Merge branch 'main' into maccruz-cdidentity

Author: Stacyrch140

defender-business/get-defender-business.md

@@ -84,7 +84,7 @@ Microsoft 365 Business Premium includes Defender for Business, Microsoft Defende
 
 Microsoft has a list of solution providers who are authorized to sell offerings, including Microsoft 365 Business Premium and Microsoft Defender for Business. If you'd prefer to work with a Microsoft partner, you can follow these steps to find a solution provider in your area:
 
-1. Go to the [Browse Partners](https://appsource.microsoft.com/marketplace/partner-dir).
+1. Go to the [Browse Partners](https:/appsource.microsoft.com/marketplace/partner-dir).
 
 2. In the **Filters** pane, specify search criteria, such as:
 

defender-business/mdb-streaming-api.md

@@ -28,7 +28,7 @@ If your organization has a Security Operations Center (SOC), the ability to use
 - [Azure Event Hubs](#use-the-streaming-api-with-event-hubs), a modern big data streaming platform and event ingestion service that can seamlessly integrate with other Azure and Microsoft services, such as Stream Analytics, Power BI, and Event Grid, along with outside services like Apache Spark.
 - [Azure Storage](/azure/storage/common/storage-introduction), Microsoft's cloud storage solution for modern data storage scenarios, with highly available, massively scalable, durable, and secure storage for a variety of data objects in the cloud. 
 
-With the streaming API, you can use [advanced hunting](/defender/advanced-hunting-overview) and [attack detection](/defender-endpoint/overview-endpoint-detection-response) with Defender for Business and Microsoft 365 Business Premium. The streaming API enables SOCs to view more data about devices, understand better how an attack occurred, and take steps to improve device security.
+With the streaming API, you can use [advanced hunting](/defender-xdr/advanced-hunting-overview) and [attack detection](/defender-endpoint/overview-endpoint-detection-response) with Defender for Business and Microsoft 365 Business Premium. The streaming API enables SOCs to view more data about devices, understand better how an attack occurred, and take steps to improve device security.
 
 ## Use the streaming API with Microsoft Sentinel
 
@@ -87,7 +87,7 @@ Here's what the schema of events in Azure Event Hubs looks like:
 }
 ```
 
-Each event hub message in Azure Event Hubs contains a list of records. Each record contains the event name, the time Defender for Business received the event, the tenant to which it belongs (you get events from your tenant only), and the event in JSON format in a property called "**properties**". For more information about the schema, see [Proactively hunt for threats with advanced hunting in Microsoft Defender XDR](/defender/advanced-hunting-overview).
+Each event hub message in Azure Event Hubs contains a list of records. Each record contains the event name, the time Defender for Business received the event, the tenant to which it belongs (you get events from your tenant only), and the event in JSON format in a property called "**properties**". For more information about the schema, see [Proactively hunt for threats with advanced hunting in Microsoft Defender XDR](/defender-xdr/advanced-hunting-overview).
 
 ## Use the streaming API with Azure Storage
 
@@ -122,7 +122,7 @@ A blob container is created for each event type. The schema of each row in a blo
   }
   ```
 
-Each blob contains multiple rows. Each row contains the event name, the time Defender for Business received the event, the tenant to which it belongs (you get events from your tenant only), and the event in JSON format properties. For more information about the schema of Microsoft Defender for Endpoint events, see [Proactively hunt for threats with advanced hunting in Microsoft Defender XDR](/defender/advanced-hunting-overview).
+Each blob contains multiple rows. Each row contains the event name, the time Defender for Business received the event, the tenant to which it belongs (you get events from your tenant only), and the event in JSON format properties. For more information about the schema of Microsoft Defender for Endpoint events, see [Proactively hunt for threats with advanced hunting in Microsoft Defender XDR](/defender-xdr/advanced-hunting-overview).
 
 ## See also
 

defender-endpoint/api/raw-data-export-event-hub.md

@@ -81,7 +81,7 @@ ms.date: 10/24/2023
 
 - Each record contains the event name, the time Microsoft Defender for Endpoint received the event, the tenant it belongs (you will only get events from your tenant), and the event in JSON format in a property called "**properties**".
 
-- For more information about the schema of Microsoft Defender for Endpoint events, see [Advanced Hunting overview](/defender/advanced-hunting-overview).
+- For more information about the schema of Microsoft Defender for Endpoint events, see [Advanced Hunting overview](/defender-xdr/advanced-hunting-overview).
 
