Merge branch 'main' into new-mdvm-recommendations

Author: limwainstein

.openpublishing.redirection.defender-endpoint.json

@@ -20,11 +20,6 @@
       "redirect_url": "/defender-endpoint/evaluate-mdav-using-gp",
       "redirect_document_id": false
     },
-    {
-      "source_path": "defender-endpoint/linux-install-with-activator.md",
-      "redirect_url": "/defender-endpoint/linux-custom-location-installation",
-      "redirect_document_id": false
-    },
     {
       "source_path": "defender-endpoint/preview.md",
       "redirect_url": "/defender-xdr/preview",
@@ -155,6 +150,11 @@
       "redirect_url": "/defender-endpoint/onboard-server",
       "redirect_document_id": false
     },
+    {
+      "source_path": "defender-endpoint/linux-install-with-activator.md",
+      "redirect_url": "/defender-endpoint/linux-install-with-defender-deployment-tool",
+      "redirect_document_id": false
+    },
     {
       "source_path": "defender-endpoint/mde-linux-arm.md",
       "redirect_url": "/defender-endpoint/microsoft-defender-endpoint-linux",
@@ -169,6 +169,12 @@
       "source_path": "defender-endpoint/install-defender-endpoint-linux.md",
       "redirect_url": "/defender-endpoint/mde-linux-prerequisites",
       "redirect_document_id": false
-    }       
+    },  
+    {
+      "source_path": "defender-endpoint/api/user.md",
+      "redirect_url": "/defender-endpoint/api/get-user-related-alerts",
+      "redirect_document_id": false
+    }  
+         
   ]
 }

defender-business/get-defender-business.md

@@ -63,7 +63,7 @@ Microsoft has a list of solution providers who are authorized to sell offerings,
 
 Defender for Business provides advanced security protection for your company's devices. For more information, see [What is Microsoft Defender for Business](mdb-overview.md)?
 
-1. Go to the [Microsoft Defender for Business](https://www.microsoft.com/security/business/threat-protection/microsoft-defender-business) web page, and select an option to try or buy Defender for Business. Fill in the requested information.
+1. Go to the [Microsoft Defender for Business](https://www.microsoft.com/security/business/endpoint-security/microsoft-defender-business) web page, and select an option to try or buy Defender for Business. Fill in the requested information.
 
    If you're starting a trial, look for your acceptance email, which contains your promo code and a link to sign in. And be sure to see the [Trial user guide for Defender for Business](trial-playbook-defender-business.md).
 

defender-business/mdb-faq.yml

@@ -29,7 +29,7 @@ sections:
         answer: |
           We recommend working with a [Microsoft partner](https://www.microsoft.com/security/business/find-a-partner). 
 
-          If you prefer to try or buy Defender for Business on your own, go to the [Defender for Business](https://www.microsoft.com/security/business/threat-protection/microsoft-defender-business) product page, and select the option to try or buy Defender for Business.
+          If you prefer to try or buy Defender for Business on your own, go to the [Defender for Business](https://www.microsoft.com/security/business/endpoint-security/microsoft-defender-business) product page, and select the option to try or buy Defender for Business.
 
           For more information, see [Get Defender for Business](get-defender-business.md).
 

defender-endpoint/TOC.yml

@@ -135,6 +135,8 @@
               href: streamlined-device-connectivity-urls-gov.md                       
         - name: Onboard client devices
           items:
+          - name: Onboard Windows devices using the Defender deployment tool
+            href: defender-deployment-tool-windows.md
           - name: Onboard client devices running Windows or macOS
             href: onboard-client.md
           - name: Defender for Endpoint plug-in for WSL
@@ -174,6 +176,7 @@
             href: mde-linux-deployment-on-sap.md
           - name: Use custom detection rules to protect SAPXPG
             href: mde-sap-custom-detection-rules.md
+
         - name: Defender for Endpoint on macOS
           items:
           - name: Deploy Defender for Endpoint on macOS
@@ -267,6 +270,8 @@
               items:
               - name: Enabling deployment to a custom location
                 href: linux-custom-location-installation.md
+              - name: Deployment tool based deployment
+                href: linux-install-with-defender-deployment-tool.md
               - name: Installer script based deployment
                 href: linux-installer-script.md
               - name: Ansible based deployment
@@ -625,6 +630,12 @@
         href: exclude-devices.md
       - name: Identifying transient devices
         href: transient-device-tagging.md
+      - name: Collect custom device data
+        items:
+        - name: Overview
+          href: custom-data-collection.md
+        - name: Create custom data collection rules
+          href: create-custom-data-collection-rules.md
       - name: Internet facing devices
         href: internet-facing-devices.md
       - name: Device timeline
@@ -1062,6 +1073,10 @@
             href: respond-machine-alerts.md#contain-devices-from-the-network
           - name: Contain user from the network
             href: respond-machine-alerts.md#contain-user-from-the-network
+          - name: Automatically apply GPO hardening (predictive shielding)
+            href: respond-machine-alerts.md#gpo-hardening
+          - name: Automatically apply Safeboot hardening (predictive shielding)
+            href: respond-machine-alerts.md#safeboot-hardening                     
           - name: Consult a threat expert
             href: respond-machine-alerts.md#consult-a-threat-expert
           - name: Check activity details in Action center
@@ -1098,10 +1113,7 @@
           href: live-response-command-examples.md
 
       - name: Use sensitivity labels to prioritize incident response
-        href: information-protection-investigation.md
-
-    - name: Advanced hunting
-      href: /defender-xdr/advanced-hunting-overview?toc=/defender-endpoint/toc.json&bc=/defender-endpoint/breadcrumb/toc.json
+        href: information-protection-investigation.md    
 
     - name: Threat analytics
       items:
@@ -1195,7 +1207,7 @@
 
           - name: Alert
             items:
-            - name: Alert methods and properties
+            - name: Alert properties
               href: api/alerts.md
             - name: List alerts
               href: api/get-alerts.md
@@ -1233,7 +1245,7 @@
 
           - name: Authenticated scan
             items:
-            - name: Authenticated scan methods and properties
+            - name: Authenticated scan properties
               href: api/get-authenticated-scan-properties.md
             - name: Get all scan definitions
               href: api/get-all-scan-definitions.md
@@ -1257,7 +1269,7 @@
 
           - name: Automated investigation
             items:
-            - name: Investigation methods and properties
+            - name: Investigation properties
               href: api/investigation.md
             - name: List Investigation
               href: api/get-investigation-collection.md
@@ -1289,7 +1301,7 @@
 
           - name: File
             items:
-            - name: File methods and properties
+            - name: File properties
               href: api/files.md
             - name: Get file information
               href: api/get-file-information.md
@@ -1302,12 +1314,12 @@
 
           - name: Indicators
             items:
-            - name: Indicators methods and properties
+            - name: Indicators properties
               href: api/ti-indicator.md
             - name: List Indicators
               href: api/get-ti-indicators-collection.md
             - name: Submit Indicator
-              href: api/ti-indicator.md
+              href: api/post-ti-indicator.md
             - name: Import Indicator
               href: api/import-ti-indicators.md
             - name: Delete Indicator
@@ -1329,7 +1341,7 @@
 
           - name: Live response library
             items:
-            - name: Live response library methods and properties
+            - name: Live response library properties
               href: live-response-library-methods.md
             - name: List library files
               href: api/list-library-files.md
@@ -1340,7 +1352,7 @@
 
           - name: Machine
             items:
-            - name: Machine methods and properties
+            - name: Machine properties
               href: api/machine.md
             - name: List machines
               href: api/get-machines.md
@@ -1375,7 +1387,7 @@
 
           - name: Machine Action
             items:
-            - name: Machine Action methods and properties
+            - name: Machine Action properties
               href: api/machineaction.md
             - name: List Machine Actions
               href: api/get-machineactions-collection.md
@@ -1408,7 +1420,7 @@
 
           - name: Recommendation
             items:
-            - name: Recommendation methods and properties
+            - name: Recommendation properties
               href: api/recommendation.md
             - name: List all recommendations
               href: api/get-all-recommendations.md
@@ -1423,7 +1435,7 @@
 
           - name: Remediation activity
             items:
-            - name: Remediation activity methods and properties
+            - name: Remediation activity properties
               href: api/get-remediation-methods-properties.md
             - name: Get one remediation activity by ID
               href: api/get-remediation-one-activity.md
@@ -1434,7 +1446,7 @@
 
           - name: Score
             items:
-            - name: Score methods and properties
+            - name: Score properties
               href: api/score.md
             - name: List exposure score by machine group
               href: api/get-machine-group-exposure-score.md
@@ -1454,7 +1466,7 @@
 
           - name: Software
             items:
-            - name: Software methods and properties
+            - name: Software properties
               href: api/software.md
             - name: List software
               href: api/get-software.md
@@ -1470,16 +1482,14 @@
               href: api/get-missing-kbs-software.md
           - name: User
             items:
-            - name: User methods
-              href: api/user.md
             - name: Get user related alerts
               href: api/get-user-related-alerts.md
             - name: Get user related machines
               href: api/get-user-related-machines.md
 
           - name: Vulnerability
             items:
-            - name: Vulnerability methods and properties
+            - name: Vulnerability properties
               href: api/vulnerability.md
             - name: List vulnerabilities
               href: api/get-all-vulnerabilities.md

defender-endpoint/access-mssp-portal.md

@@ -3,8 +3,8 @@ title: Access the Microsoft Defender XDR MSSP customer portal
 description: Access the Microsoft Defender XDR MSSP customer portal
 ms.service: defender-endpoint
 ms.subservice: onboard
-ms.author: bagol
-author: batamig
+ms.author: kesharab
+author: KesemSharabi
 ms.localizationpriority: medium
 manager: bagol
 audience: ITPro

defender-endpoint/address-unwanted-behaviors-mde.md

@@ -1,8 +1,8 @@
 ---
 title: Address unwanted behaviors in Microsoft Defender for Endpoint with exclusions, indicators, and other techniques            
 description: Learn how to use exclusions, indicators, and other techniques to address unwanted behaviors in Microsoft Defender for Endpoint.
-author: batamig
-ms.author: bagol
+author: KesemSharabi
+ms.author: kesharab
 manager: bagol 
 ms.date: 11/14/2024
 ms.topic: how-to
@@ -153,4 +153,4 @@ In this scenario, whenever a user opens documents that were created by using Mic
 ## See also
 
 - [Exclusions overview](navigate-defender-endpoint-antivirus-exclusions.md)
-- [Managing exclusions reference](managing-exclusions.md)
+- [Managing exclusions reference](managing-exclusions.md)

defender-endpoint/admin-submissions-mde.md

@@ -6,8 +6,8 @@ ms.date: 05/06/2024
 appliesto:
   - Microsoft Defender for Endpoint
 ms.service: defender-endpoint
-ms.author: bagol
-author: batamig
+ms.author: kesharab
+author: KesemSharabi
 manager: bagol
 ms.localizationpriority: medium
 audience: ITPro

defender-endpoint/adv-tech-of-mdav.md

@@ -1,8 +1,8 @@
 ---
 title: Advanced technologies at the core of Microsoft Defender Antivirus
 description: Microsoft Defender Antivirus engines and advanced technologies
-author: batamig
-ms.author: bagol
+author: KesemSharabi
+ms.author: kesharab
 ms.reviewer: yongrhee
 manager: bagol
 ms.service: defender-endpoint

defender-endpoint/aggregated-reporting.md

@@ -2,8 +2,8 @@
 title: Aggregated reporting in Microsoft Defender for Endpoint
 description: Learn how you collect important telemetry in Microsoft Defender for Endpoint by turning on aggregated reporting.
 ms.service: defender-endpoint
-ms.author: bagol
-author: batamig
+ms.author: kesharab
+author: KesemSharabi
 ms.localizationpriority: medium
 manager: bagol
 audience: ITPro

defender-endpoint/alerts-queue-endpoint-detection-response.md

@@ -4,8 +4,8 @@ ms.reviewer:
 description: View and manage the alerts surfaced in Microsoft Defender XDR
 keywords:
 ms.service: defender-endpoint
-ms.author: bagol
-author: batamig
+ms.author: lwainstein
+author: limwainstein
 ms.localizationpriority: medium
 manager: bagol
 audience: ITPro