updates

EdB-MSFT · EdB-MSFT · commit da5a02ef4890 · 2025-07-15T14:50:53.000+03:00
diff --git a/articles/sentinel/TOC.yml b/articles/sentinel/TOC.yml
@@ -5,7 +5,7 @@
   items:
   - name: What is Microsoft Sentinel?
     href: overview.md
-  - name: What is Microsoft Sentinel data lake (Preview)?
+  - name: What is Microsoft Sentinel data lake (preview)?
     href: graph/sentinel-lake-overview.md
     displayName: data lake
   - name: What's new
@@ -14,46 +14,44 @@
     href: best-practices.md
   - name: Experience in Defender portal
     href: microsoft-sentinel-defender-portal.md
-- name: Microsoft Sentinel data lake (Preview)
+- name: Data lake exploration (preview)
   items:  
-  - name: Data lake exploration
+  - name: KQL for the Microsoft Sentinel data lake (preview)
     items:
-    - name: KQL for the Microsoft Sentinel data lake (Preview)
-      items:
-      - name: Overview 
-        href: graph/kql-overview.md
-        displayName: data lake
-      - name: Run KQL queries (Preview)
-        href: graph/kql-queries.md
-        displayName: data lake
-      - name: Sample data lake queries (Preview)
-        href: graph/kql-samples.md
-        displayName: data lake  
-      - name: Create KQL jobs (Preview)
-        href: graph/kql-jobs.md 
-        displayName: data lake 
-      - name: Manage KQL jobs (Preview)
-        href: graph/kql-manage-jobs.md  
-        displayName: data lake      
-      - name: Troubleshoot KQL for the lake (Preview)
-        href: graph/kql-troubleshoot.md
-        displayName: data lake  
-    - name: Notebooks for data lake exploration (Preview)
-      items:
-      - name: Overview
-        href: graph/notebooks-overview.md
-        displayName: data lake
-      - name: Run notebooks (Preview)
-        href: graph/notebooks.md
-        displayName: data lake
-      - name: Microsoft Sentinel provider class reference (Preview)
-        href: graph/sentinel-provider-class-reference.md
-        displayName: data lake
-      - name: Create and manage notebook jobs (Preview)
-        href: graph/notebook-jobs.md
-        displayName: data lake
-      - name: Notebook examples for data lake exploration (Preview)
-        href: graph/notebook-examples.md 
+    - name: Overview 
+      href: graph/kql-overview.md
+      displayName: data lake
+    - name: Run KQL queries
+      href: graph/kql-queries.md
+      displayName: data lake
+    - name: Sample data lake queries
+      href: graph/kql-samples.md
+      displayName: data lake  
+    - name: Create KQL jobs
+      href: graph/kql-jobs.md 
+      displayName: data lake 
+    - name: Manage KQL jobs
+      href: graph/kql-manage-jobs.md
+      displayName: data lake
+    - name: Troubleshoot KQL for the lake
+      href: graph/kql-troubleshoot.md
+      displayName: data lake  
+  - name: Notebooks for data lake exploration (preview)
+    items:
+    - name: Overview
+      href: graph/notebooks-overview.md
+      displayName: data lake
+    - name: Run notebooks
+      href: graph/notebooks.md
+      displayName: data lake
+    - name: Microsoft Sentinel provider class reference
+      href: graph/sentinel-provider-class-reference.md
+      displayName: data lake
+    - name: Create and manage notebook jobs
+      href: graph/notebook-jobs.md
+      displayName: data lake
+    - name: Notebook examples for data lake exploration
+      href: graph/notebook-examples.md
 - name: Plan
   items:
   - name: Deployment planning guide  
@@ -97,7 +95,7 @@
     href: quickstart-onboard.md
   - name: Connect Microsoft Sentinel to the Defender portal
     href: /unified-secops-platform/microsoft-sentinel-onboard?toc=/azure/sentinel/TOC.json&bc=/azure/sentinel/breadcrumb/toc.json
-  - name: Onboard to Microsoft Sentinel data lake (Preview)
+  - name: Onboard to Microsoft Sentinel data lake (preview)
     href: graph/sentinel-lake-onboarding.md
     displayName: data lake
   - name: Set up connectors for the Microsoft Sentinel data lake
diff --git a/articles/sentinel/basic-logs-use-cases.md b/articles/sentinel/basic-logs-use-cases.md
@@ -1,10 +1,10 @@
 ---
-title: When to use data lake in Microsoft Sentinel
-description: Learn what log sources might be appropriate for the Microsoft Sentinel data lake and what  attributes to look for, to decide about other sources.
+title: When to use the Microsoft Sentinel data lake
+description: Learn what log sources might be appropriate for the Microsoft Sentinel data lake and what attributes to look for, to decide about other sources.
 author: EdB-MSFT
 ms.author: edbaynash
 ms.topic: conceptual
-ms.date: 07/07/2025
+ms.date: 07/15/2025
 appliesto:
     - Microsoft Sentinel in the Microsoft Defender portal
     - Microsoft Sentinel in the Azure portal
@@ -16,11 +16,12 @@ ms.collection: usx-security
 ---
 # Log sources to use for the Microsoft Sentinel data lake
 
-This article highlights log sources to consider configuring as data lake tier only when enabling a connector. Before choosing a tier for which to configure a given table, do the research to see which is most appropriate. For more information about data categories and data tiers, see [Data tiers in Microsoft Sentinel](log-plans.md).
+This article highlights log sources to consider configuring as data lake tier only when enabling a connector. Before choosing a tier for which to configure a given table, check which tier is most appropriate for your use case. For more information about data categories and data tiers, see [Log retention plans in Microsoft Sentinel](log-plans.md).
 
 [!INCLUDE [unified-soc-preview](includes/unified-soc-preview.md)]
+ 
 >[!NOTE]
->The Microsoft Sentinel data lake is currently in Public Preview.
+>The Microsoft Sentinel data lake is currently in preview. See [Supplemental Terms of Use for Microsoft Azure Previews](/support/legal/preview-supplemental-terms) for additional legal terms that apply to Azure features that are in preview or otherwise not yet released into general availability.
 
 ## Storage access logs for cloud providers
 
diff --git a/articles/sentinel/whats-new.md b/articles/sentinel/whats-new.md
@@ -22,8 +22,7 @@ The listed features were released in the last six months. For information about
 
 ### Microsoft Sentinel data lake
 
-Microsoft is enhancing its industry-leading SIEM solution, Microsoft Sentinel, with the introduction of a modern data lake—purpose - built to streamline data management, reduce costs, and accelerate AI adoption for security operations teams.
-The new Microsoft Sentinel data lake offers cost-effective, long-term storage, eliminating the need to choose between affordability and robust security. Security teams gain deeper visibility and faster incident resolution, all within the familiar Sentinel experience, enriched through seamless integration with advanced data analytics tools.  
+Microsoft Sentinel is now enhanced with a modern data lake, purpose-built to streamline data management, reduce costs, and accelerate AI adoption for security operations teams. The new Microsoft Sentinel data lake offers cost-effective, long-term storage, eliminating the need to choose between affordability and robust security. Security teams gain deeper visibility and faster incident resolution, all within the familiar Sentinel experience, enriched through seamless integration with advanced data analytics tools.  
 
 Key benefits of the Microsoft Sentinel data lake include:
 +	Single, open-format data copy for efficient and cost-effective storage
