Fix tabs

cdpark · cdpark · commit f00c51bca1d5 · 2025-04-24T16:47:43.000-07:00
diff --git a/articles/sentinel/configure-data-connector.md b/articles/sentinel/configure-data-connector.md
@@ -43,13 +43,9 @@ After you or someone in your organization installs the solution that includes th
 1. Select **Open connector page**.  
 
    #### [Defender portal](#tab/defender-portal)
-
    :::image type="content" source="media/configure-data-connector/open-connector-page-option-defender-portal.png" alt-text="Screenshot of data connector details page in the Defender portal.":::
-
    #### [Azure portal](#tab/azure-portal)
-
    :::image type="content" source="media/configure-data-connector/open-connector-page-option.png" alt-text="Screenshot of data connector details page with open connector page button.":::
-
    ---
 
 1. Review the **Prerequisites**. To configure the data connector, fulfill all the prerequisites.
diff --git a/articles/sentinel/hunts-custom-queries.md b/articles/sentinel/hunts-custom-queries.md
@@ -24,16 +24,16 @@ Hunt for security threats across your organization's data sources with custom hu
 
 In Microsoft Sentinel, create a custom hunting query from the **Hunting** > **Queries** tab.
 
-1. For Microsoft Sentinel in the [Azure portal](https://portal.azure.com), under **Threat management**  select **Hunting**.<br> For Microsoft Sentinel in the [Defender portal](https://security.microsoft.com/), select **Microsoft Sentinel** > **Threat management** > **Hunting**.
+1. For Microsoft Sentinel in the [Defender portal](https://security.microsoft.com/), select **Microsoft Sentinel** > **Threat management** > **Hunting**. For Microsoft Sentinel in the [Azure portal](https://portal.azure.com), under **Threat management**  select **Hunting**.
+
 1. Select the **Queries** tab.
+
 1. From the command bar, select **New query**.
 
-   # [Defender portal](#tab/defender-portal)
+   ### [Defender portal](#tab/defender-portal)
    :::image type="content" source="./media/hunts-custom-queries/save-query-defender.png" alt-text="Save query" lightbox="./media/hunts-custom-queries/save-query-defender.png":::
-
-   # [Azure portal](#tab/azure-portal)
+   ### [Azure portal](#tab/azure-portal)
    :::image type="content" source="./media/hunts-custom-queries/save-query.png" alt-text="Save query" lightbox="./media/hunts-custom-queries/save-query.png":::
-
    ---
 
 1. Fill in all the blank fields.
@@ -46,23 +46,24 @@ In Microsoft Sentinel, create a custom hunting query from the **Hunting** > **Qu
 
         :::image type="content" source="./media/hunting/mitre-attack-mapping-hunting.png" alt-text="New query" lightbox="./media/hunting/new-query.png":::
 
-1.  When your finished defining your query, select **Create**.
+1. When your finished defining your query, select **Create**.
 
 ## Clone an existing query
 
 Clone a custom or built-in query and edit it as needed.
  
 1. From the **Hunting** > **Queries** tab, select the hunting query you want to clone.
+
 1. Select the ellipsis (...) in the line of the query you want to modify, and select **Clone**.
 
-   # [Defender portal](#tab/defender-portal)
+   ### [Defender portal](#tab/defender-portal)
    :::image type="content" source="./media/hunts-custom-queries/clone-hunting-query-defender.png" alt-text="Clone query" lightbox="./media/hunts-custom-queries/clone-hunting-query-defender.png":::
-
-   # [Azure portal](#tab/azure-portal)
+   ### [Azure portal](#tab/azure-portal)
    :::image type="content" source="./media/hunts-custom-queries/clone-hunting-query.png" alt-text="Clone query" lightbox="./media/hunts-custom-queries/clone-hunting-query.png":::
-
    ---
+
 1. Edit the query and other fields as appropriate.
+
 1. Select **Create**.
 
 ## Edit an existing custom query
diff --git a/articles/sentinel/search-jobs.md b/articles/sentinel/search-jobs.md
@@ -29,16 +29,16 @@ Use a search job when you start an investigation to find specific events in logs
 
 Go to **Search** in Microsoft Sentinel from the Azure portal or the Microsoft Defender portal to enter your search criteria. Depending on the size of the target dataset, search times vary. While most search jobs take a few minutes to complete, searches across massive data sets that run up to 24 hours are also supported. 
 
-1. For Microsoft Sentinel in the [Azure portal](https://portal.azure.com), under **General**, select **Search**. <br>For Microsoft Sentinel in the [Defender portal](https://security.microsoft.com/), select **Microsoft Sentinel** > **Search**.
+1. For Microsoft Sentinel in the [Defender portal](https://security.microsoft.com/), select **Microsoft Sentinel** > **Search**. For Microsoft Sentinel in the [Azure portal](https://portal.azure.com), under **General**, select **Search**.
+
 1. Select the **Table** menu and choose a table for your search.
+
 1. In the **Search** box, enter a search term.
 
-   #### [Defender portal](#tab/defender-portal)
+   ### [Defender portal](#tab/defender-portal)
    :::image type="content" source="media/search-jobs/search-job-defender-portal.png" alt-text="Screenshot of search page with search criteria of administrator, time range last 90 days, and table selected." lightbox="media/search-jobs/search-job-defender-portal.png":::
-
-   #### [Azure portal](#tab/azure-portal)
+   ### [Azure portal](#tab/azure-portal)
    :::image type="content" source="media/search-jobs/search-job-criteria.png" alt-text="Screenshot of search page with search criteria of administrator, time range last 90 days, and table selected." lightbox="media/search-jobs/search-job-criteria.png":::
-
    ---
 
 1. Select the **Start**  to open the advanced Kusto Query Language (KQL) editor and preview of the results for a set time range.
@@ -50,10 +50,15 @@ Go to **Search** in Microsoft Sentinel from the Azure portal or the Microsoft De
 1. When you're satisfied with the query and the search results preview, select the ellipses **...** and toggle  **Search job mode** on.
 
    :::image type="content" source="media/search-jobs/search-job-advanced-kql-ellipsis.png" alt-text="Screenshot of KQL editor with revised search with ellipsis highlighted for Search job mode." lightbox="media/search-jobs/search-job-advanced-kql-ellipsis.png":::
+
 1. Specify the search job date range using the **Time range** selector. Don't include a time range in your KQL query as it is ignored.
+
 1. Resolve any KQL issues indicated by a squiggly red line in the editor.
+
 1. When you're ready to start the search job, select **Search job**.
+
 1. Enter a new table name to store the search job results.
+
 1. Select **Run a search job**.
 
 1. Wait for the notification **Search job is done** to view the results.
diff --git a/articles/sentinel/watchlists-create.md b/articles/sentinel/watchlists-create.md
@@ -44,14 +44,10 @@ If you didn't use a watchlist template to create your file,
 
 1. Select **+ New**.
 
-   #### [Defender portal](#tab/defender-portal)
-
+   ### [Defender portal](#tab/defender-portal)
    :::image type="content" source="./media/watchlists-create/sentinel-watchlist-new-defender.png" alt-text="Screenshot of add watchlist option on watchlist page." lightbox="./media/watchlists-create/sentinel-watchlist-new-defender.png":::
-
-   #### [Azure portal](#tab/azure-portal)
-
+   ### [Azure portal](#tab/azure-portal)
    :::image type="content" source="./media/watchlists-create/sentinel-watchlist-new.png" alt-text="Screenshot of add watchlist option on watchlist page." lightbox="./media/watchlists-create/sentinel-watchlist-new.png":::
-
    ---
 
 1. On the **General** page, provide the name, description, and alias for the watchlist.
