Merge pull request #2167 from batamig/remove-sap-attack-disrupt

batamig · web-flow · commit 647e6d7fbcb0 · 2025-06-23T10:09:25.000+03:00
removing automatic attack disruption defender docs
diff --git a/defender-xdr/automatic-attack-disruption.md b/defender-xdr/automatic-attack-disruption.md
@@ -18,7 +18,7 @@ ms.topic: concept-article
 search.appverid: 
   - MOE150
   - MET150
-ms.date: 04/25/2025
+ms.date: 06/22/2025
 appliesto:
   - Microsoft Defender XDR
 ---
@@ -76,21 +76,6 @@ Automatic attack disruption uses Microsoft-based XDR response actions. Examples
 
 For more information, see [remediation actions](m365d-remediation-actions.md) in Microsoft Defender XDR.
 
-### Automated response actions for SAP with Microsoft Sentinel
-
-If you [onboarded Microsoft Sentinel to the Defender portal](microsoft-sentinel-onboard.md) and deployed the Microsoft Sentinel solution for SAP applications, you can also deploy automatic attack disruption for SAP.
-
-For example, deploy attack disruption for SAP to contain compromised assets by locking suspicious SAP users in case of a financial process manipulation attack.
-
-After the risk is mitigated, Microsoft Defender admins can manually unlock the users that had been automatically locked by the attack disruption response. The ability to manually unlock users is available from the Microsoft Defender action center, and only for users that were locked by attack disruption.
-
-To use attack disruption for SAP, deploy a new data connector agent, or make sure that your agent is using version 90847355 or higher, and then assign and apply the required Azure and SAP roles. For more information, see:
-
-- [Deploy and configure the container hosting the SAP data connector agent](/azure/sentinel/sap/deploy-data-connector-agent-container)
-- [Update Microsoft Sentinel's SAP data connector agent](/azure/sentinel/sap/update-sap-data-connector), especially [Update your system for automatic attack disruption](/azure/sentinel/sap/update-sap-data-connector#update-your-data-connector-agent-for-attack-disruption).
-
-While you configure attack disruption in the Azure portal and your SAP system, automatic attack disruption itself surfaces only in the Microsoft Defender portal.
-
 ## Identify when an attack disruption happens in your environment
 
 The Defender XDR incident page will reflect the automatic attack disruption actions through the attack story and the status indicated by a yellow bar (Figure 1). The incident shows a dedicated disruption tag, highlight the status of the assets contained in the incident graph, and add an action to the Action Center.
diff --git a/unified-secops-platform/gov-support.md b/unified-secops-platform/gov-support.md
@@ -5,7 +5,7 @@ author: batamig
 ms.author: bagol
 ms.service: unified-secops-platform
 ms.topic: concept-article #Don't change.
-ms.date: 03/11/2025
+ms.date: 06/22/2025
 ms.collection:
 - usx-security
 
@@ -26,8 +26,6 @@ This article provides information about support for US Government customers by u
   
 - Features still in preview are available only in the commercial cloud.
 
-While [automatic attack disruption](/defender-xdr/automatic-attack-disruption) with Microsoft Defender XDR is generally available, [SAP support for attack disruption](/defender-xdr/automatic-attack-disruption) with Microsoft Sentinel and Microsoft Defender XDR is available only in the commercial cloud.
-
 For more information, see:
 
 - [Microsoft Defender XDR for US Government customers](/defender-xdr/usgov)
