Merge branch 'main' into patch-80

Author: padmagit77

.acrolinx-config.edn

@@ -1,6 +1,6 @@
 {:changed-files-limit 60
  :allowed-branchname-matches ["main" "release-.*"]
- :allowed-filename-matches ["ATADocs/" "ATPDocs/" "CloudAppSecurityDocs/" "defender/" "defender-business/" "defender-endpoint/" "defender-for-cloud/" "defender-for-iot/" "defender-office-365/" "defender-vulnerability-management/" "defender-xdr/" "exposure-management/" "unified-secops-platform/"] ;; Can be overridden in repo-specific edn file. This is an allow list that identifies which folders contain the files Acrolinx will check. Separate multiple folders as follows ["folder/" "folder2"]
+ :allowed-filename-matches ["advanced-threat-analytics/" "defender/" "defender-business/" "defender-endpoint/" "defender-for-cloud-apps/" "defender-for-cloud/" "defender-for-identity/" "defender-for-iot/" "defender-office-365/" "defender-vulnerability-management/" "defender-xdr/" "exposure-management/" "unified-secops-platform/"] ;; Can be overridden in repo-specific edn file. This is an allow list that identifies which folders contain the files Acrolinx will check. Separate multiple folders as follows ["folder/" "folder2"]
 
 :use-gh-statuses true
 

.github/workflows/AutoLabelAssign.yml

@@ -30,8 +30,11 @@ jobs:
         with:
             PayloadJson: ${{ needs.download-payload.outputs.WorkflowPayload }}
             AutoAssignUsers: 1
+            AutoAssignReviewers: 1
             AutoLabel: 1
             ExcludedUserList: '["user1", "user2"]'
             ExcludedBranchList: '["branch1", "branch2"]'
         secrets:
-            AccessToken: ${{ secrets.GITHUB_TOKEN }}
+            AccessToken: ${{ secrets.GITHUB_TOKEN }}
+            PrivateKey: ${{ secrets.M365_APP_PRIVATE_KEY }}
+            ClientId: ${{ secrets.M365_APP_CLIENT_ID }}

.github/workflows/BackgroundTasks.yml

@@ -6,6 +6,7 @@ permissions:
 
 on:
   pull_request_target:
+    types: [opened, synchronize, reopened, ready_for_review]
 
 jobs:
   upload:

.openpublishing.redirection.defender-cloud-apps.json

@@ -1015,5 +1015,10 @@
       "redirect_url": "/defender-cloud-apps/enable-instant-visibility-protection-and-governance-actions-for-your-apps",
       "redirect_document_id": true
     },
+    {
+      "source_path": "defender-for-cloud-apps/cloud-discovery-anomaly-detection-policy.md",
+      "redirect_url": "/defender-cloud-apps/cloud-discovery-policies",
+      "redirect_document_id": false
+    }
   ]
 }

.openpublishing.redirection.defender-identity.json

@@ -859,6 +859,11 @@
       "source_path": "defender-for-identity/manage-security-alerts.md",
       "redirect_url": "/defender-for-identity/understanding-security-alerts",
       "redirect_document_id": false
-    },  
+    },
+    {
+      "source_path": "defender-for-identity/automated-response-exclusions.md",
+      "redirect_url": "/defender-xdr/automatic-attack-disruption-exclusions",
+      "redirect_document_id": false
+    }
   ]
 }

defender-business/mdb-faq.yml

@@ -163,9 +163,9 @@ sections:
 
       - question: Can I have a mix of Microsoft endpoint security subscriptions?
         answer: |
-          Microsoft Defender for Business does not support mixed licensing, so a tenant with Defender for Business (which is included in Microsoft 365 Business Premium) along with Defender for Endpoint Plan 2 (which is included in Microsoft 365 E5 Security) defaults to the Defender for Business experience. 
+          Microsoft Defender for Business does not support mixed licensing, so a tenant with Defender for Business (which is included in Microsoft 365 Business Premium) along with Defender for Endpoint Plan 2 (which is included in the Microsoft Defender Suite) defaults to the Defender for Business experience. 
 
-          For example, if you have 80 users licensed for Defender for Business (as part of a Microsoft 365 Business Premium subscription), and you add Microsoft 365 E5 Security for 30 of those users, the experience for all users defaults to Defender for Business. If you want to change that to the Defender for Endpoint Plan 2 experience, you should license all users for Defender for Endpoint Plan 2 (either through the standalone version of Defender for Endpoint Plan 2 or Microsoft 365 E5 Security), and then contact Microsoft Support to request the switch for your tenant.
+          For example, if you have 80 users licensed for Defender for Business (as part of a Microsoft 365 Business Premium subscription), and you add the Microsoft Defender Suite for 30 of those users, the experience for all users defaults to Defender for Business. If you want to change that to the Defender for Endpoint Plan 2 experience, you should license all users for Defender for Endpoint Plan 2 (either through the standalone version of Defender for Endpoint Plan 2 or the Microsoft Defender Suite), and then contact Microsoft Support to request the switch for your tenant.
                     