 - In Advanced Hunting, the **DeviceInfo** table has a column named **MachineGroup** which contains the group of the device. Here every event will be decorated with this column as well. See [Device Groups](../machine-groups.md) for more information.
     > [!NOTE]
@@ -109,7 +109,7 @@ To get the data types for event properties do the following:
 
 - [Stream Microsoft Defender XDR events | Microsoft Learn](/defender-xdr/streaming-api)
 
-- [Overview of Advanced Hunting](/defender/advanced-hunting-overview)
+- [Overview of Advanced Hunting](/defender-xdr/advanced-hunting-overview)
 - [Microsoft Defender for Endpoint streaming API](raw-data-export.md)
 - [Stream Microsoft Defender for Endpoint events to your Azure storage account](raw-data-export-storage.md)
 - [Azure Event Hubs documentation](/azure/event-hubs/)

defender-endpoint/api/raw-data-export-storage.md

@@ -77,7 +77,7 @@ ms.date: 12/18/2020
 
 - Each row contains the event name, the time Defender for Endpoint received the event, the tenant it belongs (you get events only from your tenant), and the event in JSON format in a property called "properties".
 
-- For more information about the schema of Microsoft Defender for Endpoint events, see [Advanced Hunting overview](/defender/advanced-hunting-overview).
+- For more information about the schema of Microsoft Defender for Endpoint events, see [Advanced Hunting overview](/defender-xdr/advanced-hunting-overview).
 
 - In Advanced Hunting, the **DeviceInfo** table has a column named **MachineGroup** which contains the group of the device. Here, every event is decorated with this column as well. For more information, see [Device Groups](../machine-groups.md).
     > [!NOTE]
@@ -105,7 +105,7 @@ In order to get the data types for our events properties do the following:
 
 - [Stream Microsoft Defender XDR events | Microsoft Learn](/defender-xdr/streaming-api)
 
-- [Overview of Advanced Hunting](/defender/advanced-hunting-overview)
+- [Overview of Advanced Hunting](/defender-xdr/advanced-hunting-overview)
 - [Microsoft Defender for Endpoint Streaming API](raw-data-export.md)
 - [Stream Microsoft Defender for Endpoint events to your Azure storage account](raw-data-export-storage.md)
 - [Azure Storage Account documentation](/azure/storage/common/storage-account-overview)

defender-endpoint/api/raw-data-export.md

@@ -37,22 +37,22 @@ ms.date: 12/18/2020
 
 ## Stream Advanced Hunting events to Event Hubs and/or Azure storage account
 
-Microsoft Defender for Endpoint supports streaming events available through [Advanced Hunting](/defender/advanced-hunting-overview) to an [Event Hubs](/azure/event-hubs/) and/or [Azure storage account](/azure/storage/common/storage-account-overview).
+Microsoft Defender for Endpoint supports streaming events available through [Advanced Hunting](/defender-xdr/advanced-hunting-overview) to an [Event Hubs](/azure/event-hubs/) and/or [Azure storage account](/azure/storage/common/storage-account-overview).
 
 > [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4r4ga]
 
 ## In this section
 
 Topic|Description
 :---|:---
-[Stream Microsoft Defender for Endpoint events to Azure Event Hubs](raw-data-export-event-hub.md)|Learn about enabling the streaming API in your tenant and configure Defender for Endpoint to stream [Advanced Hunting](/defender/advanced-hunting-overview) to Event Hubs.
-[Stream Defender for Endpoint events to your Azure storage account](raw-data-export-storage.md)|Learn about enabling the streaming API in your tenant and configure Defender for Endpoint to stream [Advanced Hunting](/defender/advanced-hunting-overview) to your Azure storage account.
+[Stream Microsoft Defender for Endpoint events to Azure Event Hubs](raw-data-export-event-hub.md)|Learn about enabling the streaming API in your tenant and configure Defender for Endpoint to stream [Advanced Hunting](/defender-xdr/advanced-hunting-overview) to Event Hubs.
+[Stream Defender for Endpoint events to your Azure storage account](raw-data-export-storage.md)|Learn about enabling the streaming API in your tenant and configure Defender for Endpoint to stream [Advanced Hunting](/defender-xdr/advanced-hunting-overview) to your Azure storage account.
 
