Merge branch 'main' of https://github.com/MicrosoftDocs/defender-docs-pr into WI485765-standardizing-applies-to-mde-docs

DeCohen · DeCohen · commit 7fcdd36e8ee5 · 2025-09-25T16:33:38.000+03:00
diff --git a/defender-endpoint/indicators-overview.md b/defender-endpoint/indicators-overview.md
@@ -157,10 +157,9 @@ The IoC API schema and the threat IDs in Advanced Hunting are updated to align w
 
 Microsoft Store apps cannot be blocked by Microsoft Defender because they're signed by Microsoft.
 
-Customers might experience issues with alerts for IoCs. The following scenarios are situations where alerts aren't created or are created with inaccurate information. Each issue is investigated by our engineering team.
+Customers might experience issues with alerts for IoCs. The following scenarios are situations where alerts aren't created or are created with inaccurate information. 
 
-- **Block indicators**: Generic alerts with informational severity only are created. Custom alerts (that is, custom title and severity) aren't fired in these cases.
-- **Warn indicators**: Generic alerts and custom alerts are possible in this scenario; however, the results aren't deterministic due to an issue with the alert detection logic. In some cases, customers might see a generic alert, whereas a custom alert might show in other cases.
+- **Block and Warn indicators**: Generic alerts with informational severity only are created. Custom alerts (that is, custom title and severity) aren't fired in these cases.
 - **Allow**: No alerts are generated (by design).
 - **Audit**: Alerts are generated based on the severity provided by the customer (by design).
 - In some cases, alerts coming from EDR detections might take precedence over alerts stemming from antivirus blocks, in which case an information alert is generated.
diff --git a/defender-endpoint/mac-install-manually.md b/defender-endpoint/mac-install-manually.md
@@ -43,9 +43,10 @@ Before you get started, see [the main Microsoft Defender for Endpoint on macOS p
 
 > [!IMPORTANT]
 > Manual installation of Microsoft Defender for Endpoint on macOS requires changes to the Privacy & Security Settings on macOS.  Please consult Apple's documentation for details.  
-> [Change Privacy & Security settings on MacOS Sonoma 14](https://support.apple.com/guide/mac-help/change-privacy-security-settings-on-mac-mchl211c911f/14.0/mac/14.0)
-> [Change Privacy & Security settings on MacOS Sequoia 15](https://support.apple.com/guide/mac-help/change-privacy-security-settings-on-mac-mchl211c911f/15.0/mac/15.0)
-> 
+> - [Change Privacy & Security settings on MacOS Sonoma 14](https://support.apple.com/guide/mac-help/change-privacy-security-settings-on-mac-mchl211c911f/14.0/mac/14.0)
+> -  [Change Privacy & Security settings on MacOS Sequoia 15](https://support.apple.com/guide/mac-help/change-privacy-security-settings-on-mac-mchl211c911f/15.0/mac/15.0)
+> - [Change Privacy & Security settings on MacOS Tahoe 26](https://support.apple.com/guide/mac-help/change-privacy-security-settings-on-mac-mchl211c911f/mac)
+
 ## Download installation and onboarding packages
 
 Download the installation and onboarding packages from Microsoft Defender portal.
diff --git a/defender-endpoint/mac-whatsnew.md b/defender-endpoint/mac-whatsnew.md
@@ -57,14 +57,6 @@ To get the latest features, including preview capabilities (such as endpoint det
   
 If an end user encounters a prompt for Defender for Endpoint on macOS processes such as `wdavdaemon_enterprise` or `Microsoft Defender Helper`, the end user can safely choose the **Deny** option. This selection doesn't affect Defender for Endpoint's functionality.  Enterprises can also add *Microsoft Defender* to allow [incoming connections](https://support.apple.com/en-ca/guide/deployment/dep8d306275f/web). This issue is fixed in macOS Sequoia 15.2.
 
-## Tahoe support
-
-- Microsoft Defender for Endpoint supports version 26.0 or newer.
-
-## Sequoia support
-
-- Microsoft Defender for Endpoint supports version 15.0.1 or newer.
-
 ## macOS Deprecation
 
 - Microsoft Defender for Endpoint no longer supports macOS 11 (Big Sur), 12 (Monterey) and 13 (Ventura)
diff --git a/defender-xdr/data-privacy.md b/defender-xdr/data-privacy.md
@@ -54,7 +54,7 @@ Customer data stored by integrated services might also be stored in the followin
 
 ## Data retention
 
-Microsoft Defender XDR data is retained for 180 days, and is visible across the Microsoft Defender portal during that time, except for in **Advanced hunting** queries. 
+Microsoft Defender XDR data is retained for 180 days, and is visible across the Microsoft Defender portal during that time, except for in **Advanced hunting** queries. Cases are an exception and are not deleted.
 
 In the Microsoft Defender portal's **Advanced hunting** page, data is accessible via queries for only 30 days, unless it's streamed through [Microsoft Sentinel](/azure/sentinel/microsoft-365-defender-sentinel-integration?toc=%2Fdefender-xdr%2Ftoc.json&bc=%2Fdefender-xdr%2Fbreadcrumb%2Ftoc.json&tabs=defender-portal), where retention periods may be longer.
 
