Merge pull request #4759 from MicrosoftDocs/main

aditisrivastava07 · web-flow · commit 8f201a0677d4 · 2025-08-18T14:46:48.000+05:30
[AutoPublish] main to live - 08/18 01:35 PDT | 08/18 14:05 IST
diff --git a/ATPDocs/whats-new.md b/ATPDocs/whats-new.md
@@ -26,7 +26,21 @@ For updates about versions and features released six months ago or earlier, see
 ## August 2025
 
 
-## New security posture assessment: Remove discoverable passwords in Active Directory account attributes (Preview)
+### New Graph based API for response actions (preview) 
+
+We’re excited to announce a new Graph-based API for initiating and managing remediation actions in Microsoft Defender for Identity.
+
+This capability is currently in preview and available in API Beta version.
+
+For more information, see [Managing response actions through Graph API](/graph/api/resources/security-identityaccounts?view=graph-rest-beta).
+
+### Identity scoping is now generally available (GA)
+
+Identity scoping is now generally available across all environments. Organizations can now define and refine the scope of MDI monitoring and gain granular control over which entities and resources are included in security analysis.
+
+For more information, see [Configure scoped access for Microsoft Defender for Identity](configure-scoped-access.md).
+
+### New security posture assessment: Remove discoverable passwords in Active Directory account attributes (Preview)
 
 The new security posture assessment highlights unsecured Active Directory attributes that contain passwords or credential clues and recommends steps to remove them, helping reduce the risk of identity compromise.
 
@@ -47,11 +61,11 @@ Improved detection logic to include scenarios where accounts were locked during
 
 ## July 2025
 
-**Expanded coverage in ITDR deployment health widget**
+### Expanded coverage in ITDR deployment health widget
 
 The Identity Threat Detection and Response (ITDR) deployment health widget now provides visibility into the deployment status of additional server types. Previously, it only reflected the status for Active Directory domain controllers. With this update, the widget also includes deployment status for ADFS, ADCS, and Microsoft Entra Connect servers - making it easier to track and ensure full sensor coverage across all supported identity infrastructure.
 
-**Time limit added to Recommended test mode**
+### Time limit added to Recommended test mode
 
 Recommended test mode configuration on the [Adjust alert thresholds page](/defender-for-identity/advanced-settings), now requires you to set an expiration time (up to 60 days) when enabling it. The end time is shown next to the toggle while test mode is active. For customers who already have Recommended test mode enabled, a 60-day expiration is automatically applied.
 
diff --git a/CloudAppSecurityDocs/investigate-anomaly-alerts.md b/CloudAppSecurityDocs/investigate-anomaly-alerts.md
@@ -8,7 +8,6 @@ ms.topic: how-to
 # How to investigate anomaly detection alerts
 
 
-
 Microsoft Defender for Cloud Apps provides security detections and alerts for malicious activities. The purpose of this guide is to provide you with general and practical information on each alert, to help with your investigation and remediation tasks. Included in this guide is general information about the conditions for triggering alerts. However, it's important to note that since anomaly detections are nondeterministic by nature, they're only triggered when there's behavior that deviates from the norm. Finally, some alerts might be in preview, so regularly review the official documentation for updated alert status.
 
 > [!IMPORTANT]
diff --git a/CloudAppSecurityDocs/protect-salesforce.md b/CloudAppSecurityDocs/protect-salesforce.md
@@ -55,7 +55,7 @@ You can use the following built-in policy templates to detect and notify you abo
 
