Merge branch 'main' into ADO-9394814-ATADocs

garycentric · web-flow · commit 71f0003e8aa5 · 2024-10-22T16:25:14.000-07:00
diff --git a/defender-vulnerability-management/defender-vulnerability-management-trial.md b/defender-vulnerability-management/defender-vulnerability-management-trial.md
@@ -14,7 +14,7 @@ ms.collection:
 - Tier1
 ms.topic: conceptual
 search.appverid: met150
-ms.date: 04/02/2024
+ms.date: 10/22/2024
 ---
 
 # About the Microsoft Defender Vulnerability Management trial
@@ -68,10 +68,6 @@ As a Global Administrator, you can start the trial or you can allow to users sta
 
 It can take a few hours for the changes to take effect. Once it does, return to the trial setup page and select **Begin trial**.
 
-## Licensing
-
-As part of the trial setup, the new Defender Vulnerability Management trial licenses will be applied to users automatically. Therefore, no assignment is needed (_The trial can automatically apply up to 1,000,000 licenses_). The licenses are active for the duration of the trial.
-
 ## Getting started, extending, and ending the trial
 
 ### Getting started
diff --git a/defender-xdr/advanced-hunting-microsoft-defender.md b/defender-xdr/advanced-hunting-microsoft-defender.md
@@ -22,12 +22,12 @@ ms.topic: conceptual
 appliesto:
     - Microsoft Defender XDR
     - Microsoft Sentinel in the Microsoft Defender portal
-ms.date: 08/26/2024
+ms.date: 10/18/2024
 ---
 
 # Advanced hunting in the Microsoft Defender portal
 
-Advanced hunting in the unified portal allows you to view and query all data from Microsoft Defender XDR. This includes data from various Microsoft security services and Microsoft Sentinel, which includes data from non-Microsoft products, in a single platform. You can also access and use all your existing Microsoft Sentinel workspace content, including queries and functions. 
+Advanced hunting allows you to view and query all the data sources available within the Micrsoft Defender portal. The data sources might include Microsoft Defender XDR and various Microsoft security services. If you onboard Microsoft Sentinel to the Defender portal, access and use all your existing Microsoft Sentinel workspace content, including queries and functions.
 
 Querying from a single portal across different data sets makes hunting more efficient and removes the need for context-switching.
 
diff --git a/defender-xdr/advanced-hunting-modes.md b/defender-xdr/advanced-hunting-modes.md
@@ -19,7 +19,7 @@ ms.custom:
 - seo-marvel-apr2020
 ms.topic: how-to
 search.appverid: met150
-ms.date: 04/22/2024
+ms.date: 10/18/2024
 ---
 
 # Choose between guided and advanced modes to hunt in Microsoft Defender XDR
@@ -29,7 +29,7 @@ ms.date: 04/22/2024
 **Applies to:**
 - Microsoft Defender XDR
 
-You can find the **advanced hunting** page by going to the left navigation bar in Microsoft Defender XDR and selecting **Hunting** > **Advanced hunting**. If the navigation bar is collapsed, select the hunting icon ![hunting icon](/defender/media/guided-hunting/hunting-icon.png).
+You can find the **advanced hunting** page by going to the left navigation bar in the Microsoft Defender portal and selecting **Hunting** > **Advanced hunting**. If the navigation bar is collapsed, select the hunting icon ![hunting icon](/defender/media/guided-hunting/hunting-icon.png).
 
 In the **advanced hunting** page, two modes are supported:
 
diff --git a/defender-xdr/advanced-hunting-overview.md b/defender-xdr/advanced-hunting-overview.md
@@ -1,6 +1,6 @@
 ---
 title: Overview - Advanced hunting
-description: Learn about advanced hunting queries in Microsoft 365 and how to use them to proactively find threats and weaknesses in your network
+description: Learn about advanced hunting queries in Microsoft Defender and how to use them to proactively find threats and weaknesses in your network
 ms.service: defender-xdr
 ms.pagetype: security
 f1.keywords: 
@@ -19,22 +19,22 @@ ms.custom:
 - seo-marvel-apr2020
 ms.topic: overview
 search.appverid: met150
-ms.date: 04/22/2024
+ms.date: 10/18/2024
+appliesto: 
+- Microsoft Defender XDR
+- Microsoft Sentinel in the Microsoft Defender portal
 ---
 
-# Proactively hunt for threats with advanced hunting in Microsoft Defender XDR
+# Proactively hunt for threats with advanced hunting in Microsoft Defender
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
 
-**Applies to:**
-- Microsoft Defender XDR
-
 Advanced hunting is a query-based threat hunting tool that lets you explore up to 30 days of raw data. You can proactively inspect events in your network to locate threat indicators and entities. The flexible access to data enables unconstrained hunting for both known and potential threats.
 
