MicrosoftDocs
diff --git a/‎ATPDocs/whats-new-archive.md‎
Lines changed: 1 addition & 1 deletion b/‎ATPDocs/whats-new-archive.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎defender-xdr/data-privacy.md‎
Lines changed: 1 addition & 1 deletion b/‎defender-xdr/data-privacy.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎defender-xdr/incidents-overview.md‎
Lines changed: 1 addition & 1 deletion b/‎defender-xdr/incidents-overview.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎defender-xdr/index.yml‎
Lines changed: 4 additions & 4 deletions b/‎defender-xdr/index.yml‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎defender-xdr/investigate-incidents.md‎
Lines changed: 1 addition & 1 deletion b/‎defender-xdr/investigate-incidents.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎defender-xdr/investigate-respond-container-threats.md‎
Lines changed: 1 addition & 1 deletion b/‎defender-xdr/investigate-respond-container-threats.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎defender-xdr/irm-investigate-alerts-defender.md‎
Lines changed: 3 additions & 3 deletions b/‎defender-xdr/irm-investigate-alerts-defender.md‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎defender-xdr/pilot-deploy-defender-cloud-apps.md‎
Lines changed: 2 additions & 2 deletions b/‎defender-xdr/pilot-deploy-defender-cloud-apps.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎defender-xdr/pilot-deploy-defender-identity.md‎
Lines changed: 2 additions & 2 deletions b/‎defender-xdr/pilot-deploy-defender-identity.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎defender-xdr/whats-new.md‎
Lines changed: 8 additions & 8 deletions b/‎defender-xdr/whats-new.md‎
Lines changed: 8 additions & 8 deletions
@@ -904,7 +904,7 @@ We are expanding our sensitivity definition for on-premises accounts to include
 
 Released June 14, 2020
 
-- **Feature enhancement: Additional activity details available in the unified SecOps experience**  
+- **Feature enhancement: Additional activity details available**  
 We've extended the device information we send to Defender for Cloud Apps including device names, IP addresses, account UPNs and used port. For more information about our integration with Defender for Cloud Apps, see [Using Azure ATP with Defender for Cloud Apps](/defender-for-identity/deploy-defender-identity).
 
 - Version includes improvements and bug fixes for internal sensor infrastructure.
 
@@ -56,7 +56,7 @@ Customer data stored by integrated services might also be stored in the followin
 
 Microsoft Defender XDR data is retained for 180 days, and is visible across the Microsoft Defender portal during that time, except for in **Advanced hunting** queries. 
 
-In the Microsoft Defender portal's **Advanced hunting** page, data is accessible via queries for only 30 days, unless it's streamed through [Microsoft Sentinel with Microsoft's unified security operations platform](/azure/sentinel/microsoft-365-defender-sentinel-integration?toc=%2Fdefender-xdr%2Ftoc.json&bc=%2Fdefender-xdr%2Fbreadcrumb%2Ftoc.json&tabs=defender-portal), where retention periods may be longer.
+In the Microsoft Defender portal's **Advanced hunting** page, data is accessible via queries for only 30 days, unless it's streamed through [Microsoft Sentinel](/azure/sentinel/microsoft-365-defender-sentinel-integration?toc=%2Fdefender-xdr%2Ftoc.json&bc=%2Fdefender-xdr%2Fbreadcrumb%2Ftoc.json&tabs=defender-portal), where retention periods may be longer.
 
 Data continues to be retained and visible, even when a license is under a grace period or in suspended mode. At the end of any grace period or suspension, and no later than 180 days from a contract termination or expiration, data is deleted from Microsoft's systems and is unrecoverable.
 
 
@@ -27,7 +27,7 @@ appliesto:
 
 # Incidents and alerts in the Microsoft Defender portal
 
-Microsoft's unified SecOps platform in the Microsoft Defender portal brings together a unified set of security services to reduce your exposure to security threats, improve your organizational security posture, detect security threats, and investigate and respond to breaches. These services collect and produce signals that are displayed in the portal. The two main kinds of signals are:
+The Microsoft Defender portal brings together a unified set of security services to reduce your exposure to security threats, improve your organizational security posture, detect security threats, and investigate and respond to breaches. These services collect and produce signals that are displayed in the portal. The two main kinds of signals are:
 
 **Alerts**: Signals that result from various threat detection activities. These signals indicate the occurrence of malicious or suspicious events in your environment.
 
 
@@ -65,19 +65,19 @@ landingContent:
           url: deploy-configure-m365-defender.md
 
   # Card
-  - title: Microsoft's unified security operations platform
+  - title: Unified security operations in the Defender portal
     linkLists:
       - linkListType: overview
         links:
-          - text: "What is Microsoft's unified SecOps platform?"
+          - text: "What are unified security operations?"
             url: /unified-secops-platform/overview-unified-security
           - text: "Microsoft Defender portal overview"
             url: /unified-secops-platform/overview-defender-portal
       - linkListType: deploy
         links:
-          - text: "Plan your unified SecOps deployment"
+          - text: "Plan for unified security operations"
             url: /unified-secops-platform/overview-plan
-          - text: "Deploy Microsoft's unified SecOps platform"
+          - text: "Deploy for unified security operations"
             url: /unified-secops-platform/overview-deploy
 
 # Card
 
@@ -107,7 +107,7 @@ If the incident or related alerts were the result of an analytics rule you've se
 
 > [!NOTE]
 > To view the details of an attack path, you must have read access permissions in the Microsoft Defender portal and the license for [Microsoft Security Exposure Management](/security-exposure-management/microsoft-security-exposure-management). </br></br>
-> To view attack path details with Microsoft Sentinel in the unified security operations platform, a *Sentinel Reader* role is required. To create new attack paths, the *Security Administrator* role is required.
+> To view attack path details with Microsoft Sentinel in the Defender portal, a *Sentinel Reader* role is required. To create new attack paths, the *Security Administrator* role is required.
 
 The incident graph also contains information about **attack paths**. These paths allow security analysts to identify what other entities an attacker is likely to target next. To view an attack path, you can click on an entity in the incident graph and select **View attack paths**. The top attack paths are shown within the incident graph. Here's an example.
 
 
@@ -19,7 +19,7 @@ search.appverid:
 ms.date: 01/07/2025
 appliesto:
 - ✅ <a href="https://learn.microsoft.com/defender-xdr/microsoft-365-defender" target="_blank">Microsoft Defender XDR</a>
-- <a href="https://learn.microsoft.com/unified-secops-platform/" target="_blank">Microsoft's unified security operations platform</a>
+- <a href="https://learn.microsoft.com/unified-secops-platform/" target="_blank">Microsoft Sentinel in the Defender portal</a>
 ---
 # Investigate and respond to container threats in the Microsoft Defender portal
 
 
@@ -19,7 +19,7 @@ search.appverid:
 ms.date: 02/17/2025
 appliesto:
 - ✅ <a href="https://learn.microsoft.com/defender-xdr/microsoft-365-defender" target="_blank">Microsoft Defender XDR</a>
-- <a href="https://learn.microsoft.com/unified-secops-platform/" target="_blank">Microsoft's unified security operations platform</a>
+- <a href="https://learn.microsoft.com/unified-secops-platform/" target="_blank">Microsoft Sentinel in the Defender portal</a>
 ---
 # Investigate insider risk threats in the Microsoft Defender portal
 
@@ -132,7 +132,7 @@ The following alert classification mapping is used to sync the alert classificat
 |Microsoft Defender alert classification|Microsoft Purview Insider Risk Management alert classification|
 |:---|:---|
 |True positive </br> Includes multi-staged attack, phishing, etc.|Confirmed|
-|Information, expected activity (benign positive) </br> Includes Ssecurity testing, confirmed activity, etc.|Dismissed|
+|Information, expected activity (benign positive) </br> Includes security testing, confirmed activity, etc.|Dismissed|
 |False positive </br> Includes not malicious, not enough data to validate, etc.|Dismissed|
 
