MicrosoftDocs
diff --git a/‎ATPDocs/security-assessment-unsecure-account-attributes.md‎
Lines changed: 2 additions & 1 deletion b/‎ATPDocs/security-assessment-unsecure-account-attributes.md‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎ATPDocs/whats-new.md‎
Lines changed: 1 addition & 7 deletions b/‎ATPDocs/whats-new.md‎
Lines changed: 1 addition & 7 deletions
diff --git a/‎CloudAppSecurityDocs/access-policy-aad.md‎
Lines changed: 1 addition & 0 deletions b/‎CloudAppSecurityDocs/access-policy-aad.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎CloudAppSecurityDocs/accounts.md‎
Lines changed: 1 addition & 0 deletions b/‎CloudAppSecurityDocs/accounts.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎CloudAppSecurityDocs/activity-filters.md‎
Lines changed: 4 additions & 3 deletions b/‎CloudAppSecurityDocs/activity-filters.md‎
Lines changed: 4 additions & 3 deletions
diff --git a/‎CloudAppSecurityDocs/admin-settings.md‎
Lines changed: 1 addition & 0 deletions b/‎CloudAppSecurityDocs/admin-settings.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎CloudAppSecurityDocs/anomaly-detection-policy.md‎
Lines changed: 1 addition & 0 deletions b/‎CloudAppSecurityDocs/anomaly-detection-policy.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎CloudAppSecurityDocs/api-activities-investigate-script.md‎
Lines changed: 4 additions & 3 deletions b/‎CloudAppSecurityDocs/api-activities-investigate-script.md‎
Lines changed: 4 additions & 3 deletions
diff --git a/‎CloudAppSecurityDocs/app-activity-threat-hunting.md‎
Lines changed: 2 additions & 1 deletion b/‎CloudAppSecurityDocs/app-activity-threat-hunting.md‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎CloudAppSecurityDocs/app-governance-anomaly-detection-alerts.md‎
Lines changed: 2 additions & 1 deletion b/‎CloudAppSecurityDocs/app-governance-anomaly-detection-alerts.md‎
Lines changed: 2 additions & 1 deletion
@@ -40,8 +40,9 @@ Use the remediation appropriate to the relevant attribute as described in the fo
 | Enable Kerberos AES encryption support | Enable AES features on the account properties in AD | Enabling AES128_CTS_HMAC_SHA1_96 or AES256_CTS_HMAC_SHA1_96 on the account helps prevent the use of weaker encryption ciphers for Kerberos authentication. |
 | Remove Use Kerberos DES encryption types for this account | Remove this setting from account properties in AD | Removing this setting enables the use of stronger encryption algorithms for the account's password. |
 | Remove a Service Principal Name (SPN) | Remove this setting from account properties in AD | When a user account is configured with an SPN set, it means that the account has been associated with one or more SPNs. This typically occurs when a service is installed or registered to run under a specific user account, and the SPN is created to uniquely identify the service workspace for Kerberos authentication. This recommendation only showed for sensitive accounts. |
+|Reset password as SmartcardRequired setting was removed|Reset the account password|Changing the account's password after the SmartcardRequired UAC flag was removed ensures it was set under current security policies. This helps prevent potential exposure from passwords created when smartcard enforcement was still active.|
 
-Use the **UserAccountControl** flag to manipulate user account profiles. For more information, see:
+Use the **UserAccountControl** (UAC) flag to manipulate user account profiles. For more information, see:
 
 - [Windows Server troubleshooting](/troubleshoot/windows-server/identity/useraccountcontrol-manipulate-account-properties) documentation.
 - [User Properties - Account Section](/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/dd861342(v=ws.11))
 
@@ -33,7 +33,6 @@ Previously, Defender for Identity tenants received Entra ID risk level in the Id
 
 For UEBA tenants without a Microsoft Defender for Identity license, synchronization of Entra ID risk level to the IdentityInfo table remains unchanged.
 
