MicrosoftDocs
diff --git a/‎.openpublishing.redirection.defender-xdr.json‎
Lines changed: 45 additions & 0 deletions b/‎.openpublishing.redirection.defender-xdr.json‎
Lines changed: 45 additions & 0 deletions
diff --git a/‎ATADocs/media/ATA-windows-event-forwarding.jpg‎
-43.2 KB b/‎ATADocs/media/ATA-windows-event-forwarding.jpg‎
-43.2 KB
diff --git a/‎ATPDocs/deploy/active-directory-federation-services.md‎
Lines changed: 0 additions & 3 deletions b/‎ATPDocs/deploy/active-directory-federation-services.md‎
Lines changed: 0 additions & 3 deletions
diff --git a/‎ATPDocs/privacy-compliance.md‎
Lines changed: 7 additions & 6 deletions b/‎ATPDocs/privacy-compliance.md‎
Lines changed: 7 additions & 6 deletions
diff --git a/‎CloudAppSecurityDocs/ops-guide/ops-guide-daily.md‎
Lines changed: 5 additions & 5 deletions b/‎CloudAppSecurityDocs/ops-guide/ops-guide-daily.md‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎CloudAppSecurityDocs/protect-docusign.md‎
Lines changed: 3 additions & 2 deletions b/‎CloudAppSecurityDocs/protect-docusign.md‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎defender-endpoint/TOC.yml‎
Lines changed: 9 additions & 5 deletions b/‎defender-endpoint/TOC.yml‎
Lines changed: 9 additions & 5 deletions
diff --git a/‎defender-endpoint/address-unwanted-behaviors-mde.md‎
Lines changed: 1 addition & 1 deletion b/‎defender-endpoint/address-unwanted-behaviors-mde.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎defender-endpoint/assign-portal-access.md‎
Lines changed: 9 additions & 5 deletions b/‎defender-endpoint/assign-portal-access.md‎
Lines changed: 9 additions & 5 deletions
diff --git a/‎defender-endpoint/behavior-monitor.md‎
Lines changed: 1 addition & 1 deletion b/‎defender-endpoint/behavior-monitor.md‎
Lines changed: 1 addition & 1 deletion
@@ -205,6 +205,51 @@
       "redirect_url": "/defender-xdr/troubleshoot",
       "redirect_document_id": false
     },
+    {
+      "source_path": "defender-xdr/mto-advanced-hunting.md",
+      "redirect_url": "/unified-secops-platform/mto-advanced-hunting",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-xdr/mto-dashboard.md",
+      "redirect_url": "/unified-secops-platform/mto-dashboard",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-xdr/mto-endpoint-security-policy.md",
+      "redirect_url": "/unified-secops-platform/mto-endpoint-security-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-xdr/mto-incidents-alerts.md",
+      "redirect_url": "/unified-secops-platform/mto-incidents-alerts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-xdr/mto-overview.md",
+      "redirect_url": "/unified-secops-platform/mto-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-xdr/mto-requirements.md",
+      "redirect_url": "/unified-secops-platform/mto-requirements",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-xdr/mto-tenant-devices.md",
+      "redirect_url": "/unified-secops-platform/mto-tenant-devices",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-xdr/mto-tenantgroups.md",
+      "redirect_url": "/unified-secops-platform/mto-tenantgroups",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-xdr/mto-tenants.md",
+      "redirect_url": "/unified-secops-platform/mto-tenants",
+      "redirect_document_id": false
+    },
     {
       "source_path": "defender-xdr/portals.md",
       "redirect_url": "/unified-secops-platform/overview-plan#understand-microsoft-security-portals-and-admin-centers",
 
@@ -55,9 +55,6 @@ Configure the SQL server to allow the Directory Service Account with the followi
 - *read*
 - *select*
 
-> [!NOTE]
-> If the AD FS database runs on a dedicated SQL server instead of the local AD FS server, and you're using a group Managed Service Account (gMSA) as the Directory Service Account, make sure that you grant the SQL server the [required permissions](create-directory-service-account-gmsa.md#prerequisites-grant-permissions-to-retrieve-the-gmsa-accounts-password) to retrieve the gMSA's password.
-
 ### Grant access to the AD FS database
 
 Grant access to the AD FS database by using SQL Server Management Studio, Transact-SQL (T-SQL), or PowerShell.
 
@@ -22,13 +22,14 @@ For more information see: [Microsoft Defender for Identity monitored activities]
 
 Defender for Identity operates in the Microsoft Azure data centers in the following locations:
 
-- European Union (West Europe, North Europe)
-- United Kingdom (UK South) 
-- United States (East US, West US, West US2)
-- Australia (Australia East)
-- Switzerland (Switzerland North)
-- Singapore (Southeast Asia)
+- Asia (Southeast Asia)
+- Australia (Australia East, Australia Southeast)
+- Europe (West Europe, North Europe)
 - India (Central India, South India)
+- North America (East US, West US, West US2)
+- Switzerland (Switzerland North, Switzerland West)
+- United Kingdom (UK South)
+
 
 Customer data collected by the service might be stored as follows:
 
 
@@ -146,7 +146,7 @@ Based on the data you review, you might want to create new or adjust app governa
 
 For more information, see:
 
-- [View and manage incidents and alerts](/microsoft-365/security/defender/mto-incidents-alerts)
+- [View and manage incidents and alerts](/unified-secops-platform/mto-incidents-alerts)
 - [View your app details with app governance](../app-governance-visibility-insights-view-apps.md)
 - [Create app policies in app governance](../app-governance-app-policies-create.md).
 
@@ -163,7 +163,7 @@ App governance uses machine learning-based detection algorithms to detect anomal
 
 For more information, see:
 
-- [View and manage incidents and alerts](/microsoft-365/security/defender/mto-incidents-alerts)
+- [View and manage incidents and alerts](/unified-secops-platform/mto-incidents-alerts)
 - [View your app details with app governance](../app-governance-visibility-insights-view-apps.md)
 - [Getting detailed information on an app](../app-governance-visibility-insights-view-apps.md#getting-detailed-information-on-an-app)
 
@@ -199,7 +199,7 @@ By default, there's no access or session policies deployed, and therefore no rel
 
 For more information, see:
 
-- [View and manage incidents and alerts](/microsoft-365/security/defender/mto-incidents-alerts)
+- [View and manage incidents and alerts](/unified-secops-platform/mto-incidents-alerts)
 - [Protect apps with Microsoft Defender for Cloud Apps Conditional Access app control](../proxy-intro-aad.md)
 - [Block and protect download of sensitive data to unmanaged or risky devices](../best-practices.md#block-and-protect-download-of-sensitive-data-to-unmanaged-or-risky-devices)
 - [Secure collaboration with external users by enforcing real-time session controls](../best-practices.md#secure-collaboration-with-external-users-by-enforcing-real-time-session-controls)
@@ -231,7 +231,7 @@ Create app discovery policies to start alerting and tagging newly discovered app
 
 For more information, see:
 
-- [View and manage incidents and alerts](/microsoft-365/security/defender/mto-incidents-alerts)
+- [View and manage incidents and alerts](/unified-secops-platform/mto-incidents-alerts)
 - [Cloud discovery policies](../policies-cloud-discovery.md)
 - [Create cloud discovery policies](../cloud-discovery-policies.md)
 - [Set up cloud discovery](../set-up-cloud-discovery.md)
@@ -298,7 +298,7 @@ Use the results of these queries to adjust existing file policies or create new
 
 For more information, see:
 
-- [View and manage incidents and alerts](/microsoft-365/security/defender/mto-incidents-alerts)
+- [View and manage incidents and alerts](/unified-secops-platform/mto-incidents-alerts)
 - [Information protection policies](../policies-information-protection.md).
 
 ## Related content
 
@@ -7,7 +7,8 @@ ms.topic: how-to
 
 # How Defender for Cloud Apps helps protect your DocuSign environment
 
-
+> [!NOTE]
+> The DocuSign App Connector requires an active, paid DocuSign and DocuSign Monitor subscription to access and retrieve events.
 
 DocuSign helps organizations manage electronic agreements, and so your DocuSign environment holds sensitive information for your organization. Any abuse of DocuSign by a malicious actor or any human error may expose your most critical assets to potential attacks.
 
@@ -136,4 +137,4 @@ This section provides instructions for connecting Microsoft Defender for Cloud A
 > [!div class="nextstepaction"]
 > [Control cloud apps by using policies](control-cloud-apps-with-policies.md)
 
-[!INCLUDE [Open support ticket](includes/support.md)]
+[!INCLUDE [Open support ticket](includes/support.md)]
@@ -261,7 +261,7 @@
             items:
             - name: Defender for Endpoint on Linux for ARM64-based devices (preview)
               href: mde-linux-arm.md
-            - name: Installer script
+            - name: Installer script based deployment
               href: linux-installer-script.md
             - name: Ansible based deployment
               href: linux-install-with-ansible.md
@@ -1534,17 +1534,21 @@
     - name: Microsoft Security Resources
       items: 
         - name: Threat actor naming
-          href: /defender-xdr/microsoft-threat-actor-naming
+          href: /unified-secops-platform/microsoft-threat-actor-naming
+
         - name: Malware names
-          href: /defender-xdr/malware-naming
+          href: /unified-secops-platform/malware-naming
+
         - name: How Microsoft identifies malware and PUA
           href: /defender-xdr/criteria
         - name: Submit files for analysis
-          href: /defender-xdr/submission-guide
+          href: /unified-secops-platform/submission-guide
+
         - name: Troubleshoot MSI portal errors caused by admin block
           href: /defender-xdr/portal-submission-troubleshooting
         - name: Microsoft virus initiative
-          href: /defender-xdr/virus-initiative-criteria
+          href: /unified-secops-platform/virus-initiative-criteria
+
         - name: Software developer FAQ
           href: /defender-xdr/developer-faq        
     - name: Malware information
 
@@ -116,7 +116,7 @@ In this scenario, a legitimate app is blocked from writing to folders that are p
 
 In this scenario, a third-party app that isn't a threat is detected and identified as malicious by Microsoft Defender Antivirus.
 
-**How to address**: Submit the app to Microsoft for analysis. See [How to submit a file to Microsoft for analysis](/defender-xdr/submission-guide#how-do-i-submit-a-file-to-microsoft-for-analysis).
+**How to address**: Submit the app to Microsoft for analysis. See [How to submit a file to Microsoft for analysis](/unified-secops-platform/submission-guide#how-do-i-submit-a-file-to-microsoft-for-analysis).
 
 ### An app is incorrectly detected and identified as malicious by Defender for Endpoint
 
 
@@ -13,7 +13,7 @@ ms.collection:
 - m365-security
 - tier2
 ms.topic: conceptual
-ms.date: 06/25/2024
+ms.date: 01/28/2025
 ---
 
 # Assign user access 
@@ -36,18 +36,22 @@ Defender for Endpoint supports two ways to manage permissions:
 
 - **Role-based access control (RBAC)**: Set granular permissions by defining roles, assigning Microsoft Entra user groups to the roles, and granting the user groups access to device groups. For more information on RBAC, see [Manage portal access using role-based access control](rbac.md).
 
+> [!IMPORTANT]
+> Starting February 16, 2025, new Microsoft Defender for Endpoint customers will only have access to the Unified Role-Based Access Control (URBAC).
+> Existing customers keep their current roles and permissions. For more information, see URBAC [Unified Role-Based Access Control (URBAC) for Microsoft Defender for Endpoint](/defender-xdr/manage-rbac).
+
 ## Change from basic permissions to RBAC
 
-If you have already assigned basic permissions, you can switch to RBAC anytime. Consider the following before making the switch:
+If you have basic permissions, you can switch to RBAC anytime. Consider the following before making the switch:
 
-- Users who have full access (users who are assigned either the Global Administrator or Security Administrator directory role in Microsoft Entra ID) are automatically assigned the default Defender for Endpoint administrator role, which also has full access. 
+- Users who have full access are automatically assigned the default Defender for Endpoint administrator role.
 - Other Microsoft Entra user groups can be assigned to the Defender for Endpoint administrator role after switching to RBAC.
 - Only users who are assigned the Defender for Endpoint administrator role can manage permissions using RBAC. 
-- Users who have read-only access (Security Readers) lose access to the portal until they are assigned a role. Only Microsoft Entra user groups can be assigned a role under RBAC.
+- Users who have read-only access (Security Readers) lose access to the portal until they're assigned a role. Only Microsoft Entra user groups can be assigned a role under RBAC.
 - After switching to RBAC, you can't switch back to using basic permissions management.
 
 > [!IMPORTANT]
-> Microsoft recommends that you use roles with the fewest permissions. This helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
+> Microsoft recommends that you use roles with the fewest permissions as it helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
 
 ## Related articles
 
 
@@ -133,7 +133,7 @@ withNames | join kind = fullouter DefUpdate on DeviceId
 
 ## Troubleshooting high CPU usage
 
-Detections related to behavior monitoring start with "[Behavior](/defender-xdr/malware-naming#type)".
+Detections related to behavior monitoring start with "[Behavior](/unified-secops-platform/malware-naming#type)".
 
 When investigating high CPU usage in `MsMpEng.exe`, you can temporarily disable behavior monitoring to see if the issues continue.