update for explicit identifiers

Author: austinmccollum

articles/sentinel/mssp-protect-intellectual-property.md

@@ -70,12 +70,14 @@ To do this, you need a workspace in your own tenant with Microsoft Sentinel enab
 To create an analytic rule or hunting query in the MSSP tenant that references data in the customer tenant, you must use the `workspace` statement as follows:
 
 ```kusto
-workspace('<customer-workspace>').SecurityEvent
+workspace('<customer-workspace-explicit-identifier>').SecurityEvent
 | where EventID == ‘4625’
 ```
 
 When adding a `workspace` statement to your analytics rules, consider the following:
 
+- **Use the customer's explicit workspace identifier** in the cross workspace query for best performance. For more information, see [Identifier formats for cross workspace queries](/azure/azure-monitor/logs/cross-workspace-query#arguments).
+
 - **No alerts in the customer workspace**. Rules created in this manner, don't create alerts or incidents in the customer workspace. Both alerts and incidents exist in your MSSP workspace only.
 
 - **Create separate alerts for each customer**. When you use this method, we also recommend that you use separate alert rules for each customer and detection, as the workspace statement is different in each case.