Merge pull request #5017 from MicrosoftDocs/main

m365-skilling-repo-management[bot] · web-flow · commit 8cdcdd8eb0f2 · 2025-09-12T08:35:19.000Z
[AutoPublish] main to live - 09/12 01:33 PDT | 09/12 14:03 IST
diff --git a/defender/threat-intelligence/analyst-insights.md b/defender/threat-intelligence/analyst-insights.md
@@ -6,7 +6,7 @@ ms.author: aroland
 manager: dolmont
 ms.service: threat-intelligence
 ms.topic: overview
-ms.date: 01/15/2025
+ms.date: 09/12/2025
 ms.custom: 
 - template-overview
 - cx-ti
@@ -15,6 +15,9 @@ ms.custom:
 
 # Analyst insights
 
+> [!IMPORTANT]
+> Microsoft Defender Threat Intelligence (Defender TI) will be discontinued and merged into Microsoft Defender for a powerful unified experience. Existing customers will continue to have full access to their current Defender TI experience until the product is retired on August 1, 2026. [Learn more](https://techcommunity.microsoft.com/blog/defenderthreatintelligence/mdti-is-converging-into-microsoft-sentinel-and-defender-xdr/4427991)
+
 In Microsoft Defender Threat Intelligence (Defender TI), the **Analyst insights** section provides you with quick insights about an artifact that might help determine your next step in an investigation. This section lists any insights that apply to the artifact, and insights that don't apply for extra visibility. 
 
 In the following example, you can quickly determine that the IP address is routable, hosts a web server, and had an open port within the past five days. Furthermore, the system displays rules that weren't triggered, which can be equally helpful when kick starting an investigation.
diff --git a/defender/threat-intelligence/data-sets.md b/defender/threat-intelligence/data-sets.md
@@ -6,7 +6,7 @@ ms.author: aroland
 manager: dolmont
 ms.service: threat-intelligence
 ms.topic: concept-article
-ms.date: 01/15/2025
+ms.date: 09/12/2025
 ms.custom: 
 - template-concept
 - cx-ti
@@ -15,6 +15,9 @@ ms.custom:
 
 # Data sets
 
+> [!IMPORTANT]
+> Microsoft Defender Threat Intelligence (Defender TI) will be discontinued and merged into Microsoft Defender for a powerful unified experience. Existing customers will continue to have full access to their current Defender TI experience until the product is retired on August 1, 2026. [Learn more](https://techcommunity.microsoft.com/blog/defenderthreatintelligence/mdti-is-converging-into-microsoft-sentinel-and-defender-xdr/4427991)
+
 Microsoft centralizes numerous data sets into Microsoft Defender Threat Intelligence (Defender TI), making it easier for Microsoft's customers and community to conduct infrastructure analysis. Microsoft's primary focus is to provide as much data as possible about internet infrastructure to support various security use cases.
 
 Microsoft collects, analyzes, and indexes internet data to help you:
diff --git a/defender/threat-intelligence/gathering-threat-intelligence-and-infrastructure-chaining.md b/defender/threat-intelligence/gathering-threat-intelligence-and-infrastructure-chaining.md
@@ -6,7 +6,7 @@ ms.author: aroland
 manager: dolmont
 ms.service: threat-intelligence
 ms.topic: tutorial
-ms.date: 01/15/2025
+ms.date: 09/12/2025
 ms.custom: 
 - template-overview
 - cx-ti
@@ -16,6 +16,9 @@ ms.custom:
 
 # Tutorial: Gathering threat intelligence and infrastructure chaining
 
+> [!IMPORTANT]
+> Microsoft Defender Threat Intelligence (Defender TI) will be discontinued and merged into Microsoft Defender for a powerful unified experience. Existing customers will continue to have full access to their current Defender TI experience until the product is retired on August 1, 2026. [Learn more](https://techcommunity.microsoft.com/blog/defenderthreatintelligence/mdti-is-converging-into-microsoft-sentinel-and-defender-xdr/4427991)
+
 This tutorial walks you through how to perform several types of indicator searches and gather threat and adversary intelligence using Microsoft Defender Threat Intelligence (Defender TI) in the Microsoft Defender portal.
 
