Merge pull request #3153 from MicrosoftDocs/main

aditisrivastava07 · web-flow · commit 42aff89ea275 · 2025-03-17T11:01:32.000+05:30
Publish main to live, 03/17, 11:00 AM IST
diff --git a/defender-xdr/pilot-deploy-defender-cloud-apps.md b/defender-xdr/pilot-deploy-defender-cloud-apps.md
@@ -7,7 +7,7 @@ f1.keywords:
   - NOCSH
 ms.author: bcarter
 author: brendacarter
-ms.date: 01/12/2025
+ms.date: 03/14/2025
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
@@ -201,13 +201,13 @@ In this illustration, some apps are sanctioned for use. Sanctioning is a simple
 
 One of the most powerful protections you can configure is Conditional access app control. This protection requires integration with Microsoft Entra ID. It allows you to apply Conditional Access policies, including related policies (like requiring healthy devices), to cloud apps you've sanctioned.
 
-You might already have SaaS apps added to your Microsoft Entra tenant to enforce multi-factor authentication and other conditional access policies. Microsoft Defender for Cloud Apps natively integrates with Microsoft Entra ID. All you must do is configure a policy in Microsoft Entra ID to use conditional access app control in Defender for Cloud Apps. This routes network traffic for these managed SaaS apps through Defender for Cloud Apps as a proxy, which allows Defender for Cloud Apps to monitor this traffic and to apply session controls.
+You might already have SaaS apps added to your Microsoft Entra tenant to enforce multifactor authentication and other conditional access policies. Microsoft Defender for Cloud Apps natively integrates with Microsoft Entra ID. All you must do is configure a policy in Microsoft Entra ID to use conditional access app control in Defender for Cloud Apps. This routes network traffic for these managed SaaS apps through Defender for Cloud Apps as a proxy, which allows Defender for Cloud Apps to monitor this traffic and to apply session controls.
 
 :::image type="content" source="media/eval-defender-xdr/m365-defender-mcas-architecture-e.svg" alt-text="A diagram that shows the architecture for Defender for Cloud Apps conditional access app control." lightbox="media/eval-defender-xdr/m365-defender-mcas-architecture-e.svg":::
 
 In this illustration:
 
-- SaaS apps are integrated with the Microsoft Entra tenant. This integration allows Microsoft Entra ID to enforce conditional access policies, including multi-factor authentication.
+- SaaS apps are integrated with the Microsoft Entra tenant. This integration allows Microsoft Entra ID to enforce conditional access policies, including multifactor authentication.
 - A policy is added to Microsoft Entra ID to direct traffic for SaaS apps to Defender for Cloud Apps. The policy specifies which SaaS apps to apply this policy to. After Microsoft Entra ID enforces any conditional access policies that apply to these SaaS apps, Microsoft Entra ID then directs (proxies) the session traffic through Defender for Cloud Apps.
 - Defender for Cloud Apps monitors this traffic and applies any session control policies that have been configured by administrators.
 
@@ -229,16 +229,16 @@ For sample policies, see [Recommended Microsoft Defender for Cloud Apps policies
 
 Once you have session policies configured, apply them to your cloud apps to provide controlled access to those apps.
 
-:::image type="content" source="media/eval-defender-xdr/m365-defender-office-architecture.svg" alt-text="A diagram that shows how cloud apps are accessed via session control policies with Defender for Cloud Apps." lightbox="media/eval-defender-xdr/m365-defender-office-architecture.svg":::
+:::image type="content" source="media/eval-defender-xdr/m365-defender-mcas-architecture-d.svg" alt-text="A diagram that shows how cloud apps are accessed via session control policies with Defender for Cloud Apps." lightbox="media/eval-defender-xdr/m365-defender-office-architecture.svg":::
 
 In the illustration:
 
-- Access to sanctioned cloud apps from users and devices in your organization is routed through Defender for Cloud Apps.
+- Access to sanctioned cloud apps from users and devices in your organization is routed through Defender for Cloud Apps where session policies can be applied to specific apps.
 - Cloud apps that you have not sanctioned or explicitly unsanctioned are not affected.
 
