Merge branch 'WI361499-restructure-and-categorise-secure-posture-docs' of https://github.com/DeCohen/defender-docs-pr into WI361499-restructure-and-categorise-secure-posture-docs

Author: DeCohen

ATPDocs/security-assessment.md

@@ -27,19 +27,19 @@ Microsoft Secure Score is a measurement of an organization's security posture, w
 
 ### Categorization of Defender for Identity security posture assessments
 
-Defender for Identity security posture assessments are divided into five key categories. Each category addresses specific identity security risks and provides remediation guidance:
+Defender for Identity security posture assessments have five key categories. Each category addresses specific identity security risks and provides remediation guidance.
 
-- **Hybrid security**: Identifies misconfigurations in environments that integrate on-premises (for example, Active Directory) and cloud-based identity providers (for example, Microsoft Entra ID or Okta). Assesses risks related to synchronization, authentication, and authorization across platforms.
+- **Hybrid security**: Identifies misconfigurations in environments that integrate on-premises (e.g., Active Directory) and cloud-based identity providers (e.g., Entra ID, Okta). Assesses risks related to synchronization, authentication, and authorization across platforms.
 - **Identity infrastructure**: Detects misconfigurations and vulnerabilities in core identity components, including domain controllers.
-- **Certificates**: Assesses Active Directory Certificate Services (AD CS) for security gaps, such as misconfigured certificate templates or weak certificate authority settings. Identifying and addressing these issues helps prevent unauthorized access from certificate-related vulnerabilities.
-- **Group policy**: Analyzes Group Policy configurations to identify settings that might allow privilege escalation or unauthorized lateral movement within the network. Secure Group Policy settings help maintain proper access controls and system configurations.
+- **Certificates**: Assesses Active Directory Certificate Services (AD CS) for security gaps, such as misconfigured certificate templates or weak certificate authority settings. Identifying and addressing these issues helps prevent unauthorized access that could arise from certificate-related vulnerabilities.
+- **Group policy**: Analyzes Group Policy configurations to identify settings that might allow privilege escalation or unauthorized lateral movement within the network. Ensuring secure Group Policy settings helps maintain proper access controls and system configurations.
 - **Accounts**: Reviews Active Directory users, devices, and groups to pinpoint security risks such as weak passwords, inactive accounts, or improper permissions.
 
 ## Access Defender for Identity security posture assessments
 
 You must have a Defender for Identity license to view Defender for Identity security posture assessments in Microsoft Secure Score.
 
-While *certificate template* assessments are available to all customers that have AD CS installed on their environment, *certificate authority* assessments are available only to customers who have installed a sensor on an AD CS server. For more information, see [Configuring sensors for AD FS and AD CS](deploy/active-directory-federation-services.md).
+While *certificate template* assessments are available to all customers with AD CS installed in their environment, *certificate authority* assessments are available only to customers who have installed a sensor on an AD CS server. For more information, see [Configuring sensors for AD FS and AD CS](deploy/active-directory-federation-services.md).
 
 **To access identity security posture assessments**:
 

ATPDocs/whats-new.md

@@ -22,11 +22,14 @@ For more information, see also:
 
 For updates about versions and features released six months ago or earlier, see the [What's new archive for Microsoft Defender for Identity](whats-new-archive.md).
 
-## February 2025
+## March 2025
 
-### New Identity guide tour
+### New LDAP query events added to the IdentityQueryEvents table in Advanced Hunting
+New LDAP query events will be added by March 6th to the `IdentityQueryEvents` table in Advanced Hunting to provide more visibility into additional LDAP search queries running in the customer environment.
+This update may lead to an increase in activity within the Advanced Hunting IdentityQueryEvents table for LDAP queries. If you have custom detections related to these queries, you may see a higher number of triggered alerts.
+We recommend that you review your existing custom detections to ensure they align with your objectives. If needed, you can adjust your query accordingly.
 
-Explore key MDI features with the new **Identities Tour** in the M365 portal. Navigate Incidents, Hunting, and Settings to enhance identity security and threat investigation.
+## February 2025
 
 ### DefenderForIdentity PowerShell module updates (version 1.0.0.3)
 
@@ -71,6 +74,12 @@ We have added and updated the following events in the `IdentityDirectoryEvents`
 
 Additionally, the **built-in schema reference** for Advanced Hunting in Microsoft Defender XDR has been updated to include detailed information on all supported event types (**`ActionType`** values) in identity-related tables, ensuring complete visibility into available events. For more information, see [Advanced hunting schema details](/defender-xdr/advanced-hunting-schema-tables).
 
+## January 2025
+
+### New Identity guide tour
+
+Explore key MDI features with the new **Identities Tour** in the M365 portal. Navigate Incidents, Hunting, and Settings to enhance identity security and threat investigation.
+
 ## December 2024
 
 ### New security posture assessment: Prevent Certificate Enrollment with arbitrary Application Policies (ESC15)