Merge pull request #2624 from MicrosoftDocs/main

Auto Publish – main to live - 2026-03-16 17:11 UTC

Author: learn-build-service-prod[bot]

articles/defender-for-cloud/TOC.yml

@@ -82,10 +82,10 @@
               href: quickstart-onboard-machines.md
     - name: Networking and connectivity
       items:
-      - name: Microsoft Security Private Link for Microsoft Defender for Cloud (Preview)
+      - name: Microsoft Security Private Link for Microsoft Defender for Cloud
         displayName: private endpoints, private link, security private link, networking, connectivity, VPN, ExpressRoute
         href: concept-private-links.md
-      - name: Configure private endpoints with Microsoft Security Private Link (Preview)
+      - name: Configure private endpoints with Microsoft Security Private Link
         href: configure-private-endpoints.md
     - name: Enable specific plans
       expanded: false

articles/defender-for-cloud/concept-private-links.md

@@ -1,13 +1,13 @@
 ---
-title: Microsoft Security Private Link for Microsoft Defender for Cloud (Preview)
+title: Microsoft Security Private Link for Microsoft Defender for Cloud
 description: Learn how Microsoft Security Private Link provides secure, private connectivity between your virtual network and Microsoft Defender for Cloud.
 author: Elazark
 ms.author: elkrieger
 ms.topic: article
-ms.date: 01/07/2025
+ms.date: 03/16/2026
 ---
 
-# Microsoft Security Private Link for Microsoft Defender for Cloud (Preview)
+# Microsoft Security Private Link for Microsoft Defender for Cloud
 
 Microsoft Security Private Link allows workloads in your virtual network to connect to Microsoft Defender for Cloud. You enable this connection by creating a Security Private Link resource in your subscription and private endpoints in your Azure virtual networks that connect to it.
 
@@ -97,7 +97,7 @@ If you're using a custom DNS server, configure delegation or A records to resolv
 | Compliance alignment | Limited | Strong |
 | Multi-service integration | Manual | Simplified |
 
-## Next steps
+## Related content
 
 - [Configure private endpoints with Microsoft Security Private Link](configure-private-endpoints.md)
 

articles/defender-for-cloud/configure-private-endpoints.md

@@ -4,12 +4,12 @@ description: Configure private endpoints with Microsoft Security Private Link to
 author: Elazark
 ms.author: elkrieger
 ms.topic: how-to
-ms.date: 01/07/2025
+ms.date: 03/16/2026
 #customer intent: As a security administrator, I want to configure a private endpoint for Microsoft Defender for Cloud so that Defender traffic stays within my private network.
 
 ---
 
-# Configure private endpoints with Microsoft Security Private Link (Preview)
+# Configure private endpoints with Microsoft Security Private Link
 
 Use a [private endpoint](/azure/private-link/private-endpoint-overview) with Microsoft Security Private Link to connect workloads in your private network to Microsoft Defender for Cloud over [Azure Private Link](/azure/private-link/private-link-overview).
 

articles/defender-for-cloud/defender-for-containers-azure-enable-portal.md

@@ -2,7 +2,7 @@
 title: Enable Defender for Containers on AKS via portal
 description: Learn how to enable Microsoft Defender for Containers on your Azure Kubernetes Service (AKS) clusters through the Azure portal, with options to enable all components or deploy specific components selectively.
 ms.topic: how-to
-ms.date: 11/27/2025
+ms.date: 03/16/2026
 ai-usage: ai-assisted
 ---
 

articles/defender-for-cloud/defender-for-containers-azure-enable-programmatically.md

@@ -2,7 +2,7 @@
 title: Deploy Defender for Containers on Azure (AKS) programmatically
 description: Learn how to programmatically deploy Microsoft Defender for Containers components on AKS clusters using Azure CLI, REST API, and ARM templates.
 ms.topic: how-to
-ms.date: 11/27/2025
+ms.date: 03/16/2026
 ai-usage: ai-assisted
 ---
 
@@ -43,16 +43,6 @@ az aks update \
     --enable-defender
 ```
 
-To deploy with a custom Log Analytics workspace:
-
-```azurecli
-az aks update \
-    --resource-group myResourceGroup \
-    --name myAKSCluster \
-    --enable-defender \
-    --defender-config logAnalyticsWorkspaceResourceId=/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}
-```
-
 ### [ARM template](#tab/aks-arm)
 
 Deploy the following ARM template to enable the Defender sensor on an AKS cluster:

articles/defender-for-cloud/includes/defender-for-container-prerequisites-aks.md

@@ -1,7 +1,7 @@
 ---
 ms.service: defender-for-cloud
 ms.topic: include
-ms.date: 07/19/2022
+ms.date: 03/16/2026
 ms.author: elkrieger
 author: Elazark
 ---
@@ -22,14 +22,4 @@ For clusters with restricted egress, you must allow specific FQDNs for Microsoft
 
 #### Private link configuration
 
-If event egress from the cluster requires the use of an Azure Monitor Private Link Scope (AMPLS), you must:
-
-1. Define the cluster with Container insights and a Log Analytics workspace
-1. Define the cluster's Log Analytics workspace as a resource in the AMPLS
-1. Create a virtual network private endpoint in the AMPLS between:
-   - The virtual network of the cluster
-   - The Log Analytics resource
-
-   The virtual network private endpoint integrates with a private DNS zone.
-
-For instructions, see [Create an Azure Monitor Private Link Scope](/azure/azure-monitor/logs/private-link-configure#create-an-azure-monitor-private-link-scope).
+For instructions, see [Microsoft Security Private Link for Microsoft Defender for Cloud](../concept-private-links.md).

articles/defender-for-cloud/introduction-malware-scanning.md

@@ -163,7 +163,7 @@ These resources are required for malware scanning to function. If any of them ar
 
 * **Unsupported protocols:** Blobs uploaded using the Network File System (NFS) 3.0 protocol aren’t scanned.  
 
-* **Blob index tags:** Index tags aren’t supported for storage accounts with hierarchical namespaces enabled (Azure Data Lake Storage Gen2).  
+* **Blob index tags:** Index tags for storage accounts with hierarchical namespaces enabled (Azure Data Lake Storage Gen2) are supported in public preview. You can opt in to this pre-release feature - "Blob Tags for Hierarchical Namespace".
 
 * **Unsupported regions:** Not all regions currently support malware scanning. For the latest list, see [Defender for Cloud availability](https://azure.microsoft.com/pricing/details/defender-for-cloud/).