Merge pull request #4920 from MicrosoftDocs/main

[AutoPublish] main to live - 09/03 10:29 PDT | 09/03 22:59 IST

Author: m365-skilling-repo-management[bot]

ATPDocs/remove-inactive-service-account.md

@@ -6,13 +6,13 @@ ms.topic: how-to
 #customer intent: As a security administrator, I want to improve security posture in my organization by removing inactive service accounts
 ---
 
-# Security Assessment: Remove Inactive Service Accounts (Preview)
+# Security Assessment: Remove Stale Service Accounts (Preview)
 
-This recommendation lists Active Directory service accounts detected as inactive (stale) within the past 90 days. 
+This recommendation lists Active Directory service accounts detected as stale within the past 90 days. 
 
-## Why do inactive service accounts pose a risk?
+## Why do stale service accounts pose a risk?
 
-Unused service accounts create significant security risks, as some of them can carry elevated privileges. If attackers gain access, the result can be substantial damage. Dormant service accounts might retain high or legacy permissions. When compromised, they provide attackers with discreet entry points into critical systems, granting far more access than a standard user account.
+Unused service accounts create significant security risks, as some of them can carry elevated privileges. If attackers gain access, the result can be substantial damage. Stale service accounts might retain high or legacy permissions. When compromised, they provide attackers with discreet entry points into critical systems, granting far more access than a standard user account.
 
 This exposure creates several risks:
 
@@ -25,10 +25,9 @@ This exposure creates several risks:
 
 To use this security assessment effectively, follow these steps:
 
-1. Review the recommended action at [https://security.microsoft.com/securescore?viewid=actions ](https://security.microsoft.com/securescore?viewid=actions ) for Remove inactive service account.
-1. Review the list of exposed entities to discover which of your service account is inactive.
+1. Review the recommended action at [https://security.microsoft.com/securescore?viewid=actions ](https://security.microsoft.com/securescore?viewid=actions) for Remove stale service account.
 
-    :::image type="content" source="media/okta-integration/remove-inactive-service-accounts.png" alt-text="Screenshot that shows the recommendation action to remove inactive service accounts." lightbox="media/okta-integration/remove-inactive-service-accounts.png":::
+1. Review the list of exposed entities to discover which of your service accounts are stale and have not performed any login activity in the last 90 days.
 
 1. Take appropriate actions on those entities by removing the service account. For example:
 

ATPDocs/whats-new.md

@@ -42,11 +42,11 @@ Previously, Defender for Identity tenants received Entra ID risk level in the Id
 
 For UEBA tenants without a Microsoft Defender for Identity license, synchronization of Entra ID risk level to the IdentityInfo table remains unchanged.
 
-### New security assessment: Remove inactive service accounts (Preview)
+### New security assessment: Remove stale service accounts (Preview)
 
-Microsoft Defender for Identity now includes a new security assessment that helps you identify and remove inactive service accounts in your organization. This assessment lists Active Directory service accounts that have been inactive (stale) for the past 90 days, to help you mitigate security risks associated with unused accounts.
+Microsoft Defender for Identity now includes a new security assessment that helps you identify and remove inactive service accounts in your organization. This assessment lists Active Directory service accounts that have been stale for the past 90 days, to help you mitigate security risks associated with unused accounts.
 
-For more information, see: [Security Assessment: Remove Inactive Service Accounts (Preview)](remove-inactive-service-account.md)
+For more information, see: Security Assessment: [Remove Stale Service Accounts (Preview)](/defender-for-identity/remove-inactive-service-account)
 
 ### New Graph based API for response actions (preview) 
 

defender-office-365/outbound-spam-protection-about.md

@@ -19,7 +19,7 @@ ms.custom:
   - seo-marvel-apr2020
 description: Admins can learn about the outbound spam controls in Microsoft 365, and what to do if you need to send mass mailings.
 ms.service: defender-office-365
-ms.date: 07/07/2025
+ms.date: 09/03/2025
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/eop-about" target="_blank">Default email protections for cloud mailboxes</a>
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 1 and Plan 2</a>
@@ -34,6 +34,9 @@ In all organizations with cloud mailboxes, we take managing outbound spam seriou
 
 This article describes the controls and notifications that are designed to help prevent outbound spam, and what you can do if you need to send mass mailings.
 
+> [!TIP]
+> If you're an end-user and your email is blocked or fails to send due to outbound spam protection, you receive a non-delivery report (also known as an NDR or bounce message). This behavior is expected. Only admins can review and resolve these issues, so contact your email admin for assistance.
+
 ## What admins can do to control outbound spam
 
 - **Use built-in notifications**: When a user exceeds [sending limits of the service](/office365/servicedescriptions/exchange-online-service-description/exchange-online-limits#sending-limits-across-office-365-options) or [outbound spam policies](outbound-spam-policies-configure.md) and is restricted from sending email, the default alert policy named **User restricted from sending email** sends email notifications to members of the **TenantAdmins** group (**Global Administrator** members). To configure who else receives these notifications, see [Verify the alert settings for restricted users](outbound-spam-restore-restricted-users.md#verify-the-alert-settings-for-restricted-users). Also, the default alert policies named **Email sending limit exceeded** and **Suspicious email sending patterns detected** send email notifications to members of the **TenantAdmins** group (**Global Administrator** members). For more information about alert policies, see [Alert policies in the Microsoft Defender portal](alert-policies-defender-portal.md).

exposure-management/predefined-classification-rules-and-levels.md

@@ -31,6 +31,7 @@ Current asset types are:
 | Classification             | Asset type | Default criticality level | Description                                                  |
 | -------------------------- | ---------- | ------------------------- | ------------------------------------------------------------ |
 | Microsoft Entra ID Connect | Device     | High                    | The Microsoft Entra ID Connect server is responsible for syncing on-premises directory data and passwords to the Microsoft Entra ID tenant. Compromise could disrupt identity synchronization, leading to authentication issues and potential security breaches. |
+| Microsoft Entra ID Cloud Sync | Device     | High                    | The Microsoft Entra ID Cloud Sync agent is responsible for syncing on-premises directory data to the Microsoft Entra ID tenant using lightweight infrastructure. Compromise could disrupt identity synchronization, leading to authentication issues and potential security breaches. |
 | ADCS                       | Device     | High                    | The ADCS server allows administrators to fully implement a public key infrastructure (PKI) and issue digital certificates for securing multiple network resources. Compromise could undermine SSL encryption, user authentication, and secure email, leading to significant security vulnerabilities. |
 | ADFS                       | Device     | High                      | The ADFS server provides users with single sign-on access to systems and applications across organizational boundaries. It uses a claims-based access control authorization model to maintain application security and implement federated identity. Compromise could lead to unauthorized access and data breaches. |
 | Backup                     | Device     | Medium                    | The Backup server is responsible for safeguarding data through regular backups, ensuring data protection and disaster recovery readiness. Compromise could result in data loss and hinder disaster recovery efforts, affecting business continuity.  |