sanity

Author: batamig

articles/sentinel/microsoft-sentinel-defender-portal.md

@@ -33,11 +33,9 @@ The following table describes the new or improved capabilities available in the
 | **Streamlined operations** | Manage all security incidents, alerts, and investigations from a single, unified interface.<br><br>- **Unified entity pages** for devices, users, IP addresses, and Azure resources in the Defender portal display information from Microsoft Sentinel and Defender data sources. These entity pages give you an expanded context for your investigations of incidents and alerts in the Defender portal.<br><br>- **Unified incidents** let you manage and investigate security incidents in a single location and from a single queue in the Defender portal. Use Security Copilot to summarize, respond, and report. Unified incidents include data from the breadth of sources, AI analytics tools of security information and event management (SIEM), and context and mitigation tools offered by extended detection and response (XDR).<br><br>- Use **Advanced hunting** to query from a single portal across different data sets to make hunting more efficient and remove the need for context-switching. Use Security Copilot to help generate your KQL, view and query all data including data from Microsoft security services and Microsoft Sentinel, and then use all your existing Microsoft Sentinel workspace content, including queries and functions, to investigate. | - [Investigate entities with entity pages in Microsoft Sentinel](/azure/sentinel/entity-pages)<br><br>-  [Incident response in the Microsoft Defender portal](/microsoft-365/security/defender/incidents-overview)<br><br>- [Investigate Microsoft Sentinel incidents in Security Copilot](sentinel-security-copilot.md)<br><br>- [Advanced hunting in the Microsoft Defender portal](https://go.microsoft.com/fwlink/p/?linkid=2264410)<br>[Security Copilot in advanced hunting](/defender-xdr/advanced-hunting-security-copilot) |
 | **Enhanced threat detection** | Use advanced AI and machine learning for faster and more accurate threat detection and response. Benefit from an improved signal-to-noise ratio and enhanced alert correlation, ensuring critical threats are addressed promptly. | [Threat detection for unified security operations](/unified-secops-platform/detect-threats-overview) |
 | **New features** | Access robust tools like [Case management](/unified-secops-platform/cases-overview) for organizing and managing security incidents, [automatic attack disruption](/defender-xdr/automatic-attack-disruption?toc=%2Funified-secops-platform%2Ftoc.json&bc=%2Funified-secops-platform%2Fbreadcrumb%2Ftoc.json) for remediating compromised entities on high-fidelity true positives, and an embedded Security Copilot experience for [automated incident summary](/defender-xdr/security-copilot-m365d-incident-summary) and [guided response actions](/microsoft-365/security/defender/security-copilot-m365d-guided-response), and more.<br><br>For example, when investigating incidents in the Defender portal, use Security Copilot to [analyze scripts](/defender-xdr/security-copilot-m365d-script-analysis), [analyze files](/defender-xdr/copilot-in-defender-file-analysis), and [create incident reports](/defender-xdr/security-copilot-m365d-create-incident-report). When hunting for threats in advanced hunting, [create ready-to-run KQL queries](/defender-xdr/advanced-hunting-security-copilot) by using the query assistant. | - [Case management](/unified-secops-platform/cases-overview)<br><br>- [Automatic attack disruption](/defender-xdr/automatic-attack-disruption?toc=%2Funified-secops-platform%2Ftoc.json&bc=%2Funified-secops-platform%2Fbreadcrumb%2Ftoc.json)<br><br>- [Automated incident summary](/defender-xdr/security-copilot-m365d-incident-summary)<br><br>- [Guided response actions](/microsoft-365/security/defender/security-copilot-m365d-guided-response)<br><br>- [Analyze scripts](/defender-xdr/security-copilot-m365d-script-analysis)<br><br>- [Analyze files](/defender-xdr/copilot-in-defender-file-analysis)<br><br>- [Create incident reports](/defender-xdr/security-copilot-m365d-create-incident-report)<br><br>- [Create ready-to-run KQL queries](/defender-xdr/advanced-hunting-security-copilot) |
-| **Enhanced visibility and reduced risk exposure** | Analyze attack paths to see how a cyber attacker could exploit vulnerabilities. Use guided SOC optimization recommendations to reduce costs and exposure, and prioritize actions based on potential impact. | - [Optimize your security operations](soc-optimization/soc-optimization-access.md)<br><br>- [Use SOC optimizations programmatically](soc-optimization/soc-optimization-api.md)<<br><br>- [SOC optimization reference of recommendations](soc-optimization/soc-optimization-reference.md) |
+| **Enhanced visibility and reduced risk exposure** | Analyze attack paths to see how a cyber attacker could exploit vulnerabilities. Use guided SOC optimization recommendations to reduce costs and exposure, and prioritize actions based on potential impact. | - [Optimize your security operations](soc-optimization/soc-optimization-access.md)<br><br>- [Use SOC optimizations programmatically](soc-optimization/soc-optimization-api.md)<br><br>- [SOC optimization reference of recommendations](soc-optimization/soc-optimization-reference.md) |
 | **Tailored post-incident recommendations** | Prevent similar or repeat cyberattacks with tailored recommendations tied to Microsoft Security Exposure Management initiatives. | [Microsoft Security Exposure Management for enhanced security posture](/unified-secops-platform/overview-msem-strategy) |
-| **Cost and data optimization** | Customers can access both Microsoft Sentinel and Defender XDR data in a unified and consistent schema in the Defender portal. Advanced hunting raw logs are available for 30 days for hunting free of charge without needing to ingest them into Microsoft Sentinel. | [Plan costs and understand Microsoft Sentinel pricing and billing](billing.md) |
-
-<!--where else in the billing doc do we say this about the 30 days?-->
+| **Cost and data optimization** | Customers can access both Microsoft Sentinel and Defender XDR data in a unified and consistent schema in the Defender portal. <br><br>Advanced hunting raw logs are available for 30 days for hunting free of charge without needing to ingest them into Microsoft Sentinel. | [What to expect to for Defender XDR tables streamed to Microsoft Sentinel](/defender-xdr/advanced-hunting-microsoft-defender#what-to-expect-for-defender-xdr-tables-streamed-to-microsoft-sentinel) |
 
 ## Limited or unavailable capabilities with Microsoft Sentinel only in the Defender portal