Merge pull request #293754 from yelevin/patch-2

Plain-text limitation

Author: prmerger-automator[bot]

articles/sentinel/create-analytics-rules.md

@@ -78,8 +78,8 @@ In the Azure portal, stages are represented visually as tabs. In the Defender po
 
     | Field | Description |
     | ----- | ----------- |
-    | **Name** | A unique name for your rule. |
-    | **Description** | A free-text description for your rule. |
+    | **Name** | A unique name for your rule. This field supports plain text only. |
+    | **Description** | A free-text description for your rule.<br>If Microsoft Sentinel is onboarded to the Defender portal, this field supports plain text only. |
     | **Severity** | Match the impact the activity triggering the rule might have on the target environment, should the rule be a true positive.<br><br>**Informational**: No impact on your system, but the information might be indicative of future steps planned by a threat actor.<br>**Low**: The immediate impact would be minimal. A threat actor would likely need to conduct multiple steps before achieving an impact on an environment.<br>**Medium**: The threat actor could have some impact on the environment with this activity, but it would be limited in scope or require additional activity.<br> **High**: The activity identified provides the threat actor with wide ranging access to conduct actions on the environment or is triggered by impact on the environment. |
     | **MITRE ATT&CK** | Choose those threat activities which apply to your rule. Select from among the **MITRE ATT&CK** tactics and techniques presented in the drop-down list. You can make multiple selections.<br><br>For more information on maximizing your coverage of the MITRE ATT&CK threat landscape, see [Understand security coverage by the MITRE ATT&CK® framework](mitre-coverage.md). |
     | **Status** | **Enabled**: The rule runs immediately upon creation, or at the [specific date and time you choose to schedule it (currently in PREVIEW)](#schedule-and-scope-the-query).<br>**Disabled**: The rule is created but doesn't run. Enable it later from your **Active rules** tab when you need it. |

articles/sentinel/customize-alert-details.md

@@ -72,8 +72,8 @@ Follow the procedure detailed below to use the alert details feature. These step
 
         | Name | Description |
         | ---- | ----------- |
-        | **AlertName**                      | String |
-        | **Description**                    | String |
+        | **AlertName**                      | String. Supports plain text only. |
+        | **Description**                    | String. Supports plain text only, if Microsoft Sentinel is onboarded to Defender portal. |
         | **AlertSeverity**                  | One of the following values: <br>- **Informational**<br>- **Low**<br>- **Medium**<br>- **High** |
         | **Tactics**                        | One of the following values: <br>- **Reconnaissance**<br>- **ResourceDevelopment**<br>- **InitialAccess**<br>- **Execution**<br>- **Persistence**<br>- **PrivilegeEscalation**<br>- **DefenseEvasion**<br>- **CredentialAccess**<br>- **Discovery**<br>- **LateralMovement**<br>- **Collection**<br>- **Exfiltration**<br>- **CommandAndControl**<br>- **Impact**<br>- **PreAttack**<br>- **ImpairProcessControl**<br>- **InhibitResponseFunction** |
         | **Techniques** (Preview)           | A string that matches the following regular expression: `^T(?<Digits>\d{4})$`. <br>For example: **T1234** |