Merge pull request #4821 from LiorShapiraa/docs-editor/unmonitored-entra-connect-serv-1756105004

aditisrivastava07 · web-flow · commit 51e6ed80122d · 2025-08-25T17:56:33.000+05:30
Update unmonitored-entra-connect-servers.md
diff --git a/ATPDocs/unmonitored-entra-connect-servers.md b/ATPDocs/unmonitored-entra-connect-servers.md
@@ -23,7 +23,7 @@ If an attacker compromises a Microsoft Entra Connect server, they can inject sha
 These servers operate at the intersection of on-premises and cloud identity, making them a prime target for privilege escalation and stealthy persistence. Without monitoring, such attacks can go undetected. Deploying Microsoft Defender for Identity version 2.0 sensors on Microsoft Entra Connect servers is critical. These sensors help detect suspicious activity in real time, protect the integrity of your hybrid identity bridge, and prevent full-domain compromise from a single point of failure.
 
 > [!NOTE]
-> This security assessment is only available if Microsoft Defender for Endpoint detects eligible Microsoft Entra Connect servers in the environment.
+> This security assessment is only available if Microsoft Defender for Endpoint detects eligible Microsoft Entra Connect servers in the environment. In some cases, servers running Entra Connect might not be identified with the required role and therefore will not appear in this assessment, even if they exist in the environment.
 
 ## How do I use this security assessment? 
 
