MicrosoftDocs
diff --git a/‎CloudAppSecurityDocs/access-policy-aad.md‎
Lines changed: 1 addition & 0 deletions b/‎CloudAppSecurityDocs/access-policy-aad.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎CloudAppSecurityDocs/accounts.md‎
Lines changed: 1 addition & 0 deletions b/‎CloudAppSecurityDocs/accounts.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎CloudAppSecurityDocs/activity-filters.md‎
Lines changed: 4 additions & 3 deletions b/‎CloudAppSecurityDocs/activity-filters.md‎
Lines changed: 4 additions & 3 deletions
diff --git a/‎CloudAppSecurityDocs/admin-settings.md‎
Lines changed: 1 addition & 0 deletions b/‎CloudAppSecurityDocs/admin-settings.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎CloudAppSecurityDocs/anomaly-detection-policy.md‎
Lines changed: 1 addition & 0 deletions b/‎CloudAppSecurityDocs/anomaly-detection-policy.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎CloudAppSecurityDocs/api-activities-investigate-script.md‎
Lines changed: 4 additions & 3 deletions b/‎CloudAppSecurityDocs/api-activities-investigate-script.md‎
Lines changed: 4 additions & 3 deletions
diff --git a/‎CloudAppSecurityDocs/app-activity-threat-hunting.md‎
Lines changed: 2 additions & 1 deletion b/‎CloudAppSecurityDocs/app-activity-threat-hunting.md‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎CloudAppSecurityDocs/app-governance-anomaly-detection-alerts.md‎
Lines changed: 2 additions & 1 deletion b/‎CloudAppSecurityDocs/app-governance-anomaly-detection-alerts.md‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎CloudAppSecurityDocs/app-governance-app-policies-create.md‎
Lines changed: 15 additions & 13 deletions b/‎CloudAppSecurityDocs/app-governance-app-policies-create.md‎
Lines changed: 15 additions & 13 deletions
diff --git a/‎CloudAppSecurityDocs/app-governance-app-policies-overview.md‎
Lines changed: 2 additions & 1 deletion b/‎CloudAppSecurityDocs/app-governance-app-policies-overview.md‎
Lines changed: 2 additions & 1 deletion
@@ -3,6 +3,7 @@ title: Create access policies | Microsoft Defender for Cloud Apps
 description: Learn how to configure Microsoft Defender for Cloud Apps access policies with Conditional Access app control to control access to cloud apps.
 ms.date: 05/15/2024
 ms.topic: how-to
+ms.reviewer: AmitMishaeli
 ---
 # Create Microsoft Defender for Cloud Apps access policies
 
 
@@ -3,6 +3,7 @@ title: Investigate accounts from connected apps | Microsoft Defender for Cloud A
 description: This article provides information about reviewing accounts from your connected apps.
 ms.date: 01/29/2023
 ms.topic: how-to
+ms.reviewer: gayasalomon
 ---
 # Cloud Application Accounts
 
 
@@ -3,6 +3,7 @@ title: Investigate activities
 description: This article provides a list of activities, filters, and match parameters that can be applied to activity policies.
 ms.date: 06/24/2025
 ms.topic: how-to
+ms.reviewer: gayasalomon
 ---
 
 # Investigate activities
@@ -15,7 +16,7 @@ Microsoft Defender for Cloud Apps gives you visibility into all the activities f
 >
 > Microsoft Defender for Cloud Apps displays these activity names and types exactly as received and doesn't define or modify them. To understand the meaning of an activity, refer to the relevant third‑party API documentation.
 
-The action types for events and activities are determined by the source service, whether it is a first-party or third-party service. Microsoft Defender for Cloud Apps (MDA) supports a wide range of action types and is not restricted to specific ones.
+The action types for events and activities are determined by the source service, whether it's a first-party or third-party service. Microsoft Defender for Cloud Apps (MDA) supports a wide range of action types and isn't restricted to specific ones.
 For a full list of Microsoft 365 activities monitored by Defender for Cloud Apps, see [Search the audit log in the Microsoft Purview portal](/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance#audited-activities).
 
 
@@ -93,7 +94,7 @@ Selecting it opens the Activity drawer **User** tab provides the following insig
     - **ISPs**: The number of ISPs the user connected from in the past 30 days.
     - **IP addresses**: The number of IP addresses the user connected from in the past 30 days.
 
-:::image type="content" source="media/user-insights.png" alt-text="Screenshot that shows user insights, user activities and frequent alert locations for Defender for Cloud apps." lightbox="media/user-insights.png":::
+:::image type="content" source="media/user-insights.png" alt-text="Screenshot that shows user insights, user activities, and frequent alert locations for Defender for Cloud apps." lightbox="media/user-insights.png":::
 
 
 #### IP address insights
@@ -122,7 +123,7 @@ To view IP address insights:
         - Set as a VPN IP address and add to allowlist
         - Set as a Risky IP and add to blocklist
 
-:::image type="content" source="media/activity-filters/ip-address-insights.png" alt-text="Screenshot that shows Ip address activities over the last 30 days." lightbox="media/activity-filters/ip-address-insights.png":::
+:::image type="content" source="media/activity-filters/ip-address-insights.png" alt-text="Screenshot that shows IP address activities over the last 30 days." lightbox="media/activity-filters/ip-address-insights.png":::
 
 
 > [!NOTE]
 
@@ -3,6 +3,7 @@ title: Configure admin notifications
 description: This article provides instructions for setting admin preferences in Defender for Cloud Apps.
 ms.date: 01/29/2023
 ms.topic: how-to
+ms.reviewer: Naama-Goldbart 
 ---
 # Configure admin notifications
 
 
@@ -3,6 +3,7 @@ title: Create anomaly detection policies | Microsoft Defender for Cloud Apps
 description: This article provides a description of Anomaly detection policies and provides reference information about the building blocks of an anomaly detection policy.
 ms.date: 03/01/2023
 ms.topic: how-to
+ms.reviewer: Ronen-Refaeli
 ---
 
 # Create Defender for Cloud Apps anomaly detection policies
 
@@ -3,6 +3,7 @@ title: Investigate activities using the API
 description: This article provides information on how to use the API to investigate user activity in Defender for Cloud Apps.
 ms.date: 01/29/2023
 ms.topic: how-to
+ms.reviewer: Naama-Goldbart
 ---
 # Investigate activities using the API
 
@@ -18,7 +19,7 @@ The activities API mode is optimized for scanning and retrieval of large quantit
 ## To use the activity scan script
 
 1. Run the query on your data.
-1. If there are more records than could be listed in a single scan, you will get a return command with `nextQueryFilters` that you should run. You will get this command each time you scan until the query has returned all the results.
+1. If there are more records than could be listed in a single scan, you'll get a return command with `nextQueryFilters` that you should run. You'll get this command each time you scan until the query has returned all the results.
 
 ## Request body parameters
 
@@ -32,9 +33,9 @@ The activities API mode is optimized for scanning and retrieval of large quantit
 
 ## Response parameters
 
-- "data": the returned data. Will contain up to "limit" number of records each iteration. If there are more records to be pulled (hasNext=true), the last few records will be dropped to ensure that all data is listed only once.
+- "data": the returned data. Will contain up to "limit" number of records each iteration. If there are more records to be pulled (hasNext=true), the last few records are dropped to ensure that all data is listed only once.
 - "hasNext": Boolean. Denotes whether another iteration on the data is needed.
-- "nextQueryFilters": If another iteration is needed, it contains the consecutive JSON query to be run. Use this as the "filters" parameter in the next request. Note that if the "hasNext" parameter is set to False, this parameter will be missing since you've iterated over all of the data.
+- "nextQueryFilters": If another iteration is needed, it contains the consecutive JSON query to be run. Use this as the "filters" parameter in the next request. If the "hasNext" parameter is set to False, this parameter will be missing since you've iterated over all of the data.
 
 The following Python example gets all the activities from the past day from Exchange Online.
 
 
@@ -1,8 +1,9 @@
 ---
 title: Hunt for threats in app activities | Microsoft Defender for Cloud Apps
-ms.date: 05/23/2025
+ms.date: 08/18/2025
 ms.topic: how-to
 description: Learn how app governance in Microsoft Defender for Cloud Apps helps you hunt for resources accessed and activities carried out by apps in your environment.
+ms.reviewer: shragar
 ---
 
 # Hunt for threats in app activities
 
@@ -1,9 +1,10 @@
 ---
 title: Investigate app governance threat detection alerts | Microsoft Defender for Cloud Apps
-ms.date: 05/23/2025
+ms.date: 08/18/2025
 ms.topic: how-to
 ms.custom: has-azure-ad-ps-ref, azure-ad-ref-level-one-done
 description: Learn how to investigate threat detection alerts from app governance in Microsoft Defender XDR with Microsoft Defender for Cloud Apps.
+ms.reviewer: shragar
 ---
 
 # Investigate app governance threat detection alerts
 
@@ -1,7 +1,8 @@
 ---
 title: Create app governance policies | Microsoft Defender for Cloud Apps
-ms.date: 05/28/2023
+ms.date: 08/12/2025
 ms.topic: how-to
+ms.reviewer: shragar
 description: Learn how to create app policies on app governance.
 ---
 
@@ -25,7 +26,7 @@ Use app governance to create OAuth policies for apps connected to Microsoft 365,
 
 For apps connected to Microsoft Entra ID, create app policies from provided templates that can be customized, or create your own custom app policy.
 
-1. To create a new app policy for Microsoft 365 apps, go to **Microsoft Defender XDR** \> **App governance** \> **Policies** \> **Microsoft 365 **.
+1. To create a new app policy for Microsoft 365 apps, go to **Microsoft Defender XDR** \> **App governance** \> **Policies** \> **Microsoft 365**.
 
