MicrosoftDocs
diff --git a/‎defender-endpoint/attack-surface-reduction-rules-reference.md‎
Lines changed: 1 addition & 1 deletion b/‎defender-endpoint/attack-surface-reduction-rules-reference.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎defender-endpoint/media/mde-onboard-winserver20122016-ui.png‎
124 KB b/‎defender-endpoint/media/mde-onboard-winserver20122016-ui.png‎
124 KB
diff --git a/‎defender-endpoint/media/mde-onboard-winserver201920222025-ui.png‎
125 KB b/‎defender-endpoint/media/mde-onboard-winserver201920222025-ui.png‎
125 KB
diff --git a/‎defender-endpoint/onboard-server.md‎
Lines changed: 59 additions & 54 deletions b/‎defender-endpoint/onboard-server.md‎
Lines changed: 59 additions & 54 deletions
diff --git a/‎defender-endpoint/server-migration.md‎
Lines changed: 5 additions & 5 deletions b/‎defender-endpoint/server-migration.md‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎defender-endpoint/switch-to-mde-phase-2.md‎
Lines changed: 1 addition & 1 deletion b/‎defender-endpoint/switch-to-mde-phase-2.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎defender-endpoint/troubleshoot-onboarding.md‎
Lines changed: 1 addition & 1 deletion b/‎defender-endpoint/troubleshoot-onboarding.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎defender-endpoint/verify-connectivity.md‎
Lines changed: 1 addition & 1 deletion b/‎defender-endpoint/verify-connectivity.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎defender-xdr/threat-analytics.md‎
Lines changed: 7 additions & 6 deletions b/‎defender-xdr/threat-analytics.md‎
Lines changed: 7 additions & 6 deletions
diff --git a/‎defender/media/threat-analytics/ta-dashboard-tags.png‎
-3.22 KB b/‎defender/media/threat-analytics/ta-dashboard-tags.png‎
-3.22 KB
@@ -136,7 +136,7 @@ The following table lists the supported operating systems for rules that are cur
 | [Use advanced protection against ransomware](#use-advanced-protection-against-ransomware) | Y <br> version 1803 or later | Y | Y |
 
 > [!NOTE]
-> - For Windows Server 2012 R2 and Windows Server 2016, see [Onboard Windows Server 2012 R2 and Windows Server 2016](onboard-server.md#onboard-windows-server-2012-r2-and-windows-server-2016). 
+> - For Windows Server 2012 R2 and Windows Server 2016, see [Onboard Windows Server 2016 and Windows Server 2012 R2](onboard-server.md#onboard-windows-server-2016-and-windows-server-2012-r2). 
 > - If you're using Configuration Manager, the minimum required version of Microsoft Endpoint Configuration Manager is version 2111.
 > - For Windows client devices, "version 1809 or later" and "version 1903 (build 18362)" apply to Windows 10 only.
 
 
@@ -6,7 +6,7 @@ ms.service: defender-endpoint
 author: emmwalshh
 ms.author: ewalsh
 ms.localizationpriority: medium
-ms.date: 04/06/2025
+ms.date: 04/16/2025
 manager: deniseb
 audience: ITPro
 ms.collection:
@@ -47,7 +47,7 @@ To facilitate upgrades when Microsoft Endpoint Configuration Manager isn't yet a
 
 2. Remove System Center Endpoint Protection (SCEP) client if installed.
 
-3. Review the [Prerequisites for Windows Server 2016 and Windows Server 2012 R2](onboard-server.md#prerequisites-for-windows-server-2016-and-windows-server-2012-r2).
+3. Review the [Prerequisites for Windows Server 2016 and 2012 R2](onboard-server.md#prerequisites-for-windows-server-2016-and-2012-r2).
 
 4. Enable and update the Microsoft Defender Antivirus feature on Windows Server 2016.
 
@@ -70,13 +70,13 @@ For instructions on how to migrate using Configuration Manager older than versio
 
 ## If you are running a non-Microsoft antivirus solution
 
-1. Fully update the machine including Microsoft Defender Antivirus (Windows Server 2016) ensuring [prerequisites for Windows Server 2016](onboard-server.md#prerequisites-for-windows-server-2016-and-windows-server-2012-r2) are met.
+1. Fully update the machine including Microsoft Defender Antivirus (Windows Server 2016) ensuring [Prerequisites for Windows Server 2016 and 2012 R2](onboard-server.md#prerequisites-for-windows-server-2016-and-2012-r2) are met.
 
 2. Ensure your non-Microsoft antivirus management solution no longer pushes antivirus agents to these machines.
 
 3. Author your policies for the protection capabilities in Defender for Endpoint and target those to the machine in the tool of your choice.
 
-4. Install the Defender for Endpoint package for Windows Server 2012 R2 and Windows Server 2016, and set it to passive mode. See [Onboard Windows Server 2012 R2 and Windows Server 2016](onboard-server.md#onboard-windows-server-2012-r2-and-windows-server-2016).
+4. Install the Defender for Endpoint package for Windows Server 2012 R2 and Windows Server 2016, and set it to passive mode. 
 
 5. Apply the onboarding script **for use with Group Policy** downloaded from the [Microsoft Defender portal](https://security.microsoft.com).
 
