Merge pull request #2253 from MicrosoftDocs/main

Published main to live, Tuesday 5:00 PM IST, 12/24

Author: padmagit77

defender-xdr/defender-experts-scoped-coverage.md

@@ -17,7 +17,7 @@ ms.custom:
 - cx-ti
 - cx-dex
 search.appverid: met150
-ms.date: 12/20/2024
+ms.date: 12/24/2024
 ---
 
 # Scoped coverage in Microsoft Defender Experts for XDR
@@ -34,17 +34,19 @@ Devices and users that are out of scope won't be supported by Defender Experts.
 
 ## Using Defender Experts scoped coverage
 
-You can create a predefined Microsoft Defender for Endpoint device group or a Microsoft Entra ID user group in the Microsoft Defender portal to which you can add devices and users, respectively. The default name assigned to the created device or user group is:
+You can create a predefined Microsoft Defender for Endpoint device group or a Microsoft Entra ID user group in the Microsoft Defender portal to which you can add devices and users, respectively. The name assigned to the created device or user group should be the following:
 
 - **Defender_Experts_Scoped_Coverage_Devices**
 - **Defender_Experts_Scoped_Coverage_Users**
 
-The devices and users you add to these groups are then considered as the set of assets that are in scope for this service.
-
 :::image type="content" source="media/defender_scoped_devices.png" alt-text="Screenshot of Defender Experts Scoped devices." lightbox="media/defender_scoped_devices.png":::
 
+:::image type="content" source="media/defender-experts-scoped-users.png" alt-text="Screenshot of Defender Experts Scoped users." lightbox="media/defender-experts-scoped-users.png":::
+
+The devices and users you add to these groups are then considered as the set of assets that are in scope for this service.
+
 > [!NOTE]
-> Defender Experts need **Security admin** permissions to create the device and user groups. [Learn more about granting permissions to our experts](get-started-xdr.md#grant-permissions-to-our-experts).
+> You need **Security admin** permissions to create the device and user groups. [Learn more about granting permissions to our experts](get-started-xdr.md#grant-permissions-to-our-experts).
 
 > [!TIP]
 > The device group should be in the highest order of priority for the devices under it, to be considered in scope. This is a known product limitation.
@@ -54,8 +56,8 @@ Currently, the service doesn't offer support to rename these predefined groups,
 The following section lists down questions that you or your SOC team might have regarding scoped coverage:
 
 1. **What aspects of the XDR service remain consistent with Defender Experts scoped coverage?**
-   - This service doesn't change our pricing structure. You still pay for Defender Experts service based on E5 (Microsoft Defender for Servers) for your desired user base.
-   - This service doesn't scope according to individual Microsoft Defender products and services (such as Defender for Endpoint, Microsoft Defender for Office 365, or Microsoft Defender for Cloud). That is, the minimum baseline for scoped coverage is still the E5 license.
+   - This service doesn't change our pricing structure. You still pay for Defender Experts service based on [E5](before-you-begin-xdr.md#eligibility-and-licensing) and Microsoft Defender for Endpoint for Servers for your desired user base.
+   - This service doesn't scope according to individual Microsoft Defender products and services (such as Microsoft Defender for Endpoint, Microsoft Defender for Office 365, or Microsoft Defender for Cloud). That is, the minimum baseline for scoped coverage is still the E5 license.
    - There's no change in permissions for analysts in Defender Experts for XDR. Defender Experts analysts will still have access to your entire tenant and not just the scoped assets.
 
 2. **Can I change the scoped assets later?**

defender-xdr/experts-on-demand.md

@@ -21,7 +21,7 @@ ms.collection:
   - essentials-manage
 ms.topic: conceptual
 search.appverid: met150
-ms.date: 12/20/2024
+ms.date: 12/24/2024
 ---
 
 # Collaborate with experts on demand
@@ -85,7 +85,7 @@ The option to **Ask Defender Experts** is available in several places throughout
 
 ### In portal
 
-You can view responses to inquiries submitted to Ask Defender Experts from up to six months ago by navigating to **Reports** > **Defender Experts messages**. You'll also be able to ask follow-up questions or reply with more information to Defender Experts from this page.
+You can view responses to inquiries submitted to Ask Defender Experts from up to six months ago by navigating to **Reports** > **Defender Experts messages**. You can also ask follow-up questions or reply with more information to Defender Experts from this page.
 
 :::image type="content" source="media/inportal-managed-response.png" alt-text="Screenshot of in-portal managed response." lightbox="media/inportal-managed-response.png":::
 
@@ -124,22 +124,22 @@ If you included contact email addresses when submitting your inquiry, they'll re
 
 ## Services that aren't in scope for Defender Experts
 
-Ask Defender Experts is focused on products that are only included in Microsoft Defender XDR, i.e., Microsoft Defender for Endpoint, Microsoft Defender for Office, Microsoft Defender for Cloud Apps, and Microsoft Defender for Identity.
+Ask Defender Experts is focused on products that are only included in Microsoft Defender XDR, that is, Microsoft Defender for Endpoint, Microsoft Defender for Office, Microsoft Defender for Cloud Apps, and Microsoft Defender for Identity.
 
 The service doesn't cover the following scenarios:
 
-- Inquiries related to custom detections in the above products can't be handled in Ask Defender Experts because our experts typically don't have access to such telemetry or visibility into how these custom policies were set up. Examples of such policies include:
+- **Inquiries related to custom detections**- Inquiries related to custom detections in the above products can't be handled in Ask Defender Experts because our experts typically don't have access to such telemetry or visibility into how these custom policies were set up. Examples of such policies include:
 
   - **Alerts with policy source** = **Custom**
   - **Detection source** = **Custom TI**
   - **Alert title** = **Anomaly Indicator**
   - **Threat family** = **Custom Enterprise Block Only**
 
-- Defender Experts won't be able to handle inquiries on non-Defender XDR products such as Microsoft Defender for Cloud, Microsoft Defender for IoT, Microsoft Sentinel, Microsoft Purview, Microsoft Priva, and other third-party cybersecurity products.
+- **Inquiries related to non-Microsoft Defender XDR products**- Defender Experts don't handle inquiries on non-Defender XDR products such as Microsoft Defender for Cloud, Microsoft Defender for IoT, Microsoft Sentinel, Microsoft Purview, Microsoft Priva, and other third-party cybersecurity products.
 
-- Defender Experts won't be able to assist you with inquiries regarding bugs in your product experience in the Defender XDR portal, such as, missing data on the alert or incident page or a recommended action not completing when you action it. You can reach out to Microsoft Support via the [Services Hub](https://serviceshub.microsoft.com/home) regarding such issues.
+- **Inquiries regarding bugs**- Defender Experts don't handle inquiries regarding bugs in your product experience in the Defender XDR portal, such as, missing data on the alert or incident page or a recommended action not completing when you action it. You can reach out to Microsoft Support via the [Services Hub](https://serviceshub.microsoft.com/home) regarding such issues.
 
-- Ask Defender Experts isn't a security incident response service. It's intended to provide a better understanding of complex threats affecting your organization. Engage with your own security incident response team to address urgent security incident response issues. If you don't have your own security incident response team and would like Microsoft's help, create a support request in the [Premier Services Hub](/services-hub/).
+- **Inquiries related to security incident response issues**- Ask Defender Experts isn't a security incident response service. It's intended to provide a better understanding of complex threats affecting your organization. Engage with your own security incident response team to address urgent security incident response issues. If you don't have your own security incident response team and would like Microsoft's help, create a support request in the [Premier Services Hub](/services-hub/).
 
 ### Next step