     For example:
 
@@ -38,7 +39,7 @@ For apps connected to Microsoft Entra ID, create app policies from provided temp
 
     For example:
 
-    :::image type="content" source="media/app-governance/app-governance-create-policy.png" alt-text="Screenshot of a Choose a policy template page.":::
+    :::image type="content" source="media/app-governance/app-governance-create-policy.png" alt-text="Screenshot showing the "Choose a policy template" interface." lightbox="media/app-governance/app-governance-create-policy.png":::
 
 ## App policy templates
 
@@ -87,17 +88,18 @@ Use a custom app policy when you need to do something not already done by one of
       - Medium
       - Low
 
-2. On the **Choose Policy settings and conditions** page, for **Choose which apps this policy is applicable for**, select:
+1. On the **Choose Policy settings and conditions** page, for **Choose which apps this policy is applicable for**, select:
    - All Apps
    - Choose specific apps
    - All apps except
 
-3. If you choose specific apps, or all apps except for this policy, select **Add apps** and select the desired apps from the list. In the **Choose apps** pane, you can select multiple apps to which this policy applies, and then select **Add**. Select **Next** when you're satisfied with the list.
+1. If you choose specific apps, or all apps except for this policy, select **Add apps** and select the desired apps from the list. In the **Choose apps** pane, you can select multiple apps to which this policy applies, and then select **Add**. Select **Next** when you're satisfied with the list.
 
-4. Select **Edit conditions**. Select **Add condition** and choose a condition from the list. Set the desired threshold for your selected condition. Repeat to add more conditions. Select **Save** to save the rule, and when you're finished adding rules, select **Next**.
+1. Select **Edit conditions** > **Add condition** and choose a condition from the list. Set the desired threshold for your selected condition. Repeat to add more conditions. 
+1. Select **Save** to save the rule, and when you're finished adding rules, select **Next**.
 
    > [!NOTE]
-   > Some policy conditions are only applicable to apps that access Graph API permissions. When evaluating apps that access only non-Graph APIs, app governance skips these policy conditions and proceed to check only other policy conditions.
+   > Some policy conditions are only applicable to apps that access Graph API permissions. When evaluating apps that access only non-Graph APIs, app governance skips these policy conditions and proceeds to check only other policy conditions.
 
 1. Here are the available conditions for a custom app policy:
 
@@ -127,16 +129,16 @@ Use a custom app policy when you need to do something not already done by one of
 
       All of the specified conditions must be met for this app policy to generate an alert.
 
-6. When you're done specifying the conditions, select **Save**, and then select **Next**.
+1. When you're done specifying the conditions, select **Save**, and then select **Next**.
 
-7. On the **Define Policy Actions** page, select **Disable app** if you want app governance to disable the app when an alert based on this policy is generated, and then select **Next**. Use caution when applying actions because a policy may affect users and legitimate app use.
+1. On the **Define Policy Actions** page, select **Disable app** if you want app governance to disable the app when an alert based on this policy is generated, and then select **Next**. Use caution when applying actions because a policy may affect users and legitimate app use.
 
-8. On the **Define Policy Status** page, select one of these options:
+1. On the **Define Policy Status** page, select one of these options:
    - **Audit mode**: Policies are evaluated but configured actions won't occur. Audit mode policies appear with the status of **Audit** in the list of policies. You should use Audit mode for testing a new policy.
    - **Active**: Policies are evaluated and configured actions will occur.
    - **Inactive**: Policies aren't evaluated and configured actions won't occur.
 
-9. Carefully review all parameters of your custom policy. Select **Submit** when you're satisfied. You can also go back and change settings by selecting **Edit** beneath any of the settings.
+1. Carefully review all parameters of your custom policy. Select **Submit** when you're satisfied. You can also go back and change settings by selecting **Edit** beneath any of the settings.
 
 ## Test and monitor your new app policy
 
@@ -153,9 +155,9 @@ Here's an example of a process for creating a new policy, testing it, and then m
 3. If the behavior isn't expected, edit the policy apps, conditions, and action settings as needed and go back to step 2.
 4. If the behavior is expected, edit the policy and change its status to **Active**.
 
-For example, the following flow chart shows the steps involved:
+    For example, the following flow chart shows the steps involved:
 
-:::image type="content" source="media/app-governance/mapg-create-new-policy-process.png" alt-text="Diagram of the create app policy workflow." lightbox="media/app-governance/mapg-create-new-policy-process.png" border="false":::
+    :::image type="content" source="media/app-governance/mapg-create-new-policy-process.png" alt-text="Screenshot illustrating the steps involved in the create app policy workflow." lightbox="media/app-governance/mapg-create-new-policy-process.png" border="false":::
 
 ## Create a new policy for OAuth apps connected to Salesforce and Google Workspace
 
 
@@ -1,8 +1,9 @@
 ---
 title: Learn about app policies with app governance | Microsoft Defender for Cloud Apps
-ms.date: 05/23/2025
+ms.date: 08/18/2025
 ms.topic: overview
 description: Learn about app governance policies with Microsoft Defender for Cloud Apps in Microsoft Defender XDR.
+ms.reviewer: shragar
 ---
 
 # Learn about app policies