Merge pull request #4124 from MicrosoftDocs/main

[AutoPublish] main to live - 06/03 10:31 PDT | 06/03 23:01 IST

Author: Ruchika-mittal01

ATPDocs/remediation-actions.md

@@ -39,8 +39,24 @@ The following Defender for Identity actions can be performed directly on your on
 
 - **Reset user password** – This will prompt the user to change their password on the next logon, ensuring that this account can't be used for further impersonation attempts.
 
+- **Mark User Compromised** - The user’s risk level is set to High
+
+- **Suspend User in Entra ID** - Block new sign-ins and access to cloud resources
+
+- **Require User to Sign In Again** - Revoke a user’s active sessions
+
 Depending on your Microsoft Entra ID roles, you might see additional Microsoft Entra ID actions, such as requiring users to sign in again and confirming a user as compromised. For more information, see [Remediate risks and unblock users](/entra/id-protection/howto-identity-protection-remediate-unblock).
 
+## Roles and Permissions
+
+| Action | XDR RBAC permissions      |
+| ------------------------------------- | ------------------------------------------------------------ |
+|Mark User Compromised                  | - Global Administrator <br> - Security Administrator|
+|Suspend User in Entra ID               | - Global Administrator |
+|Require User to Sign In Again          | - Global Administrator <br> - Security Administrator <br> - Security Operator|
+| Disable/Enable User in Active Directory | Refer to [Required permissions Defender for Identity in Microsoft Defender XDR](/defender-for-identity/role-groups#required-permissions-defender-for-identity-in-microsoft-defender-xdr)|
+| Force Password Reset in Active Directory | Refer to [Required permissions Defender for Identity in Microsoft Defender XDR](/defender-for-identity/role-groups#required-permissions-defender-for-identity-in-microsoft-defender-xdr)|
+
 
 ## Related videos
 

defender-endpoint/api/collect-investigation-package.md

@@ -15,19 +15,19 @@ ms.topic: reference
 ms.subservice: reference
 ms.custom: api
 search.appverid: met150
-ms.date: 03/21/2025
+ms.date: 06/03/2025
 ---
 
 # Collect investigation package API
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../../includes/microsoft-defender.md)]
 
 **Applies to:**
+
 - [Microsoft Defender for Endpoint Plan 1](../microsoft-defender-endpoint.md)
 - [Microsoft Defender for Endpoint](../microsoft-defender-endpoint.md)
 - [Microsoft Defender XDR](/defender-xdr)
 
-
 > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://go.microsoft.com/fwlink/p/?linkid=2225630)
 
 [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
@@ -40,11 +40,7 @@ Collect investigation package from a device.
 
 ## Limitations
 
-1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
-
-> [!IMPORTANT]
->
-> - These response actions are only available for devices on Windows 10, version  1703 or later, and on Windows 11.
+- Rate limitations for this API are 100 calls per minute and 1500 calls per hour.
 
 ## Permissions
 

defender-endpoint/configure-machines-asr.md

@@ -12,7 +12,7 @@ ms.collection:
 - tier2
 - mde-asr
 ms.custom: admindeeplinkDEFENDER
-ms.topic: conceptual
+ms.topic: article
 ms.subservice: asr
 search.appverid: met150
 ms.date: 03/27/2025

defender-endpoint/configure-mssp-support.md

@@ -11,7 +11,7 @@ audience: ITPro
 ms.collection: 
 - m365-security
 - tier3
-ms.topic: conceptual
+ms.topic: article
 search.appverid: met150
 ms.date: 07/24/2024
 ---

defender-endpoint/defender-antivirus-compatibility-without-mde.md

@@ -5,7 +5,7 @@ author: denisebmsft
 ms.author: deniseb
 ms.reviewer: yongrhee
 ms.service: defender-endpoint
-ms.topic: conceptual
+ms.topic: article
 ms.date: 04/09/2025
 ms.subservice: ngp
 search.appverid: met150

defender-endpoint/device-control-report.md

@@ -6,7 +6,7 @@ ms.localizationpriority: medium
 ms.date: 06/25/2024
 ms.author: deniseb
 author: denisebmsft
-ms.topic: conceptual
+ms.topic: article
 manager: deniseb
 ms.reviewer: joshbregman
 audience: ITPro

defender-endpoint/device-discovery-faq.md

@@ -13,7 +13,7 @@ audience: ITPro
 ms.collection: 
 - m365-security
 - tier3
-ms.topic: conceptual
+ms.topic: faq
 search.appverid: met150
 ms.date: 03/04/2025
 ---

defender-endpoint/edr-in-block-mode.md

@@ -6,7 +6,7 @@ ms.author: deniseb
 manager: deniseb
 ms.reviewer: pahuijbr, kausd
 audience: ITPro
-ms.topic: conceptual
+ms.topic: article
 ms.service: defender-endpoint
 ms.subservice: edr
 ms.localizationpriority: medium

defender-endpoint/ios-troubleshoot.md

@@ -11,7 +11,7 @@ ms.collection:
 - m365-security
 - tier3
 - mde-ios
-ms.topic: conceptual
+ms.topic: faq
 ms.subservice: ios
 search.appverid: met150
 ms.date: 01/22/2025

defender-endpoint/machines-view-overview.md

@@ -11,7 +11,7 @@ audience: ITPro
 ms.collection:
 - m365-security
 - tier2
-ms.topic: conceptual
+ms.topic: article
 search.appverid: met150
 ms.date: 01/23/2025
 ---