           For more information, see [Manage your subscription settings](mdb-manage-subscription.md).
 

defender-business/mdb-get-started.md

@@ -19,6 +19,7 @@ ms.collection:
 - tier1
 - essentials-get-started
 ms.custom: intro-get-started
+#customer intent: As a Defender for Business admin, I need quick guidance to navigate the Microsoft Defender portal and find first steps so I can get started securing devices and email.
 ---
 
 # Visit the Microsoft Defender portal

defender-business/mdb-manage-subscription.md

@@ -22,7 +22,7 @@ ms.collection:
 
 [Microsoft Defender for Business](mdb-overview.md) and [Microsoft Defender for Endpoint](/defender-endpoint/microsoft-defender-endpoint) are endpoint security subscriptions that your organization can use to protect devices, such as computers, tablets, and phones. 
 
-As your organization grows, you might be thinking about changing from Defender for Business to Defender for Endpoint. For example, if you have Defender for Business as part of a [Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-overview) subscription, and you add Microsoft 365 E5 Security to your subscription, you now have Defender for Endpoint Plan 2 capabilities while retaining the Defender for Business experience. 
+As your organization grows, you might be thinking about changing from Defender for Business to Defender for Endpoint. For example, if you have Defender for Business as part of a [Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-overview) subscription, and you add the Microsoft Defender Suite to your subscription, you now have Defender for Endpoint Plan 2 capabilities while retaining the Defender for Business experience. 
 
 This article describes how to view your current license state and, if needed, change your experience from Defender for Business to Defender for Endpoint.
 

defender-endpoint/TOC.yml

@@ -285,6 +285,8 @@
                 href: linux-deploy-defender-for-endpoint-using-golden-images.md
               - name: Direct onboarding with Defender for Cloud
                 href: /azure/defender-for-cloud/onboard-machines-with-defender-for-endpoint?toc=/defender-endpoint/toc.json&bc=/defender-endpoint/breadcrumb/toc.json
+              - name: Deployment guidance for Defender for Endpoint on Linux for SAP
+                href: mde-linux-deployment-on-sap.md
           - name: Configure Defender for Endpoint on Linux
             items:
             - name: Configure security policies and settings

defender-endpoint/aggregated-reporting.md

@@ -12,7 +12,7 @@ ms.collection:
 - tier3
 ms.topic: article
 search.appverid: met150
-ms.date: 03/04/2025
+ms.date: 10/20/2025
 appliesto:
 - Microsoft Defender for Endpoint Plan 2
 ---
@@ -33,13 +33,16 @@ When aggregated reporting is turned on, you can query for a summary of all suppo
 
 The following requirements must be met before turning on aggregated reporting:
 
-- Defender for Endpoint Plan 2 license
 - Permissions to enable advanced features
 
-Aggregated reporting supports the following:
 
-- Client version: Windows version 24H and later
-- Operating systems: Windows 11 (22H2, Enterprise), Windows 10 (20H2, 21H1, 21H2), Windows Server 2019 and later, Windows Server version 20H2 or Azure Stack HCI OS, version 23H2 and later
+### Supported operating systems: 
+
+  - Windows 10 (20H2, 21H1, 21H2)
+  - Windows 11 (22H2, Enterprise)
+  - Windows Server 2019 and later
+  - Windows Server version 20H2 or Azure Stack HCI OS, version 23H2 and later
+  - Client version: Windows version 24H and later
 
 ## Turn on aggregated reporting
 
@@ -77,9 +80,9 @@ To query new data with aggregated reports:
 3. When necessary, create new custom rules to incorporate new action types.
 4. Go to the **Advanced Hunting** page and query the new data.
 
-Here is an example of advanced hunting query results with aggregated reports.
+   Here is an example of advanced hunting query results with aggregated reports.
 
-:::image type="content" source="/defender-endpoint/media/reports/aggregated-reporting/sample-results-aggregated-reports-small.png" alt-text="Screenshot of advanced hunting query results with aggregated reports." lightbox="/defender-endpoint/media/reports/aggregated-reporting/sample-results-aggregated-reports.png":::
+   :::image type="content" source="/defender-endpoint/media/reports/aggregated-reporting/sample-results-aggregated-reports-small.png" alt-text="Screenshot of advanced hunting query results with aggregated reports." lightbox="/defender-endpoint/media/reports/aggregated-reporting/sample-results-aggregated-reports.png":::
 
 ## Sample advanced hunting queries
 
@@ -125,4 +128,4 @@ DeviceNetworkEvents
 | where uniqueEventsAggregated > 10
 | project-reorder ActionType, Timestamp, uniqueEventsAggregated 
 | sort by uniqueEventsAggregated desc
-```
+```