Merge branch 'main' into WI360959-delete-page-tutorial-ueba

Author: DeCohen

CloudAppSecurityDocs/protect-egnyte.md

@@ -79,7 +79,7 @@ This section describes how to connect Microsoft Defender for Cloud Apps to your
 >[!NOTE]
 >- Microsoft recommends using a short lived access token. Egnyte doesn't currently support short lived tokens. We recommend our customers to refresh the access token every 6 months as a security best practice. To refresh the access token, revoke the old token by following [Revoking an oAuth token](https://developers.egnyte.com/docs/read/Public_API_Authentication#Revoking-an-OAuth-Token). Once the old token is revoked, reconnect the Egnyte connector by following the process documented above.
 >
->- Defender for Cloud Apps intentionally provides a lower rate limit than Egnyte's maximum to avoid exceeding the API constraints. For more infomration, see the relevant Egnyte documentation: [Rate limiting](https://developers.egnyte.com/docs/read/Best_Practices) | [Audit Reporting API v2](https://developers.egnyte.com/docs/read/Audit_Reporting_API_V2)
+>- Defender for Cloud Apps intentionally provides a lower rate limit than Egnyte's maximum to avoid exceeding the API constraints. For more information, see the relevant Egnyte documentation: [Rate limiting](https://developers.egnyte.com/docs/read/Best_Practices) | [Audit Reporting API v2](https://developers.egnyte.com/docs/read/Audit_Reporting_API_V2)
 
 ## Next steps
 

defender-endpoint/enable-network-protection.md

@@ -3,7 +3,7 @@ title: Turn on network protection
 description: Enable network protection with Group Policy, PowerShell, or Mobile Device Management and Configuration Manager.
 ms.service: defender-endpoint
 ms.localizationpriority: medium
-ms.date: 10/14/2024
+ms.date: 01/22/2025
 ms.topic: conceptual
 author: denisebmsft
 ms.author: deniseb
@@ -84,8 +84,8 @@ To enable network protection, you can use one of the following methods:
 
    | Windows Server version | Commands |
    |---|---|
-   | Windows Server 2022 and later | `set-mpPreference -AllowNetworkProtectionOnWinServer $true` |
-   | Windows Server 2016 <br/>Windows Server 2012 R2 | `set-MpPreference -AllowNetworkProtectionDownLevel $true` <br/> `set-MpPreference -AllowNetworkProtectionOnWinServer $true` |
+   | Windows Server 2019 and later | `set-mpPreference -AllowNetworkProtectionOnWinServer $true` |
+   | Windows Server 2016 <br/>Windows Server 2012 R2 with the [unified agent for Microsoft Defender for Endpoint](/defender-endpoint/enable-network-protection) | `set-MpPreference -AllowNetworkProtectionDownLevel $true` <br/> `set-MpPreference -AllowNetworkProtectionOnWinServer $true` |
 
 4. (This step is optional.) To set network protection to audit mode, use the following cmdlet:
 

defender-endpoint/ios-troubleshoot.md

@@ -14,7 +14,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: ios
 search.appverid: met150
-ms.date: 12/02/2024
+ms.date: 01/22/2025
 ---
 
 # Troubleshoot issues and find answers to FAQs on Microsoft Defender for Endpoint on iOS
@@ -48,8 +48,8 @@ While enabled by default, there might be some cases that require you to disable
 
 3. Toggle off **Connect On Demand** to disable VPN.
 
-    > [!div class="mx-imgBorder"]
-    > :::image type="content" source="media/ios-vpn-config.png" alt-text="The Connect on demand option" lightbox="media/ios-vpn-config.png":::
+   > [!div class="mx-imgBorder"]
+   > :::image type="content" source="media/ios-vpn-config.png" alt-text="The Connect on demand option" lightbox="media/ios-vpn-config.png":::
 
 > [!NOTE]
 > Web Protection isn't available when VPN is disabled. To re-enable Web Protection, open the Defender for Endpoint app on the device and enable Web Protection.
@@ -127,13 +127,11 @@ If a user faces an issue that isn't already addressed in the above sections or i
 
    1. Open the MS Defender app on the iOS/iPadOS device.
 
-   2. Select the menu (profile icon) on the top-left corner, and then select **Send Feedback**.
+   2. Select the menu (profile icon) on the top-left corner, and then select **Help and Feedback**.
 
-   3. Choose from the given options. To report an issue, select **I don't like something**.
+   3. Choose from the given options. Under troubleshooting, select **Send Logs to Microsoft**.
 
-      Provide details of the issue that you're facing and check **Send diagnostic data**. We recommend that you include your email address so that the team can contact you for a solution or a follow-up.
-
-   4. Select **Submit** to successfully send your feedback.
+   4. Share Incident ID to your support engineer.
 
