Merge branch 'main' into chrisda

Author: chrisda

defender-endpoint/linux-whatsnew.md

@@ -41,6 +41,9 @@ This article is updated frequently to let you know what's new in the latest rele
 >
 > If you have any concerns or need assistance during this transition, contact support.
 
+> [!NOTE]  
+> Defender for Endpoint on Linux is updated regularly. While security fixes are included as part of monthly releases, the fixes aren't always listed as a separate **Security Patch** item in these notes. If a release contains security-related updates, the updates are listed in this article under [Releases for Defender for Endpoint on Linux](#releases-for-defender-for-endpoint-on-linux) in the specific version section. For detailed information on Microsoft security updates, see the [Microsoft Security Update Guide](https://msrc.microsoft.com/update-guide).
+
 ## Releases for Defender for Endpoint on Linux
 
 ### September-2025 Build: 101.25082.0003 | Release version: 30.125082.0003.0
@@ -1426,8 +1429,7 @@ As an alternative approach, follow the instructions to [uninstall](linux-resourc
 
 #### What's new
 
-- This version contains a security update for [CVE-2022-23278](https://msrc-blog.microsoft.com/2022/03/08/guidance-for-cve-2022-23278-spoofing-in-microsoft-defender-for-endpoint/)
-
+- This version contains a security update for [CVE-2022-23278](https://www.microsoft.com/msrc/blog/2022/03/guidance-for-cve-2022-23278-spoofing-in-microsoft-defender-for-endpoint).
 
 ### Mar-2022 Build: 101.60.05 | Release version: 30.122012.16005.0
 

defender-for-identity/deploy/prerequisites-sensor-version-3.md

@@ -14,7 +14,7 @@ This article describes the requirements for installing the Microsoft Defender fo
 
 Before activating the Defender for Identity sensor v3.x, note that this version of the sensor is still in preview and has some limited functionality compared to version 2.x. Keep these limitations in mind before activating the sensor.
 The Defender for Identity sensor v3.x:
- - Requires that Defender for Endpoint is deployed
+- Requires that Defender for Endpoint is deployed
  - Can't be activated on a server that has a Defender for Identity sensor V2.x already deployed
  - Doesn't currently support VPN integration
  - Doesn't currently support ExpressRoute
@@ -62,6 +62,29 @@ The following table describes memory requirements on the server used for the Def
 
 > [!IMPORTANT]
 > When running as a virtual machine, all memory must be allocated to the virtual machine at all times.
+## Configure Unified Sensor to support advanced identity detections
+
+Applying the **Unified Sensor RPC Audit** tag enables a new, tested capability on the machine, improving security visibility and unlocking additional identity detections. Once applied, the configuration is enforced on **existing and future devices** that match the rule criteria. The tag itself is visible in the Device Inventory, providing admins with transparency and auditing capabilities.
+
+**Steps to apply the configuration:**
+
+1. In the **Microsoft Defender portal**, navigate to: **System > Settings > Microsoft Defender XDR > Asset Rule Management**.
+2. Create a new rule.
+3. In the side panel:
+
+   1. Select a **name** for the rule.
+   
+   1. Set **rule conditions** using `Device name`, `Domain`, or `Device tag` to target the desired machines.
+   
+   1. Ensure that the **Defender for Identity V3.x sensor** is already deployed on the selected devices.
+    
+   1. Matching should primarily target **domain controllers** with the V3.x sensor installed.
+    
+1. **Add the tag** `Unified Sensor RPC Audit` to the selected devices.  
+
+1. Click **Submit** to save the rule.
+
+   Offboarding a device from this configuration can be done by **deleting the asset rule** or **modifying the rule conditions** so the device no longer matches.
 
 ## Configure Windows auditing
 

defender-xdr/security-copilot-in-microsoft-365-defender.md

@@ -1,5 +1,5 @@
 ---
-title: Microsoft Copilot in Microsoft Defender
+title: Microsoft Security Copilot in Microsoft Defender
 description: Learn about Microsoft Security Copilot capabilities embedded in Microsoft Defender.
 ms.service: defender-xdr
 f1.keywords:
@@ -26,14 +26,14 @@ appliesto:
 #customer intent: As a security analyst, I want to learn about Microsoft Security Copilot capabilities embedded in Microsoft Defender so that I can use them to perform my security tasks efficiently.
 ---
 
-# Microsoft Copilot in Microsoft Defender
+# Microsoft Security Copilot in Microsoft Defender
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
 > [!NOTE]
 > Microsoft Defender XDR provides a unified XDR experience for Microsoft Defender for Endpoint, Microsoft Defender for Identity, Microsoft Defender for Office 365, Microsoft Defender for Cloud Apps, and Microsoft Defender for Vulnerability Management. Learn more about this pre- and post-breach defense suite in [What is Microsoft Defender XDR?](microsoft-365-defender.md)
 
-This article provides an overview for users of Microsoft Copilot in Microsoft Defender, including steps to access, key capabilities, and links to the details of these capabilities.
+This article provides an overview for users of Microsoft Security Copilot in Microsoft Defender, including steps to access, key capabilities, and links to the details of these capabilities.
 
 ## Know before you begin
 
@@ -46,7 +46,7 @@ If you're new to Security Copilot, you should familiarize yourself with it by re
 - [Prompting in Security Copilot](/security-copilot/prompting-security-copilot)
 - [Responsible AI FAQs](responsible-ai-copilot-defender.md)
 
-## Microsoft Copilot integration in Microsoft Defender
+## Microsoft Security Copilot integration in Microsoft Defender
 
 [Microsoft Security Copilot](/security-copilot/microsoft-security-copilot) brings together the power of AI and human expertise to help security teams respond to attacks faster and more effectively. Security Copilot is embedded in the Microsoft Defender portal to help provide security teams with enhanced capabilities to investigate and respond to incidents, hunt for threats, and protect their organization with relevant threat intelligence. Copilot in Defender is available to users who have provisioned access to Security Copilot.