Merge branch 'main' into docs-editor/live-response-1736368750

Author: denisebmsft

defender-endpoint/microsoft-defender-antivirus-compatibility.md

@@ -4,7 +4,7 @@ description: Learn about Microsoft Defender Antivirus with other security produc
 ms.service: defender-endpoint
 ms.subservice: ngp
 ms.localizationpriority: medium
-ms.date: 10/17/2024
+ms.date: 01/10/2025
 ms.topic: conceptual
 author: emmwalshh
 ms.author: ewalsh
@@ -132,6 +132,12 @@ In order for Microsoft Defender Antivirus to run in passive mode, endpoints must
 
 - Endpoints must be onboarded to Defender for Endpoint. 
 
+- Windows Security Center Service must be enabled.
+
+> [!WARNING]
+> If the **Windows Security Center Service** is *disabled* on Windows Clients then Microsoft Defender Antivirus can't detect third-party antivirus installations and will stay **Active**.
+> This could lead to conflicts between the Microsoft Defender Antivirus and the third-party Antivirus, as both will attempt to provide active protection. This will impact performance and is not supported.
+
 > [!IMPORTANT]
 > - Microsoft Defender Antivirus is only available on devices running Windows 10 and 11, Windows Server 2022, Windows Server 2016, Windows Server 2019, Windows Server, version 1803 or newer, Windows Server 2016, and Windows Server 2012 R2.
 > - Passive mode is only supported on Windows Server 2012 R2 & 2016 when the device is onboarded using the [modern, unified solution](configure-server-endpoints.md). 

defender-xdr/incident-response-overview.md

@@ -51,7 +51,12 @@ For more information, see [Automated investigation and response in Microsoft Def
 
 It's not enough to respond to attacks as they occur. For extended, multi-phase attacks such as ransomware, you must proactively search for the evidence of an attack in progress and take action to stop it before it completes.
 
-Advanced hunting is a query-based threat hunting tool in Microsoft Defender XDR that lets you explore up to 30 days of raw data. You can proactively inspect events in your network to locate threat indicators and entities. This flexible access to the Microsoft Defender XDR data enables unconstrained hunting for both known and potential threats.
+Advanced hunting is a query-based threat hunting tool in Microsoft Defender XDR that lets you explore up to 30 days of raw data. You can proactively inspect events in your network to locate threat indicators and entities. 
+
+> [!TIP]
+> You can extend the 30 days of raw data of advanced hunting using [Microsoft XDR Streaming API](/defender-xdr/streaming-api) and [Microsoft Defender for Endpoint Streaming API](/defender-endpoint/api/raw-data-export).
+
+This flexible access to the Microsoft Defender XDR data enables unconstrained hunting for both known and potential threats.
 
 You can use the same threat hunting queries to build custom detection rules. These rules run automatically to check for and then respond to suspected breach activity, misconfigured machines, and other findings.