 Session policies allow you to apply parameters to how cloud apps are used by your organization. For example, if your organization is using Salesforce, you can configure a session policy that allows only managed devices to access your organization's data at Salesforce. A simpler example could be configuring a policy to monitor traffic from unmanaged devices so you can analyze the risk of this traffic before applying stricter policies.
 
-For more information, see [Conditional access app control in Microsoft Defender for Cloud Apps](/defender-cloud-apps/proxy-intro-aad).
+For more information, see [Create Microsoft Defender for Cloud Apps session policies](/defender-cloud-apps/session-policy-aad).
 
 <a name="step-8"></a>
 
diff --git a/exposure-management/predefined-classification-rules-and-levels.md b/exposure-management/predefined-classification-rules-and-levels.md
@@ -6,7 +6,7 @@ author: dlanger
 manager: rayne-wiselman
 ms.topic: reference
 ms.service: exposure-management
-ms.date: 11/16/2024
+ms.date: 03/16/2025
 ---
 
 # Predefined classifications
@@ -42,7 +42,7 @@ Current asset types are:
 | Security Operations Admin Device         | Device     | High        | Critical devices used to configure, manage, and monitor the security within an organization are vital for security operations administration and are at high risk of cyber threats. They require top-level security measures to prevent unauthorized access.  Note: We apply a logic to identify devices belonging to an admin based on multiple factors, including the frequent usage of administrative tools.|
 | Network Admin Device         | Device     | Medium                    | Critical devices used to configure, manage, and monitor the network assets within the organization are vital for network administration and are at high risk of cyber threats. They require top-level security to prevent unauthorized access. _Note: We apply a logic to identify devices belonging to an admin based on multiple factors, including the frequent usage of administrative tools._|
 | VMware ESXi                | Device     | High                      | The VMware ESXi hypervisor is essential for running and managing virtual machines within your infrastructure. As a bare-metal hypervisor, it's providing the foundation for creating and managing virtual resources. |
-| VMware vCenter             | Device     | High                      | The VMware vCenter Server is crucial for managing virtual environments. It provides centralized management of virtual machines and ESXi hosts. If it fails, it could disrupt the administration and control of your virtual infrastructure, including provisioning, migration, load balancing of virtual machines, and datacenter automation. However, as there are often redundant vCenter Servers and High Availability configurations, the immediate halt of all operations might not occur. Its failure could still cause significant inconvenience and potential performance issues |
+| VMware vCenter             | Device     | High                      | The VMware vCenter Server is crucial for managing virtual environments. It provides centralized management of virtual machines and ESXi hosts. If it fails, it could disrupt the administration and control of your virtual infrastructure, including provisioning, migration, load balancing of virtual machines, and datacenter automation. However, as there are often redundant vCenter Servers and High Availability configurations, the immediate halt of all operations might not occur. Its failure could still cause significant inconvenience and potential performance issues. |
 | Hyper-V Server             | Device     | High                      | The Hyper-V hypervisor is essential for running and managing virtual machines within your infrastructure, serving as the core platform for their creation and management. If the Hyper-V host fails, it can lead to the unavailability of hosted virtual machines, potentially causing downtime and disrupting business operations. Moreover, it can result in significant performance degradation and operational challenges. Ensuring the reliability and stability of Hyper-V hosts is therefore critical for maintaining seamless operations in a virtual environment. |
 
 ##### Identity
@@ -73,6 +73,7 @@ Current asset types are:
 | Password Administrator                        | Identity   | Very High                 | Identities in this role can reset passwords for nonadministrators and Password Administrators. |
 | Privileged Authentication Administrator       | Identity   | Very High                 | Identities in this role can view, set, and reset authentication method information for any user (admin or nonadmin). |
 | Privileged Role Administrator                 | Identity   | Very High                 | Identities in this role can manage role assignments in Microsoft Entra ID, and all aspects of Privileged Identity Management. |
+| Security Operations Admin User                | Identity   | High                      | Identities in this role can configure, manage, monitor, and respond to threats within the organization.  **Note**: This rule’s logic relies on the predefined critical device classification “Security Operations Admin Device”.  |
 | Security Administrator                        | Identity   | High                      | Identities in this role can read security information and reports, and manage configuration in Microsoft Entra ID and Office 365. |
 | Security Operator                             | Identity   | High                      | Identities in this role can create and manage security events.    |
 | Security Reader                               | Identity   | High                      | Identities in this role can read security information and reports in Microsoft Entra ID and Office 365. |
@@ -102,6 +103,13 @@ Current asset types are:
 | Yammer Administrator                          | Identity   | High                      | Identities in this role can manage all aspects of the Yammer service. |
 | Authentication Extensibility Administrator    | Identity   | High                      | Identities in this role can customize sign in and sign up experiences for users by creating and managing custom authentication extensions. |
 | Lifecycle Workflows Administrator             | Identity   | High                      | Identities in this role create and manage all aspects of workflows and tasks associated with Lifecycle Workflows in Microsoft Entra ID. |
+| Senior Executive (Technology)      | Identity | Very High | Identities with this classification belong to senior executives in the field of Technology. |
+| Senior Executive (Finance)         | Identity | Very High | Identities with this classification belong to senior executives in the field of Finance. |
+| Senior Executive (Operations)      | Identity | Very High | Identities with this classification belong to senior executives in the field of Operations. |
+| Senior Executive (Marketing)   | Identity | Very High | Identities with this classification belong to senior executives in the field of Marketing. |
+| Senior Executive (Information)     | Identity | Very High | Identities with this classification belong to senior executives in the field of Information. |
+| Senior Executive (Execution)       | Identity | Very High | Identities with this classification belong to senior executives in the field of Execution. |
+| Senior Executive (Human Resources) | Identity | Very High | Identities with this classification belong to senior executives in the field of Human Resources. |
 
 ##### Cloud resource
 
diff --git a/exposure-management/whats-new.md b/exposure-management/whats-new.md
@@ -6,7 +6,7 @@ author: dlanger
 manager: rayne-wiselman
 ms.topic: overview
 ms.service: exposure-management
-ms.date: 12/03/2024
+ms.date: 03/16/2025
 
 ---
 
@@ -24,8 +24,29 @@ Learn more about MSEM by reading the blogs, [here](https://techcommunity.microso
 >
 > `https://aka.ms/msem/rss`
 
+## March 2025
+
+### New predefined classifications
+
+The following predefined **Identity** classification rules were added to the critical assets list:
+
+| Classification                     | Description                                                  |
+| ---------------------------------- | ------------------------------------------------------------ |
+| Senior Executive (Technology)      | This rule applies to identities classified as senior executives in the field of Technology. |
+| Senior Executive (Finance)         | This rule applies to identities classified as senior executives in the field of Finance. |
+| Senior Executive (Operations)      | This rule applies to identities classified as senior executives in the field of Operations. |
+| Senior Executive (Marketing)   | This rule applies to identities classified as senior executives in the field of Marketing. |
+| Senior Executive (Information)     | This rule applies to identities classified as senior executives in the field of Information. |
+| Senior Executive (Execution)       | This rule applies to identities classified as senior executives in the field of Execution. |
+| Senior Executive (Human Resources) | This rule applies to identities classified as senior executives in the field of Resources. |
+| Security Operations Admin User              | This rule applies to security operations admin users that configure, manage, monitor, and respond to threats within the organization. |
+
+For more information, see, [Predefined classifications](predefined-classification-rules-and-levels.md)
+
 ## February 2025
 
+### New predefined classifications
+
 The following predefined classification rules were added to the critical assets list:
 
 | Classification                                       | Description                                                  |