 2. Users can use the following steps to send feedback if they are having sign in issues or the **Send Feedback** option is disabled (example GCC customers):
 

defender-xdr/TOC.yml

@@ -338,6 +338,8 @@
             href: access-den-graph-api.md
           - name: Ask Defender Experts
             href: experts-on-demand.md
+        - name: Frequently asked questions
+          href: faq-defender-experts-hunting.md    
         - name: Understand Defender Experts for Hunting reports
           href: defender-experts-report.md
       - name: Collaborate with Microsoft Defender Experts for XDR

defender-xdr/before-you-begin-defender-experts.md

@@ -1,7 +1,7 @@
 ---
 title: Key infrastructure requirements before enrolling in the Microsoft Defender Experts for Hunting service
 ms.reviewer:
-description: This section outlines the key infrastructure requirements you must meet and important information on data access and compliance
+description: This section outlines the key infrastructure requirements you must meet and important information on data access and compliance.
 ms.service: defender-experts-for-hunting
 ms.author: vpattnaik
 author: vpattnai
@@ -18,7 +18,7 @@ ms.custom:
 - cx-ti
 - cx-ean
 search.appverid: met150
-ms.date: 08/14/2024
+ms.date: 01/09/2025
 ---
 
 # Before you begin using Defender Experts for Hunting
@@ -28,19 +28,26 @@ ms.date: 08/14/2024
 **Applies to:**
 
 - [Microsoft Defender XDR](microsoft-365-defender.md)
+- [Microsoft Defender Experts for XDR](dex-xdr-overview.md)
 
-This document outlines the key infrastructure requirements you must meet and important information on data access and compliance you must know before purchasing the Microsoft Defender Experts for Hunting service. Microsoft understands that customers who use our managed services entrust us with their most valued asset, their data.
+[Microsoft Defender Experts for Hunting](defender-experts-for-hunting.md) is a managed service that provides hunting capabilities for novel emerging threats that aren't yet well known in the industry. The analysts for the hunting service review trends in the threat actor evolution based on world-renowned Microsoft Threat Intelligence and Research. They then apply the insights they gather to hunt for emerging attack vectors within the customer ecosystem.
+
+With deep product expertise powered by threat intelligence, we're uniquely positioned to help you:
 
-## Check if your environment meets licensing and access prerequisites
+1. Focus on novel threat actor evolution in the context of your ecosystem.
+1. Get detailed, step-by-step, and actionable guidance from our experts so you can respond to these emerging threats.
+1. [Seek assistance](#ask-defender-experts) from Defender Experts.
 
-Microsoft Defender Experts for Hunting is a separate service from your existing Defender products. Before enrolling in this service, make sure that you have the necessary license and access.
+This document outlines the key infrastructure requirements you must meet and important information on data access and compliance you must know before purchasing the Microsoft Defender Experts for Hunting service. Microsoft understands that customers who use our managed services entrust us with their most valued asset, their data.
 
-### Eligibility and licensing
+## Eligibility and licensing
 
-To enable us to get started with this threat hunting service, we require the following licensing prerequisites:
+Defender Experts for Hunting is a separate service from your existing Microsoft Defender products. Before enrolling in this service, make sure that you have the necessary license and access.
+
+We require the following licensing prerequisites to enable us to get started with this threat hunting service:
 
 - Microsoft Defender for Endpoint P2 must be licensed and enabled on eligible devices
-- Microsoft Defender Antivirus must be licensed and enabled in active mode on devices onboarded to Defender for Endpoint (required for endpoint detection and response capabilities)
+- Microsoft Defender Antivirus must be licensed and enabled in active mode on devices onboarded to Defender for Endpoint (required for endpoint detection)
 
 The following products are also eligible to get Defender Experts for Hunting coverage, and you must have their appropriate product licenses to get started with the service:
 
@@ -51,23 +58,31 @@ The following products are also eligible to get Defender Experts for Hunting cov
 The following product is **not** covered by this service:
 
 - Microsoft Defender for IoT
+- Other Microsoft services not mentioned in the previous lists
+
+### Defender Experts for Hunting coverage
 
-### Server coverage
+Defender Experts for Hunting relies on event signals from Defender for Endpoint, Defender for Office 365, Defender for Cloud Apps, Defender for Identity. It also relies on proprietary Microsoft Threat Intelligence sources.
 
-Defender Experts for Hunting also covers servers—whether on premises or on a hyperscale cloud service provider—that have Defender for Endpoint deployed on them with a Microsoft Defender for Endpoint for Servers license. For Defender Experts coverage, a server is considered as a user account for billing. The service doesn't cover Microsoft Defender for Cloud.
-[Learn more about specific hardware and software requirements](/defender-endpoint/minimum-requirements)
+This service also covers servers—whether on premises or on a hyperscale cloud service provider—that have Defender for Endpoint deployed on them with a Microsoft Defender for Endpoint for Servers license.
+
+Any detection that's not from Microsoft Defender products (for example, detections from other security vendors) isn't within the scope of Defender Experts for Hunting.
 
 ### Ask Defender Experts
 
-Defender Experts for Hunting customers are assigned 10 **Ask Defender Experts** credits, which you can use to submit questions, at the start of each calendar quarter. Unused credits from the current quarter roll up to the next one. You can use up to 20 credits only per quarter. All unused credits expire by the end of the calendar year or at the end of your subscription term, whichever comes first.
+[Ask Defender Experts](experts-on-demand.md) is intended to provide a better understanding of complex threats affecting your organization. It focuses on products included in Microsoft Defender XDR (Defender for Endpoint, Defender for Office 365, Defender for Cloud Apps, and Defender for Identity). [See sample questions you can ask Defender Experts](experts-on-demand.md#sample-questions-you-can-ask-from-defender-experts).
+
+Defender Experts for Hunting customers are assigned 10 Ask Defender Experts credits, which you can use to submit questions, at the start of each calendar quarter. Unused credits from the current quarter roll up to the next one. You can use up to 20 credits only per quarter. All unused credits expire by the end of the calendar year or at the end of your subscription term, whichever comes first. 
 
 [Learn more about Microsoft's commercial licensing terms](https://www.microsoft.com/licensing/terms/productoffering/Microsoft365/MCA)
 
-### Access requirements
+## Access requirements
 
-Anyone from your organization can complete the customer interest form for Microsoft Defender Experts for Hunting service, however, you need to work with your Commercial Executive to transact the SKU. You might need certain roles and permissions to fully access the service capabilities. Refer to [Custom roles in role-based access control for Microsoft Defender XDR](custom-roles.md) for details.
+Anyone from your organization can [apply for the Defender Experts for Hunting service](#apply-for-microsoft-defender-experts-for-hunting-service). However, you need to work with your Commercial Executive to transact the SKU. 
 
-## Understand the service's availability and data access requirements
+You might need certain roles and permissions to fully access the service capabilities. Refer to [Custom roles in role-based access control for Microsoft Defender XDR](custom-roles.md) for details.
+
+## Service availability and data protection
 
 Defender Experts for Hunting is a managed threat hunting service that proactively hunts for threats across endpoints, email, identity, and cloud apps. To carry out hunting on your behalf, Microsoft experts need access to your Microsoft Defender XDR advanced hunting data. Enrolling in this service means you're granting permission to Microsoft experts to access the said data.
 
@@ -77,7 +92,7 @@ The following sections enumerate additional information about the service's data
 
 All data used for hunting from existing Defender services will continue to reside in the customer's original Microsoft Defender XDR service storage location. [Learn more](/microsoft-365/enterprise/o365-data-locations)
 
-Defender Experts for Hunting operational data, such as case tickets and analyst notes, are generated and stored in a Microsoft data center in the US region for the length of the service, irrespective of the Microsoft Defender XDR service storage location. Data generated for the reporting dashboard is stored in customer's Microsoft Defender XDR service storage location. Reporting data and operational data will be retained for a grace period of no more than 90 days after a customer's subscription expires. If the customer terminates their subscription, data will be deleted within 30 days.
+Defender Experts for Hunting operational data, such as case tickets and analyst notes, are generated and stored in a Microsoft data center in the US region for US customers and in the European Union for EU customers, for the length of the service, irrespective of the Microsoft Defender XDR service storage location. Data generated for the reporting dashboard is stored in customer's Microsoft Defender XDR service storage location. Reporting data and operational data will be retained for a grace period of no more than 90 days after a customer's subscription expires. If the customer terminates their subscription, data will be deleted within 30 days.
 
 Microsoft experts hunt over [advanced hunting logs](advanced-hunting-schema-tables.md) in Microsoft Defender XDR advanced hunting tables. The data in these tables depend on the set of Defender services the customer is enabled for (for example, Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Defender for Identity, Microsoft Defender for Cloud Apps, and Microsoft Entra ID). Experts also use a large set of internal threat intelligence data to inform their hunting and automation.
 
@@ -93,15 +108,16 @@ This service is available worldwide for customers in our commercial public cloud
 
 This service is currently delivered in English language only.
 
-## Apply for Microsoft Defender Experts for Hunting service
+## Apply for Microsoft Defender Experts for Hunting service 
 
-If you haven't done so yet, you can complete the customer interest form for Defender Experts for Hunting:
+You can apply for the Defender Experts for Hunting by performing the following steps: 
 
-1. Complete the [customer interest form](https://aka.ms/DEX4HuntingCustomerInterestForm). Anyone from your company can apply, but if you're accepted, you need to work with your Commercial Executive to transact the SKU.
-2. Enter your name, company name, and company email ID.
-3. Select **Submit**. Someone from our sales team will reach out within five business days.
+1. Complete the [customer interest form](https://aka.ms/DEX4HuntingCustomerInterestForm).  
+2. Enter your name, company name, and company email ID. 
+3. Select **Submit**. Someone from our sales team will reach out within five business days. 
 
 ### Next step
 
 - [Start using Defender Experts for Hunting](onboarding-defender-experts-for-hunting.md)
+
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/defender-m3d-techcommunity.md)]