Merge pull request #5545 from MicrosoftDocs/main

[AutoPublish] main to live - 11/10 04:39 PST | 11/10 18:09 IST

Author: padmagit77

defender-for-identity/okta-defender-for-identity-overview.md

@@ -25,7 +25,7 @@ With Okta connected, Defender for Identity provides the following capabilities:
 |Capability  |Description  |
 |---------|---------|
 |View Okta accounts in the Identity Inventory    |  Defender for Identity adds Okta users to the identity inventory in the Microsoft Defender portal. These accounts correlate with matching identities from Active Directory or Microsoft Entra ID, to allow unified tracking across platforms.       |
-|Improve Okta security posture    |   Defender for Identity evaluates identity configuration in Okta and surfaces posture recommendations in Microsoft Secure Score. Example recommendations include: <br> - [Assign multifactor authentication to Okta privileged user accounts](/defender-for-identity/security-posture-assessments/cloud-identities.md#assign-multifactor-authentication-to-okta-privileged-user-accounts)  <br> - [Change password for Okta privileged user accounts](/defender-for-identity/security-posture-assessments/cloud-identities.md#change-okta-password-privileged-user-accounts.md)  <br> - [High number of Okta accounts with privileged role assigned](/defender-for-identity/security-posture-assessments/cloud-identities.md#high-number-of-okta-accounts-with-privileged-role-assigned.md)  <br> - [Highly privileged Okta API token](/defender-for-identity/security-posture-assessments/cloud-identities.md#highly-privileged-okta-api-token)  <br> - [Limit the number of Okta Super Admin accounts](/defender-for-identity/security-posture-assessments/cloud-identities.md#limit-number-okta-super-admin-accounts.md)  <br> - [Remove dormant Okta privileged accounts](/defender-for-identity/security-posture-assessments/cloud-identities.md#remove-dormant-okta-privileged-accounts.md)      |
+|Improve Okta security posture    |   Defender for Identity evaluates identity configuration in Okta and surfaces posture recommendations in Microsoft Secure Score. Example recommendations include: <br> - [Assign multifactor authentication to Okta privileged user accounts](/defender-for-identity/security-posture-assessments/cloud-identities#assign-multifactor-authentication-to-okta-privileged-user-accounts)  <br> - [Change password for Okta privileged user accounts](/defender-for-identity/security-posture-assessments/cloud-identities#change-okta-password-privileged-user-accounts.md)  <br> - [High number of Okta accounts with privileged role assigned](/defender-for-identity/security-posture-assessments/cloud-identities#high-number-of-okta-accounts-with-privileged-role-assigned.md)  <br> - [Highly privileged Okta API token](/defender-for-identity/security-posture-assessments/cloud-identities#highly-privileged-okta-api-token)  <br> - [Limit the number of Okta Super Admin accounts](/defender-for-identity/security-posture-assessments/cloud-identities#limit-number-okta-super-admin-accounts.md)  <br> - [Remove dormant Okta privileged accounts](/defender-for-identity/security-posture-assessments/cloud-identities#remove-dormant-okta-privileged-accounts.md)      |
 |Get alerts on suspicious Okta activity   |  Defender for Identity alerts you when it detects high-risk behavior in Okta, including anonymous sign-ins, privileged role assignments, and token abuse. These alerts are available in Microsoft Defender XDR. When connected, Defender for Identity raises the following alerts based on Okta activity:  <br> - Okta anonymous user access  <br> - Privileged API token created  <br> - Privileged API token updated  <br> - Privileged Role assignment to Application  <br> - Suspicious privileged role assignment  <br> For a full list of supported alerts, see: [Defender for Identity XDR alerts](/defender-for-identity/alerts-xdr#initial-access-alerts).       |
 |Use advanced hunting to investigate Okta activity    |  Advanced hunting lets you investigate identity activity across different services including Okta, Active Directory, and Microsoft Entra ID. <br> The **IdentityInfo** table includes account metadata such as privilege level, group membership, and identity source. <br> The **IdentityEvents** table includes events related to those identities, such as sign-ins, authentication attempts, and identity-related alerts across supported identity providers.  <br> To explore the full schema and build your own queries, see:  <br> -  [IdentityInfo ](/defender-xdr/advanced-hunting-identityinfo-table)  <br> -  [IdentityEvents(Preview)](/defender-xdr/advanced-hunting-identityevents-table).       |
 |Take remediation actions      |  When Microsoft Defender for Identity identifies an identity as at risk, you can take the following remediation actions directly from the Defender portal to update the user's status in Okta.  <br> - Revoke all user's sessions  <br> - Deactivate user in Okta  <br> - Set user risk in Okta  <br> For more information, see: [Remediation actions in Microsoft Defender for Identity](remediation-actions.md#roles-and-permissions).       |

defender-for-identity/whats-new-archive.md

@@ -54,9 +54,9 @@ Defender for Identity's identity security posture assessments proactively detect
 
 The following new security posture assessments are now available in Microsoft Secure Score:
 
-- [Remove access rights on suspicious accounts with the Admin SDHolder permission](/security-posture-assessments/accounts#remove-access-rights-on-suspicious-accounts-with-the-admin-sdholder-permission)
-- [Remove nonadmin accounts with DCSync permissions](/security-posture-assessments/accounts#remove-non-admin-accounts-with-dcsync-permissions)
-- [Remove local admins on identity assets](/security-posture-assessments/identity-infrastructure/#security-assessment-remove-local-admins.md)
+- [Remove access rights on suspicious accounts with the Admin SDHolder permission](/defender-for-identity/security-posture-assessments/accounts#remove-access-rights-on-suspicious-accounts-with-the-admin-sdholder-permission)
+- [Remove nonadmin accounts with DCSync permissions](/defender-for-identity/security-posture-assessments/accounts#remove-non-admin-accounts-with-dcsync-permissions)
+- [Remove local admins on identity assets](/defender-for-identity/security-posture-assessments/identity-infrastructure/#security-assessment-remove-local-admins.md)
 - [Start your Defender for Identity deployment](security-assessment-deploy-defender-for-identity.md)
 
 For more information, see [Microsoft Defender for Identity's security posture assessments](security-assessment.md).
@@ -302,7 +302,7 @@ Microsoft Defender for Identity offers the ability to define honeytoken accounts
 Released September 11, 2022
 
 - **Updated assessment: Unsecure domain configurations**  
-The unsecure domain configuration assessment available through Microsoft Secure Score now assesses the domain controller LDAP signing policy configuration and alerts if it finds an unsecure configuration. For more information, see [Security assessment: Unsecure domain configurations](/security-posture-assessments/identity-infrastructure.md#security-assessment-unsecure-domain-configurations).
+The unsecure domain configuration assessment available through Microsoft Secure Score now assesses the domain controller LDAP signing policy configuration and alerts if it finds an unsecure configuration. For more information, see [Security assessment: Unsecure domain configurations](/defender-for-identity/security-posture-assessments/identity-infrastructure#security-assessment-unsecure-domain-configurations).
 
 - Version includes improvements and bug fixes for internal sensor infrastructure.
 
@@ -361,7 +361,7 @@ Released July 10, 2022
 - **New security assessments**  
 Defender for Identity now includes the following new security assessment:
   - Unsecure domain configurations  
-Microsoft Defender for Identity continuously monitors your environment to identify domains with configuration values that expose a security risk, and reports on these domains to assist you in protecting your environment. For more information, see [Security assessment: Unsecure domain configurations](/security-posture-assessments/identity-infrastructure.md#security-assessment-unsecure-domain-configurations).
+Microsoft Defender for Identity continuously monitors your environment to identify domains with configuration values that expose a security risk, and reports on these domains to assist you in protecting your environment. For more information, see [Security assessment: Unsecure domain configurations](/defender-for-identity//security-posture-assessments/identity-infrastructure#security-assessment-unsecure-domain-configurations).
 
 - The Defender for Identity installation package will now install the Npcap component instead of the WinPcap drivers. For more information, see [WinPcap and Npcap drivers](/defender-for-identity/technical-faq#winpcap-and-npcap-drivers).
 

defender-for-identity/whats-new.md

@@ -140,7 +140,7 @@ For more information, see [Configure scoped access for Microsoft Defender for Id
 
 The new security posture assessment highlights unsecured Active Directory attributes that contain passwords or credential clues and recommends steps to remove them, helping reduce the risk of identity compromise.
 
-For more information, see: [Security Assessment: Remove discoverable passwords in Active Directory account attributes (Preview)](/security-posture-assessments/accounts.md#remove-discoverable-passwords-in-active-directory-account-attributes-preview)
+For more information, see: [Security Assessment: Remove discoverable passwords in Active Directory account attributes (Preview)](/defender-for-identity/security-posture-assessments/accounts#remove-discoverable-passwords-in-active-directory-account-attributes-preview)
 
 ### Microsoft Defender for Identity sensor version updates
 
@@ -178,11 +178,11 @@ Use these assessments to improve monitoring coverage and strengthen your hybrid
 
 For more information, see:
 
-[Security Assessment: Unmonitored ADCS servers](/defender-for-identity/security-posture-assessments/identity-infrastructure.md#unmonitored-adcs-servers)
+[Security Assessment: Unmonitored ADCS servers](/defender-for-identity/security-posture-assessments/identity-infrastructure#unmonitored-adcs-servers)
 
-[Security Assessment: Unmonitored ADFS servers](/defender-for-identity/security-posture-assessments/identity-infrastructure.md#unmonitored-adfs-servers)
+[Security Assessment: Unmonitored ADFS servers](/defender-for-identity/security-posture-assessments/identity-infrastructure#unmonitored-adfs-servers)
 
-[Security Assessment: Unmonitored Microsoft Entra Connect servers](/defender-for-identity/security-posture-assessments/identity-infrastructure.md#unmonitored-microsoft-entra-connect-servers)
+[Security Assessment: Unmonitored Microsoft Entra Connect servers](/defender-for-identity/security-posture-assessments/identity-infrastructure#unmonitored-microsoft-entra-connect-servers)
 
 
 
@@ -402,9 +402,9 @@ As part of our ongoing effort to enhance Microsoft Defender for Identity coverag
 * **Rotate password for Microsoft Entra Connect connector account**
    * A compromised Microsoft Entra Connect connector account (AD DS connector account, commonly shown as MSOL_XXXXXXXX) can grant access to high-privilege functions like replication and password resets, allowing attackers to modify synchronization settings and compromise security in both cloud and on-premises environments as well as offering several paths for compromising the entire domain. In this assessment, we recommend customers change the password of MSOL accounts with the password last set over 90 days ago. For more information, select [Rotate password for Microsoft Entra Connect connector account](../defender-for-identity/security-posture-assessments/hybrid-security.md#rotate-password-for-microsoft-entra-connect-ad-ds-connector-account).
 * **Remove unnecessary replication permissions for Microsoft Entra Connect Account**
-   * By default, the Microsoft Entra Connect connector account has extensive permissions to ensure proper synchronization (even if they aren't required). If Password Hash Sync isn't configured, it’s important to remove unnecessary permissions to reduce the potential attack surface. For more information, see [Remove replication permissions for Microsoft Entra account](/defender-for-identity/security-posture-assessments/hybrid-security.md#remove-unnecessary-replication-permissions-for-microsoft-entra-connect-ad-ds-connector-account).
+   * By default, the Microsoft Entra Connect connector account has extensive permissions to ensure proper synchronization (even if they aren't required). If Password Hash Sync isn't configured, it’s important to remove unnecessary permissions to reduce the potential attack surface. For more information, see [Remove replication permissions for Microsoft Entra account](/defender-for-identity/security-posture-assessments/hybrid-security#remove-unnecessary-replication-permissions-for-microsoft-entra-connect-ad-ds-connector-account).
 * **Change password for Microsoft Entra seamless SSO account configuration**
-   * This report lists all [Microsoft Entra seamless SSO](/entra/identity/hybrid/connect/how-to-connect-sso) computer accounts with password last set over 90 days ago. The password for the Azure SSO computer account isn't automatically changed every 30 days. If an attacker compromises this account, they can generate service tickets for the AZUREADSSOACC account on behalf of any user and impersonate any user in the Microsoft Entra tenant that is synchronized from Active Directory. An attacker can use this to move laterally from Active Directory into Microsoft Entra ID. For more information, see: [Change password for Microsoft Entra seamless SSO account configuration](/defender-for-identity/security-posture-assessments/hybrid-security.md#change-password-for-microsoft-entra-seamless-sso-account).
+   * This report lists all [Microsoft Entra seamless SSO](/entra/identity/hybrid/connect/how-to-connect-sso) computer accounts with password last set over 90 days ago. The password for the Azure SSO computer account isn't automatically changed every 30 days. If an attacker compromises this account, they can generate service tickets for the AZUREADSSOACC account on behalf of any user and impersonate any user in the Microsoft Entra tenant that is synchronized from Active Directory. An attacker can use this to move laterally from Active Directory into Microsoft Entra ID. For more information, see: [Change password for Microsoft Entra seamless SSO account configuration](/defender-for-identity/security-posture-assessments/hybrid-security#change-password-for-microsoft-entra-seamless-sso-account).
 
 **New Microsoft Entra Connect detections:**
 
@@ -556,7 +556,7 @@ The new **Edit insecure ADCS certificate enrollment IIS endpoints (ESC8)** recom
 
 For more information, see:
 
-- [Security assessment: Edit insecure ADCS certificate enrollment IIS endpoints (ESC8)](/defender-for-identity/security-posture-assessments/certificates.md#edit-insecure-adcs-certificate-enrollment-iis-endpoints-esc8)
+- [Security assessment: Edit insecure ADCS certificate enrollment IIS endpoints (ESC8)](/defender-for-identity/security-posture-assessments/certificates#edit-insecure-adcs-certificate-enrollment-iis-endpoints-esc8)
 - [Security posture assessments for AD CS sensors](#security-posture-assessments-for-ad-cs-sensors-preview)
 - [Microsoft Defender for Identity's security posture assessments](security-assessment.md)
 
@@ -692,17 +692,17 @@ Recommended actions now include the following new security posture assessments,
 
 - **Certificate templates recommended actions**:
 
-   - [Prevent users to request a certificate valid for arbitrary users based on the certificate template (ESC1)](/defender-for-identity/security-posture-assessments/certificates.md#prevent-users-to-request-a-certificate-valid-for-arbitrary-users-based-on-the-certificate-template-esc1--preview)
-   - [Edit overly permissive certificate template with privileged EKU (Any purpose EKU or No EKU) (ESC2)](/defender-for-identity/security-posture-assessments/certificates.md#edit-overly-permissive-certificate-template-with-privileged-eku-any-purpose-eku-or-no-eku-esc2)
-   - [Misconfigured enrollment agent certificate template (ESC3)](/defender-for-identity/security-posture-assessments/certificates.md#edit-misconfigured-enrollment-agent-certificate-template-esc3)
-   - [Edit misconfigured certificate templates ACL (ESC4)](/defender-for-identity/security-posture-assessments/certificates.md#edit-misconfigured-certificate-templates-acl-esc4)
-   - [Edit misconfigured certificate templates owner (ESC4)](/defender-for-identity/security-posture-assessments/certificates.md#edit-misconfigured-certificate-templates-owner-esc4)
+   - [Prevent users to request a certificate valid for arbitrary users based on the certificate template (ESC1)](/defender-for-identity/security-posture-assessments/certificates#prevent-users-to-request-a-certificate-valid-for-arbitrary-users-based-on-the-certificate-template-esc1--preview)
+   - [Edit overly permissive certificate template with privileged EKU (Any purpose EKU or No EKU) (ESC2)](/defender-for-identity/security-posture-assessments/certificates#edit-overly-permissive-certificate-template-with-privileged-eku-any-purpose-eku-or-no-eku-esc2)
+   - [Misconfigured enrollment agent certificate template (ESC3)](/defender-for-identity/security-posture-assessments/certificates#edit-misconfigured-enrollment-agent-certificate-template-esc3)
+   - [Edit misconfigured certificate templates ACL (ESC4)](/defender-for-identity/security-posture-assessments/certificates#edit-misconfigured-certificate-templates-acl-esc4)
+   - [Edit misconfigured certificate templates owner (ESC4)](/defender-for-identity/security-posture-assessments/certificates#edit-misconfigured-certificate-templates-owner-esc4)
 
 - **Certificate authority recommended actions**:
 
-   - [Edit vulnerable Certificate Authority setting (ESC6)](/defender-for-identity/security-posture-assessments/certificates.md#security-assessment-edit-vulnerable-ca-setting)
-   - [Edit misconfigured Certificate Authority ACL (ESC7)](/defender-for-identity/security-posture-assessments/certificates.md#security-assessment-edit-misconfigured-ca-acl)
-   - [Enforce encryption for RPC certificate enrollment interface (ESC11)](/defender-for-identity/security-posture-assessments/certificates.md#security-assessment-enforce-encryption-rpc)
+   - [Edit vulnerable Certificate Authority setting (ESC6)](/defender-for-identity/security-posture-assessments/certificates#security-assessment-edit-vulnerable-ca-setting)
+   - [Edit misconfigured Certificate Authority ACL (ESC7)](/defender-for-identity/security-posture-assessments/certificates#security-assessment-edit-misconfigured-ca-acl)
+   - [Enforce encryption for RPC certificate enrollment interface (ESC11)](/defender-for-identity/security-posture-assessments/certificates#security-assessment-enforce-encryption-rpc)
 
 The new assessments are available in Microsoft Secure Score, surfacing security issues, and severe misconfigurations that pose risks to the entire organization, alongside detections. Your score is updated accordingly.
 

defender-office-365/app-guard-for-office-install.md

@@ -2,7 +2,7 @@
 title: Application Guard for Office for admins
 f1.keywords:
   - NOCSH
-ms.author: maccruz
+ms.author: deniseb
 author: schmurky
 manager: deniseb
 audience: ITPro