Merge branch 'main' into docs-editor/microsoft-defender-endpoint-li-1734528284

Author: denisebmsft

ATPDocs/includes/server-requirements.md

@@ -1,18 +1,19 @@
 ---
-title: include file
-description: include file
-ms.topic: include
+title: Include file
+description: Include file
+ms.topic: Include
 ms.date: 09/26/2023
 ---
 
 Defender for Identity sensors can be installed on the following operating systems:
 
 - **Windows Server 2016**
-- **Windows Server 2019**. Requires [KB4487044](https://support.microsoft.com/topic/february-12-2019-kb4487044-os-build-17763-316-6502eb5d-dde8-6902-e149-27ef359ed616) or a newer cumulative update. Sensors installed on Server 2019 without this update will be automatically stopped if the *ntdsai.dll* file version found in the system directory is older than *10.0.17763.316*
+- **Windows Server 2019**. Requires [KB4487044](https://support.microsoft.com/topic/february-12-2019-kb4487044-os-build-17763-316-6502eb5d-dde8-6902-e149-27ef359ed616) or a newer cumulative update. Sensors installed on Server 2019 without this update will be automatically stopped if the `ntdsai.dll` file version found in the system directory is older `than 10.0.17763.316`
 - **Windows Server 2022**
+- **Windows Server 2025**
 
 For all operating systems:
 
 - Both servers with desktop experience and server cores are supported.
-- Nano servers are not supported.
+- Nano servers aren't supported.
 - Installations are supported for domain controllers, AD FS, and AD CS servers.

CloudAppSecurityDocs/network-requirements.md

@@ -28,6 +28,8 @@ To see which data center you're connecting to, do the following steps:
 To use Defender for Cloud Apps in the Microsoft Defender Portal, add **outbound port 443** for the following IP addresses and DNS names to your firewall's allowlist:
 
 ```ini
+cdn.cloudappsecurity.com
+cdn-discovery.cloudappsecurity.com
 adaproddiscovery.azureedge.net
 *.s-microsoft.com
 *.msecnd.net

defender-endpoint/configure-advanced-scan-types-microsoft-defender-antivirus.md

@@ -9,7 +9,7 @@ ms.custom: nextgen
 ms.reviewer: pahuijbr
 manager: deniseb
 ms.subservice: ngp
-ms.date: 11/01/2024
+ms.date: 12/26/2024
 ms.collection: 
 - m365-security
 - tier2
@@ -75,6 +75,9 @@ For details on configuring Microsoft Configuration Manager (current branch), see
 > [!NOTE]
 > If real-time protection is turned on, files are scanned before they are accessed and executed. The scanning scope includes all files, including files on mounted removable media, such as USB drives. If the device performing the scan has real-time protection or on-access protection turned on, the scan also includes network shares.
 
+> [!TIP]
+> If you have a Network-Attached Storage (NAS) or Storage Area Network (SAN), you can use Internet Content Adaption Protocol (ICAP) scanning with the Microsoft Defender Antivirus engine. For more information, see **[Tech Community Blog: MetaDefender ICAP with Windows Defender Antivirus: World-class security for hybrid environments](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/metadefender-icap-with-windows-defender-antivirus-world-class/ba-p/800234)**.
+
 ## Use PowerShell to configure scanning options
 
 For more information on how to use PowerShell with Microsoft Defender Antivirus, see the following articles: