Merge pull request #5188 from MicrosoftDocs/main

[AutoPublish] main to live - 10/01 13:30 PDT | 10/02 02:00 IST

Author: m365-skilling-repo-management[bot]

.acrolinx-config.edn

@@ -1,6 +1,6 @@
 {:changed-files-limit 60
  :allowed-branchname-matches ["main" "release-.*"]
- :allowed-filename-matches ["ATADocs/" "ATPDocs/" "CloudAppSecurityDocs/" "defender/" "defender-business/" "defender-endpoint/" "defender-for-cloud/" "defender-for-iot/" "defender-office-365/" "defender-vulnerability-management/" "defender-xdr/" "exposure-management/" "unified-secops-platform/"] ;; Can be overridden in repo-specific edn file. This is an allow list that identifies which folders contain the files Acrolinx will check. Separate multiple folders as follows ["folder/" "folder2"]
+ :allowed-filename-matches ["advanced-threat-analytics/" "defender/" "defender-business/" "defender-endpoint/" "defender-for-cloud-apps/" "defender-for-cloud/" "defender-for-identity/" "defender-for-iot/" "defender-office-365/" "defender-vulnerability-management/" "defender-xdr/" "exposure-management/" "unified-secops-platform/"] ;; Can be overridden in repo-specific edn file. This is an allow list that identifies which folders contain the files Acrolinx will check. Separate multiple folders as follows ["folder/" "folder2"]
 
 :use-gh-statuses true
 

.openpublishing.redirection.defender-cloud-apps.json

@@ -1015,5 +1015,10 @@
       "redirect_url": "/defender-cloud-apps/enable-instant-visibility-protection-and-governance-actions-for-your-apps",
       "redirect_document_id": true
     },
+    {
+      "source_path": "defender-for-cloud-apps/cloud-discovery-anomaly-detection-policy.md",
+      "redirect_url": "/defender-cloud-apps/cloud-discovery-policies",
+      "redirect_document_id": false
+    }
   ]
 }

.openpublishing.redirection.defender-identity.json

@@ -859,6 +859,11 @@
       "source_path": "defender-for-identity/manage-security-alerts.md",
       "redirect_url": "/defender-for-identity/understanding-security-alerts",
       "redirect_document_id": false
-    },  
+    },
+    {
+      "source_path": "defender-for-identity/automated-response-exclusions.md",
+      "redirect_url": "/defender-xdr/automatic-attack-disruption-exclusions",
+      "redirect_document_id": false
+    }
   ]
 }

defender-for-cloud-apps/best-practices.md

@@ -45,7 +45,7 @@ Integrating Defender for Cloud Apps with Microsoft Defender for Endpoint gives y
 **For more information**:
 
 * [Cloud discovery policies](cloud-discovery-policies.md)
-* [Cloud discovery anomaly detection policy](cloud-discovery-anomaly-detection-policy.md)
+* [Cloud discovery anomaly detection policy](cloud-discovery-policies.md#cloud-discovery-anomaly-detection)
 * [Get instantaneous behavioral analytics and anomaly detection](anomaly-detection-policy.md)
 
 ---

defender-for-cloud-apps/cloud-discovery-anomaly-detection-policy.md

@@ -182,8 +182,6 @@ items:
         href: create-snapshot-cloud-discovery-reports.md
     - name: Create app discovery policies
       href: cloud-discovery-policies.md
-    - name: Create cloud discovery anomaly detection policies
-      href: cloud-discovery-anomaly-detection-policy.md
     - name: Common cloud discovery policies
       href: policies-cloud-discovery.md
     - name: Troubleshooting cloud discovery

defender-for-cloud-apps/toc.yml

@@ -116,9 +116,9 @@ Once you're familiar with the policies, you should consider how you want to fine
 
 ## Phase 3: Tune cloud discovery anomaly detection policies
 
-Like the anomaly detection policies, there are several built-in [cloud discovery anomaly detection policies](cloud-discovery-anomaly-detection-policy.md) that you can fine-tune. For example, the Data exfiltration to unsanctioned apps policy alerts you when data is being exfiltrated to an unsanctioned app and comes preconfigured with settings based on Microsoft experience in the security field.
+Like the anomaly detection policies, there are several built-in [cloud discovery anomaly detection policies](cloud-discovery-policies.md#cloud-discovery-anomaly-detection) that you can fine-tune. For example, the Data exfiltration to unsanctioned apps policy alerts you when data is being exfiltrated to an unsanctioned app and comes preconfigured with settings based on Microsoft experience in the security field.
 
-However, you can fine-tune the built-in policies or create your own policies to aid you in identifying other scenarios that you may be interested in investigating. Since these policies are based on cloud discovery logs, they have different [tuning capabilities](cloud-discovery-anomaly-detection-policy.md#legacy-create-anomaly-detection-policy) more focused on anomalous app behavior and data exfiltration.
+However, you can fine-tune the built-in policies or create your own policies to aid you in identifying other scenarios that you may be interested in investigating. Since these policies are based on cloud discovery logs, they have different [tuning capabilities](cloud-discovery-policies.md#cloud-discovery-anomaly-detection) more focused on anomalous app behavior and data exfiltration.
 
 1. **Tune usage monitoring**  
 Set the usage filters to control the baseline, scope, and activity period for detecting anomalous behavior. For example, you may want to receive alerts for anomalous activities relating to executive-level employees.

defender-for-cloud-apps/tutorial-suspicious-activity.md

@@ -29,7 +29,7 @@ If the KRBTGT account's password is compromised, an attacker can use its hash to
 1. Take appropriate action on those accounts by resetting their password **twice** to invalidate the Golden Ticket attack. 
 
 > [!NOTE]
-> The krbtgt Kerberos account in all Active Directory domains supports key storage in all Kerberos Key Distribution Centers (KDC). To renew the Kerberos keys for TGT encryption, periodically change the krbtgt account password. It is recommended to use the [Microsoft-provided script.](https://github.com/microsoft/New-KrbtgtKeys.ps1)  
+> The krbtgt Kerberos account in all Active Directory domains supports key storage in all Kerberos Key Distribution Centers (KDC). To renew the Kerberos keys for TGT encryption, periodically change the krbtgt account password. We recommend using the [Microsoft KRBTGT Reset Script](https://gist.github.com/mubix/fd0c89ec021f70023695) and the [Public AD Scripts](https://github.com/zjorz/Public-AD-Scripts/blob/5666e5fcafd933c3288a47944cd6fb289dde54a1/Reset-KrbTgt-Password-For-RWDCs-And-RODCs.ps1) to change the password twice. These scripts automate the process of changing the password and ensure that the change is replicated across all domain controllers.
 > When resetting the password twice, wait at least 10 hours between resets to avoid Kerberos authentication issues. This wait time is enforced by the script and aligns with best practices.
 
 ### Next steps

defender-for-identity/automated-response-exclusions.md

@@ -117,8 +117,6 @@ items:
       href: entity-tags.md
     - name: Configure detection exclusions
       href: exclusions.md
-    - name: Automated response exclusions
-      href: automated-response-exclusions.md
     - name: Email and syslog notifications
       href: notifications.md
     - name: Adjust alert thresholds