Merge pull request #4819 from sbreingold-ms/wi-482509-new-uae-update

wi-482509-Added-UAE

Author: mberdugo

defender-endpoint/data-storage-privacy.md

@@ -16,7 +16,7 @@ ms.collection:
 - essentials-compliance
 ms.topic: concept-article
 search.appverid: met150
-ms.date: 05/12/2025
+ms.date: 09/03/2025
 appliesto:
   - Microsoft Defender for Endpoint Plan 1
   - Microsoft Defender for Endpoint Plan 2
@@ -43,7 +43,7 @@ Information collected includes file data (file names, sizes, and hashes), proces
 
 Microsoft stores this data securely in Microsoft Azure and maintains it in accordance with Microsoft privacy practices and  [Microsoft Trust Center policies](https://go.microsoft.com/fwlink/?linkid=827578).
 
-This data enables Defender for Endpoint to:
+This data lets Defender for Endpoint:
 
 - Proactively identify indicators of attack (IOAs) in your organization
 - Generate alerts if a possible attack was detected
@@ -53,20 +53,26 @@ Microsoft doesn't use your data for advertising.
 
 ## Data location
 
-Defender for Endpoint operates in the Microsoft Azure data centers in the European Union, the United Kingdom, the United States, Australia, Switzerland, or India. Customer data collected by the service might be stored in: (a) the geo-location of the tenant as identified during provisioning or, (b) the geo-location as defined by the data storage rules of an online service if this online service is used by Defender for Endpoint to process such data. For more information, see [Where your Microsoft 365 customer data is stored](/microsoft-365/enterprise/o365-data-locations).
+Defender for Endpoint operates in the Microsoft Azure data centers in the European Union, the United Kingdom, the United States, Australia, Switzerland, India, or the United Arab Emirates (UAE). Customer data collected by the service might be stored in: (a) the geolocation of the tenant as identified during provisioning or, (b) the geolocation as defined by the data storage rules of an online service if this online service is used by Defender for Endpoint to process such data. For more information, see [Where your Microsoft 365 customer data is stored](/microsoft-365/enterprise/o365-data-locations).
 
-(a) the geo-location of the tenant as identified during provisioning; or
+(a) the geolocation of the tenant as identified during provisioning; or
 
-(b) the geo-location as defined by the data storage rules of an online service if this online service is used by Defender for Endpoint to process such data.
+(b) the geolocation as defined by the data storage rules of an online service if this online service is used by Defender for Endpoint to process such data.
 
-## Data Retention
+## Data retention
 
 Data from Microsoft Defender for Endpoint is retained for 180 days, visible across the portal. 
 
 Your data is kept and is available to you while the license is under grace period or suspended mode. At the end of this period, that data will be erased from Microsoft's systems to make it unrecoverable, no later than 180 days from contract termination or expiration.
 
 In the advanced hunting investigation experience, it's accessible via a query for 30 days.
 
+## Data recovery
+
+The Microsoft Defender for Endpoint (MDE) service incorporates a regional disaster recovery strategy aligned with Microsoft's broader resiliency framework. For more information, see [Resiliency and continuity - Microsoft Service Assurance | Microsoft Learn](/compliance/assurance/assurance-resiliency-and-continuity). In the event of a service disruption, all MDE components are designed to fail over to a paired region within the same geographic boundary, thereby maintaining data residency requirements.
+
+However, due to current service limitations in the United Arab Emirates, MDE components that depend on Azure Synapse workloads are supported with zonal resiliency only. At this time, for the workloads, there is no cross-region business continuity and disaster recovery (BCDR) capability available. For more information on Synapse’s disaster recovery capabilities, refer to the official documentation.
+
 ## Data sharing for Microsoft Defender for Endpoint
 
 Microsoft Defender for Endpoint shares data, including customer data, among the following Microsoft products, also licensed by the customer. For customers in the Government Community Cloud (GCC), data sharing between government and commercial cloud environments may occur, depending on the location of the service offering.

defender-for-identity/architecture.md

@@ -11,7 +11,7 @@ ms.reviewer: morRubin
 
 Microsoft Defender for Identity monitors your domain controllers by capturing and parsing network traffic, leveraging Windows events directly from your domain controllers, and then analyzes the data for attacks and threats.
 
-The following image shows how Defender for Identity is layered over Microsoft Defender XDR, and works together with other Microsoft services and third-party identity providers to monitor traffic coming in from domain controllers and Active Directory servers.
+The following image shows how Defender for Identity is layered over Microsoft Defender XDR, and works together with other Microsoft services and non-Microsoft identity providers to monitor traffic coming in from domain controllers and Active Directory servers.
 
 :::image type="content" source="media\diagram-of-the-defender-for-identity-architecture.png" alt-text="Diagram of the Defender for Identity architecture." border="false":::
 
@@ -29,6 +29,7 @@ Defender for Identity sensors can be directly installed on the following servers
   - **Domain controllers**: The sensor directly monitors domain controller traffic, without the need for a dedicated server, or configuration of port mirroring.
   - **AD FS / AD CS**: The sensor directly monitors network traffic and authentication events.
 - **Defender for Identity cloud service**  
+
 Defender for Identity is a cloud-based service that operates on Azure infrastructure and is currently deployed across [multiple regions](/defender-for-identity/privacy-compliance/#data-location).
 
 ## Microsoft Defender portal
@@ -40,7 +41,7 @@ Use the Microsoft Defender portal to:
 - Manage Defender for Identity sensor configuration settings.
 - View data received from Defender for Identity sensors.
 - Monitor detected suspicious activities and suspected attacks based on the attack kill chain model.
-- **Optional**: The portal can also be configured to send emails and events when security alerts or health issues are detected.
+- **Optional**: Configure the portal to send emails and events when it detects security alerts or health issues.
 
