Merge branch 'main' into 81940ea2-517d-44b3-88d8-77301766ee05_45

Ruchika-mittal01 · web-flow · commit 2a1c6bd9a430 · 2025-06-03T22:53:52.000+05:30
diff --git a/defender-endpoint/api/collect-investigation-package.md b/defender-endpoint/api/collect-investigation-package.md
@@ -15,19 +15,19 @@ ms.topic: reference
 ms.subservice: reference
 ms.custom: api
 search.appverid: met150
-ms.date: 03/21/2025
+ms.date: 06/03/2025
 ---
 
 # Collect investigation package API
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../../includes/microsoft-defender.md)]
 
 **Applies to:**
+
 - [Microsoft Defender for Endpoint Plan 1](../microsoft-defender-endpoint.md)
 - [Microsoft Defender for Endpoint](../microsoft-defender-endpoint.md)
 - [Microsoft Defender XDR](/defender-xdr)
 
-
 > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://go.microsoft.com/fwlink/p/?linkid=2225630)
 
 [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
@@ -40,11 +40,7 @@ Collect investigation package from a device.
 
 ## Limitations
 
-1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
-
-> [!IMPORTANT]
->
-> - These response actions are only available for devices on Windows 10, version  1703 or later, and on Windows 11.
+- Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
 
 ## Permissions
 
diff --git a/defender-endpoint/device-discovery-faq.md b/defender-endpoint/device-discovery-faq.md
@@ -13,7 +13,7 @@ audience: ITPro
 ms.collection: 
 - m365-security
 - tier3
-ms.topic: conceptual
+ms.topic: faq
 search.appverid: met150
 ms.date: 03/04/2025
 ---
diff --git a/defender-endpoint/ios-troubleshoot.md b/defender-endpoint/ios-troubleshoot.md
@@ -11,7 +11,7 @@ ms.collection:
 - m365-security
 - tier3
 - mde-ios
-ms.topic: conceptual
+ms.topic: faq
 ms.subservice: ios
 search.appverid: met150
 ms.date: 01/22/2025
diff --git a/defender-vulnerability-management/defender-vulnerability-management-faq.md b/defender-vulnerability-management/defender-vulnerability-management-faq.md
@@ -12,7 +12,7 @@ audience: ITPro
 ms.collection: 
 - m365-security
 - Tier1
-ms.topic: conceptual
+ms.topic: faq
 search.appverid: met150
 ms.date: 05/02/2025
 ---
diff --git a/defender-xdr/advanced-hunting-overview.md b/defender-xdr/advanced-hunting-overview.md
@@ -2,7 +2,6 @@
 title: Overview - Advanced hunting
 description: Learn about advanced hunting queries in Microsoft Defender and how to use them to proactively find threats and weaknesses in your network
 ms.service: defender-xdr
-ms.pagetype: security
 f1.keywords: 
   - NOCSH
 ms.author: maccruz
@@ -20,7 +19,7 @@ ms.custom:
 - seo-marvel-apr2020
 ms.topic: overview
 search.appverid: met150
-ms.date: 10/18/2024
+ms.date: 06/03/2025
 appliesto: 
 - Microsoft Defender XDR
 - Microsoft Sentinel in the Microsoft Defender portal
@@ -51,47 +50,60 @@ Advanced hunting supports queries that check a broader data set coming from:
 
 To use advanced hunting, [turn on Microsoft Defender XDR](m365d-enable.md). Or to use advanced hunting with Microsoft Sentinel, [connect Microsoft Sentinel to the Defender portal](/unified-secops-platform/microsoft-sentinel-onboard). 
 
-
 For more information on advanced hunting in Microsoft Defender for Cloud Apps data, see the [video](https://learn-video.azurefd.net/vod/player?id=ffdedc73-6edf-45a9-8c90-566296e8d4ec). 
 
-
-
 ## Get access
+
 To use advanced hunting or other [Microsoft Defender XDR](microsoft-365-defender.md) capabilities, you need an appropriate role in Microsoft Entra ID. [Read about required roles and permissions for advanced hunting](custom-roles.md).
 
 Also, your access to endpoint data is determined by role-based access control (RBAC) settings in Microsoft Defender for Endpoint. [Read about managing access to Microsoft Defender XDR](m365d-permissions.md).
 
 
 ## Data freshness and update frequency
+
 Advanced hunting data can be categorized into two distinct types, each consolidated differently.
 
 ### **Event or activity data**
+
 Event or activity data populates tables about alerts, security events, system events, and routine assessments. Advanced hunting receives this data almost immediately after the sensors that collect them successfully transmit them to the corresponding cloud services. For example, you can query event data from healthy sensors on workstations or domain controllers almost immediately after they are available on Microsoft Defender for Endpoint and Microsoft Defender for Identity. 
 
 To collect even more event properties, you have the option of turning on [aggregated reporting](/defender-endpoint/aggregated-reporting).
 
 ### **Entity data**
+
 Entity data populates tables with information about users and devices. This data comes from both relatively static data sources and dynamic sources, such as Active Directory entries and event logs. To provide fresh data, tables are updated with any new information every 15 minutes, adding rows that might not be fully populated. Every 24 hours, data is consolidated to insert a record that contains the latest, most comprehensive data set about each entity.
 
 
 ## Time zone
+
 ### Queries
+
 Advanced hunting data uses the UTC (Universal Time Coordinated) timezone. 
 ![Screenshot of custom time range.](/defender/media/custom-time-range.png)
 
 Queries should be created in UTC.
 
 ### Results
-Advanced hunting results are converted to the [timezone](m365d-time-zone.md) set in Microsoft Defender XDR. 
 
+Advanced hunting results are converted to the [timezone](m365d-time-zone.md) set in Microsoft Defender XDR.
+
+## To extend the 30 days retention for Advanced Hunting, you can use Streaming APIs
 
+In order to extend the 30 days retention for Advanced Hunting, see the following resources:
 
+- Microsoft Defender XDR [Streaming API](/defender-xdr/streaming-api)
+- Microsoft Defender for Endpoint [Raw Data Streaming API](/defender-endpoint/api/raw-data-export)
+
+> [!NOTE]
+> The data retained is from the first (1st) day that you implement and enable the streaming api.
+
+## Related content
 
-## Related topics
 - [Choose between guided and advanced hunting modes](advanced-hunting-modes.md)
 - [Build hunting queries using guided mode](advanced-hunting-query-builder.md)
 - [Learn the query language](advanced-hunting-query-language.md)
 - [Understand the schema](advanced-hunting-schema-tables.md)
 - [Microsoft Graph security API](/graph/api/resources/security-api-overview#advanced-hunting)
 - [Custom detections overview](custom-detections-overview.md)
+
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/defender-m3d-techcommunity.md)]
