Merge branch 'main' of https://github.com/MicrosoftDocs/defender-docs-pr into painbar-deploy-dfs-using-golden-image

Author: paulinbar

CloudAppSecurityDocs/real-time-agent-protection-during-runtime.md

@@ -56,22 +56,22 @@ The following steps describe the Security Administrator’s required actions to
    - **If the connector isn’t connected:**
       - Under **Microsoft 365 connector**, select **Connect** or **Edit**.
       - Select **Microsoft Entra ID Management events** and **Microsoft 365 activities**. 
-      - Select **Connect Microsoft 365**
+      - Select **Connect Microsoft 365**.
 
     > [!IMPORTANT]
     > If the Microsoft 365 connector isn’t properly connected, real-time agent protection during runtime continues to block suspicious activity on the AI agent. Alerts and incidents related to these actions won't show in the Microsoft Defender portal.
 
 1. Make sure to collaborate with the following administrators:
 
-   - The **Microsoft Entra Administrator** needs to create [a Microsoft Entra ID application](/microsoft-copilot-studio/external-security-provider?branch=main&branchFallbackFrom=pr-en-us-1020#step-1-configure-microsoft-entra-application) and configure a Federated Identity Credential (FIC) using the URL provided in the Microsoft Defender portal. For more information, see: [Authorize the Microsoft Entra application with your provider of choice](/microsoft-copilot-studio/external-security-provider?branch=main&branchFallbackFrom=pr-en-us-1020#authorize-the-microsoft-entra-application-with-your-provider-of-choice).
+   - The **Microsoft Entra Administrator** needs to create [a Microsoft Entra ID application](/microsoft-copilot-studio/external-security-provider#step-1-configure-microsoft-entra-application) and configure a Federated Identity Credential (FIC) using the URL provided in the Microsoft Defender portal. For more information, see: [Authorize the Microsoft Entra application with your provider of choice](/microsoft-copilot-studio/external-security-provider#authorize-the-microsoft-entra-application-with-your-provider-of-choice).
 
-   - The **Power Platform Administrator** needs to  enter the Application ID and URL in the Power Platform settings page. For more information see: [Enable external threat detection and protection for Copilot Studio custom agents](/microsoft-copilot-studio/external-security-provider?branch=main&branchFallbackFrom=pr-en-us-1020#authorize-the-microsoft-entra-application-with-your-provider-of-choice).
+   - The **Power Platform Administrator** needs to  enter the Application ID and URL in the Power Platform settings page. For more information, see: [Enable external threat detection and protection for Copilot Studio custom agents](/microsoft-copilot-studio/external-security-provider#step-2-configure-the-threat-detection-system).
 1. Enter the App ID provided by your Power Platform administrator. The Application (client) ID, uniquely identifies your application and is used in your application's code as part of validating the security tokens it receives from the Microsoft identity platform.
 1. Select **Save**.
 1. Copy the URL provided.
 1. Share the URL with the Power Platform administrator. 
 
-:::image type="content" source="media/protect-agents-real-time/turn-on-real-time-agent-protection.png" alt-text="Screenshot that shows how to turn on Real time agent protection during runtime in the Defender portal." lightbox="media/protect-agents-real-time/turn-on-real-time-agent-protection.png":::
+   :::image type="content" source="media/protect-agents-real-time/turn-on-real-time-agent-protection.png" alt-text="Screenshot that shows how to turn on Real time agent protection during runtime in the Defender portal." lightbox="media/protect-agents-real-time/turn-on-real-time-agent-protection.png":::
 
 
 ## Related articles

defender-office-365/email-authentication-dkim-configure.md

@@ -110,7 +110,7 @@ Points to address or value: selector2-<CustomDomainWithDashes>._domainkey.<Initi
 - **\<CustomDomainWithDashes\>**: The custom domain or subdomain with periods replaced by dashes. For example, `contoso.com` becomes `contoso-com`, or `marketing.contoso.com` becomes `marketing-contoso-com`.
 - **\<InitialDomainPrefix\>**: The custom part of the \*.onmicrosoft.com you used to enroll in Microsoft 365. For example, if you used `contoso.onmicrosoft.com`, the value is `contoso`.
 - **\<DynamicPartitionCharacter\>**: A dynamically generated character that's used for both selectors (for example, r or n). The value is automatically assigned by Microsoft when you add a new custom domain and enable DKIM. The value is determined by Microsoft's internal routing logic and isn't configurable.
-  - This value is part of the updated DKIM record format for new custom domains in Microsoft 365 introduced in May 2025. Existing custom domains and initial domains continue to use the old DKIM format:
+  - **This value is part of the updated DKIM record format for new custom domains in Microsoft 365 introduced in May 2025**. Existing custom domains and initial domains continue to use the old DKIM format:
 