 Advanced hunting supports two modes, guided and advanced. Use [guided mode](advanced-hunting-query-builder.md) if you are not yet familiar with Kusto Query Language (KQL) or prefer the convenience of a query builder. Use [advanced mode](advanced-hunting-query-language.md) if you are comfortable using KQL to create queries from scratch. 
 
-**To start hunting, read [Choose between guided and advanced modes to hunt in Microsoft Defender XDR](advanced-hunting-modes.md).**
+**To start hunting, read [Choose between guided and advanced modes to hunt in the Microsoft Defender portal](advanced-hunting-modes.md).**
 
 > [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4G6DO]
 
@@ -46,8 +46,9 @@ Advanced hunting supports queries that check a broader data set coming from:
 - Microsoft Defender for Office 365
 - Microsoft Defender for Cloud Apps
 - Microsoft Defender for Identity
+- Microsoft Sentinel
 
-To use advanced hunting, [turn on Microsoft Defender XDR](m365d-enable.md).
+To use advanced hunting, [turn on Microsoft Defender XDR](m365d-enable.md). Or to use advanced hunting with Microsoft Sentinel, [connect Microsoft Sentinel to the Defender portal](microsoft-sentinel-onboard.md). 
 
 
 For more information on advanced hunting in Microsoft Defender for Cloud Apps data, see the [video](https://www.microsoft.com/en-us/videoplayer/embed/RWFISa). 
diff --git a/defender-xdr/advanced-hunting-query-builder.md b/defender-xdr/advanced-hunting-query-builder.md
@@ -1,5 +1,5 @@
 ---
-title: Build queries using guided mode in Microsoft Defender XDR advanced hunting
+title: Build queries using guided mode in Microsoft Defender advanced hunting
 description: Learn how to build queries in guided mode by combining different available filters and conditions.
 search.appverid: met150
 ms.service: defender-xdr
@@ -17,10 +17,10 @@ ms.collection:
 ms.custom:
 - cx-ti
 ms.topic: how-to
-ms.date: 04/22/2024
+ms.date: 10/18/2024
 ---
 
-# Build hunting queries using guided mode in Microsoft Defender XDR
+# Build hunting queries using guided mode in Microsoft Defender
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
@@ -56,10 +56,12 @@ Selecting **All** includes data from all domains you currently have access to. N
 
 You can choose from:
 
-- All domains - to look through all available data in your query
-- Endpoints - to look through endpoint data as provided by Microsoft Defender for Endpoint
-- Apps and identities - to look through application and identity data as provided by Microsoft Defender for Cloud Apps and Microsoft Defender for Identity; users familiar with [Activity log](/defender-cloud-apps/activity-filters) can find the same data here
-- Email and collaboration - to look through email and collaboration apps data like SharePoint, OneDrive and others; users familiar with [Threat Explorer](/defender-office-365/threat-explorer-real-time-detections-about) can find the same data here
+- All domains - To look through all available data in your query.
+- Endpoints - To look through endpoint data as provided by Microsoft Defender for Endpoint.
+- Email and collaboration - To look through email and collaboration apps data like SharePoint, OneDrive and others; users familiar with [Threat Explorer](/defender-office-365/threat-explorer-real-time-detections-about) can find the same data here.
+- Apps and identities - To look through application and identity data as provided by Microsoft Defender for Cloud Apps and Microsoft Defender for Identity; users familiar with [Activity log](/defender-cloud-apps/activity-filters) can find the same data here.
+- Cloud infrastructure - To look through cloud infrastructure data as provided by Microsoft Defender for Cloud.
+- Exposure management - To look through exposure management data as provided by Microsoft Security Exposure Management.
 
 ## Use basic filters
 
@@ -177,5 +179,5 @@ Then, add another condition, this time specifying the folder or **DeliveryLocati
 
 - [Refine your query in guided mode](advanced-hunting-query-builder-details.md)
 - [Work with query results in guided mode](advanced-hunting-query-builder-results.md)
- - [Understand the schema](advanced-hunting-schema-tables.md)
+- [Understand the schema](advanced-hunting-schema-tables.md)
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/defender-m3d-techcommunity.md)]
diff --git a/defender-xdr/advanced-hunting-query-language.md b/defender-xdr/advanced-hunting-query-language.md
@@ -1,5 +1,5 @@
 ---
-title: Learn the advanced hunting query language in Microsoft Defender XDR
+title: Learn the advanced hunting query language in Microsoft Defender
 description: Create your first threat hunting query and learn about common operators and other aspects of the advanced hunting query language
 search.appverid: met150
 ms.service: defender-xdr
@@ -18,17 +18,16 @@ ms.collection:
 ms.custom:
 - cx-ti
 ms.topic: how-to
-ms.date: 04/22/2024
+ms.date: 10/18/2024
+appliesto:
+- Microsoft Defender XDR
+- Microsoft Sentinel in the Microsoft Defender portal
 ---
 
 # Learn the advanced hunting query language
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
-**Applies to:**
-
-- Microsoft Defender XDR
-
 Advanced hunting is based on the [Kusto query language](/azure/kusto/query/). You can use Kusto operators and statements to construct queries that locate information in a specialized [schema](advanced-hunting-schema-tables.md).
 
 Watch this short video to learn some handy Kusto query language basics.
@@ -176,15 +175,15 @@ You can use the query editor to experiment with multiple queries. To use multipl
 - Separate each query with an empty line.
 - Place the cursor on any part of a query to select that query before running it. This will run only the selected query. To run another query, move the cursor accordingly and select **Run query**.
 
-:::image type="content" source="/defender/media/multiple-queries.png" alt-text="An example of multiple queries execution in the **New query** page in the Microsoft Defender portal" lightbox="/defender/media/multiple-queries.png":::
+  :::image type="content" source="/defender/media/multiple-queries.png" alt-text="An example of multiple queries execution in the **New query** page in the Microsoft Defender portal" lightbox="/defender/media/multiple-queries.png":::
 
-For a more efficient workspace, you can also use multiple tabs in the same hunting page. Select **New query** to open a tab for your new query.
+  For a more efficient workspace, you can also use multiple tabs in the same hunting page. Select **New query** to open a tab for your new query.
 
-:::image type="content" source="/defender/media/multitab.png" alt-text="Opening a new tab by selecting Create new in advanced hunting in the Microsoft Defender portal" lightbox="/defender/media/multitab.png":::
+  :::image type="content" source="/defender/media/multitab.png" alt-text="Opening a new tab by selecting Create new in advanced hunting in the Microsoft Defender portal" lightbox="/defender/media/multitab.png":::
 
-You can then run different queries without ever opening a new browser tab.
+  You can then run different queries without ever opening a new browser tab.
 
-:::image type="content" source="/defender/media/multitab-examples.png" alt-text="Run different queries without ever leaving the advanced hunting page in the Microsoft Defender portal" lightbox="/defender/media/multitab-examples.png":::
+  :::image type="content" source="/defender/media/multitab-examples.png" alt-text="Run different queries without ever leaving the advanced hunting page in the Microsoft Defender portal" lightbox="/defender/media/multitab-examples.png":::
 
 > [!NOTE]
 > Using multiple browser tabs with advanced hunting might cause you to lose your unsaved queries. To prevent this from happening, use the tab feature within advanced hunting instead of separate browser tabs.
diff --git a/defender-xdr/advanced-hunting-query-results.md b/defender-xdr/advanced-hunting-query-results.md
@@ -1,6 +1,6 @@
 ---
-title: Work with advanced hunting query results in Microsoft Defender XDR
-description: Make the most of the query results returned by advanced hunting in Microsoft Defender XDR
+title: Work with advanced hunting query results in Microsoft Defender
+description: Make the most of the query results returned by advanced hunting in Microsoft Defender
 search.appverid: met150
 ms.service: defender-xdr
 ms.subservice: adv-hunting
@@ -17,16 +17,16 @@ ms.collection:
 ms.custom:
 - cx-ti
 ms.topic: how-to
-ms.date: 08/06/2024
+ms.date: 10/18/2024
+appliesto:
+- Microsoft Defender XDR
+- Microsoft Sentinel in the Microsoft Defender portal
 ---
 
