Merge branch 'main' into docs-editor/advanced-hunting-overview-1736362252

Author: denisebmsft

.acrolinx-config.edn

@@ -51,10 +51,10 @@ Select the total score link to review all feedback on clarity, consistency, tone
  "
 **More information about Acrolinx**
  
-- [Install Acrolinx locally for VSCode for Magic](https://review.docs.microsoft.com/office-authoring-guide/acrolinx-vscode?branch=main)
+- [Install Acrolinx locally for VSCode for Magic](https://review.learn.microsoft.com/office-authoring-guide/acrolinx-vscode?branch=main)
 - [False positives or issues](https://aka.ms/acrolinxbug)
 - [Request a new Acrolinx term](https://microsoft.sharepoint.com/teams/M365Dev2/SitePages/M365-terminology.aspx)
-- [Troubleshooting issues with Acrolinx](https://review.docs.microsoft.com/help/contribute/acrolinx-error-messages)
+- [Troubleshooting issues with Acrolinx](https://review.learn.microsoft.com/help/platform/acrolinx-troubleshoot?branch)
 
 "
 }

.github/workflows/AutoPublish.yml

@@ -3,21 +3,23 @@ name: (Scheduled) Publish to live
 permissions:
   contents: write
   pull-requests: write
+  checks: read
 
 on:
   schedule:
-    - cron: "25 5,11,17,22 * * *" # Times are UTC based on Daylight Saving Time. Need to be adjusted for Standard Time. Scheduling at :25 to account for queuing lag.
+    - cron: "25 2,5,8,11,14,17,20,22 * * *" # Times are UTC based on Daylight Saving Time. Need to be adjusted for Standard Time. Scheduling at :25 to account for queuing lag.
 
   workflow_dispatch:
 
 jobs:
 
   auto-publish:
     if: github.repository_owner == 'MicrosoftDocs' && contains(github.event.repository.topics, 'build')
-    uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-AutoPublish.yml@workflows-prod
+    uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-AutoPublishV2.yml@workflows-prod
     with:
         PayloadJson: ${{ toJSON(github) }}
         EnableAutoPublish: true
+        EnableAutoMerge: true
 
     secrets:
         AccessToken: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/StaleBranch.yml

@@ -2,6 +2,7 @@ name: (Scheduled) Stale branch removal
 
 permissions:
   contents: write
+  pull-requests: read
 
 # This workflow is designed to be run in the days up to, and including, a "deletion day", specified by 'DeleteOnDayOfMonth' in env: in https://github.com/MicrosoftDocs/microsoft-365-docs/blob/workflows-prod/.github/workflows/Shared-StaleBranch.yml.
 # On the days leading up to "deletion day", the workflow will report the branches to be deleted. This lets users see which branches will be deleted. On "deletion day", those branches are deleted.

.openpublishing.redirection.defender-cloud-apps.json

@@ -1009,6 +1009,11 @@
       "source_path": "CloudAppSecurityDocs/troubleshooting-api-connectors-using-error-messages.md",
       "redirect_url": "/defender-cloud-apps/troubleshooting-api-connectors-errors",
       "redirect_document_id": true
-    }
+    },
+    {
+      "source_path": "CloudAppSecurityDocs/connector-platform.md",
+      "redirect_url": "/defender-cloud-apps/enable-instant-visibility-protection-and-governance-actions-for-your-apps",
+      "redirect_document_id": true
+    },
   ]
 }

ATPDocs/accounts-with-non-default-pgid.md

@@ -10,6 +10,7 @@ ms.author: liorshapira
 ms.service: microsoft-defender-for-identity
 ms.topic: article
 ms.date:     10/05/2024
+ms.reviewer: LiorShapiraa
 ---
 
 # Security Assessment: Accounts with non-default Primary Group ID

ATPDocs/advanced-settings.md

@@ -4,6 +4,7 @@ description: Learn how to configure the number of Microsoft Defender for Identit
 ms.date: 02/11/2024
 ms.topic: how-to
 #CustomerIntent: As a Microsoft Defender for Identity customer, I want to reduce the number of false positives by adjusting thresholds for specific alerts.
+ms.reviewer: rlitinsky
 ---
 
 # Adjust alert thresholds

ATPDocs/alerts-overview.md

@@ -3,6 +3,7 @@ title: Security alerts
 description: This article provides a list of the security alerts issued by Microsoft Defender for Identity.
 ms.date: 03/23/2023
 ms.topic: conceptual
+ms.reviewer: morRubin
 ---
 
 # Security alerts in Microsoft Defender for Identity
@@ -97,7 +98,6 @@ The following table lists the mapping between alert names, their corresponding u
 | [Suspicious modifications to the AD CS security permissions/settings](persistence-privilege-escalation-alerts.md#suspicious-modifications-to-the-ad-cs-security-permissionssettings--external-id-2435) | 2435                | Medium                                                     | Privilege escalation                                            |
 | [Account Enumeration reconnaissance (LDAP)](reconnaissance-discovery-alerts.md#account-enumeration-reconnaissance-ldap-external-id-2437-preview) (Preview) | 2437 | Medium  | Account Discovery, Domain Account |
 | [Directory Services Restore Mode Password Change](other-alerts.md#directory-services-restore-mode-password-change-external-id-2438) | 2438 | Medium  | Persistence, Account Manipulation |
-| [Honeytoken was queried via SAM-R](reconnaissance-discovery-alerts.md#honeytoken-was-queried-via-sam-r-external-id-2439) | 2439                | Low                                                     | Discovery                                            |
 |[Group Policy Tampering ](/defender-for-identity/other-alerts)|2440|Medium|Defense evasion|
 
 > [!NOTE]

ATPDocs/architecture.md

@@ -4,6 +4,7 @@ description: Learn about the Microsoft Defender for Identity system architecture
 ms.date: 09/14/2023
 ms.topic: overview
 #CustomerIntent: As a Defender for Identity user, I want to understand the relevant components and how they interact with the rest of my environment so that I can best use Defender for Identity features.
+ms.reviewer: morRubin
 ---
 
 # Microsoft Defender for Identity architecture

ATPDocs/built-in-active-directory-guest-account-is-enabled.md

@@ -10,6 +10,7 @@ ms.author: liorshapira
 ms.service: microsoft-defender-for-identity
 ms.topic: article
 ms.date:     10/05/2024
+ms.reviewer: LiorShapiraa
 ---
 
 # Security Assessment: Built-in Active Directory Guest account is enabled
@@ -27,11 +28,11 @@ The on-premises Guest account is a built-in, non-nominative account that allows
 
 1. Take appropriate action on those accounts by **disabling** the account.
 
-For example:
+   For example:
 
-![Screenshot showing guest account in AD.](media/built-in-active-directory-guest-account-is-enabled/guest-account.png)
+   ![Screenshot showing guest account in AD.](media/built-in-active-directory-guest-account-is-enabled/guest-account.png)
 
-![Screenshot showing security report.](media/built-in-active-directory-guest-account-is-enabled/security-report.png)
+   ![Screenshot showing security report.](media/built-in-active-directory-guest-account-is-enabled/security-report.png)
 
 ## Next steps
 

ATPDocs/cef-format-sa.md

@@ -3,6 +3,7 @@ title: SIEM log reference
 description: Provides samples of logs sent from Microsoft Defender for Identity to your SIEM.
 ms.date: 09/22/2024
 ms.topic: conceptual
+ms.reviewer: rlitinsky
 ---
 
 # Microsoft Defender for Identity SIEM log reference