-
 ### New security assessment: Remove inactive service accounts (Preview)
 
 Microsoft Defender for Identity now includes a new security assessment that helps you identify and remove inactive service accounts in your organization. This assessment lists Active Directory service accounts that have been inactive (stale) for the past 180 days, to help you mitigate security risks associated with unused accounts.
@@ -60,13 +59,12 @@ The new security posture assessment highlights unsecured Active Directory attrib
 
 For more information, see: [Security Assessment: Remove discoverable passwords in Active Directory account attributes (Preview)](remove-discoverable-passwords-active-directory-account-attributes.md)
 
-
 ### Microsoft Defender for Identity sensor version updates
 
 |Version number |Updates |
 |---------|---------|
 |2.247|Includes bug fixes and stability improvements for the Microsoft Defender for Identity sensor.|
-|2.246|Includes bug fixes and stability improvements for the Microsoft Defender for Identity sensor.    |
+|2.246|Includes bug fixes and stability improvements for the Microsoft Defender for Identity sensor.|
 
 ### Detection update: Suspected Brute Force attack (Kerberos, NTLM)
 
@@ -152,10 +150,6 @@ Bug Fixes:
 
 ## May 2025
 
-###  Expanded New Sensor Deployment Support for Domain Controllers (Preview)
-Defender for Identity now supports deploying its new sensor on Domain Controllers without requiring Defender for Endpoint onboarding. This simplifies sensor activation and expands deployment flexibility. [Learn more](deploy/activate-sensor.md).
-
-
 ### Improved Visibility into Defender for Identity New Sensor Eligibility in the Activation page
 The Activation Page now displays all servers from your device inventory, including those not currently eligible for the new Defender for Identity sensor. This enhancement increases transparency into sensor eligibility, helping you identify noneligible servers and take action to update and onboard them for enhanced identity protection.
 
 
@@ -3,6 +3,7 @@ title: Create access policies | Microsoft Defender for Cloud Apps
 description: Learn how to configure Microsoft Defender for Cloud Apps access policies with Conditional Access app control to control access to cloud apps.
 ms.date: 05/15/2024
 ms.topic: how-to
+ms.reviewer: AmitMishaeli
 ---
 # Create Microsoft Defender for Cloud Apps access policies
 
 
@@ -3,6 +3,7 @@ title: Investigate accounts from connected apps | Microsoft Defender for Cloud A
 description: This article provides information about reviewing accounts from your connected apps.
 ms.date: 01/29/2023
 ms.topic: how-to
+ms.reviewer: gayasalomon
 ---
 # Cloud Application Accounts
 
 
@@ -3,6 +3,7 @@ title: Investigate activities
 description: This article provides a list of activities, filters, and match parameters that can be applied to activity policies.
 ms.date: 06/24/2025
 ms.topic: how-to
+ms.reviewer: gayasalomon
 ---
 
 # Investigate activities
@@ -15,7 +16,7 @@ Microsoft Defender for Cloud Apps gives you visibility into all the activities f
 >
 > Microsoft Defender for Cloud Apps displays these activity names and types exactly as received and doesn't define or modify them. To understand the meaning of an activity, refer to the relevant third‑party API documentation.
 
-The action types for events and activities are determined by the source service, whether it is a first-party or third-party service. Microsoft Defender for Cloud Apps (MDA) supports a wide range of action types and is not restricted to specific ones.
+The action types for events and activities are determined by the source service, whether it's a first-party or third-party service. Microsoft Defender for Cloud Apps (MDA) supports a wide range of action types and isn't restricted to specific ones.
 For a full list of Microsoft 365 activities monitored by Defender for Cloud Apps, see [Search the audit log in the Microsoft Purview portal](/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance#audited-activities).
 
 
@@ -93,7 +94,7 @@ Selecting it opens the Activity drawer **User** tab provides the following insig
     - **ISPs**: The number of ISPs the user connected from in the past 30 days.
     - **IP addresses**: The number of IP addresses the user connected from in the past 30 days.
 
-:::image type="content" source="media/user-insights.png" alt-text="Screenshot that shows user insights, user activities and frequent alert locations for Defender for Cloud apps." lightbox="media/user-insights.png":::
+:::image type="content" source="media/user-insights.png" alt-text="Screenshot that shows user insights, user activities, and frequent alert locations for Defender for Cloud apps." lightbox="media/user-insights.png":::
 
 
 #### IP address insights
@@ -122,7 +123,7 @@ To view IP address insights:
         - Set as a VPN IP address and add to allowlist
         - Set as a Risky IP and add to blocklist
 
-:::image type="content" source="media/activity-filters/ip-address-insights.png" alt-text="Screenshot that shows Ip address activities over the last 30 days." lightbox="media/activity-filters/ip-address-insights.png":::
+:::image type="content" source="media/activity-filters/ip-address-insights.png" alt-text="Screenshot that shows IP address activities over the last 30 days." lightbox="media/activity-filters/ip-address-insights.png":::
 
 
 > [!NOTE]
 
@@ -3,6 +3,7 @@ title: Configure admin notifications
 description: This article provides instructions for setting admin preferences in Defender for Cloud Apps.
 ms.date: 01/29/2023
 ms.topic: how-to
+ms.reviewer: Naama-Goldbart 
 ---
 # Configure admin notifications
 
 
@@ -3,6 +3,7 @@ title: Create anomaly detection policies | Microsoft Defender for Cloud Apps
 description: This article provides a description of Anomaly detection policies and provides reference information about the building blocks of an anomaly detection policy.
 ms.date: 03/01/2023
 ms.topic: how-to
+ms.reviewer: Ronen-Refaeli
 ---
 
 # Create Defender for Cloud Apps anomaly detection policies
 
@@ -3,6 +3,7 @@ title: Investigate activities using the API
 description: This article provides information on how to use the API to investigate user activity in Defender for Cloud Apps.
 ms.date: 01/29/2023
 ms.topic: how-to
+ms.reviewer: Naama-Goldbart
 ---
 # Investigate activities using the API
 
@@ -18,7 +19,7 @@ The activities API mode is optimized for scanning and retrieval of large quantit
 ## To use the activity scan script
 
 1. Run the query on your data.
-1. If there are more records than could be listed in a single scan, you will get a return command with `nextQueryFilters` that you should run. You will get this command each time you scan until the query has returned all the results.
+1. If there are more records than could be listed in a single scan, you'll get a return command with `nextQueryFilters` that you should run. You'll get this command each time you scan until the query has returned all the results.
 
 ## Request body parameters
 
@@ -32,9 +33,9 @@ The activities API mode is optimized for scanning and retrieval of large quantit
 
 ## Response parameters
 
-- "data": the returned data. Will contain up to "limit" number of records each iteration. If there are more records to be pulled (hasNext=true), the last few records will be dropped to ensure that all data is listed only once.
+- "data": the returned data. Will contain up to "limit" number of records each iteration. If there are more records to be pulled (hasNext=true), the last few records are dropped to ensure that all data is listed only once.
 - "hasNext": Boolean. Denotes whether another iteration on the data is needed.
-- "nextQueryFilters": If another iteration is needed, it contains the consecutive JSON query to be run. Use this as the "filters" parameter in the next request. Note that if the "hasNext" parameter is set to False, this parameter will be missing since you've iterated over all of the data.
+- "nextQueryFilters": If another iteration is needed, it contains the consecutive JSON query to be run. Use this as the "filters" parameter in the next request. If the "hasNext" parameter is set to False, this parameter will be missing since you've iterated over all of the data.
 
 The following Python example gets all the activities from the past day from Exchange Online.
 
 
@@ -1,8 +1,9 @@
 ---
 title: Hunt for threats in app activities | Microsoft Defender for Cloud Apps
-ms.date: 05/23/2025
+ms.date: 08/18/2025
 ms.topic: how-to
 description: Learn how app governance in Microsoft Defender for Cloud Apps helps you hunt for resources accessed and activities carried out by apps in your environment.
+ms.reviewer: shragar
 ---
 
 # Hunt for threats in app activities
 
@@ -1,9 +1,10 @@
 ---
 title: Investigate app governance threat detection alerts | Microsoft Defender for Cloud Apps
-ms.date: 05/23/2025
+ms.date: 08/18/2025
 ms.topic: how-to
 ms.custom: has-azure-ad-ps-ref, azure-ad-ref-level-one-done
 description: Learn how to investigate threat detection alerts from app governance in Microsoft Defender XDR with Microsoft Defender for Cloud Apps.
+ms.reviewer: shragar
 ---
 
 # Investigate app governance threat detection alerts