Merge pull request #287557 from yelevin/yelevin/remove-enrichment-widgets-doc

Enrichment widgets retiring

Author: Stacyrch140

articles/sentinel/TOC.yml

@@ -904,8 +904,6 @@
     items:
     - name: Overview
       href: entity-pages.md
-    - name: Enable enrichment widgets 
-      href: enable-enrichment-widgets.md
     - name: Create custom entity activities
       href: customize-entity-activities.md
   - name: Investigate large datasets

articles/sentinel/enable-enrichment-widgets.md

@@ -29,8 +29,6 @@ More specifically, entity pages consist of three parts:
 
 - The right-side panel presents [behavioral insights](#entity-insights) on the entity. These insights are continuously developed by Microsoft security research teams. They are based on various data sources and provide context for the entity and its observed activities, helping you to quickly identify [anomalous behavior](soc-ml-anomalies.md) and security threats.
 
-    As of November 2023, the next generation of insights is starting to be made available in **PREVIEW**, in the form of enrichment widgets. These new insights can integrate data from external sources and get updates in real time, and they can be seen alongside the existing insights. To take advantage of these new widgets, you must [enable the widget experience](enable-enrichment-widgets.md).
-
 If you're investigating an incident using the **[new investigation experience](investigate-incidents.md)**, you'll be able to see a panelized version of the entity page right inside the incident details page. You have a [list of all the entities in a given incident](investigate-incidents.md#explore-the-incidents-entities), and selecting an entity opens a side panel with three "cards"—**Info**, **Timeline**, and **Insights**— showing all the same information described above, within the specific time frame corresponding with that of the alerts in the incident.
 
 If you're using the **[unified security operations platform](https://go.microsoft.com/fwlink/p/?linkid=2263690)** in the Microsoft Defender portal, the **timeline** and **insights** panels appear in the **Sentinel events** tab of the Defender entity page.

articles/sentinel/entity-pages.md

@@ -70,8 +70,6 @@ The **Entities tab** contains a list of all the entities in the incident. When a
 - **Timeline** contains a list of the alerts that feature this entity and activities the entity has done, as collected from logs in which the entity appears.
 - **Insights** contains answers to questions about the entity relating to its behavior in comparison to its peers and its own history, its presence on watchlists or in threat intelligence, or any other sort of unusual occurrence relating to it. These answers are the results of queries defined by Microsoft security researchers that provide valuable and contextual security information on entities, based on data from a collection of sources.
 
-    As of November 2023, the **Insights** panel includes the next generation of insights, available in **PREVIEW**, in the form of enrichment widgets, alongside the existing insights. To take advantage of these new widgets, you must [enable the widget experience](enable-enrichment-widgets.md).
-
 Depending on the entity type, you can take a number of further actions from this side panel:
 - Pivot to the entity's full [entity page](entity-pages.md) to get even more details over a longer timespan or launch the graphical investigation tool centered on that entity.
 - Run a [playbook](respond-threats-during-investigation.md) to take specific response or remediation actions on the entity (in Preview).

articles/sentinel/incident-investigation.md

@@ -20,12 +20,24 @@ The listed features were released in the last three months. For information abou
 
 ## September 2024
 
-
+- [Third-party enrichment widgets to be retired in February 2025](#third-party-enrichment-widgets-to-be-retired-in-february-2025)
 - [Azure reservations now have pre-purchase plans available for Microsoft Sentinel](#pre-purchase-plans-now-available-for-microsoft-sentinel)
 - [Import/export of automation rules now generally available (GA)](#importexport-of-automation-rules-now-generally-available-ga)
 - [Google Cloud Platform data connectors are now generally available (GA)](#google-cloud-platform-data-connectors-are-now-generally-available-ga)
 - [Microsoft Sentinel now generally available (GA) in Azure Israel Central](#microsoft-sentinel-now-generally-available-ga-in-azure-israel-central)
 
+### Third-party enrichment widgets to be retired in February 2025
+
+Effective immediately, you can no longer enable the feature to create enrichment widgets that retrieve data from external, third-party data sources. These widgets are displayed on Microsoft Sentinel entity pages and in other locations where entity information is presented. This change is happening because you can no longer create the Azure key vault required to access these external data sources.
+
+If you already use any third-party enrichment widgets, that is, if this key vault already exists, you can still configure and use widgets that you weren't using before, though we don't recommend doing so.
+
+As of **February 2025**, any existing enrichment widgets that retrieve data from third-party sources will *stop being displayed*, on entity pages or anywhere else.
+
+If your organization uses third-party enrichment widgets, we recommend disabling them in advance, by deleting the key vault you created for this purpose from its resource group. The key vault's name begins with "widgets".
+
+Enrichment widgets based on first-party data sources are not affected by this change, and will continue to function as before. "First-party data sources" include any data that's already ingested into Microsoft Sentinel from external sources—in other words, anything in tables in your Log Analytics workspace—and Microsoft Defender Threat Intelligence.
+
 ### Pre-purchase plans now available for Microsoft Sentinel
 
 Pre-purchase plans are a type of Azure reservation. When you buy a pre-purchase plan, you get commit units (CUs) at discounted tiers for a specific product. Microsoft Sentinel commit units (SCUs) apply towards eligible costs in your workspace. When you have predictable costs, choosing the right pre-purchase plan saves you money! 

articles/sentinel/whats-new.md

@@ -30,6 +30,11 @@
             "redirect_url": "/azure/sentinel/create-analytics-rules",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/sentinel/enable-enrichment-widgets.md",
+            "redirect_url": "/azure/sentinel/whats-new#third-party-enrichment-widgets-to-be-retired-in-february-2025",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/sentinel/automate-responses-with-playbooks.md#azure-logic-apps-basic-concepts",
             "redirect_url": "/azure/sentinel/playbooks/logic-apps-playbooks",