 > [!NOTE]
 > If no sensor is installed on your Defender for Identity workspace within 60 days, the workspace may be deleted and you'll need to recreate it.
@@ -58,7 +59,7 @@ The Defender for Identity sensor has the following core functionality:
 - Transfer relevant data to the Defender for Identity cloud service
 
 
-Defender for Identity sensor reads events locally, without the need to purchase and maintain additional hardware or configurations. The Defender for Identity sensor also supports Event Tracing for Windows (ETW) which provides the log information for multiple detections. ETW-based detections include Suspected DCShadow attacks attempted using domain controller replication requests and domain controller promotion.
+Defender for Identity sensor reads events locally, without the need to purchase and maintain additional hardware or configurations. The Defender for Identity sensor also supports Event Tracing for Windows (ETW), which provides the log information for multiple detections. ETW-based detections include Suspected DCShadow attacks attempted using domain controller replication requests and domain controller promotion.
 
 ### Domain synchronizer process
 

defender-for-identity/privacy-compliance.md

@@ -17,7 +17,7 @@ This article describes how Microsoft Defender for Identity collects data in a ma
 
 Microsoft Defender for Identity monitors information generated from your organization's Active Directory, network activities, and event activities to detect suspicious activity. The monitored activity information enables Defender for Identity to help you determine the validity of each potential threat and correctly triage and respond.
 
-For more information see: [Microsoft Defender for Identity monitored activities](monitored-activities.md).
+For more information, see: [Microsoft Defender for Identity monitored activities](monitored-activities.md).
 
 ## Data location
 
@@ -29,18 +29,18 @@ Defender for Identity operates in the Microsoft Azure data centers in the follow
 - India (Central India, South India)
 - North America (East US, West US, West US2)
 - Switzerland (Switzerland North, Switzerland West)
+- United Arab Emirates (UAE North and UAE Central)
 - United Kingdom (UK South)
-- United Arab Emirates (North and Central)
 
 Customer data collected by the service might be stored as follows:
 
-- Your workspace is automatically created in data center that's geographically closest to your Microsoft Entra ID. Once created, Defender for Identity workspaces can't be moved to another data center. Your workspace's data center is listed in the Microsoft Defender portal, under **Settings** > **Identity** > **About** > **Geolocation**.
+- Your workspace is automatically created in the data center that's geographically closest to your Microsoft Entra ID. Once created, Defender for Identity workspaces can't be moved to another data center. Your workspace's data center is listed in the Microsoft Defender portal, under **Settings** > **Identity** > **About** > **Geolocation**.
 
 - A geographic location as defined by the data storage rules of an online service, if the online service is used by Defender for Identity to process such data.
 
 ## Data retention
 
-Data from Microsoft Defender for Identity is retained for 180 days, visible across the portal.  
+Microsoft Defender for Identity retains data for 180 days, which is visible across the portal.
 
 Your data is kept and is available to you while the license is under grace period or suspended mode. At the end of this period, that data will be erased from Microsoft's systems to make it unrecoverable, no later than 180 days from contract termination or expiration. 
 

defender-xdr/data-privacy.md

@@ -19,7 +19,7 @@ ms.topic: concept-article
 search.appverid: 
   - MOE150
   - MET150
-ms.date: 04/25/2025
+ms.date: 08/24/2025
 appliesto: 
 - Microsoft Defender XDR 
 ---
@@ -32,20 +32,21 @@ Microsoft Defender XDR integrates with several different Microsoft security serv
 
 ## Collected data
 
-Customer data collected from integrated services includes *processed data*, such as incidents and alerts, and *configuration data*, such as connector settings, rules and so on.
+Customer data collected from integrated services includes *processed data*, such as incidents and alerts, and *configuration data*, such as connector settings, rules, and so on.
 
 ## Data storage location
 
-Microsoft Defender XDR operations in Microsoft Azure data centers in the following geographical regions:
+Microsoft Defender XDR operates in Microsoft Azure data centers in the following geographical regions:
 
 - **European Union**: North Europe and West Europe
 - **United Kingdom**: UK South and UK West
 - **United States**: East US 2 and Central US
 - **Australia**: Australia East and Australia Southeast
 - **Switzerland**: Switzerland North and Switzerland West
 - **India**: Central India and South India
+- **UAE**: UAE North and UAE Central
 
-Once created, the Microsoft Defender XDR tenant isn't movable to a different region. Your geographical region is shown in the Microsoft Defender portal, under **Settings > Microsoft Defender XDR > Account**.
+Once created, the Microsoft Defender XDR tenant can't be moved to a different region. Your geographical region is shown in the Microsoft Defender portal, under **Settings > Microsoft Defender XDR > Account**.
 
 Customer data stored by integrated services might also be stored in the following locations:
 

includes/improve-request-performance.md

@@ -6,18 +6,19 @@ ms.author: itsela
 author: itsela-ms
 ms.localizationpriority: medium
 manager: dansimp
-ms.date: 08/12/2024
+ms.date: 08/24/2025
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
 ---
 
 > [!TIP]
-> For better performance, you can use server closer to your geo location:
+> For better performance, use a server closer to your geolocation:
 >
 > - us.api.security.microsoft.com
 > - eu.api.security.microsoft.com
 > - uk.api.security.microsoft.com
 > - au.api.security.microsoft.com
 > - swa.api.security.microsoft.com
 > - ina.api.security.microsoft.com
+> - aea.api.security.microsoft.com