     ```text
     Hostname: selector1._domainkey
@@ -193,7 +193,7 @@ Proceed if the domain satisfies these requirements.
    |Microsoft.Exchange.ManagementTasks.ValidationException|CNAME record does not
    exist for this config. Please publish the following two CNAME records first. Domain Name
    : contoso.com Host Name : selector1._domainkey Points to address or value: selector1-
-   contoso-com._domainkey.contoso.n-v1.dkim.mail.microsoft.com Host Name : selector2._domainkey
+   contoso-com._domainkey.contoso.n-v1.dkim.mail.microsoft Host Name : selector2._domainkey
    Points to address or value: selector2-contoso-com._domainkey.contoso.n-v1.dkim.mail.microsoft .
    If you have already published the CNAME records, sync will take a few minutes to as
    many as 4 days based on your specific DNS. Return and retry this step later.

defender-xdr/activate-defender-rbac.md

@@ -2,8 +2,8 @@
 title: Activate Microsoft Defender XDR Unified role-based access control (RBAC)
 description: Activate Microsoft Defender XDR unified role-based access control(RBAC) to enforce permissions and assignments configured in your new custom or imported roles.
 ms.service: defender-xdr
-ms.author: diannegali
-author: diannegali
+ms.author: guywild
+author: guywi-ms
 ms.localizationpriority: medium
 manager: deniseb
 audience: ITPro

defender-xdr/alert-classification-malicious-exchange-connectors.md

@@ -4,8 +4,8 @@ description: Learn how to classify alerts on malicious Exchange connectors activ
 ms.service: defender-xdr
 f1.keywords:
   - NOCSH
-ms.author: diannegali
-author: diannegali
+ms.author: guywild
+author: guywi-ms
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro

defender-xdr/alert-classification-password-spray-attack.md

@@ -4,8 +4,8 @@ description: Alert classification guide for password spray attacks coming to rev
 ms.service: defender-xdr
 f1.keywords:
   - NOCSH
-ms.author: diannegali
-author: diannegali
+ms.author: guywild
+author: guywi-ms
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro

defender-xdr/alert-classification-playbooks.md

@@ -5,8 +5,8 @@ search.appverid: met150
 ms.service: defender-xdr
 f1.keywords:
 - NOCSH
-ms.author: diannegali
-author: diannegali
+ms.author: guywild
+author: guywi-ms
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro

defender-xdr/alert-classification-suspicious-ip-password-spray.md

@@ -4,8 +4,8 @@ description: Investigate and review alerts related to suspicious IP address rela
 ms.service: defender-xdr
 f1.keywords:
   - NOCSH
-ms.author: diannegali
-author: diannegali
+ms.author: guywild
+author: guywi-ms
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro

defender-xdr/alert-grading-playbook-email-forwarding.md

@@ -4,8 +4,8 @@ description: Alert classification for suspicious email forwarding activity to re
 ms.service: defender-xdr
 f1.keywords:
   - NOCSH
-ms.author: diannegali
-author: diannegali
+ms.author: guywild
+author: guywi-ms
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro

defender-xdr/alert-grading-playbook-inbox-forwarding-rules.md

@@ -4,8 +4,8 @@ description: Alert classification for suspicious inbox forwarding rules to revie
 ms.service: defender-xdr
 f1.keywords: 
   - NOCSH
-ms.author: diannegali
-author: diannegali
+ms.author: guywild
+author: guywi-ms
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro

defender-xdr/alert-grading-playbook-inbox-manipulation-rules.md

@@ -4,8 +4,8 @@ description: Alert classification for suspicious inbox manipulation rules to rev
 ms.service: defender-xdr
 f1.keywords:
   - NOCSH
-ms.author: diannegali
-author: diannegali
+ms.author: guywild
+author: guywi-ms
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro