updates

Author: guywi-ms

articles/sentinel/configure-data-connector.md

@@ -61,6 +61,20 @@ After you or someone in your organization installs the solution that includes th
 
    :::image type="content" source="media/configure-data-connector/connected-data-connector.png" alt-text="Screenshot of a data connector page with status connected and graph that shows the data received.":::
 
+## Find your data
+
+After you enable the connector successfully, the connector begins to stream data to the table schemas related to the data types you configurated.
+
+To view the data:
+
+   #### [Azure portal](#tab/azure-portal-1)
+
+   Query the tables in the Microsoft Sentinel workspace linked to your Microsoft Sentinel workspace.
+
+   #### [Defender portal](#tab/defender-portal-1)
+   
+   See [Where to find your Microsoft Sentinel data in Microsoft Defender portal](/defender-xdr/advanced-hunting-microsoft-defender#where-to-find-your-microsoft-sentinel-data).
+
 ## Find support for a data connector
 
 Both Microsoft and other organizations author Microsoft Sentinel data connectors. Find the support contact from data connector page in Microsoft Sentinel.

articles/sentinel/connect-azure-active-directory.md

@@ -22,14 +22,14 @@ This table lists the logs you can send from Microsoft Entra ID to Microsoft Sent
 | **Log type** | **Inf descriptionrmation contained in logs** | **Log schema** |
 |--------------|-----------------------------------|----------------|
 | [**Audit logs**](../active-directory/reports-monitoring/concept-audit-logs.md) | System activity related to user and group management, managed applications, and directory activities. | [AuditLogs](/azure/azure-monitor/reference/tables/auditlogs) |
-| [**Sign-in logs**](../active-directory/reports-monitorig/concept-all-sign-ins.md) | Interactive user sign-ins where a user provides an authentication factor. | [SigninLogs](/azure/azure-monitor/reference/tables/signinlogs) |
-| [**Non-interactive user sign-in logs**](../active-directory/reports-monitoring/concept-all-sign-ins.md#non-interactive-user-sign-ins)(**PREVIEW**)  | Sign-ins performed by a client on behalf of a user without any interaction or authentication factor from the user. | [AADNonInteractiveUserSignInLogs](/azure/azure-monitor/reference/tables/aadnoninteractiveusersigninlogs) |
+| [**Sign-in logs**](../active-directory/reports-monitoring/concept-all-sign-ins.md) | Interactive user sign-ins where a user provides an authentication factor. | [SigninLogs](/azure/azure-monitor/reference/tables/signinlogs) |
+| [**Non-interactive user sign-in logs**](../active-directory/reports-monitoring/concept-all-sign-ins.md#non-interactive-user-sign-ins) (**PREVIEW**)  | Sign-ins performed by a client on behalf of a user without any interaction or authentication factor from the user. | [AADNonInteractiveUserSignInLogs](/azure/azure-monitor/reference/tables/aadnoninteractiveusersigninlogs) |
 | [**Service principal sign-in logs**](../active-directory/reports-monitoring/concept-all-sign-ins.md#service-principal-sign-ins) (**PREVIEW**) | Sign-ins by apps and service principals that don't involve any user. In these sign-ins, the app or service provides a credential on its own behalf to authenticate or access resources. | [AADServicePrincipalSignInLogs](/azure/azure-monitor/reference/tables/aadserviceprincipalsigninlogs) |
 | [**Managed Identity sign-in logs**](../active-directory/reports-monitoring/concept-all-sign-ins.md#managed-identity-for-azure-resources-sign-ins) (**PREVIEW**) | Sign-ins by Azure resources that have secrets managed by Azure. For more information, see [What are managed identities for Azure resources?](../active-directory/managed-identities-azure-resources/overview.md). | [AADManagedIdentitySignInLogs](/azure/azure-monitor/reference/tables/aadmanagedidentitysigninlogs) |
 | [**AD FS sign-in logs**](/entra/identity/monitoring-health/concept-usage-insights-report#ad-fs-application-activity) | Sign-ins performed through Active Directory Federation Services (AD FS). | [ADFSSignInLogs](/azure/azure-monitor/reference/tables/adfssigninlogs) |
-| [**Enriched Office 365 audit logs**](/entra/global-secure-access/how-to-vie✅w-enriched-logs) | Security events related to Microsoft 365 apps. | [EnrichedOffice365AuditLogs](/azure/azure-monitor/reference/tables/enrichedmicrosoft365auditlogs) |
+| [**Enriched Office 365 audit logs**](/entra/global-secure-access/how-to-view-enriched-logs) | Security events related to Microsoft 365 apps. | [EnrichedOffice365AuditLogs](/azure/azure-monitor/reference/tables/enrichedmicrosoft365auditlogs) |
 | [**Provisioning logs**](../active-directory/reports-monitoring/concept-provisioning-logs.md) (**PREVIEW**)  | System activity information about users, groups, and roles provisioned by the Microsoft Entra provisioning service. | [AADProvisioningLogs](/azure/azure-monitor/reference/tables/aadprovisioninglogs) |
-| [**Microsoft Graph activity logs**](/graph/microsoft-graph-activity-logs-overview | HTTP requests accessing your tenant’s resources through the Microsoft Graph API. | [MicrosoftGraphActivityLogs](/azure/azure-monitor/reference/tables/microsoftgraphactivitylogs) |
+| [**Microsoft Graph activity logs**](/graph/microsoft-graph-activity-logs-overview)| HTTP requests accessing your tenant’s resources through the Microsoft Graph API. | [MicrosoftGraphActivityLogs](/azure/azure-monitor/reference/tables/microsoftgraphactivitylogs) |
 | [**Network access traffic logs**](/entra/global-secure-access/how-to-view-traffic-logs) | Network access traffic and activities. | [NetworkAccessTraffic](/azure/azure-monitor/reference/tables/networkaccesstraffic) |
 | [**Remote network health logs**](/entra/global-secure-access/how-to-remote-network-health-logs?tabs=microsoft-entra-admin-center) | Insights into the health of remote networks. | [RemoteNetworkHealthLogs](/azure/azure-monitor/reference/tables/remotenetworkhealthlogs) |
 | [**User risk events**](/entra/id-protection/howto-identity-protection-investigate-risk?branch=main#risk-detections-report) | User risk events generated by Microsoft Entra ID Protection. | [AADUserRiskEvents](/azure/azure-monitor/reference/tables/aaduserriskevents) |
@@ -38,7 +38,7 @@ This table lists the logs you can send from Microsoft Entra ID to Microsoft Sent
 | [**Service principal risk events**](/entra/id-protection/howto-identity-protection-investigate-risk#risy-users-report) | Risk detections associated with service principals logged by Microsoft Entra ID Protection. | [AADServicePrincipalRiskEvents](/azure/azure-monitor/reference/tables/aadserviceprincipalriskevents) |
 
