Merge pull request #303042 from EdB-MSFT/lakeupdates-2107-2

prmerger-automator[bot] · web-flow · commit 00e58e9341b2 · 2025-07-21T15:55:45.000Z
aux tables comment
diff --git a/articles/sentinel/datalake/notebook-examples.md b/articles/sentinel/datalake/notebook-examples.md
@@ -17,7 +17,7 @@ ms.subservice: sentinel-graph
  
 This article presents some sample code snippets that demonstrate how to interact with Microsoft Sentinel lake data (preview) using Jupyter notebooks to analyze security data in the Microsoft Sentinel data lake. These examples illustrate how to access and analyze data from various tables, such as Microsoft Entra ID sign-in logs, group information, and device network events. The code snippets are designed to run in Jupyter notebooks within Visual Studio Code using the Microsoft Sentinel extension.
 
-To run these examples, must have the required permissions and Visual Studio Code installed with the Microsoft Sentinel extension. For more information, see [Microsoft Sentinel data lake permissions](../roles.md#roles-and-permissions-for-the-microsoft-sentinel-data-lake-preview) and  [Use Jupyter notebooks with Microsoft Sentinel Data lake](./notebooks.md).
+To run these examples, must have the required permissions and Visual Studio Code installed with the Microsoft Sentinel extension. For more information, see [Microsoft Sentinel data lake permissions](../roles.md#roles-and-permissions-for-the-microsoft-sentinel-data-lake-preview) and  [Use Jupyter notebooks with Microsoft Sentinel data lake](./notebooks.md).
 
 ## Failed sign-in attempts analysis
 
diff --git a/articles/sentinel/datalake/sentinel-lake-onboarding.md b/articles/sentinel/datalake/sentinel-lake-onboarding.md
@@ -37,7 +37,9 @@ Onboarding makes the following changes once complete:
     + Azure Resource Graph
 
 + If your organization currently uses Microsoft Sentinel SIEM (Security Information and Event Management), the billing and pricing for features like search jobs and queries, auxiliary logs, and long-term retention also known as "archive", switch to Microsoft Sentinel data lake-based billing, potentially increasing your costs.
-+ Auxiliary log tables are integrated into the Microsoft Sentinel data lake. Auxiliary tables in Microsoft Defender connected workspaces that are onboarded to the Microsoft Sentinel data lake become an integral part of the data lake, making them available for use in data lake queries and jobs.
+
++ Auxiliary log tables are integrated into the Microsoft Sentinel data lake. Auxiliary tables in Microsoft Defender connected workspaces that are onboarded to the Microsoft Sentinel data lake become an integral part of the data lake, making them available for use in data lake queries and jobs. After onboarding, auxiliary log tables are no longer available in Microsoft Defender Advanced hunting. Instead, you can access them through data lake exploration KQL queries in the Defender portal.
+
 + A managed identity is created with the prefix `msg-resources-` followed by a guid.  This managed identity is required for data lake functionality. The identity has the **Azure Reader** role over subscriptions onboarded into the data lake. Don't delete or remove required permissions from this managed identity. To enable custom table creation in the analytics tier, assign the **Log Analytics Contributor** role to this identity for the relevant Log Analytics workspaces. For more information, see [Create KQL jobs in the Microsoft Sentinel data lake (preview)](./kql-jobs.md#permissions).
 
 > [!NOTE]