@@ -98,7 +98,7 @@ In the preceding procedure, steps 2 and 7 apply only if you intend to replace yo
 
 ## If you are running System Center Endpoint Protection but aren't managing the machine using Configuration Manager (MECM/ConfigMgr)
 
-1. Fully update the device, including Microsoft Defender Antivirus (on Windows Server 2016) ensuring [prerequisites](onboard-server.md#prerequisites-for-windows-server-2016-and-windows-server-2012-r2) are met.
+1. Fully update the device, including Microsoft Defender Antivirus (on Windows Server 2016) ensuring [Prerequisites for Windows Server 2016 and 2012 R2](onboard-server.md#prerequisites-for-windows-server-2016-and-2012-r2) are met.
 
 2. Create and apply policies using Group Policy, PowerShell, or a non-Microsoft management solution.
 
 
@@ -78,7 +78,7 @@ If Microsoft Defender Antivirus features and installation files were previously
 
 ### Are you using Windows Server 2012 R2 or Windows Server 2016?
 
-You can now run Microsoft Defender Antivirus in passive mode on Windows Server 2012 R2 and 2016 using the method described in the previous section. For more information, see [Onboarding Windows Server 2016 and Windows Server 2012 R2](onboard-server.md#onboarding-windows-server-2016-and-windows-server-2012-r2).
+You can now run Microsoft Defender Antivirus in passive mode on Windows Server 2012 R2 and 2016 using the method described in the previous section. For more information, see [Onboarding Windows Server 2016 and Windows Server 2012 R2](onboard-server.md#onboard-windows-server-2016-and-windows-server-2012-r2).
 
 ## Step 2: Configure Defender for Endpoint Plan 1 or Plan 2
 
 
@@ -305,7 +305,7 @@ If you encounter issues while onboarding a server, go through the following veri
 
 - Ensure Microsoft Monitoring Agent (MMA) is installed and configured to report sensor data to the service
 - Ensure that the server proxy and Internet connectivity settings are configured properly
-- See [Onboard Windows Server 2012 R2 and Windows Server 2016](onboard-server.md#onboard-windows-server-2012-r2-and-windows-server-2016)
+- See [Onboard Windows Server 2016 and Windows Server 2012 R2](onboard-server.md#onboard-windows-server-2016-and-windows-server-2012-r2)
 
 You might also need to check the following:
 
 
@@ -108,7 +108,7 @@ For more info on how to access streamlined onboarding script, see [Onboarding de
 
  See the following guidance to eliminate the wildcard (*) requirement for your specific environment when using the Microsoft Monitoring Agent (MMA) for previous versions of Windows.
 
-1. Onboard a previous operating system with the Microsoft Monitoring Agent (MMA) into Defender for Endpoint (for more information, see [Onboard Windows Server 2012 R2 and Windows Server 2016](onboard-server.md#onboard-windows-server-2012-r2-and-windows-server-2016).
+1. Onboard a previous operating system with the Microsoft Monitoring Agent (MMA) into Defender for Endpoint. For more information, see [Onboard Windows Server 2016 and Windows Server 2012 R2](onboard-server.md#onboard-windows-server-2016-and-windows-server-2012-r2).
 
 2. Ensure the machine is successfully reporting into the Microsoft Defender portal.
 
 
@@ -20,7 +20,7 @@ ms.custom:
 - cx-ta
 - seo-marvel-apr2020
 search.appverid: met150
-ms.date: 03/26/2025
+ms.date: 04/17/2025
 ---
 
 # Threat analytics in Microsoft Defender XDR
@@ -91,21 +91,22 @@ Select a threat from the dashboard to view the report for that threat. You can a
 
 You can filter the threat report list and view the most relevant reports according to a specific threat type or by type of report.
 
-- **Threat tags**—assist you in viewing the most relevant reports according to a specific threat category. For example, the **Ransomware** tag includes all reports related to ransomware.
 - **Report types**—assist you in viewing the most relevant reports according to a specific report type. For example, the **Tools & techniques** tag includes all reports that cover tools and techniques.
+- **Threat tags**—assist you in viewing the most relevant reports according to a specific threat category. For example, the **Ransomware** tag includes all reports related to ransomware.
+
 
 The different tags have equivalent filters that assist you in efficiently reviewing the threat report list and filtering the view based on a specific threat tag or report type. For example, to view all threat reports related to ransomware category, or threat reports that involve vulnerabilities.
 
+Report types are presented at the top of the threat analytics page. There are counters for the number of available reports under each type.
+
+:::image type="content" source="/defender/media/threat-analytics/ta-dashboard-tags.png" alt-text="Screenshot of the threat analytics report types." lightbox="/defender/media/threat-analytics/ta-dashboard-tags.png":::
+
 The Microsoft Threat Intelligence team adds threat tags to each threat report. The following threat tags are currently available:
   - Ransomware
   - Phishing
   - Activity group
   - Vulnerability
 
-Threat tags are presented at the top of the threat analytics page. There are counters for the number of available reports under each tag.
-
-:::image type="content" source="/defender/media/threat-analytics/ta-dashboard-tags.png" alt-text="Screenshot of the threat analytics report tags." lightbox="/defender/media/threat-analytics/ta-dashboard-tags.png":::
-
 To set the types of reports you want in the list, select **Filters**, choose from the list, and select **Apply**. 
 
   :::image type="content" source="/defender/media/threat-analytics/ta-threattag-filters-mtp-tb.png" alt-text="Screenshot of the Filters list." lightbox="/defender/media/threat-analytics/ta-threattag-filters-mtp.png":::