Merge branch 'protect-ot-article-in-xdr' of https://github.com/limwainstein/defender-docs-pr into protect-ot-article-in-xdr

Author: limwainstein

.openpublishing.redirection.defender-endpoint.json

@@ -1,5 +1,10 @@
 {
   "redirections": [
+    {
+      "source_path": "defender-endpoint/configure-microsoft-threat-experts.md",
+      "redirect_url": "/defender-xdr/defender-experts-for-hunting",
+      "redirect_document_id": false
+    },    
     {
       "source_path": "defender-endpoint/microsoft-defender-antivirus-using-mde-security-set-mngmnt.md",
       "redirect_url": "/defender-endpoint/evaluate-mdav-using-gp",

.openpublishing.redirection.defender-xdr.json

@@ -1,5 +1,16 @@
 {
   "redirections": [
+    {
+      "source_path": "defender-xdr/microsoft-365-security-center-defender-cloud-apps.md",
+      "redirect_url": "/defender-cloud-apps/microsoft-365-security-center-defender-cloud-apps",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-xdr/microsoft-365-security-center-mdi.md",
+      "redirect_url": "/defender-for-identity/microsoft-365-security-center-mdi",
+      "redirect_document_id": false
+    },
+
     {
       "source_path": "defender-xdr/eval-create-eval-environment.md",
       "redirect_url": "/defender-xdr/pilot-deploy-overview",

ATPDocs/deploy/test-connectivity.md

@@ -14,6 +14,9 @@ After preparing the server that you're going to use for your Microsoft Defender
 
 For more information, see [Required ports](../prerequisites.md#ports).
 
+> [!NOTE]
+> To get the name and other important details about your Defender for Identity workspace, see the [About page](../settings-about.md) in the [Microsoft Defender XDR](https://security.microsoft.com/) portal.
+
 ## Test connectivity using a browser
 
 1. Open a browser. If you're using a proxy, make sure that your browser uses the same proxy settings being used by the sensor.

ATPDocs/health-alerts.md

@@ -1,7 +1,7 @@
 ---
 title: Microsoft Defender for Identity health issues
 description: This article describes all the health issues that can occur for each component, listing the cause and the steps needed to resolve the problem
-ms.date: 07/09/2024
+ms.date: 01/16/2025
 ms.topic: how-to
 ---
 
@@ -191,6 +191,12 @@ Sensor-specific health issues are displayed in the **Sensor health issues** tab
 |----|----|----|----|----|
 |Radius accounting (VPN integration) data ingestion failures.|The listed Defender for Identity sensors have radius accounting (VPN integration) data ingestion failures.|Validate that the shared secret in the Defender for Identity configuration settings matches your VPN server, according to the guidance described [Configure VPN in Defender for Identity](vpn-integration.md#configure-vpn-in-defender-for-identity) section, in the [Defender for Identity VPN integration](vpn-integration.md) page.|Low|Health issues page|
 
+### Auditing for AD CS servers is not enabled as required
+
+|Alert|Description|Resolution|Severity|Displayed in|
+|----|----|----|----|----|
+|Auditing for AD CS servers is not enabled as required. (This configuration is validated once a day, per sensor).|The Advanced Auditing Policy Configuration or AD CS auditing is not enabled as required.|Enable the Advanced Auditing Policy Configuration and AD CS auditing according to the guidance as described in the [Configure auditing on AD CS](configure-windows-event-collection.md#configure-auditing-on-ad-cs) section, in the [Configure Windows Event collection](configure-windows-event-collection.md) page.|Medium|Sensors health issues tab|
+
 ### Sensor failed to retrieve Microsoft Entra Connect service configuration
 
 | Alert| Description  |Resolution|Severity|Displayed in|

defender-xdr/microsoft-365-security-center-mdi.md renamed to ATPDocs/microsoft-365-security-center-mdi.md

@@ -11,16 +11,18 @@ items:
     href: zero-trust.md
   - name: System architecture
     href: architecture.md
-  - name: Defender for Identity in Microsoft Defender XDR
-    href: /microsoft-365/security/defender/microsoft-365-security-center-mdi?bc=/defender-for-identity/bread/toc.json&toc=/defender-for-identity/TOC.json
+  - name: Defender for Identity in the Microsoft Defender portal
+    href: microsoft-365-security-center-mdi.md
   - name: Defender for Identity for US Government
     href: us-govt-gcc-high.md
 - name: Deploy
   expanded: true
   items:
   - name: Quick installation guide
     href: deploy/quick-installation-guide.md
-  - name: Deployment overview
+  - name: Pilot and deploy Microsoft Defender XDR
+    href: /defender-xdr/pilot-deploy-overview?toc=/defender-for-identity/toc.json&bc=/defender-for-identity/breadcrumb/toc.json
+  - name: Defender for Identity deployment overview
     href: deploy/deploy-defender-identity.md
   - name: Plan and prepare
     items:

ATPDocs/toc.yml

@@ -20,8 +20,11 @@ Below is a list of the activity filters that can be applied. Most filters suppor
 - Activity objects – Search for the objects the activity was done on. This filter applies to files, folders, users, or app objects.
     - Activity object ID - the ID of the object (file, folder, user, or app ID).
 
-    - Item - Enables you to search by the name or ID of any activity object (for example, user names, files, parameters, sites). For the **Activity object Item** filter, you can select whether to filter for items that **Contain**, **Equal**, or **Starts with** the specific item.
+    - Item - Enables you to search by the name or ID of any activity object (for example, user names, files, parameters, sites). For the **Activity object Item** filter, you can select whether to filter for items that **Contains**, **Equals**, or **Starts with** the specific item.
 
+    > [!NOTE]
+    > Activity-Policy's **Activity object Item** filter supports the **Equals** operator only.
+  
 - Action type - Search for a more specific action performed in an app.
 
 - Activity type - Search for the app activity.

CloudAppSecurityDocs/activity-filters-queries.md

@@ -17,7 +17,7 @@ Use app governance to create OAuth policies for apps connected to Microsoft 365,
 
 <br>
 
->[!VIDEO https://www.microsoft.com/videoplayer/embed/RE4YU37]
+>[!VIDEO https://learn-video.azurefd.net/vod/player?id=b10dbf02-9f56-4f37-8c68-8221be5b4aea]
 
 <a name='create-oauth-app-policies-for-azure-ad'></a>
 

CloudAppSecurityDocs/app-governance-app-policies-create.md

@@ -11,7 +11,7 @@ Cyber attacks have become increasingly sophisticated in the ways they exploit th
 
 To understand the potential risks and stop these types of attacks, you need to gain clear visibility into your organization’s app compliance posture. You need to be able to quickly identify when an app exhibits anomalous behaviors and respond when these behaviors present risks to your environment, data, and users. <br><br>
 
-> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4S7sp]
+> [!VIDEO https://learn-video.azurefd.net/vod/player?id=ed7ad7f7-58dc-4a09-ace3-e1d6b8f55353]
 
 ## App governance features
 

CloudAppSecurityDocs/app-governance-manage-app-governance.md

@@ -10,7 +10,7 @@ description: Get started learning about predefined app policies.
 App governance contains a set of out of the box policies to detect anomalous app behaviors. These policies are activated by default, but you can deactivate them if you choose to.<br>
 <br>
 
-> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4YpJN]
+> [!VIDEO https://learn-video.azurefd.net/vod/player?id=22872b35-18aa-424d-bec7-3f77869a5e47]
 
 ## Working with predefined policies