 For more information about alert statuses and classifications in Microsoft Defender XDR, see [Manage alerts in Microsoft Defender](investigate-alerts.md#manage-alerts).
@@ -213,4 +213,4 @@ If you are using automation on Microsoft Sentinel incidents, note that automatio
 After investigating an insider risk incident or alert, you can do any of the following:
 
 - Continue to respond to the alert in the Microsoft Purview portal.
-- Use advanced hunting to investigate other insider risk management events in the Microsoft Defender portal.
+- Use advanced hunting to investigate other insider risk management events in the Microsoft Defender portal.
@@ -256,9 +256,9 @@ For more information on advanced hunting in Microsoft Defender for Cloud Apps da
 
 ## SIEM integration
 
-You can integrate Defender for Cloud Apps with Microsoft Sentinel as part of Microsoft's [unified security operations platform](/unified-secops-platform/), or with a generic security information and event management (SIEM) service to enable centralized monitoring of alerts and activities from connected apps. With Microsoft Sentinel, you can more comprehensively analyze security events across your organization and build playbooks for effective and immediate response.
+You can integrate Defender for Cloud Apps with Microsoft Sentinel for unified security operations in the [Defender portal](/unified-secops-platform/), or with a generic security information and event management (SIEM) service to enable centralized monitoring of alerts and activities from connected apps. With Microsoft Sentinel, you can more comprehensively analyze security events across your organization and build playbooks for effective and immediate response.
 
-Microsoft Sentinel includes a Microsoft Defender for XDR data connector to bring all signals from Defender XDR, including Defender for Cloud Apps, to Microsoft Sentinel. Use the Defender portal as a unified security operations (SecOps) platform.
+The Defender portal supports unified security operations with Microsoft Sentinel, bringing signals from Defender XDR, including Defender for Cloud Apps, to Microsoft Sentinel.
 
 For more information, see:
 
 
@@ -182,9 +182,9 @@ For more information, see:
 
 ## SIEM integration
 
-You can integrate Defender for Identity with Microsoft Sentinel as part of Microsoft's [unified security operations platform](/unified-secops-platform/), or with a generic security information and event management (SIEM) service to enable centralized monitoring of alerts and activities from connected apps. With Microsoft Sentinel, you can more comprehensively analyze security events across your organization and build playbooks for effective and immediate response.
+You can integrate Defender for Identity with Microsoft Sentinel for unified security operations in the [Defender portal](/unified-secops-platform/), or with a generic security information and event management (SIEM) service to enable centralized monitoring of alerts and activities from connected apps. With Microsoft Sentinel, you can more comprehensively analyze security events across your organization and build playbooks for effective and immediate response.
 
-Microsoft Sentinel supports a Microsoft Defender for XDR data connector to bring all signals from Defender XDR, including Defender for Identity, to Microsoft Sentinel. Use the Defender portal as a unified security operations (SecOps) platform.
+The Defender portal supports unified security operations with Microsoft Sentinel, bringing signals from Defender XDR, including Defender for Identity, to Microsoft Sentinel.
 
 For more information, see:
 
 
@@ -21,7 +21,7 @@ Lists the new features and functionality in Microsoft Defender XDR.
 
 For more information on what's new with other Microsoft Defender security products and Microsoft Sentinel, see:
 
-- [What's new in Microsoft's unified security operations platform](/unified-secops-platform/whats-new)
+- [What's new for unified security operations in the Defender portal](/unified-secops-platform/whats-new)
 - [What's new in Microsoft Defender for Office 365](/defender-office-365/defender-for-office-365-whats-new)
 - [What's new in Microsoft Defender for Endpoint](/defender-endpoint/whats-new-in-microsoft-defender-endpoint)
 - [What's new in Microsoft Defender for Identity](/defender-for-identity/whats-new)
@@ -100,7 +100,7 @@ You can also get product updates and important notifications through the [messag
 - Microsoft Defender Experts for XDR now offers [scoped coverage](defender-experts-scoped-coverage.md) for customers who wish to define a specific set of devices and/or users, based on geography, subsidiary, or function, for which they'd like Defender Experts to provide support.
 - (Preview) The [Link to incident](advanced-hunting-defender-results.md#link-query-results-to-an-incident) feature in Microsoft Defender advanced hunting now allows linking of Microsoft Sentinel query results. In both the Microsoft Defender unified experience and in [Defender XDR advanced hunting](advanced-hunting-link-to-incident.md), you can now specify whether an entity is an impacted asset or related evidence.
 - (Preview) In [advanced hunting](advanced-hunting-defender-use-custom-rules.md#use-adx-operator-for-azure-data-explorer-queries-preview), Microsoft Defender portal users can now use the `adx()` operator to query tables stored in Azure Data Explorer. You no longer need to go to log analytics in Microsoft Sentinel to use this operator if you're already in Microsoft Defender.
-- New documentation library for Microsoft's unified security operations platform. Find centralized documentation about [Microsoft's unified SecOps platform in the Microsoft Defender portal](/unified-secops-platform/overview-unified-security). Microsoft's unified SecOps platform brings together the full capabilities of Microsoft Sentinel, Microsoft Defender XDR, Microsoft Security Exposure Management, and generative AI into the Defender portal. Learn about the features and functionality available with Microsoft's unified SecOps platform, then start to plan your deployment.
+- New documentation library for  [unified security operations in the Microsoft Defender portal](/unified-secops-platform/overview-unified-security). The Microsoft Defender portal brings together the full capabilities of Microsoft Sentinel, Microsoft Defender XDR, Microsoft Security Exposure Management, and generative AI. Learn about the features and functionality available in the Defender portal, and then start to plan your deployment.
 - (GA) In advanced hunting, you can now add your frequently used schema tables, functions, queries, and detection rules in the **[Favorites](advanced-hunting-query-results.md#add-items-to-favorites)** sections under each tab for quicker access.
 
 ## November 2024
@@ -133,7 +133,7 @@ You can also get product updates and important notifications through the [messag
 
 ## August 2024
 
-- (Preview) Microsoft Sentinel data is now available with Defender XDR data in Microsoft Defender multitenant management. Only one Microsoft Sentinel workspace per tenant is currently supported in the Microsoft unified security operations platform. So, Microsoft Defender multitenant management shows security information and event management (SIEM) data from one Microsoft Sentinel workspace per tenant. For more information, see [Microsoft Defender multitenant management](/unified-secops-platform/mto-overview) and [Microsoft Sentinel in the Microsoft Defender portal](/azure/sentinel/microsoft-sentinel-defender-portal).
+- (Preview) Microsoft Sentinel data is now available with Defender XDR data in Microsoft Defender multitenant management. Only one Microsoft Sentinel workspace per tenant is currently supported in the Defender portal. So, Microsoft Defender multitenant management shows security information and event management (SIEM) data from one Microsoft Sentinel workspace per tenant. For more information, see [Microsoft Defender multitenant management](/unified-secops-platform/mto-overview) and [Microsoft Sentinel in the Microsoft Defender portal](/azure/sentinel/microsoft-sentinel-defender-portal).
 - To ensure a smooth experience while navigating the Microsoft Defender portal, configure your network firewall by adding the appropriate addresses to your allow list. For more information, see [Network firewall configuration for Microsoft Defender XDR](m365d-enable.md#configure-your-network-firewall).
 
 ## July 2024
@@ -142,9 +142,9 @@ You can also get product updates and important notifications through the [messag
 
 - (GA) Filtering Microsoft Defender for Cloud alerts by the associated **alert subscription ID** in the Incidents and Alerts queues is now generally available. For more information, see [Microsoft Defender for Cloud in Microsoft Defender XDR](microsoft-365-security-center-defender-cloud.md).
 
