Update customize-alert-details.md

yelevin · web-flow · commit cc4a33af0aa1 · 2025-01-23T17:50:39.000+02:00
diff --git a/articles/sentinel/customize-alert-details.md b/articles/sentinel/customize-alert-details.md
@@ -81,14 +81,25 @@ Follow the procedure detailed below to use the alert details feature. These step
         | **ConfidenceLevel** (Preview)      | One of the following values: <br>- **Low**<br>- **High**<br>- **Unknown** |
         | **ConfidenceScore** (Preview)      | Integer, between **0**-**1** (inclusive) |
         | **ExtendedLinks** (Preview)        | String |
-        | **ProductComponentName** (Preview) | String |
-        | **ProductName** (Preview)<br>\* See note following this table          | String |
-        | **ProviderName** (Preview)         | String |
+        | **ProductComponentName** (Preview)<br>\* See Caution notes following this table | String |
+        | **ProductName** (Preview)<br>\* See Caution notes following this table          | String |
+        | **ProviderName** (Preview)<br>\* See Caution notes following this table         | String |
         | **RemediationSteps** (Preview)     | String |
     
-       > [!NOTE]
+       > [!CAUTION]
+       > 
+       > If you onboarded Microsoft Sentinel to the Microsoft Defender portal, **do not customize** the following properties for alerts from Microsoft sources:
+       > - *ProductName* field
+       > - *ProductComponentName* field
+       > - *ProviderName* field
+       > 
+       > Attempting to do so will result in these alerts being dropped from Microsoft Defender XDR and no incident being created.
+
+       > [!CAUTION]
        > 
        > If you onboarded Microsoft Sentinel to the Microsoft Defender portal, **do not customize** the *ProductName* field for alerts from Microsoft sources. Doing so will result in these alerts being dropped from Microsoft Defender XDR and no incident being created.
+       >
+       > Also, you will not be able to customize the *ProductComponentName* and *ProviderName* fields.
 
     If you change your mind, or if you made a mistake, you can remove an alert detail by clicking the trash can icon next to the **Alert property/Value** pair, or delete the free text from the **Alert Name/Description Format** fields.
 
