Merge pull request #2104 from MicrosoftDocs/main

Published main to live, Wednesday 10:30 AM PST, 12/04

Author: padmagit77

ATPDocs/security-assessment-edit-misconfigured-acl.md

@@ -5,7 +5,7 @@ ms.date: 11/20/2023
 ms.topic: how-to
 ---
 
-# Security assessment: Edit misconfigured certificate templates ACL (ESC4)  (Preview)
+# Security assessment: Edit misconfigured certificate templates ACL (ESC4)
 
 This article describes Microsoft Defender for Identity's **Misconfigured certificate template ACL** security posture assessment report.
 

ATPDocs/security-assessment-edit-misconfigured-ca-acl.md

@@ -5,7 +5,7 @@ ms.date: 11/14/2023
 ms.topic: how-to
 ---
 
-# Security assessment: Edit misconfigured Certificate Authority ACL (ESC7)  (Preview)
+# Security assessment: Edit misconfigured Certificate Authority ACL (ESC7)
 
 This article describes Microsoft Defender for Identity's **Misconfigured certificate authority ACL** security posture assessment report.
 

ATPDocs/security-assessment-edit-misconfigured-enrollment-agent.md

@@ -5,7 +5,7 @@ ms.date: 11/20/2023
 ms.topic: how-to
 ---
 
-# Security assessment: Edit misconfigured enrollment agent certificate template (ESC3)  (Preview)
+# Security assessment: Edit misconfigured enrollment agent certificate template (ESC3)
 
 This article describes Microsoft Defender for Identity's **Misconfigured enrollment agent certificate template** security posture assessment report.
 

ATPDocs/security-assessment-edit-misconfigured-owner.md

@@ -5,7 +5,7 @@ ms.date: 11/14/2023
 ms.topic: how-to
 ---
 
-# Security assessment: Edit misconfigured certificate templates owner (ESC4) (Preview)
+# Security assessment: Edit misconfigured certificate templates owner (ESC4)
 
 This article provides an overview of Microsoft Defender for Identity's **Misconfigured certificate templates owner (ESC4)** security posture assessment report.
 

ATPDocs/security-assessment-edit-overly-permissive-template.md

@@ -5,7 +5,7 @@ ms.date: 11/20/2023
 ms.topic: how-to
 ---
 
-# Security assessment: Edit overly permissive certificate template with privileged EKU (Any purpose EKU or No EKU) (ESC2)  (Preview)
+# Security assessment: Edit overly permissive certificate template with privileged EKU (Any purpose EKU or No EKU) (ESC2)
 
 This article describes Microsoft Defender for Identity's **Overly permissive certificate template with privileged EKU** security posture assessment report.
 

ATPDocs/security-assessment-enforce-encryption-rpc.md

@@ -5,7 +5,7 @@ ms.date: 11/20/2023
 ms.topic: how-to
 ---
 
-# Security assessment: Enforce encryption for RPC certificate enrollment interface (ESC11)  (Preview)
+# Security assessment: Enforce encryption for RPC certificate enrollment interface (ESC11)
 
 This article describes Microsoft Defender for Identity's **Enforce encryption for RPC certificate enrollment** security posture assessment report.
 

defender-office-365/attack-simulation-training-get-started.md

@@ -19,7 +19,7 @@ ms.custom:
   - seo-marvel-apr2020
 description: Admins can learn how to use Attack simulation training to run simulated phishing and password attacks in their Microsoft 365 E5 or Microsoft Defender for Office 365 Plan 2 organizations.
 ms.service: defender-office-365
-ms.date: 08/14/2024
+ms.date: 12/04/2024
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 2</a>
 ---
@@ -65,7 +65,7 @@ Watch this short video to learn more about Attack simulation training.
 
 - There are no corresponding PowerShell cmdlets for Attack simulation training.
 
-- Attack simulation and training related data is stored with other customer data for Microsoft 365 services. For more information, see [Microsoft 365 data locations](/microsoft-365/enterprise/o365-data-locations). Attack simulation training is available in the following regions: APC, EUR, and NAM. Countries within these regions where Attack simulation training is available include ARE, AUS, BRA, CAN, CHE, DEU, ESP, FRA, GBR, IND, ISR, ITA, JPN, KOR, LAM, MEX, NOR, POL, QAT, SGP, SWE, TWN and ZAF.
+- Attack simulation and training related data is stored with other customer data for Microsoft 365 services. For more information, see [Microsoft 365 data locations](/microsoft-365/enterprise/o365-data-locations). Attack simulation training is available in the following regions: APC, EUR, and NAM. Countries within these regions where Attack simulation training is available include ARE, AUS, BRA, CAN, CHE, DEU, ESP, FRA, GBR, IND, ISR, ITA, JPN, KOR, LAM, MEX, NOR, NZL, POL, QAT, SGP, SWE, TWN and ZAF.
 
   > [!NOTE]
   > NOR, ZAF, ARE and DEU are the latest additions. All features except reported email telemetry are available in these regions. We're working to enable the features and we'll notify customers as soon as reported email telemetry becomes available.

defender-xdr/advanced-hunting-deviceinfo-table.md

@@ -18,7 +18,7 @@ ms.custom:
 - cx-ti
 - cx-ah
 ms.topic: reference
-ms.date: 01/16/2024
+ms.date: 12/04/2024
 ---
 
 # DeviceInfo
@@ -39,7 +39,7 @@ For information on other tables in the advanced hunting schema, [see the advance
 
 | Column name | Data type | Description |
 |-------------|-----------|-------------|
-| `Timestamp` | `datetime` | Date and time when the event was recorded |
+| `Timestamp` | `datetime` | Last date and time recorded for the device |
 | `DeviceId` | `string` | Unique identifier for the device in the service |
 | `DeviceName` | `string` | Fully qualified domain name (FQDN) of the device |
 | `ClientVersion` | `string` | Version of the endpoint agent or sensor running on the device |
@@ -89,8 +89,9 @@ You can use the following sample query to get the latest state of a device:
 ```kusto
 // Get latest information on user/device
 DeviceInfo
+| extend IngestionTime = ingestion_time()
 | where DeviceName == "example" and isnotempty(OSPlatform)
-| summarize arg_max(Timestamp, *) by DeviceId 
+| summarize arg_max(IngestionTime, *) by DeviceId
 ```
 
 ## Related topics