Merge branch 'main' into diannegali-tvmappliesto

Author: diannegali

defender-endpoint/TOC.yml

@@ -1078,13 +1078,14 @@
         href: information-protection-investigation.md
 
     - name: Advanced hunting
-      href: /defender-xdr/advanced-hunting-overview
+      href: /defender-xdr/advanced-hunting-overview?toc=/defender-endpoint/toc.json&bc=/defender-endpoint/breadcrumb/toc.json
 
-    - name: Threat analytics overview
-      href: /defender-xdr/threat-analytics
+    - name: Threat analytics
       items:
+      - name: Overview
+        href: /defender-xdr/threat-analytics?toc=/defender-endpoint/toc.json&bc=/defender-endpoint/breadcrumb/toc.json
       - name: Read the analyst report
-        href: /defender-xdr/threat-analytics-analyst-reports
+        href: /defender-xdr/threat-analytics-analyst-reports?toc=/defender-endpoint/toc.json&bc=/defender-endpoint/breadcrumb/toc.json
 
     - name: EDR in block mode
       href: edr-in-block-mode.md

defender-endpoint/api/get-browser-extensions-permission-info.md

@@ -15,7 +15,7 @@ ms.topic: reference
 ms.subservice: reference
 ms.custom: api
 search.appverid: met150
-ms.date: 06/01/2022
+ms.date: 03/05/2025
 ---
 
 # Get browser extensions permission information
@@ -24,10 +24,10 @@ ms.date: 06/01/2022
 
 **Applies to:**
 
-- [Microsoft Defender for Endpoint Plan 1](../microsoft-defender-endpoint.md)
-- [Microsoft Defender for Endpoint Plan 2](../microsoft-defender-endpoint.md)
-- [Microsoft Defender Vulnerability Management](/defender-vulnerability-management)
-- [Microsoft Defender XDR](/defender-xdr)
+- [Microsoft Defender for Endpoint](/defender-endpoint/microsoft-defender-endpoint)
+
+- [Microsoft Defender Vulnerability Management](/defender-vulnerability-management/defender-vulnerability-management-capabilities#vulnerability-management-capabilities-for-endpoints) (add-on for Defender for Endpoint Plan 2 or the standalone version)
+- [Microsoft Defender for Cloud Plan 2](/azure/defender-for-cloud/defender-for-cloud-introduction)
 
 > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://go.microsoft.com/fwlink/p/?linkid=2225630&clcid=0x409&culture=en-us&country=us).
 

defender-office-365/submissions-users-report-message-add-in-configure.md

@@ -8,7 +8,7 @@ manager: deniseb
 audience: Admin
 ms.reviewer: dhagarwal
 ms.topic: how-to
-ms.date: 02/24/2025
+ms.date: 03/05/2025
 ms.localizationpriority: medium
 search.appverid:
   - MET150
@@ -75,67 +75,73 @@ The rest of this article describes how to remove the Report Message and Report P
 ## Remove the Report Message or Report Phishing add-ins
 
 > [!TIP]
-> It might take up to 24 hours for the add-in to disappear from your organization.
->
 > If you delete the app registration for the add-in in Microsoft Entra ID, the add-in is also deleted from the organization.
 
 1. In the Microsoft 365 admin center at <https://admin.microsoft.com>, expand **Show all** if necessary, and then go to **Settings** \> **Integrated apps**. Or, to go directly to the **Integrated apps** page, use <https://admin.microsoft.com/Adminportal/Home#/Settings/IntegratedApps>.
 
    > [!TIP]
-   > Admins in Microsoft 365 Government Community Cloud (GCC) or GCC High or DoD need to use the Microsoft 365 admin center at https://portal.office365.us/adminportal/home#/Settings/AddIns and than select Settings > Add-ins
+   > Admins in Microsoft 365 Government Community Cloud (GCC), GCC High, or DoD need to use the Microsoft 365 admin center at <https://portal.office365.us/adminportal/home#/Settings/AddIns> and then select **Settings** \> **Add-ins**.
    >
-   > Although the screenshots in the remaining steps show the **Report Phishing** add-in, the steps are identical for the **Report Message** add-in.
+   > Although the screenshots in the following steps show the **Report Phishing** add-in, the steps are identical for the **Report Message** add-in.
 
