Merge branch 'main' into docs-editor/troubleshoot-asr-1743427400

Author: emmwalshh

.github/workflows/StaleBranch.yml

@@ -5,9 +5,9 @@ permissions:
 
 on:
   schedule:
-    - cron: "0 */12 * * *"
+    - cron: "0 9 1 * *"
 
-  workflow_dispatch:
+  # workflow_dispatch:
 
 
 jobs:
@@ -21,6 +21,6 @@ jobs:
                               "ExampleBranch1",
                               "ExampleBranch2"
                              ]'
-        ReportOnly: true
+        ReportOnly: false
     secrets:
         AccessToken: ${{ secrets.GITHUB_TOKEN }}

ATPDocs/identity-inventory.md

@@ -36,13 +36,16 @@ There are several options you can choose from to customize the identities list v
 
 - Apply filters.
 
-- Search for an identity by name or full UPN, Sid and Object ID. 
+- Search for an identity by name or full UPN, SID and Object ID. 
 
 - Export the list to a CSV file.
 
 - Copy list link with the included filters configured. 
 
-## ![A screenshot of identity inventory page.](media/identity-inventory/inventory11.png)  
+> [!NOTE]
+> When exporting the identities list to a CSV file, a maximum of 5,000 identities are displayed.
+
+## ![A screenshot of identity inventory page.](media/identity-inventory/inventory11.png)
 
 ### Identity details 
 
@@ -120,7 +123,7 @@ You can use this information to help you prioritize devices for security posture
 
 ### Navigate to the Identity inventory page
 
-In the Defender XDR portal at [https://security.microsoft.com](https://security.microsoft.com), go to Assets > Identities. Or, to navigate directly to the [identity inventory](/defender-for-identity/identity-inventory) page.
+In the Defender XDR portal at [https://security.microsoft.com](https://security.microsoft.com), go to **Assets** > **Identities**. Or, to navigate directly to the [identity inventory](/defender-for-identity/identity-inventory) page.
 
 ### Related Articles
 

ATPDocs/whats-new.md

@@ -44,7 +44,7 @@ For more information, see: [Investigate and protect Service Accounts | Microsoft
 
 New [health issue](health-alerts.md#network-configuration-mismatch-for-sensors-running-on-vmware) for cases where sensors running on VMware have network configuration mismatch.
 
-### Enhanced Identity Inventory (Preview)
+### Enhanced Identity Inventory
 
 The Identities page under *Assets* has been updated to provide better visibility and management of identities across your environment.  
 The updated Identities Inventory page now includes the following tabs:

defender-endpoint/linux-support-offline-security-intelligence-update.md

@@ -24,7 +24,7 @@ search.appverid:
   - MET150
 description: Learn how to recognize and respond to a compromised email account using tools available in Microsoft 365.
 ms.service: defender-office-365
-ms.date: 03/19/2025
+ms.date: 03/31/2025
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/eop-about" target="_blank">Exchange Online Protection</a>
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 1 and Plan 2</a>
@@ -146,22 +146,16 @@ This step immediately invalidates any active access using the stolen credentials
    Connect-MgGraph -Scopes User.RevokeSessions.All
    ```
 
-4. To store the details of the user account in the variable named `$user`, replace \<UPN\> with the user's account (user principal name or UPN), and then run the following command:
+4. Replace \<UPN\> with the user's account (user principal name or UPN), and then run the following command:
 
-     ```powershell
-     $user = Get-MgUser -Search UserPrincipalName:'<UPN>' -ConsistencyLevel Eventual
-     ```
-
-     For example:
-
-     ```powershell
-     $user = Get-MgUser -Search UserPrincipalName:'[email protected]' -ConsistencyLevel Eventual
-     ```
+   ```powershell
+   Revoke-MgUserSignInSession -UserId <UPN>
+   ```
 
-5. Revoke the user's sign-in sessions by running the following command:
+   For example:
 
    ```powershell
-   Revoke-MgUserSignInSession -UserId $user.Id
+   Revoke-MgUserSignInSession -UserId [email protected]
    ```
 
 For more information, see [Revoke user access in an emergency in Microsoft Entra ID](/entra/identity/users/users-revoke-access).

defender-office-365/responding-to-a-compromised-email-account.md

@@ -16,7 +16,7 @@ ms.collection:
 ms.custom:
 description: "Admins can configure whether users can report malicious message in Microsoft Teams."
 ms.service: defender-office-365
-ms.date: 03/13/2025
+ms.date: 03/31/2025
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 2</a>
   - ✅ <a href="https://learn.microsoft.com/defender-xdr/microsoft-365-defender" target="_blank">Microsoft Defender XDR</a>
@@ -28,7 +28,7 @@ appliesto:
 
 In organizations with Microsoft Defender for Office 365 Plan 2 or Microsoft Defender XDR, admins can decide whether users can report malicious messages in Microsoft Teams. Admins can also get visibility into the Teams messages that users are reporting.
 
-Users can report messages in Teams from chats, standard channels and meeting conversations. Users can only report messages as malicious.
+Users can report messages in Teams from chats, standard channels, and meeting conversations. Users can only report messages as malicious.
 
 > [!NOTE]
 > User reporting of messages in Teams is not supported in U.S. Government organizations (Microsoft 365 GCC, GCC High, and DoD).

defender-office-365/submissions-teams.md

@@ -23,10 +23,9 @@ Case management is the first installment of new capabilities for managing securi
 
 This initial step toward delivering a unified, security-focused case management experience centralizes rich collaboration, customization, evidence collection, and reporting across SecOps workloads. SecOps teams maintain security context, work more efficiently, and respond faster to attacks when they manage case work without leaving the Defender portal.
 
-> [!IMPORTANT]
-> Some information in this article relates to a prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, with respect to the information provided here.
+<a name="what-is-case-management-preview"></a>
 
-## What is case management (Preview)?
+## What is case management?
 
 Case management enables you to manage SecOps cases natively in the Defender portal. Here's the initial set of scenarios and features supported.
 
@@ -45,7 +44,7 @@ As we build on this foundation of case management, we're prioritizing these addi
 
 ## Requirements
 
-Case management is available in the Defender portal, and to use it, you must have a Microsoft Sentinel workspace connected. There's no access to cases from the Azure portal.
+Case management is available in the Defender portal, and to use it, you must have a Microsoft Sentinel workspace connected. Cases are accessible only from the Defender portal; you can't see them in the Azure portal.
 
 For more information, see [Connect Microsoft Sentinel to the Defender portal](microsoft-sentinel-onboard.md).
 

unified-secops-platform/cases-overview.md

@@ -20,6 +20,12 @@ ms.topic: concept-article
 
 This article lists recent features added into Microsoft's unified SecOps platform within the Microsoft Defender portal, and new features in related services that provide an enhanced user experience in the platform.
 
+## April 2025
+
+### Case management now generally available
+
+The Microsoft Defender portal's case management feature is now generally available. For more information on this feature, see the preview announcement [Manage SecOps work natively with case management (Preview)](#case-management-preview) in the January 2025 section below.
+
 ## January 2025
 
 - [Unified threat intelligence](#unified-threat-intelligence)