Merge branch 'main' into maccruz-analyticslogs

Author: schmurky

defender-endpoint/TOC.yml

@@ -1078,13 +1078,14 @@
         href: information-protection-investigation.md
 
     - name: Advanced hunting
-      href: /defender-xdr/advanced-hunting-overview
+      href: /defender-xdr/advanced-hunting-overview?toc=/defender-endpoint/toc.json&bc=/defender-endpoint/breadcrumb/toc.json
 
-    - name: Threat analytics overview
-      href: /defender-xdr/threat-analytics
+    - name: Threat analytics
       items:
+      - name: Overview
+        href: /defender-xdr/threat-analytics?toc=/defender-endpoint/toc.json&bc=/defender-endpoint/breadcrumb/toc.json
       - name: Read the analyst report
-        href: /defender-xdr/threat-analytics-analyst-reports
+        href: /defender-xdr/threat-analytics-analyst-reports?toc=/defender-endpoint/toc.json&bc=/defender-endpoint/breadcrumb/toc.json
 
     - name: EDR in block mode
       href: edr-in-block-mode.md

defender-endpoint/api/get-browser-extensions-permission-info.md

@@ -15,7 +15,7 @@ ms.topic: reference
 ms.subservice: reference
 ms.custom: api
 search.appverid: met150
-ms.date: 06/01/2022
+ms.date: 03/05/2025
 ---
 
 # Get browser extensions permission information
@@ -24,10 +24,10 @@ ms.date: 06/01/2022
 
 **Applies to:**
 
-- [Microsoft Defender for Endpoint Plan 1](../microsoft-defender-endpoint.md)
-- [Microsoft Defender for Endpoint Plan 2](../microsoft-defender-endpoint.md)
-- [Microsoft Defender Vulnerability Management](/defender-vulnerability-management)
-- [Microsoft Defender XDR](/defender-xdr)
+- [Microsoft Defender for Endpoint](/defender-endpoint/microsoft-defender-endpoint)
+
+- [Microsoft Defender Vulnerability Management](/defender-vulnerability-management/defender-vulnerability-management-capabilities#vulnerability-management-capabilities-for-endpoints) (add-on for Defender for Endpoint Plan 2 or the standalone version)
+- [Microsoft Defender for Cloud Plan 2](/azure/defender-for-cloud/defender-for-cloud-introduction)
 
 > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://go.microsoft.com/fwlink/p/?linkid=2225630&clcid=0x409&culture=en-us&country=us).
 

defender-endpoint/attack-surface-reduction-rules-reference.md

@@ -15,7 +15,7 @@ ms.collection:
 - m365-security
 - tier2
 - mde-asr
-ms.date: 02/26/2025
+ms.date: 03/05/2025
 search.appverid: met150
 ---
 
@@ -93,7 +93,7 @@ The following ASR rules DO NOT honor Microsoft Defender Antivirus exclusions:
 | [Block Office communication application from creating child processes](#block-office-communication-application-from-creating-child-processes) |
 
 > [!NOTE]
-> For information about configuring per-rule exclusions, see the section titled **Configure ASR rules per-rule exclusions** in the topic [Test attack surface reduction rules](attack-surface-reduction-rules-deployment-test.md).
+> For information about configuring per-rule exclusions, see the section titled **Configure ASR rules per-rule exclusions** in the article [Test attack surface reduction rules](attack-surface-reduction-rules-deployment-test.md).
 
 ## ASR rules and Defender for Endpoint Indicators of Compromise (IOC)
 
@@ -179,10 +179,10 @@ Toast notifications are generated for all rules in Block mode. Rules in any othe
 
 For rules with the "Rule State" specified:
 
-- ASR rules with `\ASR Rule, Rule State\` combinations are used to surface alerts (toast notifications) on Microsoft Defender for Endpoint only for devices at cloud block level "High"
-- Devices that not at the high cloud block level don't generate alerts for any `ASR Rule, Rule State` combinations
-- EDR alerts are generated for ASR rules in the specified states, for devices at cloud block level "High+"
-- Toast notifications occur in block mode only and for devices at cloud block level "High"
+- ASR rules with `\ASR Rule, Rule State\` combinations are used to surface alerts (toast notifications) on Microsoft Defender for Endpoint only for devices set at the cloud block level `High`.
+- Devices that are not set at the cloud block level `High` don't generate alerts for any `ASR Rule, Rule State` combinations.
+- EDR alerts are generated for ASR rules in the specified states, for devices set at the cloud block level `High+`.
+- Toast notifications occur in block mode only and for devices set at the cloud block level `High`.
 
 | Rule name | Rule state | EDR alerts | Toast notifications |
 |---|---|---|---|
@@ -256,7 +256,7 @@ This rule prevents an application from writing a vulnerable signed driver to dis
 The **Block abuse of exploited vulnerable signed drivers** rule doesn't block a driver already existing on the system from being loaded.
 
 > [!NOTE]
-> You can configure this rule using Intune OMA-URI. See [Intune OMA-URI](enable-attack-surface-reduction.md#custom-profile-in-intune) for configuring custom rules.
+> You can configure this rule using Intune OMA-URI. See [Intune OMA-URI](enable-attack-surface-reduction.md#custom-profile-in-intune-alternative-2) for configuring custom rules.
 > You can also configure this rule using [PowerShell](enable-attack-surface-reduction.md#powershell).
 > To have a driver examined, use this Web site to [Submit a driver for analysis](https://www.microsoft.com/en-us/wdsi/driversubmission).