MicrosoftDocs
diff --git a/‎ATPDocs/health-alerts.md‎
Lines changed: 7 additions & 1 deletion b/‎ATPDocs/health-alerts.md‎
Lines changed: 7 additions & 1 deletion
diff --git a/‎ATPDocs/microsoft-365-security-center-mdi.md‎
Lines changed: 1 addition & 1 deletion b/‎ATPDocs/microsoft-365-security-center-mdi.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎CloudAppSecurityDocs/activity-filters-queries.md‎
Lines changed: 4 additions & 1 deletion b/‎CloudAppSecurityDocs/activity-filters-queries.md‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎CloudAppSecurityDocs/app-governance-app-policies-create.md‎
Lines changed: 1 addition & 1 deletion b/‎CloudAppSecurityDocs/app-governance-app-policies-create.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎CloudAppSecurityDocs/app-governance-manage-app-governance.md‎
Lines changed: 1 addition & 1 deletion b/‎CloudAppSecurityDocs/app-governance-manage-app-governance.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎CloudAppSecurityDocs/app-governance-predefined-policies.md‎
Lines changed: 1 addition & 1 deletion b/‎CloudAppSecurityDocs/app-governance-predefined-policies.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎CloudAppSecurityDocs/app-governance-secure-apps-app-hygiene-features.md‎
Lines changed: 1 addition & 1 deletion b/‎CloudAppSecurityDocs/app-governance-secure-apps-app-hygiene-features.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎CloudAppSecurityDocs/behaviors.md‎
Lines changed: 16 additions & 16 deletions b/‎CloudAppSecurityDocs/behaviors.md‎
Lines changed: 16 additions & 16 deletions
diff --git a/‎CloudAppSecurityDocs/discovery-docker-ubuntu-azure.md‎
Lines changed: 1 addition & 1 deletion b/‎CloudAppSecurityDocs/discovery-docker-ubuntu-azure.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎CloudAppSecurityDocs/discovery-docker-ubuntu.md‎
Lines changed: 1 addition & 1 deletion b/‎CloudAppSecurityDocs/discovery-docker-ubuntu.md‎
Lines changed: 1 addition & 1 deletion
@@ -1,7 +1,7 @@
 ---
 title: Microsoft Defender for Identity health issues
 description: This article describes all the health issues that can occur for each component, listing the cause and the steps needed to resolve the problem
-ms.date: 07/09/2024
+ms.date: 01/16/2025
 ms.topic: how-to
 ---
 
@@ -191,6 +191,12 @@ Sensor-specific health issues are displayed in the **Sensor health issues** tab
 |----|----|----|----|----|
 |Radius accounting (VPN integration) data ingestion failures.|The listed Defender for Identity sensors have radius accounting (VPN integration) data ingestion failures.|Validate that the shared secret in the Defender for Identity configuration settings matches your VPN server, according to the guidance described [Configure VPN in Defender for Identity](vpn-integration.md#configure-vpn-in-defender-for-identity) section, in the [Defender for Identity VPN integration](vpn-integration.md) page.|Low|Health issues page|
 
+### Auditing for AD CS servers is not enabled as required
+
+|Alert|Description|Resolution|Severity|Displayed in|
+|----|----|----|----|----|
+|Auditing for AD CS servers is not enabled as required. (This configuration is validated once a day, per sensor).|The Advanced Auditing Policy Configuration or AD CS auditing is not enabled as required.|Enable the Advanced Auditing Policy Configuration and AD CS auditing according to the guidance as described in the [Configure auditing on AD CS](configure-windows-event-collection.md#configure-auditing-on-ad-cs) section, in the [Configure Windows Event collection](configure-windows-event-collection.md) page.|Medium|Sensors health issues tab|
+
 ### Sensor failed to retrieve Microsoft Entra Connect service configuration
 
 | Alert| Description  |Resolution|Severity|Displayed in|
 
@@ -106,7 +106,7 @@ The following table lists the changes in navigation between Microsoft Defender f
 
 For more information, see:
 
-- [Related videos for Microsoft Defender for Identity](https://www.microsoft.com/videoplayer/embed/RE4HcEU)
+- [Related videos for Microsoft Defender for Identity](https://learn-video.azurefd.net/vod/player?id=f4589332-7b78-40f0-b456-b896851a5aae)
 - [Microsoft Defender XDR](/defender-xdr/microsoft-365-defender)
 - [Microsoft Defender for Identity](/defender-for-identity/)
 
 
@@ -20,8 +20,11 @@ Below is a list of the activity filters that can be applied. Most filters suppor
 - Activity objects – Search for the objects the activity was done on. This filter applies to files, folders, users, or app objects.
     - Activity object ID - the ID of the object (file, folder, user, or app ID).
 
-    - Item - Enables you to search by the name or ID of any activity object (for example, user names, files, parameters, sites). For the **Activity object Item** filter, you can select whether to filter for items that **Contain**, **Equal**, or **Starts with** the specific item.
+    - Item - Enables you to search by the name or ID of any activity object (for example, user names, files, parameters, sites). For the **Activity object Item** filter, you can select whether to filter for items that **Contains**, **Equals**, or **Starts with** the specific item.
 
+    > [!NOTE]
+    > Activity-Policy's **Activity object Item** filter supports the **Equals** operator only.
+  
 - Action type - Search for a more specific action performed in an app.
 
 - Activity type - Search for the app activity.
 
@@ -17,7 +17,7 @@ Use app governance to create OAuth policies for apps connected to Microsoft 365,
 
 <br>
 
->[!VIDEO https://www.microsoft.com/videoplayer/embed/RE4YU37]
+>[!VIDEO https://learn-video.azurefd.net/vod/player?id=b10dbf02-9f56-4f37-8c68-8221be5b4aea]
 
 <a name='create-oauth-app-policies-for-azure-ad'></a>
 
 
@@ -11,7 +11,7 @@ Cyber attacks have become increasingly sophisticated in the ways they exploit th
 
 To understand the potential risks and stop these types of attacks, you need to gain clear visibility into your organization’s app compliance posture. You need to be able to quickly identify when an app exhibits anomalous behaviors and respond when these behaviors present risks to your environment, data, and users. <br><br>
 
-> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4S7sp]
+> [!VIDEO https://learn-video.azurefd.net/vod/player?id=ed7ad7f7-58dc-4a09-ace3-e1d6b8f55353]
 
 ## App governance features
 
 
@@ -10,7 +10,7 @@ description: Get started learning about predefined app policies.
 App governance contains a set of out of the box policies to detect anomalous app behaviors. These policies are activated by default, but you can deactivate them if you choose to.<br>
 <br>
 
-> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4YpJN]
+> [!VIDEO https://learn-video.azurefd.net/vod/player?id=22872b35-18aa-424d-bec7-3f77869a5e47]
 
 ## Working with predefined policies
 
 
@@ -17,7 +17,7 @@ These features enable automatic control over these apps and provide extra app be
 
 Watch this video for a brief explanation of these features:
 
-> [!VIDEO https://www.microsoft.com/videoplayer/embed/RWWYEm]
+> [!VIDEO https://learn-video.azurefd.net/vod/player?id=d22073a4-555a-413a-8e01-fc0f42d97f6f]
 
 ## App insights
 
 
@@ -26,22 +26,22 @@ While behaviors might be related to security scenarios, they're not necessarily
 
 Behaviors currently support low-fidelity, Defender for Cloud Apps detections, that may not meet the standard for alerts but are still useful in providing context during an investigation. Currently supported detections include:
 
-|Alert name  |Policy name  |
-|---------|---------|
-|**Activity from infrequent country**  |Activity from infrequent country/region   |
-|**Impossible travel activity**  |Impossible travel  |
-|**Mass delete**  |Unusual file deletion activity (by user)  |
-|**Mass download**  |Unusual file download (by user)  |
-|**Mass share**  |Unusual file share activity (by user)  |
-|**Multiple delete VM activities**  |Multiple delete VM activities  |
-|**Multiple failed login attempts**  |Multiple failed sign-in attempts  |
-|**Multiple Power BI report sharing activities**  |Multiple Power BI report sharing activities  |
-|**Multiple VM creation activities**  |Multiple VM creation activities  |
-|**Suspicious administrative activity**  |Unusual administrative activity (by user)  |
-|**Suspicious impersonated activity**  |Unusual impersonated activity (by user)  |
-|**Suspicious OAuth app file download activities**  |Suspicious OAuth app file download activities  |
-|**Suspicious Power BI report sharing**  |Suspicious Power BI report sharing   |
-|**Unusual addition of credentials to an OAuth app**  |Unusual addition of credentials to an OAuth app  |
+|Alert name  |Policy name  |ActionType (Hunting)|
+|---------|---------|---------|
+|**Activity from infrequent country**  |Activity from infrequent country/region   |ActivityFromInfrequentCountry|
+|**Impossible travel activity**  |Impossible travel  |ImpossibleTravelActivity|
+|**Mass delete**  |Unusual file deletion activity (by user)  |MassDelete|
+|**Mass download**  |Unusual file download (by user)  |MassDownload|
+|**Mass share**  |Unusual file share activity (by user)  |MassShare|
+|**Multiple delete VM activities**  |Multiple delete VM activities  |MultipleDeleteVmActivities|
+|**Multiple failed login attempts**  |Multiple failed sign-in attempts  |MultipleFailedLoginAttempts|
+|**Multiple Power BI report sharing activities**  |Multiple Power BI report sharing activities  |MultiplePowerBiReportSharingActivities|
+|**Multiple VM creation activities**  |Multiple VM creation activities  |MultipleVmCreationActivities|
+|**Suspicious administrative activity**  |Unusual administrative activity (by user)  |SuspiciousAdministrativeActivity|
+|**Suspicious impersonated activity**  |Unusual impersonated activity (by user)  |SuspiciousImpersonatedActivity|
+|**Suspicious OAuth app file download activities**  |Suspicious OAuth app file download activities  |SuspiciousOauthAppFileDownloadActivities|
+|**Suspicious Power BI report sharing**  |Suspicious Power BI report sharing   |SuspiciousPowerBiReportSharing|
+|**Unusual addition of credentials to an OAuth app**  |Unusual addition of credentials to an OAuth app  |UnusualAdditionOfCredentialsToAnOauthApp|
 
 
 ## Defender for Cloud Apps' transition from alerts to behaviors
 
@@ -105,7 +105,7 @@ This procedure describes how to deploy your machine with Ubuntu. The deployment
 
 1. Change to root privileges using `sudo -i`.
 
-1. If you accept the [software license terms](https://go.microsoft.com/fwlink/?linkid=862492), uninstall old versions and install Docker CE by running the commands appropriate for your environment:
+1. If you accept the software license terms, uninstall old versions and install Docker CE by running the commands appropriate for your environment:
 
     #### [CentOS](#tab/centos)
 
 
@@ -105,7 +105,7 @@ The following steps describe the deployment in Ubuntu. The deployment steps for
     export https_proxy='<IP>:<PORT>'
     ```
 
-1. If you accept the [software license terms](https://go.microsoft.com/fwlink/?linkid=862492), uninstall old versions and install Docker CE by running the commands appropriate for your environment:
+1. If you accept the software license terms, uninstall old versions and install Docker CE by running the commands appropriate for your environment:
 
     ### [CentOS](#tab/centos)