Merge branch 'NirMalka4-add-NSN-workload-m365d' of https://github.com/microsoftgraph/microsoft-graph-docs into NirMalka4-add-NSN-workload-m365d

Nir Malka · Nir Malka · commit 92ec05530ca5 · 2025-05-25T11:00:48.000+03:00
diff --git a/api-reference/beta/resources/security-alert.md b/api-reference/beta/resources/security-alert.md
@@ -59,7 +59,7 @@ Security providers create an alert in the system when they detect a threat. Micr
 |providerAlertId|String| The ID of the alert as it appears in the security provider product that generated the alert.|
 |recommendedActions|String| Recommended response and remediation actions to take in the event this alert was generated.|
 |resolvedDateTime|DateTimeOffset| Time when the alert was resolved.|
-|serviceSource|[microsoft.graph.security.serviceSource](#servicesource-values)| The service or product that created this alert. Possible values are: `unknown`, `microsoftDefenderForEndpoint`, `microsoftDefenderForIdentity`, `microsoftDefenderForCloudApps`, `microsoftDefenderForOffice365`, `microsoft365Defender`, `azureAdIdentityProtection`, `microsoftAppGovernance`, `dataLossPrevention`, `unknownFutureValue`, `microsoftDefenderForCloud`, `microsoftSentinel`, `microsoftThreatIntelligence`. Use the `Prefer: include-unknown-enum-members` request header to get the following value(s) in this [evolvable enum](/graph/best-practices-concept#handling-future-members-in-evolvable-enumerations): `microsoftDefenderForCloud`, `microsoftSentinel`.|
+|serviceSource|[microsoft.graph.security.serviceSource](#servicesource-values)| The service or product that created this alert. Possible values are: `unknown`, `microsoftDefenderForEndpoint`, `microsoftDefenderForIdentity`, `microsoftDefenderForCloudApps`, `microsoftDefenderForOffice365`, `microsoft365Defender`, `azureAdIdentityProtection`, `microsoftAppGovernance`, `dataLossPrevention`, `unknownFutureValue`, `microsoftDefenderForCloud`, `microsoftSentinel`, `microsoftThreatIntelligence`. Use the `Prefer: include-unknown-enum-members` request header to get the following value(s) in this [evolvable enum](/graph/best-practices-concept#handling-future-members-in-evolvable-enumerations): `microsoftDefenderForCloud`, `microsoftSentinel`, `microsoftThreatIntelligence`.|
 |severity|[microsoft.graph.security.alertSeverity](#alertseverity-values)| Indicates the possible impact on assets. The higher the severity the bigger the impact. Typically higher severity items require the most immediate attention. Possible values are: `unknown`, `informational`, `low`, `medium`, `high`, `unknownFutureValue`.|
 |status|[microsoft.graph.security.alertStatus](#alertstatus-values)| The status of the alert. Possible values are: `new`, `inProgress`, `resolved`, `unknownFutureValue`.|
 |tenantId|String| The Microsoft Entra tenant the alert was created in.|
diff --git a/api-reference/v1.0/resources/security-alert.md b/api-reference/v1.0/resources/security-alert.md
@@ -57,7 +57,7 @@ When a security provider detects a threat, it creates an alert in the system. Mi
 |providerAlertId|String| The ID of the alert as it appears in the security provider product that generated the alert.|
 |recommendedActions|String| Recommended response and remediation actions to take in the event this alert was generated.|
 |resolvedDateTime|DateTimeOffset| Time when the alert was resolved.|
-|serviceSource|[microsoft.graph.security.serviceSource](#servicesource-values)| The service or product that created this alert. Possible values are: `unknown`, `microsoftDefenderForEndpoint`, `microsoftDefenderForIdentity`, `microsoftDefenderForCloudApps`, `microsoftDefenderForOffice365`, `microsoft365Defender`, `azureAdIdentityProtection`, `microsoftAppGovernance`, `dataLossPrevention`, `unknownFutureValue`, `microsoftDefenderForCloud`, `microsoftSentinel`, `microsoftThreatIntelligence`. Use the `Prefer: include-unknown-enum-members` request header to get the following value(s) in this [evolvable enum](/graph/best-practices-concept#handling-future-members-in-evolvable-enumerations): `microsoftDefenderForCloud`, `microsoftSentinel`.|
+|serviceSource|[microsoft.graph.security.serviceSource](#servicesource-values)| The service or product that created this alert. Possible values are: `unknown`, `microsoftDefenderForEndpoint`, `microsoftDefenderForIdentity`, `microsoftDefenderForCloudApps`, `microsoftDefenderForOffice365`, `microsoft365Defender`, `azureAdIdentityProtection`, `microsoftAppGovernance`, `dataLossPrevention`, `unknownFutureValue`, `microsoftDefenderForCloud`, `microsoftSentinel`, `microsoftThreatIntelligence`. Use the `Prefer: include-unknown-enum-members` request header to get the following value(s) in this [evolvable enum](/graph/best-practices-concept#handling-future-members-in-evolvable-enumerations): `microsoftDefenderForCloud`, `microsoftSentinel`, `microsoftThreatIntelligence`.|
 |severity|[microsoft.graph.security.alertSeverity](#alertseverity-values)| Indicates the possible impact on assets. The higher the severity the bigger the impact. Typically higher severity items require the most immediate attention. Possible values are: `unknown`, `informational`, `low`, `medium`, `high`, `unknownFutureValue`.|
 |status|[microsoft.graph.security.alertStatus](#alertstatus-values)| The status of the alert. Possible values are: `new`, `inProgress`, `resolved`, `unknownFutureValue`.|
 |tenantId|String| The Microsoft Entra tenant the alert was created in.|
diff --git a/changelog/Microsoft.M365.Defender.json b/changelog/Microsoft.M365.Defender.json
@@ -1,5 +1,57 @@
 {
   "changelog": [
+    {
+      "ChangeList": [
+        {
+          "Id": "99683d17-f392-44ea-915a-2613c8b89abb",
+          "ApiChange": "Member",
+          "ChangedApiName": "microsoftThreatIntelligence",
+          "ChangeType": "Addition",
+          "Description": "Added the `microsoftThreatIntelligence` member to the **detectionSource** enumeration.",
+          "Target": "detectionSource"
+        },
+        {
+          "Id": "99683d17-f392-44ea-915a-2613c8b89abb",
+          "ApiChange": "Member",
+          "ChangedApiName": "microsoftThreatIntelligence",
+          "ChangeType": "Addition",
+          "Description": "Added the `microsoftThreatIntelligence` member to the **serviceSource** enumeration.",
+          "Target": "serviceSource"
+        }
+      ],
+      "Id": "99683d17-f392-44ea-915a-2613c8b89abb",
+      "Cloud": "Prod",
+      "Version": "beta",
+      "CreatedDateTime": "2025-05-08T09:14:16.8624443Z",
+      "WorkloadArea": "Security",
+      "SubArea": ""
+    },
+    {
+      "ChangeList": [
+        {
+          "Id": "d60ee9a7-6f54-462e-9103-9af88aab9122",
+          "ApiChange": "Member",
+          "ChangedApiName": "microsoftThreatIntelligence",
+          "ChangeType": "Addition",
+          "Description": "Added the `microsoftThreatIntelligence` member to the **detectionSource** enumeration.",
+          "Target": "detectionSource"
+        },
+        {
+          "Id": "d60ee9a7-6f54-462e-9103-9af88aab9122",
+          "ApiChange": "Member",
+          "ChangedApiName": "microsoftThreatIntelligence",
+          "ChangeType": "Addition",
+          "Description": "Added the `microsoftThreatIntelligence` member to the **serviceSource** enumeration.",
+          "Target": "serviceSource"
+        }
+      ],
+      "Id": "d60ee9a7-6f54-462e-9103-9af88aab9122",
+      "Cloud": "Prod",
+      "Version": "v1.0",
+      "CreatedDateTime": "2025-05-11T05:53:29.5486832Z",
+      "WorkloadArea": "Security",
+      "SubArea": ""
+    },
     {
       "ChangeList": [
         {
diff --git a/concepts/whats-new-overview.md b/concepts/whats-new-overview.md
@@ -35,6 +35,10 @@ Use the **cancelledOccurrences** property and **exceptionOccurrences** navigatio
 
 Added [video-on-demand publication for all sessions in a webinar](/graph/changenotifications-for-virtualevent) as a subscribable virtual event.
 
+### Security
+
+Added `microsoftThreatIntelligence` as a supported detection source for the **detectionSource** and **serviceSource** properties of the [alert](/graph/api/resources/security-alert) resource.
+
 ### Teamwork and communications | Calls and online meetings
 
 [Get](/graph/api/copilotadminlimitedmode-get) or [set](/graph/api/copilotadminlimitedmode-update) whether users of Microsoft 365 Copilot in Teams meetings can receive responses to sentiment-related prompts.
@@ -70,6 +74,10 @@ Use the [educationSpeakerProgressResource](/graph/api/resources/educationspeaker
 
 Use the new [profilePropertySetting](/graph/api/resources/profilepropertysetting?view=graph-rest-beta&preserve-view=true) APIs to configure profile source precedence, ensuring accurate display of profile data across Microsoft 365 experiences based on configured priorities.
 
+### Security
+
+Added `microsoftThreatIntelligence` as a supported detection source for the **detectionSource** and **serviceSource** properties of the [alert](/graph/api/resources/security-alert?view=graph-rest-beta&preserve-view=true) resource.
+
 ### Teamwork and communications
 
 [Add custom activity icons in activity feed notifications](/graph/teams-send-activityfeednotifications).
