Merge branch 'main' of https://github.com/MicrosoftDocs/defender-docs-pr into WI448401-non-interactive-sign-in-activities-visible-in-mda

Author: DeCohen

ATPDocs/deploy/deploy-defender-identity.md

@@ -31,7 +31,7 @@ Identify your architecture and your requirements, and then use the table below t
 > [!NOTE]
 > The Defender for Identity sensor version 3.x is still in preview and has some limited functionality compared to version 2.x. Keep these limitations in mind before activating the sensor.
 > The Defender for Identity sensor v3.x:
-> - Requires that Defender for Endpoint is deployed on your endpoints
+> - Requires that Defender for Endpoint is deployed
 > - Doesn't currently support VPN integration
 > - Doesn't currently support ExpressRoute
 > - Doesn't currently offer full functionality of health alerts, posture recommendations, security alerts or advanced hunting data.

ATPDocs/deploy/prerequisites-sensor-version-3.md

@@ -14,7 +14,7 @@ This article describes the requirements for installing the Microsoft Defender fo
 
 Before activating the Defender for Identity sensor v3.x, note that this version of the sensor is still in preview and has some limited functionality compared to version 2.x. Keep these limitations in mind before activating the sensor.
 The Defender for Identity sensor v3.x:
- - Requires that Defender for Endpoint is deployed on your endpoints
+ - Requires that Defender for Endpoint is deployed
  - Doesn't currently support VPN integration
  - Doesn't currently support ExpressRoute
  - Doesn't currently offer full functionality of health alerts, posture recommendations, security alerts or advanced hunting data.

ATPDocs/health-alerts.md

@@ -1,14 +1,17 @@
 ---
 title: Microsoft Defender for Identity notifications
 description: Learn how to use and configure Microsoft Defender for Identity notifications in Microsoft Defender XDR.
-ms.date: 09/03/2023
+ms.date: 07/10/2025
 ms.topic: how-to
 #CustomerIntent: As a Defender for Identity user, I want to learn how to work with Defender for Identity notifications to make sure I'm up to date about events detected by Defender for Identity.
 ms.reviewer: LiorShapiraa
 ---
 
 # Defender for Identity notifications in Microsoft Defender XDR
 
+>[!NOTE]
+>This feature is currently supported only by the Defender for Identity sensor version 2.x.
+
 Microsoft Defender for Identity provides notifications for health issues and security alerts, either via email notifications or to a Syslog server.
 
 This article describes how to configure Defender for Identity notifications so that you're aware of any health issues or security alerts detected.

ATPDocs/notifications.md

@@ -1,7 +1,7 @@
 ---
 title: Manage and update sensors
 description: Learn how to manage and update your Microsoft Defender for Identity sensors.
-ms.date: 01/29/2023
+ms.date: 07/10/2025
 ms.topic: how-to
 ms.reviewer: rlitinsky
 ---
@@ -104,6 +104,9 @@ The sensors page provides the following information about each sensor:
 
   * Disabled
 
+    >[!NOTE]
+    >This feature is supported only by the Defender for Identity sensor version 2.x.
+
 * **Health status**: Displays the overall health status of the sensor with a colored icon representing the highest severity open health alert. Possible values are:
 
   * **Healthy (green icon)**: No opened health issues
@@ -143,6 +146,8 @@ Defender for Identity sensors support two kinds of updates:
 > * Defender for Identity sensors always reserve at least 15% of the available memory and CPU available on the domain controller where it is installed. If the Defender for Identity service consumes too much memory, the service is automatically stopped and restarted by the Defender for Identity sensor updater service.
 
 ### Delayed sensor update
+>[!NOTE]
+>This feature is supported only by the Defender for Identity sensor version 2.x.
 
 Given the rapid speed of ongoing Defender for Identity development and release updates, you may decide to define a subset group of your sensors as a delayed update ring, allowing for a gradual sensor update process. Defender for Identity enables you to choose how your sensors are updated and set each sensor as a **Delayed update** candidate.
 

ATPDocs/sensor-settings.md

@@ -1,7 +1,7 @@
 ---
 title: Uninstall the sensor
 description: This article describes how to uninstall the Microsoft Defender for Identity sensor from domain controllers.
-ms.date: 07/02/2025
+ms.date: 07/07/2025
 ms.topic: how-to
 ms.reviewer: rlitinsky
 ---
@@ -22,21 +22,24 @@ Deactivating Defender for Identity capabilities from your domain controller does
 
 ## Delete a sensor
 
+### For sensor v3.x
 1. In the [Microsoft Defender portal](https://security.microsoft.com), go to **Settings** > **Identities** > **Sensors**.
-1. Select the domain controller where you want to deactivate Defender for Identity capabilities, select **Delete**, and confirm your selection.
+2. Select the domain controller where you want to deactivate Defender for Identity capabilities, select **Delete**, and confirm your selection.
 
-    ![Screenshot that shows how to delete a sensor.](media/screenshot-that-shows-how-to-delete-a-sensor.png)
+   :::image type="content" source="media/screenshot-that-shows-how-to-delete-a-sensor.png" alt-text="Screenshot that shows how to delete a sensor." lightbox="media/screenshot-that-shows-how-to-delete-a-sensor.png":::
 
-## Uninstall a sensor v2.x from a domain controller
+    >[!NOTE]
+    >This action removes the v3.x sensor and stops monitoring on that domain controller.   
 
-The following steps describe how to uninstall a sensor v2.x from a domain controller.
-
-1. Sign in to the domain controller with administrative privileges.
-1. From the Windows **Start** menu, select **Settings** > **Control Panel** > **Add/ Remove Programs**.
-1. Select the sensor installation, select **Uninstall**, and follow the instructions to remove the sensor.
+## Delete and uninstall a sensor v2.x from a domain controller
 
 > [!IMPORTANT]
 > We recommend removing the sensor from the domain controller before demoting the domain controller.
+> 
+1. Sign in to the domain controller with administrative privileges.
+2. From the Windows **Start** menu, select **Settings** > **Control Panel** > **Add/ Remove Programs**.
+3. Select the sensor installation, select **Uninstall**, and follow the instructions to remove the sensor.
+4. After uninstallation is complete, go to the Microsoft Defender portal > Settings > Identities > Sensors, select the domain controller, and choose Delete.
 
 ## Remove an orphaned sensor
 

ATPDocs/uninstall-sensor.md

@@ -1,14 +1,17 @@
 ---
 title: VPN integration | Microsoft Defender for Identity
 description: Learn how to collect accounting information by integrating a VPN for Microsoft Defender for Identity in Microsoft Defender XDR.
-ms.date: 08/31/2023
+ms.date: 07/10/2025
 ms.topic: how-to
 #CustomerIntent: As a Defender for Identity user, I want to learn how to collect accounting information from VPN solutions. 
 ms.reviewer: martin77s
 ---
 
 # Defender for Identity VPN integration in Microsoft Defender XDR
 
+>[!NOTE]
+>This feature is currently supported only by the Defender for Identity sensor version 2.x.
+
 Microsoft Defender for Identity can integrate with your VPN solution by listening to RADIUS accounting events forwarded to Defender for Identity sensors, such as the IP addresses and locations where connections originated. VPN accounting data can help your investigations by providing more information about user activity, such as the locations from where computers are connecting to the network, and an extra detection for abnormal VPN connections.
 
 Defender for Identity's VPN integration is based on standard RADIUS Accounting ([RFC 2866](https://tools.ietf.org/html/rfc2866)), and supports the following VPN vendors: