Merge branch 'main' into wi366674-1-customer-intents-defender

Author: sbreingold-ms

.acrolinx-config.edn

@@ -1,6 +1,6 @@
 {:changed-files-limit 60
  :allowed-branchname-matches ["main" "release-.*"]
- :allowed-filename-matches ["ATADocs/" "ATPDocs/" "CloudAppSecurityDocs/" "defender/" "defender-business/" "defender-endpoint/" "defender-for-cloud/" "defender-for-iot/" "defender-office-365/" "defender-vulnerability-management/" "defender-xdr/" "exposure-management/" "unified-secops-platform/"] ;; Can be overridden in repo-specific edn file. This is an allow list that identifies which folders contain the files Acrolinx will check. Separate multiple folders as follows ["folder/" "folder2"]
+ :allowed-filename-matches ["advanced-threat-analytics/" "defender/" "defender-business/" "defender-endpoint/" "defender-for-cloud-apps/" "defender-for-cloud/" "defender-for-identity/" "defender-for-iot/" "defender-office-365/" "defender-vulnerability-management/" "defender-xdr/" "exposure-management/" "unified-secops-platform/"] ;; Can be overridden in repo-specific edn file. This is an allow list that identifies which folders contain the files Acrolinx will check. Separate multiple folders as follows ["folder/" "folder2"]
 
 :use-gh-statuses true
 

.github/workflows/AutoLabelAssign.yml

@@ -30,8 +30,11 @@ jobs:
         with:
             PayloadJson: ${{ needs.download-payload.outputs.WorkflowPayload }}
             AutoAssignUsers: 1
+            AutoAssignReviewers: 1
             AutoLabel: 1
             ExcludedUserList: '["user1", "user2"]'
             ExcludedBranchList: '["branch1", "branch2"]'
         secrets:
-            AccessToken: ${{ secrets.GITHUB_TOKEN }}
+            AccessToken: ${{ secrets.GITHUB_TOKEN }}
+            PrivateKey: ${{ secrets.M365_APP_PRIVATE_KEY }}
+            ClientId: ${{ secrets.M365_APP_CLIENT_ID }}

.github/workflows/BackgroundTasks.yml

@@ -6,6 +6,7 @@ permissions:
 
 on:
   pull_request_target:
+    types: [opened, synchronize, reopened, ready_for_review]
 
 jobs:
   upload:

.openpublishing.redirection.defender-cloud-apps.json

@@ -1015,5 +1015,10 @@
       "redirect_url": "/defender-cloud-apps/enable-instant-visibility-protection-and-governance-actions-for-your-apps",
       "redirect_document_id": true
     },
+    {
+      "source_path": "defender-for-cloud-apps/cloud-discovery-anomaly-detection-policy.md",
+      "redirect_url": "/defender-cloud-apps/cloud-discovery-policies",
+      "redirect_document_id": false
+    }
   ]
 }

.openpublishing.redirection.defender-identity.json

@@ -859,6 +859,11 @@
       "source_path": "defender-for-identity/manage-security-alerts.md",
       "redirect_url": "/defender-for-identity/understanding-security-alerts",
       "redirect_document_id": false
-    },  
+    },
+    {
+      "source_path": "defender-for-identity/automated-response-exclusions.md",
+      "redirect_url": "/defender-xdr/automatic-attack-disruption-exclusions",
+      "redirect_document_id": false
+    }
   ]
 }

defender-business/mdb-faq.yml

@@ -163,9 +163,9 @@ sections:
 
       - question: Can I have a mix of Microsoft endpoint security subscriptions?
         answer: |
-          Microsoft Defender for Business does not support mixed licensing, so a tenant with Defender for Business (which is included in Microsoft 365 Business Premium) along with Defender for Endpoint Plan 2 (which is included in Microsoft 365 E5 Security) defaults to the Defender for Business experience. 
+          Microsoft Defender for Business does not support mixed licensing, so a tenant with Defender for Business (which is included in Microsoft 365 Business Premium) along with Defender for Endpoint Plan 2 (which is included in the Microsoft Defender Suite) defaults to the Defender for Business experience. 
 
-          For example, if you have 80 users licensed for Defender for Business (as part of a Microsoft 365 Business Premium subscription), and you add Microsoft 365 E5 Security for 30 of those users, the experience for all users defaults to Defender for Business. If you want to change that to the Defender for Endpoint Plan 2 experience, you should license all users for Defender for Endpoint Plan 2 (either through the standalone version of Defender for Endpoint Plan 2 or Microsoft 365 E5 Security), and then contact Microsoft Support to request the switch for your tenant.
+          For example, if you have 80 users licensed for Defender for Business (as part of a Microsoft 365 Business Premium subscription), and you add the Microsoft Defender Suite for 30 of those users, the experience for all users defaults to Defender for Business. If you want to change that to the Defender for Endpoint Plan 2 experience, you should license all users for Defender for Endpoint Plan 2 (either through the standalone version of Defender for Endpoint Plan 2 or the Microsoft Defender Suite), and then contact Microsoft Support to request the switch for your tenant.
                     
           For more information, see [Manage your subscription settings](mdb-manage-subscription.md).
 

defender-business/mdb-manage-subscription.md

@@ -22,7 +22,7 @@ ms.collection:
 
 [Microsoft Defender for Business](mdb-overview.md) and [Microsoft Defender for Endpoint](/defender-endpoint/microsoft-defender-endpoint) are endpoint security subscriptions that your organization can use to protect devices, such as computers, tablets, and phones. 
 
-As your organization grows, you might be thinking about changing from Defender for Business to Defender for Endpoint. For example, if you have Defender for Business as part of a [Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-overview) subscription, and you add Microsoft 365 E5 Security to your subscription, you now have Defender for Endpoint Plan 2 capabilities while retaining the Defender for Business experience. 
+As your organization grows, you might be thinking about changing from Defender for Business to Defender for Endpoint. For example, if you have Defender for Business as part of a [Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-overview) subscription, and you add the Microsoft Defender Suite to your subscription, you now have Defender for Endpoint Plan 2 capabilities while retaining the Defender for Business experience. 
 
 This article describes how to view your current license state and, if needed, change your experience from Defender for Business to Defender for Endpoint.
 

defender-endpoint/access-mssp-portal.md

@@ -1,4 +1,4 @@
----
+---
 title: Access the Microsoft Defender XDR MSSP customer portal
 description: Access the Microsoft Defender XDR MSSP customer portal
 ms.service: defender-endpoint
@@ -14,19 +14,16 @@ ms.collection:
 ms.topic: how-to
 search.appverid: met150
 ms.date: 03/21/2025
----
+appliesto:
+  - Microsoft Defender for Endpoint Plan 1
+  - Microsoft Defender for Endpoint Plan 2
 
+---
 # Access the Microsoft Defender XDR MSSP customer portal
 
-**Applies to:**
-
-- [Microsoft Defender for Endpoint Plan 1](microsoft-defender-endpoint.md)
-- [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md)
-- [Microsoft Defender XDR](/defender-xdr)
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
-> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://go.microsoft.com/fwlink/p/?linkid=2225630)
 
 > [!IMPORTANT]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
@@ -54,3 +51,4 @@ Use the following steps to obtain the MSSP customer tenant ID and then use the I
 - [Configure alert notifications](configure-mssp-notifications.md)
 - [Fetch alerts from customer tenant](api/fetch-alerts-mssp.md)
 [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]
+

defender-endpoint/admin-submissions-mde.md

@@ -3,6 +3,8 @@ title: Submit files in Microsoft Defender for Endpoint
 description: Learn how to use the unified submissions feature in Microsoft Defender XDR to submit suspicious emails, URLs, email attachments, and files to Microsoft for scanning.
 search.appverid: met150
 ms.date: 05/06/2024
+appliesto:
+  - Microsoft Defender for Endpoint
 ms.service: defender-endpoint
 ms.author: bagol
 author: batamig
@@ -20,12 +22,6 @@ ms.custom: FPFN
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
-**Applies to**
-
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146806)
-- [Microsoft Defender XDR](/defender-xdr)
-
-> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-usewdatp-abovefoldlink).
 
 In Microsoft Defender for Endpoint, admins can use the unified submissions feature to submit files and file hashes (SHAs) to Microsoft for review. The unified submissions experience is a one-stop shop for submitting emails, URLs, email attachments, and files in one, easy-to-use submission experience. Admins can use the Microsoft Defender portal or the Microsoft Defender for Endpoint Alert page to submit suspicious files.
 

defender-endpoint/adv-tech-of-mdav.md

@@ -1,4 +1,4 @@
----
+---
 title: Advanced technologies at the core of Microsoft Defender Antivirus
 description: Microsoft Defender Antivirus engines and advanced technologies
 author: batamig
@@ -13,18 +13,14 @@ ms.localizationpriority: medium
 ms.custom: partner-contribution
 f1.keyboards: NOSCH
 audience: ITPro
+appliesto:
+  - Microsoft Defender for Endpoint Plan 1
+  - Microsoft Defender for Endpoint Plan 2
+  - Microsoft Defender for Business
+  - Microsoft Defender for Individuals
 ---
-
 # Advanced technologies at the core of Microsoft Defender Antivirus
 
-**Applies to:**
-
-- [Microsoft Defender XDR](/defender-xdr)
-- [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md)
-- [Microsoft Defender for Business](https://www.microsoft.com/security/business/endpoint-security/microsoft-defender-business)
-- [Microsoft Defender for Endpoint Plan 1](microsoft-defender-endpoint.md)
-- Microsoft Defender Antivirus
-- [Microsoft Defender for Individuals](https://www.microsoft.com/microsoft-365/microsoft-defender-for-individuals?msockid=0f1c3b9963366db31ba02e78621b6c1e#Overview)
 
 Microsoft Defender Antivirus and the multiple engines that lead to the advanced detection and prevention technologies under the hood to detect and stop a wide range of threats and attacker techniques at multiple points, as depicted in the following diagram:
 
@@ -101,3 +97,4 @@ We focus on every industry.
 When you're pen-testing, you should demand where no human analysts are engaged on detect/protect, to see how the actual antivirus engine (prebreach) efficacy truly is, and a separate one where human analysts are engaged. You can add [Microsoft Defender Experts for XDR](/defender-xdr/dex-xdr-overview) a managed extended detection and response service to augment your SOC.
 
 The ***continuous iterative enhancement*** each of these engines to be increasingly effective at catching the latest strains of malware and attack methods. These enhancements show up in consistent [top scores in industry tests](/defender-xdr/top-scoring-industry-tests), but more importantly, translate to [threats and malware outbreaks](https://www.microsoft.com/security/blog/2018/03/07/behavior-monitoring-combined-with-machine-learning-spoils-a-massive-dofoil-coin-mining-campaign/) stopped and [more customers protected](https://www.microsoft.com/security/blog/2018/03/22/why-windows-defender-antivirus-is-the-most-deployed-in-the-enterprise/).
+