fixing defender portal

Author: batamig

articles/sentinel/audit-sentinel-data.md

@@ -41,7 +41,7 @@ Use the **AzureActivity** table when auditing activity in your SOC environment w
 1. Query the data using Kusto Query Language (KQL), like you would any other table:
 
     - In the Azure portal, query this table in the **[Logs](hunts-custom-queries.md)** page.
-    - In Microsoft's unified security operations platform, query this table in the **Investigation & response > Hunting > [Advanced hunting](/defender-xdr/advanced-hunting-overview)** page.
+    - In the Defender portal, query this table in the **Investigation & response > Hunting > [Advanced hunting](/defender-xdr/advanced-hunting-overview)** page.
 
     The **AzureActivity** table includes data from many services, including Microsoft Sentinel. To filter in only data from Microsoft Sentinel, start your query with the following code:
 

articles/sentinel/create-manage-use-automation-rules.md

@@ -94,9 +94,9 @@ Use the options in the **Conditions** area to define conditions for your automat
 
     Analytic rule name values include only analytics rules, and don't include other types of rules, such as threat intelligence or anomaly rules.
 
-- Rules you create for when an incident is created or updated support a large variety of conditions, depending on your environment. These options start with whether your workspace is onboarded to the unified security operations (SecOps) platform:
+- Rules you create for when an incident is created or updated support a large variety of conditions, depending on your environment. These options start with you've onboarded Microsoft Sentinel to the Defender portal:
 
-    #### [Onboarded workspaces](#tab/onboarded)
+    #### [Onboarded to the Defender portal](#tab/onboarded)
 
     If your workspace is onboarded to the Defender portal, start by selecting one of the following operators, in either the Azure or the Defender portal:
 
@@ -110,7 +110,7 @@ Use the options in the **Conditions** area to define conditions for your automat
 
     :::image type="content" source="media/create-manage-use-automation-rules/conditions-onboarded.png" alt-text="Screenshot of automation rule conditions when your workspace is onboarded to the Defender portal.":::
 
-    #### [Workspaces not onboarded](#tab/not-onboarded)
+    #### [Not onboarded to the Defender portal](#tab/not-onboarded)
 
     If your workspace isn't onboarded to the Defender portal, start by defining the following condition properties:
 
@@ -145,7 +145,7 @@ Use the options in the **Conditions** area to define conditions for your automat
 1. Select an operator from the next drop-down box to the right.
     :::image type="content" source="media/create-manage-use-automation-rules/select-operator.png" alt-text="Screenshot of selecting a condition operator for automation rules.":::
 
-    The list of operators you can choose from varies according to the selected trigger and property. When working with the unified SecOps platform recommend that you use the **Analytic rule name** condition instead of an incident title.
+    The list of operators you can choose from varies according to the selected trigger and property. When working in the Defender portal, we recommend that you use the **Analytic rule name** condition instead of an incident title.
 
     #### Conditions available with the create trigger
 

articles/sentinel/fusion.md

@@ -42,7 +42,7 @@ Fusion is enabled by default in Microsoft Sentinel, as an [analytics rule](detec
 
 You might want to opt out of Fusion if you've enabled [Customer-Managed Keys (CMK)](customer-managed-keys.md) in your workspace. Microsoft Sentinel currently uses 30 days of historical data to train the Fusion engine's machine learning algorithms, and this data is always encrypted using Microsoft’s keys as it passes through the machine learning pipeline. However, the training data is not encrypted using CMK. To opt out of Fusion, disable the **Advanced Multistage Attack Detection** analytics rule in Microsoft Sentinel. For more information, see [Configure Fusion rules](configure-fusion-rules.md#configure-fusion-rules).
 
-Fusion is disabled in Microsoft Sentinel workspaces that are onboarded to Microsoft's [unified security operations (SecOps) platform in the Microsoft Defender portal](https://aka.ms/unified-soc-announcement). Instead, when working with Microsoft's unified SecOps platform, functionality provided by Fusion is replaced by the Microsoft Defender XDR correlation engine.
+Fusion is disabled when Microsoft Sentinel is [onboarded to the Defender portal](https://aka.ms/unified-soc-announcement). Instead, when working in the Defender portal, functionality provided by Fusion is replaced by the Microsoft Defender XDR correlation engine.
 
 ## Fusion for emerging threats (Preview)
 

articles/sentinel/geographical-availability-data-residency.md

@@ -33,11 +33,11 @@ Data used by the service, including customer data, might be stored and processed
 |Data type  |Location  |
 |---------|---------|
 |**Raw data**     |  Stored in the same region as the Azure Log Analytics workspace associated with Microsoft Sentinel. For more information, see [Supported regions](#supported-regions).  <br><br>Raw data is processed in one of the following locations: <br>- For Log Analytics workspaces located in Europe, customer data is processed in Europe. <br>- For Log Analytics workspaces located in Israel, customer data is processed in Israel. <br>- For Log Analytics workspaces located in any of the China 21Vianet regions, customer data is processed in China 21Vianet. <br>- For workspaces located in any other location, customer data is processed in a US region.     |
-|**Processed data and configuration data**     |   - For workspaces onboarded to Microsoft's unified security operation's platform, processed data and configuration data might be stored and processed in Microsoft Defender XDR regions. For more information, see [Data security and retention in Microsoft Defender XDR](/defender-xdr/data-privacy).   <br><br>- For workspaces not onboarded to Microsoft's unified security operations platform, processed data and configuration data is stored and processed using the same methodology as raw data.    |
+|**Processed data and configuration data**     |   - When Microsoft Sentinel is onboarded to the Defender portal, processed data and configuration data might be stored and processed in Microsoft Defender XDR regions. For more information, see [Data security and retention in Microsoft Defender XDR](/defender-xdr/data-privacy).   <br><br>- When Microsoft Sentinel isn't onboarded to the Defender portal, processed data and configuration data is stored and processed using the same methodology as raw data.    |
 
 ### Supported regions
 
-Regions supported for Microsoft Sentinel raw data, and for processed and configuration data in workspaces not onboarded to Microsoft's unified security operations platform, include:
+Regions supported for Microsoft Sentinel raw data, and for processed and configuration data in workspaces not onboarded to the Defender portal, include:
 
 |Continent | Country/Region | Azure Region |
 |---------|---------|---------|

articles/sentinel/microsoft-365-defender-sentinel-integration.md

@@ -166,5 +166,5 @@ The Defender XDR connector also lets you stream **advanced hunting** events&mdas
 In this document, you learned the benefits of enabling the Defender XDR connector in Microsoft Sentinel.
 
 - [Connect data from Microsoft Defender XDR to Microsoft Sentinel](connect-microsoft-365-defender.md)
-- To use Microsoft's unified SecOps platform in the Defender portal, see [Connect Microsoft Sentinel to the Microsoft Defender portal](/defender-xdr/microsoft-sentinel-onboard).
+- To use Microsoft Sentinel in the Defender portal, see [Connect Microsoft Sentinel to the Microsoft Defender portal](/defender-xdr/microsoft-sentinel-onboard).
 - Check [availability of different Microsoft Defender XDR data types](microsoft-365-defender-cloud-support.md) in the different Microsoft 365 and Azure clouds.

articles/sentinel/mitre-coverage.md

@@ -102,7 +102,7 @@ Having a scheduled rule with MITRE techniques applied running regularly in your
 
     When incidents are created for alerts that are surfaced by rules with MITRE techniques configured, the techniques are also added to the incidents.
 
-    For more information, see [Investigate incidents with Microsoft Sentinel](investigate-cases.md). If your workspace is onboarded to Microsoft's unified security operations (SecOps) platform, then [investigate incidents in the Microsoft Defender portal](/defender-xdr/investigate-incidents) instead.
+    For more information, see [Investigate incidents with Microsoft Sentinel](investigate-cases.md). If Microsoft Sentinel is onboarded to the Defender portal, then [investigate incidents in the Microsoft Defender portal](/defender-xdr/investigate-incidents) instead.
 
 - **Threat hunting**:
 

articles/sentinel/sap/deploy-data-connector-agent-container.md

@@ -202,7 +202,7 @@ Now that you created a VM and a Key Vault, your next step is to create a new age
 
 This procedure describes how to create a new agent and connect it to your SAP system using the Azure or Defender portals. We recommend that your **security** team perform this procedure with help from the **SAP BASIS** team.
 