 | Type | Name |
 | ---- | ---- |
-| Built-in anomaly detection policy | [Activity from anonymous IP addresses](anomaly-detection-policy.md#activity-from-anonymous-ip-addresses)<br />[Activity from infrequent country](anomaly-detection-policy.md#activity-from-infrequent-country)<br />[Activity from suspicious IP addresses](anomaly-detection-policy.md#activity-from-suspicious-ip-addresses)<br />[Impossible travel](anomaly-detection-policy.md#impossible-travel)<br />[Activity performed by terminated user](anomaly-detection-policy.md#activity-performed-by-terminated-user) (requires Microsoft Entra ID as IdP)<br />[Multiple failed login attempts](anomaly-detection-policy.md#multiple-failed-login-attempts)<br />[Unusual administrative activities](anomaly-detection-policy.md#unusual-activities-by-user)<br />[Unusual file deletion activities](anomaly-detection-policy.md#unusual-activities-by-user)<br />[Unusual file share activities](anomaly-detection-policy.md#unusual-activities-by-user)<br />[Unusual impersonated activities](anomaly-detection-policy.md#unusual-activities-by-user)<br />[Unusual multiple file download activities](anomaly-detection-policy.md#unusual-activities-by-user) |
+| Built-in anomaly detection policy | [Activity from anonymous IP addresses](anomaly-detection-policy.md#activity-from-anonymous-ip-addresses)<br />[Activity from infrequent country](anomaly-detection-policy.md#activity-from-infrequent-country)<br />[Activity from suspicious IP addresses](anomaly-detection-policy.md#activity-from-suspicious-ip-addresses)<br />[Impossible travel](anomaly-detection-policy.md#impossible-travel)<br />[Activity performed by terminated user](anomaly-detection-policy.md#activity-performed-by-terminated-user) (requires Microsoft Entra ID as IdP)<br />[Multiple failed login attempts](anomaly-detection-policy.md#multiple-failed-login-attempts)<br />[Unusual administrative activities](anomaly-detection-policy.md#unusual-activities-by-user)<br />[Unusual file deletion activities](anomaly-detection-policy.md#unusual-activities-by-user) (Temporarily not supported due to limitation in Salesforce API)<br />[Unusual file share activities](anomaly-detection-policy.md#unusual-activities-by-user)<br />[Unusual impersonated activities](anomaly-detection-policy.md#unusual-activities-by-user)<br />[Unusual multiple file download activities](anomaly-detection-policy.md#unusual-activities-by-user) |
 | Activity policy template | Logon from a risky IP address<br />Mass download by a single user|
 | File policy template | Detect a file shared with an unauthorized domain<br />Detect a file shared with personal email addresses|
 
diff --git a/defender-xdr/configure-deception.md b/defender-xdr/configure-deception.md
@@ -4,10 +4,10 @@ description: Learn how to create, edit, and delete deception rules in the Micros
 ms.service: defender-xdr
 f1.keywords: 
 - NOCSH
-ms.author: diannegali
-author: diannegali
+ms.author: painbar
+author: paulinbar
 ms.localizationpriority: medium
-manager: dansimp
+manager: orspodek
 audience: ITPro
 ms.collection: 
 - m365-security
@@ -16,7 +16,7 @@ ms.topic: how-to
 search.appverid: 
 - MOE150
 - MET150
-ms.date: 04/25/2025
+ms.date: 08/18/2025
 appliesto:
 - Microsoft Defender XDR
 #customer intent: As a security analyst, I want to learn how to configure the deception capability so that I can protect my organization from high-impact attacks that use human-operated lateral movement.
@@ -26,6 +26,9 @@ appliesto:
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
+> [!WARNING]
+> The deception capability of Microsoft Defender for Endpoint will be retired from public preview starting on August 18, 2025 and ending October 31, 2025.
+
 > [!NOTE]
 > The built-in [deception](deception-overview.md) capability in Microsoft Defender XDR covers all Windows clients onboarded to Microsoft Defender for Endpoint. Learn how to onboard clients to Defender for Endpoint in [Onboard to Microsoft Defender for Endpoint](/defender-endpoint/onboarding).
 
diff --git a/defender-xdr/deception-overview.md b/defender-xdr/deception-overview.md
@@ -4,10 +4,10 @@ description: Detect human-operated attacks with lateral movement in the early st
 ms.service: defender-xdr
 f1.keywords: 
 - NOCSH
-ms.author: diannegali
-author: diannegali
+ms.author: painbar
+author: paulinbar
 ms.localizationpriority: medium
-manager: deniseb
+manager: orspodek
 audience: ITPro
 ms.collection: 
 - m365-security
@@ -16,7 +16,7 @@ ms.topic: concept-article
 search.appverid: 
 - MOE150
 - MET150
-ms.date: 04/25/2025
+ms.date: 08/18/2025
 appliesto:
 - Microsoft Defender XDR
 - Microsoft Defender for Endpoint
@@ -27,6 +27,9 @@ appliesto:
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
+> [!WARNING]
+> The deception capability of Microsoft Defender for Endpoint will be retired from public preview starting on August 18, 2025 and ending October 31, 2025.
+
 > [!IMPORTANT]
 > Some information in this article relates to prereleased products/services that might be substantially modified before commercially release. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
diff --git a/unified-secops-platform/criteria.md b/unified-secops-platform/criteria.md
@@ -2,7 +2,8 @@
 title: How Microsoft identifies malware and potentially unwanted applications
 ms.reviewer: andanut, elahehsamani
 description: Learn how Microsoft reviews software for privacy violations and other negative behavior, to determine if it's malware or a potentially unwanted application.
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.localizationpriority: medium
 ms.author: dansimp
 author: dansimp
diff --git a/unified-secops-platform/defender-xdr-portal.md b/unified-secops-platform/defender-xdr-portal.md
@@ -2,7 +2,8 @@
 title: Microsoft Defender XDR in the Microsoft Defender Portal
 description: Learn about the services and features available with Microsoft Defender XDR in the Microsoft Defender portal.
 search.appverid: met150
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.author: bagol
 author: batamig
 ms.localizationpriority: medium
diff --git a/unified-secops-platform/detect-threats-overview.md b/unified-secops-platform/detect-threats-overview.md
@@ -2,7 +2,8 @@
 title: Threat detection in the Microsoft Defender portal
 description: Learn about the features that help detect threats in the Microsoft unified security platform
 search.appverid: met150
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.author: austinmc
 author: austinmccollum
 ms.localizationpriority: medium
diff --git a/unified-secops-platform/gov-support.md b/unified-secops-platform/gov-support.md
@@ -3,7 +3,8 @@ title: Microsoft Defender Portal Service Support for US Government Customers
 description: Learn about support in the Microsoft Defender portal for US Government clouds.
 author: batamig
 ms.author: bagol
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.topic: concept-article #Don't change.
 ms.date: 06/22/2025
 ms.collection:
diff --git a/unified-secops-platform/hunting-overview.md b/unified-secops-platform/hunting-overview.md
@@ -2,7 +2,8 @@
 title: Threat hunting features across the Microsoft Defender portal
 description: Learn about threat hunting features across the Microsoft Defender portal
 search.appverid: met150
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.author: austinmc
 author: austinmccollum
 ms.localizationpriority: medium
diff --git a/unified-secops-platform/index.yml b/unified-secops-platform/index.yml
@@ -6,7 +6,8 @@ summary: Bring together the full capabilities of Microsoft Sentinel, Microsoft D
 metadata:
   title: Unified security operations documentation # Required; page title displayed in search results. Include the brand. < 60 chars.
   description: Bring together the full capabilities of Microsoft Sentinel, Defender XDR, Microsoft Security Exposure Management, and generative AI into the Defender portal. # Required; article description that is displayed in search results. < 160 chars.
-  ms.service: unified-secops-platform #Required; use either service or product per approved list. 
+  ms.service: microsoft-defender
+  ms.subservice: unified-security-operations #Required; use either service or product per approved list. 
   ms.topic: landing-page # Required
   ms.collection: usx-security # Optional; Remove if no collection is used.
   ms.author: bagol
diff --git a/unified-secops-platform/malware-naming.md b/unified-secops-platform/malware-naming.md
@@ -1,7 +1,8 @@
 ---
 title: How Microsoft names malware
 description: Understand the malware naming convention used by Microsoft Defender Antivirus and other Microsoft antimalware.
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.localizationpriority: medium
 ms.author: dansimp
 author: dansimp
diff --git a/unified-secops-platform/microsoft-sentinel-onboard.md b/unified-secops-platform/microsoft-sentinel-onboard.md
@@ -1,7 +1,8 @@
 ---
 title: Connect Microsoft Sentinel to the Microsoft Defender portal
 description: Learn how to connect your Microsoft Sentinel environment to the Defender portal to unify your security operations.
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 f1.keywords: 
   - NOCSH
 ms.author: bagol
diff --git a/unified-secops-platform/microsoft-threat-actor-naming.md b/unified-secops-platform/microsoft-threat-actor-naming.md
@@ -2,7 +2,8 @@
 title: How Microsoft names threat actors
 ms.reviewer: 
 description: Learn how Microsoft names threat actors and how to use the naming convention to identify associated intelligence.
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.mktglfcycl: secure
 ms.sitesec: library
 ms.localizationpriority: medium
diff --git a/unified-secops-platform/mto-advanced-hunting.md b/unified-secops-platform/mto-advanced-hunting.md
@@ -2,7 +2,8 @@
 title: Advanced hunting in Microsoft Defender multitenant management
 description: Learn about advanced hunting in Microsoft Defender multitenant management
 search.appverid: met150
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.author: bagol
 author: batamig
 ms.localizationpriority: medium
diff --git a/unified-secops-platform/mto-dashboard.md b/unified-secops-platform/mto-dashboard.md
@@ -2,7 +2,8 @@
 title: Vulnerability management in multitenant management
 description: Learn about the capabilities of the vulnerability management dashboard in multitenant management in Microsoft Defender XDR
 search.appverid: met150
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.author: deniseb
 author: denisebmsft
 ms.localizationpriority: medium
diff --git a/unified-secops-platform/mto-distribution-profiles.md b/unified-secops-platform/mto-distribution-profiles.md
@@ -1,7 +1,8 @@
 ---
 title: Content distribution using distribution profiles in multitenant management
 description: Learn about content distribution across tenants in the Microsoft Defender multitenant portal.
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.author: bagol
 author: batamig
 ms.localizationpriority: medium
diff --git a/unified-secops-platform/mto-endpoint-security-policy.md b/unified-secops-platform/mto-endpoint-security-policy.md
@@ -1,7 +1,8 @@
 ---
 title: Endpoint security policies in multitenant management
 description: Learn how to manage endpoint security policies for Defender XDR multi-tenant management in the Microsoft Defender portal.
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.author: bagol
 author: batamig
 ms.localizationpriority: medium
diff --git a/unified-secops-platform/mto-incidents-alerts.md b/unified-secops-platform/mto-incidents-alerts.md
@@ -2,7 +2,8 @@
 title: View and manage incidents and alerts in Microsoft Defender multitenant management
 description: Learn about incidents and alerts in Microsoft Defender multitenant management
 search.appverid: met150
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.author: deniseb
 author: denisebmsft
 ms.localizationpriority: medium
diff --git a/unified-secops-platform/mto-manage-cases.md b/unified-secops-platform/mto-manage-cases.md
@@ -2,7 +2,8 @@
 title: View and manage cases across multiple tenants in the Microsoft Defender multitenant portal
 description: Learn how to use the Microsoft Defender multitenant portal to manage cases across multiple tenants.
 search.appverid: met150
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.author: yelevin
 author: yelevin
 ms.localizationpriority: medium
diff --git a/unified-secops-platform/mto-overview.md b/unified-secops-platform/mto-overview.md
@@ -1,7 +1,8 @@
 ---
 title: Microsoft Defender multitenant management
 description: Learn about multitenant management for Microsoft Defender XDR and Microsoft Sentinel in the Microsoft Defender portal.
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.author: deniseb
 author: denisebmsft
 ms.localizationpriority: medium
diff --git a/unified-secops-platform/mto-requirements.md b/unified-secops-platform/mto-requirements.md
@@ -1,7 +1,8 @@
 ---
 title: Set up Microsoft Defender multitenant management
 description: Learn what steps you need to take to get started with multitenant management for Microsoft Defender XDR and Microsoft Sentinel in the Defender portal.
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.author: deniseb
 author: denisebmsft
 ms.localizationpriority: medium
diff --git a/unified-secops-platform/mto-tenant-devices.md b/unified-secops-platform/mto-tenant-devices.md
@@ -2,7 +2,8 @@
 title: Devices in multitenant management 
 description: Learn about multitenant device view in multitenant management of the Microsoft Defender XDR.
 search.appverid: met150
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.author: deniseb
 author: denisebmsft
 ms.localizationpriority: medium
diff --git a/unified-secops-platform/mto-tenants.md b/unified-secops-platform/mto-tenants.md
@@ -2,7 +2,8 @@
 title: Manage tenants with Microsoft Defender multitenant management
 description: Learn about the tenant list in Microsoft Defender multitenant management
 search.appverid: met150
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.author: deniseb
 author: denisebmsft
 ms.localizationpriority: medium
diff --git a/unified-secops-platform/mto-troubleshoot.md b/unified-secops-platform/mto-troubleshoot.md
@@ -2,7 +2,8 @@
 title: Troubleshoot issues in Microsoft Defender multitenant management
 description: Learn about issues in Microsoft Defender multitenant management and how to fix or troubleshoot them.
 search.appverid: met150
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.author: diannegali
 author: diannegali
 ms.localizationpriority: medium
diff --git a/unified-secops-platform/mto-urbac.md b/unified-secops-platform/mto-urbac.md
@@ -1,7 +1,8 @@
 ---
 title: Manage unified role-based access control in multitenant management
 description: Overview of how to manage the unified role-based access control multitenant management in the Microsoft Defender portal.
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.author: bagol
 author: batamig
 ms.localizationpriority: medium
diff --git a/unified-secops-platform/overview-defender-portal.md b/unified-secops-platform/overview-defender-portal.md
@@ -2,7 +2,8 @@
 title: Microsoft Defender portal overview
 description: Learn about the Microsoft services and features available in the Microsoft Defender portal.
 search.appverid: met150
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.author: bagol
 author: batamig
 ms.localizationpriority: medium
diff --git a/unified-secops-platform/overview-deploy.md b/unified-secops-platform/overview-deploy.md
@@ -3,7 +3,8 @@ title: Deploy for Unified Security Operations | Microsoft Defender
 description: Deploy Microsoft Defender portal services for unified security operations, including Microsoft Defender XDR, Microsoft Sentinel, and other Microsoft Defender services.
 author: batamig
 ms.author: bagol
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.topic: how-to #Don't change.
 ms.date: 03/17/2025
 ms.collection:
diff --git a/unified-secops-platform/overview-msem-strategy.md b/unified-secops-platform/overview-msem-strategy.md
@@ -2,7 +2,8 @@
 title: "Enhancing your organization's security posture"
 description: Provides an overview of security posture management and risk reduction in the Microsoft Defender portal.
 search.appverid: met150
-ms.service: unified-secops-platform
+ms.service: microsoft-defender
+ms.subservice: unified-security-operations
 ms.author: dlanger
 author: dlanger
 ms.localizationpriority: medium
diff --git a/unified-secops-platform/overview-plan.md b/unified-secops-platform/overview-plan.md
diff --git a/unified-secops-platform/overview-unified-security.md b/unified-secops-platform/overview-unified-security.md
diff --git a/unified-secops-platform/reduce-risk-overview.md b/unified-secops-platform/reduce-risk-overview.md
diff --git a/unified-secops-platform/respond-threats-overview.md b/unified-secops-platform/respond-threats-overview.md
diff --git a/unified-secops-platform/submission-guide.md b/unified-secops-platform/submission-guide.md
diff --git a/unified-secops-platform/threat-intelligence-overview.md b/unified-secops-platform/threat-intelligence-overview.md
diff --git a/unified-secops-platform/virus-initiative-criteria.md b/unified-secops-platform/virus-initiative-criteria.md
diff --git a/unified-secops-platform/whats-new.md b/unified-secops-platform/whats-new.md
diff --git a/unified-secops-platform/zero-trust.md b/unified-secops-platform/zero-trust.md
