Merge branch 'main' into ueba-anomaly-updates

Author: guywi-ms

.github/workflows/AutoLabelAssign.yml

@@ -26,7 +26,7 @@ jobs:
         name: Run assign and label
         if: github.repository_owner == 'MicrosoftDocs'
         needs: [download-payload]
-        uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-AutoLabelAssign.yml@workflows-prod
+        uses: MicrosoftDocs/microsoft-365-docs/.github/workflows/Shared-AutoLabelAssign.yml@workflows-test
         with:
             PayloadJson: ${{ needs.download-payload.outputs.WorkflowPayload }}
             AutoAssignUsers: 1

.github/workflows/AutoPublish.yml

@@ -7,7 +7,8 @@ permissions:
 
 on:
   schedule:
-    - cron: "25 2,5,8,11,14,17,20,22 * * *" # Times are UTC based on Daylight Saving Time. Need to be adjusted for Standard Time. Scheduling at :25 to account for queuing lag.
+    # - cron: "25 2,5,8,11,14,17,20,22 * * *" # Times are UTC based on Daylight Saving Time (~Mar-Nov). Scheduling at :25 to account for queuing lag.
+    - cron: "25 3,6,9,12,15,18,21,23 * * *" # Times are UTC based on Standard Time (~Nov-Mar). Scheduling at :25 to account for queuing lag.
 
   workflow_dispatch:
 

.openpublishing.redirection.defender-endpoint.json

@@ -165,5 +165,10 @@
       "redirect_url": "/defender-xdr/contact-defender-support",
       "redirect_document_id": false
     },
+    {
+      "source_path": "defender-endpoint/install-defender-endpoint-linux.md",
+      "redirect_url": "/defender-endpoint/mde-linux-prerequisites",
+      "redirect_document_id": false
+    }       
   ]
 }

.openpublishing.redirection.defender-identity.json

@@ -869,6 +869,252 @@
       "source_path": "defender-for-identity/support.md",
       "redirect_url": "/defender-xdr/contact-defender-support",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-for-identity/assign-multi-factor-authentication-okta-privileged-user-accounts.md",
+      "redirect_url": "/defender-for-identity/security-posture-assessments/cloud-identities",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-for-identity/change-okta-password-privileged-user-accounts.md",
+      "redirect_url": "/defender-for-identity/security-posture-assessments/cloud-identities",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-for-identity/high-number-of-okta-accounts-with-privileged-role-assigned.md",
+      "redirect_url": "/defender-for-identity/security-posture-assessments/cloud-identities",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-for-identity/highly-privileged-okta-api-token.md",
+      "redirect_url": "/defender-for-identity/security-posture-assessments/cloud-identities",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-for-identity/limit-number-okta-super-admin-accounts.md",
+      "redirect_url": "/defender-for-identity/security-posture-assessments/cloud-identities",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-for-identity/remove-dormant-okta-privileged-accounts.md",
+      "redirect_url": "/defender-for-identity/security-posture-assessments/cloud-identities",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-for-identity/accounts-with-non-default-pgid.md",
+      "redirect_url": "/defender-for-identity/security-posture-assessments/accounts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-for-identity/security-assessment-remove-suspicious-access-rights.md",
+      "redirect_url": "/defender-for-identity/security-posture-assessments/accounts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-for-identity/change-password-krbtgt-account.md",
+      "redirect_url": "/defender-for-identity/security-posture-assessments/accounts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-for-identity/change-password-domain-administrator-account.md",
+      "redirect_url": "/defender-for-identity/security-posture-assessments/accounts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-for-identity/security-assessment-dormant-entities.md",
+      "redirect_url": "/defender-for-identity/security-posture-assessments/accounts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-for-identity/security-assessment-non-admin-accounts-dcsync.md",
+      "redirect_url": "/defender-for-identity/security-posture-assessments/accounts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-for-identity/ensure-privileged-accounts-with-sensitive-flag.md",
+      "redirect_url": "/defender-for-identity/security-posture-assessments/accounts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-for-identity/security-assessment-clear-text.md",
+      "redirect_url": "/defender-for-identity/security-posture-assessments/accounts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-for-identity/security-assessment-laps.md",
+      "redirect_url": "/defender-for-identity/security-posture-assessments/accounts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-for-identity/remove-discoverable-passwords-active-directory-account-attributes.md",
+      "redirect_url": "/defender-for-identity/security-posture-assessments/accounts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-for-identity/remove-inactive-service-account.md",
+      "redirect_url": "/defender-for-identity/security-posture-assessments/accounts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-for-identity/security-assessment-riskiest-lmp.md",
+      "redirect_url": "/defender-for-identity/security-posture-assessments/accounts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-for-identity/security-assessment-unconstrained-kerberos.md",
+      "redirect_url": "/defender-for-identity/security-posture-assessments/accounts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-for-identity/security-assessment-unsecure-sid-history-attribute.md",
+      "redirect_url": "/defender-for-identity/security-posture-assessments/accounts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-for-identity/security-assessment-unsecure-account-attributes.md",
+      "redirect_url": "/defender-for-identity/security-posture-assessments/accounts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-for-identity/security-assessment-weak-cipher.md",
+      "redirect_url": "/defender-for-identity/security-posture-assessments/accounts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-for-identity/security-assessment-enforce-encryption-rpc.md",
+      "redirect_url": "/defender-for-identity/security-posture-assessments/certificates",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-for-identity/security-assessment-insecure-adcs-certificate-enrollment.md",
+      "redirect_url": "/defender-for-identity/security-posture-assessments/certificates",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-for-identity/security-assessment-edit-misconfigured-owner.md",
+      "redirect_url": "/defender-for-identity/security-posture-assessments/certificates",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-for-identity/security-assessment-edit-misconfigured-ca-acl.md",
+      "redirect_url": "/defender-for-identity/security-posture-assessments/certificates",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-for-identity/security-assessment-edit-misconfigured-acl.md",
+      "redirect_url": "/defender-for-identity/security-posture-assessments/certificates",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-for-identity/security-assessment-edit-misconfigured-enrollment-agent.md",
+      "redirect_url": "/defender-for-identity/security-posture-assessments/certificates",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-for-identity/security-assessment-edit-overly-permissive-template.md",
+      "redirect_url": "/defender-for-identity/security-posture-assessments/certificates",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-for-identity/prevent-certificate-enrollment-esc15.md",
+      "redirect_url": "/defender-for-identity/security-posture-assessments/certificates",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-for-identity/security-assessment-prevent-users-request-certificate.md",
+      "redirect_url": "/defender-for-identity/security-posture-assessments/certificates",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-for-identity/security-assessment-edit-vulnerable-ca-setting.md",
+      "redirect_url": "/defender-for-identity/security-posture-assessments/certificates",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-for-identity/gpo-assigns-unprivileged-identities.md",
+      "redirect_url": "/defender-for-identity/security-posture-assessments/group-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-for-identity/modified-unprivileged-accounts-gpo.md",
+      "redirect_url": "/defender-for-identity/security-posture-assessments/group-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-for-identity/reversible-passwords-group-policy.md",
+      "redirect_url": "/defender-for-identity/security-posture-assessments/group-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-for-identity/built-in-active-directory-guest-account-is-enabled.md",
+      "redirect_url": "/defender-for-identity/security-posture-assessments/identity-infrastructure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-for-identity/domain-controller-account-password-change.md",
+      "redirect_url": "/defender-for-identity/security-posture-assessments/identity-infrastructure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-for-identity/security-assessment-print-spooler.md",
+      "redirect_url": "/defender-for-identity/security-posture-assessments/identity-infrastructure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-for-identity/security-assessment-remove-local-admins.md",
+      "redirect_url": "/defender-for-identity/security-posture-assessments/identity-infrastructure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-for-identity/security-assessment-unmonitored-domain-controller.md",
+      "redirect_url": "/defender-for-identity/security-posture-assessments/identity-infrastructure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-for-identity/unmonitored-active-directory-certificate-services-server.md",
+      "redirect_url": "/defender-for-identity/security-posture-assessments/identity-infrastructure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-for-identity/unmonitored-active-directory-federation-services-servers.md",
+      "redirect_url": "/defender-for-identity/security-posture-assessments/identity-infrastructure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-for-identity/unmonitored-entra-connect-servers.md",
+      "redirect_url": "/defender-for-identity/security-posture-assessments/identity-infrastructure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-for-identity/security-assessment-unsecure-domain-configurations.md",
+      "redirect_url": "/defender-for-identity/security-posture-assessments/identity-infrastructure",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-for-identity/remove-replication-permissions-microsoft-entra-connect.md",
+      "redirect_url": "/defender-for-identity/security-posture-assessments/hybrid-security",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-for-identity/remove-unsafe-permissions-sensitive-entra-connect.md",
+      "redirect_url": "/defender-for-identity/security-posture-assessments/hybrid-security",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-for-identity/replace-entra-connect-default-admin.md",
+      "redirect_url": "/defender-for-identity/security-posture-assessments/hybrid-security",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-for-identity/change-password-microsoft-entra-seamless-single-sign-on.md",
+      "redirect_url": "/defender-for-identity/security-posture-assessments/hybrid-security",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-for-identity/rotate-password-microsoft-entra-connect.md",
+      "redirect_url": "/defender-for-identity/security-posture-assessments/hybrid-security",
+      "redirect_document_id": false
     }
+
   ]
 }

defender-endpoint/TOC.yml

@@ -8,7 +8,7 @@
     items:
     - name: What is Microsoft Defender for Endpoint?
       items: 
-      - name: Defender for Endpoint on Windows
+      - name: Defender for Endpoint
         href: microsoft-defender-endpoint.md
       - name: Defender for Endpoint on macOS
         href: microsoft-defender-endpoint-mac.md
@@ -263,7 +263,7 @@
             items:
             - name: Prerequisites
               href: mde-linux-prerequisites.md
-            - name: Choose a deployment method
+            - name: Choose a deployment method                       
               items:
               - name: Enabling deployment to a custom location
                 href: linux-custom-location-installation.md

defender-endpoint/android-configure.md

@@ -15,7 +15,7 @@ ms.collection:
 ms.topic: how-to
 ms.subservice: android
 search.appverid: met150
-ms.date: 10/23/2025
+ms.date: 11/06/2025
 appliesto:
    - Microsoft Defender for Endpoint Plan 1
    - Microsoft Defender for Endpoint Plan 2
@@ -33,7 +33,7 @@ For more information about how to set up Defender for Endpoint on Android and Co
 ## Configure custom indicators
 
 > [!NOTE]
-> Defender for Endpoint on Android only supports creating custom indicators for IP addresses and URLs/domains.
+> Defender for Endpoint on Android supports creating custom indicators only for URLs and domains. IP-based custom indicators aren't supported on Android.
 > 
 > IP `245.245.0.1` is an internal Defender IP and should not be included in custom indicators by customers to avoid any functionality issues.
 > Also, alerts for custom indicators are currently not supported for Defender for Endpoint on Android.

defender-endpoint/android-new-ux.md

@@ -15,7 +15,7 @@ ms.collection:
 ms.topic: reference
 ms.subservice: android
 search.appverid: met150
-ms.date: 09/16/2025
+ms.date: 11/06/2025
 ---
 
 # User experiences in Microsoft Defender for Endpoint on Android
@@ -24,7 +24,29 @@ As part of our ongoing commitment to deliver exceptional user experiences, we're
 
 The new enhancements are designed to improve usability, streamline navigation, and ensure our app meets the evolving needs of our users.
 
-## Key changes - September 2025
+## Key changes - November 2025
+
+In this release, we've made it easier for users to share feedback, including logs, to the Microsoft Defender team. The changes include:
+
+- [A new bottom pane that makes it easier for users to share feedback and logs](#bottom-pane-experience)
+- [A new **Send logs to Microsoft** option that enables users to quickly send logs to Microsoft](#one-click-send-logs-experience)
+
+
+### Bottom pane experience
+
+When users select **Help and Feedback** in the left navigation pane (Screen 1, accessible by tapping the profile picture), a new bottom feedback pane opens (Screen 2). This pane has been updated to improve readability and make it easier for users to share feedback.
+
+The **Send feedback** option in the updated bottom pane enables users to share positive or negative feedback, along with Microsoft Defender and authenticator logs, which will be accessible to the Microsoft Defender team. When a user selects **Send feedback**, they are redirected to a new screen (Screen 3) where they can include logs along with their feedback submission.
+
+:::image type="content" source="./media/android-new-ux/bottom-experience-android.png" alt-text="Screenshots showing how to send feedback and logs from the Microsoft Defender mobile app options menu." border="false":::
+
+### One-click *Send Logs* experience
+
+A new **Send logs to Microsoft** option has been added directly to the left navigation pane. This enables users to quickly send logs to Microsoft. It redirects them to the logs submission page (Screen 2). This option is particularly useful when a support case has been created and a support engineer is assigned, providing a convenient way for users to submit logs. Because this option doesn't allow users to include written feedback, the Defender team will not have access to the logs unless an incident ID is explicitly shared via mail or support request. This option collects logs from both the Defender and Authenticator apps.
+
+:::image type="content" source="./media/android-new-ux/one-click-feedback-android.png" alt-text="Screenshots showing how to send logs directly to Microsoft from the Microsoft Defender mobile app options menu." border="false":::
+
+ ## Key changes - September 2025
 
 We're pleased to introduce the new Onboarding screens that come up when the user starts onboarding after sign-in.