Risk based optimization

Author: AbbyMSFT

articles/sentinel/soc-optimization/soc-optimization-access.md

@@ -69,15 +69,15 @@ Supported metrics at the top of the **Overview** tab include:
 | **Ingested data over the last 3 months** | Shows the total data ingested in your workspace over the last three months. |
 |**Optimizations status**    | Shows the number of recommended optimizations that are currently active, completed, and dismissed.        |
 
-Select **See all threat scenarios** to view the full list of relevant threats, percentages of active and recommended analytics rules, and coverage levels.
+Select **See all threat scenarios** to view the full list of relevant threat and risk-based scenarios , percentages of active and recommended analytics rules, and coverage levels.
 
 ### [Defender portal](#tab/defender-portal)
 
 |Title  | Description |
 |---------|---------|
 |**Recent optimization value**    | Shows value gained based on recommendations you recently implemented |
 |**Data ingested**     | Shows the total data ingested in your workspace over the last 90 days. |
-|**Threat-based coverage optimizations**     |  Shows one of the following coverage indicators, based on the number of analytics rules found in your workspace, compared with the number of rules recommended by the Microsoft research team: <br>- **High**: Over 75% of recommended rules are activated <br>- **Medium**: 30%-74% of recommended rules are activated <br>- **Low**: 0%-29% of recommended rules are activated. <br><br>Select **View all threat scenarios** to view the full list of relevant threats, active and recommended detections, and coverage levels. Then, select a threat scenario to drill down for more details about the recommendation on a separate, threat scenario details page. |
+|**Threat-based coverage optimizations**     |  Shows one of the following coverage indicators, based on the number of analytics rules found in your workspace, compared with the number of rules recommended by the Microsoft research team: <br>- **High**: Over 75% of recommended rules are activated <br>- **Medium**: 30%-74% of recommended rules are activated <br>- **Low**: 0%-29% of recommended rules are activated. <br><br>Select **View all threat scenarios** to view the full list of relevant threat and risk-based scenarios, active and recommended detections, and coverage levels. Then, select a threat scenario to drill down for more details about the recommendation on a separate, threat scenario details page. |
 |**Optimization status**     | Shows the number of recommended optimizations that are currently active, completed, and dismissed.        |
 
 ---

articles/sentinel/soc-optimization/soc-optimization-reference.md

@@ -1,13 +1,13 @@
 ---
 title: SOC optimization reference
 description: Learn about the Microsoft Sentinel SOC optimization recommendations available to help you optimize your security operations.
-ms.author: bagol
-author: batamig
-manager: raynew
+ms.author: abbyweisberg
+author: AbbyMSFT
+manager: orspod
 ms.collection:
   - usx-security
 ms.topic: reference
-ms.date: 12/18/2024
+ms.date: 04/08/2025
 appliesto:
   - Microsoft Sentinel in the Microsoft Defender portal
   - Microsoft Sentinel in the Azure portal
@@ -23,9 +23,11 @@ Use SOC optimization recommendations to help you close coverage gaps against spe
 
 Microsoft Sentinel SOC optimizations include the following types of recommendations:
 
+- **Data value recommendations** suggest ways to improve your data use, such as a better data plan for your organization.
+
 - **Threat-based recommendations** suggest adding security controls that help you close coverage gaps.
 
-- **Data value recommendations** suggest ways to improve your data use, such as a better data plan for your organization.
+- **Risk-based recommendations** suggest adding security controls that help you protect against Operational, Financial, Reputational, Compliance and Legal business risks. 
 
 - **Similar organizations recommendations** suggest ingesting data from the types of sources used by organizations which have similar ingestion trends and industry profiles to yours.
 
@@ -68,6 +70,20 @@ The following table lists the available types of threat-based SOC optimization r
 | Templates are turned on, but data sources are missing.     | Connect new data sources.     |
 | There are no existing detections or data sources.     | Connect detections and data sources or install a solution.      |
 
+## Risk-based optimization recommendations
+
+Organizations often struggle to align security measures with business risks, leading to inefficient resource allocation and vulnerabilities. The Risk-Based Optimization feature helps manage security coverage based on business risks. It prioritizes security measures by evaluating the potential impact and likelihood of risks, ensuring resources are allocated effectively. 
+
+Risk-based optimizations consider real world security scenarios with a set of business risks associated with it, including Operational, Financial, Reputational, Compliance and Legal risks. The recommendations are based on the Microsoft Sentinel risk-based approach to security.
+
+The following table lists the available types of threat-based SOC optimization recommendations:
+
+| Type of observation | Action |
+|---------|---------|
+|      |  |
+|      |      |
+|    |      |
+
 ## Similar organizations recommendations
 
 SOC optimization uses advanced machine learning to identify tables that are missing from your workspace, but are used by organizations with similar ingestion trends and industry profiles to yours. It shows how other organizations use these tables and recommends to you the relevant data sources, along with related rules, to improve your security coverage.