Merge branch 'main' into 440863-file-policy-decryption-mda

Author: DeCohen

ATPDocs/media/okta-integration/okta-permissions.png

@@ -100,9 +100,8 @@ After assigning both roles, you can remove the Super Admin role. This ensures th
 1. Select **Create new role**.
 1. Set the role name to **Microsoft Defender for Identity**.
 1. Select the permissions you want to assign to this role. Include the following permissions:
-    - **Suspend users**
-    - **Unsuspend users**
-    - **Clear users’ session**
+    - **Edit user's lifecycle states**
+    - **Edit user's authenticator operations**
     - **View roles, resources, and admin assignments**
 1. Select **Save role**.
 

ATPDocs/okta-integration.md

@@ -17,6 +17,12 @@ Key points:
 - Resolving usernames is done ad-hoc, per-username by deciphering a given encrypted username.
 - Anonymization capabilities aren't supported when using the "Defender for Cloud Apps Proxy" stream.
 
+## Prerequisites
+
+To resolve (deanonymize) usernames in Cloud Discovery data:
+
+- You must have the [Cloud Discovery global admin](manage-admins.md#built-in-admin-roles-in-defender-for-cloud-apps) role with anonymization permissions enabled during role assignment.
+
 ## How data anonymization works
 
 1. There are three ways to apply data anonymization:

CloudAppSecurityDocs/anomaly-detection-policy.md

@@ -59,7 +59,9 @@ The following governance actions can be taken for connected apps either on a spe
 
   - **Trash** – Move the file to the trash folder. (Box, Dropbox, Google Drive, OneDrive, SharePoint, Cisco Webex)
 
-   ![policy_create alerts.](media/policy_create-alerts.png)
+      :::image type="content" source="media/governance-actions/governance-actions-box.png" alt-text="Screenshot that shows the available file governance actions for Box and Dropbox." lightbox="media/governance-actions/governance-actions-box.png":::
+
+
 
 ## Malware governance actions (Preview)
 
@@ -81,7 +83,7 @@ The following governance actions can be taken for connected apps either on a spe
 
   - **Trash** – Move the file to the trash folder. (Box, Dropbox, Google Drive, OneDrive, SharePoint)
 
-:::image type="content" source="media/governance-actions/image1.png" alt-text="Malware governance actions.":::
+:::image type="content" source="media/governance-actions/governance-actions-dropbox-google-workspace.png" alt-text="Screenshot that shows malware governance actions." lightbox="media/governance-actions/governance-actions-dropbox-google-workspace.png":::
 
 > [!NOTE]
 > In SharePoint and OneDrive, Defender for Cloud Apps supports user quarantine only for files in Shared Documents libraries (SharePoint Online) and files in the Documents library (OneDrive for Business).

CloudAppSecurityDocs/cloud-discovery-anonymizer.md

@@ -27,6 +27,14 @@ For news about earlier releases, see [Archive of past updates for Microsoft Defe
 > Learn more: [Network requirements](https://aka.ms/MDANetworkDocs).
 
 
+
+## June 2025
+
+### New Dynamic Threat Detection model
+
+Microsoft Defender for Cloud Apps new dynamic threat detection model continuously adapts to the ever-changing SaaS apps threat landscape. This approach ensures your organization remains protected with up-to-date detection logic without the need for manual policy updates or reconfiguration. Several legacy anomaly detection policies have already been seamlessly transitioned to this adaptive model, delivering smarter and more responsive security coverage.
+For more information, see [Create Defender for Cloud Apps anomaly detection policies](anomaly-detection-policy.md).
+
 ## May 2025 
 
 

CloudAppSecurityDocs/governance-actions.md

@@ -1046,6 +1046,8 @@
             href: respond-machine-alerts.md#restrict-app-execution
           - name: Isolate devices from the network
             href: respond-machine-alerts.md#isolate-devices-from-the-network
+          - name: Isolation exclusions
+            href: isolation-exclusions.md
           - name: Contain devices from the network
             href: respond-machine-alerts.md#contain-devices-from-the-network
           - name: Contain user from the network