MicrosoftDocs
diff --git a/‎articles/sentinel/TOC.yml
Lines changed: 3 additions & 3 deletions b/‎articles/sentinel/TOC.yml
Lines changed: 3 additions & 3 deletions
diff --git a/‎articles/sentinel/connect-mdti-data-connector.md
Lines changed: 7 additions & 8 deletions b/‎articles/sentinel/connect-mdti-data-connector.md
Lines changed: 7 additions & 8 deletions
diff --git a/‎articles/sentinel/connect-threat-intelligence-taxii.md
Lines changed: 1 addition & 1 deletion b/‎articles/sentinel/connect-threat-intelligence-taxii.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/sentinel/connect-threat-intelligence-tip.md
Lines changed: 4 additions & 4 deletions b/‎articles/sentinel/connect-threat-intelligence-tip.md
Lines changed: 4 additions & 4 deletions
diff --git a/‎articles/sentinel/connect-threat-intelligence-upload-api.md
Lines changed: 9 additions & 9 deletions b/‎articles/sentinel/connect-threat-intelligence-upload-api.md
Lines changed: 9 additions & 9 deletions
@@ -780,13 +780,13 @@
     href: threat-intelligence-integration.md
   - name: Enable MDTI data connector
     href: connect-mdti-data-connector.md
-  - name: Connect threat intelligence STIX objects API
+  - name: Connect threat intelligence with upload API
     href: connect-threat-intelligence-upload-api.md
   - name: Connect threat intelligence platforms
     href: connect-threat-intelligence-tip.md
   - name: Connect to STIX/TAXII feeds
     href: connect-threat-intelligence-taxii.md
-  - name: Add indicators in bulk by file
+  - name: Add threat intelligence in bulk by file
     href: indicators-bulk-file-import.md
   - name: Work with threat indicators
     href: work-with-threat-indicators.md
@@ -1255,7 +1255,7 @@
       href: hunting-with-rest-api.md
     - name: Enrich entities with geolocation data with REST-API
       href: geolocation-data-api.md
-    - name: STIX objects API reference
+    - name: Threat intelligence upload API reference
       href: stix-objects-api.md
     - name: Legacy upload indicator API reference
       href: upload-indicators-api.md
 
@@ -1,5 +1,5 @@
 ---
-title: Enable data connector for Microsoft's threat intelligence
+title: Enable the data connector for Microsoft's threat intelligence
 titleSuffix: Microsoft Defender Threat Intelligence
 keywords: premium, TI, STIX objects, relationships, threat actor, watchlist, license
 description: Learn how to ingest Microsoft's threat intelligence into your Microsoft Sentinel workspace to generate high-fidelity alerts and incidents.
@@ -17,12 +17,10 @@ ms.collection: usx-security
 
 ---
 
-# Enable data connector for Microsoft Defender Threat Intelligence
+# Enable the Microsoft Defender Threat Intelligence data connector
 
 Bring public, open-source and high-fidelity indicators of compromise (IOCs) generated by Microsoft Defender Threat Intelligence into your Microsoft Sentinel workspace with the Defender Threat Intelligence data connectors. With a simple one-click setup, use the threat intelligence from the standard and premium Defender Threat Intelligence data connectors to monitor, alert, and hunt.
 
-> [!IMPORTANT]
-> The Defender Threat Intelligence data connector and the premium Defender Threat Intelligence data connector are currently in preview. See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for more legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
 > [!INCLUDE [unified-soc-preview-without-alert](includes/unified-soc-preview-without-alert.md)]
 
 For more information about the benefits of the standard and premium Defender Threat Intelligence data connectors, see [Understand threat intelligence](understand-threat-intelligence.md#add-threat-indicators-to-microsoft-sentinel-with-the-defender-threat-intelligence-data-connector).
@@ -31,6 +29,9 @@ For more information about the benefits of the standard and premium Defender Thr
 
 - To install, update, and delete standalone content or solutions in the **Content hub**, you need the Microsoft Sentinel Contributor role at the resource group level.
 - To configure these data connectors, you must have read and write permissions to the Microsoft Sentinel workspace.
+- To access threat intelligence from the premium version of the Defender Threat Intelligence data connector, contact sales to purchase the **MDTI API Access** SKU. 
+
+For more information on how to get a premium license and explore all the differences between the standard and premium versions, see [Explore Defender Threat Intelligence licenses](https://www.microsoft.com/security/business/siem-and-xdr/microsoft-defender-threat-intelligence#areaheading-oc8e7d).
 
 ## Install the threat intelligence solution in Microsoft Sentinel
 
@@ -52,13 +53,11 @@ For more information about how to manage the solution components, see [Discover
 
    For Microsoft Sentinel in the [Defender portal](https://security.microsoft.com/), select **Microsoft Sentinel** > **Configuration** > **Data connectors**.
 
