Merge branch 'main' into mde-toc-update

Author: emmwalshh

ATPDocs/deploy/remote-calls-sam.md

@@ -7,6 +7,10 @@ ms.topic: how-to
 
 # Configure SAM-R to enable lateral movement path detection in Microsoft Defender for Identity
 
+> [!IMPORTANT]
+> Remote collection of local administrators' group members on endpoints (using SAM-R queries) feature in Microsoft Defender for Identity will be disabled by mid-May 2025.
+> 
+
 Microsoft Defender for Identity mapping for [potential lateral movement paths](/defender-for-identity/understand-lateral-movement-paths) relies on queries that identify local admins on specific machines. These queries are performed with the SAM-R protocol, using the Defender for Identity [Directory Service account](directory-service-accounts.md) you configured.
 
 > [!NOTE]

ATPDocs/whats-new.md

@@ -24,6 +24,9 @@ For updates about versions and features released six months ago or earlier, see
 
 ## May 2025
 
+### Local administrators collection (using SAM-R queries) feature will be disabled
+Remote collection of local administrators' group members on endpoints (using SAM-R queries) feature in Microsoft Defender for Identity will be disabled by mid-May 2025. The details collected are used to build the potential lateral movement paths map. Alternative methods are currently being explored.
+
 ### New Health Issue
 
 New [health issue](health-alerts.md#network-configuration-mismatch-for-sensors-running-on-vmware) for cases where sensors running on VMware have network configuration mismatch.

defender-endpoint/data-storage-privacy.md

@@ -3,8 +3,8 @@ title: Microsoft Defender for Endpoint data storage and privacy
 description: Learn about how Microsoft Defender for Endpoint handles privacy and data that it collects.
 keywords: Microsoft Defender for Endpoint, data storage and privacy, storage, privacy, licensing, geolocation, data retention, data
 ms.service: defender-endpoint
-ms.author: deniseb
-author: denisebmsft
+ms.author: ewalsh
+author: emmwalshh
 ms.localizationpriority: medium
 manager: deniseb
 audience: ITPro
@@ -16,7 +16,7 @@ ms.collection:
 - essentials-compliance
 ms.topic: conceptual
 search.appverid: met150
-ms.date: 08/20/2024
+ms.date: 05/12/2025
 ---
 
 # Microsoft Defender for Endpoint data storage and privacy
@@ -27,7 +27,6 @@ ms.date: 08/20/2024
 
 - [Microsoft Defender for Endpoint Plan 1](microsoft-defender-endpoint.md)
 - [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md)
-- [Microsoft Defender XDR](/defender-xdr)
 - [Microsoft Defender for Business](/defender-business/mdb-overview)
 
 > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://go.microsoft.com/fwlink/p/?linkid=2225630)

defender-xdr/automatic-attack-disruption-exclusions.md

@@ -18,7 +18,7 @@ ms.topic: conceptual
 search.appverid: 
   - MOE150
   - MET150
-ms.date: 02/16/2025
+ms.date: 05/12/2025
 appliesto:
 - Microsoft Defender XDR
 ---
@@ -116,8 +116,14 @@ To remove an exclusion:
 
 - Device group exclusions can be configured in the **Device groups** tab. Select the device group you want to configure from the list and choose the appropriate exclusion from the flyout pane. Select **Save** to save the exclusion.
 
+## Opt out of automatic attack disruption
+
+If you must opt out of attack disruption, you can do so by opening a support case in the Microsoft Defender portal with the subject *Attack disruption opt-out*. In your request, please specify that you wish to opt out of attack disruption and include a brief explanation about your decision. This feedback helps us improve the feature and better understand customer needs. By opting out, you'll still receive alerts related to attack disruption but no automated actions are taken.
+
+Opting out of attack disruption can greatly increase security risk. Consider [excluding specific entities](automatic-attack-disruption-exclusions.md#review-or-change-automated-response-exclusions-for-assets) instead. 
+
 ## See also
 
 - [View details and results of automated attack disruption actions](autoad-results.md)
 
-[!INCLUDE [Microsoft Defender XDR rebranding](../includes/defender-m3d-techcommunity.md)]
+[!INCLUDE [Microsoft Defender XDR rebranding](../includes/defender-m3d-techcommunity.md)]