unified security operations replacements

Author: batamig

articles/sentinel/connect-microsoft-365-defender.md

@@ -4,7 +4,7 @@ description: Learn how to ingest incidents, alerts, and raw event data from Micr
 author: yelevin
 ms.author: yelevin
 ms.topic: how-to
-ms.date: 11/26/2024
+ms.date: 05/22/2025
 appliesto:
     - Microsoft Sentinel with Defender XDR in the Microsoft Defender portal
     - Microsoft Sentinel in the Azure portal
@@ -19,7 +19,7 @@ ms.collection: usx-security
 
 The Microsoft Defender XDR connector for Microsoft Sentinel allows you to stream all Microsoft Defender XDR incidents, alerts, and advanced hunting events into Microsoft Sentinel. This connector keeps the incidents synchronized between both portals. Microsoft Defender XDR incidents include alerts, entities, and other relevant information from all the Microsoft Defender products and services. For more information, see [Microsoft Defender XDR integration with Microsoft Sentinel](microsoft-365-defender-sentinel-integration.md).
 
-The Defender XDR connector, especially its incident integration feature, is the foundation of Microsoft's unified security operations platform. If you're onboarding Microsoft Sentinel to the Microsoft Defender portal, you must first enable this connector with incident integration.
+The Defender XDR connector, especially its incident integration feature, is the foundation of unified security operations in the Microsoft Defender portal. The Defender XDR data connector is automatically connected when you onboard Microsoft Sentinel to the Defender portal.
 
 [!INCLUDE [unified-soc-preview](includes/unified-soc-preview.md)]
 
@@ -198,4 +198,4 @@ See more information on the following items used in the preceding examples, in t
 
 In this document, you learned how to integrate Microsoft Defender XDR incidents, alerts, and advanced hunting event data from Microsoft Defender services, into Microsoft Sentinel, by using the Microsoft Defender XDR connector.
 
-To use Microsoft Sentinel integrated with Defender XDR in Microsoft's unified security operations platform, see [Connect Microsoft Sentinel to the Microsoft Defender portal](/defender-xdr/microsoft-sentinel-onboard).
+To use Microsoft Sentinel together with Defender XDR in the Defender portal, see [Connect Microsoft Sentinel to the Microsoft Defender portal](/unified-secops-platform/microsoft-sentinel-onboard?toc=%2Fazure%2Fsentinel%2FTOC.json&bc=%2Fazure%2Fsentinel%2Fbreadcrumb%2Ftoc.json)

articles/sentinel/data-type-cloud-support.md

@@ -56,4 +56,4 @@ In this article, you learned about the types of clouds that affect the supported
 
 - To get started with Microsoft Sentinel, you need a subscription to Microsoft Azure. If you don't have a subscription, you can sign up for a [free trial](https://azure.microsoft.com/free/).
 - Learn how to [onboard your data to Microsoft Sentinel](quickstart-onboard.md) and [get visibility into your data and potential threats](get-visibility.md).
-- Microsoft Sentinel is available as part of the unified security operations platform in the Microsoft Defender portal. For more information, see [Microsoft Sentinel in the Microsoft Defender portal](microsoft-sentinel-defender-portal.md) and [Connect Microsoft Sentinel to Microsoft Defender XDR](/microsoft-365/security/defender/microsoft-sentinel-onboard).
+- Microsoft Sentinel is also available for unified security operations in the Microsoft Defender portal. For more information, see [Microsoft Sentinel in the Microsoft Defender portal](microsoft-sentinel-defender-portal.md) and [Connect Microsoft Sentinel to Microsoft Defender XDR](/microsoft-365/security/defender/microsoft-sentinel-onboard).

articles/sentinel/includes/unified-soc-preview.md

@@ -10,4 +10,4 @@ ms.custom: "include file"
 ---
 
 > [!IMPORTANT]
-> Microsoft Sentinel is generally available within Microsoft's unified security operations platform in the Microsoft Defender portal, including for customers without Microsoft Defender XDR or an E5 license. For more information, see [Microsoft Sentinel in the Microsoft Defender portal](../microsoft-sentinel-defender-portal.md).
+> Microsoft Sentinel is generally available in the Microsoft Defender portal, including for customers without Microsoft Defender XDR or an E5 license. For more information, see [Microsoft Sentinel in the Microsoft Defender portal](../microsoft-sentinel-defender-portal.md).

articles/sentinel/index.yml

@@ -54,11 +54,11 @@ landingContent:
             url: sentinel-solutions-deploy.md  
 
   # Card
-  - title: Microsoft's unified security operations platform
+  - title: Unified security operations
     linkLists:
       - linkListType: overview
         links:
-          - text: "What is Microsoft's unified SecOps platform?"
+          - text: "What are unified security operations?"
             url: /unified-secops-platform/overview-unified-security
           - text: "Microsoft Defender portal overview"
             url: /unified-secops-platform/overview-defender-portal

articles/sentinel/microsoft-365-defender-sentinel-integration.md

@@ -19,9 +19,9 @@ ms.collection: usx-security
 
 Integrate Microsoft Defender XDR with Microsoft Sentinel to stream all Defender XDR incidents and advanced hunting events into Microsoft Sentinel and keep the incidents and events synchronized between the Azure and Microsoft Defender portals. Incidents from Defender XDR include all associated alerts, entities, and relevant information, providing you with enough context to perform triage and preliminary investigation in Microsoft Sentinel. Once in Microsoft Sentinel, incidents remain bi-directionally synced with Defender XDR, allowing you to take advantage of the benefits of both portals in your incident investigation.
 
-Alternatively, onboard Microsoft Sentinel with Defender XDR to Microsoft's unified security operations (SecOps) platform in the Defender portal. Microsoft's unified SecOps platform brings together the full capabilities of Microsoft Sentinel, Defender XDR, and generative AI built specifically for cybersecurity. For more information, see the following resources:
+Alternatively, onboard Microsoft Sentinel to the Defender portal to use it together with Defender XDR for unified security operations. For more information, see the following resources:
 
-- [What is Microsoft's unified security operations platform?](/unified-secops-platform/overview-unified-security)
+- [What are unified security operations?](/unified-secops-platform/overview-unified-security)
 - [Microsoft Sentinel in the Microsoft Defender portal](microsoft-sentinel-defender-portal.md)
 
 ## Microsoft Sentinel and Defender XDR

articles/sentinel/microsoft-sentinel-defender-portal.md

@@ -47,7 +47,7 @@ When you onboard Microsoft Sentinel to the Defender portal without Defender XDR
 
 ## Quick reference
 
-Some Microsoft Sentinel capabilities, like the unified incident queue, are integrated with Microsoft Defender XDR in Microsoft's unified security operations platform. Many other Microsoft Sentinel capabilities are available in the  Microsoft Sentinel  section of the Defender portal.
+Some Microsoft Sentinel capabilities, like the unified incident queue, are integrated with Microsoft Defender XDR in the Defender portal. Many other Microsoft Sentinel capabilities are available in the **Microsoft Sentinel** section of the Defender portal.
 
 The following image shows the  Microsoft Sentinel  menu in the Defender portal:
 
@@ -108,6 +108,6 @@ The following table lists the changes in navigation between the Azure and Defend
 
 ## Related content
 
-- [What is Microsoft's unified security operations platform?](/unified-secops-platform/overview-unified-security)
+- [What are unified security operations?](/unified-secops-platform/overview-unified-security)
 - [Microsoft Defender XDR integration with Microsoft Sentinel](microsoft-365-defender-sentinel-integration.md)
 - [Connect Microsoft Sentinel to Microsoft Defender XDR](/microsoft-365/security/defender/microsoft-sentinel-onboard)

articles/sentinel/sap/deployment-attack-disrupt.md

@@ -1,6 +1,6 @@
 ---
 title: Automatic attack disruption for SAP | Microsoft Sentinel
-description: Learn about deploying automatic attack disruption for SAP with the unified security operations platform.
+description: Learn about deploying automatic attack disruption for SAP with Microsoft Sentinel in the Defender portal.
 author: batamig
 ms.author: bagol
 ms.topic: concept-article
@@ -17,7 +17,7 @@ ms.collection: usx-security
 
 Microsoft Defender XDR correlates millions of individual signals to identify active ransomware campaigns or other sophisticated attacks in the environment with high confidence. While an attack is in progress, Defender XDR disrupts the attack by automatically containing compromised assets that the attacker is using through automatic attack disruption. Automatic attack disruption limits lateral movement early on and reduces the overall impact of an attack, from associated costs to loss of productivity. At the same time, it leaves security operations teams in complete control of investigating, remediating, and bringing assets back online.
 
-When you add a new SAP system to Microsoft Sentinel, your default configuration includes attack disruption functionality in Microsoft's unified security operations platform. This article describes how to ensure that your SAP system is ready to support automatic attack disruption for SAP in the Microsoft Defender portal.
+When you add a new SAP system to Microsoft Sentinel, your default configuration includes attack disruption functionality for use in the Microsoft Defender portal with Defender XDR. This article describes how to ensure that your SAP system is ready to support automatic attack disruption for SAP in the Microsoft Defender portal.
 
 For a video demonstration of attack disruption for SAP, watch the following video:
 <br><br>
@@ -28,7 +28,7 @@ Content in this article is intended for your **security**, **infrastructure**, a
 > [!NOTE]
 > Attack disruption requires a data connector agent and isn't supported for the [SAP agentless data connector](deployment-overview.md#data-connector) (Limited preview).
 
-## Attack disruption for SAP in Microsoft's unified security operations platform
+## Attack disruption for SAP in the Defender portal
 
 Attack disruption for SAP is configured by updating your data connector agent version and ensuring that the relevant roles are applied in Azure and your SAP system. However, automatic attack disruption itself surfaces only in the Microsoft Defender portal.
 

articles/sentinel/sap/update-sap-data-connector.md

@@ -88,7 +88,7 @@ Be sure to check for any other available updates, such as SAP change requests.
 
 ## Update your system for attack disruption
 
-Automatic attack disruption for SAP is supported in Microsoft's unified security operations platform, and requires:
+Automatic attack disruption for SAP is supported in the Microsoft Defender portal with Defender XDR, and requires:
 
 - A workspace [onboarded to the Defender portal](../microsoft-sentinel-defender-portal.md).
 

articles/sentinel/sentinel-security-copilot.md

@@ -39,17 +39,13 @@ This integration primarily supports the standalone experience accessed through [
 
 ## Key features
 
-Microsoft Sentinel data integrates with Security Copilot in two ways.
+Microsoft Sentinel data integrates with Security Copilot in the Defender portal as follows:
 
-- In Microsoft's unified security operations platform, Copilot in Microsoft Defender XDR benefits from unified incidents integrated with Microsoft Sentinel.
-- In the standalone experience, Microsoft Sentinel provides two plugins to integrate with Security Copilot:
+- When you also have Microsoft Defender XDR, Copilot in Microsoft Defender XDR benefits from unified incidents integrated with Microsoft Sentinel.
+- In the standalone experience, Microsoft Sentinel provides the following plugins to integrate with Security Copilot:
    <br>**Microsoft Sentinel (Preview)**
    <br>**Natural language to KQL for Microsoft Sentinel (Preview)**.
 
-> [!IMPORTANT]
-> The "Microsoft Sentinel" and "Natural Language to KQL for Microsoft Sentinel" plugins are currently in PREVIEW. The [Azure Preview Supplemental Terms](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
->
-
 ## Enable Security Copilot integration with Microsoft Sentinel
 
 To maximize your Security Copilot integration with Microsoft Sentinel do the following:

articles/sentinel/soc-optimization/soc-optimization-access.md

@@ -39,7 +39,7 @@ Watch the following video for an overview and demo of SOC optimization in the Mi
 
 ## Access the SOC optimization page
 
-Use one of the following tabs, depending on whether you're working in the Azure portal or Defender portal. When your workspace is onboarded for unified security operations, SOC optimizations include coverage from across Microsoft security services.
+Use one of the following tabs, depending on whether you're working in the Azure portal or Defender portal. When your workspace is onboarded to the Defender portal, SOC optimizations include coverage from across Microsoft security services.
 
 ### [Defender portal](#tab/defender-portal)