Merge branch 'main' into WI474429-mda-discovery-exclude-entities

Author: padmagit77

ATPDocs/change-okta-password-privileged-user-accounts.md

@@ -11,6 +11,11 @@ ms.reviewer: Himanch
 
 This recommendation lists any Okta privileged accounts that use outdated passwords that were last set over 180 days ago.  
 
+## Prerequisites
+
+To use this security assessment, you must first connect your Okta instance in the Microsoft Defender portal.  
+For setup instructions, see [Connect your Okta instance](/defender-for-identity/okta-integration#connect-okta-to-defender-for-identity).
+
 ## Why is a privileged account with an old password a security risk?
 
 Privileged accounts with old passwords create a significant security risk, as older credentials are more likely to be exposed through data breaches or other attack vectors. Enforcing regular password updates for privileged accounts reduces the likelihood of unauthorized access and strengthens overall security. Applying stringent password policies to accounts with elevated privileges protects sensitive resources and lowers the risk of exploitation.

ATPDocs/high-number-of-okta-accounts-with-privileged-role-assigned.md

@@ -14,6 +14,12 @@ This article describes the security risks associated with having a high number o
 > [!NOTE]
 > This report lists Okta accounts with administrator roles - excluding Super Administrator, where the number of accounts assigned to these roles is greater than 25.  
 
+## Prerequisites
+
+To use this security assessment, you must first connect your Okta instance in the Microsoft Defender portal.  
+For setup instructions, see [Connect your Okta instance](/defender-for-identity/okta-integration#connect-okta-to-defender-for-identity).
+
+
 ## Why is a high number of Okta accounts with privileged roles considered a security risk?
 
 A high number of users with privileged roles increases the risk of misuse or unauthorized access to critical systems. By reducing the number of users assigned to roles such as Super Admin or Org Admin, organizations can better limit access to sensitive resources and reduce the attack surface. Maintaining a smaller, set of privileged accounts ensures more effective governance and minimizes potential security vulnerabilities.

ATPDocs/highly-privileged-okta-api-token.md

@@ -11,6 +11,12 @@ ms.reviewer: Himanch
 
 This article describes the security risks associated with highly privileged Okta API tokens and provides recommendations for mitigating these risks.
 
+## Prerequisites
+
+To use this security assessment, you must first connect your Okta instance in the Microsoft Defender portal.  
+For setup instructions, see [Connect your Okta instance](/defender-for-identity/okta-integration#connect-okta-to-defender-for-identity).
+
+
 ## Why is a highly privileged Okta API token a security risk?
 
 Okta’s API tokens inherit the permissions of the user who creates them. If a user with sensitive permissions generates an API token, it carries those permissions. Any API token created by a Super Admin has the same level of access as the Super Admin account. This can expose sensitive data and functionality to unauthorized users. If the token is stolen, it can grant the attacker access equivalent to the original user.

ATPDocs/limit-number-okta-super-admin-accounts.md

@@ -11,6 +11,12 @@ ms.reviewer: Himanch
 
 This report lists Okta accounts with Super Administrator role, where the number of users assigned to this role is greater than 5.
 
+## Prerequisites
+
+To use this security assessment, you must first connect your Okta instance in the Microsoft Defender portal.  
+For setup instructions, see [Connect your Okta instance](/defender-for-identity/okta-integration#connect-okta-to-defender-for-identity).
+
+
 ## Why is having too many Super Admin accounts a security risk?
 
 A high number of users with privileged roles increases the risk of misuse or unauthorized access to critical systems. By reducing the number of users assigned to roles such as Super Admin or Org Admin, organizations can better limit access to sensitive resources and reduce the attack surface. Maintaining a smaller, set of privileged accounts ensures more effective governance and minimizes potential security vulnerabilities.

ATPDocs/remove-dormant-okta-privileged-accounts.md

@@ -11,6 +11,12 @@ ms.reviewer: Himanch
 
 This article describes the security risks associated with dormant Okta privileged accounts and provides recommendations for mitigating these risks.
 
+## Prerequisites
+
+To use this security assessment, you must first connect your Okta instance in the Microsoft Defender portal.  
+For setup instructions, see [Connect your Okta instance](/defender-for-identity/okta-integration#connect-okta-to-defender-for-identity).
+
+
 ## Why is a dormant privileged account a security risk?
 
 Dormant privileged accounts represent a significant security risk, as they can become targets for unauthorized access or misuse without detection. Deactivating or removing unused privileged accounts ensures that only active, monitored users have access to critical administrative capabilities.

CloudAppSecurityDocs/user-groups.md

@@ -51,6 +51,7 @@ After the import is complete, select your group from the **User groups** page to
 > - There may be a short delay until imported user groups are available in filters.
 > - Only activities performed after importing a user group will be tagged as having been performed by a member of the user group.
 > - After the initial sync, groups are usually updated every hour. However, due to various factors there could be times where this might take several hours.
+> - Usernames must contain only standard alphanumeric characters (a–z, A–Z, 0–9). Usernames with special characters such as ~ or # aren't supported.
 
 For more information on using the User group filters, see [Activities](activity-filters.md).