MicrosoftDocs
diff --git a/‎CloudAppSecurityDocs/caac-known-issues.md‎
Lines changed: 4 additions & 0 deletions b/‎CloudAppSecurityDocs/caac-known-issues.md‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎CloudAppSecurityDocs/troubleshooting-proxy-url.md‎
Lines changed: 6 additions & 4 deletions b/‎CloudAppSecurityDocs/troubleshooting-proxy-url.md‎
Lines changed: 6 additions & 4 deletions
diff --git a/‎defender-vulnerability-management/TOC.yml‎
Lines changed: 28 additions & 28 deletions b/‎defender-vulnerability-management/TOC.yml‎
Lines changed: 28 additions & 28 deletions
diff --git a/‎defender-xdr/m365d-action-center.md‎
Lines changed: 5 additions & 10 deletions b/‎defender-xdr/m365d-action-center.md‎
Lines changed: 5 additions & 10 deletions
diff --git a/‎defender-xdr/m365d-autoir-actions.md‎
Lines changed: 2 additions & 2 deletions b/‎defender-xdr/m365d-autoir-actions.md‎
Lines changed: 2 additions & 2 deletions
@@ -54,6 +54,9 @@ Session policies don't protect external business-to-business (B2B) collaboration
 ## Session Controls with Non-Interactive Tokens
 Some applications utilize non-interactive access tokens to facilitate seamless redirection between apps within the same suite or realm. When one application is onboarded to Conditional Access App Control and the other is not, session controls may not be enforced as expected. For example, if the Teams client retrieves a non-interactive token for SharePoint Online (SPO), it can initiate an active session in SPO without prompting the user for reauthentication. As a result, the session control mechanism cannot intercept or enforce policies on these sessions. To ensure consistent enforcement, it's recommended to onboard all relevant applications, such as Teams, alongside SPO. 
 
+## IPv6 limitations
+Access and session policies support IPv4 only. If a request is made over IPv6, IP-based policy rules are not applied. This limitation applies when using both reverse proxy and Edge in-browser protection.
+
 ## Limitations for sessions that the reverse proxy serves
 
 The following limitations apply only on sessions that the reverse proxy serves. Users of Microsoft Edge can benefit from in-browser protection instead of using the reverse proxy, so these limitations don't affect them.
@@ -98,6 +101,7 @@ The following table lists example results when you define the **Block upload of
 
 The following limitations apply only on sessions that are served with Edge in-browser protection.
 
+
 ### Deep link is lost when user switches to Edge by clicking 'Continue in Edge'  
 
 A user who starts a session in a browser other than Edge, is prompted to switch to Edge by clicking the ‘Continue in Edge’ button.
 
@@ -20,7 +20,7 @@ For example, Contoso protects its environment using conditional access app contr
 So even though Fabrikam doesn't actually use Defender for Cloud Apps, they see the DNS entry or certificate because Contoso does.
 
 > [!NOTE]
-> You may also see the following domains in the transparency logs:
+> You might also see the following domains in the transparency logs:
 >
 > - `*.admin-rs-mcas.ms`
 > - `*.rs-mcas.ms`
@@ -39,11 +39,12 @@ So even though Fabrikam doesn't actually use Defender for Cloud Apps, they see t
 > - `*.admin-mcas-gov-df.ms`
 > - `*.mcas-gov-df.ms`
 
+
 ## Here's why you see `*.mcas.ms`, `*.mcas-gov.us`, or `*.mcas-gov.ms` in your URL
 
 This kind of URL is expected and indicates that your organization applies extra security controls to protect business-critical data.
 
-They do this by using Defender for Cloud Apps, a solution for protecting your organization's cloud environment, to replace all relevant URLs and cookies relating to cloud apps that you use.
+They do this by using Defender for Cloud Apps, a solution for protecting your organization's cloud environment, to replace all relevant URLs, and cookies relating to cloud apps that you use.
 
 So when you try accessing a cloud app such as Salesforce, SharePoint Online, or AWS, you notice that its URL is suffixed with `.mcas.ms`, `.mcas-gov.us`, or `.mcas-gov.ms`. For example, when using the XYZ app, the URL you're used to seeing changes from `XYZ.com` to `XYZ.com.mcas.ms`.
 
@@ -52,10 +53,11 @@ If the URL doesn't exactly match one of the replacement patterns, such as `<app_
 If you don't recognize the remaining portion of the URL, such as **myurl.com**.mcas.ms, as associated with any of your business apps, we recommend that you investigate the issue further and consider blocking the URL to avoid any potential security risks.
 
 > [!NOTE]
-> Microsoft Edge users benefit from in-browser protection, and are not redirected to a reverse proxy. Your URLs retain their original syntax in Microsoft Edge, even when access and sessions are protected by Defender for Cloud Apps. For more information, see [In-browser protection with Microsoft Edge for Business (Preview)](in-browser-protection.md).
+> Microsoft Edge users benefit from in-browser protection, and aren't redirected to a reverse proxy. Your URLs retain their original syntax in Microsoft Edge, even when access and sessions are protected by Defender for Cloud Apps. For more information, see [In-browser protection with Microsoft Edge for Business (Preview)](in-browser-protection.md).
 
 ## Related content
 
+- [Known limitations in Conditional Access app control](caac-known-issues.md)
 - [Protect apps with Microsoft Defender for Cloud Apps Conditional Access app control](proxy-intro-aad.md)
 - [Troubleshooting access and session controls for admin users](troubleshooting-proxy.md)
-- [Troubleshooting access and session controls for end-users](troubleshooting-proxy-end-users.md)
+- [Troubleshooting access and session controls for end-users](troubleshooting-proxy-end-users.md)
@@ -25,7 +25,7 @@
     - name: Discover devices and explore inventories
       items:
       - name: Device inventory
-        href: /defender-endpoint/machines-view-overview
+        href: /defender-endpoint/machines-view-overview?toc=/defender-vulnerability-management/TOC.json&bc=/defender-vulnerability-management/breadcrumb/toc.json
       - name: Assign device value
         href: tvm-assign-device-value.md
       - name: Explore inventories
@@ -95,75 +95,75 @@
           - name: Assessments of vulnerabilities and secure configurations
             items:
             - name: Export assessment methods and properties
-              href: /defender-endpoint/api/get-assessment-methods-properties
+              href: /defender-endpoint/api/get-assessment-methods-properties?toc=/defender-vulnerability-management/TOC.json&bc=/defender-vulnerability-management/breadcrumb/toc.json
             - name: Export secure configuration assessment
-              href: /defender-endpoint/get-assessment-secure-config
+              href: /defender-endpoint/get-assessment-secure-config?toc=/defender-vulnerability-management/TOC.json&bc=/defender-vulnerability-management/breadcrumb/toc.json
             - name: Export software inventory assessment
-              href: /defender-endpoint/api/get-assessment-software-inventory
+              href: /defender-endpoint/api/get-assessment-software-inventory?toc=/defender-vulnerability-management/TOC.json&bc=/defender-vulnerability-management/breadcrumb/toc.json
             - name: Export software vulnerabilities assessment
-              href: /defender-endpoint/api/get-assessment-software-vulnerabilities
+              href: /defender-endpoint/api/get-assessment-software-vulnerabilities?toc=/defender-vulnerability-management/TOC.json&bc=/defender-vulnerability-management/breadcrumb/toc.json
             - name: Export non-product code software inventory assessment
-              href: /defender-endpoint/api/get-assessment-non-cpe-software-inventory
+              href: /defender-endpoint/api/get-assessment-non-cpe-software-inventory?toc=/defender-vulnerability-management/TOC.json&bc=/defender-vulnerability-management/breadcrumb/toc.json
           - name: Certificate inventory
             items:
             - name: Export certificate inventory assessment
-              href: /defender-endpoint/export-certificate-inventory-assessment
+              href: /defender-endpoint/export-certificate-inventory-assessment?toc=/defender-vulnerability-management/TOC.json&bc=/defender-vulnerability-management/breadcrumb/toc.json
           - name: Authenticated scans
             items:
             - name: Authenticated scan methods and properties
-              href: /defender-endpoint/get-authenticated-scan-properties
+              href: /defender-endpoint/get-authenticated-scan-properties?toc=/defender-vulnerability-management/TOC.json&bc=/defender-vulnerability-management/breadcrumb/toc.json
             - name:   Get all scan definitions
-              href: /defender-endpoint/api/get-all-scan-definitions
+              href: /defender-endpoint/api/get-all-scan-definitions?toc=/defender-vulnerability-management/TOC.json&bc=/defender-vulnerability-management/breadcrumb/toc.json
             - name: Add, delete or update a scan definition
-              href: /defender-endpoint/api/add-a-new-scan-definition
+              href: /defender-endpoint/api/add-a-new-scan-definition?toc=/defender-vulnerability-management/TOC.json&bc=/defender-vulnerability-management/breadcrumb/toc.json
             - name: Get all scan agents
-              href: /defender-endpoint/api/get-all-scan-agents
+              href: /defender-endpoint/api/get-all-scan-agents?toc=/defender-vulnerability-management/TOC.json&bc=/defender-vulnerability-management/breadcrumb/toc.json
             - name: Get scan agent Id
-              href: /defender-endpoint/api/get-agent-details
+              href: /defender-endpoint/api/get-agent-details?toc=/defender-vulnerability-management/TOC.json&bc=/defender-vulnerability-management/breadcrumb/toc.json
             - name:   Get scan history by definition
-              href: /defender-endpoint/api/get-scan-history-by-definition
+              href: /defender-endpoint/api/get-scan-history-by-definition?toc=/defender-vulnerability-management/TOC.json&bc=/defender-vulnerability-management/breadcrumb/toc.json
             - name:   Get scan history by session
-              href: /defender-endpoint/api/get-scan-history-by-session
+              href: /defender-endpoint/api/get-scan-history-by-session?toc=/defender-vulnerability-management/TOC.json&bc=/defender-vulnerability-management/breadcrumb/toc.json
           - name: Browser extensions
             items:
             - name: Export browser extensions assessment
-              href: /defender-endpoint/api/get-assessment-browser-extensions
+              href: /defender-endpoint/api/get-assessment-browser-extensions?toc=/defender-vulnerability-management/TOC.json&bc=/defender-vulnerability-management/breadcrumb/toc.json
             - name: Get browser extensions permission information
-              href: /defender-endpoint/api/get-browser-extensions-permission-info
+              href: /defender-endpoint/api/get-browser-extensions-permission-info?toc=/defender-vulnerability-management/TOC.json&bc=/defender-vulnerability-management/breadcrumb/toc.json
           - name: Information gathering
             items:
             - name: Export information gathering assessment
-              href: /defender-endpoint/get-assessment-information-gathering
+              href: /defender-endpoint/get-assessment-information-gathering?toc=/defender-vulnerability-management/TOC.json&bc=/defender-vulnerability-management/breadcrumb/toc.json
           - name: Hardware and Firmware
             items:
             - name: Export hardware and firmware inventory assessment
-              href: /defender-endpoint/api/export-firmware-hardware-assessment
+              href: /defender-endpoint/api/export-firmware-hardware-assessment?toc=/defender-vulnerability-management/TOC.json&bc=/defender-vulnerability-management/breadcrumb/toc.json
           - name: Machine
             items:
             - name: Get installed software
-              href: /defender-endpoint/get-installed-software
+              href: /defender-endpoint/get-installed-software?toc=/defender-vulnerability-management/TOC.json&bc=/defender-vulnerability-management/breadcrumb/toc.json
             - name: Get discovered vulnerabilities
-              href: /defender-endpoint/get-discovered-vulnerabilities
+              href: /defender-endpoint/get-discovered-vulnerabilities?toc=/defender-vulnerability-management/TOC.json&bc=/defender-vulnerability-management/breadcrumb/toc.json
             - name: Get security recommendations
-              href: /defender-endpoint/get-security-recommendations
+              href: /defender-endpoint/get-security-recommendations?toc=/defender-vulnerability-management/TOC.json&bc=/defender-vulnerability-management/breadcrumb/toc.json
             - name: Get missing KBs
-              href: /defender-endpoint/get-missing-kbs-machine
+              href: /defender-endpoint/get-missing-kbs-machine?toc=/defender-vulnerability-management/TOC.json&bc=/defender-vulnerability-management/breadcrumb/toc.json
           - name: Remediation activity
             items:
             - name: Remediation activity methods and properties
-              href: /defender-endpoint/get-remediation-methods-properties
+              href: /defender-endpoint/get-remediation-methods-properties?toc=/defender-vulnerability-management/TOC.json&bc=/defender-vulnerability-management/breadcrumb/toc.json
             - name: Get one remediation activity by ID
-              href: /defender-endpoint/get-remediation-one-activity
+              href: /defender-endpoint/get-remediation-one-activity?toc=/defender-vulnerability-management/TOC.json&bc=/defender-vulnerability-management/breadcrumb/toc.json
             - name: List all remediation activities
-              href: /defender-endpoint/get-remediation-all-activities
+              href: /defender-endpoint/get-remediation-all-activities?toc=/defender-vulnerability-management/TOC.json&bc=/defender-vulnerability-management/breadcrumb/toc.json
           - name: Security baselines
             items:
             - name: Export security baselines assessment
-              href: /defender-endpoint/export-security-baseline-assessment
+              href: /defender-endpoint/export-security-baseline-assessment?toc=/defender-vulnerability-management/TOC.json&bc=/defender-vulnerability-management/breadcrumb/toc.json
             - name: List security baselines assessment profiles
-              href: /defender-endpoint/get-security-baselines-assessment-profiles
+              href: /defender-endpoint/get-security-baselines-assessment-profiles?toc=/defender-vulnerability-management/TOC.json&bc=/defender-vulnerability-management/breadcrumb/toc.json
             - name: List security baselines assessment configurations
-              href: /defender-endpoint/get-security-baselines-assessment-configurations
+              href: /defender-endpoint/get-security-baselines-assessment-configurations?toc=/defender-vulnerability-management/TOC.json&bc=/defender-vulnerability-management/breadcrumb/toc.json
       - name: Frequently asked questions
         href: defender-vulnerability-management-faq.md
       - name: Vulnerability support in Defender Vulnerability Management
 
@@ -8,7 +8,7 @@ f1.keywords:
 ms.author: diannegali
 author: diannegali
 ms.localizationpriority: medium
-ms.date: 5/9/2024
+ms.date: 4/28/2025
 manager: deniseb
 audience: ITPro
 ms.collection:
@@ -40,11 +40,6 @@ The unified Action center ([https://security.microsoft.com/action-center](https:
 
 :::image type="content" source="/defender/media/m3d-action-center-unified.png" alt-text="The unified Action center in the Microsoft Defender portal." lightbox="/defender/media/m3d-action-center-unified.png":::
 
-For example:
-
-- If you were using the Action center in the Microsoft Defender Security Center ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)), try the unified Action center in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft Defender portal</a>.
-- If you were already using the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft Defender portal</a>, you'll see several improvements in the Action center ([https://security.microsoft.com/action-center](https://security.microsoft.com/action-center)).
-
 The unified Action center brings together remediation actions across Microsoft Defender for Endpoint and Microsoft Defender for Office 365. It defines a common language for all remediation actions and provides a unified investigation experience. Your security operations team has a "single pane of glass" experience to view and manage remediation actions.
 
 You can use the unified Action center if you have appropriate permissions and one or more of the following subscriptions:
@@ -59,20 +54,20 @@ You can use the unified Action center if you have appropriate permissions and on
 You can navigate to the list of actions pending approval in two different ways:
 
 - Go to [https://security.microsoft.com/action-center](https://security.microsoft.com/action-center); or
-- In the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the Automated investigation & response card, select **Approve in Action Center**.
+- In the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) homepage, in the Automated investigation & response card, select **View pending actions**.
 
 ## Using the Action center
 
 1. Go to <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft Defender portal</a> and sign in.
 
-2. In the navigation pane under **Actions and submissions**, choose **Action center**. Or, in the Automated investigation & response card, select **Approve in Action Center**.
+2. In the navigation pane under **Actions and submissions**, choose **Action center**. Or, in the Automated investigation & response card in the homepage, select **View pending actions**.
 
 3. Use the **Pending actions** and **History** tabs. The following table summarizes what you'll see on each tab:
 
    |Tab|Description|
    |---|---|
-   |**Pending**|Displays a list of actions that require attention. You can approve or reject actions one at a time, or select multiple actions if they have the same type of action (such as Quarantine file). <br/><br/> Make sure to review and approve (or reject) pending actions as soon as possible so that your automated investigations can complete in a timely manner.|
-   |**History**|Serves as an audit log for actions that were taken, such as: <ul><li>>Remediation actions that were taken as a result of automated investigations</li><li>Remediation actions that were taken on suspicious or malicious email messages, files, or URLs</li><li>Remediation actions that were approved by your security operations team</li><li>Commands that were run and remediation actions that were applied during Live Response sessions</li><li>Remediation actions that were taken by your antivirus protection</li></ul> <br/><br/> Provides a way to undo certain actions (see [Undo completed actions](m365d-autoir-actions.md#undo-completed-actions)).|
+   |**Pending**|Displays a list of actions that require attention. You can approve or reject actions one at a time, or select multiple actions if they have the same type of action (like Quarantine file). <br/><br/> Make sure to review and approve (or reject) pending actions as soon as possible so that your automated investigations can complete in a timely manner.|
+   |**History**|Serves as an audit log for actions that were taken, such as: <ul><li>Remediation actions that were taken as a result of automated investigations</li><li>Remediation actions that were taken on suspicious or malicious email messages, files, or URLs</li><li>Remediation actions that were approved by your security operations team</li><li>Commands that were run and remediation actions that were applied during Live Response sessions</li><li>Remediation actions that were taken by your antivirus protection</li></ul> <br/><br/> Provides a way to undo certain actions (see [Undo completed actions](m365d-autoir-actions.md#undo-completed-actions)).|
 
 4. You can customize, sort, filter, and export data in the Action center.
 
 
@@ -1,14 +1,14 @@
 ---
 title: View and manage actions in the Action center
-description: Use the Action center to view and manage remediation actions
+description: Use the Action center in the Microsoft Defender portal to view and manage remediation actions for affected assets.
 search.appverid: met150
 ms.service: defender-xdr
 f1.keywords: 
 - NOCSH
 ms.author: diannegali
 author: diannegali
 ms.localizationpriority: medium
-ms.date: 11/25/2024
+ms.date: 04/28/2025
 manager: deniseb
 audience: ITPro
 ms.collection: