Merge branch 'main' into patch-9

Author: chrisda

ATPDocs/security-assessment-edit-misconfigured-acl.md

@@ -5,7 +5,7 @@ ms.date: 11/20/2023
 ms.topic: how-to
 ---
 
-# Security assessment: Edit misconfigured certificate templates ACL (ESC4)  (Preview)
+# Security assessment: Edit misconfigured certificate templates ACL (ESC4)
 
 This article describes Microsoft Defender for Identity's **Misconfigured certificate template ACL** security posture assessment report.
 

ATPDocs/security-assessment-edit-misconfigured-ca-acl.md

@@ -5,7 +5,7 @@ ms.date: 11/14/2023
 ms.topic: how-to
 ---
 
-# Security assessment: Edit misconfigured Certificate Authority ACL (ESC7)  (Preview)
+# Security assessment: Edit misconfigured Certificate Authority ACL (ESC7)
 
 This article describes Microsoft Defender for Identity's **Misconfigured certificate authority ACL** security posture assessment report.
 

ATPDocs/security-assessment-edit-misconfigured-enrollment-agent.md

@@ -5,7 +5,7 @@ ms.date: 11/20/2023
 ms.topic: how-to
 ---
 
-# Security assessment: Edit misconfigured enrollment agent certificate template (ESC3)  (Preview)
+# Security assessment: Edit misconfigured enrollment agent certificate template (ESC3)
 
 This article describes Microsoft Defender for Identity's **Misconfigured enrollment agent certificate template** security posture assessment report.
 

ATPDocs/security-assessment-edit-misconfigured-owner.md

@@ -5,7 +5,7 @@ ms.date: 11/14/2023
 ms.topic: how-to
 ---
 
-# Security assessment: Edit misconfigured certificate templates owner (ESC4) (Preview)
+# Security assessment: Edit misconfigured certificate templates owner (ESC4)
 
 This article provides an overview of Microsoft Defender for Identity's **Misconfigured certificate templates owner (ESC4)** security posture assessment report.
 

ATPDocs/security-assessment-edit-overly-permissive-template.md

@@ -5,7 +5,7 @@ ms.date: 11/20/2023
 ms.topic: how-to
 ---
 
-# Security assessment: Edit overly permissive certificate template with privileged EKU (Any purpose EKU or No EKU) (ESC2)  (Preview)
+# Security assessment: Edit overly permissive certificate template with privileged EKU (Any purpose EKU or No EKU) (ESC2)
 
 This article describes Microsoft Defender for Identity's **Overly permissive certificate template with privileged EKU** security posture assessment report.
 

ATPDocs/security-assessment-enforce-encryption-rpc.md

@@ -5,7 +5,7 @@ ms.date: 11/20/2023
 ms.topic: how-to
 ---
 
-# Security assessment: Enforce encryption for RPC certificate enrollment interface (ESC11)  (Preview)
+# Security assessment: Enforce encryption for RPC certificate enrollment interface (ESC11)
 
 This article describes Microsoft Defender for Identity's **Enforce encryption for RPC certificate enrollment** security posture assessment report.
 

defender-xdr/advanced-hunting-deviceinfo-table.md

@@ -18,7 +18,7 @@ ms.custom:
 - cx-ti
 - cx-ah
 ms.topic: reference
-ms.date: 01/16/2024
+ms.date: 12/04/2024
 ---
 
 # DeviceInfo
@@ -39,7 +39,7 @@ For information on other tables in the advanced hunting schema, [see the advance
 
 | Column name | Data type | Description |
 |-------------|-----------|-------------|
-| `Timestamp` | `datetime` | Date and time when the event was recorded |
+| `Timestamp` | `datetime` | Last date and time recorded for the device |
 | `DeviceId` | `string` | Unique identifier for the device in the service |
 | `DeviceName` | `string` | Fully qualified domain name (FQDN) of the device |
 | `ClientVersion` | `string` | Version of the endpoint agent or sensor running on the device |
@@ -89,8 +89,9 @@ You can use the following sample query to get the latest state of a device:
 ```kusto
 // Get latest information on user/device
 DeviceInfo
+| extend IngestionTime = ingestion_time()
 | where DeviceName == "example" and isnotempty(OSPlatform)
-| summarize arg_max(Timestamp, *) by DeviceId 
+| summarize arg_max(IngestionTime, *) by DeviceId
 ```
 
 ## Related topics