 # Work with advanced hunting query results
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
-**Applies to:**
-- Microsoft Defender XDR
-
 [!INCLUDE [Prerelease information](../includes/prerelease.md)]
 
 While you can construct your [advanced hunting](advanced-hunting-overview.md) queries to return precise information, you can also work with the query results to gain further insight and investigate specific activities and indicators. You can take the following actions on your query results:
diff --git a/defender-xdr/advanced-hunting-security-copilot.md b/defender-xdr/advanced-hunting-security-copilot.md
@@ -19,18 +19,14 @@ ms.collection:
 ms.custom:
 - cx-ti
 ms.topic: how-to
-ms.date: 10/02/2024
----
-
-# Microsoft Copilot for Security in advanced hunting
-
-
-**Applies to:**
-
+ms.date: 10/17/2024
+appliesto:
 - Microsoft Defender
 - Microsoft Defender XDR
+- Microsoft Sentinel in the Microsoft Defender portal
+---
 
-## Copilot for Security in advanced hunting
+# Microsoft Copilot for Security in advanced hunting
 
 [Microsoft Copilot for Security in Microsoft Defender](security-copilot-in-microsoft-365-defender.md) comes with a query assistant capability in advanced hunting.
 
@@ -45,7 +41,7 @@ Users with access to Copilot for Security have access to this capability in adva
 
 ## Try your first request
 
-1. Open the **advanced hunting** page from the navigation bar in Microsoft Defender XDR. The Copilot for Security side pane for advanced hunting appears at the right hand side.
+1. Open the **advanced hunting** page from the navigation bar in the Microsoft Defender portal. The Copilot for Security side pane for advanced hunting appears at the right hand side.
 
     :::image type="content" source="/defender/media/advanced-hunting-security-copilot-pane.png" alt-text="Screenshot of the Copilot pane in advanced hunting." lightbox="/defender/media/advanced-hunting-security-copilot-pane-big.png":::
 
@@ -81,8 +77,7 @@ Users with access to Copilot for Security have access to this capability in adva
 > Providing feedback is an important way to let the Copilot for Security team know how well the query assistant was able to help in generating a useful KQL query. Feel free to articulate what could have made the query better, what adjustments you had to make before running the generated KQL query, or share the KQL query that you eventually used.
 
 
-> [!NOTE]
-> In the [unified Microsoft Defender portal](advanced-hunting-microsoft-defender.md), you can prompt Copilot for Security to generate advanced hunting queries for both Defender XDR and Microsoft Sentinel tables. Not all Microsoft Sentinel tables are currently supported, but support for these tables can be expected in the future.
+In the [Microsoft Defender portal](advanced-hunting-microsoft-defender.md), you can prompt Copilot for Security to generate advanced hunting queries for both Defender XDR and Microsoft Sentinel tables. Not all Microsoft Sentinel tables are currently supported, but support for these tables can be expected in the future.
 
 ## Query sessions
 
diff --git a/defender-xdr/advanced-hunting-shared-queries.md b/defender-xdr/advanced-hunting-shared-queries.md
@@ -1,5 +1,5 @@
 ---
-title: Use shared queries in Microsoft Defender XDR advanced hunting
+title: Use shared queries in Microsoft Defender advanced hunting
 description: Start threat hunting immediately with predefined and shared queries. Share your queries to the public or to your organization.
 search.appverid: met150
 ms.service: defender-xdr
@@ -18,15 +18,15 @@ ms.custom:
 - cx-ti
 ms.topic: how-to
 ms.date: 04/22/2024
+appliesto: 
+- Microsoft Defender XDR
+- Microsoft Sentinel in the Microsoft Defender portal
 ---
 
 # Use shared queries in advanced hunting
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
-**Applies to:**
-- Microsoft Defender XDR
-
 [Advanced hunting](advanced-hunting-overview.md) queries can be shared among users in the same organization. You can also save queries that are only accessible to you. You can also find community queries that are shared publicly on GitHub. These saved queries let you quickly pursue specific threat hunting scenarios without having to write queries from scratch.
 
 Under the Queries tab in advanced hunting, you can find the drop-down menus for **Shared queries**, **My queries**, and **Community queries**. You can select a downward-facing arrow to expand a menu.
