Merge branch 'main' into WI440239-mda-dynamic-threat-detection-model

aditisrivastava07 · web-flow · commit 80f21a82a78f · 2025-06-23T13:15:45.000+05:30
diff --git a/defender-xdr/automatic-attack-disruption.md b/defender-xdr/automatic-attack-disruption.md
@@ -18,7 +18,7 @@ ms.topic: concept-article
 search.appverid: 
   - MOE150
   - MET150
-ms.date: 04/25/2025
+ms.date: 06/22/2025
 appliesto:
   - Microsoft Defender XDR
 ---
@@ -76,21 +76,6 @@ Automatic attack disruption uses Microsoft-based XDR response actions. Examples
 
 For more information, see [remediation actions](m365d-remediation-actions.md) in Microsoft Defender XDR.
 
-### Automated response actions for SAP with Microsoft Sentinel
-
-If you [onboarded Microsoft Sentinel to the Defender portal](microsoft-sentinel-onboard.md) and deployed the Microsoft Sentinel solution for SAP applications, you can also deploy automatic attack disruption for SAP.
-
-For example, deploy attack disruption for SAP to contain compromised assets by locking suspicious SAP users in case of a financial process manipulation attack.
-
-After the risk is mitigated, Microsoft Defender admins can manually unlock the users that had been automatically locked by the attack disruption response. The ability to manually unlock users is available from the Microsoft Defender action center, and only for users that were locked by attack disruption.
-
-To use attack disruption for SAP, deploy a new data connector agent, or make sure that your agent is using version 90847355 or higher, and then assign and apply the required Azure and SAP roles. For more information, see:
-
-- [Deploy and configure the container hosting the SAP data connector agent](/azure/sentinel/sap/deploy-data-connector-agent-container)
-- [Update Microsoft Sentinel's SAP data connector agent](/azure/sentinel/sap/update-sap-data-connector), especially [Update your system for automatic attack disruption](/azure/sentinel/sap/update-sap-data-connector#update-your-data-connector-agent-for-attack-disruption).
-
-While you configure attack disruption in the Azure portal and your SAP system, automatic attack disruption itself surfaces only in the Microsoft Defender portal.
-
 ## Identify when an attack disruption happens in your environment
 
 The Defender XDR incident page will reflect the automatic attack disruption actions through the attack story and the status indicated by a yellow bar (Figure 1). The incident shows a dedicated disruption tag, highlight the status of the assets contained in the incident graph, and add an action to the Action Center.
diff --git a/defender-xdr/investigate-alerts.md b/defender-xdr/investigate-alerts.md
@@ -298,9 +298,6 @@ Create alert tuning rules from the Microsoft Defender XDR **Settings** area or f
 > The **alert title (Name)** is based on the **alert type (IoaDefinitionId)**, which decides the alert title. Two alerts that have the same alert type can change to a different alert title. 
 > The *Hide alert* feature is only available in Defender for Endpoint alerts.
 
-<!--what does this mean?-->
-
-<!--i don't see how to validate this?>
 After creating your alert tuning rule from an alert details page, in the **Successful rule creation** page that appears, add any of the alert-related IOCs as indicators to an *allow list* to prevent them from being blocked in the future. IOCs that are configured as part of the alert tuning rule are selected by default. For example:
 
 1. Add a file to the **Select evidence (IOC) to allow** list. By default, the file that triggered the alert is already selected.
diff --git a/unified-secops-platform/gov-support.md b/unified-secops-platform/gov-support.md
@@ -5,7 +5,7 @@ author: batamig
 ms.author: bagol
 ms.service: unified-secops-platform
 ms.topic: concept-article #Don't change.
-ms.date: 03/11/2025
+ms.date: 06/22/2025
 ms.collection:
 - usx-security
 
@@ -26,8 +26,6 @@ This article provides information about support for US Government customers by u
   
 - Features still in preview are available only in the commercial cloud.
 
-While [automatic attack disruption](/defender-xdr/automatic-attack-disruption) with Microsoft Defender XDR is generally available, [SAP support for attack disruption](/defender-xdr/automatic-attack-disruption) with Microsoft Sentinel and Microsoft Defender XDR is available only in the commercial cloud.
-
 For more information, see:
 
 - [Microsoft Defender XDR for US Government customers](/defender-xdr/usgov)
