xdr article updates

diannegali · diannegali · commit 97810e36e605 · 2025-04-25T17:27:51.000+01:00
diff --git a/defender-xdr/api-articles.md b/defender-xdr/api-articles.md
@@ -18,27 +18,23 @@ search.appverid:
   - MOE150
   - MET150
 ms.custom: api
-ms.date: 02/08/2024
+ms.date: 04/25/2025
+appliesto:
+  - Microsoft Defender XDR
 ---
 
 # Other security and threat protection APIs
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
-**Applies to:**
-
-- Microsoft Defender XDR API
-
-> [!IMPORTANT]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 > [!NOTE]
-> **Try our new APIs using MS Graph security API**. Find out more at: [Use the Microsoft Graph security API - Microsoft Graph | Microsoft Learn](/graph/api/resources/security-api-overview).
+> The **Microsoft Graph security API** is a unified schema and interface that integrates with various Microsoft security solutions and Microsoft security partners. To get started, see [Use the Microsoft Graph security API](/graph/api/resources/security-api-overview).
 
 The following resources provide more information about APIs available for other Microsoft security solutions, beyond the Microsoft Defender XDR API.
 
 - [Microsoft Defender for Endpoint](/defender-endpoint/api/apis-intro)
 - [Microsoft Defender for Office 365](/office/office-365-management-api/)
 - [Microsoft Defender for Cloud Apps](/cloud-app-security/api-introduction)
+- [Microsoft Defender Threat Intelligence](/graph/api/resources/security-threatintelligence-overview)
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/defender-m3d-techcommunity.md)]
diff --git a/defender-xdr/api-overview.md b/defender-xdr/api-overview.md
@@ -28,7 +28,7 @@ appliesto:
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
 > [!NOTE]
-> **Try our new APIs using MS Graph security API**. Find out more at: [Use the Microsoft Graph security API - Microsoft Graph | Microsoft Learn](/graph/api/resources/security-api-overview).
+> The **Microsoft Graph security API** is a unified schema and interface that integrates with various Microsoft security solutions and Microsoft security partners. To get started, see [Use the Microsoft Graph security API](/graph/api/resources/security-api-overview).
 
 > [!IMPORTANT]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
diff --git a/defender-xdr/api-update-incidents.md b/defender-xdr/api-update-incidents.md
@@ -18,17 +18,15 @@ search.appverid:
   - MOE150
   - MET150
 ms.custom: api
-ms.date: 04/09/2024
+ms.date: 04/25/2025
+appliesto:
+ - Microsoft Defender XDR
 ---
 
 # Update incidents API
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
-**Applies to:**
-
-- [Microsoft Defender XDR](microsoft-365-defender.md)
-
 > [!NOTE]
 > **Try our new APIs using MS Graph security API**. Find out more at: [Use the Microsoft Graph security API - Microsoft Graph | Microsoft Learn](/graph/api/resources/security-api-overview). For information about the new _update incident_ API using MS Graph security API, see [Update incident](/graph/api/security-incident-update).
 
diff --git a/defender-xdr/autoad-results.md b/defender-xdr/autoad-results.md
@@ -8,7 +8,7 @@ f1.keywords:
 ms.author: diannegali
 author: diannegali
 ms.localizationpriority: medium
-ms.date: 06/19/2024
+ms.date: 04/25/2025
 manager: deniseb
 audience: ITPro
 ms.collection: 
@@ -31,9 +31,9 @@ When an automatic attack disruption triggers in Microsoft Defender XDR, the deta
 
 ## Review the incident graph
 
-Microsoft Defender XDR automatic attack disruption is built in in the incident view. Review the incident graph to get the entire attack story and assess the attack disruption impact and status.
+Microsoft Defender XDR automatic attack disruption is built-in in the incident view. Review the incident graph to get the entire attack story and assess the attack disruption impact and status.
 
-Here are some examples of what it looks like:
+The incident page includes the following information:
 
 - Disrupted incidents include a tag for 'Attack Disruption' and the specific threat type identified (i.e., ransomware). If you subscribe to incident email notifications, these tags also appear in the emails.
 - A highlighted notification below the incident title indicating that the incident was disrupted.
@@ -96,6 +96,7 @@ IdentityDirectoryEvents
 
 The above query was adapted from a [Microsoft Defender for Identity - Attack Disruption query](https://github.com/alexverboon/Hunting-Queries-Detection-Rules/blob/main/Defender%20For%20Identity/MDI-AttackDisruption.md#microsoft-365-defender).
 
