Merge branch 'main' into maccruz-identityinfo

Author: schmurky

.openpublishing.redirection.defender-endpoint.json

@@ -1,5 +1,15 @@
 {
   "redirections": [
+    {
+      "source_path": "defender-endpoint/threat-analytics-analyst-reports.md",
+      "redirect_url": "/defender-xdr/threat-analytics-analyst-reports",
+      "redirect_document_id": false
+    },    
+    {
+      "source_path": "defender-endpoint/threat-analytics.md",
+      "redirect_url": "/defender-xdr/threat-analytics",
+      "redirect_document_id": false
+    },    
     {
       "source_path": "defender-endpoint/configure-microsoft-threat-experts.md",
       "redirect_url": "/defender-xdr/defender-experts-for-hunting",

ATPDocs/whats-new.md

@@ -22,6 +22,13 @@ For more information, see also:
 
 For updates about versions and features released six months ago or earlier, see the [What's new archive for Microsoft Defender for Identity](whats-new-archive.md).
 
+## March 2025
+
+### New LDAP query events added to the IdentityQueryEvents table in Advanced Hunting
+New LDAP query events will be added by March 6th to the `IdentityQueryEvents` table in Advanced Hunting to provide more visibility into additional LDAP search queries running in the customer environment.
+This update may lead to an increase in activity within the Advanced Hunting IdentityQueryEvents table for LDAP queries. If you have custom detections related to these queries, you may see a higher number of triggered alerts.
+We recommend that you review your existing custom detections to ensure they align with your objectives. If needed, you can adjust your query accordingly.
+
 ## February 2025
 
 ### DefenderForIdentity PowerShell module updates (version 1.0.0.3)
@@ -67,6 +74,12 @@ We have added and updated the following events in the `IdentityDirectoryEvents`
 
 Additionally, the **built-in schema reference** for Advanced Hunting in Microsoft Defender XDR has been updated to include detailed information on all supported event types (**`ActionType`** values) in identity-related tables, ensuring complete visibility into available events. For more information, see [Advanced hunting schema details](/defender-xdr/advanced-hunting-schema-tables).
 
+## January 2025
+
+### New Identity guide tour
+
+Explore key MDI features with the new **Identities Tour** in the M365 portal. Navigate Incidents, Hunting, and Settings to enhance identity security and threat investigation.
+
 ## December 2024
 
 ### New security posture assessment: Prevent Certificate Enrollment with arbitrary Application Policies (ESC15)

CloudAppSecurityDocs/tutorial-dlp.md

@@ -79,7 +79,6 @@ Our approach to information protection can be split into the following phases th
     1. Under **Inspection method**, choose and configure one of the following classification services:
 
         - **[Data Classification Services](dcs-inspection.md)**: Uses classification decisions you've made across Microsoft 365, Microsoft Purview Information Protection, and Defender for Cloud Apps to provide a unified labeling experience. This is the preferred content inspection method as it provides a consistent and unified experience across Microsoft products.
-        - **[Built-in DLP](content-inspection-built-in.md)**: Inspects files for sensitive information using our built-in DLP content inspection engine.
 
     1. For highly sensitive files, select **Create an alert** and choose the alerts you require, so that you're informed when there are files with unprotected sensitive information in your organization.
     1. Select **Create**.

defender-business/get-defender-business.md

@@ -9,7 +9,7 @@ audience: Admin
 ms.topic: overview
 ms.service: defender-business
 ms.localizationpriority: medium
-ms.date: 06/07/2024
+ms.date: 02/28/2025
 ms.reviewer: efratka
 f1.keywords: NOCSH
 ms.collection:
@@ -35,12 +35,30 @@ Sections include:
 
 To get Defender for Business, you can choose from several options:
 
+- Work with a Microsoft partner who can help you get everything set up and configured.
 - Try or buy the standalone version of Defender for Business.
 - Get Microsoft 365 Business Premium, which includes Defender for Business.
-- Work with a Microsoft partner who can help you get everything set up and configured.
 
 Use the following tabs to learn more about each option.
 
+## [Work with a Microsoft partner](#tab/findpartner)
+
+Microsoft has a list of solution providers who are authorized to sell offerings, including Microsoft 365 Business Premium and Microsoft Defender for Business. If you'd prefer to work with a Microsoft partner, you can follow these steps to find a solution provider in your area:
+
+1. Go to [Browse Partners](https://appsource.microsoft.com/en-us/marketplace/partner-dir).
+
+2. In the **Filters** pane, specify search criteria, such as:
+
+   - Your location
+   - Your organization's size
+   - **Focus areas**, such as **Security** and/or **Threat Protection**
+
+   - **Services**, such as **Licensing** or **Managed Services (MSP)**
+
+   As soon as you select one or more criteria, the list of partners updates.
+
+3. Review the list of results. Select a provider to learn more about their expertise and the services they provide.
+
 ## [Get Defender for Business (standalone)](#tab/getmdb)
 
 Defender for Business provides advanced security protection for your company's devices. For more information, see [What is Microsoft Defender for Business](mdb-overview.md)?
@@ -77,24 +95,6 @@ Microsoft 365 Business Premium includes Defender for Business, Microsoft Defende
 > [!IMPORTANT]
 > Make sure to complete all the steps described in [Microsoft 365 Business Premium – productivity and cybersecurity for small business](/Microsoft-365/business-premium/m365bp-overview).
 
-## [Work with a Microsoft partner](#tab/findpartner)
-
-Microsoft has a list of solution providers who are authorized to sell offerings, including Microsoft 365 Business Premium and Microsoft Defender for Business. If you'd prefer to work with a Microsoft partner, you can follow these steps to find a solution provider in your area:
-
-1. Go to the [Browse Partners](https://appsource.microsoft.com/en-us/marketplace/partner-dir).
-
-2. In the **Filters** pane, specify search criteria, such as:
-
-   - Your location
-   - Your organization's size
-   - **Focus areas**, such as **Security** and/or **Threat Protection**
-
-   - **Services**, such as **Licensing** or **Managed Services (MSP)**
-
-   As soon as you select one or more criteria, the list of partners updates.
-
-3. Review the list of results. Select a provider to learn more about their expertise and the services they provide.
-
 ---
 
 ## How to get Microsoft Defender for Business servers
@@ -113,7 +113,7 @@ Microsoft Defender for Business servers is an add-on to Defender for Business th
 >
 > - In order to add on Microsoft Defender for Business servers, you'll need at least one paid license for [Defender for Business](mdb-overview.md) (standalone) or [Microsoft 365 Business Premium](/Microsoft-365/business-premium/m365bp-overview).
 > - There's a limit of 60 Microsoft Defender for Business servers licenses per subscription to Microsoft 365 Business Premium or Defender for Business.
-> - If preferred, you could use [Microsoft Defender for Servers Plan 1 or Plan 2](/azure/defender-for-cloud/plan-defender-for-servers) instead to onboard your servers. To learn more, see [What happens if I have a mix of Microsoft endpoint security subscriptions](mdb-faq.yml#what-happens-if-i-have-a-mix-of-microsoft-endpoint-security-subscriptions)?
+> - If preferred, you could use [Microsoft Defender for Servers Plan 1 or Plan 2](/azure/defender-for-cloud/plan-defender-for-servers) instead to onboard your servers. 
 
 ## Portals you use for setup and management