Merge branch 'main' into docs-editor/microsoft-defender-endpoint-io-1742981282

Author: Ruchika-mittal01

ATPDocs/troubleshooting-known-issues.md

@@ -224,7 +224,7 @@ Suggested possible workarounds:
 
 ## VMware virtual machine sensor issue
 
-If you have a Defender for Identity sensor on VMware virtual machines, you might receive one or both of the following health alerts **Some network traffic is not being analyzed** and **Network configuratuin mismatch for sensors running on VMware**. This can happen because of a configuration mismatch in VMware.
+If you have a Defender for Identity sensor on VMware virtual machines, you might receive one or both of the following health alerts **Some network traffic is not being analyzed** and **Network configuration mismatch for sensors running on VMware**. This can happen because of a configuration mismatch in VMware.
 
 To resolve the issue:
 
@@ -422,7 +422,7 @@ Uninstall the certificate management client, install the Defender for Identity s
 
 >[!NOTE]
 >
->The self-signed certificate is renewed every 2 years, and the auto-renewal process might fail if the certificate management client prevents the self-signed certificate creation.
+> The self-signed certificate is renewed every 2 years, and the auto-renewal process might fail if the certificate management client prevents the self-signed certificate creation.
 > This will cause the sensor to stop communicating with the backend, which will require a sensor reinstallation using the workaround mentioned above.
 
 ## Sensor installation fails due to network connectivity issues
@@ -445,7 +445,6 @@ For more information, see [Run a silent installation with a proxy configuration]
 
 > [!IMPORTANT]
 > Microsoft recommends that you use the most secure authentication flow available. The authentication flow described in this procedure requires a very high degree of trust in the application, and carries risks that aren't present in other flows. You should only use this flow when other more secure flows, such as managed identities, aren't viable.
->
 
 ## Sensor service couldn't run and remains in Starting state
 
@@ -486,6 +485,22 @@ The issue can come up when a Defender for Identity workspace license expires and
    - "Azure ATP workspaceName Users" -> "Azure ATP workspaceName Users - old"
 1. Then you can go back in the [Microsoft Defender portal](https://security.microsoft.com), to the [Settings](https://security.microsoft.com/securitysettings) -> [Identities](https://security.microsoft.com/settings/identities) section to create the new workspace for Defender for Identity.
 
+## Entra Connect sensor experiences loss of database permissions following the update to Microsoft Entra Connect 
+
+**Cause:**
+
+Updating Microsoft Entra Connect may cause the Entra Connect sensor to lose previously configured database permissions. To investigate, check the Microsoft Defender logs for relevant indicators. Refer to [Troubleshooting Microsoft Defender for Identity sensor using the Defender for Identity logs](troubleshooting-using-logs.md) for log locations and further details.
+
+Sample logs that may indicate the issue:
+
+`GetEntraConnectGlobalSettingsAsync GetEntraConnectGlobalSettingsAsync failed. Exception - The EXECUTE permission was denied on the object 'mms_get_globalsettings', database Contoso', schema 'dbo'`
+
+`GetEntraConnectConnectivityParametersAsync GetEntraConnectConnectivityParametersAsync failed. Exception - The EXECUTE permission was denied on the object 'mms_get_connectors', database Contoso, schema 'dbo'`
+
+**Resolution:**
+
+If permissions need to be reconfigured, please follow the steps outlined in this [guide](deploy/active-directory-federation-services.md).
+
 ## Next steps
 
 - [Defender for Identity prerequisites](deploy/prerequisites.md)

defender-endpoint/ios-configure-features.md

@@ -14,7 +14,7 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: ios
 search.appverid: met150
-ms.date: 02/06/2025
+ms.date: 03/27/2025
 ---
 
 # Configure Microsoft Defender for Endpoint on iOS features
@@ -319,7 +319,7 @@ Defender for Endpoint on iOS enables admins to configure custom indicators on iO
 > [!NOTE]
 > Defender for Endpoint on iOS supports creating custom indicators only for URLs and domains. IP based custom indicators aren't supported on iOS. 
 > 
-> IP `245.245.0.1` is an internal Defender IP and should not be included in custom indicators by customers to avoid any functionality issues.
+> IP `245.245.0.1` is an internal Defender IP and shouldn't be included in custom indicators by customers to avoid any functionality issues.
 > 
 > For iOS, no alerts are generated in the Microsoft Defender portal when the URL or domain set in the indicator is accessed.
 
@@ -427,6 +427,9 @@ Defender for Endpoint on iOS enables bulk tagging the mobile devices during onbo
 
 This configuration is available for both the enrolled (MDM) devices and unenrolled (MAM) devices. Admins can use the following steps to configure the Device tags.
 
+> [!NOTE]
+> Configuring more than one device tags from Intune isn't supported as only one device tag reflects when configured. However, multiple device tags can be added manually in the XDR portal.
+
 ### Configure device tags using MDM
 
 **For enrolled devices (MDM)**

unified-secops-platform/mto-tenantgroups.md

@@ -12,7 +12,7 @@ ms.collection:
 - highpri
 - tier1
 ms.topic: conceptual
-ms.date: 01/02/2025
+ms.date: 03/27/2025
 appliesto: 
 - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/defender/microsoft-365-defender" target="_blank">Microsoft Defender XDR</a>
 ---
@@ -24,7 +24,7 @@ Content distribution helps you manage content at scale, across tenants in multit
 Distributing content in this manner, across tenants, enables you to organize tenants and content based on categories like business groups or location.
 
 > [!NOTE]
-> Multitenant management currently supports adding custom detection rules to a tenant group. Additional content types will be added in the future.
+> Multitenant management currently supports adding custom detection rules to a tenant group. Additional content types will be added in the future. 
 
 ## Requirements
 
@@ -41,7 +41,7 @@ The following table lists the requirements for content distribution in multitena
 To create a new tenant group:
 
 1. Go to the [Tenant groups page](https://mto.security.microsoft.com/tenantgroups) in multitenant management in Microsoft Defender XDR.
-2. Select **Create tenant group**. In the **Tenants** page, select **Add tenant** to see a list of available tenants that you can add to your tenant group. Choose the tenants you want to add to the tenant group, then select **Add**.:
+2. Select **Create tenant group**. In the **Tenants** page, select **Add tenant** to see a list of available tenants that you can add to your tenant group. Choose the tenants you want to add to the tenant group, then select **Add**.
 
     :::image type="content" source="media/mto-tenantgroups/mto-add-tenants-small.png" alt-text="Screenshot of the tenant group creation wizard." lightbox="media/mto-tenantgroups/mto-add-tenants.png":::
 
@@ -50,7 +50,7 @@ To create a new tenant group:
     :::image type="content" source="media/mto-tenantgroups/mto-add-content-small.png" alt-text="Screenshot of content selection wizard." lightbox="media/mto-tenantgroups/mto-add-content.png":::
 
 > [!NOTE]
-> The content type selection is currently limited to adding custom detection rules to a tenant group. Adding other content types will be available in the future. 
+> The content type selection is currently limited to adding custom detection rules to a tenant group. 
 
 4. In the **Custom detection rules** page, select **Add content** to add specific detection rules to your tenant group.
 
@@ -82,6 +82,9 @@ Check the sync results under the **Last sync result** column. If the result is *
 
 :::image type="content" source="media/mto-tenantgroups/mto-sync-results-small.png" alt-text="Screenshot of sync results side pane." lightbox="media/mto-tenantgroups/mto-sync-results.png":::
 
+> [!NOTE]
+> The maximum number of published items per publish operation is 9,500. Published items are calculated as the number of tenants multiplied by the number of templates. For example, if you publish 10 tenant groups with 10 target tenants and 95 content templates, then the published items equals to 9,500.
+
 ## Syncing content among tenant groups
 
 To sync content across tenant groups for the tenants you have permission for: