Merge pull request #684 from MicrosoftDocs/main

aditisrivastava07 · web-flow · commit 350c019ff98a · 2024-06-12T15:31:03.000+05:30
Publish main to live, 06/12, 3:30 PM IST
diff --git a/defender-xdr/copilot-in-defender-device-summary.md b/defender-xdr/copilot-in-defender-device-summary.md
@@ -40,20 +40,20 @@ The device summary capability is available in the Microsoft Defender portal thro
 
 The device summary generated by Copilot contains noteworthy information about the device, including:
 
-- The status of important Defender XDR protection capabilities, like attack surface reduction and tamper protection
-- Any significant user activity observed, like unusual log in attempts
+- The status of important Microsoft Defender XDR protection capabilities, like attack surface reduction and tamper protection
+- Any significant user activity observed, like unusual sign-in attempts
 - A list of vulnerable software installed in the device
 - The status of other security features, like firewall settings, that contribute to the device's risk
 - Other notable insights that signify the device's status, like when the device was last seen active
 - Device insights delivered by Microsoft Intune, like information on the device's primary user, device group, or discovered apps
 
 You can access the device summary capability through the following ways:
 
-1. From the main menu, open the Device inventory page by selecting **Devices** under Assets. Choose a device to investigate from the list. Upon opening the device page, Copilot automatically summarizes the device information of the chosen device and displays the summary in the Copilot pane.
+- From the main menu, open the Device inventory page by selecting **Devices** under Assets. Choose a device to investigate from the list. Upon opening the device page, Copilot automatically summarizes the device information of the chosen device and displays the summary in the Copilot pane.
 
    :::image type="content" source="/defender/media/copilot-in-defender/device-summary/copilot-defender-device-summary-device-page-small.png" alt-text="Screenshot of the device summary results in Copilot in Defender." lightbox="/defender/media/copilot-in-defender/device-summary/copilot-defender-device-summary-device-page.png":::
 
-2. From an incident page, you can choose a device on the incident graph and then select **Device details** (1). On the device pane, select **Summarize** (2) to generate the device summary. The summary is displayed in the Copilot pane.
+- From an incident page, you can choose a device on the incident graph and then select **Device details** (1). On the device pane, select **Summarize** (2) to generate the device summary. The summary is displayed in the Copilot pane.
 
    :::image type="content" source="/defender/media/copilot-in-defender/device-summary/copilot-defender-device-summary-‌incident-small.png" alt-text="Screenshot highlighting the steps to access the device summary in an incident page in Copilot in Defender." lightbox="/defender/media/copilot-in-defender/device-summary/copilot-defender-device-summary-‌incident.png":::
 
diff --git a/defender-xdr/copilot-in-defender-file-analysis.md b/defender-xdr/copilot-in-defender-file-analysis.md
@@ -48,13 +48,13 @@ The file analysis results generated by Copilot usually contains the following in
 
 You can access the file analysis capability through the following ways:
 
-1. Open a file page. Copilot automatically generates an analysis upon opening a file page. The results, which shows the overview information by default, are then displayed on the Copilot pane.  
+- Open a file page. Copilot automatically generates an analysis upon opening a file page. The results, which show the overview information by default, are then displayed on the Copilot pane.  
   :::image type="content" source="/defender/media/copilot-in-defender/file-analysis/copilot-defender-file-analysis-small.png" alt-text="Screenshot of the file analysis results in Copilot in Defender with the Show details option highlighted." lightbox="/defender/media/copilot-in-defender/file-analysis/copilot-defender-file-analysis.png":::
   Select **Show details** (shown above) to display the full results or **Hide details** (highlighted below) to minimize the results.
  :::image type="content" source="/defender/media/copilot-in-defender/file-analysis/copilot-defender-file-analysis-hide-small.png" alt-text="Screenshot of the file analysis results in Copilot in Defender with the Hide details option highlighted." lightbox="/defender/media/copilot-in-defender/file-analysis/copilot-defender-file-analysis-hide.png":::
-2. From an incident page, choose a file to investigate in the [attack story](investigate-incidents.md#attack-story) graph. You can also choose a file to investigate in an alert page.
+- From an incident page, choose a file to investigate in the [attack story](investigate-incidents.md#attack-story) graph. You can also choose a file to investigate in an alert page.
   :::image type="content" source="/defender/media/copilot-in-defender/file-analysis/copilot-defender-file-analysis-attack-story-small.png" alt-text="Screenshot of the attack story graph with the file entities highlighted." lightbox="/defender/media/copilot-in-defender/file-analysis/copilot-defender-file-analysis-attack-story.png":::
-  Select a file to investigate then select **Analyze** on the side pane to begin analysis. The results are then displayed on the Copilot pane.
+  Select a file to investigate, then select **Analyze** on the side pane to begin analysis. The results are then displayed on the Copilot pane.
   :::image type="content" source="/defender/media/copilot-in-defender/file-analysis/copilot-defender-file-analysis-file-pane-small.png" alt-text="Screenshot of the incident page with the file analysis button highlighted." lightbox="/defender/media/copilot-in-defender/file-analysis/copilot-defender-file-analysis-file-pane.png":::
 
 You can copy the results to clipboard, regenerate the results, or open the Copilot for Security portal by selecting the More actions ellipsis (...) on top of the file analysis card.
diff --git a/defender-xdr/manage-incidents.md b/defender-xdr/manage-incidents.md
@@ -34,23 +34,23 @@ Incident management is critical to ensuring that incidents are named, assigned,
 
 You can manage incidents from **Incidents & alerts > Incidents** on the quick launch of the Microsoft Defender portal ([security.microsoft.com](https://security.microsoft.com)). Here's an example.
 
-:::image type="content" source="/defender/media/incidents-queue/fig1-manageincidents.png" alt-text="Highlighting the manage incident option within the incident queue and quick launch pane in the Microsoft Defender portal" lightbox="/defender/media/incidents-queue/fig1-manageincidents.png":::
+:::image type="content" source="/defender/media/incidents-queue/fig1-manageincidents.png" alt-text="Screenshot highlighting the manage incident option within the incident queue and quick launch pane in the Microsoft Defender portal." lightbox="/defender/media/incidents-queue/fig1-manageincidents.png":::
 
 Here are the ways you can manage your incidents:
 
-- [Edit the incident name](#edit-the-incident-name)
-- [Assign or change severity](#assign-or-change-incident-severity)
-- [Add incident tags](#add-incident-tags)
-- [Assign the incident to a user account](#assign-an-incident)
-- [Resolve them](#resolve-an-incident)
-- [Specify its classification](#specify-the-classification)
-- [Add comments](#add-comments)
-- Assess the activity audit and add comments in the [Activity log](#activity-log)
-- [Export incident data to PDF](#export-incident-data-to-pdf)
+- [Edit the incident name](#edit-the-incident-name).
+- [Assign or change severity](#assign-or-change-incident-severity).
+- [Add incident tags](#add-incident-tags).
+- [Assign the incident to a user account](#assign-an-incident).
+- [Resolve them](#resolve-an-incident).
+- [Specify its classification](#specify-the-classification).
+- [Add comments](#add-comments).
+- Assess the activity audit and add comments in the [Activity log](#activity-log).
+- [Export incident data to PDF](#export-incident-data-to-pdf).
 
 You can manage incidents from the **Manage incident** pane for an incident. Here's an example.
 
-:::image type="content" source="/defender/media/incidents-queue/fig2-new-manageincidents.png" alt-text="The Manage incident pane in the Microsoft Defender portal" lightbox="/defender/media/incidents-queue/fig2-new-manageincidents.png":::
+:::image type="content" source="/defender/media/incidents-queue/fig2-new-manageincidents.png" alt-text="Screenshot showing the Manage incident pane in the Microsoft Defender portal." lightbox="/defender/media/incidents-queue/fig2-new-manageincidents.png":::
 
 You can display this pane from the **Manage incident** link on the:
 
@@ -72,13 +72,13 @@ You can edit the incident name from the **Incident name** field on the **Manage
 
 ## Assign or change incident severity
 
-You can assign or change the severity of an incident from the **Severity** field on the **Manage incident** pane. The severity of an incident is determined by the highest severity of the alerts associated with it. The severity of an incident can be set to high, medium, low, or informational.
+You can assign or change the severity of an incident from the **Severity** field on the **Manage incident** pane. The severity of an incident is determined by the highest severity of the alerts associated with it. The severity of an incident can be set to *high*, *medium*, *low*, or *informational*.
 
 ## Add incident tags
 
 You can add custom tags to an incident, for example to flag a group of incidents with a common characteristic. You can later filter the incident queue for all incidents that contain a specific tag.
 
-The option to select from a list of previously-used and selected tags appear after you start typing.
+The option to select from a list of previously used and selected tags appear after you start typing.
 
 ## Assign an incident
 
@@ -119,15 +119,15 @@ All comments are added to the historical events of the incident. You can see the
 
 The **Activity log** displays a list of all the comments and actions performed on the incident, known as *Audits and comments*. All changes made to the incident, whether by a user or by the system, are recorded in the activity log. The activity log is available from the **Activity log** option on the incident page or on the incident side pane.
 
-:::image type="content" source="/defender/media/incidents-queue/fig3-manageincidents-new.png" alt-text="Highlighting the activity log option from the incident page in the Microsoft Defender portal" lightbox="/defender/media/incidents-queue/fig3-manageincidents-new.png":::
+:::image type="content" source="/defender/media/incidents-queue/fig3-manageincidents-new.png" alt-text="Screenshot highlighting the activity log option from the incident page in the Microsoft Defender portal." lightbox="/defender/media/incidents-queue/fig3-manageincidents-new.png":::
 
 You can filter the activities within the log by comments and actions. Click the **Content: Audits, Comments** then select the content type to filter activities. Here's an example.
 
-:::image type="content" source="/defender/media/incidents-queue/fig4-manageincidents.png" alt-text="Highlighting the filter options within the activity log pane from the incident page in the Microsoft Defender portal" lightbox="/defender/media/incidents-queue/fig4-manageincidents.png":::
+:::image type="content" source="/defender/media/incidents-queue/fig4-manageincidents.png" alt-text="Screenshot highlighting the filter options within the activity log pane from the incident page in the Microsoft Defender portal." lightbox="/defender/media/incidents-queue/fig4-manageincidents.png":::
 
 You can also add your own comments using the comment box available within the activity log. The comment box accepts text and formatting, links, and images.
 
-:::image type="content" source="/defender/media/incidents-queue/fig5-res-manageincidents.png" alt-text="Highlighting the comment box from the incident page in the Microsoft Defender portal" lightbox="/defender/media/incidents-queue/fig5-manageincidents.png":::
+:::image type="content" source="/defender/media/incidents-queue/fig5-res-manageincidents.png" alt-text="Screenshot highlighting the comment box from the incident page in the Microsoft Defender portal." lightbox="/defender/media/incidents-queue/fig5-manageincidents.png":::
 
 ## Export incident data to PDF
 
diff --git a/defender-xdr/security-copilot-in-microsoft-365-defender.md b/defender-xdr/security-copilot-in-microsoft-365-defender.md
@@ -33,7 +33,7 @@ ms.date: 04/01/2024
 - Microsoft Defender XDR
 - Microsoft Defender unified security operations center (SOC) platform
 
-[Microsoft Copilot for Security](/security-copilot/microsoft-security-copilot) brings together the power of AI and human expertise to help security teams respond to attacks faster and more effectively. Copilot for Security is embedded in the Microsoft Defender portal to enable security teams to efficiently summarize incidents, analyze scripts and codes, analyze files, summarize device information, use guided responses to resolve incidents, generate KQL queries, create incident reports.
+[Microsoft Copilot for Security](/security-copilot/microsoft-security-copilot) brings together the power of AI and human expertise to help security teams respond to attacks faster and more effectively. Copilot for Security is embedded in the Microsoft Defender portal to enable security teams to efficiently summarize incidents, analyze scripts and codes, analyze files, summarize device information, use guided responses to resolve incidents, generate KQL queries, and create incident reports.
 
 This article provides an overview for users of the Copilot in Defender, including steps to access, key capabilities, and links to the details of these capabilities.
 
@@ -49,7 +49,7 @@ Enable security teams to tackle attack investigations in a timely manner with ea
 
 ### Summarize incidents quickly
 
-Investigating incidents with multiple alerts can be a daunting task. To immediately understand an incident, you can tap Copilot to [summarize an incident](security-copilot-m365d-incident-summary.md) for you. Copilot creates an overview of the attack containing essential information for you to understand what transpired in the attack, what assets are involved, and the timeline of the attack. Copilot automatically creates a summary when you navigate to an incident's page.
+Investigating incidents with multiple alerts can be a daunting task. To immediately understand an incident, you can tap Copilot to [summarize an incident](security-copilot-m365d-incident-summary.md) for you. Copilot creates an overview of the attack. The overview contains essential information for you to understand what transpired in the attack, what assets are involved, and the timeline of the attack. Copilot automatically creates a summary when you navigate to an incident's page.
 
 :::image type="content" source="/defender/media/copilot-in-defender/incident-summary/copilot-defender-incident-summary-small.png" alt-text="Screenshot of the incident summary card on the Copilot pane as seen in the Microsoft Defender incident page." lightbox="/defender/media/copilot-in-defender/incident-summary/copilot-defender-incident-summary.png":::
 
@@ -79,7 +79,7 @@ Copilot helps security teams quickly assess and understand suspicious files with
 
 ### Write incident reports efficiently
 
-Security operations teams usually write reports to record important information, including what response actions were taken and the corresponding results, the team members involved, and other information to aid future security decisions and learning. Oftentimes, documenting incidents can be time-consuming. For incident reports to be effective, it must contain an incident's summary along with the actions taken, including what actions were taken by whom and when. Copilot [generates an incident report](security-copilot-m365d-create-incident-report.md) by quickly consolidating these pieces of information.
+Security operations teams usually write reports to record important information, including what response actions were taken and the corresponding results, the team members involved, and other information to aid future security decisions and learning. Oftentimes, documenting incidents can be time-consuming. For an incident report to be effective, it must contain an incident's summary along with the actions taken, including what actions were taken by whom and when. Copilot [generates an incident report](security-copilot-m365d-create-incident-report.md) by quickly consolidating these pieces of information.
 
 :::image type="content" source="/defender/media/copilot-in-defender/create-report/incident-report-main1-small.png" alt-text="Screenshot of the incident report card in the incident page showing the top half of the card." lightbox="/defender/media/copilot-in-defender/create-report/incident-report-main1.png":::
 
@@ -89,7 +89,7 @@ Copilot in Defender helps security teams proactively hunt for threats in their n
 
 ### Generate KQL queries from natural-language input
 
-Security teams who use advanced hunting to proactively hunt for threats in their network can now use a query assistant that converts any natural-language question in the context of threat hunting, into a ready-to-run KQL query. The query assistant saves security teams time by generating a KQL query that can then be automatically run or further tweaked according to the analyst needs. Read more about the query assistant in [Copilot for Security in advanced hunting](advanced-hunting-security-copilot.md).
+Security teams who use advanced hunting to proactively hunt for threats in their network can now use a query assistant that converts any natural-language question, in the context of threat hunting, into a ready-to-run KQL query. The query assistant saves security teams time by generating a KQL query that can then be automatically run or further tweaked according to the analyst needs. Read more about the query assistant in [Copilot for Security in advanced hunting](advanced-hunting-security-copilot.md).
 
 :::image type="content" source="/defender/media/advanced-hunting-security-copilot-pane.png" alt-text="Screenshot of the Copilot pane in advanced hunting." lightbox="/defender/media/advanced-hunting-security-copilot-pane-big.png":::
 
@@ -111,7 +111,7 @@ Because of its continuing evolution, Copilot might miss some things. Reviewing a
 
 All Copilot in Defender capabilities have an option for providing feedback. To provide feedback, perform the following steps:
 
-1. Select the feedback icon ![Screenshot of the feedback icon for Copilot in Defender cards](/defender/media/copilot-in-defender/copilot-defender-feedback.png) located at the bottom of any results card in the Copilot side panel.
+1. Select the feedback icon ![Screenshot of the feedback icon for Copilot in Defender cards.](/defender/media/copilot-in-defender/copilot-defender-feedback.png) located at the bottom of any results card in the Copilot side panel.
 2. Select **Confirmed, it looks great** if the results are accurate based on your assessment. You can provide more information in the next dialog box.
 3. Select **Off-target, inaccurate** if any detail is incorrect or incomplete based on your assessment. You can provide more information about your assessment in the next dialog box and submit this assessment to Microsoft.
 4. You can also report the results if it contains questionable or ambiguous information by selecting **Potentially harmful, inappropriate**. Provide more information about the results in the next dialog box and select Submit.
