updated metadata

diannegali · diannegali · commit ee310bce4f25 · 2025-03-18T18:01:29.000Z
diff --git a/defender-xdr/media/eval-defender-xdr/defender-endpoint-pilot-deploy-steps.svg b/defender-xdr/media/eval-defender-xdr/defender-endpoint-pilot-deploy-steps.svg
@@ -0,0 +1,184 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<!-- Generated by Microsoft Visio, SVG Export endpoint-steps.svg Page-1 -->
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:ev="http://www.w3.org/2001/xml-events"
+		xmlns:v="http://schemas.microsoft.com/visio/2003/SVGExtensions/" width="7.76772in" height="5.82677in"
+		viewBox="0 0 559.276 419.528" xml:space="preserve" color-interpolation-filters="sRGB" class="st12">
+	<v:documentProperties v:langID="6153" v:metric="true" v:viewMarkup="false">
+		<v:userDefs>
+			<v:ud v:nameU="msvNoAutoConnect" v:val="VT0(1):26"/>
+		</v:userDefs>
+	</v:documentProperties>
+
+	<style type="text/css">
+	<![CDATA[
+		.st1 {fill:#ffffff;stroke:#e3e3e3;stroke-width:0.25}
+		.st2 {stroke:#0078d4;stroke-linecap:round;stroke-linejoin:round;stroke-width:1}
+		.st3 {fill:none;stroke:none;stroke-width:0.25}
+		.st4 {fill:#0078d4;font-family:Calibri;font-size:1.5em}
+		.st5 {marker-end:url(#mrkr1-17);stroke:#0078d4;stroke-linecap:round;stroke-linejoin:round;stroke-width:1}
+		.st6 {fill:#0078d4;fill-opacity:1;stroke:#0078d4;stroke-opacity:1;stroke-width:0.20161290322581}
+		.st7 {fill:#0078d4;stroke:#bebebe;stroke-width:0.25}
+		.st8 {fill:#ffffff;font-family:Segoe UI Semibold;font-size:0.833336em}
+		.st9 {fill:#0078d4;stroke:#0078d4;stroke-width:0.25}
+		.st10 {fill:#3f3f3f;font-family:Calibri;font-size:0.833336em}
+		.st11 {font-size:1em}
+		.st12 {fill:none;fill-rule:evenodd;font-size:12px;overflow:visible;stroke-linecap:square;stroke-miterlimit:3}
+	]]>
+	</style>
+
+	<defs id="Markers">
+		<g id="lend1">
+			<path d="M 1 -1 L 0 0 L 1 1 " style="stroke-linecap:round;stroke-linejoin:round;fill:none"/>
+		</g>
+		<marker id="mrkr1-17" class="st6" v:arrowType="1" v:arrowSize="4" orient="auto" markerUnits="strokeWidth"
+				overflow="visible">
+			<use xlink:href="#lend1" transform="scale(-4.96,-4.96) "/>
+		</marker>
+	</defs>
+	<g v:mID="0" v:index="1" v:groupContext="foregroundPage">
+		<v:userDefs>
+			<v:ud v:nameU="visNavType" v:val="VT0(1):26"/>
+		</v:userDefs>
+		<title>Page-1</title>
+		<v:pageProperties v:drawingScale="0.0393701" v:pageScale="0.0393701" v:drawingUnits="24" v:shadowOffsetX="9"
+				v:shadowOffsetY="-9"/>
+		<v:layer v:name="Connector" v:index="0" v:glue="false"/>
+		<v:layer v:name="Text" v:index="1"/>
+		<v:layer v:name="Drawing" v:index="2"/>
+		<g id="shape1-1" v:mID="1" v:groupContext="shape" transform="translate(81.8898,-93.8428)">
+			<title>Sheet.1</title>
+			<v:userDefs>
+				<v:ud v:nameU="visNavOrder" v:prompt="" v:val="VT0(15000):26"/>
+			</v:userDefs>
+			<rect x="0" y="155.371" width="453.543" height="264.157" class="st1"/>
+		</g>
+		<g id="shape2-3" v:mID="2" v:groupContext="shape" v:layerMember="0" transform="translate(93.7867,-303.045)">
+			<title>Dynamic connector.1100</title>
+			<v:userDefs>
+				<v:ud v:nameU="visNavOrder" v:prompt="" v:val="VT0(1000):26"/>
+			</v:userDefs>
+			<path d="M7.09 419.53 L7.09 513.35" class="st2"/>
+		</g>
+		<g id="shape3-6" v:mID="3" v:groupContext="shape" v:layerMember="0" transform="translate(293.741,-303.045)">
+			<title>Dynamic connector.1101</title>
+			<v:userDefs>
+				<v:ud v:nameU="visNavOrder" v:prompt="" v:val="VT0(2000):26"/>
+			</v:userDefs>
+			<path d="M7.09 419.53 L7.09 513.35" class="st2"/>
+		</g>
+		<g id="shape4-9" v:mID="4" v:groupContext="shape" v:layerMember="1;2" transform="translate(102.516,-322.273)">
+			<title>Sheet.4</title>
+			<desc>Pilot and deploy Defender for Endpoint</desc>
+			<v:userDefs>
+				<v:ud v:nameU="visNavOrder" v:prompt="" v:val="VT0(3000):26"/>
+			</v:userDefs>
+			<v:textBlock v:margins="rect(0,0,0,0)" v:tabSpace="42.5197"/>
+			<v:textRect cx="215.35" cy="404.438" width="430.71" height="30.1789"/>
+			<rect x="0" y="389.349" width="430.7" height="30.1789" class="st3"/>
+			<text x="71.97" y="409.84" class="st4" v:langID="6153"><v:paragraph v:horizAlign="1"/><v:tabList/>Pilot and deploy Defender for Endpoint</text>		</g>
+		<g id="shape5-12" v:mID="5" v:groupContext="shape" v:layerMember="0" transform="translate(100.101,-213.769)">
+			<title>Dynamic connector.1106</title>
+			<v:userDefs>
+				<v:ud v:nameU="visNavOrder" v:prompt="" v:val="VT0(4000):26"/>
+			</v:userDefs>
+			<path d="M0 426.61 L405.53 426.61" class="st5"/>
+		</g>
+		<g id="shape6-18" v:mID="6" v:groupContext="shape" v:layerMember="2" transform="translate(188.437,-194.269)">
+			<title>Sheet.6</title>
+			<desc>2</desc>
+			<v:userDefs>
+				<v:ud v:nameU="visNavOrder" v:prompt="" v:val="VT0(5000):26"/>
+			</v:userDefs>
+			<v:textBlock v:margins="rect(0,0,0,0)" v:tabSpace="42.5197"/>
+			<v:textRect cx="12.4135" cy="407.114" width="24.83" height="24.827"/>
+			<ellipse cx="12.4135" cy="407.114" rx="12.4135" ry="12.4135" class="st7"/>
+			<text x="9.64" y="410.11" class="st8" v:langID="6153"><v:paragraph v:horizAlign="1"/><v:tabList/>2</text>		</g>
+		<g id="shape7-21" v:mID="7" v:groupContext="shape" v:layerMember="2" transform="translate(388.392,-194.269)">
+			<title>Sheet.7</title>
+			<desc>4</desc>
+			<v:userDefs>
+				<v:ud v:nameU="visNavOrder" v:prompt="" v:val="VT0(6000):26"/>
+			</v:userDefs>
+			<v:textBlock v:margins="rect(0,0,0,0)" v:tabSpace="42.5197"/>
+			<v:textRect cx="12.4135" cy="407.114" width="24.83" height="24.827"/>
+			<ellipse cx="12.4135" cy="407.114" rx="12.4135" ry="12.4135" class="st9"/>
+			<text x="9.53" y="410.11" class="st8" v:langID="6153"><v:paragraph v:horizAlign="1"/><v:tabList/>4</text>		</g>
+		<g id="shape8-24" v:mID="8" v:groupContext="shape" v:layerMember="2" transform="translate(88.4598,-194.269)">
+			<title>Sheet.8</title>
+			<desc>1</desc>
+			<v:userDefs>
+				<v:ud v:nameU="visNavOrder" v:prompt="" v:val="VT0(7000):26"/>
+			</v:userDefs>
+			<v:textBlock v:margins="rect(0,0,0,0)" v:tabSpace="42.5197"/>
+			<v:textRect cx="12.4135" cy="407.114" width="24.83" height="24.827"/>
+			<ellipse cx="12.4135" cy="407.114" rx="12.4135" ry="12.4135" class="st9"/>
+			<text x="10.4" y="410.11" class="st8" v:langID="6153"><v:paragraph v:horizAlign="1"/><v:tabList/>1</text>		</g>
+		<g id="shape9-27" v:mID="9" v:groupContext="shape" v:layerMember="2" transform="translate(288.415,-194.269)">
+			<title>Sheet.9</title>
+			<desc>3</desc>
+			<v:userDefs>
+				<v:ud v:nameU="visNavOrder" v:prompt="" v:val="VT0(8000):26"/>
+			</v:userDefs>
+			<v:textBlock v:margins="rect(0,0,0,0)" v:tabSpace="42.5197"/>
+			<v:textRect cx="12.4135" cy="407.114" width="24.83" height="24.827"/>
+			<ellipse cx="12.4135" cy="407.114" rx="12.4135" ry="12.4135" class="st9"/>
+			<text x="9.64" y="410.11" class="st8" v:langID="6153"><v:paragraph v:horizAlign="1"/><v:tabList/>3</text>		</g>
+		<g id="shape10-30" v:mID="10" v:groupContext="shape" v:layerMember="0" transform="translate(193.764,-198.474)">
+			<title>Dynamic connector.1116</title>
+			<v:userDefs>
+				<v:ud v:nameU="visNavOrder" v:prompt="" v:val="VT0(9000):26"/>
+			</v:userDefs>
+			<path d="M7.09 419.53 L7.09 513.35" class="st2"/>
+		</g>
+		<g id="shape11-33" v:mID="11" v:groupContext="shape" v:layerMember="0" transform="translate(393.719,-198.474)">
+			<title>Dynamic connector.1117</title>
+			<v:userDefs>
+				<v:ud v:nameU="visNavOrder" v:prompt="" v:val="VT0(10000):26"/>
+			</v:userDefs>
+			<path d="M7.09 419.53 L7.09 513.35" class="st2"/>
+		</g>
+		<g id="shape12-36" v:mID="12" v:groupContext="shape" v:layerMember="1;2" transform="translate(93.9633,-260.291)">
+			<title>Sheet.12</title>
+			<desc>Check license state</desc>
+			<v:userDefs>
+				<v:ud v:nameU="visNavOrder" v:prompt="" v:val="VT0(11000):26"/>
+			</v:userDefs>
+			<v:textBlock v:margins="rect(4,4,4,4)" v:tabSpace="42.5197"/>
+			<v:textRect cx="42.5365" cy="397.205" width="85.08" height="44.6455"/>
+			<rect x="0" y="374.882" width="85.0729" height="44.6455" class="st3"/>
+			<text x="15.27" y="394.2" class="st10" v:langID="6153"><v:paragraph v:horizAlign="1"/><v:tabList/>Check license <tspan
+						x="32.35" dy="1.2em" class="st11">state</tspan></text>		</g>
+		<g id="shape13-40" v:mID="13" v:groupContext="shape" v:layerMember="1;2" transform="translate(300.828,-271.621)">
+			<title>Sheet.13</title>
+			<desc>Verify pilot group</desc>
+			<v:userDefs>
+				<v:ud v:nameU="visNavOrder" v:prompt="" v:val="VT0(12000):26"/>
+			</v:userDefs>
+			<v:textBlock v:margins="rect(4,4,4,4)" v:tabSpace="42.5197"/>
+			<v:textRect cx="47.8459" cy="403.816" width="95.7" height="31.4236"/>
+			<rect x="0" y="388.104" width="95.6917" height="31.4236" class="st3"/>
+			<text x="12.36" y="406.82" class="st10" v:langID="6153"><v:paragraph v:horizAlign="1"/><v:tabList/>Verify pilot group</text>		</g>
+		<g id="shape14-43" v:mID="14" v:groupContext="shape" v:layerMember="1;2" transform="translate(200.851,-104.651)">
+			<title>Sheet.14</title>
+			<desc>Onboard endpoints using any of the supported management tools</desc>
+			<v:userDefs>
+				<v:ud v:nameU="visNavOrder" v:prompt="" v:val="VT0(13000):26"/>
+			</v:userDefs>
+			<v:textBlock v:margins="rect(4,4,4,4)" v:tabSpace="42.5197"/>
+			<v:textRect cx="70.1669" cy="389.339" width="140.34" height="60.3774"/>
+			<rect x="0" y="359.15" width="140.334" height="60.3774" class="st3"/>
+			<text x="5.11" y="380.34" class="st10" v:langID="6153"><v:paragraph v:horizAlign="1"/><v:tabList/>Onboard endpoints using any of <tspan
+						x="13.07" dy="1.2em" class="st11">the supported management </tspan><tspan x="60.12" dy="1.2em" class="st11">tools</tspan></text>		</g>
+		<g id="shape15-48" v:mID="15" v:groupContext="shape" v:layerMember="1;2" transform="translate(400.805,-104.651)">
+			<title>Sheet.15</title>
+			<desc>Try out capabilities</desc>
+			<v:userDefs>
+				<v:ud v:nameU="visNavOrder" v:prompt="" v:val="VT0(14000):26"/>
+			</v:userDefs>
+			<v:textBlock v:margins="rect(4,4,4,4)" v:tabSpace="42.5197"/>
+			<v:textRect cx="44.0385" cy="404.486" width="88.08" height="30.0825"/>
+			<rect x="0" y="389.445" width="88.0769" height="30.0825" class="st3"/>
+			<text x="5.53" y="407.49" class="st10" v:langID="6153"><v:paragraph v:horizAlign="1"/><v:tabList/>Try out capabilities</text>		</g>
+	</g>
+</svg>
diff --git a/defender-xdr/pilot-deploy-defender-cloud-apps.md b/defender-xdr/pilot-deploy-defender-cloud-apps.md
@@ -20,15 +20,12 @@ ms.collection:
   - tier1
 ms.topic: concept-article
 #customerIntent: As a security admin, I want to pilot and deploy Microsoft Defender for Cloud Apps to evaluate it's ability to enhance my organization's security posture and protect against cloud application-based threats.
-
+appliesto:
+  - Microsoft Defender XDR
 ---
 
 # Pilot and deploy Microsoft Defender for Cloud Apps
 
-**Applies to:**
-
-- Microsoft Defender XDR
-
 This article provides a workflow for piloting and deploying Microsoft Defender for Cloud Apps in your organization. Use these recommendations to onboard Microsoft Defender for Cloud Apps as part of an end-to-end solution with Microsoft Defender XDR.
 
 This article assumes you have a production Microsoft 365 tenant and are piloting and deploying Microsoft Defender for Cloud Apps in this environment. This practice will maintain any settings and customizations you configure during your pilot for your [full deployment](/defender-cloud-apps/get-started).
diff --git a/defender-xdr/pilot-deploy-defender-endpoint.md b/defender-xdr/pilot-deploy-defender-endpoint.md
@@ -56,7 +56,7 @@ You start by evaluating the product or service and how it will work within your
 
 Here is the workflow for piloting and deploying Defender for Endpoint in your production environment.
 
-:::image type="content" source="./media/eval-defender-xdr/defender-endpoint-pilot-deploy-steps.png" alt-text="A diagram that shows the steps to pilot and deploy Microsoft Defender for Endpoint." lightbox="./media/eval-defender-xdr/defender-endpoint-pilot-deploy-steps.png" border="false":::
+:::image type="content" source="./media/eval-defender-xdr/defender-endpoint-pilot-deploy-steps.svg" alt-text="A diagram that shows the steps to pilot and deploy Microsoft Defender for Endpoint." lightbox="./media/eval-defender-xdr/defender-endpoint-pilot-deploy-steps.svg" border="false":::
 
 Follow these steps:
 
diff --git a/defender-xdr/pilot-deploy-defender-identity.md b/defender-xdr/pilot-deploy-defender-identity.md
@@ -20,13 +20,12 @@ ms.collection:
   - tier1
 ms.topic: concept-article
 #customerIntent: As a security admin, I want to pilot and deploy Microsoft Defender for Identity to evaluate it's ability to enhance my organization's security posture and protect against identity-based threats.
+appliesto:
+  - Microsoft Defender XDR
 ---
 
 # Pilot and deploy Microsoft Defender for Identity
 
-**Applies to:**
-- Microsoft Defender XDR
-
 This article provides a workflow for piloting and deploying Microsoft Defender for Identity in your organization. Use these recommendations to onboard Microsoft Defender for Identity as part of an end-to-end solution with Microsoft Defender XDR.
 
 This article assumes you have a production Microsoft 365 tenant and are piloting and deploying Microsoft Defender for Identity in this environment. This practice will maintain any settings and customizations you configure during your pilot for your [full deployment](/defender-for-identity/deploy/deploy-defender-identity).
diff --git a/defender-xdr/pilot-deploy-defender-office-365.md b/defender-xdr/pilot-deploy-defender-office-365.md
@@ -17,16 +17,15 @@ ms.collection:
   - zerotrust-solution
   - highpri
   - tier1
-ms.topic: conceptual
+ms.topic: concept-article
 ms.date: 05/31/2024
+appliesto:
+  - Microsoft Defender XDR
+#customer intent: To learn how to pilot and deploy Microsoft Defender for Office 365 in your production Microsoft 365 tenant. 
 ---
 
 # Pilot and deploy Defender for Office 365
 
-**Applies to:**
-- Microsoft Defender XDR
-
-
 This article provides a workflow for piloting and deploying Microsoft Defender for Office 365 in your organization. You can use these recommendations to onboard Microsoft Defender for Office 365 as an individual cybersecurity tool or as part of an end-to-end solution with Microsoft Defender XDR.
 
 This article assumes you have a production Microsoft 365 tenant and are piloting and deploying Microsoft Defender for Office 365 in this environment. This practice will maintain any settings and customizations you configure during your pilot for your full deployment.
diff --git a/defender-xdr/pilot-deploy-investigate-respond.md b/defender-xdr/pilot-deploy-investigate-respond.md
@@ -18,14 +18,14 @@ ms.collection:
   - zerotrust-solution
   - highpri
   - tier1
-ms.topic: conceptual
+ms.topic: concept-article
+#customer intent: To learn how to investigate and respond to attacks using Microsoft Defender XDR.
+appliesto:
+   - Microsoft Defender XDR
 ---
 
 # Investigate and respond using Microsoft Defender XDR
 
-**Applies to:**
-- Microsoft Defender XDR
-
 This article outlines the process to create incidents with attack simulations and tutorials and use Microsoft Defender XDR to investigate and respond. Before starting this process, be sure you've reviewed the overall process for [piloting and deploying Microsoft Defender XDR](pilot-deploy-overview.md) and you have at least piloted some of the components of Microsoft Defender XDR.
 
 An incident in Microsoft Defender XDR is a collection of correlated alerts and associated data that make up the story of an attack. Microsoft 365 services and apps create alerts when they detect a suspicious or malicious event or activity. Individual alerts provide valuable clues about a completed or ongoing attack. However, attacks typically employ various techniques against different types of entities, such as devices, users, and mailboxes. The result is multiple alerts for multiple entities in your tenant.
