Merge branch 'main' into poliveria-ah-identityevents-08072025

Author: poliveria

.github/workflows/TierManagement.yml

@@ -2,12 +2,15 @@ name: Tier management
 
 permissions:
   pull-requests: write
-  contents: read
+  contents: write
 
 on: 
   issue_comment:
     types: [created, edited]
 
+  pull_request_target:
+    types: [opened, reopened]
+
 jobs:
 
   tier-mgmt:

defender-xdr/TOC.yml

@@ -239,6 +239,8 @@
             href: advanced-hunting-cloudauditevents-table.md
           - name: CloudProcessEvents
             href: advanced-hunting-cloudprocessevents-table.md
+          - name: CloudStorageAggregatedEvents
+            href: advanced-hunting-cloudstorageaggregatedevents-table.md
           - name: DataSecurityBehaviors
             href: advanced-hunting-datasecuritybehaviors-table.md  
           - name: DataSecurityEvents

unified-secops-platform/media/microsoft-threat-actor-naming/threat-actor-categories-lg.png

@@ -17,7 +17,7 @@ ms.custom:
 - cx-ti
 ms.topic: article
 search.appverid: met150
-ms.date: 7/31/2025
+ms.date: 8/11/2025
 ---
 
 # How Microsoft names threat actors
@@ -44,9 +44,9 @@ Threat actors within the same weather family are given an adjective to distingui
 
 The following table shows how the family names map to the threat actors that we track.
 
-|Threat actor category|Type|Family name|
+|Threat actor category|Origin/Type|Family name|
 |:---|:---|:---|
-|Nation-state|China<br>Germany<br>India<br>Iran<br>North Korea<br>Lebanon<br>Pakistan<br>Palestinian Authority<br>Russia<br>Singapore<br>South Korea<br>Spain<br>Syria<br>Türkiye<br>Ukraine<br>United States<br>Vietnam|Typhoon<br>Gale<br>Monsoon<br>Sandstorm<br>Sleet<br>Rain<br>Whirlwind<br>Lightning<br>Blizzard<br>Squall<br>Hail<br>Derecho<br>Haze<br>Dust<br>Frost<br>Tornado<br>Cyclone|
+|Nation-state|Australia<br>Canada<br>China<br>Germany<br>India<br>Iran<br>Israel<br>New Zealand<br>North Korea<br>Lebanon<br>Pakistan<br>Palestinian Authority<br>Russia<br>Singapore<br>South Korea<br>Spain<br>Syria<br>Türkiye<br>Ukraine<br>United Arab Emirates<br>United Kingdom<br>United States<br>Vietnam|Waterspout<br>Freeze<br>Typhoon<br>Gale<br>Monsoon<br>Sandstorm<br>Heatwave<br>Swell<br>Sleet<br>Rain<br>Whirlwind<br>Lightning<br>Blizzard<br>Squall<br>Hail<br>Derecho<br>Haze<br>Dust<br>Frost<br>Gust<br>Fog<br>Tornado<br>Cyclone|
 |Financially motivated|Financially motivated|Tempest|
 |Private sector offensive actors|PSOAs|Tsunami|
 |Influence operations|Influence operations|Flood|

unified-secops-platform/media/microsoft-threat-actor-naming/threat-actor-categories.png

@@ -2,17 +2,17 @@
 title: Manage unified role-based access control in multitenant management
 description: Overview of how to manage the unified role-based access control multitenant management in the Microsoft Defender portal.
 ms.service: unified-secops-platform
-ms.author: diannegali
-author: diannegali
+ms.author: bagol
+author: batamig
 ms.localizationpriority: medium
-manager: deniseb
+manager: orspodek
 audience: ITPro
 ms.collection: 
 - m365-security
 - highpri
 - tier1
 ms.topic: how-to
-ms.date: 05/29/2025
+ms.date: 08/06/2025
 appliesto: 
 - Microsoft Defender XDR
 - Microsoft Sentinel in the Microsoft Defender portal
@@ -21,18 +21,17 @@ appliesto:
 
 # Manage unified role-based access control in multitenant management
 
-> [!IMPORTANT]
-> Some information in this article relates to a prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, with respect to the information provided here.
+Use the Microsoft Defender multimanagement portal to manage unified role-based access control (URBAC) across multiple tenants. This capability provides a comprehensive view of permissions and access for your tenants and a centralized administration to manage these permissions.
 
-You can now view and manage user permissions across multiple tenants in multitenant management. This capability provides a comprehensive view of permissions and access for your tenants. It also provides a centralized administration to manage these permissions.
+## View custom roles
 
-The multitenant management portal offers an aggregated view of all unified role-based access (URBAC) roles. Navigate to the page through **System > Permissions**.
+In the multitenant portal, navigate to the **Permissions & roles page** by selecting **System > Permissions**.
 
 :::image type="content" source="media/mto-urbac/urbac-main.png" alt-text="Screenshot of main Permissions and roles page":::
 
-You can create or edit a custom role, import and delete roles, and search for a specific role using the Search function from this page. You can also Filter the roles according to assigned data sources, permissions category, assignee type, and tenant name.
+Create or edit a custom role, import and delete roles, and search for a specific role using the **Search** function from this page. You can also filter the roles according to assigned data sources, permissions category, assignee type, and tenant name.
 
-## Create or edit a custom role
+## Create or edit a custom role (Preview)
 
 You can create a custom role to provide flexibility and control over access to specific data. To create a custom role, follow these steps:
 
@@ -72,7 +71,7 @@ To edit an existing role, select the three dots beside the role name in the Perm
 
 :::image type="content" source="media/mto-urbac/urbac-edit-role.png" alt-text="Screenshot of the Edit option in the Permissions page":::
 
-## Delete roles
+## Delete roles (Preview)
 
 You can delete roles by selecting a role from the list and then selecting **Delete roles**. You can select multiple roles from various tenants to delete.
 
@@ -86,7 +85,7 @@ The **Delete role** option is also available when editing a specific role.
 
 :::image type="content" source="media/mto-urbac/urbac-delete-edit-pane.png" alt-text="Screenshot highlighting the Delete option in the Edit role pane":::
 
-## Import roles
+## Import roles (Preview)
 
 You can import existing roles from a tenant’s workloads to migrate permissions and assignments. Imported roles become available in the Permissions and roles list.
 

unified-secops-platform/microsoft-threat-actor-naming.md

@@ -22,9 +22,16 @@ This article lists recent features added for unified security operations in the
 
 ## August 2025
 
+- [Viewing unified RBAC in multitenant management to GA](#viewing-unified-rbac-in-multitenant-management-to-ga)
 - [Tenant groups in multitenant management renamed to distribution profiles](#tenant-groups-in-multitenant-management-renamed-to-distribution-profiles)
 - [Distribute Microsoft Defender for Endpoint security policies with multitenant management](#distribute-microsoft-defender-for-endpoint-security-policies-with-multitenant-management)
 
+### Viewing unified RBAC in multitenant management to GA
+
+Viewing unified role-based access control (RBAC) in the Microsoft Defender multitenant management portal is now generally available. This feature allows you to view a comprehensive view of permissions and access for your tenants.
+
+Creating and editing custom roles remains in preview. For more information, see [Manage unified role-based access control in multitenant management](mto-urbac.md).
+
 ### Tenant groups in multitenant management renamed to distribution profiles
 
 In the multitenant portal, tenant groups are now renamed to **content distribution profiles**. 
@@ -45,7 +52,6 @@ The original policy’s page also shows the overall distribution status and list
 
 For more information, see [Endpoint security policies in multitenant management](mto-endpoint-security-policy.md) and [Content distribution in multitenant management](mto-distribution-profiles.md).
 
-
 ## July 2025
 
 - [For new customers only: Automatic onboarding and redirection to the Microsoft Defender portal](#for-new-customers-only-automatic-onboarding-and-redirection-to-the-microsoft-defender-portal)