Merge pull request #5037 from MicrosoftDocs/main

m365-skilling-repo-management[bot] · web-flow · commit 4629941eb63e · 2025-09-15T05:32:59.000Z
[AutoPublish] main to live - 09/14 22:31 PDT | 09/15 11:01 IST
diff --git a/defender-for-identity/deploy/prerequisites-sensor-version-3.md b/defender-for-identity/deploy/prerequisites-sensor-version-3.md
@@ -41,17 +41,14 @@ The following table summarizes the server requirements and recommendations for t
 
 |Prerequisite / Recommendation |Description  |
 |---------|---------|
-|Operating System|The domain controller must have both:<br> - Windows Server 2019 or later<br> - [March 2024 Cumulative Update](https://support.microsoft.com/topic/march-12-2024-kb5035857-os-build-20348-2340-a7953024-bae2-4b1a-8fc1-74a17c68203c) or later.|
+|Operating System|The domain controller must have both:<br> - Windows Server 2019 or later<br> - [June 2025 Cumulative Update](https://support.microsoft.com/en-us/topic/june-10-2025-kb5060526-os-build-20348-3807-4e9453c4-6602-48ea-b349-689cd66dfdb9) or later.|
 |Specifications|  A domain controller server with a minimum of:<br> - two cores<br>- 6 GB of RAM|
 |Performance| For optimal performance, set the **Power Option** of the machine running the Defender for Identity sensor to **High Performance**.        |
 |Connectivity|Requires a Microsoft Defender for Endpoint deployment. If Microsoft Defender for Endpoint is installed on the domain controller, there are no additional connectivity requirements.   |
 |Previous installations| Before activating the sensor on a domain controller, make sure that the domain controller doesn't have another Defender for Identity sensor already deployed.|
 |Server time synchronization|The servers and domain controllers onto which the sensor is installed must have time synchronized to within five minutes of each other.|
 |ExpressRoute|This version of the sensor doesn't support ExpressRoute. If your environment uses ExpressRoute,  we recommend [deploying the Defender for Identity sensor v2.x](install-sensor.md).|
 
-> [!NOTE]
-> After the March 2024 Cumulative Update is installed, LSASS might experience a memory leak on domain controllers during on-premises and cloud-based Active Directory Domain Controllers service Kerberos authentication requests. [This out-of-band update: KB5037422](https://support.microsoft.com/en-gb/topic/march-22-2024-kb5037422-os-build-20348-2342-out-of-band-e8f5bf56-c7cb-4051-bd5c-cc35963b18f3) addresses this issue.
-
 ### Dynamic memory requirements
 
 The following table describes memory requirements on the server used for the Defender for Identity sensor, depending on the type of virtualization you're using:
diff --git a/defender-for-identity/deploy/test-connectivity.md b/defender-for-identity/deploy/test-connectivity.md
@@ -29,7 +29,7 @@ For more information, see [Required ports](../prerequisites.md#ports).
     > [!IMPORTANT]
     > You must specify `HTTPS`, not `HTTP`, to properly test connectivity.
 
-    **Result**: You should get an *Ok* message displayed (HTTP status 200) and the latest sensor version number, which indicates you were successfully able to route to the Defender for Identity HTTPS endpoint. This is the desired result.
+    **Result**: You should get the latest sensor version number, which indicates you were successfully able to route to the Defender for Identity HTTPS endpoint. This is the desired result.
 
     For some older workspaces, the message returned could be *Error 503 The service is unavailable*. This is a temporary state that still indicates success. For example:
 
