Merge pull request #4710 from DebLanger/US477096_AP

Update attack path documentation for refined experience in MSEM

Author: DebLanger

exposure-management/enterprise-exposure-map.md

@@ -6,7 +6,7 @@ author: dlanger
 manager: rayne-wiselman
 ms.topic: overview
 ms.service: exposure-management
-ms.date: 11/18/2024
+ms.date: 09/09/2025
 
 ---
 
@@ -37,7 +37,7 @@ The exposure map gives you visibility into asset connections.
     - **Hovering**: Hover over nodes and edges to get additional information.
     - **Explore assets and their edges**. To explore assets and edge, select the plus sign. Or select the option to explore connected assets from the contextual menu.
     - **Asset details**: To view details, select the asset icon.
-    - **Focus on asset**: Provides a way to refocus the graph visualization on the specific node you want to explore, similar to the **Graph** view when selecting an individual [attack path](review-attack-paths.md).
+    - **Focus on asset**: Provides a way to refocus the graph visualization on the specific node you want to explore, similar to the **Graph** view when selecting an individual [attack path](review-attack-paths.md). The Cloud attack paths focuses on real, externally-driven and exploitable threats rather than broad potential attack path scenarios.
     - **Search**: Helps you to discover items by node type. By selecting **all results**, search the particular type for specific results. You can also filter your search by devices, identity, or cloud assets from the initial screen.
     - **Discovery source**: Use the layer option to show or hide the origin of the data directly on the attack surface map.
 

exposure-management/review-attack-paths.md

@@ -6,7 +6,7 @@ author: dlanger
 manager: rayne-wiselman
 ms.topic: overview
 ms.service: exposure-management
-ms.date: 11/04/2024
+ms.date: 09/09/2025
 ---
 
 # Review attack paths
@@ -16,10 +16,11 @@ Attack paths in [Microsoft Security Exposure Management](microsoft-security-expo
 ## Prerequisites
 
 - [Read about attack paths](work-attack-paths-overview.md) before you start.
--- [Review required permissions](prerequisites.md#permissions) for working with attack paths.
+- [Review required permissions](prerequisites.md#permissions) for working with attack paths.
 - The value of attack paths increases based on the data used as a source. If no data is available or the data doesn't reflect your organization's environment, attack paths might not appear. Attack paths might not be fully representative:
   - If you don't have licenses defined for workloads integrated and represented in the attack path.
   - If you don't fully define critical assets.
+- You may see an empty Cloud Attack Path page, as attack paths focus on real, externally-driven and exploitable threats rather than exploratory scenarios. This helps reduce noise and prioritize imminent risks.
 
 ### Attack path dashboard
 

exposure-management/whats-new.md

@@ -6,7 +6,7 @@ author: dlanger
 manager: rayne-wiselman
 ms.topic: overview
 ms.service: exposure-management
-ms.date: 05/26/2025
+ms.date: 09/09/2025
 
 ---
 
@@ -24,6 +24,18 @@ Learn more about MSEM by reading the blogs, [here](https://techcommunity.microso
 >
 > `https://aka.ms/msem/rss`
 
+## September 2025
+
+### Refined attack path experience
+
+Cloud Attack Paths now reflect real, externally driven and exploitable risks that adversaries could use to compromise your organization, helping you cut through the noise and act faster. The paths now focus on external entry points and how attackers could progress through your environment reaching business-critical targets.
+
+On-premises Attack Path now terminate automatically when they reach End Game assets (Domain Admins, Enterprise Admins, Administrators, or Domain Controllers). These assets provide full domain control if compromised. The visualization and prioritization of attack path risks for on-premises infrastructure provide consistent clarity, enabling security teams to focus on high-impact scenarios and reduce noise.
+
+The changes bring greater clarity, focus, and prioritization empowering security teams to mitigate the most critical risks with confidence.
+
+For more information, see [Overview of attack paths](work-attack-paths-overview.md) and [Review attack paths](review-attack-paths.md).
+
 ## May 2025
 
 ### Enhanced External Attack Surface Management integration with Exposure Management

exposure-management/work-attack-paths-overview.md

@@ -3,10 +3,10 @@ title: Overview of attack paths in Microsoft Security Exposure Management
 description: Learn how to mitigate security risks using attack paths in Microsoft Security Exposure Management.
 ms.author: dlanger
 author: dlanger
-manager: rayne-wiselman
+manager: ornat-spodek
 ms.topic: overview
 ms.service: exposure-management
-ms.date: 11/18/2024
+ms.date: 09/09/2025
 
 ---
 
@@ -16,6 +16,8 @@ Microsoft Security Exposure Management helps you to manage your company attack s
 
 > [!NOTE]
 > The value of attack paths increases based on the data used as a source. If no data is available or the data doesn't reflect your organization's environment, attack paths might not appear. Attack paths might not be fully representative if you don't have licenses defined for workloads integrated and represented in the attack path or if you haven't fully defined critical assets.
+> 
+> You may see an empty Attack Path page, as the experience focuses on imminent threats rather than exploratory scenarios. 
 
 ## Attack path dashboard
 
@@ -42,6 +44,20 @@ Here's how Exposure Management helps you to identify and resolve attack paths.
   - **Protection**: Ensuring that choke points are secure protects your assets from threats.
 - **Blast radius**: Allows users to visually explore the highest-risk paths from a choke point. It provides a detailed visualization showing how the compromise of one asset could affect others, enabling security teams to assess the broader implications of an attack and prioritize mitigation strategies more effectively.
 
+## Cloud and on-premises attack paths
+
+### Cloud attack paths
+
+Cloud Attack paths illustrate routes that adversaries could exploit to move laterally within your environment, starting from external exposure and progressing toward meaningful impact within your environment. They help security teams visualize and prioritize real-world risks across their attack surface, focusing on externally-driven, exploitable threats that adversaries could use to compromise your organization.
+
+Cloud attack paths reflect real, externally driven and exploitable risks, helping you cut through the noise and act faster. The paths focus on external entry points and how attackers could progress through your environment reaching business-critical targets.
+
+Attack Path expands cloud threat detection to cover a broad range of cloud resources, including storage accounts, containers, serverless environments, unprotected repositories, unmanaged APIs, and AI agents. Each attack path is built from a real, exploitable weakness such as exposed endpoints, misconfigured access settings, or leaked credentials, ensuring that identified threats reflect genuine risk scenarios. By analyzing cloud configuration data and performing active reachability scans, the system validates whether exposures are accessible from outside the environment, reducing false positives and emphasizing threats that are both real and actionable.
+
+### On-premises attack paths
+
+Attack paths now terminate automatically when they reach End Game assets (Domain Admins, Enterprise Admins, Administrators, or Domain Controllers). These assets provide full domain control if compromised. The visualization and prioritization of attack path risks for on-premises infrastructure provide consistent clarity, enabling security teams to focus on high-impact scenarios and reduce noise
+
 ## Next steps
 
 [Review attack paths](review-attack-paths.md).