 ## Prerequisites
diff --git a/defender/threat-intelligence/gathering-vulnerability-intelligence.md b/defender/threat-intelligence/gathering-vulnerability-intelligence.md
@@ -6,7 +6,7 @@ ms.author: aroland
 manager: dolmont
 ms.service: threat-intelligence
 ms.topic: tutorial
-ms.date: 01/15/2025
+ms.date: 09/12/2025
 ms.custom: 
 - template-overview
 - cx-ti
@@ -15,6 +15,9 @@ ms.custom:
 
 # Tutorial: Gathering vulnerability intelligence
 
+> [!IMPORTANT]
+> Microsoft Defender Threat Intelligence (Defender TI) will be discontinued and merged into Microsoft Defender for a powerful unified experience. Existing customers will continue to have full access to their current Defender TI experience until the product is retired on August 1, 2026. [Learn more](https://techcommunity.microsoft.com/blog/defenderthreatintelligence/mdti-is-converging-into-microsoft-sentinel-and-defender-xdr/4427991)
+
 This tutorial walks you through how to perform several types of indicator searches to gather vulnerability intelligence using Microsoft Defender Threat Intelligence (Defender TI) in the Microsoft Defender portal.
 
 ## Prerequisites
diff --git a/defender/threat-intelligence/infrastructure-chaining.md b/defender/threat-intelligence/infrastructure-chaining.md
@@ -6,7 +6,7 @@ ms.author: aroland
 manager: dolmont
 ms.service: threat-intelligence 
 ms.topic: concept-article
-ms.date: 01/15/2025
+ms.date: 09/12/2025
 ms.custom: 
 - template-overview
 - cx-ti
@@ -15,6 +15,9 @@ ms.custom:
 
 # Infrastructure chaining
 
+> [!IMPORTANT]
+> Microsoft Defender Threat Intelligence (Defender TI) will be discontinued and merged into Microsoft Defender for a powerful unified experience. Existing customers will continue to have full access to their current Defender TI experience until the product is retired on August 1, 2026. [Learn more](https://techcommunity.microsoft.com/blog/defenderthreatintelligence/mdti-is-converging-into-microsoft-sentinel-and-defender-xdr/4427991)
+
 Infrastructure chaining uses the relationships between highly connected datasets to build out an investigation. This process is the core of threat infrastructure analysis and allows organizations to surface new connections, group similar attack activity and substantiate assumptions during incident response.
 
 ![Infrastructure chaining](media/infrastructureChaining.png)
diff --git a/defender/threat-intelligence/learn-how-to-access-microsoft-defender-threat-intelligence-and-make-customizations-in-your-portal.md b/defender/threat-intelligence/learn-how-to-access-microsoft-defender-threat-intelligence-and-make-customizations-in-your-portal.md
@@ -6,7 +6,7 @@ ms.author: aroland
 manager: dolmont
 ms.service: threat-intelligence 
 ms.topic: quickstart
-ms.date: 05/16/2025
+ms.date: 09/12/2025
 ms.custom: 
 - template-overview
 - cx-ti
@@ -16,6 +16,9 @@ ms.collection: essentials-get-started
 
 # Quickstart: Learn how to access Microsoft Defender Threat Intelligence and make customizations
 
+> [!IMPORTANT]
+> Microsoft Defender Threat Intelligence (Defender TI) will be discontinued and merged into Microsoft Defender for a powerful unified experience. Existing customers will continue to have full access to their current Defender TI experience until the product is retired on August 1, 2026. [Learn more](https://techcommunity.microsoft.com/blog/defenderthreatintelligence/mdti-is-converging-into-microsoft-sentinel-and-defender-xdr/4427991)
+
 This guide walks you through how to access Microsoft Threat Intelligence (Defender TI) from the Microsoft Defender portal, adjust the portal's theme to make it easier on your eyes when using it, and find sources for enrichment so you can see more results when gathering threat intelligence. 
 
 :::image type="content" source="/defender/threat-intelligence/media/quickstart-intel-explorer.png" alt-text="Screenshot of the Microsoft Defender Threat Intelligence Intel explorer in the Microsoft Defender portal." lightbox="/defender/threat-intelligence/media/quickstart-intel-explorer.png":::
diff --git a/defender/threat-intelligence/reputation-scoring.md b/defender/threat-intelligence/reputation-scoring.md
@@ -6,7 +6,7 @@ ms.author: aroland
 manager: dolmont
 ms.service: threat-intelligence
 ms.topic: overview
-ms.date: 01/15/2025
+ms.date: 09/12/2025
 ms.custom: 
 - template-overview
 - cx-ti
@@ -15,6 +15,9 @@ ms.custom:
 
 # Reputation scoring
 
+> [!IMPORTANT]
+> Microsoft Defender Threat Intelligence (Defender TI) will be discontinued and merged into Microsoft Defender for a powerful unified experience. Existing customers will continue to have full access to their current Defender TI experience until the product is retired on August 1, 2026. [Learn more](https://techcommunity.microsoft.com/blog/defenderthreatintelligence/mdti-is-converging-into-microsoft-sentinel-and-defender-xdr/4427991)
+
 Microsoft Defender Threat Intelligence (Defender TI) provides proprietary reputation scores for any host, domain, or IP address. Whether validating the reputation of a known or unknown entity, this score helps you quickly understand any detected ties to malicious or suspicious infrastructure. Defender TI provides quick information about the activity of these entities (for example, first- and last-seen timestamps, autonomous system numbers, and associated infrastructure) and a list of rules that affect the reputation score when applicable.
 
 Reputation data is important to understanding the trustworthiness of your own attack surface and is also useful when assessing unknown hosts, domains, or IP addresses that appear in investigations. These scores uncover any prior malicious or suspicious activity that affected the entity, or other known indicators of compromise (IOCs) that should be considered.
diff --git a/defender/threat-intelligence/searching-and-pivoting.md b/defender/threat-intelligence/searching-and-pivoting.md
@@ -6,7 +6,7 @@ ms.author: aroland
 manager: dolmont
 ms.service: threat-intelligence 
 ms.topic: how-to 
-ms.date: 01/15/2025
+ms.date: 09/12/2025
 ms.custom: 
 - template-overview
 - cx-ti
@@ -15,6 +15,9 @@ ms.custom:
 
 # Searching and pivoting
 
+> [!IMPORTANT]
+> Microsoft Defender Threat Intelligence (Defender TI) will be discontinued and merged into Microsoft Defender for a powerful unified experience. Existing customers will continue to have full access to their current Defender TI experience until the product is retired on August 1, 2026. [Learn more](https://techcommunity.microsoft.com/blog/defenderthreatintelligence/mdti-is-converging-into-microsoft-sentinel-and-defender-xdr/4427991)
+
 Microsoft Defender Threat Intelligence (Defender TI) offers a robust and flexible search engine to streamline the investigation process. Defender TI is designed to let you pivot across various indicators from different data sources, making it easier than ever to discover relationships between disparate infrastructure. 
 
 This article helps you understand how to conduct a search and pivot across different data sets to discover relationships between different artifacts.
diff --git a/defender/threat-intelligence/security-copilot-and-defender-threat-intelligence.md b/defender/threat-intelligence/security-copilot-and-defender-threat-intelligence.md
@@ -16,7 +16,7 @@ ms.custom:
 - cx-ti
 - cx-mdti
 ms.topic: article
-ms.date: 04/22/2025
+ms.date: 09/12/2025
 ---
 
 # Microsoft Security Copilot in Microsoft Defender Threat Intelligence
diff --git a/defender/threat-intelligence/sorting-filtering-and-downloading-data.md b/defender/threat-intelligence/sorting-filtering-and-downloading-data.md
@@ -6,7 +6,7 @@ ms.author: aroland
 manager: dolmont
 ms.service: threat-intelligence 
 ms.topic: how-to 
-ms.date: 01/15/2025
+ms.date: 09/12/2025
 ms.custom: 
 - template-overview
 - cx-ti
@@ -15,6 +15,9 @@ ms.custom:
 
 # Sorting, filtering, and downloading data
 
+> [!IMPORTANT]
+> Microsoft Defender Threat Intelligence (Defender TI) will be discontinued and merged into Microsoft Defender for a powerful unified experience. Existing customers will continue to have full access to their current Defender TI experience until the product is retired on August 1, 2026. [Learn more](https://techcommunity.microsoft.com/blog/defenderthreatintelligence/mdti-is-converging-into-microsoft-sentinel-and-defender-xdr/4427991)
+
 Microsoft Defender Threat Intelligence (Defender TI) lets you access our vast collection of crawling data in an indexed and pivot table format. These data sets can be large, returning expansive amounts of historic and recent data. By letting you appropriately sort and filter the data, we help you surface the connections of interest easily.
 
 In this how-to article, you learn how to sort and filter data for the following data sets:
diff --git a/defender/threat-intelligence/using-copilot-threat-intelligence-defender-xdr.md b/defender/threat-intelligence/using-copilot-threat-intelligence-defender-xdr.md
@@ -16,7 +16,7 @@ ms.custom:
 - cx-ti
 - cx-mdti
 ms.topic: how-to
-ms.date: 04/17/2025
+ms.date: 09/12/2025
 ---
 
 # Using Microsoft Security Copilot for threat intelligence
diff --git a/defender/threat-intelligence/using-projects.md b/defender/threat-intelligence/using-projects.md
@@ -6,7 +6,7 @@ ms.author: aroland
 manager: dolmont
 ms.service: threat-intelligence 
 ms.topic: how-to 
-ms.date: 01/15/2025
+ms.date: 09/12/2025
 ms.custom: 
 - template-overview
 - cx-ti
@@ -15,6 +15,9 @@ ms.custom:
 
 # Using projects
 
+> [!IMPORTANT]
+> Microsoft Defender Threat Intelligence (Defender TI) will be discontinued and merged into Microsoft Defender for a powerful unified experience. Existing customers will continue to have full access to their current Defender TI experience until the product is retired on August 1, 2026. [Learn more](https://techcommunity.microsoft.com/blog/defenderthreatintelligence/mdti-is-converging-into-microsoft-sentinel-and-defender-xdr/4427991)
+
 Microsoft Defender Threat Intelligence (Defender TI)  lets you develop private personal or team projects to organize indicators of interest and indicators of compromise (IOCs) from an investigation. Projects contain a listing of all associated artifacts and a detailed history that retains the names, descriptions, collaborators, and monitoring profiles.
 
 When you search an IP address, domain, or host in **Intel explorer** within the Microsoft Defender portal, and if that indicator is listed within a project you have access to, you can go to the **Projects** tab and navigate to the details of the project for more context about the indicator before reviewing the other data sets for more information. You can also view your private team projects in the Defender portal by going to **Threat intelligence** > **Intel projects**.
diff --git a/defender/threat-intelligence/using-tags.md b/defender/threat-intelligence/using-tags.md
@@ -6,7 +6,7 @@ ms.author: aroland
 manager: dolmont
 ms.service: threat-intelligence
 ms.topic: how-to
-ms.date: 01/15/2025
+ms.date: 09/12/2025
 ms.custom: 
 - template-overview
 - cx-ti
@@ -15,6 +15,9 @@ ms.custom:
 
 # Using tags
 
+> [!IMPORTANT]
+> Microsoft Defender Threat Intelligence (Defender TI) will be discontinued and merged into Microsoft Defender for a powerful unified experience. Existing customers will continue to have full access to their current Defender TI experience until the product is retired on August 1, 2026. [Learn more](https://techcommunity.microsoft.com/blog/defenderthreatintelligence/mdti-is-converging-into-microsoft-sentinel-and-defender-xdr/4427991)
+
 Microsoft Defender Threat Intelligence (Defender TI) tags provide quick insight about an artifact, whether derived by the system or generated by other users. Tags aid analysts in connecting the dots between current incidents and investigations and their historical context for improved analysis.
 
 Defender TI offers two types of tags: [system tags](#system-tags) and [custom tags](#custom-tags).
diff --git a/defender/threat-intelligence/what-is-microsoft-defender-threat-intelligence-defender-ti.md b/defender/threat-intelligence/what-is-microsoft-defender-threat-intelligence-defender-ti.md
@@ -7,7 +7,7 @@ manager: dolmont
 ms.service: threat-intelligence 
 ms.collection: essentials-overview
 ms.topic: overview
-ms.date: 01/15/2025
+ms.date: 09/12/2025
 ms.custom: 
 - template-overview
 - cx-ti
@@ -16,6 +16,9 @@ ms.custom:
 
 # What is Microsoft Defender Threat Intelligence (Defender TI)?
 
+> [!IMPORTANT]
+> Microsoft Defender Threat Intelligence (Defender TI) will be discontinued and merged into Microsoft Defender for a powerful unified experience. Existing customers will continue to have full access to their current Defender TI experience until the product is retired on August 1, 2026. [Learn more](https://techcommunity.microsoft.com/blog/defenderthreatintelligence/mdti-is-converging-into-microsoft-sentinel-and-defender-xdr/4427991)
+
 Microsoft Defender Threat Intelligence (Defender TI) is a platform that streamlines triage, incident response, threat hunting, vulnerability management, and threat intelligence analyst workflows when conducting threat infrastructure analysis and gathering threat intelligence. With security organizations actioning an ever-increasing amount of intelligence and alerts within their environment, having a threat analysis an intelligence platform that allows for accurate and timely assessments of alerting is important.
 
 Analysts spend a significant amount of time on data discovery, collection, and parsing, instead of focusing on what actually helps their organization defend themselves—deriving insights about the actors through analysis and correlation. Often, these analysts must go to multiple repositories to obtain the critical data sets they need to assess a suspicious domain, host, or IP address. DNS data, WHOIS information, malware, and SSL certificates provide important context to indicators of compromise (IOCs), but these repositories are widely distributed and don't always share a common data structure. 