-## Next step
+## Related content
 
-- [Get email notifications for response actions](m365d-response-actions-notifications.md)
+- [Exclude assets from automated response actions](automatic-attack-disruption-exclusions.md)
+- [Get email notifications for response actions](m365d-response-actions-notifications.md)
diff --git a/defender-xdr/automatic-attack-disruption.md b/defender-xdr/automatic-attack-disruption.md
@@ -18,7 +18,7 @@ ms.topic: concept-article
 search.appverid: 
   - MOE150
   - MET150
-ms.date: 02/20/2025
+ms.date: 04/25/2025
 appliesto:
   - Microsoft Defender XDR
 ---
diff --git a/defender-xdr/configure-attack-disruption.md b/defender-xdr/configure-attack-disruption.md
@@ -9,7 +9,7 @@ audience: ITPro
 ms.topic: how-to
 ms.service: defender-xdr
 ms.localizationpriority: medium
-ms.date: 02/16/2025
+ms.date: 04/25/2025
 ms.collection:
 - m365-security
 - tier2
diff --git a/defender-xdr/configure-deception.md b/defender-xdr/configure-deception.md
@@ -16,7 +16,7 @@ ms.topic: how-to
 search.appverid: 
 - MOE150
 - MET150
-ms.date: 01/12/2024
+ms.date: 04/25/2025
 appliesto:
 - Microsoft Defender XDR
 #customer intent: As a security analyst, I want to learn how to configure the deception capability so that I can protect my organization from high-impact attacks that use human-operated lateral movement.
diff --git a/defender-xdr/configure-email-notifications.md b/defender-xdr/configure-email-notifications.md
@@ -10,21 +10,20 @@ audience: ITPro
 ms.collection: 
 - m365-security
 - tier2
-ms.topic: conceptual
+ms.topic: concept-article
 search.appverid: met150
 ms.date: 01/17/2025
+appliesto:
+- Microsoft Defender XDR
+- Microsoft Defender for Endpoint Plan 1
+- Microsoft Defender for Endpoint Plan 2
+- Microsoft Defender for Business
 ---
 
 # Configure alert notifications
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
-**Applies to:**
-- [Microsoft Defender XDR](microsoft-365-defender.md)
-- [Microsoft Defender for Endpoint Plan 1](/defender-endpoint/microsoft-defender-endpoint)
-- [Microsoft Defender for Endpoint Plan 2](/defender-endpoint/microsoft-defender-endpoint)
-- [Microsoft Defender for Business](/defender-business/mdb-overview)
-
 You can configure Microsoft Defender XDR to send email notifications to specified recipients for new alerts. This feature enables you to identify a group of individuals who will immediately be informed and can act on alerts based on their severity.
 
 If you're using [Defender for Business](/defender-business/mdb-overview), you can set up email notifications for specific users (not roles or groups).
diff --git a/defender-xdr/configure-event-hub.md b/defender-xdr/configure-event-hub.md
@@ -14,17 +14,16 @@ ms.collection:
 - m365-security
 - tier2
 ms.custom: admindeeplinkDEFENDER
-ms.topic: conceptual
-ms.date: 06/21/2024
+ms.topic: concept-article
+ms.date: 04/25/2025
+appliesto:
+- Microsoft Defender XDR
 ---
 
 # Configure your Event Hubs
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
-**Applies to:**
-- [Microsoft Defender XDR](microsoft-365-defender.md)
-
 > [!NOTE]
 > **Try our new APIs using MS Graph security API**. Find out more at: [Use the Microsoft Graph security API - Microsoft Graph | Microsoft Learn](/graph/api/resources/security-api-overview).
 
diff --git a/defender-xdr/configure-siem-defender.md b/defender-xdr/configure-siem-defender.md
@@ -11,18 +11,17 @@ audience: ITPro
 ms.collection:
 - m365-security
 - tier2
-ms.topic: conceptual
-ms.date: 06/27/2024
+ms.topic: concept-article
+ms.date: 04/25/2025
+appliesto:
+- Microsoft Defender for Endpoint   
+- Microsoft Defender XDR
 ---
 
 # Integrate your SIEM tools with Microsoft Defender XDR
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
-**Applies to:**
-- [Microsoft Defender for Endpoint](/defender-endpoint/microsoft-defender-endpoint)
-- [Microsoft Defender XDR](microsoft-365-defender.md)
-
 <a name='pull-microsoft-365-defender-incidents-and-streaming-event-data-using-security-information-and-events-management-siem-tools'></a>
 
 ## Pull Microsoft Defender XDR incidents and streaming event data using security information and events management (SIEM) tools
@@ -84,14 +83,16 @@ For more information on:
 The new SmartConnector for Microsoft Defender XDR ingests incidents into ArcSight and maps these onto its Common Event
 Framework (CEF).
 
-For more information on the new ArcSight SmartConnector for Microsoft Defender XDR, see [ArcSight Product Documentation](https://community.microfocus.com/cyberres/productdocs/w/connector-documentation/39246/smartconnector-for-microsoft-365-defender).
+For more information on the new ArcSight SmartConnector for Microsoft Defender XDR, see [ArcSight Product Documentation](https://www.microfocus.com/documentation/arcsight/arcsight-smartconnectors-8.4/microsoft-365-defender/index.html).
 
 The SmartConnector replaces the previous FlexConnector for Microsoft Defender for Endpoint that's now retired.
 
 ### Elastic
 
 Elastic Security combines SIEM threat detection features with endpoint prevention and response capabilities in one solution.
+
 The Elastic integration for Microsoft Defender XDR and Defender for Endpoint enables organizations to leverage incidents and alerts from Defender within Elastic Security to perform investigations and incident response. Elastic correlates this data with other data sources, including cloud, network, and endpoint sources using robust detection rules to find threats quickly.
+
 For more information on the Elastic connector, see: [Microsoft M365 Defender | Elastic docs](https://docs.elastic.co/integrations/m365_defender)
 
 ## Ingesting streaming event data via Event Hubs
@@ -114,7 +115,7 @@ Use the new IBM QRadar Microsoft Defender XDR Device Support Module (DSM) that c
 
 For more information on the Elastic streaming API integration, see [Microsoft M365 Defender | Elastic docs](https://docs.elastic.co/integrations/m365_defender).
 
-## Related articles
+## Related content
 
 [Use the Microsoft Graph security API - Microsoft Graph | Microsoft Learn](/graph/api/resources/security-api-overview)
 
diff --git a/defender-xdr/copilot-in-defender-device-summary.md b/defender-xdr/copilot-in-defender-device-summary.md
@@ -14,11 +14,11 @@ ms.collection:
   - tier1
   - security-copilot
   - magic-ai-copilot
-ms.topic: conceptual
+ms.topic: concept-article
 search.appverid:
   - MOE150
   - MET150
-ms.date: 11/18/2024
+ms.date: 04/25/2025
 appliesto:
 - Microsoft Defender XDR
 - Microsoft Sentinel with Defender XDR in the Microsoft Defender portal
@@ -90,7 +90,7 @@ In the Security Copilot standalone portal, you can use the following prompt to g
 
 Your feedback helps improve the quality of the results generated by Copilot. You can provide feedback about the results by navigating to the bottom of the Copilot pane and selecting the feedback icon ![Screenshot of the feedback icon for Copilot in Defender cards](/defender/media/copilot-in-defender/copilot-defender-feedback.png).
 
-## See also
+## Related content
 
 - [Learn about other Security Copilot embedded experiences](/security-copilot/experiences-security-copilot)
 - [Privacy and data security in Security Copilot](/copilot/security/privacy-data-security)
diff --git a/defender-xdr/copilot-in-defender-file-analysis.md b/defender-xdr/copilot-in-defender-file-analysis.md
@@ -14,11 +14,11 @@ ms.collection:
   - tier1
   - security-copilot
   - magic-ai-copilot 
-ms.topic: conceptual
+ms.topic: concept-article
 search.appverid:
   - MOE150
   - MET150
-ms.date: 11/18/2024
+ms.date: 04/25/2025
 appliesto:
 - Microsoft Defender XDR
 - Microsoft Sentinel in the Microsoft Defender portal
@@ -86,7 +86,7 @@ In the Security Copilot standalone portal, you can use the following prompt to g
 
 Always review the results generated by Copilot in Defender. Your feedback helps improve the quality of the results generated by Copilot. Select the feedback icon ![Screenshot of the feedback icon for Copilot in Defender cards](/defender/media/copilot-in-defender/copilot-defender-feedback.png) at the bottom of the Copilot pane to provide feedback.
 
