Merge pull request #293467 from yelevin/patch-2

prmerger-automator[bot] · web-flow · commit 411d4b0584f4 · 2025-01-29T14:07:45.000Z
Update customize-alert-details.md
diff --git a/articles/sentinel/customize-alert-details.md b/articles/sentinel/customize-alert-details.md
@@ -81,14 +81,19 @@ Follow the procedure detailed below to use the alert details feature. These step
         | **ConfidenceLevel** (Preview)      | One of the following values: <br>- **Low**<br>- **High**<br>- **Unknown** |
         | **ConfidenceScore** (Preview)      | Integer, between **0**-**1** (inclusive) |
         | **ExtendedLinks** (Preview)        | String |
-        | **ProductComponentName** (Preview) | String |
-        | **ProductName** (Preview)<br>\* See note following this table          | String |
-        | **ProviderName** (Preview)         | String |
+        | **ProductComponentName** (Preview)<br>\* See Caution notes following this table | String |
+        | **ProductName** (Preview)<br>\* See Caution notes following this table          | String |
+        | **ProviderName** (Preview)<br>\* See Caution notes following this table         | String |
         | **RemediationSteps** (Preview)     | String |
     
-       > [!NOTE]
+       > [!CAUTION]
        > 
-       > If you onboarded Microsoft Sentinel to the Microsoft Defender portal, **do not customize** the *ProductName* field for alerts from Microsoft sources. Doing so will result in these alerts being dropped from Microsoft Defender XDR and no incident being created.
+       > If you onboarded Microsoft Sentinel to the Microsoft Defender portal:
+       > - **Do not customize** the *ProductName* field for alerts from Microsoft sources. Doing so will result in these alerts being dropped from Microsoft Defender XDR and no incident being created.
+       >
+       > - The *ProductComponentName* and *ProviderName* fields are no longer available to be customized.
+       > 
+       > If any of these customizations already exist in any of your rules, remove the customizations to maintain compatibility and avoid unexpected results.
 
     If you change your mind, or if you made a mistake, you can remove an alert detail by clicking the trash can icon next to the **Alert property/Value** pair, or delete the free text from the **Alert Name/Description Format** fields.
 