-1. Find and select the Defender Threat Intelligence data connector **Open connector page** button.
-
-    :::image type="content" source="media/connect-mdti-data-connector/premium-microsoft-defender-threat-intelligence-data-connector-config.png" alt-text="Screenshot that shows the Data connectors page with the Defender Threat Intelligence data connector listed." lightbox="media/connect-mdti-data-connector/premium-microsoft-defender-threat-intelligence-data-connector-config.png"::: 
+1. Find and select either the standard or premium Defender Threat Intelligence data connector. Select **Open connector page** button.
 
 1. Enable the feed by selecting **Connect**.
 
-    :::image type="content" source="media/connect-mdti-data-connector/microsoft-defender-threat-intelligence-data-connector-connect.png" alt-text="Screenshot that shows the Defender Threat Intelligence Data connector page and the Connect button." lightbox="media/connect-mdti-data-connector/microsoft-defender-threat-intelligence-data-connector-connect.png"::: 
+    :::image type="content" source="media/connect-mdti-data-connector/premium-connect.png" alt-text="Screenshot that shows the Defender Threat Intelligence Data connector page and the Connect button." lightbox="media/connect-mdti-data-connector/premium-connect.png"::: 
 
 1. When Defender Threat Intelligence indicators start populating the Microsoft Sentinel workspace, the connector status displays **Connected**.
 
 
@@ -65,7 +65,7 @@ For more information about how to manage the solution components, see [Discover
 
 1. Find and select the **Threat Intelligence - TAXII** data connector, and then select **Open connector page**.
 
-    :::image type="content" source="media/connect-threat-intelligence-taxii/taxii-data-connector-config.png" alt-text="Screenshot that shows the Data connectors page with the TAXII data connector listed." lightbox="media/connect-threat-intelligence-taxii/taxii-data-connector-config.png":::
+    :::image type="content" source="media/connect-threat-intelligence-taxii/taxii-data-connector.png" alt-text="Screenshot that shows the Data connectors page with the TAXII data connector listed." lightbox="media/connect-threat-intelligence-taxii/taxii-data-connector.png":::
 
 1. Enter a name for this TAXII server collection in the **Friendly name** text box. Fill in the text boxes for **API root URL**, **Collection ID**, **Username** (if necessary), and **Password** (if necessary). Choose the group of indicators and the polling frequency you want. Select **Add**.
 
 
@@ -20,7 +20,7 @@ ms.collection: usx-security
 
 > [!NOTE]
 > This data connector is on a path for deprecation. More information will be published on the precise timeline. Use the new Threat Intelligence Upload Indicators API data connector for new solutions going forward.
-> For more information, see [Connect your threat intelligence platform to Microsoft Sentinel with the Upload Indicators API](connect-threat-intelligence-upload-api.md).
+> For more information, see [Connect your threat intelligence platform to Microsoft Sentinel with the upload API](connect-threat-intelligence-upload-api.md).
 
 Many organizations use threat intelligence platform (TIP) solutions to aggregate threat indicator feeds from various sources. From the aggregated feed, the data is curated to apply to security solutions such as network devices, EDR/XDR solutions, or security information and event management (SIEM) solutions such as Microsoft Sentinel. By using the TIP data connector, you can use these solutions to import threat indicators into Microsoft Sentinel. 
 
@@ -145,17 +145,17 @@ The last step in the integration process is to enable the TIP data connector in
 
 1. To configure the TIP data connector, select **Configuration** > **Data connectors**.
 
-1. Find and select the **Threat Intelligence Platforms** data connector, and then select **Open connector page**.
+1. Find and select the **Threat Intelligence Platforms - BEING DEPRECATED** data connector, and then select **Open connector page**.
 
-    :::image type="content" source="media/connect-threat-intelligence-tip/tip-data-connector-config.png" alt-text="Screenshot that shows the Data connectors page with the Threat Intelligence Platforms data connector listed." lightbox="media/connect-threat-intelligence-tip/tip-data-connector-config.png":::
+    :::image type="content" source="media/connect-threat-intelligence-tip/threat-intelligence-platforms-data-connector.png" alt-text="Screenshot that shows the Data connectors page with the Threat Intelligence Platforms data connector listed." lightbox="media/connect-threat-intelligence-tip/threat-intelligence-platforms-data-connector.png":::
 
 1. Because you already finished the app registration and configured your TIP or custom solution to send threat indicators, the only step left is to select **Connect**.
 
 Within a few minutes, threat indicators should begin flowing into this Microsoft Sentinel workspace. You can find the new indicators on the **Threat intelligence** pane, which you can access from the Microsoft Sentinel menu.
 
 ## Related content
 
-In this article, you learned how to connect your TIP to Microsoft Sentinel. To learn more about Microsoft Sentinel, see the following articles:
+In this article, you learned how to connect your TIP to Microsoft Sentinel using a method on path for deprecation. To connect your TIP using the recommended method, see [Connect your TIP with the upload API](connect-threat-intelligence-upload-api.md).
 