-2. On the **Deployed apps** tab of the **Integrated apps** page, select the **Report Message** add-in or the **Report Phishing** add-in by doing one of the following steps:
+2. On the **Deployed apps** tab of the **Integrated apps** page, select the **Report Message** add-in or the **Report Phishing** add-in by clicking anywhere in the row.
+  
+   > [!div class="mx-imgBorder"]
+   > :::image type="content" source="media/microsoft-365-admin-center-select-report-phish-add-in.png" alt-text="Screenshot of selecting the Report Phishing add-in on the Integrated apps page in the Microsoft 365 admin center." lightbox="media/microsoft-365-admin-center-select-report-phish-add-in.png":::
 
-   - In the **Name** column, select the icon or text for the add-in. This selection takes you to the **Overview** tab in the details flyout as described in the next steps.
-   - In the **Name** column, select **⋮** **Edit row**, and then select :::image type="icon" source="media/m365-cc-sc-add-internal-icon.png" border="false"::: **Edit users** to go to the **Users** tab in the details flyout as described in the next step.
-   - In the **Name** column, select **⋮** **Edit row**, and then select :::image type="icon" source="media/m365-cc-sc-show-trends-icon.png" border="false"::: **Check usage data** to go to the **Usage** tab in the details flyout as described in the next step.
+3. On the **Overview** tab of the details flyout that opens, select **Remove app** from the **Actions** section.
 
    > [!div class="mx-imgBorder"]
-   > :::image type="content" source="media/microsoft-365-admin-center-select-report-phish-add-in.png" alt-text="Select the Report Phishing add-in on the Integrated apps page in the Microsoft 365 admin center." lightbox="media/microsoft-365-admin-center-select-report-phish-add-in.png":::
+   > :::image type="content" source="media/microsoft-365-admin-center-report-phish-add-in-details-overview-tab.png" alt-text="Screenshot of the Overview tab on the details flyout of the Report Phishing add-in in the Microsoft 365 admin center." lightbox="media/microsoft-365-admin-center-report-phish-add-in-details-overview-tab.png":::
 
-3. The details flyout that opens contains the following tabs:
+4. In the **Remove apps** confirmation flyout that opens, select **Yes, I'm sure I want to  remove the app and associated data**, and then select **Remove**.
+ 
+   > [!div class="mx-imgBorder"]
+   > :::image type="content" source="media/microsoft-365-admin-center-report-phish-add-in-remove-overview-tab.png" alt-text="Screenshot of the tab on the removal flyout of the Report Phishing add-in in the Microsoft 365 admin center." lightbox="media/microsoft-365-admin-center-report-phish-add-in-remove-overview-tab.png":::
 
-   - **Overview** tab:
-     - **Basic info** section:
-       - **Status**
-       - **Type**: Add-in
-       - **Test deployment**: **Yes** or **No**, depending on the option you selected when you or the selection you change on the **Users** tab.
-       - **Description**
-       - **Host product**: Outlook
-     - **Actions** section: Select **Remove app** to remove the app.
-     - **Assigned users** section: Select **Edit users** to go to the **Users** tab. Use this setting to limit the users who have the add-in.
-     - **Usage** section: Select **Check usage data** to got to the **Usage** tab.
+5. After a few moments, **Successfully removed** flyout appears. It might take up to 24 hours for the add-in to disappear from your organization.
 
-     > [!div class="mx-imgBorder"]
-     > :::image type="content" source="media/microsoft-365-admin-center-report-phish-add-in-details-overview-tab.png" alt-text="The Overview tab on the details flyout of the Report Phishing add-in in the Microsoft 365 admin center." lightbox="media/microsoft-365-admin-center-report-phish-add-in-details-overview-tab.png":::
+   > [!div class="mx-imgBorder"]
+   > :::image type="content" source="media/microsoft-365-admin-center-report-phish-addin-remove-complete-tab.png" alt-text="Screenshot of the flyout showing the removal of the Report Phishing add-in in the Microsoft 365 admin center." lightbox="media/microsoft-365-admin-center-report-phish-addin-remove-complete-tab.png":::
 
-    > [!div class="mx-imgBorder"]
-     > :::image type="content" source="media/microsoft-365-admin-center-report-phish-add-in-remove-overview-tab.png" alt-text="The tab on the removal flyout of the Report Phishing add-in in the Microsoft 365 admin center." lightbox="media/microsoft-365-admin-center-report-phish-add-in-remove-overview-tab.png":::
+   Select **Done** to return to the **Integrated apps** page where the add-in is no longer listed.
 
-    > [!div class="mx-imgBorder"]
-     > :::image type="content" source="media/microsoft-365-admin-center-report-phish-addin-remove-complete-tab.png" alt-text="The flyout showcasing the removal of the Report Phishing add-in in the Microsoft 365 admin center." lightbox="media/microsoft-365-admin-center-report-phish-addin-remove-complete-tab.png":::
+## Scope the Report Message or Report Phishing add-ins to a set of users
 
-   - **Users** tab:
-     - **Is this a test deployment?**: Leave the toggle at :::image type="icon" source="media/scc-toggle-off.png" border="false"::: **No**, or set the toggle to :::image type="icon" source="media/scc-toggle-on.png" border="false"::: **Yes**.
-     - **Assign users** section: Select one of the following values:
-       - **Just me**
-       - **Entire organization**
-       - **Specific users/groups**: Find and select users and groups in the search box. After each selection, the user or group appears in the **Added users** section that appears below the search box. To remove a selection, select :::image type="icon" source="media/m365-cc-sc-remove-icon.png" border="false"::: on the entry.
+1. In the Microsoft 365 admin center at <https://admin.microsoft.com>, expand **Show all** if necessary, and then go to **Settings** \> **Integrated apps**. Or, to go directly to the **Integrated apps** page, use <https://admin.microsoft.com/Adminportal/Home#/Settings/IntegratedApps>.
 
