Merge branch 'main' into ASTQR-chrisda

Author: chrisda

defender-endpoint/android-configure-mam.md

@@ -14,7 +14,7 @@ ms.collection:
 - mde-android
 ms.topic: conceptual
 ms.subservice: android
-ms.date: 07/25/2024
+ms.date: 08/08/2024
 ---
 
 # Configure Microsoft Defender for Endpoint on Android risk signals using App Protection Policies (MAM)
@@ -124,14 +124,14 @@ End users also need to take steps to install Microsoft Defender for Endpoint on
 
 1. Sign in to a managed application, for example, Outlook. The device is registered and the application protection policy is synchronized to the device. The application protection policy recognizes the device's health state.
 
-2. Select **Continue**. A screen is presented which recommends downloading and setting up of Microsoft Defender for Endpoint on Android app.
+2. Select **Continue**. A screen is presented which recommends downloading and setting up of the Microsoft Defender: Antivirus (Mobile) app.
 
 3. Select **Download**. You'll be redirected to the app store (Google play).
 
-4. Install the Microsoft Defender for Endpoint (Mobile) app and launch back Managed app onboarding screen.
-
-   :::image type="content" source="media/download-mde.png" alt-text="The illustrative pages that contain the procedure of downloading MDE and launching back the app-onboarding screen." lightbox="media/download-mde.png":::
+4. Install the Microsoft Defender: Antivirus (Mobile) app and go back to the managed app onboarding screen.
 
+    :::image type="content" source="media/mam-flow.png" alt-text="Shows the procedure of downloading Microsoft Defender: Antivirus (Mobile) app." lightbox="media/mam-flow.png":::
+   
 5. Click **Continue > Launch**. The Microsoft Defender for Endpoint app onboarding/activation flow is initiated. Follow the steps to complete onboarding. You'll automatically be redirected back to Managed app onboarding screen, which now indicates that the device is healthy.
 
 6. Select **Continue** to log into the managed application.

defender-endpoint/media/mam-flow.png

@@ -61,7 +61,7 @@ Safe Links protection by Safe Links policies is available in the following locat
   >
   > Safe Links supports only HTTP(S) and FTP formats.
   >
-  > Safe Links no longer wraps URLs pointing to SharePoint sites. SharePoint URLs are still processed by the Safe Links service. This change doesn't cause a degradation in the protection a tenant receives. It's intended to improve the performance of loading SharePoint URLs.
+  > Safe Links no longer wraps URLs pointing to SharePoint Online sites. SharePoint URLs are still processed by the Safe Links service. This change doesn't cause a degradation in the protection a tenant receives. It's intended to improve the performance of loading SharePoint URLs.
   >
   > Using another service to wrap links before Defender for Office 365 might prevent Safe Links from process links, including wrapping, detonating, or otherwise validating the "maliciousness" of the link.
 

defender-office-365/safe-links-about.md

@@ -3,7 +3,7 @@ title: Accessing incident notifications and DENs using Graph security API
 ms.reviewer:
 description: The method to access Defender Experts Notifications using Graph security API
 ms.service: defender-experts
-ms.subservice: dex-xdr
+ms.subservice: dex-hunting
 ms.author: vpattnaik
 author: vpattnai
 ms.localizationpriority: medium
@@ -15,7 +15,7 @@ ms.collection:
   - essentials-overview
 ms.topic: conceptual
 search.appverid: met150
-ms.date: 04/29/2024
+ms.date: 08/14/2024
 ---
 
 # Access incident notifications using Graph API

defender-xdr/access-den-graph-api.md

@@ -3,6 +3,7 @@ title: Key infrastructure requirements before enrolling in the Microsoft Defende
 ms.reviewer:
 description: This section outlines the key infrastructure requirements you must meet and important information on data access and compliance
 ms.service: defender-experts
+ms.subservice: dex-hunting
 ms.author: vpattnaik
 author: vpattnai
 ms.localizationpriority: medium
@@ -14,7 +15,7 @@ ms.collection:
   - tier1
 ms.topic: conceptual
 search.appverid: met150
-ms.date: 06/19/2024
+ms.date: 08/14/2024
 ---
 
 # Before you begin using Defender Experts for Hunting

defender-xdr/before-you-begin-defender-experts.md

@@ -3,20 +3,20 @@ title: Manage the deception capability in Microsoft Defender XDR
 description: Detect human-operated attacks with lateral movement in the early stages using high confidence signals from the deception feature in Microsoft Defender XDR.
 ms.service: defender-xdr
 f1.keywords: 
-  - NOCSH
+- NOCSH
 ms.author: diannegali
 author: diannegali
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: 
-  - m365-security
-  - tier1
+- m365-security
+- tier1
 ms.topic: conceptual
 search.appverid: 
-  - MOE150
-  - MET150
-ms.date: 08/08/2024
+- MOE150
+- MET150
+ms.date: 08/14/2024
 ---
 
 # Manage the deception capability in Microsoft Defender XDR
@@ -79,7 +79,7 @@ There are two types of lures available in the deception feature:
 
 You can specify decoys, lures, and the scope in a deception rule. See [Configure the deception feature](configure-deception.md) to learn more about how to create and modify deception rules.  
 
-When an attacker uses a decoy or a lure on any Defender for Endpoint-onboarded client, the deception capability triggers an alert that indicates possible attacker activity, regardless of whether deception was deployed on the client or not.
+When an attacker uses a decoy on any Defender for Endpoint-onboarded client, the deception capability triggers an alert that indicates possible attacker activity, regardless of whether deception was deployed on the client or not.
 
 ## Identify incidents and alerts activated by deception
 

defender-xdr/deception-overview.md

@@ -3,6 +3,7 @@ title: What is Microsoft Defender Experts for Hunting offering
 ms.reviewer:
 description: Microsoft  Defender Experts for Hunting is a proactive threat hunting service that goes beyond the endpoint to hunt across endpoints
 ms.service: defender-experts
+ms.subservice: dex-hunting
 ms.author: vpattnaik
 author: vpattnai
 ms.localizationpriority: medium

defender-xdr/defender-experts-for-hunting.md

@@ -4,7 +4,7 @@ ms.reviewer:
 description: The Defender Experts for Hunting service publishes reports to help you understand all the threats the hunting service surfaced in your environment
 search.appverid: met150
 ms.service: defender-experts
-ms.subservice: dex-xdr
+ms.subservice: dex-hunting
 f1.keywords:
 - NOCSH
 ms.author: vpattnaik
@@ -17,7 +17,7 @@ ms.collection:
 - tier1
 - essentials-manage
 ms.topic: conceptual
-ms.date: 10/17/2023
+ms.date: 08/14/2023
 ---
 
 # Understand the Defender Experts for Hunting report in Microsoft Defender XDR

defender-xdr/defender-experts-report.md

@@ -4,6 +4,7 @@ ms.reviewer:
 description: Select Ask Defender Experts directly inside the Microsoft Defender security portal to get swift and accurate responses to all your threat hunting questions.
 search.product: Windows 10
 ms.service: defender-experts
+ms.subservice: dex-hunting
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -18,7 +19,7 @@ ms.collection:
   - essentials-get-started
 ms.topic: conceptual
 search.appverid: met150
-ms.date: 04/18/2024
+ms.date: 08/14/2024
 ---
 
 # Collaborate with experts on demand

defender-xdr/experts-on-demand.md

@@ -11,7 +11,7 @@ ms.collection:
 - m365-security
 - tier3
 ms.topic: overview
-ms.date: 07/23/2024
+ms.date: 08/14/2024
 search.appverid: met150
 ---
 
@@ -24,7 +24,7 @@ search.appverid: met150
 - [Microsoft Defender for Endpoint Plan 2](/defender-endpoint/microsoft-defender-endpoint)
 - [Microsoft Defender XDR](microsoft-365-defender.md)
 
-The audit log can help you investigate specific activities across Microsoft 365 services. In the Microsoft Defender XDR portal, Microsoft Defender XDR and Microsoft Defender for Endpoint activities are audited. Some of the activities audited are:
+The audit log can help you investigate specific activities across Microsoft 365 services. In the Microsoft Defender portal, Microsoft Defender XDR and Microsoft Defender for Endpoint activities are audited. Some of the activities audited are:
 
 - Changes to data retention settings
 - Changes to advanced features