE150
-ms.collection: 
+ms.collection:
 - m365-security
 - tier2
 description: Learn how to integrate automated investigation and response with a custom or third-party reporting solution.
-ms.date: 06/09/2023
-ms.custom: 
+ms.date: 07/10/2023
+ms.custom:
 - air
 ms.service: defender-office-365
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 2</a>
   - ✅ <a href="https://learn.microsoft.com/defender-xdr/microsoft-365-defender" target="_blank">Microsoft Defender XDR</a>
 ---
 
-# Custom or third-party reporting solutions for Microsoft Defender for Office 365
+# Custom or third-party reporting solutions for Microsoft Defender for Office 365 Plan 2
 
 [!INCLUDE [MDO Trial banner](../includes/mdo-trial-banner.md)]
 
-With [Microsoft Defender for Office 365](mdo-about.md), you get [detailed information about automated investigations](air-view-investigation-results.md). However, some organizations also use a custom or third-party reporting solution. If your organization wants to integrate information about [automated investigations](air-about.md) with such a solution, you can use the Office 365 Management Activity API.
+Automated investigation and response (AIR) in Microsoft Defender for Office 365 Plan 2 returns detailed information about the results. For more information, see [Details and results of automated investigation and response (AIR) in Microsoft Defender for Office 365 Plan 2](air-view-investigation-results.md).
+
+However, some Microsoft 365 organizations use custom or third-party reporting solutions. Those organizations can use the **Office 365 Management Activity APIs** to integrate information from AIR into other reporting solutions.
 
 |Resource|Description|
 |:---|:---|