MicrosoftDocs
diff --git a/‎.openpublishing.redirection.ata-atp.json‎
Lines changed: 25 additions & 0 deletions b/‎.openpublishing.redirection.ata-atp.json‎
Lines changed: 25 additions & 0 deletions
diff --git a/‎ATPDocs/alerts-mdi-classic.md‎
Lines changed: 145 additions & 0 deletions b/‎ATPDocs/alerts-mdi-classic.md‎
Lines changed: 145 additions & 0 deletions
diff --git a/‎ATPDocs/alerts-overview.md‎
Lines changed: 20 additions & 92 deletions b/‎ATPDocs/alerts-overview.md‎
Lines changed: 20 additions & 92 deletions
diff --git a/‎ATPDocs/alerts-xdr.md‎
Lines changed: 144 additions & 0 deletions b/‎ATPDocs/alerts-xdr.md‎
Lines changed: 144 additions & 0 deletions
diff --git a/‎ATPDocs/assign-multi-factor-authentication-okta-privileged-user-accounts.md‎
Lines changed: 5 additions & 0 deletions b/‎ATPDocs/assign-multi-factor-authentication-okta-privileged-user-accounts.md‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎ATPDocs/cef-format-sa.md‎
Lines changed: 3 additions & 3 deletions b/‎ATPDocs/cef-format-sa.md‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎ATPDocs/credential-access-alerts.md‎
Lines changed: 0 additions & 453 deletions b/‎ATPDocs/credential-access-alerts.md‎
Lines changed: 0 additions & 453 deletions
diff --git a/‎ATPDocs/lateral-movement-alerts.md‎
Lines changed: 0 additions & 421 deletions b/‎ATPDocs/lateral-movement-alerts.md‎
Lines changed: 0 additions & 421 deletions
diff --git a/‎ATPDocs/other-alerts.md‎
Lines changed: 0 additions & 337 deletions b/‎ATPDocs/other-alerts.md‎
Lines changed: 0 additions & 337 deletions
diff --git a/‎ATPDocs/persistence-privilege-escalation-alerts.md‎
Lines changed: 0 additions & 433 deletions b/‎ATPDocs/persistence-privilege-escalation-alerts.md‎
Lines changed: 0 additions & 433 deletions
@@ -140,6 +140,31 @@
       "redirect_url": "manage-security-alerts",
       "redirect_document_id": false
     },
+    {
+      "source_path": "ATPDocs/credential-access-alerts.md",
+      "redirect_url": "alerts-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "ATPDocs/persistence-privilege-escalation-alerts.md",
+      "redirect_url": "alerts-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "ATPDocs/reconnaissance-discovery-alerts.md",
+      "redirect_url": "alerts-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "ATPDocs/lateral-movement-alerts.md",
+      "redirect_url": "alerts-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "ATPDocs/other-alerts.md",
+      "redirect_url": "alerts-overview",
+      "redirect_document_id": false
+    },
     {
       "source_path": "ATPDocs/classic-activities-filtering-mcas.md",
       "redirect_url": "/previous-versions/defender-for-identity/classic-activities-filtering-mcas",
 
@@ -12,6 +12,11 @@ ms.reviewer: Himanch
 
 This report lists any Okta privileged accounts that don't have any multifactor authentication (MFA) methods assigned. 
 
+## Prerequisites
+
+To use this security assessment, you must first connect your Okta instance in the Microsoft Defender portal.  
+For setup instructions, see [Connect your Okta instance](/defender-for-identity/okta-integration#connect-okta-to-defender-for-identity).
+
 ## Why is a privileged account without MFA a security risk?
 
 All privileged accounts should have multifactor authentication (MFA) enabled to strengthen security. By ensuring that privileged accounts such as Super Admin or Org Admin roles are secured with MFA, organizations can significantly reduce the risk of unauthorized access from compromised credentials. This strategy helps prevent attackers from gaining elevated access, safeguarding sensitive resources and protecting critical administrative functions from abuse.
 
@@ -40,14 +40,14 @@ The cs2 field identifies if the alert is new or updated.
 The cs3 field identifies the fully qualified domain name of the source computer name.
 
 > [!NOTE]
-> If you plan to create automation or scripts for Defender for Identity SIEM logs, we recommend using the **externalId** field to identify the alert type instead of using the alert name for this purpose. Alert names may occasionally be modified, while the **externalId** of each alert is permanent. For a list of external IDs, see [Security alert name mapping and unique external IDs](alerts-overview.md#map-security-alerts-to-unique-external-id-and-mitre-attck-matrix-tactics).
+> If you plan to create automation or scripts for Defender for Identity SIEM logs, we recommend using the **externalId** field to identify the alert type instead of using the alert name for this purpose. Alert names may occasionally be modified, while the **externalId** of each alert is permanent. For a list of external IDs, see [Security alerts](alerts-overview.md).
 
 ## Sample logs
 
 The log examples comply with RFC 5424, but Defender for Identity also supports RFC 3164.
 
 >[!NOTE]
->The list below is a sample of logs sent to a SIEM. For a full list of alert details, see [Security alert name mapping and unique external IDs](alerts-overview.md#map-security-alerts-to-unique-external-id-and-mitre-attck-matrix-tactics).
+>The list below is a sample of logs sent to a SIEM. For a full list of alert details, see [Security alerts](alerts-overview.md).
 
 Priorities:
 
@@ -197,7 +197,7 @@ Priorities:
 
 ## See Also
 
-- [Security alert name mapping and unique external IDs](alerts-overview.md#map-security-alerts-to-unique-external-id-and-mitre-attck-matrix-tactics).
+- [Security alerts](alerts-overview.md).
 - [Configure event collection](deploy/configure-event-collection.md)
 - [Configuring Windows event forwarding](deploy/configure-event-forwarding.md)
 - [Check out the Defender for Identity forum](https://aka.ms/MDIcommunity)