-Deploying the data connector agent from the portal is supported from both the Azure portal, and the Defender portal if you onboarded your workspace to the unified security operations platform.
+Deploying the data connector agent from the portal is supported from both the Azure portal, and the Defender portal when Microsoft Sentinel is onboarded to the Defender portal.
 
 While deployment is also supported from the command line, we recommend that you use the portal for typical deployments. Data connector agents deployed using the command line can be managed only via the command line, and not via the portal. For more information, see [Deploy an SAP data connector agent from the command line](deploy-command-line.md).
 

articles/sentinel/sap/deployment-attack-disrupt.md

@@ -17,7 +17,7 @@ ms.collection: usx-security
 
 Microsoft Defender XDR correlates millions of individual signals to identify active ransomware campaigns or other sophisticated attacks in the environment with high confidence. While an attack is in progress, Defender XDR disrupts the attack by automatically containing compromised assets that the attacker is using through automatic attack disruption. Automatic attack disruption limits lateral movement early on and reduces the overall impact of an attack, from associated costs to loss of productivity. At the same time, it leaves security operations teams in complete control of investigating, remediating, and bringing assets back online.
 
-When you add a new SAP system to Microsoft Sentinel, your default configuration includes attack disruption functionality in the unified security operations platform. This article describes how to ensure that your SAP system is ready to support automatic attack disruption for SAP in the Microsoft Defender portal.
+When you add a new SAP system to Microsoft Sentinel, your default configuration includes attack disruption functionality in the Defender portal. This article describes how to ensure that your SAP system is ready to support automatic attack disruption for SAP in the Microsoft Defender portal.
 
 For a video demonstration of attack disruption for SAP, watch the following video:
 <br><br>
@@ -30,7 +30,7 @@ Content in this article is intended for your **security**, **infrastructure**, a
 
 ## Attack disruption for SAP and the unified security operations platform
 
-Attack disruption for SAP is configured by updating your data connector agent version and ensuring that the relevant roles are applied in Azure and your SAP system. However, automatic attack disruption itself surfaces only in the unified security operations platform in the Microsoft Defender portal.
+Attack disruption for SAP is configured by updating your data connector agent version and ensuring that the relevant roles are applied in Azure and your SAP system. However, automatic attack disruption itself surfaces only in the Microsoft Defender portal.
 
 For more information, see [Automatic attack disruption in Microsoft Defender XDR](/microsoft-365/security/defender/automatic-attack-disruption).
 

articles/sentinel/sap/update-sap-data-connector.md

@@ -88,9 +88,9 @@ Be sure to check for any other available updates, such as SAP change requests.
 
 ## Update your system for attack disruption
 
-Automatic attack disruption for SAP is supported with the unified security operations platform in the Microsoft Defender portal, and requires:
+Automatic attack disruption for SAP is supported in the Microsoft Defender portal, and requires:
 
-- A workspace [onboarded to the unified security operations platform](../microsoft-sentinel-defender-portal.md).
+- A workspace [onboarded to the Defender portal](../microsoft-sentinel-defender-portal.md).
 
 - A Microsoft Sentinel SAP data connector agent, version 90847355 or higher. [Check your current agent version](#verify-your-current-data-connector-agent-version) and update it if you need to.
 

articles/sentinel/sentinel-security-copilot.md

@@ -41,7 +41,7 @@ This integration primarily supports the standalone experience accessed through [
 
 Microsoft Sentinel data integrates with Security Copilot in two ways.
 
-- In Microsoft's unified security operations platform, Copilot in Microsoft Defender XDR benefits from unified incidents integrated with Microsoft Sentinel.
+- In the Defender portal, Copilot in Microsoft Defender XDR benefits from unified incidents integrated with Microsoft Sentinel.
 - In the standalone experience, Microsoft Sentinel provides two plugins to integrate with Security Copilot:
    <br>**Microsoft Sentinel (Preview)**
    <br>**Natural language to KQL for Microsoft Sentinel (Preview)**.