Merge pull request #1304 from MicrosoftDocs/main

Publish main to live, Monday 10:30AM PDT, 09/09

Author: Stacyrch140

defender-endpoint/respond-machine-alerts.md

@@ -5,7 +5,7 @@ ms.service: defender-endpoint
 ms.author: diannegali
 author: diannegali
 ms.localizationpriority: medium
-ms.date: 12/15/2023
+ms.date: 09/09/2024
 manager: deniseb
 audience: ITPro
 ms.collection:
@@ -266,11 +266,13 @@ When a device is being isolated, the following notification is displayed to info
 
 ## Contain devices from the network
 
-When you have identified an unmanaged device that is compromised or potentially compromised, you might want to contain that device from the network. When you contain a device any Microsoft Defender for Endpoint onboarded device will block incoming and outgoing communication with that device. This action can help prevent neighboring devices from becoming compromised while the security operations analyst locates, identifies, and remediates the threat on the compromised device.
+When you have identified an unmanaged device that is compromised or potentially compromised, you might want to contain that device from the network to prevent the potential attack from moving laterally across the network. When you contain a device any Microsoft Defender for Endpoint onboarded device will block incoming and outgoing communication with that device. This action can help prevent neighboring devices from becoming compromised while the security operations analyst locates, identifies, and remediates the threat on the compromised device.
 
 > [!NOTE]
 > Blocking incoming and outgoing communication with a 'contained' device is supported on onboarded Microsoft Defender for Endpoint Windows 10 and Windows Server 2019+ devices.
 
+Once devices are contained, we recommend investigating and remediating the threat on the contained devices as soon as possible. After remediation, you should remove the devices from containment.
+
 ### How to contain a device
 
 1. Go to the **Device inventory** page and select the device to contain.
@@ -283,6 +285,9 @@ When you have identified an unmanaged device that is compromised or potentially
 
 :::image type="content" alt-text="Screenshot of the contain device menu item." source="/defender/media/defender-endpoint/contain_device_popup.png" lightbox="/defender/media/defender-endpoint/contain_device_popup.png":::
 
+> [!IMPORTANT]
+> Containing a large number of devices might cause performance issues on Defender for Endpoint-onboarded devices. To prevent any issues, Microsoft recommends containing up to 100 devices at any given time.
+
 ### Contain a device from the device page
 
 A device can also be contained from the device page by selecting **Contain device** from the action bar:

defender-office-365/attack-simulation-training-simulation-automations.md

@@ -578,6 +578,9 @@ What you see on the **Schedule details** page depends on whether you selected **
 
   - **Automation end** section: Use **Select the date you want the automations to end** to select the end date for the simulations. You can select any future date of upto a year.
 
+    > [!TIP]
+    > Only one simulation is launched in a day, so we recommend selecting at least as many days as you'd like the simulations to run.
+
 - **Fixed** simulation schedule: The following settings are available:
   - **Automation start** section: Use **Select the date you want the simulations to start from** to select the start date for the simulations. You can select any future date of upto a year.
 

defender-office-365/priority-accounts-security-recommendations.md

@@ -6,7 +6,7 @@ ms.author: chrisda
 author: chrisda
 manager: deniseb
 audience: Admin
-ms.topic: conceptual
+ms.topic: solution-overview
 ms.localizationpriority: medium
 search.appverid:
   - MET150
@@ -112,7 +112,7 @@ After you secure and tag your priority users, you can use the available reports,
 
 Training users with priority accounts can help save those users and your security operations team much time and frustration. Savvy users are less likely to open attachments or click links in questionable email messages, and they're more likely to avoid suspicious websites.
 
-The Harvard Kennedy School [Cybersecurity Campaign Handbook](https://www.belfercenter.org/CyberPlaybook) provides excellent guidance for establishing a strong culture of security awareness within your organization, including training users to identify phishing attacks.
+The Harvard Kennedy School [Cybersecurity Campaign Handbook](https://www.hks.harvard.edu/publications/cybersecurity-campaign-playbook) provides excellent guidance for establishing a strong culture of security awareness within your organization, including training users to identify phishing attacks.
 
 Microsoft 365 provides the following resources to help inform users in your organization: