Update windows-whatsnew.md

Author: denisebmsft

defender-endpoint/windows-whatsnew.md

@@ -54,7 +54,29 @@ All updates contain:
 | Windows 11 23H2 | [KB5058502](https://support.microsoft.com/en-us/topic/may-27-2025-kb5058502-os-22621-5413-and-22631-5413-preview-6291789c-1eea-4227-9740-a701af6de688)  |
 | Windows 10 22/H2 | [KB5058481](https://support.microsoft.com/en-us/topic/may-28-2025-kb5058481-os-build-19045-5917-preview-7698d6e7-dd65-494d-b523-aa4c6aa913a2) |
 
+### What's new
+
+#### Data Loss Prevention (DLP)
+
+- On-Demand Scan: Improved the functionality, performance, and reliability of the Cold Data Scan feature. This enhancement enables deeper, more consistent scanning of archived or infrequently accessed data, helping organizations uncover potential data risks hidden in long-term storage. 
+- General Stability and Performance Improvements: Additional under-the-hood optimizations to improve overall system performance, reliability, and stability.
+
+#### Identity 
+
+- Entity sync enrichment: Expanded the capabilities of the SenseIdentity client to enhance Active Directory (AD) entity synchronization. This update introduces support for syncing new entity types including Group Policy Objects, Authentication Silos, and Domain Controller computer accounts for all Domain Controllers within trusted domains. Additionally, the update enriches existing synced entities (Domain, Account, and Group) with a broader set of attributes, enabling more comprehensive visibility and detection capabilities. 
+
+#### Threat protection
+
+- User contaminant improvements 
 
+#### Network Detection and Response (NDR) 
+
+- Improved data telemetry providing better visibility and insights 
+
+#### SOC experience 
+
+- Improved Data Completeness and Detection: Enhancements have been made to improve the completeness of data collected and reduce the time it takes to detect potential data loss incidents. These improvements enable faster and more accurate identification of data exfiltration attempts across monitored endpoints. 
+- Improved Handling for Offline Network Environments: Refined the handling of scenarios where devices operate in offline or restricted network environments. Specifically addresses cases where result uploads to blob storage fail due to offline Certificate Revocation List (CRL) checks, ensuring better reliability and continuity in data collection. 
 
 ## July-2024 (Release version: 10.8760)
 
@@ -70,7 +92,7 @@ All updates contain:
 
 ### What's new
 
-**Data Loss Prevention (DLP)**
+#### Data Loss Prevention (DLP)
 
 - Scoped classification (Know Your Data policy): Scope classification and activity events across workloads.
 - Device group discovery and scoping: Scope [Endpoint DLP](/purview/endpoint-dlp-learn-about) custom policy based on the device or device group.
@@ -84,7 +106,7 @@ All updates contain:
 
 ### What's new
 
-**Configuration Management**
+#### Configuration Management
 
 - Fixed an issue that caused empty policies to appear in the UI. 
 - Configured Windows Defender Application Control(WDAC) policies to block undesired applications from running on the device. 
@@ -97,31 +119,36 @@ All updates contain:
 
 ### What's new
 
-- **Endpoint Detection and Response**
-  - Enabled support for IPV6 connections in Live Response connection commands.
-  - Fixed an issue in Downlevel Unified Agent that caused ServerRoles not to be populated.
+#### Endpoint Detection and Response
+
+- Enabled support for IPV6 connections in Live Response connection commands.
+- Fixed an issue in Downlevel Unified Agent that caused ServerRoles not to be populated.
 
-- **Threat Vulnerability Management**
-  - An issue related to the agent's monitoring of deleted registry keys no longer occurs.
-  - Added a new capability to enable/disable registry monitoring through configuration settings.
-   
-- **Network Detection and Response (NDR) Performance Enhancements** 
-  - Introduced performance enhancements to minimize the CPU and memory footprint of the agent.
-  - Enhanced the accuracy of network detections.
+#### Threat Vulnerability Management
+
+- An issue related to the agent's monitoring of deleted registry keys no longer occurs.
+- Added a new capability to enable/disable registry monitoring through configuration settings.
+
+#### Network Detection and Response (NDR) Performance Enhancements
+
+- Introduced performance enhancements to minimize the CPU and memory footprint of the agent.
+- Enhanced the accuracy of network detections.
 
-- **Data Loss Prevention (DLP)**
-   - Introduced multiple performance and stability fixes.
+#### Data Loss Prevention (DLP)
+
+- Introduced multiple performance and stability fixes.
 
-- **Security Configuration Management**
-   - Policies that include special characters are now supported.   
+#### Security Configuration Management
+
+- Policies that include special characters are now supported.   
 
 ## Dec-2023 (Release version: 10.8672.25926.1019)
 
 |OS  |KB |Release version  |
 |---------|---------|---------|
 |Windows Server 2012 R2, 2016 |[KB5005292](https://support.microsoft.com/topic/microsoft-defender-for-endpoint-update-for-edr-sensor-f8f69773-f17f-420f-91f4-a8e5167284ac)|10.8672.25926.1019|
 
-**What's new**
+### What's new
 
 - Supports Expanded User Contain capabilities
 
@@ -131,7 +158,7 @@ All updates contain:
 |---------|---------|---------|
 |Windows Server 2012 R2, 2016 |[KB5005292](https://support.microsoft.com/topic/microsoft-defender-for-endpoint-update-for-edr-sensor-f8f69773-f17f-420f-91f4-a8e5167284ac)|10.8560.25364.1036|
 
-**What's new**
+### What's new
 
 - Supports User Contain availability
 
@@ -141,7 +168,7 @@ All updates contain:
 |---------|---------|---------|
 |Windows Server 2012 R2, 2016 |[KB5005292](https://support.microsoft.com/topic/microsoft-defender-for-endpoint-update-for-edr-sensor-f8f69773-f17f-420f-91f4-a8e5167284ac)|10.8295.22621.1023|
 
-**What's new**
+### What's new
 
 - Supports new security settings management capabilities
 
@@ -151,7 +178,7 @@ All updates contain:
 |---------|---------|---------|
 |Windows Server 2012 R2, 2016 |[KB5005292](https://support.microsoft.com/topic/microsoft-defender-for-endpoint-update-for-edr-sensor-f8f69773-f17f-420f-91f4-a8e5167284ac)|10.8295.22621.1019|
 
-**What's new**
+### What's new
 
 - Improved command and control security, quality fixes
 
@@ -175,7 +202,7 @@ All updates contain:
 |Windows 10 20H2/21H1/21H2<br> Windows Server 20H2  (Vibranium)     | [KB5016688](https://support.microsoft.com/topic/august-26-2022-kb5016688-os-builds-19042-1949-19043-1949-and-19044-1949-preview-ec31ebdc-067d-44dd-beb0-eabcc984d843)       | 10.8210.19041.1949        |
 |Windows Server 2019 (RS5)   |[KB5016690](https://support.microsoft.com/topic/august-23-2022-kb5016690-os-build-17763-3346-preview-b81d1ac5-75c7-42c1-b638-f13aa4242f42)       |10.8210.17763.3346 |
 
-**What's new**
+### What's new
 
 - Added a fix to resolve a missing intermediate certificate issue with the use of "TelemetryProxyServer" on Windows Server 2012 R2 running the unified agent.
 - Enhanced [Endpoint DLP](/purview/endpoint-dlp-learn-about) with ability to protect password protected and encrypted files and not label files.
@@ -191,7 +218,8 @@ All updates contain:
  > Update package KB5005292 is on a gradual rollout schedule through Windows Update. Towards the end of this schedule, the package will be published completely, including to the update catalog for manual download. For the current release, this will be in the second half of October. If you want to test the package sooner, you can use [gradual rollout controls for platform updates](configure-updates.md) to select the Preview channel.
 
 
-See also: 
+## See also
+
 - [What's new in Microsoft Defender for Endpoint](whats-new-in-microsoft-defender-endpoint.md)
 - [What's new in Defender for Endpoint on macOS](mac-whatsnew.md)
 - [What's new in Defender for Endpoint on iOS](ios-whatsnew.md)