 > [!IMPORTANT]
-> Some of the available log types are currently in **PREVIEW**. See the [Supplemental Termso| Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for other legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
+> Some of the available log types are currently in **PREVIEW**. See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for other legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
 
 [!INCLUDE [reference-to-feature-availability](includes/reference-to-feature-availability.md)]
 
@@ -54,25 +54,13 @@ This table lists the logs you can send from Microsoft Entra ID to Microsoft Sent
 
 <a name='connect-to-azure-active-directory'></a>
 
-## Install the Microsoft Entra ID data connector
+## Enable the Microsoft Entra ID data connector
 
-To install the Microsoft Entra ID data connector, search for and enable **Microsoft Entra ID** as described in [Enable a data connector](configure-data-connector.md#enable-a-data-connector).
+Search for and enable the **Microsoft Entra ID** connector as described in [Enable a data connector](configure-data-connector.md#enable-a-data-connector).
 
-## Find and use your data
+## Install the Microsoft Entra ID solution (optional)
 
-After a successful connection is established, the data appears in **Logs**, under the **LogManagement** section, in the following tables:
-
-- `SigninLogs`
-- `AuditLogs`
-- `AADNonInteractiveUserSignInLogs`
-- `AADServicePrincipalSignInLogs`
-- `AADManagedIdentitySignInLogs`
-- `AADProvisioningLogs`
-- `MSGraphActivityLogs`
-
-To query the Microsoft Entra logs, enter the relevant table name at the top of the query window.
-
-If an expected table is not available, verify the log categories are selected for your Microsoft Sentinel workspace in Microsoft Entra diagnostic settings. For more informatoin, see [Configure Microsoft Entra diagnostic settings for activity logs](/entra/identity/monitoring-health/howto-configure-diagnostic-settings).
+Install the solution for **Microsoft Entra ID** from the **Content Hub** in Microsoft Sentinel to get prebuilt workbooks, analytics rules, playbooks, and more. For more information, see [Discover and manage Microsoft Sentinel out-of-the-box content](sentinel-solutions-deploy.md).
 
 ## Next steps
 In this document, you learned how to connect Microsoft Entra ID to Microsoft Sentinel. To learn more about Microsoft Sentinel, see the following articles: