MicrosoftDocs
diff --git a/‎ATPDocs/health-alerts.md‎
Lines changed: 1 addition & 1 deletion b/‎ATPDocs/health-alerts.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎ATPDocs/includes/server-requirements.md‎
Lines changed: 6 additions & 5 deletions b/‎ATPDocs/includes/server-requirements.md‎
Lines changed: 6 additions & 5 deletions
diff --git a/‎ATPDocs/index.yml‎
Lines changed: 13 additions & 13 deletions b/‎ATPDocs/index.yml‎
Lines changed: 13 additions & 13 deletions
diff --git a/‎defender-business/mdb-manage-subscription.md‎
Lines changed: 3 additions & 3 deletions b/‎defender-business/mdb-manage-subscription.md‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎defender-endpoint/configure-advanced-scan-types-microsoft-defender-antivirus.md‎
Lines changed: 4 additions & 1 deletion b/‎defender-endpoint/configure-advanced-scan-types-microsoft-defender-antivirus.md‎
Lines changed: 4 additions & 1 deletion
@@ -103,7 +103,7 @@ Sensor-specific health issues are displayed in the **Sensor health issues** tab
 
 |Alert|Description|Resolution|Severity|Displayed in|
 |----|----|----|----|----|
-|There has been no communication from the Defender for Identity sensor. The default time span for this alert is 5 minutes.|Network traffic is no longer captured by the network adapter on the Defender for Identity sensor. This affects Defender for Identity's ability to detect suspicious activities, since network traffic isn't able to reach the Defender for Identity cloud service.|Check that the port used for the communication between the Defender for Identity sensor and Defender for Identity cloud service isn't blocked by any routers or firewalls.|Medium|Sensors health issues tab|
+|There has been no communication from the Defender for Identity sensor. The default time span for this alert is 5 minutes.|This indicates that the sensor failed to send data or a keep-alive signal to the Defender for Identity services for a period exceeding the allowed time. This typically suggests either a network issue in the environment that prevented data transmission or a server restart that took longer than the acceptable time frame, impacting Defender for Identity's ability to detect suspicious activities.|Check the communication between the Defender for Identity sensor and Defender for Identity cloud service isn't blocked by any routers or firewalls.|Medium|Sensors health issues tab|
 
 ### Some Windows events are not being analyzed
 
 
@@ -1,18 +1,19 @@
 ---
-title: include file
-description: include file
-ms.topic: include
+title: Include file
+description: Include file
+ms.topic: Include
 ms.date: 09/26/2023
 ---
 
 Defender for Identity sensors can be installed on the following operating systems:
 
 - **Windows Server 2016**
-- **Windows Server 2019**. Requires [KB4487044](https://support.microsoft.com/topic/february-12-2019-kb4487044-os-build-17763-316-6502eb5d-dde8-6902-e149-27ef359ed616) or a newer cumulative update. Sensors installed on Server 2019 without this update will be automatically stopped if the *ntdsai.dll* file version found in the system directory is older than *10.0.17763.316*
+- **Windows Server 2019**. Requires [KB4487044](https://support.microsoft.com/topic/february-12-2019-kb4487044-os-build-17763-316-6502eb5d-dde8-6902-e149-27ef359ed616) or a newer cumulative update. Sensors installed on Server 2019 without this update will be automatically stopped if the `ntdsai.dll` file version found in the system directory is older `than 10.0.17763.316`
 - **Windows Server 2022**
+- **Windows Server 2025**
 
 For all operating systems:
 
 - Both servers with desktop experience and server cores are supported.
-- Nano servers are not supported.
+- Nano servers aren't supported.
 - Installations are supported for domain controllers, AD FS, and AD CS servers.
@@ -1,18 +1,18 @@
 ### YamlMime:Landing
 
-title: Microsoft Defender for Identity documentation 
-summary: Microsoft Defender for Identity cloud service helps protect your enterprise hybrid environments from multiple types of advanced targeted cyber attacks and insider threats. 
+title: Microsoft Defender for Identity documentation
+summary: Microsoft Defender for Identity cloud service helps protect your enterprise hybrid environments from multiple types of advanced targeted cyber attacks and insider threats.
 metadata:
   title: Microsoft Defender for Identity documentation
-  description: Microsoft Defender for Identity cloud service helps protect your enterprise hybrid environments from multiple types of advanced targeted cyber attacks and insider threats. 
+  description: Microsoft Defender for Identity cloud service helps protect your enterprise hybrid environments from multiple types of advanced targeted cyber attacks and insider threats.
   services: service
   ms.service: azure-advanced-threat-protection
   ms.subservice: subservice
-  ms.topic: landing-page 
+  ms.topic: landing-page
   ms.collection: M365-security-compliance
-  author: batamig 
-  ms.author: bagol 
-  ms.date: 09/23/2019 
+  author: batamig
+  ms.author: bagol
+  ms.date: 09/23/2019
 
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
 
@@ -32,7 +32,7 @@ landingContent:
         links:
           - text: Releases
             url: whats-new.md
-  - title: Check out Defender for Identity alerts      
+  - title: Check out Defender for Identity alerts
     linkLists:
       - linkListType: get-started
         links:
@@ -47,21 +47,21 @@ landingContent:
       - linkListType: how-to-guide
         links:
           - text: Security posture assessments
-            url: security-assessment.md  
+            url: security-assessment.md
           - text: Configure detection exclusions
             url: exclusions.md
-          - text: Search and filter monitored activities 
+          - text: Search and filter monitored activities
             url: monitored-activities.md
           - text: Set entity tags
             url: entity-tags.md
           - text: Advanced Threat Analytics (ATA) to Defender for Identity migration
             url: migrate-from-ata-overview.md
-  - title: Investigate threats 
+  - title: Investigate threats
     linkLists:
       - linkListType: tutorial
         links:
           - text: Investigate assets
-            url: investigate-assets.md  
+            url: investigate-assets.md
           - text: Investigate lateral movement paths
             url: understand-lateral-movement-paths.md
           - text: Remediation actions
@@ -74,5 +74,5 @@ landingContent:
             url: technical-faq.yml
           - text: Support
             url: support.md
-          - text: Defender for Identity data security and privacy 
+          - text: Defender for Identity data security and privacy
             url: privacy-compliance.md
@@ -7,7 +7,7 @@ ms.author: chrisda
 manager: deniseb
 audience: ITPro
 ms.topic: overview
-ms.date: 01/03/2024
+ms.date: 12/30/2024
 ms.service: defender-business
 ms.localizationpriority: medium
 ms.reviewer: shlomiakirav, efratka
@@ -48,12 +48,12 @@ This article describes how to apply either Defender for Business or Defender for
 
    > [!IMPORTANT]
    > Keep the following important points in mind before you save your changes:
-   >
    > - Make sure you have enough licenses for the subscription you're using for all users in your organization.
    > - If you select **Only Microsoft Defender for Endpoint Plan 2**, the simplified configuration experience for Defender for Business is replaced with advanced settings that you can configure in Defender for Endpoint. If this change is applied, you can't undo it.
-   > - It can take up to three hours for your changes to be applied.
+   > - It can take up to six hours for your changes to be applied.
    > - Make sure to review your security policies and settings. To get help with Defender for Endpoint policies and settings, see [Configure Defender for Endpoint capabilities](/defender-endpoint/onboard-configure). To get help with Defender for Business policies and settings, see [Review and edit your security policies and settings in Defender for Business](mdb-configure-security-settings.md).
 
+   
 ## Review license usage
 
 The license usage report is estimated based on sign-in activities on the device. Defender for Endpoint Plan 2 licenses are assigned to users, and each user can have up to five concurrent, onboarded devices. To learn more about license terms, see [Microsoft Licensing](https://www.microsoft.com/licensing/default).
 
@@ -9,7 +9,7 @@ ms.custom: nextgen
 ms.reviewer: pahuijbr
 manager: deniseb
 ms.subservice: ngp
-ms.date: 11/01/2024
+ms.date: 12/26/2024
 ms.collection: 
 - m365-security
 - tier2
@@ -75,6 +75,9 @@ For details on configuring Microsoft Configuration Manager (current branch), see
 > [!NOTE]
 > If real-time protection is turned on, files are scanned before they are accessed and executed. The scanning scope includes all files, including files on mounted removable media, such as USB drives. If the device performing the scan has real-time protection or on-access protection turned on, the scan also includes network shares.
 
+> [!TIP]
+> If you have a Network-Attached Storage (NAS) or Storage Area Network (SAN), you can use Internet Content Adaption Protocol (ICAP) scanning with the Microsoft Defender Antivirus engine. For more information, see **[Tech Community Blog: MetaDefender ICAP with Windows Defender Antivirus: World-class security for hybrid environments](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/metadefender-icap-with-windows-defender-antivirus-world-class/ba-p/800234)**.
+
 ## Use PowerShell to configure scanning options
 
 For more information on how to use PowerShell with Microsoft Defender Antivirus, see the following articles: