mc

Author: v-thepet

.openpublishing.redirection.defender-xdr.json

@@ -10,7 +10,6 @@
       "redirect_url": "/defender-for-identity/microsoft-365-security-center-mdi",
       "redirect_document_id": false
     },
-
     {
       "source_path": "defender-xdr/eval-create-eval-environment.md",
       "redirect_url": "/defender-xdr/pilot-deploy-overview",
@@ -171,6 +170,31 @@
       "redirect_url": "/defender-xdr/",
       "redirect_document_id": false
     },
+    {
+      "source_path": "defender-xdr/microsoft-threat-actor-naming.md",
+      "redirect_url": "/unified-secops-platform/microsoft-threat-actor-naming",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-xdr/malware-naming.md",
+      "redirect_url": "/unified-secops-platform/malware-naming",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-xdr/criteria.md",
+      "redirect_url": "/unified-secops-platform/criteria",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-xdr/submission-guide.md",
+      "redirect_url": "/unified-secops-platform/submission-guide",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "defender-xdr/virus-initiative-criteria.md",
+      "redirect_url": "/unified-secops-platform/virus-initiative-criteria",
+      "redirect_document_id": false
+    },
     {
       "source_path": "defender-xdr/tickets.md",
       "redirect_url": "/defender-xdr/troubleshoot",
@@ -226,10 +250,15 @@
       "redirect_url": "/unified-secops-platform/mto-tenants",
       "redirect_document_id": false
     },
+    {
+      "source_path": "defender-xdr/portals.md",
+      "redirect_url": "/unified-secops-platform/overview-plan#understand-microsoft-security-portals-and-admin-centers",
+      "redirect_document_id": false
+    },
     {
       "source_path": "defender-xdr/microsoft-sentinel-onboard.md",
       "redirect_url": "/unified-secops-platform/microsoft-sentinel-onboard",
       "redirect_document_id": false
     }
   ]
-}
+}

ATPDocs/deploy/deploy-defender-identity.md

@@ -50,9 +50,8 @@ Use the following steps to prepare for deploying Defender for Identity:
 1. [Plan your Defender for Identity capacity](capacity-planning.md).
 
 > [!TIP]
-> We recommend running the [*Test-MdiReadiness.ps1*](https://github.com/microsoft/Microsoft-Defender-for-Identity/tree/main/Test-MdiReadiness) script to test and see if your environment has the necessary prerequisites.
->
-> The link to the *Test-MdiReadiness.ps1* script is also available from Microsoft Defender XDR, on the **Identities > Tools** page (Preview).
+> We recommend running the [*Test-MdiReadiness.ps1*](https://github.com/microsoft/Microsoft-Defender-for-Identity/tree/main/Test-MdiReadiness) script to test and see if the servers in your environment have the necessary prerequisites.
+> You can use the [DefenderForIdentity PowerShell module](https://www.powershellgallery.com/packages/DefenderForIdentity/) to add the required auditing and configure the necessary settings.
 
 ## Deploy Defender for Identity
 
@@ -71,12 +70,12 @@ The following procedures help you complete the deployment process:
 
 - [**Enable and configure unified role-based access control (RBAC)**](../role-groups.md) for Defender for Identity.
 
-- [**Configure a Directory Service account (DSA) for use with Defender for Identity**](directory-service-accounts.md). While a DSA is optional in some scenarios, we recommend that you configure a DSA for Defender for Identity for full security coverage. For example, when you have a DSA configured, the DSA is used to connect to the domain controller at startup. A DSA can also be used to query the domain controller for data on entities seen in network traffic, monitored events, and monitored ETW activities
+- [**Configure a Directory Service account (DSA) for use with Defender for Identity**](directory-service-accounts.md). While a DSA is optional in some scenarios, we recommend that you configure a DSA for Defender for Identity for full security coverage. For example, when you have a DSA configured, the DSA is used to connect to the domain controller at startup. A DSA can also be used to query the domain controller for data on entities seen in network traffic, monitored events, and monitored ETW activities.
 
 - [**Configure remote calls to SAM**](remote-calls-sam.md) as needed. While this step is optional, we recommend that you configure remote calls to SAM-R for lateral movement path detection with Defender for Identity.
 
 > [!TIP]
-> By default, Defender for Identity sensors query the directory using LDAP on ports 389 and 3268. To switch to LDAPS on ports 636 and 3269, please open a support case. For more information, see [Microsoft Defender for Identity support](../support.md).
+> By default, Defender for Identity sensors query the directory using LDAP on ports 389 and 3268. To switch to LDAPS on ports 636 and 3269, open a support case. For more information, see [Microsoft Defender for Identity support](../support.md).
 >
 
 > [!IMPORTANT]

defender-office-365/submissions-outlook-report-messages.md

@@ -14,7 +14,7 @@ ms.collection:
 description: Learn how to report phishing and suspicious emails in supported versions of Outlook using the built-in Report button or the Report Message and Report Phishing add-ins.
 ms.service: defender-office-365
 search.appverid: met150
-ms.date: 02/04/2025
+ms.date: 02/12/2025
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/eop-about" target="_blank">Exchange Online Protection</a>
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 1 and Plan 2</a>
@@ -58,7 +58,7 @@ Admins configure user reported messages to go to a specified reporting mailbox,
 
   If user reporting is turned off and a non-Microsoft add-in button is selected, the **Report** button isn't available in supported versions of Outlook.
 