 ## Related topics
 
 - [Stream Microsoft Defender XDR events | Microsoft Learn](/defender-xdr/streaming-api)
 
-- [Overview of Advanced Hunting](/defender/advanced-hunting-overview)
+- [Overview of Advanced Hunting](/defender-xdr/advanced-hunting-overview)
 - [Azure Event Hubs documentation](/azure/event-hubs/)
 - [Azure Storage Account documentation](/azure/storage/common/storage-account-overview)
 [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../../includes/defender-mde-techcommunity.md)]

defender-endpoint/attack-surface-reduction-rules-report.md

@@ -221,7 +221,7 @@ The following image illustrates how the Advanced Hunting query page opens from t
 
 >:::image type="content" source="media/attack-surface-reduction-rules-report-main-detections-flyout-hunting.png" alt-text="Shows the attack surface reduction rules report main detections tab flyout link opening Advanced Hunting" lightbox="media/attack-surface-reduction-rules-report-main-detections-flyout-hunting.png":::
 
-For more information about Advanced hunting, see [Proactively hunt for threats with advanced hunting in Microsoft Defender XDR](/defender/advanced-hunting-overview)
+For more information about Advanced hunting, see [Proactively hunt for threats with advanced hunting in Microsoft Defender XDR](/defender-xdr/advanced-hunting-overview)
 
 ### Attack surface reduction rules main Configuration tab
 

defender-endpoint/attack-surface-reduction.md

@@ -124,7 +124,7 @@ You can use advanced hunting to view attack surface reduction events. To streaml
 
 For example, suppose that an attack surface reduction event occurs on 10 devices during the 2:00 PM hour. Suppose that the first event occurred at 2:15, and the last at 2:45. With advanced hunting, you see one instance of that event (even though it actually occurred on 10 devices), and its timestamp will be 2:15 PM.
 
-For more information about advanced hunting, see [Proactively hunt for threats with advanced hunting](/defender/advanced-hunting-overview).
+For more information about advanced hunting, see [Proactively hunt for threats with advanced hunting](/defender-xdr/advanced-hunting-overview).
 
 ## Attack surface reduction features across Windows versions
 

defender-endpoint/autoir-investigation-results.md

@@ -55,7 +55,7 @@ The improved [Action center](auto-investigation-action-center.md) brings togethe
    - Select **Open investigation page** to view more details about the investigation.
    - Select **Approve** to initiate a pending action.
    - Select **Reject** to prevent a pending action from being taken.
-   - Select **Go hunt** to go into [Advanced hunting](/defender/advanced-hunting-overview).
+   - Select **Go hunt** to go into [Advanced hunting](/defender-xdr/advanced-hunting-overview).
 
 ### Open an investigation from an incident details page
 

defender-endpoint/controlled-folders.md

@@ -46,7 +46,7 @@ Controlled folder access helps protect your valuable data from malicious apps an
 Controlled folder access works best with [Microsoft Defender for Endpoint](microsoft-defender-endpoint.md), which gives you detailed reporting into controlled folder access events and blocks as part of the usual [alert investigation scenarios](investigate-alerts.md).
 
 > [!TIP]
-> Controlled folder access blocks don't generate alerts in the [Alerts queue](alerts-queue.md). However, you can view information about controlled folder access blocks in the [device timeline view](investigate-machines.md), while using [advanced hunting](/defender/advanced-hunting-overview), or with [custom detection rules](/defender-xdr/custom-detection-rules).
+> Controlled folder access blocks don't generate alerts in the [Alerts queue](alerts-queue.md). However, you can view information about controlled folder access blocks in the [device timeline view](investigate-machines.md), while using [advanced hunting](/defender-xdr/advanced-hunting-overview), or with [custom detection rules](/defender-xdr/custom-detection-rules).
 
 ## How does controlled folder access work?
 
@@ -108,7 +108,7 @@ Controlled folder access requires enabling [Microsoft Defender Antivirus real-ti
 
 Defender for Endpoint provides detailed reporting into events and blocks as part of its [alert investigation scenarios](investigate-alerts.md) in the Microsoft Defender portal; see [Microsoft Defender for Endpoint in Microsoft Defender XDR](/defender-xdr/microsoft-365-security-center-mde).
 
-You can query Microsoft Defender for Endpoint data by using [Advanced hunting](/defender/advanced-hunting-overview). If you're using [audit mode](overview-attack-surface-reduction.md), you can use [advanced hunting](/defender/advanced-hunting-overview) to see how controlled folder access settings would affect your environment if they were enabled.
+You can query Microsoft Defender for Endpoint data by using [Advanced hunting](/defender-xdr/advanced-hunting-overview). If you're using [audit mode](overview-attack-surface-reduction.md), you can use [advanced hunting](/defender-xdr/advanced-hunting-overview) to see how controlled folder access settings would affect your environment if they were enabled.
 
 Example query:
 

defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md

@@ -193,7 +193,7 @@ DeviceEvents
 | where ThreatName startswith_cs 'PUA:'
 ```
 
-To learn more about advanced hunting, see [Proactively hunt for threats with advanced hunting](/defender/advanced-hunting-overview).
+To learn more about advanced hunting, see [Proactively hunt for threats with advanced hunting](/defender-xdr/advanced-hunting-overview).
 
 ## Exclude files from PUA protection