 - Learn how to [get visibility into your data and potential threats](get-visibility.md).
 - Get started [detecting threats with Microsoft Sentinel](./detect-threats-built-in.md).
@@ -1,8 +1,8 @@
 ---
-title: Connect your TIP with STIX objects API
+title: Connect your TIP with the upload API (Preview)
 titleSuffix: Microsoft Sentinel
 
-description: Learn how to connect your threat intelligence platform (TIP) or custom feed using the STIX objects API to Microsoft Sentinel.
+description: Learn how to connect your threat intelligence platform (TIP) or custom feed using the upload API to Microsoft Sentinel.
 author: austinmccollum
 ms.topic: how-to
 ms.date: 3/14/2024
@@ -14,18 +14,18 @@ ms.collection: usx-security
 #Customer intent: As a security admin, I want to connect my threat intelligence platform with Microsoft Sentinel using the appropriate API so that I can centralize and enhance threat detection and response capabilities.
 ---
 
-# Connect your threat intelligence platform to Microsoft Sentinel with the STIX objects API
+# Connect your threat intelligence platform to Microsoft Sentinel with the upload API (Preview)
 
-Many organizations use threat intelligence platform (TIP) solutions to aggregate threat intelligence feeds from various sources. From the aggregated feed, the data is curated to apply to security solutions such as network devices, EDR/XDR solutions, or security information and event management (SIEM) solutions such as Microsoft Sentinel. The industry standard for describing cyberthreat information is called, "Structured Threat Information Expression" or STIX. By using the STIX objects API, you use an expressive way to import threat intelligence into Microsoft Sentinel.
+Many organizations use threat intelligence platform (TIP) solutions to aggregate threat intelligence feeds from various sources. From the aggregated feed, the data is curated to apply to security solutions such as network devices, EDR/XDR solutions, or security information and event management (SIEM) solutions such as Microsoft Sentinel. The industry standard for describing cyberthreat information is called, "Structured Threat Information Expression" or STIX. By using the upload API which supports STIX objects, you use a more expressive way to import threat intelligence into Microsoft Sentinel.
 
-The STIX objects API ingests threat intelligence into Microsoft Sentinel without the need for a data connector. This article describes what you need to connect. For more information on the API details, see the reference document [Microsoft Sentinel STIX objects API](stix-objects-api.md).
+The upload API ingests threat intelligence into Microsoft Sentinel without the need for a data connector. This article describes what you need to connect. For more information on the API details, see the reference document [Microsoft Sentinel upload API](stix-objects-api.md).
 
 :::image type="content" source="media/connect-threat-intelligence-upload-api/threat-intel-stix-objects-api.png" alt-text="Screenshot that shows the threat intelligence import path.":::
 
 For more information about threat intelligence, see [Threat intelligence](understand-threat-intelligence.md).
 
 > [!IMPORTANT]
-> The Microsoft Sentinel threat intelligence STIX objects API is in preview. See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for more legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
+> The Microsoft Sentinel threat intelligence upload API is in preview. See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for more legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
 >
 > [!INCLUDE [unified-soc-preview-without-alert](includes/unified-soc-preview-without-alert.md)]
 
@@ -62,7 +62,7 @@ After you register your application, record its application (client) ID from the
 
 ## Assign a role to the application
 
-The STIX objects API ingests threat intelligence objects at the workspace level and requires the role of Microsoft Sentinel Contributor.
+The upload API ingests threat intelligence objects at the workspace level and requires the role of Microsoft Sentinel Contributor.
 
 1. From the Azure portal, go to **Log Analytics workspaces**.
 1. Select **Access control (IAM)**.
@@ -79,15 +79,15 @@ For more information on assigning roles to applications, see [Assign a role to t
 
 ## Configure your threat intelligence platform solution or custom application
 
-The following configuration information is required by the STIX objects API:
+The following configuration information is required by the upload API:
 
 - Application (client) ID
 - Microsoft Entra access token with [OAuth 2.0 authentication](../active-directory/fundamentals/auth-oauth2.md)
 - Microsoft Sentinel workspace ID
 
 Enter these values in the configuration of your integrated TIP or custom solution where required.
 
-1. Submit the threat intelligence to the STIX objects API. For more information, see [Microsoft Sentinel STIX objects API](stix-objects-api.md).
+1. Submit the threat intelligence to the upload API. For more information, see [Microsoft Sentinel upload API](stix-objects-api.md).
 1. Within a few minutes, threat intelligence objects should begin flowing into your Microsoft Sentinel workspace. Find the new STIX objects on the **Threat intelligence** page, which is accessible from the Microsoft Sentinel menu.
 
 ## Related content