-- (GA) The **Microsoft unified security operations platform** in the Microsoft Defender portal is generally available. This release brings together the full capabilities of Microsoft Sentinel, Microsoft Defender XDR, and Microsoft Copilot in Microsoft Defender. For more information, see the following resources:
+- (GA) Unified security operations in the Defender portal is generally available. This release brings together the full capabilities of Microsoft Sentinel, Microsoft Defender XDR, and Microsoft Copilot in Microsoft Defender. For more information, see the following resources:
 
-- Blog post: [General availability of the Microsoft unified security operations platform](https://aka.ms/unified-soc-announcement)
+- Blog post: [Simplified Zero Trust security with the Microsoft Entra Suite and unified security operations, now generally available](https://aka.ms/unified-soc-announcement)
   - [Microsoft Sentinel in the Microsoft Defender portal](https://go.microsoft.com/fwlink/p/?linkid=2263690)
   - [Connect Microsoft Sentinel to Microsoft Defender XDR](/unified-secops-platform/microsoft-sentinel-onboard)
   - [Microsoft Copilot in Microsoft Defender](security-copilot-in-microsoft-365-defender.md)
@@ -177,7 +177,7 @@ You can also get product updates and important notifications through the [messag
 
 - Create alert tuning rules using **Alert severity** and **Alert title** values as conditions. Alert tuning can help you streamline the alert queue, saving triage time by hiding or resolving alerts automatically, each time a certain expected organizational behavior occurs, and rule conditions are met. For more information, see [Tune an alert](investigate-alerts.md#tune-an-alert).
 - (Preview) **Turn preview options on in the main Microsoft 365 Defender settings** together with other Microsoft 365 Defender preview features. Customers who aren't using preview features yet will continue to see the legacy settings under **Settings > Endpoints > Advanced features > Preview features**. For more information, see [Microsoft 365 Defender preview features](/defender-xdr/preview).
-- (Preview) The **SOC optimizations** page in the Microsoft Defender portal is now available with the [unified security operations platform](https://go.microsoft.com/fwlink/p/?linkid=2263690). Integrate Microsoft Defender XDR and Microsoft Sentinel and use SOC optimizations to optimize both processes and outcomes, without having your SOC teams spend time on manual analysis and research. For more information, see:
+- (Preview) The **SOC optimizations** page is now available in the [Microsoft Defender portal](https://go.microsoft.com/fwlink/p/?linkid=2263690) together with Microsoft Sentinel.  Integrate Microsoft Defender XDR and Microsoft Sentinel and use SOC optimizations to optimize both processes and outcomes, without having your SOC teams spend time on manual analysis and research. For more information, see:
 
   - [Optimize your security operations](https://aka.ms/soc-opt-from-defender)
   - [SOC optimization reference](https://aka.ms/soc-opt-ref)
@@ -196,9 +196,9 @@ You can also get product updates and important notifications through the [messag
 
 ## April 2024
 
-- (Preview) The **unified security operations platform** in the Microsoft Defender portal is now available. This release brings together the full capabilities of Microsoft Sentinel, Microsoft Defender XDR, and Microsoft Copilot in Microsoft Defender. For more information, see the following resources:
+- (Preview) The Defender portal now supports unified security operations, providing the full capabilities of Microsoft Sentinel, Microsoft Defender XDR, and Microsoft Copilot in Microsoft Defender. For more information, see the following resources:
 
-  - Blog announcement: [Unified security operations platform ready to revolutionize protection and efficiency](https://aka.ms/unified-soc-announcement)
+  - Blog announcement: [Simplified Zero Trust security with the Microsoft Entra Suite and unified security operations, now generally available ](https://aka.ms/unified-soc-announcement)
   - [Microsoft Sentinel in the Microsoft Defender portal](https://go.microsoft.com/fwlink/p/?linkid=2263690)
   - [Connect Microsoft Sentinel to Microsoft Defender XDR](/unified-secops-platform/microsoft-sentinel-onboard)
   - [Microsoft Security Copilot in Microsoft Defender](security-copilot-in-microsoft-365-defender.md)