Merge pull request #4167 from MicrosoftDocs/main

m365-skilling-repo-management[bot] · web-flow · commit 6e7df7fa4108 · 2025-06-09T11:30:59.000Z
[AutoPublish] main to live - 06/09 04:29 PDT | 06/09 16:59 IST
diff --git a/ATPDocs/deploy/activate-capabilities.md b/ATPDocs/deploy/activate-capabilities.md
@@ -87,44 +87,47 @@ Activate the Defender for Identity from the [Microsoft Defender portal](https://
 
 1. Select the domain controller where you want to activate the Defender for Identity capabilities and then select **Activate**. Confirm your selection when prompted. 
 
-    :::image type="content" source="media/activate-capabilities/1.jpg" lightbox="media/activate-capabilities/1.jpg" alt-text="Screenshot that shows how to activate the new sensor.":::
+   [![Screenshot that shows how to activate the new sensor.](media/activate-capabilities/1.jpg)](media/activate-capabilities/1.jpg#lightbox)
 
-    > [!NOTE]
-    > You can choose to activate eligible domain controllers either automatically, where Defender for Identity activates them as soon as they're discovered, or manually, where you select specific domain controllers from the list of eligible servers.
+   
+> [!NOTE]
+> You can choose to activate eligible domain controllers either automatically, where Defender for Identity activates them as soon as they're discovered, or manually, where you select specific domain controllers from the list of eligible servers.
 
 1. When the activation is complete, a green success banner shows. In the banner, select **Click here to see the onboarded servers** to jump to the **Settings > Identities > Sensors** page, where you can check your sensor health.  
 
-    :::image type="content" source="media/activate-capabilities/2.jpg" lightbox="media/activate-capabilities/2.jpg" alt-text="Screenshot that shows how to see the onboarded servers.":::
+    
+    [![Screenshot that shows how to see the onboarded servers.](media/activate-capabilities/2.jpg)](media/activate-capabilities/2.jpg#lightbox)
    
 ### Customers without domain controllers onboarded to Defender for Endpoint 
 
 ### Connectivity requirements
 
-Defender for Identity capabilities directly on domain controllers use Defender for Endpoint URL endpoints for communication, including simplified URLs.
+Defender for Identity capabilities directly on domain controllers use Defender for Endpoint URL endpoints for communication, including streamlined URLs.
 
-For more information, see [Configure your network environment to ensure connectivity with Defender for Endpoint](/microsoft-365/security/defender-endpoint/configure-environment##enable-access-to-microsoft-defender-for-endpoint-service-urls-in-the-proxy-server).
+For more information, see [Configure your network environment to ensure connectivity with Defender for Endpoint](/microsoft-365/security/defender-endpoint/configure-environment##enable-access-to-microsoft-defender-for-endpoint-service-urls-in-the-proxy-server), [Configure connectivity using streamlined connection](/microsoft-365/security/defender-endpoint/configure-device-connectivity#option-1-configure-connectivity-using-the-simplified-domain).
 
 ### Onboard Defender for Identity capabilities
 
 Download the Defender for Identity onboarding package from the [Microsoft Defender portal](https://security.microsoft.com)
 
 1. Navigate to **System** > **Settings** > **Identities** > **Activation**.
 
-1. Select Download onboarding package and save the file in a location you can access from your domain controller.
-
-    :::image type="content" source="media/activate-capabilities/screenshot-that-shows-how-to-onboard-the-new-sensor.png" alt-text="Screenshot that shows how to onboard the new sensor" lightbox="media/activate-capabilities/screenshot-that-shows-how-to-onboard-the-new-sensor.png":::
+2. Select Download onboarding package and save the file in a location you can access from your domain controller.
 
-1. From the domain controller, extract the zip file you downloaded from the Microsoft Defender portal, and run the `DefenderForIdentityOnlyOnboardingScript.cmd` script as an Administrator.
+   
+   [![Screenshot that shows how to onboard the new sensor.](media/activate-capabilities/screenshot-that-shows-how-to-onboard-the-new-sensor.png)](media/activate-capabilities/screenshot-that-shows-how-to-onboard-the-new-sensor.png#lightbox)
+   
+3. From the domain controller, extract the zip file you downloaded from the Microsoft Defender portal, and run the `DefenderForIdentityOnlyOnboardingScript.cmd` script as an Administrator.
 
-<img width="474" alt="Screenshot that shows the script." src="https://github.com/user-attachments/assets/ff2d73d4-7285-403e-979a-520e05cbf1d1" />
+   [![screenshot that shows the onboarding script.](media/activate-capabilities/screenshot-2025-06-04-170500.png)](media/activate-capabilities/screenshot-2025-06-04-170500.png#lightbox)
 
 ## Onboarding Confirmation 
 
 To confirm the sensor has been onboarded: 
 
 1. Navigate to **System** > **Settings** > **Identities** > **Sensors**.
 
-1. Check that the onboarded domain controller is listed. 
+2. Check that the onboarded domain controller is listed. 
 
     > [!NOTE]
     > The onboarding doesn't require a restart/reboot. The first time you activate Defender for Identity capabilities on your domain controller, it may take up to an hour for the first sensor to show as **Running** on the **Sensors** page. Subsequent activations are shown within five minutes.
@@ -242,7 +245,7 @@ If you want to deactivate Defender for Identity capabilities on your domain cont
 1. Select the domain controller where you want to deactivate Defender for Identity capabilities, select **Delete**, and confirm your selection.
 
     ![Screenshot that shows how to delete a sensor.](media/activate-capabilities/screenshot-that-shows-how-to-delete-a-sensor.png)
-
+   
 Deactivating Defender for Identity capabilities from your domain controller doesn't remove the domain controller from Defender for Endpoint. For more information, see [Defender for Endpoint documentation](/microsoft-365/security/defender-endpoint/).
 
 ### Customers without domain controllers onboarded to Defender for Endpoint 
diff --git a/ATPDocs/deploy/media/activate-capabilities/screenshot-2025-06-04-170500.png b/ATPDocs/deploy/media/activate-capabilities/screenshot-2025-06-04-170500.png
diff --git a/CloudAppSecurityDocs/protect-workplace.md b/CloudAppSecurityDocs/protect-workplace.md
@@ -2,7 +2,7 @@
 title:       Protect your Workplace environment | Microsoft Defender for Cloud Apps
 description: Learn how about connecting your Workplace app to Defender for Cloud Apps using the API connector.
 ms.topic:    how-to
-ms.date: 12/08/2024
+ms.date: 06/09/2025
 ---
 
 # How Defender for Cloud Apps helps protect your Workplace environment (Preview)
@@ -59,44 +59,8 @@ For more information, see:
 
 ## Connect Workplace to Microsoft Defender for Cloud Apps
 
-This section provides instructions for connecting Microsoft Defender for Cloud Apps to your existing Workplace account using the App Connector APIs. This connection gives you visibility into and control over your organization's Workplace use.
-
-   > [!NOTE]
-   > The Workplace API connector is rolling out gradually. If you don't see the connector yet in your environment and want to onboard soon, please fill the [Workplace API connector intake form](https://forms.microsoft.com/r/euj3pEmiM4).
-
-**Prerequisites**:
-
-- You must be signed-in as a system admin to Workplace by Meta.
-
-   > [!NOTE]
-   > A Workplace account can be connected to a single instance of Defender for Cloud Apps. Please make sure that your Workplace account is not connected to any other Defender for Cloud Apps instance.
-
-**To connect Workplace to Defender for Cloud Apps**:
-
-1. In the Microsoft Defender Portal, select **Settings**. Then choose **Cloud Apps**. Under **Connected apps**, select **App Connectors**.
-1. In the **App connectors** page, select **+Connect an app**, by **Workplace by Meta**.
-1. In the pop-up, give the connector a descriptive name, and select **Next**.
-   ![Give connector a name.](media/workplace-connector.png)
-
-1. In the **External Link** page, select **Connect Workplace by Meta**:
-   ![Connect to Workplace.](media/connect-workplace.png)
-
-1. You'll be redirected to Workplace by Meta page.
-
-   >[!NOTE]
-   >Make sure you are logged into Workplace as System admin.
-
-1. On the Workplace authorization page, make sure to choose the correct organization from the dropdown.
-
-1. In the app consent page, make sure to choose **All groups** and then select **Add to Workplace.**
-1. In the Microsoft Defender Portal, select **Settings**. Then choose **Cloud Apps**. Under **Connected apps**, select **App Connectors**. Make sure the status of the connected App Connector is **Connected**.
-
-   > [!NOTE]
-   >
-   > - The first connection can take up to 4 hours to get all users and their activities.
-   > - The activities that will show are the activities that were generated from the moment the connector is connected.
-   > - After the connector's **Status** is marked as **Connected**, the connector is live and works.
-   > - Before deleting the app in Workplace, make sure to disconnect the connector in Defender for Cloud Apps.
+> [!NOTE]
+> Due to the [planned deprecation](https://www.workplace.com/help/work/1167689491269151) by Meta of Workplace from Meta, we no longer support new connections to the Workplace from Meta API connector. If you have an existing Workplace from Meta connection, it will continue to work as expected.
 
 ## Next steps
 
