Merge branch 'main' into repo-health-check-Q1

Author: aditisrivastava07

.openpublishing.redirection.defender-office-365.json

@@ -49,6 +49,16 @@
       "source_path": "defender-office-365/pilot-deploy-defender-office-365.md",
       "redirect_url": "/defender-xdr/pilot-deploy-defender-office-365",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-office-365/submissions-error-messages.md",
+      "redirect_url": "/defender-office-365/submissions-result-definitions",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-office-365/step-by-step-guides/deploy-and-configure-the-report-message-add-in.md",
+      "redirect_url": "/defender-office-365/submissions-outlook-report-messages",
+      "redirect_document_id": false
     }
   ]
 }

ATPDocs/deploy/activate-capabilities.md

@@ -7,20 +7,20 @@ ms.topic: how-to
 
 # Activate Microsoft Defender for Identity capabilities directly on a domain controller
 
-Microsoft Defender for Endpoint customers, who have already onboarded their domain controllers to Defender for Endpoint, can activate Microsoft Defender for Identity capabilities directly on a domain controller instead of using a [Microsoft Defender for Identity sensor](deploy-defender-identity.md).
+Microsoft Defender for Endpoint customers, who have already onboarded their domain controllers to Defender for Endpoint, can activate Microsoft Defender for Identity capabilities directly on a domain controller instead of using [Microsoft Defender for Identity classic sensor](deploy-defender-identity.md).
 
 This article describes how to activate and test Microsoft Defender for Identity capabilities on your domain controller.
 
 > [!IMPORTANT]
-> The new sensor is recommended for customers looking to deploy core identity protections to new domain controllers running Windows Server 2019 or newer. For all other identity infrastructure, or for customers looking to deploy the most robust identity protections available from Microsoft Defender for Identity today, we recommend deploying the classic sensor.
+> The new Defender for Identity sensor (version 3.x) is recommended for customers looking to deploy core identity protections to new domain controllers running Windows Server 2019 or newer. For all other identity infrastructure, or for customers looking to deploy the most robust identity protections available from Microsoft Defender for Identity today, we recommend deploying the classic sensor [here](quick-installation-guide.md).
 
 ## Prerequisites
 
 Before activating the Defender for Identity capabilities on your domain controller, make sure that your environment complies with the prerequisites in this section.
 
 ### Defender for Identity sensor conflicts
 
-The configuration described in this article doesn't support side-by-side installation with an existing Defender for Identity sensor, and isn't recommended as a replacement for the Defender for Identity sensor.
+The configuration described in this article doesn't support side-by-side installation with an existing Defender for Identity sensor, and isn't recommended as a replacement for the Defender for Identity classic sensor.
 
 Make sure that the domain controller where you're planning to activate Defender for Identity capabilities doesn't have a [Defender for Identity sensor](deploy-defender-identity.md) deployed.
 
@@ -43,7 +43,7 @@ Your domain controller must be onboarded to Microsoft Defender for Endpoint.
 
 For more information, see [Onboard a Windows server](/microsoft-365/security/defender-endpoint/onboard-windows-server).
 
-### Required permissions
+### Permissions requirements 
 
 To access the Defender for Identity **Activation** page, you must either be a [Security Administrator](/entra/identity/role-based-access-control/permissions-reference), or have the following Unified RBAC permissions:
 
@@ -80,15 +80,31 @@ Set-MDIConfiguration -Mode Domain -Configuration All
 
 ## Activate Defender for Identity capabilities
 
-After ensuring that your environment is completely configured, activate the  Microsoft Defender for Identity capabilities on your domain controller.
+After ensuring that your environment is completely configured, activate the Microsoft Defender for Identity capabilities on your domain controller.
 
-1. In the [Defender portal](https://security.microsoft.com), select **Settings > Identities > [Activation](https://security.microsoft.com/settings/identities?tabid=onboarding)**.
+Activate the Defender for Identity from the [Microsoft Defender portal](https://security.microsoft.com).
 
-    The **Activation** page lists any detected and eligible domain controllers.
+1. Navigate to **System** > **Settings** > **Identities** > **Activation**.
 
-1. Select the domain controller where you want to activate the Defender for Identity capabilities and then select **Activate**. Confirm your selection when prompted.
+   The Activation page lists servers discovered in Device Inventory and identified as eligible domain controllers. 
 
