Merge branch 'main' into docs-editor/mac-support-perf-1750192612

Author: denisebmsft

CloudAppSecurityDocs/cas-compliance-trust.md

@@ -1,7 +1,7 @@
 ---
 title:  Microsoft Defender for Cloud Apps – privacy
 description: Learn about how Microsoft Defender for Cloud Apps manages user privacy.
-ms.date: 11/24/2024
+ms.date: 06/17/2025
 ms.topic: concept-article
 ---
 # Privacy with Microsoft Defender for Cloud Apps
@@ -22,7 +22,7 @@ Microsoft Defender for Cloud Apps collects information from your configured clou
 - User and group configurations
 
 > [!NOTE]
-> The data collected from the various applications is dependent on the customer-provided data from the various applications and may include personal information.
+> The data collected from the various applications is dependent on the customer-provided data from the various applications and might include personal information.
 
 ## Data storage location
 
@@ -31,7 +31,7 @@ Defender for Cloud Apps operates in the Microsoft Azure data centers in the foll
 |Customer provisioning location  |Data storage location  |
 |---------|---------|
 |**Customers whose tenants are provisioned in the United States**     |  United States       |
-|**Customers whose tenants are provisioned in the European Union or the United Kingdom**     |    Either the European Union and/or the United Kingdom      |
+|**Customers whose tenants are provisioned in the European Union or the United Kingdom**     |    The European Union or the United Kingdom, depending on service availability.      |
 |**Customers whose tenants are provisioned in any other region**     |     The United States and/or a data center in the region that's nearest to the location of where the customer's Microsoft Entra tenant has been provisioned.    |
 
 In addition to the locations above, the App Governance features within Defender for Cloud Apps operate in the Microsoft Azure data centers in the following geographical regions listed below. Customer with App Governance enabled will have data stored within the data storage location the customer provisions in above, and in a second data storage location as described below: 
@@ -52,7 +52,13 @@ In addition to the locations above, the App Governance features within Defender
 
 Customer data collected by Defender for Cloud Apps is either stored in your tenant location, as described in the previous tables, or in the geographic location of another online service that Defender for Cloud Apps shares data with, as defined by the data storage rules of that online service.
 
-If Defender for Cloud Apps data is stored in your tenant location, your tenant isn't movable after having been created. To view your Defender for Cloud Apps tenant location in the Microsoft Defender portal, go to **Settings > Cloud Apps > About > Region**.
+
+### View your data storage location
+
+To view your Defender for Cloud Apps tenant location in the Microsoft Defender portal, go to **Settings > Cloud Apps > About > Region**.
+
+> [!NOTE]
+> If Defender for Cloud Apps data is stored in your tenant location, your tenant isn't movable after having been created.
  
 ## Data retention
 
@@ -62,7 +68,7 @@ Your data is kept and is available to you while the license is under grace perio
 
 ## Data sharing for Microsoft Defender for Cloud Apps
 
-Defender for Cloud Apps shares data, including customer data, among the following Microsoft products also licensed by the customer. For customers in the Government Community Cloud (GCC), data sharing between government and commercial cloud environments may occur, depending on the location of the service offering.
+Defender for Cloud Apps shares data, including customer data, among the following Microsoft products also licensed by the customer. For customers in the Government Community Cloud (GCC), data sharing between government and commercial cloud environments might occur, depending on the location of the service offering.
 
 - Microsoft Defender XDR
 - Microsoft Defender for Cloud

CloudAppSecurityDocs/cloud-discovery-anonymizer.md

@@ -17,6 +17,12 @@ Key points:
 - Resolving usernames is done ad-hoc, per-username by deciphering a given encrypted username.
 - Anonymization capabilities aren't supported when using the "Defender for Cloud Apps Proxy" stream.
 
+## Prerequisites
+
+To resolve (deanonymize) usernames in Cloud Discovery data:
+
+- You must have the [Cloud Discovery global admin](manage-admins.md#built-in-admin-roles-in-defender-for-cloud-apps) role with anonymization permissions enabled during role assignment.
+
 ## How data anonymization works
 
 1. There are three ways to apply data anonymization:

CloudAppSecurityDocs/discovered-apps-api-graph.md

@@ -2,17 +2,16 @@
 title: Work with discovered apps via Graph API | Microsoft Defender for Cloud Apps
 description: Learn how to work with apps discovered by Microsoft Defender for Cloud Apps via Graph API.
 ms.topic: how-to #Don't change
-ms.date: 06/24/2024
-
+ms.date: 06/18/2025
 #customer intent: As a security engineer, I want to work with discovered apps via API so that I can customize and automate the Microsoft Defender for Cloud Apps **Discovered apps** page functionality.
-
 ---
 
 # Work with discovered apps via Graph API (Preview)
 
 Microsoft Defender for Cloud Apps supports a Microsoft Graph API that you can use to work with discovered cloud apps, to customize and automate the **Discovered apps** page functionality in the Microsoft Defender portal.
 
-This article provides sample procedures for using the [uploadedStreams API](/graph/api/security-datadiscoveryreport-list-uploadedstreams?view=graph-rest-beta) for common purposes.
+This article provides sample procedures for using the [uploadedStreams API](/graph/api/security-datadiscoveryreport-list-uploadedstreams?view=graph-rest-beta&preserve-view=true&tabs=http) for common purposes.
+
 
 ## Prerequisites
 
@@ -22,7 +21,7 @@ Before you start using the Graph API, make sure to create an app and get an acce
 
 - Take note of your app secret and copy its value to use later on in your scripts.
 
-You'll also need cloud app data streaming into Microsoft Defender for Cloud Apps.
+- You need cloud app data streaming into Microsoft Defender for Cloud Apps.
 
 For more information, see:
 
@@ -36,7 +35,7 @@ For more information, see:
 To get a high level summary of all the data available on your **Discovered apps** page, run the following GET command:
 
 ```http
-GET https://graph.microsoft.com/beta/dataDiscovery/cloudAppDiscovery/uploadedStreams
+GET https://graph.microsoft.com/beta/security/dataDiscovery/cloudAppDiscovery/uploadedStreams
 ```
 
 To drill down to data for a specific stream:
@@ -88,4 +87,4 @@ GET  https://graph.microsoft.com/beta/security/dataDiscovery/cloudAppDiscovery
 
 ## Related content
 
-For more information, see [Working with discovered apps](discovered-apps.md) and the [Microsoft Graph API reference](/graph/api/resources/security-cloudappdiscovery-overview?view=graph-rest-beta).
+For more information, see [Working with discovered apps](discovered-apps.md) and the [Microsoft Graph API reference](/graph/api/resources/security-cloudappdiscovery-overview?view=graph-rest-beta&preserve-view=true).

CloudAppSecurityDocs/governance-actions.md

@@ -59,7 +59,9 @@ The following governance actions can be taken for connected apps either on a spe
 
   - **Trash** – Move the file to the trash folder. (Box, Dropbox, Google Drive, OneDrive, SharePoint, Cisco Webex)
 
-   ![policy_create alerts.](media/policy_create-alerts.png)
+      :::image type="content" source="media/governance-actions/governance-actions-box.png" alt-text="Screenshot that shows the available file governance actions for Box and Dropbox." lightbox="media/governance-actions/governance-actions-box.png":::
+
+
 
 ## Malware governance actions (Preview)
 
@@ -81,7 +83,7 @@ The following governance actions can be taken for connected apps either on a spe
 
   - **Trash** – Move the file to the trash folder. (Box, Dropbox, Google Drive, OneDrive, SharePoint)
 
-:::image type="content" source="media/governance-actions/image1.png" alt-text="Malware governance actions.":::
+:::image type="content" source="media/governance-actions/governance-actions-dropbox-google-workspace.png" alt-text="Screenshot that shows malware governance actions." lightbox="media/governance-actions/governance-actions-dropbox-google-workspace.png":::
 
 > [!NOTE]
 > In SharePoint and OneDrive, Defender for Cloud Apps supports user quarantine only for files in Shared Documents libraries (SharePoint Online) and files in the Documents library (OneDrive for Business).

CloudAppSecurityDocs/media/governance-actions/governance-actions-box.png

@@ -28,19 +28,16 @@ In Defender for Endpoint, a mixed-licensing scenario is a situation in which an
 | *Mixed trial* | Try a premium level subscription for some users. Examples include: <br/>- Defender for Endpoint Plan 1 (purchased for all users), and Defender for Endpoint Plan 2 (a trial subscription has been started for some users)<br/>- Microsoft 365 E3 (purchased for all users), and Microsoft 365 E5 (a trial subscription has been started for some users) |
 | *Phased upgrades* | Upgrade user licenses in phases. Examples include:<br/>- Moving groups of users from Defender for Endpoint Plan 1 to Plan 2<br/>- Moving groups of users from Microsoft 365 E3 to E5  |
 
- Until recently, mixed-licensing scenarios weren't supported; in cases of multiple subscriptions, the highest functional subscription would take precedence for your tenant. Now, you can manage your subscription settings to accommodate mixed licensing scenarios across client devices. These capabilities enable you to:
+You can manage your subscription settings to accommodate mixed licensing scenarios across client devices. These capabilities enable you to:
 
 - **Set your tenant to mixed mode and tag devices** to determine which client devices will receive features and capabilities from each plan (we call this option *mixed mode*); **OR**,
 - **Use the features and capabilities from one plan across all your client devices**. 
 
