MicrosoftDocs
diff --git a/‎articles/sentinel/media/sentinel-security-copilot-incident-summary/copilot-sentinel-incident-summary-expanded.png
72.2 KB b/‎articles/sentinel/media/sentinel-security-copilot-incident-summary/copilot-sentinel-incident-summary-expanded.png
72.2 KB
diff --git a/‎articles/sentinel/media/sentinel-security-copilot-incident-summary/copilot-sentinel-incident-summary.png
226 KB b/‎articles/sentinel/media/sentinel-security-copilot-incident-summary/copilot-sentinel-incident-summary.png
226 KB
diff --git a/‎articles/sentinel/sentinel-security-copilot-incident-summary.md
Lines changed: 4 additions & 0 deletions b/‎articles/sentinel/sentinel-security-copilot-incident-summary.md
Lines changed: 4 additions & 0 deletions
diff --git a/‎articles/sentinel/whats-new.md
Lines changed: 9 additions & 2 deletions b/‎articles/sentinel/whats-new.md
Lines changed: 9 additions & 2 deletions
@@ -61,6 +61,10 @@ Copilot automatically generates an incident summary when you open the incident's
 
 :::image type="content" source="media/sentinel-security-copilot-incident-summary/copilot-sentinel-incident-summary.png" alt-text="Screenshot that shows the Copilot-generated incident summary on the details pane of the Microsoft Sentinel incident page." lightbox="media/sentinel-security-copilot-incident-summary/copilot-sentinel-incident-summary.png":::
 
+Select **Show more** to expand the summary to see its complete content.
+
+:::image type="content" source="media/sentinel-security-copilot-incident-summary/copilot-sentinel-incident-summary-expanded.png" alt-text="Screenshot that shows the expanded incident summary.":::
+
    > [!TIP]
    > You can navigate to a file, IP, or URL page from the Copilot results pane by clicking on the evidence in the results.
 
 
@@ -20,10 +20,17 @@ The listed features were released in the last three months. For information abou
 
 ## April 2025
 
-- [Multi workspace and multitenant support for Microsoft Sentinel in the Defender portal (preview)](#multi-workspace-and-multitenant-support-for-microsoft-sentinel-in-the-defender-portal-preview)
+- [Security Copilot generates incident summaries in Microsoft Sentinel in the Azure portal (Preview)](#security-copilot-generates-incident-summaries-in-microsoft-sentinel-in-the-azure-portal-preview)
+- [Multi workspace and multitenant support for Microsoft Sentinel in the Defender portal (Preview)](#multi-workspace-and-multitenant-support-for-microsoft-sentinel-in-the-defender-portal-preview)
 - [Microsoft Sentinel now ingests all STIX objects and indicators into new threat intelligence tables (Preview)](#microsoft-sentinel-now-ingests-all-stix-objects-and-indicators-into-new-threat-intelligence-tables-preview)
 
-### Multi workspace and multitenant support for Microsoft Sentinel in the Defender portal (preview)
+### Security Copilot generates incident summaries in Microsoft Sentinel in the Azure portal (Preview)
+
+Microsoft Sentinel in the Azure portal now features (in Preview) incident summaries generated by Security Copilot, bringing it in line with the Defender portal. These summaries give your security analysts the up-front information they need to quickly understand, triage, and start investigating developing incidents.
+
+For more information, see [Summarize Microsoft Sentinel incidents with Security Copilot](sentinel-security-copilot-incident-summary.md).
+
+### Multi workspace and multitenant support for Microsoft Sentinel in the Defender portal (Preview)
 
 For preview, in the Defender portal, connect to one primary workspace and multiple secondary workspaces for Microsoft Sentinel. If you onboard Microsoft Sentinel with Defender XDR, a primary workspace's alerts are correlated with Defender XDR data. So incidents  include alerts from Microsoft Sentinel's primary workspace and Defender XDR. All other onboarded workspaces are considered secondary workspaces. Incidents are created based on the workspace’s data and won't include Defender XDR data.