-When the activation is complete, a green success banner shows. In the banner, select **Click here to see the onboarded servers** to jump to the **Settings > Identities > Sensors** page, where you can check your sensor health.
+2. Select the domain controller where you want to activate the Defender for Identity capabilities and then select **Activate**. Confirm your selection when prompted. 
+
+    > [!NOTE]
+    > You can choose to activate eligible domain controllers either automatically, where Defender for Identity activates them as soon as they're discovered, or manually, where you select specific domain controllers from the list of eligible servers.
+
+3. When the activation is complete, a green success banner shows. In the banner, select **Click here to see the onboarded servers** to jump to the **Settings > Identities > Sensors** page, where you can check your sensor health.
+
+## Onboarding Confirmation 
+
+To confirm the sensor has been onboarded: 
+
+1. Navigate to **System** > **Settings** > **Identities** > **Sensors**. 
+
+2. Check that the onboarded domain controller is listed. 
+
+> [!NOTE]
+>  The activation doesn't require a restart/reboot. The first time you activate Defender for Identity capabilities on your domain controller, it may take up to an hour for the first sensor to show as **Running** on the **Sensors** page. Subsequent activations are shown within five minutes.
 
 ## Test activated capabilities
 
@@ -106,9 +122,9 @@ Use the following procedures to test your environment for Defender for Identity
 
 ### Check the ITDR dashboard
 
-In the Defender portal, select **Identities > Dashboard** and review the details shown, checking for expected results from your environment.
+In the Defender portal, select **Identities** > **Dashboard**, and review the details shown, checking for expected results from your environment.
 
-For more information, see [Work with Defender for Identity's ITDR dashboard (Preview)](../dashboard.md).
+For more information, see [Work with Defender for Identity's ITDR dashboard](../dashboard.md).
 
 
 ### Confirm entity page details
@@ -193,10 +209,6 @@ Test remediation actions on a test user. For example:
 
 1. Check Active Directory for the expected activity.
 
-> [!NOTE]
-> The current version doesn't collect the User Account Control (UAC) flags correctly. So disabled users, would still appear as Enabled in the portal.
-
-
 For more information, see [Remediation actions in Microsoft Defender for Identity](../remediation-actions.md).
 
 ## Deactivate Defender for Identity capabilities on your domain controller

ATPDocs/deploy/deploy-defender-identity.md

@@ -53,14 +53,17 @@ Use the following steps to prepare for deploying Defender for Identity:
 > We recommend running the [*Test-MdiReadiness.ps1*](https://github.com/microsoft/Microsoft-Defender-for-Identity/tree/main/Test-MdiReadiness) script to test and see if the servers in your environment have the necessary prerequisites.
 > You can use the [DefenderForIdentity PowerShell module](https://www.powershellgallery.com/packages/DefenderForIdentity/) to add the required auditing and configure the necessary settings.
 
-## Deploy Defender for Identity
+> [!IMPORTANT]
+> The new sensor is recommended for customers looking to deploy core identity protections to new domain controllers running Windows Server 2019 or newer. For all other identity infrastructure, or for customers looking to deploy the most robust identity protections available from Microsoft Defender for Identity today, we recommend deploying the classic sensor. [Learn more about the new sensor](/defender-for-identity/deploy/activate-capabilities)
+
+## Deploy Defender for Identity classic sensor
 
 After you've prepared your system, use the following steps to deploy Defender for Identity:
 
 1. [Verify connectivity to the Defender for Identity service](configure-proxy.md).
-1. [Download the Defender for Identity sensor](download-sensor.md).
-1. [Install the Defender for Identity sensor](install-sensor.md). 
-1. [Configure the Defender for Identity sensor](configure-sensor-settings.md) to start receiving data.
+1. [Download the Defender for Identity classic sensor](download-sensor.md).
+1. [Install the Defender for Identity classic sensor](install-sensor.md). 
+1. [Configure the Defender for Identity classic sensor](configure-sensor-settings.md) to start receiving data.
 
 ## Post-deployment configuration
 

ATPDocs/deploy/download-sensor.md

@@ -5,9 +5,12 @@ ms.date: 06/13/2023
 ms.topic: how-to
 ---
 
-# Download the Microsoft Defender for Identity sensor
+# Download the Microsoft Defender for Identity classic sensor
 
-This article describes how to download the Microsoft Defender for Identity sensor for your domain controllers or AD CS / AD FS servers. 
+This article describes how to download the Microsoft Defender for Identity classic sensor for your domain controllers or AD CS / AD FS and Entra Connect servers. 
+
+> [!IMPORTANT]
+> The new sensor is recommended for customers looking to deploy core identity protections to new domain controllers running Windows Server 2019 or newer. For all other identity infrastructure, or for customers looking to deploy the most robust identity protections available from Microsoft Defender for Identity today, we recommend deploying the classic sensor. [Learn more about the new sensor](/defender-for-identity/deploy/activate-capabilities)
 
 ## Add a sensor and download sensor software
 
@@ -17,7 +20,7 @@ This article describes how to download the Microsoft Defender for Identity senso
 
     [![Screenshot of the Sensors tab.](../media//sensor-page.png)](../media/sensor-page.png#lightbox)
 
-1. Select **Add sensor**. Then, in the **Add a new sensor** pane, select **Download installer** and save the installation package locally. The downloaded zip file includes the following files:
+1. Select **Add sensor**. Then, in the **Add a new sensor** pane, select **Download installer**, and save the installation package locally. The downloaded zip file includes the following files:
 
     - The Defender for Identity sensor installer
 

ATPDocs/deploy/install-sensor.md

@@ -7,7 +7,10 @@ ms.topic: how-to
 
 # Install a Microsoft Defender for Identity sensor
 
-This article describes how to install a Microsoft Defender for Identity sensor, including a standalone sensor. The default recommendation is to use the UI. However:
+> [!IMPORTANT]
+> The new sensor is recommended for customers looking to deploy core identity protections to new domain controllers running Windows Server 2019 or newer. For all other identity infrastructure, or for customers looking to deploy the most robust identity protections available from Microsoft Defender for Identity today, we recommend deploying the classic sensor. [Learn more about the new sensor](/defender-for-identity/deploy/activate-capabilities)
+
+This article describes how to install a Microsoft Defender for Identity classic sensor, including a standalone sensor. The default recommendation is to use the UI. However:
 
 - When you're installing the sensor on Windows Server Core, or to deploy the sensor via a software deployment system, follow the steps for [silent installation](#perform-a-defender-for-identity-silent-installation) instead.
 
@@ -29,9 +32,9 @@ Before you start, make sure that you have:
 
 - Trusted root certificates on your machine. If your trusted root CA-signed certificates are missing, [you might receive a connection error](../troubleshooting-known-issues.md#proxy-authentication-problem-presents-as-a-connection-error).
 
-## Install the sensor by using the UI
+## Install the classic sensor by using the UI
 
-Perform the following steps on the domain controller, Active Directory Federation Services (AD FS) server, or Active Directory Certificate Services (AD CS) server.
+Perform the following steps on the domain controller, Active Directory Federation Services (AD FS) server, Active Directory Certificate Services (AD CS) server or Entra Connect server.
 
 1. Verify that the machine has connectivity to the relevant [Defender for Identity cloud service endpoints](configure-proxy.md#enable-access-to-defender-for-identity-service-urls-in-the-proxy-server).
 

ATPDocs/deploy/media/activate-capabilities/1.png

@@ -121,7 +121,7 @@ This article lists prerequisites required for a basic installation. Additional p
 
 For more information, see:
 
-- [Deploying Microsoft Defender for Identity on AD FS and AD CS servers](active-directory-federation-services.md)
+- [Deploying Microsoft Defender for Identity on AD FS, AD CS and Entra Connect servers](active-directory-federation-services.md)
 - [Microsoft Defender for Identity multi-forest support](multi-forest.md)
 - [Microsoft Defender for Identity standalone sensor prerequisites](prerequisites-standalone.md)
 - [Defender for Identity architecture](../architecture.md)

ATPDocs/deploy/media/activate-capabilities/2.png

@@ -67,16 +67,19 @@ During installation, if .NET Framework 4.7 or later isn't installed, the .NET Fr
 
 When installing your sensors, consider scheduling a maintenance window for your domain controllers.
 
-## Install Defender for Identity
+> [!IMPORTANT]
+> The new sensor is recommended for customers looking to deploy core identity protections to new domain controllers running Windows Server 2019 or newer. For all other identity infrastructure, or for customers looking to deploy the most robust identity protections available from Microsoft Defender for Identity today, we recommend deploying the classic sensor. [Learn more about the new sensor](/defender-for-identity/deploy/activate-capabilities)
+
+## Install Defender for Identity classic sensor
 
 
 This procedure describes how to install the Defender for Identity sensor on a Windows server version 2016 or higher. Make sure that your server has the [minimum system requirements](#minimum-system-requirements).
 
 > [!NOTE]
-> Defender for Identity sensors should be installed on all domain controllers, including read-only domain controllers (RODC). If you're installing on an AD FS / AD CS farm or cluster, we recommend installing the sensor on each AD FS / AD CS server.
+> Defender for Identity sensors should be installed on all domain controllers, including read-only domain controllers (RODC). If you're installing on an AD FS / AD CS / Entra Connect farm or cluster, we recommend installing the sensor on each AD FS / AD CS / Entra Connect server.
 >
 
-**To download and install the sensor**:
+**To download and install the classic sensor**:
 
 1. Download the Defender for Identity sensor from the [Microsoft Defender portal](https://security.microsoft.com).
 1. Browse to **System** > **Settings** > **Identities** > **Sensors** > **Add sensor**