-## See also
+## Related content
 
 - [Learn about other Security Copilot embedded experiences](/security-copilot/experiences-security-copilot)
 - [Privacy and data security in Security Copilot](/copilot/security/privacy-data-security)
diff --git a/defender-xdr/create-custom-rbac-roles.md b/defender-xdr/create-custom-rbac-roles.md
@@ -12,7 +12,7 @@ ms.collection:
 - tier3
 ms.custom: 
 ms.topic: how-to
-ms.date: 11/17/2024
+ms.date: 04/25/2025
 ms.reviewer: 
 search.appverid: met150
 appliesto:
diff --git a/defender-xdr/custom-permissions-details.md b/defender-xdr/custom-permissions-details.md
@@ -12,7 +12,7 @@ ms.collection:
 - tier3
 ms.custom:
 ms.topic: concept-article
-ms.date: 11/17/2024
+ms.date: 04/25/2025
 ms.reviewer:
 search.appverid: met150
 appliesto:
diff --git a/defender-xdr/custom-roles.md b/defender-xdr/custom-roles.md
@@ -7,7 +7,7 @@ f1.keywords:
 ms.author: diannegali
 author: diannegali
 ms.localizationpriority: medium
-ms.date: 08/22/2024
+ms.date: 04/25/2025
 manager: deniseb
 audience: ITPro
 ms.collection: 
diff --git a/defender-xdr/data-privacy.md b/defender-xdr/data-privacy.md
@@ -15,11 +15,11 @@ ms.collection:
 - essentials-security
 - essentials-privacy
 - essentials-compliance
-ms.topic: conceptual
+ms.topic: concept-article
 search.appverid: 
   - MOE150
   - MET150
-ms.date: 11/03/2024
+ms.date: 04/25/2025
 appliesto: 
 - Microsoft Defender XDR 
 ---
diff --git a/defender-xdr/deception-overview.md b/defender-xdr/deception-overview.md
@@ -16,7 +16,7 @@ ms.topic: concept-article
 search.appverid: 
 - MOE150
 - MET150
-ms.date: 08/14/2024
+ms.date: 04/25/2025
 appliesto:
 - Microsoft Defender XDR
 - Microsoft Defender for Endpoint
diff --git a/defender-xdr/defender-xdr-custom-reports.md b/defender-xdr/defender-xdr-custom-reports.md
@@ -7,7 +7,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: dansimp
 ms.author: dansimp
-ms.date: 01/03/2023
+ms.date: 04/25/2025
 manager: dansimp
 ms.topic: how-to
 ms.collection:
diff --git a/defender-xdr/deploy-configure-m365-defender.md b/defender-xdr/deploy-configure-m365-defender.md
@@ -16,16 +16,15 @@ ms.topic: conceptual
 search.appverid: 
   - MOE150
   - MET150
-ms.date: 05/03/2024
+ms.date: 04/25/2025
+appliesto:
+  - Microsoft Defender XDR
 ---
 
 # Setup guides for Microsoft Defender XDR
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
-**Applies to:**
-- Microsoft Defender XDR
-
 Setup guides for Microsoft Defender XDR deployment give you tailored guidance and resources for planning and deploying security controls for your tenant, apps, and services. 
 
 All setup guides are available in the [Microsoft 365 admin center](https://go.microsoft.com/fwlink/?linkid=2224913) and in the [Microsoft 365 Setup portal](https://go.microsoft.com/fwlink/?linkid=2230646).
diff --git a/defender-xdr/deploy-supported-services.md b/defender-xdr/deploy-supported-services.md
@@ -14,22 +14,19 @@ ms.collection:
   - m365solution-getstarted
   - highpri
   - tier1
-ms.topic: conceptual
+ms.topic: concept-article
 search.appverid: 
   - MOE150
   - MET150
-ms.date: 02/16/2024
+ms.date: 04/25/2025
+appliesto:
+  - Microsoft Defender XDR
 ---
 
 # Deploy supported services
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
-
-**Applies to:**
-
-- Microsoft Defender XDR
-
 [!INCLUDE [Prerelease information](../includes/prerelease.md)]
 
 [Microsoft Defender XDR](microsoft-365-defender.md) integrates various Microsoft security services to provide centralized detection, prevention, and investigation capabilities against sophisticated attacks. This article describes the supported services, their licensing requirements, the advantages, and limitations associated with deploying one or more services, and links to how you can fully deploy them individually.
