Merge branch 'main' into poliveria-ah-identity-08082025

Author: poliveria

defender-endpoint/android-whatsnew.md

@@ -15,29 +15,40 @@ ms.collection:
 ms.topic: reference
 ms.subservice: android
 search.appverid: met150
-ms.date: 11/06/2025
+ms.date: 11/17/2025
 appliesto:
   - Microsoft Defender for Endpoint
 
 ---
 
 # What's new in Microsoft Defender for Endpoint on Android
 
-
 Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://go.microsoft.com/fwlink/p/?linkid=2225630)
 
 ### Releases for Defender for Endpoint on Android
 
 #### November 2025
 
+| Build| 1.0.8315.0101|
+| -------- | -------- |
+| Release Date 	| November 17, 2025 |
+
+**What's New**
+
+- Performance improvement and accessibility bug fixes
+
+#### November 2025
+
 | Build| 1.0.8303.0101|
 | -------- | -------- |
 | Release Date |November 4, 2025|
 
 **What's New**
 
 - An improved user feedback experience: See [Key changes - November 2025](./android-new-ux.md#key-changes---november-2025) for details.
-  
+
+- Added landscape mode UI support for the Defender app.
+
 - Additional telemetry features to improve app performance monitoring and detect specific scenarios, such as entering landscape mode or invalid authentication attempts.
 
 #### October 2025

defender-endpoint/enable-attack-surface-reduction.md

@@ -168,6 +168,12 @@ The following procedures for enabling attack surface reduction rules include ins
 
 1. Select **Next** on the three configuration panes, then select **Create** if you're creating a new policy or **Save** if you're editing an existing policy.
 
+> [!NOTE]
+> In the latest Intune interface, **Configuration profiles** is located under  **Devices > Configuration profiles**.  
+> Earlier versions of Intune showed this under **Device configuration > Profiles**.  
+> If you don't see "Configuration Profile" as written in older instructions, look for **Configuration profiles** under the Devices menu.
+
+
 #### Device Configuration Profiles (Alternative 1)
 
 1. Select **Device configuration** > **Profiles**. Choose an existing endpoint protection profile or create a new one. To create a new one, select **Create profile** and enter information for this profile. For **Profile type**, select **Endpoint protection**. If you've chosen an existing profile, select **Properties** and then select **Settings**.

defender-for-identity/deploy/configure-windows-event-collection.md

@@ -1,7 +1,7 @@
 ---
 title: Configure audit policies for Windows event logs | Microsoft Defender for Identity
 description: This article describes how to configure audit policies for Windows event logs as part of deploying a Microsoft Defender for Identity sensor.
-ms.date: 06/04/2025
+ms.date: 11/05/2025
 ms.topic: how-to
 ms.reviewer: rlitinsky
 ---
@@ -23,9 +23,13 @@ Defender for Identity generates health issues for each of these scenarios if the
 Before you start creating new event and audit policies, we recommend that you run the following PowerShell command to generate a report of your current domain configurations:
 
 ```powershell
-New-MDIConfigurationReport [-Path] <String> [-Mode] <String> [-OpenHtmlReport]
+New-MDIConfigurationReport -Path "C:\Reports" -Mode Domain -Identity "DOMAIN\ServiceAccountName" -OpenHtmlReport
 ```
 
+> [!NOTE]
+> When using `-Mode Domain`, include the `-Identity` parameter to avoid an interactive prompt.
+> For more information, see: [New-MDIConfigurationReport](/powershell/module/defenderforidentity/new-mdiconfigurationreport?view=defenderforidentity-latest&preserve-view=true).
+
 In the preceding command:
 
 - `Path` specifies the path to save the reports to.

defender-for-identity/whats-new.md

@@ -25,6 +25,14 @@ For updates about versions and features released six months ago or earlier, see
 
 ## November 2025
 
+Defender for Identity now offers an opt-in automatic event-auditing configuration for unified sensors (V3.x). This feature streamlines deployment by automatically applying required Windows auditing settings to new sensors and fixing misconfigurations on existing ones. Admins can enable the option in the Defender for Identity Settings -> Advanced Features or via Graph API. The capability and its related health alerts will roll out globally beginning mid-November 2025.
+**Releated Health alerts:**
+- NTLM Auditing is not enabled 
+- Directory Services Advanced Auditing is not enabled as required 
+- Directory Services Object Auditing is not enabled as required 
+- Auditing on the Configuration container is not enabled as required 
+- Auditing on the ADFS container is not enabled as required
+
 ### New security posture assessment: Change password for on-prem account with potentially leaked credentials (Preview)
 
 The new security posture assessment lists users whose valid credentials have been leaked. For more information, see: [Change password for on-prem account with potentially leaked credentials (Preview)](/defender-for-identity/security-posture-assessments/accounts#change-password-for-on-prem-account-with-potentially-leaked-credentials-preview)