Merge branch 'main' into patch-54

Author: aditisrivastava07

.acrolinx-config.edn

@@ -35,7 +35,7 @@ If you need a scoring exception for content in this PR, add the *Sign off* and t
 - Escalate the exception request to the Acrolinx Review Team for review.
 - Approve the exception and work with the GitHub Admin Team to merge the PR to the default branch.
 
-For more information about the exception criteria and exception process, see [Minimum Acrolinx topic scores for publishing](https://review.docs.microsoft.com/en-us/office-authoring-guide/acrolinx-min-score?branch=main).
+For more information about the exception criteria and exception process, see [Minimum Acrolinx topic scores for publishing](https://review.learn.microsoft.com/en-us/office-authoring-guide/acrolinx-min-score?branch=main).
  
 Select the total score link to review all feedback on clarity, consistency, tone, brand, terms, spelling, grammar, readability, and inclusive language. _You should fix all spelling errors regardless of your total score_. Fixing spelling errors helps maintain customer trust in overall content quality.
 
@@ -54,7 +54,7 @@ Select the total score link to review all feedback on clarity, consistency, tone
 - [Install Acrolinx locally for VSCode for Magic](https://review.learn.microsoft.com/office-authoring-guide/acrolinx-vscode?branch=main)
 - [False positives or issues](https://aka.ms/acrolinxbug)
 - [Request a new Acrolinx term](https://microsoft.sharepoint.com/teams/M365Dev2/SitePages/M365-terminology.aspx)
-- [Troubleshooting issues with Acrolinx](https://review.learn.microsoft.com/help/platform/acrolinx-troubleshoot?branch)
+- [Troubleshooting issues with Acrolinx](https://review.learn.microsoft.com/help/platform/acrolinx-troubleshoot?branch=main)
 
 "
 }

.openpublishing.redirection.ata-atp.json

@@ -140,6 +140,31 @@
       "redirect_url": "manage-security-alerts",
       "redirect_document_id": false
     },
+    {
+      "source_path": "ATPDocs/credential-access-alerts.md",
+      "redirect_url": "alerts-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "ATPDocs/persistence-privilege-escalation-alerts.md",
+      "redirect_url": "alerts-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "ATPDocs/reconnaissance-discovery-alerts.md",
+      "redirect_url": "alerts-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "ATPDocs/lateral-movement-alerts.md",
+      "redirect_url": "alerts-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "ATPDocs/other-alerts.md",
+      "redirect_url": "alerts-overview",
+      "redirect_document_id": false
+    },
     {
       "source_path": "ATPDocs/classic-activities-filtering-mcas.md",
       "redirect_url": "/previous-versions/defender-for-identity/classic-activities-filtering-mcas",

.openpublishing.redirection.defender-office-365.json

@@ -59,6 +59,11 @@
       "source_path": "defender-office-365/step-by-step-guides/deploy-and-configure-the-report-message-add-in.md",
       "redirect_url": "/defender-office-365/submissions-outlook-report-messages",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-office-365/tenant-wide-setup-for-increased-security.md",
+      "redirect_url": "/security/zero-trust/zero-trust-identity-device-access-policies-overview",
+      "redirect_document_id": false
     }
   ]
 }

ATADocs/suspicious-activity-guide.md

@@ -536,9 +536,9 @@ Apply the latest patches to all of your machines, and check all security updates
 
 1. [Remove WannaCry](https://support.microsoft.com/help/890830/remove-specific-prevalent-malware-with-windows-malicious-software-remo)
 
-1. Data in the control of some ransom software can sometimes be decrypted. Decryption is only possible if the user hasn't restarted or turned off the computer. For more information, see [Wanna Cry Ransomware](https://answers.microsoft.com/en-us/windows/forum/windows_10-security/wanna-cry-ransomware/5afdb045-8f36-4f55-a992-53398d21ed07?auth=1)
+1. Data in the control of some ransom software can sometimes be decrypted. Decryption is only possible if the user hasn't restarted or turned off the computer. For more information, see [WannaCrypt ransomware worm targets out-of-date systems](https://www.microsoft.com/security/blog/2017/05/12/wannacrypt-ransomware-worm-targets-out-of-date-systems/)
 
->[!NOTE]
+> [!NOTE]
 > To disable a suspicious activity alert, contact support.
 
 ## See also

ATPDocs/alerts-mdi-classic.md

@@ -12,6 +12,11 @@ ms.reviewer: Himanch
 
 This report lists any Okta privileged accounts that don't have any multifactor authentication (MFA) methods assigned. 
 
+## Prerequisites
+
+To use this security assessment, you must first connect your Okta instance in the Microsoft Defender portal.  
+For setup instructions, see [Connect your Okta instance](/defender-for-identity/okta-integration#connect-okta-to-defender-for-identity).
+
 ## Why is a privileged account without MFA a security risk?
 
 All privileged accounts should have multifactor authentication (MFA) enabled to strengthen security. By ensuring that privileged accounts such as Super Admin or Org Admin roles are secured with MFA, organizations can significantly reduce the risk of unauthorized access from compromised credentials. This strategy helps prevent attackers from gaining elevated access, safeguarding sensitive resources and protecting critical administrative functions from abuse.

ATPDocs/alerts-overview.md

@@ -40,14 +40,14 @@ The cs2 field identifies if the alert is new or updated.
 The cs3 field identifies the fully qualified domain name of the source computer name.
 
 > [!NOTE]
-> If you plan to create automation or scripts for Defender for Identity SIEM logs, we recommend using the **externalId** field to identify the alert type instead of using the alert name for this purpose. Alert names may occasionally be modified, while the **externalId** of each alert is permanent. For a list of external IDs, see [Security alert name mapping and unique external IDs](alerts-overview.md#map-security-alerts-to-unique-external-id-and-mitre-attck-matrix-tactics).
+> If you plan to create automation or scripts for Defender for Identity SIEM logs, we recommend using the **externalId** field to identify the alert type instead of using the alert name for this purpose. Alert names may occasionally be modified, while the **externalId** of each alert is permanent. For a list of external IDs, see [Security alerts](alerts-overview.md).
 
 ## Sample logs
 
 The log examples comply with RFC 5424, but Defender for Identity also supports RFC 3164.
 
 >[!NOTE]
->The list below is a sample of logs sent to a SIEM. For a full list of alert details, see [Security alert name mapping and unique external IDs](alerts-overview.md#map-security-alerts-to-unique-external-id-and-mitre-attck-matrix-tactics).
+>The list below is a sample of logs sent to a SIEM. For a full list of alert details, see [Security alerts](alerts-overview.md).
 
 Priorities:
 
@@ -197,7 +197,7 @@ Priorities:
 
 ## See Also
 
-- [Security alert name mapping and unique external IDs](alerts-overview.md#map-security-alerts-to-unique-external-id-and-mitre-attck-matrix-tactics).
+- [Security alerts](alerts-overview.md).
 - [Configure event collection](deploy/configure-event-collection.md)
 - [Configuring Windows event forwarding](deploy/configure-event-forwarding.md)
 - [Check out the Defender for Identity forum](https://aka.ms/MDIcommunity)

ATPDocs/alerts-xdr.md

@@ -11,6 +11,11 @@ ms.reviewer: Himanch
 
 This recommendation lists any Okta privileged accounts that use outdated passwords that were last set over 180 days ago.  
 
+## Prerequisites
+
+To use this security assessment, you must first connect your Okta instance in the Microsoft Defender portal.  
+For setup instructions, see [Connect your Okta instance](/defender-for-identity/okta-integration#connect-okta-to-defender-for-identity).
+
 ## Why is a privileged account with an old password a security risk?
 
 Privileged accounts with old passwords create a significant security risk, as older credentials are more likely to be exposed through data breaches or other attack vectors. Enforcing regular password updates for privileged accounts reduces the likelihood of unauthorized access and strengthens overall security. Applying stringent password policies to accounts with elevated privileges protects sensitive resources and lowers the risk of exploitation.