Merging changes synced from https://github.com/MicrosoftDocs/defender-docs-pr (branch live)

Author: Learn Build Service GitHub App

.acrolinx-config.edn

@@ -35,7 +35,7 @@ If you need a scoring exception for content in this PR, add the *Sign off* and t
 - Escalate the exception request to the Acrolinx Review Team for review.
 - Approve the exception and work with the GitHub Admin Team to merge the PR to the default branch.
 
-For more information about the exception criteria and exception process, see [Minimum Acrolinx topic scores for publishing](https://review.docs.microsoft.com/en-us/office-authoring-guide/acrolinx-min-score?branch=main).
+For more information about the exception criteria and exception process, see [Minimum Acrolinx topic scores for publishing](https://review.learn.microsoft.com/en-us/office-authoring-guide/acrolinx-min-score?branch=main).
  
 Select the total score link to review all feedback on clarity, consistency, tone, brand, terms, spelling, grammar, readability, and inclusive language. _You should fix all spelling errors regardless of your total score_. Fixing spelling errors helps maintain customer trust in overall content quality.
 
@@ -54,7 +54,7 @@ Select the total score link to review all feedback on clarity, consistency, tone
 - [Install Acrolinx locally for VSCode for Magic](https://review.learn.microsoft.com/office-authoring-guide/acrolinx-vscode?branch=main)
 - [False positives or issues](https://aka.ms/acrolinxbug)
 - [Request a new Acrolinx term](https://microsoft.sharepoint.com/teams/M365Dev2/SitePages/M365-terminology.aspx)
-- [Troubleshooting issues with Acrolinx](https://review.learn.microsoft.com/help/platform/acrolinx-troubleshoot?branch)
+- [Troubleshooting issues with Acrolinx](https://review.learn.microsoft.com/help/platform/acrolinx-troubleshoot?branch=main)
 
 "
 }

CloudAppSecurityDocs/discovered-apps.md

@@ -67,7 +67,7 @@ You also might want to identify specific app instances that are in use by invest
 :::image type="content" source="media/discovered-apps/subdomains-image.png" alt-text="Subdomain filter.":::
 
 > [!NOTE]
-> The feature of discovered subdomains will be deprecated by Sep 31st, 2025. Post this, no support for discovery subdomains will be provided.
+> The feature of discovered subdomains will be deprecated by Dec 31st, 2025. Post this, no support for discovery subdomains will be provided.
 > 
 >  Deep dives into discovered apps are supported only in firewalls and proxies that contain target URL data. For more information, see [Supported firewalls and proxies](set-up-cloud-discovery.md#supported-firewalls-and-proxies).
 >

defender-xdr/TOC.yml

@@ -365,10 +365,14 @@
             href: access-den-graph-api.md
           - name: Ask Defender Experts
             href: experts-on-demand.md
+          - name: Understand Defender Experts for Hunting reports
+            href: defender-experts-report.md
         - name: Frequently asked questions
-          href: faq-defender-experts-hunting.md    
-        - name: Understand Defender Experts for Hunting reports
-          href: defender-experts-report.md
+          items: 
+          - name: General information
+            href: faq-defender-experts-hunting.md
+          - name: Server and cloud workload coverage
+            href: faq-cloud-coverage-defender-experts.md
       - name: Collaborate with Microsoft Defender Experts for XDR
         items:
         - name: Overview
@@ -383,10 +387,12 @@
             href: managed-detection-and-response-xdr.md
           - name: Scoped coverage
             href: defender-experts-scoped-coverage.md  
-          - name: Communicate with Defender Experts for XDR
+          - name: Communicate with Defender Experts
             href: communicate-defender-experts-xdr.md
           - name: Reports
             href: reports-xdr.md
+          - name: Third-party enrichment
+            href: third-party-enrichment-defender-experts.md
           - name: Defender Experts for Hunting
             href: defender-experts-for-hunting.md
           - name: Auditing
@@ -399,6 +405,8 @@
             href: faq-incident-notifications-xdr.md
           - name: Managed response
             href: faq-managed-response.md
+          - name: Server and cloud workload coverage
+            href: faq-cloud-coverage-defender-experts.md
         - name: Additional information on Defender Experts for XDR
           items:
           - name: Important considerations

defender-xdr/auditing.md

@@ -1,12 +1,12 @@
 ---
 title: How to search the audit logs for actions performed by Defender Experts
 ms.reviewer:
-description: As a tenant administrator, you can use Microsoft Purview to search the audit logs for the actions Microsoft Defender Experts did in your tenant to perform their investigations
+description: As a tenant administrator, you can use Microsoft Purview to search the audit logs for the actions Microsoft Defender Experts did in your tenant to perform their investigations.
 ms.service: defender-experts-for-xdr
-ms.author: vpattnaik
-author: vpattnai
+ms.author: pauloliveria
+author: poliveria
 ms.localizationpriority: medium
-manager: dansimp
+manager: orspodek
 audience: ITPro
 ms.collection:
   - m365-security
@@ -17,14 +17,15 @@ ms.custom:
 - cx-ti
 - cx-dex
 search.appverid: met150
-ms.date: 01/14/2025
+ms.date: 08/01/2025
 ---
 
 # Auditing
 
 **Applies to:**
 
-- [Microsoft Defender XDR](microsoft-365-defender.md)
+- [Microsoft Defender Experts for XDR](dex-xdr-overview.md)
+- Microsoft Defender Experts for Servers
 
 As a tenant administrator, you can use Microsoft Purview to search the audit logs for the times Microsoft Defender Experts signed into your tenant and the actions they did there to perform their investigations. You can also search the audit logs for the changes done by your tenant administrators to the Defender Experts settings.
 

defender-xdr/before-you-begin-defender-experts.md

@@ -3,10 +3,10 @@ title: Before you begin using the Microsoft Defender Experts for Hunting service
 ms.reviewer:
 description: To enable us to get started with the defender experts managed service, we require the following prerequisites
 ms.service: defender-experts-for-hunting
-ms.author: vpattnaik
-author: vpattnai
+ms.author: pauloliveria
+author: poliveria
 ms.localizationpriority: medium
-manager: dansimp
+manager: orspodek
 audience: ITPro
 ms.collection:
   - m365-security
@@ -18,7 +18,7 @@ ms.custom:
 - cx-ti
 - cx-ean
 search.appverid: met150
-ms.date: 04/24/2025
+ms.date: 08/01/2025
 ---
 
 # Before you begin using Defender Experts for Hunting
@@ -28,7 +28,6 @@ ms.date: 04/24/2025
 **Applies to:**
 
 - [Microsoft Defender XDR](microsoft-365-defender.md)
-- [Microsoft Defender Experts for XDR](dex-xdr-overview.md)
 
 [Microsoft Defender Experts for Hunting](defender-experts-for-hunting.md) is a managed service that provides hunting capabilities for novel emerging threats that aren't yet well known in the industry. The analysts for the hunting service review trends in the threat actor evolution based on world-renowned Microsoft Threat Intelligence and Research. They then apply the insights they gather to hunt for emerging attack vectors within the customer ecosystem.
 
@@ -38,12 +37,14 @@ With deep product expertise powered by threat intelligence, we're uniquely posit
 1. Get detailed, step-by-step, and actionable guidance from our experts so you can respond to these emerging threats.
 1. [Seek assistance](#ask-defender-experts) from Defender Experts.
 
-This document outlines the key infrastructure requirements you must meet and important information on data access and compliance you must know before purchasing the Microsoft Defender Experts for Hunting service. Microsoft understands that customers who use our managed services entrust us with their most valued asset, their data.
+This document outlines the key infrastructure requirements you must meet and important information on data access and compliance you must know before purchasing the **Microsoft Defender Experts for Hunting - XDR** service and its add-on, **Microsoft Defender Experts for Hunting - Servers**. Microsoft understands that customers who use our managed services entrust us with their most valued asset, their data.
 
 ## Eligibility and licensing
 
 Defender Experts for Hunting is a separate service from your existing Microsoft Defender products. Before enrolling in this service, make sure that you have the necessary license and access.
 
+**Microsoft Defender Experts for Hunting – XDR**
+
 We require the following licensing prerequisites to enable us to get started with this threat hunting service:
 
 - Microsoft Defender for Endpoint P2 must be licensed and enabled on eligible devices
@@ -60,20 +61,33 @@ The following product is **not** covered by this service:
 - Microsoft Defender for IoT
 - Other Microsoft services not mentioned in the previous lists
 
+**Microsoft Defender Experts for Hunting - Servers**
+
+Customers who wish to have Defender Experts hunting coverage for Microsoft Defender for Cloud servers must have the following:
+
+-	Defender Experts for Hunting - XDR service enrollment
+-	Defender for Servers Plan 1 or Plan 2 in Microsoft Defender for Cloud
+
 > [!NOTE]
-> Licensing for Microsoft Defender Experts for Hunting is applied at the tenant level and all identities and devices will be included in your license.
+> Defender Experts for Hunting coverage is applied at the tenant level and all identities and devices will be included.
 
 ### Defender Experts for Hunting coverage
 
-Defender Experts for Hunting relies on event signals from Defender for Endpoint, Defender for Office 365, Defender for Cloud Apps, Defender for Identity. It also relies on proprietary Microsoft Threat Intelligence sources.
+**Microsoft Defender Experts for Hunting – XDR**
+
+Defender Experts for Hunting - XDR relies on event signals from Defender for Endpoint, Defender for Office 365, Defender for Cloud Apps, Defender for Identity. It also relies on proprietary Microsoft Threat Intelligence sources.
 
-This service also covers servers—whether on premises or on a hyperscale cloud service provider—that have Defender for Endpoint deployed on them with a Microsoft Defender for Endpoint for Servers license.
+This service also covers servers that have Defender for Endpoint deployed on them with a **Microsoft Defender for Endpoint for Servers** license.
 
 Any detection that's not from Microsoft Defender products (for example, detections from other security vendors) isn't within the scope of Defender Experts for Hunting.
 
+**Microsoft Defender Experts for Hunting - Servers**
+
+Defender Experts for Hunting – Servers provides add-on server coverage, including hybrid and multicloud servers from Defender for Servers. 
+
 ### Ask Defender Experts
 
-[Ask Defender Experts](experts-on-demand.md) is intended to provide a better understanding of complex threats affecting your organization. It focuses on products included in Microsoft Defender XDR (Defender for Endpoint, Defender for Office 365, Defender for Cloud Apps, and Defender for Identity). [See sample questions you can ask Defender Experts](experts-on-demand.md#sample-questions-you-can-ask-from-defender-experts).
+[Ask Defender Experts](experts-on-demand.md) is intended to provide a better understanding of complex threats affecting your organization. It focuses on products included in Microsoft Defender Experts services. [See sample questions you can ask Defender Experts](experts-on-demand.md#sample-questions-you-can-ask-from-defender-experts).
 
 Defender Experts for Hunting customers are assigned 10 Ask Defender Experts credits, which you can use to submit questions, at the start of each calendar quarter. Unused credits from the current quarter roll up to the next one. You can use up to 20 credits only per quarter. All unused credits expire by the end of the calendar year or at the end of your subscription term, whichever comes first.
 
@@ -87,7 +101,7 @@ You might need certain roles and permissions to fully access the service capabil
 
 ## Service availability and data protection
 
-Defender Experts for Hunting is a managed threat hunting service that proactively hunts for threats across endpoints, email, identity, and cloud apps. To carry out hunting on your behalf, Microsoft experts need access to your Microsoft Defender XDR advanced hunting data. Enrolling in this service means you're granting permission to Microsoft experts to access the said data.
+Defender Experts for Hunting - XDR and Defender Experts for Hunting - Servers are managed threat hunting services that proactively hunts for threats across endpoints, email, identity, cloud apps, and servers. To carry out hunting on your behalf, Microsoft experts need access to your Microsoft Defender XDR advanced hunting data. Enrolling in this service means you're granting permission to Microsoft experts to access the said data.
 
 The following sections enumerate additional information about the service's data usage, compliance, and availability. For more information about Microsoft's commitment in valuing and protecting your data, visit the [Trust Center](https://www.microsoft.com/trust-center/product-overview) then scroll down to **Additional products and services** > **Managed Security Services** > **Microsoft Defender Experts**.
 
@@ -99,6 +113,9 @@ Defender Experts for Hunting operational data, such as case tickets and analyst
 
 Microsoft experts hunt over [advanced hunting logs](advanced-hunting-schema-tables.md) in Microsoft Defender XDR advanced hunting tables. The data in these tables depend on the set of Defender services the customer is enabled for (for example, Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Defender for Identity, Microsoft Defender for Cloud Apps, and Microsoft Entra ID). Experts also use a large set of internal threat intelligence data to inform their hunting and automation.
 
+> [!NOTE]
+> Microsoft Defender for Cloud is integrated with Microsoft Defender XDR. This integration allows security teams to access Defender for Cloud alerts and incidents within the Microsoft Defender portal. The Defender Experts for Hunting - Servers add-on service accesses data through the Defender portal, so the same data collection, usage, and retention policies apply to this service.
+
 ### Security and compliance
 
 When you purchase and onboard to Defender Experts for Hunting, you're granting permission to Microsoft experts to access your advanced hunting data.