MicrosoftDocs
diff --git a/‎ATPDocs/deploy/capacity-planning.md‎
Lines changed: 9 additions & 9 deletions b/‎ATPDocs/deploy/capacity-planning.md‎
Lines changed: 9 additions & 9 deletions
diff --git a/‎ATPDocs/deploy/quick-installation-guide.md‎
Lines changed: 1 addition & 1 deletion b/‎ATPDocs/deploy/quick-installation-guide.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎ATPDocs/remediation-actions.md‎
Lines changed: 1 addition & 1 deletion b/‎ATPDocs/remediation-actions.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎ATPDocs/troubleshooting-using-logs.md‎
Lines changed: 2 additions & 2 deletions b/‎ATPDocs/troubleshooting-using-logs.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎ATPDocs/understand-lateral-movement-paths.md‎
Lines changed: 1 addition & 1 deletion b/‎ATPDocs/understand-lateral-movement-paths.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎CloudAppSecurityDocs/caac-known-issues.md‎
Lines changed: 1 addition & 0 deletions b/‎CloudAppSecurityDocs/caac-known-issues.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎CloudAppSecurityDocs/mde-govern.md‎
Lines changed: 1 addition & 1 deletion b/‎CloudAppSecurityDocs/mde-govern.md‎
Lines changed: 1 addition & 1 deletion
@@ -11,7 +11,7 @@ This article describes how to use the Microsoft Defender for Identity sizing too
 
 While domain controller performance may not be affected if the server doesn't have required resources, the Defender for Identity sensor may not operate as expected. For more information, see [Microsoft Defender for Identity prerequisites](prerequisites.md).
 
-The sizing tool measures the capacity needed for domain controllers only. There is no need to run it against AD FS / AD CS servers, as the performance impact on AD FS / AD CS servers is extremely minimal to not existent.
+The sizing tool measures the capacity needed for domain controllers only. There is no need to run it against AD FS / AD CS / Entra Connect servers, as the performance impact on these servers is extremely minimal to not existent.
 
 > [!TIP]
 > By default, Defender for Identity supports up to 350 sensors. To install more sensors, contact Defender for Identity support.
@@ -47,17 +47,17 @@ Common results include:
 
 |Result  |Description  |
 |---------|---------|
-|**Yes**     |   The sensor is supported on your server      |
+|**Yes**     |   The sensor is supported on your server.      |
 |**Yes, but additional resources required** | The sensor is supported on your server as long you add any specified missing resources.  |
-|**Maybe**     |     The current **Busy Packets/Second** value may be significantly higher at that point than average. Check the timestamps to understand the processes running at that time, and whether you can limit the bandwidth for those processes under normal circumstances.     |
-|**Maybe, but additional resources required** |The sensor may be supported on your server as long you add any specified missing resources, or the **Busy packets / Second** may be above 60K |
-|**No**     |    The sensor isn't supported on your server. <br><br>The current **Busy Packets/Second** value may be significantly higher at that point than average. Check the timestamps to understand the processes running at that time, and whether you can limit the bandwidth for those processes under normal circumstances.    |
-|**Missing OS Data**     |  There was an issue reading the operating system data.  Make sure the connection to your server is able to query WMI remotely.   |
-|**Missing Traffic Data**     | There was an issue reading the traffic data.    Make sure the connection to your server is able to query performance counters remotely.        |
-|**Missing RAM data**     |    There was an issue reading the RAM data.  Make sure the connection to your server is able to query WMI remotely.       |
+|**Maybe**     |     The current **Busy Packets/sec** value may be significantly higher at that point than average. Check the timestamps to understand the processes running at that time, and whether you can limit the bandwidth for those processes under normal circumstances.     |
+|**Maybe, but additional resources required** |The sensor may be supported on your server as long you add any specified missing resources, or the **Busy packets/sec** may be above 60K. |
+|**No**     |    The sensor isn't supported on your server. <br><br>The current **Busy Packets/sec** value may be significantly higher at that point than average. Check the timestamps to understand the processes running at that time, and whether you can limit the bandwidth for those processes under normal circumstances.    |
+|**Missing OS Data**     |  There was an issue reading the operating system data. Make sure the connection to your server is able to query WMI remotely.   |
+|**Missing Traffic Data**     | There was an issue reading the traffic data. Make sure the connection to your server is able to query performance counters remotely.        |
+|**Missing RAM data**     |    There was an issue reading the RAM data. Make sure the connection to your server is able to query WMI remotely.       |
 |**Missing core data**     |   There was an issue reading the core data. Make sure the connection to your server is able to query WMI remotely.          |
 
-For example, the following image shows a set of results where the **Maybe** indicates that the **Busy Packets/Second** value is significantly higher at that point than average.  Note that the **Display DC Times as UTC/Local** is set to *Local DC Time*. This setting helps highlight the fact that the values were taken at around 3:30 AM.
+For example, the following image shows a set of results where the **Maybe** indicates that the **Busy Packets/sec** value is significantly higher at that point than average.  Note that the **Display DC Times as UTC/Local** is set to *Local DC Time*. This setting helps highlight the fact that the values were taken at around 3:30 AM.
 
 :::image type="content" source="../media/capacity-tool-maybe.png" alt-text="Screenshot of a capacity tool results showing Maybe values." lightbox="../media/capacity-tool-maybe.png":::
 
 
@@ -16,7 +16,7 @@ Watch the following video for a step-by-step demo and to learn about:
 - Finding potential sensor and configuration health issues
 - Viewing identity-related posture assessments in Microsoft Secure Score
 
-> [!VIDEO https://www.microsoft.com/videoplayer/embed/RW16oLB]
+> [!VIDEO https://learn-video.azurefd.net/vod/player?id=de930a92-f552-4c09-92dc-1ab03c2e1131]
 
 ## Prerequisites
 
 
@@ -44,7 +44,7 @@ Depending on your Microsoft Entra ID roles, you might see additional Microsoft E
 
 ## Related videos
 
-[Remediation actions in Defender for Identity](https://www.microsoft.com/videoplayer/embed/RE4U7Pe)
+[Remediation actions in Defender for Identity](https://learn-video.azurefd.net/vod/player?id=adc6068b-225c-457d-b053-db6b64dedb79)
 
 ## See also
 
 
@@ -9,7 +9,7 @@ ms.topic: how-to
 
 The Defender for Identity logs provide insight into what each component of Microsoft Defender for Identity sensor is doing at any given point in time.
 
-The Defender for Identity logs are located in a subfolder called **Logs** where Defender for Identity is installed; the default location is: **C:\Program Files\Azure Advanced Threat Protection Sensor\\**. In the default installation location, it can be found at: **C:\Program Files\Azure Advanced Threat Protection Sensor\version number\Logs**.
+The Defender for Identity logs are located in a subfolder called **Logs** where Defender for Identity is installed; the default location is: `C:\Program Files\Azure Advanced Threat Protection Sensor`. In the default installation location, it can be found at: `C:\Program Files\Azure Advanced Threat Protection Sensor\version number\Logs`.
 
 ## Defender for Identity sensor logs
 
@@ -28,7 +28,7 @@ The Defender for Identity sensor has the following logs:
 
 ## Defender for Identity deployment logs
 
-The Defender for Identity deployment logs are located in the temp directory of the user who installed the product. It will usually be found at **%USERPROFILE%\AppData\Local\Temp**. If it was deployed by a service, it might be found at **C:\Windows\Temp**.
+The Defender for Identity deployment logs are located in the temp directory of the user who installed the product. Typically, you can find these logs at `%USERPROFILE%\AppData\Local\Temp`. If the deployment was performed by a service, the logs might be located in `C:\Windows\Temp` or `C:\Windows\SystemTemp`, depending on your Windows version and patch level.
 
 Defender for Identity sensor deployment logs:
 
 
@@ -22,7 +22,7 @@ Watch the following video to learn more about reducing lateral movement paths wi
 
 <br>
 
-> [!VIDEO https://www.microsoft.com/videoplayer/embed/RWAOfW]
+> [!VIDEO https://learn-video.azurefd.net/vod/player?id=d216a20e-b9a9-4ebc-b309-7b1eae97742a]
 
 ## Where can I find Defender for Identity LMPs?
 
 
@@ -72,6 +72,7 @@ In the following applications, we encountered scenarios where browsing to a link
 - Workplace from Meta
 - ServiceNow
 - Workday
+- Box
 
 ### File upload limitations
 
 
@@ -20,7 +20,7 @@ Apps marked as **Unsanctioned** in Defender for Cloud Apps are automatically syn
 
 - One of the following licenses:
 
-  - Defender for Cloud Apps (E5, AAD-P1m CAS-D) and Microsoft Defender for Endpoint [Plan 2](/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1-2), with endpoints onboarded to Defender for Endpoint
+  - Defender for Cloud Apps + Endpoint
   - Microsoft 365 E5
 
 - Microsoft Defender Antivirus. For more information, see: