MicrosoftDocs
diff --git a/‎.openpublishing.redirection.defender-cloud-apps.json‎
Lines changed: 5 additions & 0 deletions b/‎.openpublishing.redirection.defender-cloud-apps.json‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎CloudAppSecurityDocs/index.yml‎
Lines changed: 0 additions & 10 deletions b/‎CloudAppSecurityDocs/index.yml‎
Lines changed: 0 additions & 10 deletions
diff --git a/‎CloudAppSecurityDocs/toc.yml‎
Lines changed: 0 additions & 2 deletions b/‎CloudAppSecurityDocs/toc.yml‎
Lines changed: 0 additions & 2 deletions
diff --git a/‎CloudAppSecurityDocs/tutorial-ueba.md‎
Lines changed: 0 additions & 131 deletions b/‎CloudAppSecurityDocs/tutorial-ueba.md‎
Lines changed: 0 additions & 131 deletions
diff --git a/‎defender-endpoint/adv-tech-of-mdav.md‎
Lines changed: 3 additions & 2 deletions b/‎defender-endpoint/adv-tech-of-mdav.md‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎defender-endpoint/api/export-firmware-hardware-assessment.md‎
Lines changed: 11 additions & 7 deletions b/‎defender-endpoint/api/export-firmware-hardware-assessment.md‎
Lines changed: 11 additions & 7 deletions
diff --git a/‎defender-endpoint/api/export-security-baseline-assessment.md‎
Lines changed: 11 additions & 7 deletions b/‎defender-endpoint/api/export-security-baseline-assessment.md‎
Lines changed: 11 additions & 7 deletions
@@ -994,6 +994,11 @@
       "source_path": "CloudAppSecurityDocs/what-is-cloud-app-security.md",
       "redirect_url": "/defender-cloud-apps/what-is-defender-for-cloud-apps",
       "redirect_document_id": true
+    },
+     {
+      "source_path": "CloudAppSecurityDocs/tutorial-ueba.md",
+      "redirect_url": "/defender-cloud-apps/",
+      "redirect_document_id": true
     },
     {
       "source_path": "CloudAppSecurityDocs/file-filters.md",
 
@@ -94,16 +94,6 @@ landingContent:
           - text: Threat response governance actions
             url: governance-actions.md
 
-      - linkListType: how-to-guide
-        links:
-          - text: Use in-browser protection with Microsoft Edge
-            url: in-browser-protection.md
-          - text: Investigate behaviors by hunting
-            url: behaviors.md
-          - text: Investigate anomaly detection alerts
-            url: investigate-anomaly-alerts.md
-          - text: Investigate risky users
-            url: tutorial-ueba.md
 
   # Card (optional)
   - title: Information protection
 
@@ -310,8 +310,6 @@ items:
     items:
     - name: Investigate anomaly detection alerts
       href: investigate-anomaly-alerts.md
-    - name: Investigate risky users
-      href: tutorial-ueba.md
   - name: Respond to threats
     items:
     - name: Governing connected apps
 
@@ -7,7 +7,7 @@ ms.reviewer: yongrhee
 manager: deniseb
 ms.service: defender-endpoint
 ms.topic: overview
-ms.date: 02/28/2024
+ms.date: 01/24/2025
 ms.subservice: ngp
 ms.localizationpriority: medium
 ms.custom: partner-contribution
@@ -53,6 +53,7 @@ When the client encounters unknown threats, it sends metadata or the file itself
 |**Heuristics engine** <br/> Heuristic rules identify file characteristics that have similarities with known malicious characteristics to catch new threats or modified versions of known threats.|**Detonation-based ML engine** <br/> Suspicious files are detonated in a sandbox. Deep learning classifiers analyze the observed behaviors to block attacks.|
 |**Emulation engine** <br/> The emulation engine dynamically unpacks malware and examines how they would behave at runtime. The dynamic emulation of the content and scanning both the behavior during emulation and the memory content at the end of emulation defeat malware packers and expose the behavior of polymorphic malware.|**Reputation ML engine** <br/> Domain-expert reputation sources and models from across Microsoft are queried to block threats that are linked to malicious or suspicious URLs, domains, emails, and files. Sources include Windows Defender SmartScreen for URL reputation models and Defender for Office 365 for email attachment expert knowledge, among other Microsoft services through the Microsoft Intelligent Security Graph.|
 |**Network engine** <br/> Network activities are inspected to identify and stop malicious activities from threats.|**Smart rules engine** <br/> Expert-written smart rules identify threats based on researcher expertise and collective knowledge of threats.|
+|**CommandLine scanning engine** <br/> This engine scans the commandlines of all processes before they execute. If the commandline for a process is found to be malicious it is blocked from execution.|**CommandLine ML engine** <br/> Multiple advanced ML models scan the suspicious commandlines in the cloud. If a commandline is found to be malicious, cloud sends a signal to the client to block the corresponding process from starting.|
 
 For more information, see [Microsoft 365 Defender demonstrates 100 percent protection coverage in the 2023 MITRE Engenuity ATT&CK&reg; Evaluations: Enterprise](https://www.microsoft.com/security/blog/2023/09/20/microsoft-365-defender-demonstrates-100-percent-protection-coverage-in-the-2023-mitre-engenuity-attck-evaluations-enterprise/).
 
@@ -97,6 +98,6 @@ We focus on every industry.
 
 ### Do your detection/protection require a human analyst?
 
-When you're pen-testing, you should demand where no human analysts are engaged on detect/protect, to see how the actual antivirus engine (prebreach) efficacy truly is, and a separate one where human analysts are engaged.You can add [Microsoft Defender Experts for XDR](/defender-xdr/dex-xdr-overview) a managed extended detection and response service to augment your SOC.
+When you're pen-testing, you should demand where no human analysts are engaged on detect/protect, to see how the actual antivirus engine (prebreach) efficacy truly is, and a separate one where human analysts are engaged. You can add [Microsoft Defender Experts for XDR](/defender-xdr/dex-xdr-overview) a managed extended detection and response service to augment your SOC.
 
 The ***continuous iterative enhancement*** each of these engines to be increasingly effective at catching the latest strains of malware and attack methods. These enhancements show up in consistent [top scores in industry tests](/defender-xdr/top-scoring-industry-tests), but more importantly, translate to [threats and malware outbreaks](https://www.microsoft.com/security/blog/2018/03/07/behavior-monitoring-combined-with-machine-learning-spoils-a-massive-dofoil-coin-mining-campaign/) stopped and [more customers protected](https://www.microsoft.com/security/blog/2018/03/22/why-windows-defender-antivirus-is-the-most-deployed-in-the-enterprise/).
@@ -15,7 +15,7 @@ ms.topic: reference
 ms.subservice: reference
 ms.custom: api
 search.appverid: met150
-ms.date: 01/08/2025
+ms.date: 01/22/2025
 ---
 
 # Export Hardware and firmware assessment inventory per device
@@ -153,12 +153,16 @@ Delegated (work or school account)|Software.Read|'Read Threat and Vulnerability
 GET /api/machines/HardwareFirmwareInventoryExport
 ```
 
-### 2.4 Properties (JSON response)
+### 2.4 Parameters
+
+- `sasValidHours`: The number of hours that the download URLs are valid for. Maximum is 6 hours.
+
+### 2.5 Properties (JSON response)
 
 > [!NOTE]
 >
-> - The files are gzip compressed & in multiline Json format.
-> - The download URLs are only valid for 1 hour.
+> - The files are GZIP compressed & in multiline JSON format.
+> - The download URLs are valid for 6 hours.
 > - To maximize download speeds, make sure you are downloading the data from the same Azure region where your data resides.
 > - Each record is approximately 1KB of data. You should take this into account when choosing the pageSize parameter that works for you.
 > - Some additional columns might be returned in the response. These columns are temporary and might be removed. Only use the documented columns.
@@ -169,15 +173,15 @@ Property (ID)|Data type|Description
 |GeneratedTime|DateTime|The time the export was generated.
 
 
-## 2.5 Examples
+## 2.6 Examples
 
-### 2.5.1 Request example
+### 2.6.1 Request example
 
 ```http
 GET https://api.security.microsoft.com/api/machines/HardwareFirmwareInventoryExport
 ```
 
-### 2.5.2 Response example
+### 2.6.2 Response example
 
 ```json
     {
 
@@ -15,7 +15,7 @@ ms.topic: reference
 ms.subservice: reference
 ms.custom: api
 search.appverid: met150
-ms.date: 01/08/2025
+ms.date: 01/22/2025
 ---
 
 # Export security baselines assessment per device
@@ -158,12 +158,16 @@ Returns all security baselines assessments for all devices, on a per-device basi
 GET /api/machines/BaselineComplianceAssessmentExport
 ```
 
-### 2.4 Properties (via files)
+### 2.4 Parameters
+
+- `sasValidHours`: The number of hours that the download URLs are valid for. Maximum is 6 hours.
+
+### 2.5 Properties (via files)
 
 > [!NOTE]
 > 
-> - The files are gzip compressed & in multiline Json format.
-> - The download URLs are only valid for 1 hours.
+> - The files are GZIP compressed & in multiline JSON format.
+> - The download URLs are valid for 6 hours.
 > - To maximize download speeds, make sure you are downloading the data from the same Azure region where your data resides.
 > - Some additional columns might be returned in the response. These columns are temporary and might be removed. Only use the documented columns.
 
@@ -172,15 +176,15 @@ Property (ID)|Data type|Description
 |Export files|array[string]|A list of download URLs for files holding the current snapshot of the organization.
 |GeneratedTime|String|The time that the export was generated.
 
-## 2.5 Examples
+## 2.6 Examples
 
-### 2.5.1 Request example
+### 2.6.1 Request example
 
 ```http
 GET https://api.securitycenter.microsoft.com/api/machines/BaselineComplianceAssessmentExport
 ```
 
-### 2.5.2 Response example
+### 2.6.2 Response example
 
 ```json
 {