Merge branch 'main' into v-jmathew-9802641-B4

Author: emmwalshh

ATPDocs/architecture.md

@@ -12,7 +12,7 @@ Microsoft Defender for Identity monitors your domain controllers by capturing an
 
 The following image shows how Defender for Identity is layered over Microsoft Defender XDR, and works together with other Microsoft services and third-party identity providers to monitor traffic coming in from domain controllers and Active Directory servers.
 
-:::image type="content" source="media/architecture/architecture.png" alt-text="Diagram of the Defender for Identity architecture." border="false":::
+:::image type="content" source="media\diagram-of-the-defender-for-identity-architecture.png" alt-text="Diagram of the Defender for Identity architecture." border="false":::
 
 Installed directly on your domain controller, Active Directory Federation Services (AD FS), or Active Directory Certificate Services (AD CS) servers, the Defender for Identity sensor accesses the event logs it requires directly from the servers. After the logs and network traffic are parsed by the sensor, Defender for Identity sends only the parsed information to the Defender for Identity cloud service.
 

ATPDocs/investigate-assets.md

@@ -63,9 +63,10 @@ When you investigate a specific identity, you'll see the following details on an
 |[Remediation actions](/microsoft-365/security/defender/investigate-users#remediation-actions)      |     Respond to compromised users by disabling their accounts or resetting their password. After taking action on users, you can check on the activity details in the Microsoft Defender XDR **Action center.|
 
 > [!NOTE]
-> **Investigation Priority Score** has been deprecated on December 3, 2025. As a result, both the Investigation Priority Score breakdown and the scored activity timeline cards have been removed from the UI. 
+> **Investigation Priority Score** has been deprecated on December 3, 2024. As a result, both the Investigation Priority Score breakdown and the scored activity timeline cards have been removed from the UI. 
+
+
 
-  
 For more information, see [Investigate users](/microsoft-365/security/defender/investigate-users) in the Microsoft Defender XDR documentation.
 
 ## Investigation steps for suspicious groups

ATPDocs/media/diagram-of-the-defender-for-identity-architecture.png

@@ -24,6 +24,10 @@ For updates about versions and features released six months ago or earlier, see
 
 ## March 2025
 
+### New Health Issue
+
+New [health issue](health-alerts.md#network-configuration-mismatch-for-sensors-running-on-vmware) for cases where sensors running on VMware have network configuration mismatch.
+
 ### Enhanced Identity Inventory (Preview)
 
 The Identities page under *Assets* has been updated to provide better visibility and management of identities across your environment.  

ATPDocs/whats-new.md

@@ -15,7 +15,7 @@ ms.custom: partner-contribution
 ms.topic: conceptual
 ms.subservice: android
 search.appverid: met150
-ms.date: 03/21/2025
+ms.date: 03/24/2025
 ---
 
 # Deploy Microsoft Defender for Endpoint on Android with Microsoft Intune
@@ -95,7 +95,7 @@ For more information on the enrollment options supported by Microsoft Intune, se
 
 ## Add Microsoft Defender for Endpoint on Android as a Managed Google Play app
 
-Follow the steps below to add Microsoft Defender for Endpoint app into your managed Google Play Store.
+To add the Microsoft Defender for Endpoint app into your managed Google Play Store, follow these steps:
 
 1. In [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) , go to **Apps** \> **Android Apps** \> **Add** and select **Managed Google Play app**.
 
@@ -105,33 +105,17 @@ Follow the steps below to add Microsoft Defender for Endpoint app into your mana
 
    :::image type="content" source="media/0f79cb37900b57c3e2bb0effad1c19cb.png" alt-text="The Managed Google Play page in the Microsoft Intune admin center portal" lightbox="media/0f79cb37900b57c3e2bb0effad1c19cb.png":::
 
-3. In the **App description** page, you should be able to see app details about the Defender for Endpoint app. Review the information on the page, and then select **Approve**.
+3. In the **App description** page, you should be able to see app details about the Defender for Endpoint app. Review the information on the page, tap **Select** to select the app, and then select **Sync** at the top of the blade to sync the app.
 
-   :::image type="content" source="media/07e6d4119f265037e3b80a20a73b856f.png" alt-text="The page of Managed Google Play in the Microsoft Intune admin center portal" lightbox="media/07e6d4119f265037e3b80a20a73b856f.png":::
-
-4. When you're prompted to approve permissions for Defender for Endpoint obtains, review the information, and then select **Approve**.
-
-   :::image type="content" source="media/206b3d954f06cc58b3466fb7a0bd9f74.png" alt-text="The permissions approval page in the Microsoft Defender portal" lightbox="media/206b3d954f06cc58b3466fb7a0bd9f74.png":::
-
-5. On the **Approval settings** page, review your preference to handle new app permissions that Defender for Endpoint on Android might ask. Review the choices, and then select your preferred option. Then, select **Done**.
-
-   By default, managed Google Play selects **Keep approved when app requests new permissions**.
-
-   :::image type="content" source="media/ffecfdda1c4df14148f1526c22cc0236.png" alt-text=" The approval settings configuration completion page in the in the Microsoft Defender portal" lightbox="media/ffecfdda1c4df14148f1526c22cc0236.png":::
-
-6. After the permissions handling selection is made, select **Sync** to sync Microsoft Defender for Endpoint to your apps list.
-
-   :::image type="content" source="media/34e6b9a0dae125d085c84593140180ed.png" alt-text="The Sync pane in the Microsoft Defender portal" lightbox="media/34e6b9a0dae125d085c84593140180ed.png":::
+   :::image type="content" source="media/app-description-page.png" alt-text="Screenshot of the Microsoft Defender app page in the store." lightbox="media/app-description-page.png":::
 
    The sync completes in a few minutes.
 
-   :::image type="content" source="media/9fc07ffc150171f169dc6e57fe6f1c74.png" alt-text="The application sync status pane in the Android apps page in the Microsoft Defender portal"  lightbox="media/9fc07ffc150171f169dc6e57fe6f1c74.png":::
-
-7. Select the **Refresh** button in the Android apps screen. Microsoft Defender for Endpoint should be visible in the apps list.
+4. Select the **Refresh** button in the Android apps screen. Microsoft Defender for Endpoint should be visible in the apps list.
 
-   :::image type="content" source="media/fa4ac18a6333335db3775630b8e6b353.png" alt-text="The page displaying the synced application" lightbox="media/fa4ac18a6333335db3775630b8e6b353.png":::
+   :::image type="content" source="media/fa4ac18a6333335db3775630b8e6b353.png" alt-text="Screenshot showing the Microsoft Defender for Endpoint app in a list." lightbox="media/fa4ac18a6333335db3775630b8e6b353.png":::
 
-8. Defender for Endpoint supports app configuration policies for managed devices using Microsoft Intune. This capability can be used to select different configurations for Defender for Endpoint.
+5. Defender for Endpoint supports app configuration policies for managed devices using Microsoft Intune. This capability can be used to select different configurations for Defender for Endpoint.
 
    1. In the **Apps** page, go to **Policy** > **App configuration policies** > **Add** > **Managed devices**.
 
@@ -154,7 +138,7 @@ Follow the steps below to add Microsoft Defender for Endpoint app into your mana
       - **Auto grant** - Automatically approves without notifying the user.
       - **Auto deny** - Automatically denies without notifying the user.
 
-    5. Go to the **Configuration settings** section, and choose **Use configuration designer**.
+    5. Go to the **Configuration settings** section, and then choose **Use configuration designer**.
 
        :::image type="content" alt-text="Image of android create app configuration policy." source="media/configurationformat.png" lightbox="media/configurationformat.png":::
 
@@ -174,15 +158,15 @@ Follow the steps below to add Microsoft Defender for Endpoint app into your mana
 
        The app configuration policy for Defender for Endpoint is now assigned to the selected user group.
 
-9. Select **Microsoft Defender** app in the list \> **Properties** \> **Assignments** \> **Edit**.
+6. Select **Microsoft Defender** app in the list \> **Properties** \> **Assignments** \> **Edit**.
 
     :::image type="content" source="media/mda-properties.png" alt-text="The Edit option on the Properties page" lightbox="media/mda-properties.png":::
 
-10. Assign the app as a required app to a user group. It's automatically installed in the work profile during the next sync of the device via Company Portal app. Navigate to the **Required** section, select **Add group**, select the appropriate user group, and then choose **Select**.
+7. Assign the app as a required app to a user group. It's automatically installed in the work profile during the next sync of the device via Company Portal app. Navigate to the **Required** section, select **Add group**, select the appropriate user group, and then choose **Select**.
 
     :::image type="content" source="media/ea06643280075f16265a596fb9a96042.png" alt-text="The Edit application page" lightbox="media/ea06643280075f16265a596fb9a96042.png":::
 
-11. In the **Edit Application** page, review all the information that was specified earlier. Select **Review + Save**, and then select **Save** to commence assignment.
+8. In the **Edit Application** page, review all the information that was specified earlier. Select **Review + Save**, and then select **Save** to commence assignment.
 
 ### Auto setup of always-on VPN
 

defender-endpoint/android-intune.md

@@ -13,7 +13,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: onboard
 search.appverid: met150
-ms.date: 12/18/2023
+ms.date: 03/24/2025
 ---
 
 # Get devices onboarded to Microsoft Defender for Endpoint
@@ -50,7 +50,7 @@ The **Onboarding** card provides a high-level overview of your onboarding rate b
 
 ## Onboard more devices with Intune profiles
 
-Defender for Endpoint provides several convenient options for [onboarding Windows devices](onboard-configure.md). For Intune-managed devices, however, you can leverage Intune profiles to conveniently deploy the Defender for Endpoint sensor to select devices, effectively onboarding these devices to the service.
+Defender for Endpoint provides several convenient options for [onboarding Windows devices](onboarding.md). For Intune-managed devices, however, you can leverage Intune profiles to conveniently deploy the Defender for Endpoint sensor to select devices, effectively onboarding these devices to the service.
 
 From the **Onboarding** card, select **Onboard more devices** to create and assign a profile on Intune. The link takes you to the device compliance page on Intune, which provides a similar overview of your onboarding state.
 

defender-endpoint/configure-machines-onboarding.md

@@ -64,12 +64,24 @@ If an end user encounters a prompt for Defender for Endpoint on macOS processes
 
 Behavior monitoring monitors process behavior to detect and analyze potential threats based on the behavior of the applications, daemons, and files within the system. As behavior monitoring observes how the software behaves in real-time, it can adapt quickly to new and evolving threats and block them. To learn more, see [Behavior Monitoring in Microsoft Defender for Endpoint on macOS](behavior-monitor-macos.md).
 
+### Mar-2025 (Build: 101.25022.0003  | Release version: 20.125022.3.0)
+
+| Build:             | **101.25022.0003**    |
+|--------------------|-----------------------|
+| Release version:   | **20.125022.3.0**     |
+| Engine version:    | **1.1.24090.12**      |
+| Signature version: | **1.423.249.0**       |
+
+##### What's new
+
+- Bug and performance fixes
+
 ### Mar-2025 (Build: 101.25012.0008  | Release version: 20.125012.7.0)
 
 | Build:             | **101.25012.0008**    |
 |--------------------|-----------------------|
-| Release version:   | **20.125012.7.0**    |
-| Engine version:    | **1.1.25020.3000**      |
+| Release version:   | **20.125012.7.0**     |
+| Engine version:    | **1.1.25020.3000**    |
 | Signature version: | **1.423.211.0**       |
 
 ##### What's new

defender-endpoint/mac-whatsnew.md

@@ -15,7 +15,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: macos
 search.appverid: met150
-ms.date: 10/15/2024
+ms.date: 03/24/2025
 ---
 
 # Microsoft Defender for Endpoint on Mac
@@ -24,9 +24,8 @@ ms.date: 10/15/2024
 
 **Applies to:**
 - [Microsoft Defender XDR](/defender-xdr)
-- [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md)
+- [Microsoft Defender for Endpoint Plan 1 and Plan 2](microsoft-defender-endpoint.md)
 - [Microsoft Defender for Business](https://www.microsoft.com/security/business/endpoint-security/microsoft-defender-business)
-- [Microsoft Defender for Endpoint Plan 1](microsoft-defender-endpoint.md)
 - [Microsoft Defender for Individuals](https://www.microsoft.com/microsoft-365/microsoft-defender-for-individuals)
 
 > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://go.microsoft.com/fwlink/p/?linkid=2225630)
@@ -159,8 +158,8 @@ Starting with macOS 11 (Big Sur), Microsoft Defender for Endpoint has been fully
 
 ## Resources
 
-- For more information about logging, uninstalling, or other articles, see [Resources for Microsoft Defender for Endpoint on Mac](mac-resources.md).
-- [Privacy for Microsoft Defender for Endpoint on Mac](mac-privacy.md).
+- For more information about logging, uninstalling, or other articles, see [Resources for Microsoft Defender for Endpoint on macOS](mac-resources.md).
+- [Privacy for Microsoft Defender for Endpoint on macOS](mac-privacy.md).
 - [Turn on Network protection for macOS](network-protection-macos.md)
 
 [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]