-- The built-in **Report** button in Outlook on the web, Outlook for Android, and the new Outlook for Windows supports reporting messages from shared mailboxes or other mailboxes by a delegate.
+- The built-in **Report** button in Outlook on the web, Outlook for Mac, Outlook for Android, and the new Outlook for Windows supports reporting messages from shared mailboxes or other mailboxes by a delegate.
   - Shared mailboxes require Send As or Send On Behalf permission for the user.
   - Other mailboxes require Send As or Send On Behalf permission _and_ Read and Manage permissions for the delegate.
 

defender-xdr/TOC.yml

@@ -26,8 +26,6 @@
           href: prerequisites.md
         - name: Data security and privacy
           href: data-privacy.md
-        - name: Microsoft security portals
-          href: portals.md
     - name: Pilot and deploy Microsoft Defender XDR
       items:
         - name: Overview
@@ -567,17 +565,9 @@
         - name: Responding to ransomware attacks
           href: playbook-responding-ransomware-m365-defender.md
       - name: Threat actor naming
-        href: microsoft-threat-actor-naming.md
-      - name: Malware names
-        href: malware-naming.md
-      - name: How Microsoft identifies malware and PUA
-        href: criteria.md
-      - name: Submit files for analysis
-        href: submission-guide.md
+        href: /unified-secops-platform/microsoft-threat-actor-naming
       - name: Understand threat intelligence concepts
         href: /defender-endpoint/threat-indicator-concepts          
-      - name: Microsoft virus initiative
-        href: virus-initiative-criteria.md
       - name: Software developer FAQ
         href: developer-faq.yml                                    
     - name: Microsoft Defender XDR docs

defender-xdr/deception-overview.md

@@ -47,7 +47,7 @@ The following table lists the requirements to enable the deception capability in
 > |Requirement|Details|
 > |-------------|----------|
 > |Subscription requirements|One of these subscriptions:</br> - Microsoft 365 E5</br> - Microsoft Security E5</br> - Microsoft Defender for Endpoint Plan 2|
-> |Deployment requirements|Requirements:</br> - Defender for Endpoint is the primary EDR solution</br> - [Automated investigation and response capabilities in Defender for Endpoint](/defender-endpoint/configure-automated-investigations-remediation) is configured</br> - Devices are [joined](/entra/identity/devices/concept-directory-join/) or [hybrid joined](/entra/identity/devices/concept-hybrid-join/) in Microsoft Entra</br> - PowerShell is enabled on the devices</br> - The deception feature covers clients operating on Windows 10 RS5 and later in preview|
+> |Deployment requirements|Requirements:</br> - Defender for Endpoint is the primary EDR solution</br> - [Automated investigation and response capabilities in Defender for Endpoint](/defender-endpoint/configure-automated-investigations-remediation) is configured</br> - Devices are [joined](/entra/identity/devices/concept-directory-join/) or [hybrid joined](/entra/identity/devices/concept-hybrid-join/) in Microsoft Entra</br> - PowerShell is enabled on the devices (in non-restricted/non-constrained mode)</br> - The deception feature covers clients operating on Windows 10 RS5 and later in preview|
 > |Permissions|You must have one of the following roles assigned in the [Microsoft Entra admin center](https://entra.microsoft.com) or in the [Microsoft 365 admin center](https://admin.microsoft.com) to configure deception capabilities:</br> - Global administrator</br> - Security administrator</br> - Manage portal system settings|
 
 > [!NOTE]

defender-xdr/portals.md

@@ -108,12 +108,14 @@
     - name: Resources
       items:
         - name: Threat actor naming
-          href: /defender-xdr/microsoft-threat-actor-naming?toc=/unified-secops-platform/toc.json&bc=/unified-secops-platform/breadcrumb/toc.json
+          href: microsoft-threat-actor-naming.md
+        - name: Malware names
+          href: malware-naming.md
         - name: Identification of malware and unwanted apps
-          href: /defender-xdr/criteria?toc=/unified-secops-platform/toc.json&bc=/unified-secops-platform/breadcrumb/toc.json
+          href: criteria.md
         - name: Submit files for analysis
-          href: /defender-xdr/submission-guide?toc=/unified-secops-platform/toc.json&bc=/unified-secops-platform/breadcrumb/toc.json
+          href: submission-guide.md
         - name: Microsoft virus initiative
-          href: /defender-xdr/virus-initiative-criteria?toc=/unified-secops-platform/toc.json&bc=/unified-secops-platform/breadcrumb/toc.json
+          href: virus-initiative-criteria.md
         - name: Microsoft security portals
           href: /defender-xdr/portals?toc=/unified-secops-platform/toc.json&bc=/unified-secops-platform/breadcrumb/toc.json

unified-secops-platform/TOC.yml

@@ -2,7 +2,7 @@
 title: How Microsoft identifies malware and potentially unwanted applications
 ms.reviewer: andanut, elahehsamani
 description: Learn how Microsoft reviews software for privacy violations and other negative behavior, to determine if it's malware or a potentially unwanted application.
-ms.service: defender-xdr
+ms.service: unified-secops-platform
 ms.localizationpriority: medium
 ms.author: dansimp
 author: dansimp

defender-xdr/criteria.md unified-secops-platform/criteria.mddefender-xdr/criteria.md renamed to unified-secops-platform/criteria.md

@@ -2,7 +2,7 @@
 title: How Microsoft names malware
 ms.reviewer: 
 description: Understand the malware naming convention used by Microsoft Defender Antivirus and other Microsoft antimalware.
-ms.service: defender-xdr
+ms.service: unified-secops-platform
 ms.localizationpriority: medium
 ms.author: dansimp
 author: dansimp
@@ -19,7 +19,7 @@ ms.date: 01/29/2024
 
 We name the malware and unwanted software that we detect according to the Computer Antivirus Research Organization (CARO) malware naming scheme. The scheme uses the following format:
 
-![How Microsoft determines names malware](/defender/media/security-intelligence-images/naming-malware.png)
+![How Microsoft determines names malware](media/malware-naming/naming-malware.png)
 
 When our analysts research a particular threat, they determine what each of the components name is.