Final to publish

yelevin · yelevin · commit 98047b076651 · 2023-01-31T13:59:54.000+02:00
diff --git a/articles/sentinel/detect-threats-custom.md b/articles/sentinel/detect-threats-custom.md
@@ -121,7 +121,7 @@ In the **Set rule logic** tab, you can either write a query directly in the **Ru
 
         :::image type="content" source="media/tutorial-detect-threats-custom/advanced-scheduling.png" alt-text="Screenshot of advanced scheduling toggle and settings.":::
     
-        Future runnings of the rule will occur at the specified interval after the first running (see **Advanced scheduling** note below).
+        Future runnings of the rule will occur at the specified interval after the first running.
 
     The line of text under the **Start running** setting (with the information icon at its left) summarizes the current query scheduling and lookback settings.
 
@@ -131,10 +131,6 @@ In the **Set rule logic** tab, you can either write a query directly in the **Ru
     >
     >  These two settings are independent of each other, up to a point. You can run a query at a short interval covering a time period longer than the interval (in effect having overlapping queries), but you cannot run a query at an interval that exceeds the coverage period, otherwise you will have gaps in the overall query coverage.
     >
-    > **Advanced scheduling**
-    >
-    > If you choose to start the running of a rule at a specific time (instead of automatically upon creation), be aware that the **actual** first run time of the rule may vary from the time you specified by up to half an hour in either direction. In any case, the interval for future runnings will be measured from the actual starting time of the previous run, not from the specified time.
-    >
     > **Ingestion delay**
     >
     > To account for **latency** that may occur between an event's generation at the source and its ingestion into Microsoft Sentinel, and to ensure complete coverage without data duplication, Microsoft Sentinel runs scheduled analytics rules on a **five-minute delay** from their scheduled time.
diff --git a/articles/sentinel/whats-new.md b/articles/sentinel/whats-new.md
@@ -29,14 +29,10 @@ To give you more flexibility in scheduling your analytics rule execution times a
 
 ## January 2023
 
-- [Monitor SAP system health (Preview)](#monitor-sap-system-health-and-role-preview)
 - [New incident investigation experience (Preview)](#new-incident-investigation-experience-preview)
+- [Monitor SAP system health (Preview)](#monitor-sap-system-health-and-role-preview)
 - [Microsoft Purview Information Protection connector (Preview)](#microsoft-purview-information-protection-connector-preview)
 
-### Monitor SAP system health and role (Preview)
-
-To ensure proper functioning and performance of your SAP systems, you can now use the SAP data connector page to [monitor information about the health of your SAP systems](monitor-sap-system-health.md) and the status of the SAP roles for the system. You can also use an alert rule template to get information about the health of the SAP agent's data collection.
-
 ### New incident investigation experience (Preview)
 
 SOC analysts need to understand the full scope of an attack as fast as possible to respond effectively. 
@@ -49,6 +45,10 @@ Learn more about the new investigation experience:
 - [Understand Microsoft Sentinel's incident investigation and case management capabilities](incident-investigation.md)
 - [Navigate and investigate incidents in Microsoft Sentinel](investigate-incidents.md)
 
+### Monitor SAP system health and role (Preview)
+
+To ensure proper functioning and performance of your SAP systems, you can now use the SAP data connector page to [monitor information about the health of your SAP systems](monitor-sap-system-health.md) and the status of the SAP roles for the system. You can also use an alert rule template to get information about the health of the SAP agent's data collection.
+
 ### Microsoft Purview Information Protection connector (Preview)
 
 With the new [Microsoft Purview Information Protection connector](connect-microsoft-purview.md), you can stream data from Microsoft Purview Information Protection (formerly Microsoft Information Protection or MIP) to Microsoft Sentinel. You can use the data ingested from the Microsoft Purview labeling clients and scanners to track, analyze, report on the data, and use it for compliance purposes.

Original file line number	Diff line number	Diff line change
`@@ -121,7 +121,7 @@ In the Set rule logic tab, you can either write a query directly in the **Ru`
`121`	`121`
`122`	`122`	`:::image type="content" source="media/tutorial-detect-threats-custom/advanced-scheduling.png" alt-text="Screenshot of advanced scheduling toggle and settings.":::`
`123`	`123`
`124`		`- Future runnings of the rule will occur at the specified interval after the first running (see Advanced scheduling note below).`
	`124`	`+ Future runnings of the rule will occur at the specified interval after the first running.`
`125`	`125`
`126`	`126`	`The line of text under the Start running setting (with the information icon at its left) summarizes the current query scheduling and lookback settings.`
`127`	`127`
`@@ -131,10 +131,6 @@ In the Set rule logic tab, you can either write a query directly in the **Ru`
`131`	`131`	`>`
`132`	`132`	`> These two settings are independent of each other, up to a point. You can run a query at a short interval covering a time period longer than the interval (in effect having overlapping queries), but you cannot run a query at an interval that exceeds the coverage period, otherwise you will have gaps in the overall query coverage.`
`133`	`133`	`>`
`134`		`- > Advanced scheduling`
`135`		`- >`
`136`		`- > If you choose to start the running of a rule at a specific time (instead of automatically upon creation), be aware that the actual first run time of the rule may vary from the time you specified by up to half an hour in either direction. In any case, the interval for future runnings will be measured from the actual starting time of the previous run, not from the specified time.`
`137`		`- >`
`138`	`134`	`> Ingestion delay`
`139`	`135`	`>`
`140`	`136`	`> To account for latency that may occur between an event's generation at the source and its ingestion into Microsoft Sentinel, and to ensure complete coverage without data duplication, Microsoft Sentinel runs scheduled analytics rules on a five-minute delay from their scheduled time.`