Merge branch 'main' into 878da063-7d11-4b9d-be42-c17889e3ae93_42

Author: padmagit77

ATPDocs/alerts-overview.md

@@ -98,7 +98,6 @@ The following table lists the mapping between alert names, their corresponding u
 | [Suspicious modifications to the AD CS security permissions/settings](persistence-privilege-escalation-alerts.md#suspicious-modifications-to-the-ad-cs-security-permissionssettings--external-id-2435) | 2435                | Medium                                                     | Privilege escalation                                            |
 | [Account Enumeration reconnaissance (LDAP)](reconnaissance-discovery-alerts.md#account-enumeration-reconnaissance-ldap-external-id-2437-preview) (Preview) | 2437 | Medium  | Account Discovery, Domain Account |
 | [Directory Services Restore Mode Password Change](other-alerts.md#directory-services-restore-mode-password-change-external-id-2438) | 2438 | Medium  | Persistence, Account Manipulation |
-| [Honeytoken was queried via SAM-R](reconnaissance-discovery-alerts.md#honeytoken-was-queried-via-sam-r-external-id-2439) | 2439                | Low                                                     | Discovery                                            |
 |[Group Policy Tampering ](/defender-for-identity/other-alerts)|2440|Medium|Defense evasion|
 
 > [!NOTE]

ATPDocs/reconnaissance-discovery-alerts.md

@@ -173,25 +173,6 @@ None
 |MITRE attack technique  | [Account Discovery (T1087)](https://attack.mitre.org/techniques/T1087/), [Indirect Command Execution (T1202)](https://attack.mitre.org/techniques/T1202/), [Permission Groups Discovery (T1069)](https://attack.mitre.org/techniques/T1069/)        |
 |MITRE attack sub-technique | [Domain Account (T1087.002)](https://attack.mitre.org/techniques/T1087/002/), [Domain Groups (T1069.002)](https://attack.mitre.org/techniques/T1069/002/)        |
 
-## Honeytoken was queried via SAM-R (external ID 2439)
-
-**Severity**: Low
-
-**Description**:
-
-User reconnaissance is used by attackers to map the directory structure and target privileged accounts for later steps in their attack. The Security Account Manager Remote (SAM-R) protocol is one of the methods used to query the directory to perform this type of mapping.
-In this detection, Microsoft Defender for Identity will trigger this alert for any reconnaissance activities against a pre-configured [honeytoken user](entity-tags.md)
-
-**Learning period**:
-
-None
-
-**MITRE**:
-
-|Primary MITRE tactic  |[Discovery (TA0007)](https://attack.mitre.org/tactics/TA0007/)  |
-|---------|---------|
-|MITRE attack technique  | [Account Discovery (T1087)](https://attack.mitre.org/techniques/T1087/)|
-|MITRE attack sub-technique | [Domain Account (T1087.002)](https://attack.mitre.org/techniques/T1087/002/)|
 
 ## Honeytoken was queried via LDAP (external ID 2429)
 

CloudAppSecurityDocs/editions-cloud-app-security-o365.md

@@ -26,7 +26,8 @@ Office 365 Cloud App Security includes threat detection based on user activity l
 
 |Capability|Feature|Microsoft Defender for Cloud Apps|Office 365 Cloud App Security|
 |----|----|----|----|
-|Cloud discovery|Discovered apps |31,000 + cloud apps  |750+ cloud apps with similar functionality to Office 365|
+|App Governance|App Governance|Yes||
+|Cloud discovery|Discovered apps |34,000 + cloud apps  |750+ cloud apps with similar functionality to Office 365|
 ||Deployment for discovery analysis|<li> Manual upload <br> <li> Automated upload - Log collector and API <br> <li> Native Defender for Endpoint integration |Manual log upload|
 ||Log anonymization for user privacy|Yes||
 ||Access to full cloud app catalog|Yes||
@@ -52,3 +53,4 @@ Office 365 Cloud App Security includes threat detection based on user activity l
 Read about the basics in [Getting started with Defender for Cloud Apps](./get-started.md).
 
 [!INCLUDE [Open support ticket](includes/support.md)]
+"

defender-business/mdb-tutorials.md

@@ -6,7 +6,7 @@ author: chrisda
 ms.author: chrisda
 manager: deniseb
 audience: Admin
-ms.topic: conceptual
+ms.topic: concept-article
 ms.service: defender-business
 ms.localizationpriority: medium
 ms.reviewer: efratka, nehabha, yaelbenari

defender-business/mdb-view-tvm-dashboard.md

@@ -6,7 +6,7 @@ author: chrisda
 ms.author: chrisda
 manager: deniseb
 audience: Admin
-ms.topic: conceptual
+ms.topic: concept-article
 ms.service: defender-business
 ms.localizationpriority: medium
 ms.date: 06/19/2024

defender-office-365/air-custom-reporting.md

@@ -6,7 +6,7 @@ author: chrisda
 ms.author: chrisda
 manager: deniseb
 audience: ITPro
-ms.topic: conceptual
+ms.topic: concept-article
 ms.localizationpriority: medium
 search.appverid:
 - MET150

defender-office-365/air-examples.md

@@ -6,7 +6,7 @@ author: chrisda
 ms.author: chrisda
 manager: deniseb
 audience: ITPro
-ms.topic: conceptual
+ms.topic: concept-article
 ms.localizationpriority: medium
 search.appverid:
 - MET150

defender-office-365/anti-phishing-from-email-address-validation.md

@@ -6,7 +6,7 @@ ms.author: chrisda
 author: chrisda
 manager: deniseb
 audience: ITPro
-ms.topic: conceptual
+ms.topic: concept-article
 ms.localizationpriority: medium
 search.appverid: 
   - OWC150

defender-office-365/anti-phishing-protection-about.md

@@ -6,7 +6,7 @@ ms.author: chrisda
 author: chrisda
 manager: deniseb
 audience: ITPro
-ms.topic: conceptual
+ms.topic: concept-article
 ms.localizationpriority: medium
 search.appverid: 
   - MET150

defender-office-365/anti-spam-backscatter-about.md

@@ -6,7 +6,7 @@ ms.author: chrisda
 author: chrisda
 manager: deniseb
 audience: ITPro
-ms.topic: conceptual
+ms.topic: concept-article
 ms.localizationpriority: medium
 search.appverid: 
   - MET150