Merge pull request #3299 from MicrosoftDocs/main

Publish main to live, 03/27/25, 10:30 AM PDT

Author: Ruchika-mittal01

ATPDocs/troubleshooting-known-issues.md

@@ -224,7 +224,7 @@ Suggested possible workarounds:
 
 ## VMware virtual machine sensor issue
 
-If you have a Defender for Identity sensor on VMware virtual machines, you might receive one or both of the following health alerts **Some network traffic is not being analyzed** and **Network configuratuin mismatch for sensors running on VMware**. This can happen because of a configuration mismatch in VMware.
+If you have a Defender for Identity sensor on VMware virtual machines, you might receive one or both of the following health alerts **Some network traffic is not being analyzed** and **Network configuration mismatch for sensors running on VMware**. This can happen because of a configuration mismatch in VMware.
 
 To resolve the issue:
 
@@ -422,7 +422,7 @@ Uninstall the certificate management client, install the Defender for Identity s
 
 >[!NOTE]
 >
->The self-signed certificate is renewed every 2 years, and the auto-renewal process might fail if the certificate management client prevents the self-signed certificate creation.
+> The self-signed certificate is renewed every 2 years, and the auto-renewal process might fail if the certificate management client prevents the self-signed certificate creation.
 > This will cause the sensor to stop communicating with the backend, which will require a sensor reinstallation using the workaround mentioned above.
 
 ## Sensor installation fails due to network connectivity issues
@@ -445,7 +445,6 @@ For more information, see [Run a silent installation with a proxy configuration]
 
 > [!IMPORTANT]
 > Microsoft recommends that you use the most secure authentication flow available. The authentication flow described in this procedure requires a very high degree of trust in the application, and carries risks that aren't present in other flows. You should only use this flow when other more secure flows, such as managed identities, aren't viable.
->
 
 ## Sensor service couldn't run and remains in Starting state
 
@@ -486,6 +485,22 @@ The issue can come up when a Defender for Identity workspace license expires and
    - "Azure ATP workspaceName Users" -> "Azure ATP workspaceName Users - old"
 1. Then you can go back in the [Microsoft Defender portal](https://security.microsoft.com), to the [Settings](https://security.microsoft.com/securitysettings) -> [Identities](https://security.microsoft.com/settings/identities) section to create the new workspace for Defender for Identity.
 
+## Entra Connect sensor experiences loss of database permissions following the update to Microsoft Entra Connect 
+
+**Cause:**
+
+Updating Microsoft Entra Connect may cause the Entra Connect sensor to lose previously configured database permissions. To investigate, check the Microsoft Defender logs for relevant indicators. Refer to [Troubleshooting Microsoft Defender for Identity sensor using the Defender for Identity logs](troubleshooting-using-logs.md) for log locations and further details.
+
+Sample logs that may indicate the issue:
+
+`GetEntraConnectGlobalSettingsAsync GetEntraConnectGlobalSettingsAsync failed. Exception - The EXECUTE permission was denied on the object 'mms_get_globalsettings', database Contoso', schema 'dbo'`
+
+`GetEntraConnectConnectivityParametersAsync GetEntraConnectConnectivityParametersAsync failed. Exception - The EXECUTE permission was denied on the object 'mms_get_connectors', database Contoso, schema 'dbo'`
+
+**Resolution:**
+
+If permissions need to be reconfigured, please follow the steps outlined in this [guide](deploy/active-directory-federation-services.md).
+
 ## Next steps
 
 - [Defender for Identity prerequisites](deploy/prerequisites.md)

defender-endpoint/alerts-queue-endpoint-detection-response.md

@@ -4,8 +4,8 @@ ms.reviewer:
 description: View and manage the alerts surfaced in Microsoft Defender XDR
 keywords:
 ms.service: defender-endpoint
-ms.author: deniseb
-author: denisebmsft
+ms.author: ewalsh
+author: emmwalshh
 ms.localizationpriority: medium
 manager: deniseb
 audience: ITPro
@@ -14,7 +14,7 @@ ms.collection:
 - tier1
 - mde-edr
 ms.topic: conceptual
-ms.date: 02/15/2024
+ms.date: 03/26/2025
 ms.subservice: edr
 search.appverid: met150
 ---

defender-endpoint/alerts-queue.md

@@ -2,8 +2,8 @@
 title: View and organize the Microsoft Defender for Endpoint Alerts queue
 description: Learn about how the Microsoft Defender for Endpoint alerts queues work, and how to sort and filter lists of alerts.
 ms.service: defender-endpoint
-ms.author: deniseb
-author: denisebmsft
+ms.author: ewalsh
+author: emmwalshh
 ms.localizationpriority: medium
 manager: deniseb
 audience: ITPro
@@ -12,7 +12,7 @@ ms.collection:
 - tier1
 - mde-edr
 ms.topic: conceptual
-ms.date: 02/15/2024
+ms.date: 03/26/2025
 ms.subservice: edr
 search.appverid: met150
 ---

defender-endpoint/attack-surface-reduction-rules-deployment-operationalize.md

@@ -5,8 +5,8 @@ ms.service: defender-endpoint
 ms.subservice: asr
 ms.localizationpriority: medium
 audience: ITPro
-author: denisebmsft
-ms.author: deniseb
+author: emmwalshh
+ms.author: ewalsh
 ms.reviewer: sugamar, yongrhee
 manager: deniseb
 ms.custom: asr
@@ -17,7 +17,7 @@ ms.collection:
 - highpri
 - tier1
 - mde-asr
-ms.date: 03/10/2025
+ms.date: 03/26/2025
 search.appverid: met150
 ---
 

defender-endpoint/attack-surface-reduction-rules-deployment-test.md

@@ -5,8 +5,8 @@ ms.service: defender-endpoint
 ms.subservice: asr
 ms.localizationpriority: medium
 audience: ITPro
-author: denisebmsft
-ms.author: deniseb
+author: emmwalshh
+ms.author: ewalsh
 ms.reviewer: sugamar
 manager: deniseb
 ms.custom: asr
@@ -17,7 +17,7 @@ ms.collection:
  - highpri
  - tier1
  - mde-asr
-ms.date: 08/14/2023
+ms.date: 03/26/2025
 search.appverid: met150
 ---
 

defender-endpoint/auto-investigation-action-center.md

@@ -3,8 +3,8 @@ title: Visit the Action center to see remediation actions
 description: Use the action center to view details and results following an automated investigation
 ms.service: defender-endpoint
 ms.subservice: edr
-author: denisebmsft
-ms.author: deniseb
+author: emmwalshh
+ms.author: ewalsh
 ms.localizationpriority: medium
 manager: deniseb
 audience: ITPro
@@ -16,7 +16,7 @@ ms.custom: admindeeplinkDEFENDER
 ms.topic: how-to
 ms.reviewer: ramarom, evaldm, isco, mabraitm, chriggs
 search.appverid: met150
-ms.date: 02/21/2024
+ms.date: 03/26/2025
 ---
 
 # Visit the Action center to see remediation actions

defender-endpoint/behavioral-blocking-containment.md

@@ -2,8 +2,8 @@
 title: Behavioral blocking and containment
 description: Learn about behavioral blocking and containment capabilities at Microsoft Defender for Endpoint
 author: denisebmsft
-ms.author: deniseb
-manager: deniseb
+ms.author: ewalsh
+manager: emmwalshh
 ms.reviewer: shwetaj
 audience: ITPro
 ms.topic: conceptual
@@ -15,7 +15,7 @@ ms.collection:
 - m365-security
 - tier2
 search.appverid: met150
-ms.date: 02/29/2024
+ms.date: 03/29/2025
 ---
 
 # Behavioral blocking and containment

defender-endpoint/check-sensor-status.md

@@ -3,16 +3,16 @@ title: Check the device health at Microsoft Defender for Endpoint
 description: Check the sensor health on devices to identify which ones are misconfigured, inactive, or aren't reporting sensor data.
 ms.service: defender-endpoint
 ms.subservice: onboard
-ms.author: deniseb
-author: denisebmsft
+ms.author: ewalsh
+author: emmwalshh
 ms.localizationpriority: medium
 manager: deniseb
 audience: ITPro
 ms.collection: 
 - m365-security
 - tier2
 ms.topic: conceptual
-ms.date: 05/16/2023
+ms.date: 03/26/2025
 search.appverid: met150
 ---
 

defender-endpoint/conditional-access.md

@@ -4,16 +4,16 @@ description: Enable Conditional Access to prevent applications from running if a
 search.appverid: met150
 ms.service: defender-endpoint
 ms.subservice: onboard
-ms.author: deniseb
-author: denisebmsft
+ms.author: ewalsh
+author: emmwalshh
 ms.localizationpriority: medium
 manager: deniseb
 audience: ITPro
 ms.collection: 
 - m365-security
 - tier3
 ms.topic: conceptual
-ms.date: 12/18/2020
+ms.date: 03/26/2025
 ---
 
 # Enable Conditional Access to better protect users, devices, and data

defender-endpoint/configure-endpoints-script.md

@@ -3,8 +3,8 @@ title: Onboard Windows devices using a local script
 description: Use a local script to deploy the configuration package on devices to enable onboarding of the devices to the service.
 search.appverid: met150
 ms.service: defender-endpoint
-ms.author: deniseb
-author: denisebmsft
+ms.author: ewalsh
+author: emmwalshh
 ms.reviewer: pahuijbr
 ms.localizationpriority: medium
 manager: deniseb
@@ -15,7 +15,7 @@ ms.collection:
 ms.custom: admindeeplinkDEFENDER
 ms.topic: conceptual
 ms.subservice: onboard
-ms.date: 02/29/2024
+ms.date: 03/26/2025
 ---
 
 # Onboard Windows devices using a local script