MicrosoftDocs
diff --git a/‎ATPDocs/deploy/configure-windows-event-collection.md‎
Lines changed: 2 additions & 1 deletion b/‎ATPDocs/deploy/configure-windows-event-collection.md‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎ATPDocs/privacy-compliance.md‎
Lines changed: 1 addition & 1 deletion b/‎ATPDocs/privacy-compliance.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎ATPDocs/remediation-actions.md‎
Lines changed: 16 additions & 0 deletions b/‎ATPDocs/remediation-actions.md‎
Lines changed: 16 additions & 0 deletions
diff --git a/‎ATPDocs/whats-new.md‎
Lines changed: 17 additions & 0 deletions b/‎ATPDocs/whats-new.md‎
Lines changed: 17 additions & 0 deletions
diff --git a/‎CloudAppSecurityDocs/cas-compliance-trust.md‎
Lines changed: 1 addition & 1 deletion b/‎CloudAppSecurityDocs/cas-compliance-trust.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎defender-endpoint/api/collect-investigation-package.md‎
Lines changed: 3 additions & 7 deletions b/‎defender-endpoint/api/collect-investigation-package.md‎
Lines changed: 3 additions & 7 deletions
diff --git a/‎defender-endpoint/configure-machines-asr.md‎
Lines changed: 1 addition & 1 deletion b/‎defender-endpoint/configure-machines-asr.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎defender-endpoint/configure-mssp-support.md‎
Lines changed: 1 addition & 1 deletion b/‎defender-endpoint/configure-mssp-support.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎defender-endpoint/data-storage-privacy.md‎
Lines changed: 2 additions & 2 deletions b/‎defender-endpoint/data-storage-privacy.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎defender-endpoint/defender-antivirus-compatibility-without-mde.md‎
Lines changed: 1 addition & 1 deletion b/‎defender-endpoint/defender-antivirus-compatibility-without-mde.md‎
Lines changed: 1 addition & 1 deletion
@@ -1,7 +1,7 @@
 ---
 title: Configure audit policies for Windows event logs | Microsoft Defender for Identity
 description: This article describes how to configure audit policies for Windows event logs as part of deploying a Microsoft Defender for Identity sensor.
-ms.date: 01/16/2024
+ms.date: 06/04/2025
 ms.topic: how-to
 ms.reviewer: rlitinsky
 ---
@@ -240,6 +240,7 @@ To configure domain object auditing:
    - **Descendant Computer Objects**
    - **Descendant msDS-GroupManagedServiceAccount Objects**
    - **Descendant msDS-ManagedServiceAccount Objects**
+   - **Descendant msDS-DelegatedManagedServiceAccount Objects**
 
 > [!NOTE]
 > Assigning the auditing permissions on **All descendant objects** would also work, but you need only the object types detailed in the last step.
 
@@ -46,7 +46,7 @@ Your data is kept and is available to you while the license is under grace perio
 
 ## Data sharing
 
-Defender for Identity shares data, including customer data, among any of the following Microsoft products that are also licensed by the customer:
+Defender for Identity shares data, including customer data, among any of the following Microsoft products that are also licensed by the customer. For customers in the Government Community Cloud (GCC), data sharing between government and commercial cloud environments may occur, depending on the location of the service offering.
 
 - Microsoft Defender XDR
 - Microsoft Defender for Cloud Apps
 
@@ -39,8 +39,24 @@ The following Defender for Identity actions can be performed directly on your on
 
 - **Reset user password** – This will prompt the user to change their password on the next logon, ensuring that this account can't be used for further impersonation attempts.
 
+- **Mark User Compromised** - The user’s risk level is set to High
+
+- **Suspend User in Entra ID** - Block new sign-ins and access to cloud resources
+
+- **Require User to Sign In Again** - Revoke a user’s active sessions
+
 Depending on your Microsoft Entra ID roles, you might see additional Microsoft Entra ID actions, such as requiring users to sign in again and confirming a user as compromised. For more information, see [Remediate risks and unblock users](/entra/id-protection/howto-identity-protection-remediate-unblock).
 
+## Roles and Permissions
+
+| Action | XDR RBAC permissions      |
+| ------------------------------------- | ------------------------------------------------------------ |
+|Mark User Compromised                  | - Global Administrator <br> - Security Administrator|
+|Suspend User in Entra ID               | - Global Administrator |
+|Require User to Sign In Again          | - Global Administrator <br>|
+| Disable/Enable User in Active Directory | Refer to [Required permissions Defender for Identity in Microsoft Defender XDR](/defender-for-identity/role-groups#required-permissions-defender-for-identity-in-microsoft-defender-xdr)|
+| Force Password Reset in Active Directory | Refer to [Required permissions Defender for Identity in Microsoft Defender XDR](/defender-for-identity/role-groups#required-permissions-defender-for-identity-in-microsoft-defender-xdr)|
+
 
 ## Related videos
 
 
@@ -23,6 +23,23 @@ For more information, see also:
 
 For updates about versions and features released six months ago or earlier, see the [What's new archive for Microsoft Defender for Identity](whats-new-archive.md).
 
+## June 2025
+
+### DefenderForIdentity PowerShell module updates (version 1.0.0.4)
+
+New Features and Improvements:
+- Added remote domain functionality
+- Added SensorType parameter to Test-MDISensorApiConnection to inform endpoint URL.
+- Added ability to Get/Set/Test the Deleted Objects container permissions.
+- Added auditing for Delegated Managed Service Accounts (dMSA) in the DomainObjectAuditing configuration.
+
+Bug Fixes:
+- Fixed audit verification checks for non-English operating systems.
+- Fixed DomainObjectAuditing identity redundant parameter bug.
+- Fixed Domain Controller detection logic to confirm AD Web Services is running on the server.
+- Fixed issue with Test-MDIDSA not parsing Deleted Object permissions.
+- Other reliability fixes.
+
 ## May 2025
 
 ###  Expanded New Sensor Deployment Support for Domain Controllers (Preview)
 
@@ -62,7 +62,7 @@ Your data is kept and is available to you while the license is under grace perio
 
 ## Data sharing for Microsoft Defender for Cloud Apps
 
-Defender for Cloud Apps shares data, including customer data, among the following Microsoft products also licensed by the customer:
+Defender for Cloud Apps shares data, including customer data, among the following Microsoft products also licensed by the customer. For customers in the Government Community Cloud (GCC), data sharing between government and commercial cloud environments may occur, depending on the location of the service offering.
 
 - Microsoft Defender XDR
 - Microsoft Defender for Cloud
 
@@ -15,19 +15,19 @@ ms.topic: reference
 ms.subservice: reference
 ms.custom: api
 search.appverid: met150
-ms.date: 03/21/2025
+ms.date: 06/03/2025
 ---
 
 # Collect investigation package API
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../../includes/microsoft-defender.md)]
 
 **Applies to:**
+
 - [Microsoft Defender for Endpoint Plan 1](../microsoft-defender-endpoint.md)
 - [Microsoft Defender for Endpoint](../microsoft-defender-endpoint.md)
 - [Microsoft Defender XDR](/defender-xdr)
 
-
 > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://go.microsoft.com/fwlink/p/?linkid=2225630)
 
 [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
@@ -40,11 +40,7 @@ Collect investigation package from a device.
 
 ## Limitations
 
-1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
-
-> [!IMPORTANT]
->
-> - These response actions are only available for devices on Windows 10, version  1703 or later, and on Windows 11.
+- Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
 
 ## Permissions
 
 
@@ -12,7 +12,7 @@ ms.collection:
 - tier2
 - mde-asr
 ms.custom: admindeeplinkDEFENDER
-ms.topic: conceptual
+ms.topic: article
 ms.subservice: asr
 search.appverid: met150
 ms.date: 03/27/2025
 
@@ -11,7 +11,7 @@ audience: ITPro
 ms.collection: 
 - m365-security
 - tier3
-ms.topic: conceptual
+ms.topic: article
 search.appverid: met150
 ms.date: 07/24/2024
 ---
 
@@ -29,7 +29,7 @@ ms.date: 05/12/2025
 - [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md)
 - [Microsoft Defender for Business](/defender-business/mdb-overview)
 
-> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://go.microsoft.com/fwlink/p/?linkid=2225630)
+> Want to experience Defender for Endpoint? [Sign up for a free trial](https://go.microsoft.com/fwlink/p/?linkid=2225630).
 
 This section covers some of the most frequently asked questions regarding privacy and data handling for Defender for Endpoint.
 
@@ -70,7 +70,7 @@ In the advanced hunting investigation experience, it's accessible via a query fo
 
 ## Data sharing for Microsoft Defender for Endpoint
 
-Microsoft Defender for Endpoint shares data, including customer data, among the following Microsoft products, also licensed by the customer.
+Microsoft Defender for Endpoint shares data, including customer data, among the following Microsoft products, also licensed by the customer. For customers in the Government Community Cloud (GCC), data sharing between government and commercial cloud environments may occur, depending on the location of the service offering.
 
 - Microsoft Defender XDR
 - Microsoft Defender for Cloud Apps
 
@@ -5,7 +5,7 @@ author: denisebmsft
 ms.author: deniseb
 ms.reviewer: yongrhee
 ms.service: defender-endpoint
-ms.topic: conceptual
+ms.topic: article
 ms.date: 04/09/2025
 ms.subservice: ngp
 search.appverid: met150