update

msmbaldwin · msmbaldwin · commit e218f0009c7d · 2026-02-12T15:45:23.000-08:00
diff --git a/articles/security/fundamentals/incident-response-overview.md b/articles/security/fundamentals/incident-response-overview.md
@@ -117,6 +117,7 @@ Microsoft provides detailed playbooks for common attack scenarios:
 | [Phishing investigation](/security/operations/incident-response-playbook-phishing) | Investigate phishing attacks |
 | [Password spray investigation](/security/operations/incident-response-playbook-password-spray) | Respond to password spray attacks |
 | [App consent grant investigation](/security/operations/incident-response-playbook-app-consent) | Investigate malicious OAuth consent grants |
+| [Compromised and malicious applications](/security/operations/incident-response-playbook-compromised-malicious-app) | Investigate compromised or malicious applications |
 | [Token theft](/security/operations/token-theft-playbook) | Investigate token theft attacks |
 
 For more playbooks, see [Incident response playbooks](/security/operations/incident-response-playbooks).