 You can also use a newly added license usage report to track status.
 
-> [!NOTE]
-> If you're using Microsoft Defender for Business and you want to switch to Defender for Endpoint Plan 2, contact support. For more information, see [Change your endpoint security subscription](/defender-business/mdb-manage-subscription).
-
 ## [**Use mixed mode**](#tab/mixed)
 
-## Set your tenant to mixed mode and tag devices
+To set your tenant to mixed mode and tag devices, follow the guidance on this tab.
 
 > [!IMPORTANT]
 > - **Mixed-mode settings apply to client endpoints only**. Tagging server devices won't change their subscription state. All server devices running Windows Server or Linux should have appropriate licenses, such as [Defender for Servers](/azure/defender-for-cloud/plan-defender-for-servers-select-plan). See [Options for onboarding servers](onboard-windows-server.md).
@@ -96,10 +93,9 @@ For example, suppose that you want to use a tag called `VIP` for all the devices
 
 2. Set up a dynamic rule using the condition operator `Tag Does not contain VIP`. In this case, all devices that do not have the `VIP` tag will receive the `License MDE P1` tag and Defender for Endpoint Plan 1 capabilities. 
 
-
 ## [**Use one plan**](#tab/oneplan)
 
-## Use the features and capabilities from one plan across all your devices
+To use the features and capabilities from one plan across all your devices, follow the guidance on this tab.
 
 > [!IMPORTANT]
 > To access license information, you must have one of the following roles assigned in Microsoft Entra ID:
@@ -123,6 +119,10 @@ For example, suppose that you want to use a tag called `VIP` for all the devices
 
 ---
 
+Microsoft Defender for Business isn't supported for mixed-license scenarios. If you're using Defender for Business and you want to switch to Defender for Endpoint Plan 2, contact support. For more information, see [Change your endpoint security subscription](/defender-business/mdb-manage-subscription).
+
+[!INCLUDE [side-by-side-scenarios](includes/side-by-side-scenarios.md)]
+
 > [!IMPORTANT]
 > Microsoft recommends that you use roles with the fewest permissions. This helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
 

CloudAppSecurityDocs/media/governance-actions/image1.png renamed to CloudAppSecurityDocs/media/governance-actions/governance-actions-dropbox-google-workspace.png

@@ -7,7 +7,7 @@ ms.author: deniseb
 manager: deniseb 
 audience: ITPro
 ms.topic: how-to
-ms.date: 11/11/2024
+ms.date: 06/19/2025
 ms.collection: 
 - m365-security
 - tier2
@@ -24,6 +24,8 @@ Welcome to the Microsoft Defender for Endpoint Plan 2 trial user guide!
 
 This playbook is a simple guide to help you make the most of your free trial. Using the suggested steps in this article from the Microsoft Defender team, you learn how Defender for Endpoint can help you to prevent, detect, investigate, and respond to advanced threats.
 
+[!INCLUDE [side-by-side-scenarios](includes/side-by-side-scenarios.md)]
+
 ## What is Defender for Endpoint?
 
 [Defender for Endpoint](microsoft-defender-endpoint.md) is an enterprise endpoint security platform that uses the following combination of technology built into Windows and Microsoft's robust cloud service: 

CloudAppSecurityDocs/media/policy_create-alerts.png

@@ -32,6 +32,8 @@ We understand that every enterprise environment is unique, so we've provided sev
 
 :::image type="content" source="/defender/media/defender-endpoint/onboarding-architecture-2.png" alt-text="The deployment flow":::
 
+[!INCLUDE [side-by-side-scenarios](includes/side-by-side-scenarios.md)]
+
 ## Step 1: Identify your architecture
 
 Depending on your environment, some tools are better suited for certain architectures. Use the following table to decide which Defender for Endpoint architecture best suits your organization.