-     - **Email notification** section: **Send email notification to assigned users** and **View email sample** aren't selectable.
+   > [!TIP]
+   > Admins in Microsoft 365 Government Community Cloud (GCC), GCC High, or DoD need to use the Microsoft 365 admin center at <https://portal.office365.us/adminportal/home#/Settings/AddIns> and then select **Settings** \> **Add-ins**.
+   >
+   > Although the screenshots in the following steps show the **Report Phishing** add-in, the steps are identical for the **Report Message** add-in.
 
-     If you made any updates on this tab, select **Update** to save your changes.
+2. On the **Deployed apps** tab of the **Integrated apps** page, select the **Report Message** add-in or the **Report Phishing** add-in by doing one of the following steps:
+   - Select the add-in by clicking anywhere in the row. In the details flyout that opens, select the **Users** tab.
+   - In the **Name** column, select **⋮** \> **Edit users**.
+  
+   > [!div class="mx-imgBorder"]
+   > :::image type="content" source="media/microsoft-365-admin-center-select-report-phish-add-in.png" alt-text="Screenshot of selecting the Report Phishing add-in on the Integrated apps page in the Microsoft 365 admin center." lightbox="media/microsoft-365-admin-center-select-report-phish-add-in.png":::
+
+3. On the **Users** tab of the details flyout, verify **Specific users/groups** is selected in the **Assign users** section.
 
-     > [!div class="mx-imgBorder"]
-     > :::image type="content" source="media/microsoft-365-admin-center-report-phish-add-in-details-users-tab.png" alt-text="The Users tab on the details flyout of the Report Message add-in in the Microsoft 365 admin center." lightbox="media/microsoft-365-admin-center-report-phish-add-in-details-users-tab.png":::
+   Any existing users or groups are shown in the **Added users** section.
 
-   - **Usage** tab: The chart and details table shows the number of active users over time.
-     - Filter the **Date range** to **7 days**, **30 days** (default), or **90 days**.
-     - In the **Report** column, select :::image type="icon" source="media/m365-cc-sc-download-icon.png" border="false"::: **Download** to download the information filtered by **Date range** to the file named **UsageData.csv**.
+   Click in the search box to find and select users or groups. New selections are added to the **To be added** section that appears.
+   
+   To remove a user or group, select :::image type="icon" source="media/m365-cc-sc-remove-icon.png" border="false"::: on the entry:
+   
+   - From the **Added users** section: The user or group is added to the **To be removed** section that appears.
+   - From the **To be added** section: The user or group is removed from this section and won't be added.
+   - From the **To be removed** section: The user or group is removed from this section and won't be removed.
+
+   When you're finished on the **Users** tab of the details flyout, select **Update** to save your changes.
+
+   > [!div class="mx-imgBorder"]
+   > :::image type="content" source="media/microsoft-365-admin-center-report-phish-add-in-details-users-tab.png" alt-text="Screenshot of the Users tab on the details flyout of the Report Message add-in in the Microsoft 365 admin center." lightbox="media/microsoft-365-admin-center-report-phish-add-in-details-users-tab.png":::
 
-   When you're finished viewing the information on the tabs, select :::image type="icon" source="media/m365-cc-sc-close-icon.png" border="false"::: **Close** to close the details flyout.
+   After a few moments, the **Updating users completed** flyout appears. Select **Done** to return to the **Users** tab of the add-in details flyout where your updates are shown in the **Added users** section.
+   
+   Select :::image type="icon" source="media/m365-cc-sc-remove-icon.png" border="false"::: **Close flyout** to return to the **Integrated apps** page.
 
 ## Frequently asked questions
 

defender-xdr/additional-information-xdr.md

@@ -19,7 +19,7 @@ ms.custom:
 - cx-ti
 - cx-dex
 search.appverid: met150
-ms.date: 10/30/2024
+ms.date: 03/05/2025
 appliesto:
   - Microsoft Defender XDR
 ---
@@ -34,7 +34,7 @@ To realize the benefits of Microsoft Defender Experts for XDR, you and your secu
 
 - **Engage actively through the readiness assessment process** – The [readiness assessment](get-started-xdr.md#prepare-your-environment-for-the-defender-experts-service) when onboarding for Defender Experts for XDR is an integral part of the offering. Completing it successfully ensures prompt service coverage and protects your organization against known threats.
 - **Act on managed responses in a timely manner** – For any suspicious incidents and alerts, our experts provide a detailed investigation summary and managed responses for remediation. We expect your SOC team to act on these managed responses in a timely manner to prevent further impact from any malicious attempts.
-- **Configure recommended settings and follow best practices to improve security posture** – As part of our service, your service delivery manager and security analyst team share ongoing recommendations to strengthen your security posture. These recommendations are based on incidents investigated in your organization. Your SOC team should review these recommendations and implement them as soon as possible to protect your organization against future threats.
+- **Configure recommended settings and follow best practices to improve security posture** – As part of our service, we will share ongoing recommendations to strengthen your security posture. These recommendations are based on incidents investigated in your organization. Your SOC team should review these recommendations and implement them as soon as possible to protect your organization against future threats.
 
 ### Note about incident response
 

defender-xdr/communicate-defender-experts-xdr.md

@@ -14,7 +14,7 @@ ms.collection:
   - essentials-manage
 ms.topic: conceptual
 search.appverid: met150
-ms.date: 05/01/2024
+ms.date: 03/05/2025
 ---
 
 # Communicating with experts in the Microsoft Defender Experts for XDR service
@@ -23,7 +23,7 @@ ms.date: 05/01/2024
 
 - [Microsoft Defender XDR](microsoft-365-defender.md)
 
-Microsoft Defender Experts for XDR provides you with multiple channels of communication to discuss incidents with our experts, ask them questions on demand, or get service readiness or operations support from your service delivery managers (SDMs).
+Microsoft Defender Experts for XDR provides you with multiple channels of communication to discuss incidents with our experts, ask them questions on demand, or get service readiness or operations support from your service delivery managers (SDMs), if included in your service.
 
 ## Incident and managed response notifications
 
@@ -79,6 +79,9 @@ While the previous scenarios involve our experts initiating communication with y
 
 The service delivery manager (SDM) is responsible for managing the overall relationship for your organization with the Defender Experts for XDR service. They are your trusted advisor working along with XDR experts' team to help you protect your organization.
 
+> [!NOTE]
+> Service delivery managers are included if your Defender Experts for XDR service is licensed for 500 or more seats.
+
 The SDM provides the following services:
 
 - Service readiness support

defender-xdr/dex-xdr-overview.md

@@ -17,7 +17,7 @@ ms.custom:
 - cx-ti
 - cx-dex
 search.appverid: met150
-ms.date: 02/05/2025
+ms.date: 03/05/2025
 ---
 
 # Microsoft Defender Experts for XDR
@@ -40,18 +40,22 @@ Defender Experts for XDR augments your SOC by combining automation and Microsoft
 - **Access expertise when you need it** - Extend your team's capacity with access to Defender Experts for assistance on an investigation
 - **Stay ahead of emerging threats** - Our experts proactively hunt for emerging threats in your environment, informed by unparalleled threat intelligence and visibility
 
-Apart from the constantly updated research and intelligence tailored for the threats currently seen across the various Microsoft Defender XDR signals, you also receive managed response from our security analysts and support from Microsoft's security-focused service delivery managers (SDMs). This service lets you enjoy the following capabilities:
+Apart from the constantly updated research and intelligence tailored for the threats currently seen across the various Microsoft Defender XDR signals, you also receive managed response from our security analysts and, if your service includes it, support from Microsoft's security-focused service delivery managers (SDMs)*. This service lets you enjoy the following capabilities:
 
 - **Managed detection and response** - Expert analysts manage your Microsoft Defender XDR incident queue and handle triage and investigation on your behalf; they partner with you and your team to take action or guide you to respond to incidents
 - **Proactive threat hunting** - [Microsoft Defender Experts for Hunting](defender-experts-for-hunting.md) is built in to extend your team's threat hunting capabilities and prioritize significant threats
 - **Ask Defender Experts** - Select [Ask Defender Experts](experts-on-demand.md) in the Microsoft Defender portal to get expert advice about threats your organization is facing. You can ask for help on a specific incident, nation-state actor, or attack vector-related notifications
 - **Live dashboards and reports** - Transparent view of our operations on your behalf and noise free, actionable view into what matters for you coupled with detailed analytics
 - **Proactive check-ins for continuous security improvements** - Periodic check-ins with your named service delivery team to guide your Defender Experts for XDR experience and improve your security posture
 
+> [!NOTE] 
+> Service delivery managers are included if your Defender Experts for XDR service is licensed for 500 or more seats.
+
 [Read the Defender Experts for XDR ebook](https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/final/en-us/microsoft-brand/documents/Defender-Experts-for-XDR-eBook-Final.pdf) and maximize the benefits of this product suite. 
 
 ### Next step
 
 [Before you begin](before-you-begin-xdr.md)
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/defender-m3d-techcommunity.md)]
+