Update Defender Experts report and what's new docs

Added details about the new 'Emerging threats' section and investigation summaries in Defender Experts for Hunting reports. Updated 'What's new' to include October 2025 changes, including the new Trends tab in XDR reports and improvements to hunting reports. Minor clarifications and grammar improvements were also made.

Author: poliveria

defender-xdr/defender-experts-report.md

@@ -74,6 +74,8 @@ This section is a table that shows the threat title, whether we identified impac
 
 :::image type="content" source="media/hunting-report-emerging-threats.png" alt-text="Screenshot of the Emerging threats section of the Defender Experts for Hunting report." lightbox="media/hunting-report-emerging-threats.png":::
 
+Selecting one of the threat titles opens a side panel with its [hunting summary](#hunting-summaries), which summarizes our findings about the threat. Hunting summaries give you insight into our investigations and keep you updated with the threat landscape.
+
 ### Hunts by threat category
 
 The **Hunts by threat category** section displays hunting activity tiles that are sorted according to their threat categories. This sorting helps you visualize what an activity is trying to achieve in each attack phase so you can plan the corresponding containment and remediation actions.
@@ -92,9 +94,9 @@ Each activity tile shows the number of hunts Defender Experts conducted related
 
 ### Hunting summaries
 
-Each hunt Defender Experts conduct tells a story, even when no active threat is found. In nearly each hunt Defender Experts conduct in your environment, there's a corresponding investigation summary that goes along with it, regardless if we identified a confirmed threat.
+Each hunt that Defender Experts conduct tells a story, even when they don't find an active threat. In nearly every hunt that Defender Experts conduct in your environment, there's a corresponding investigation summary that goes along with it, regardless of whether they identified a confirmed threat.
 
-When you select one of the threat titles in the **Emerging threats** section or one of the activity tiles with the scroll icon in the **Hunts by threat category** section, the report opens a side panel that provides a **hunting summary**, or summary of our investigation: what we hunted for, why we hunted for it, and how we reached our final determination. The summary also provides the dates and times the hunt started and concluded, the hunt classification, and impacted assets. If applicable, it also provides links to view related Defender Experts Notifications.
+When you select one of the threat titles in the **Emerging threats** section or one of the activity tiles with the scroll icon in the **Hunts by threat category** section, a side panel opens that displays the **hunting summary**, or summary of the investigation related to the threat or activity: what the Defender Experts hunted for, why they hunted for it, and how they reached their final determination. The summary also provides the dates and times the hunt started and concluded, the hunt classification, and impacted assets. If applicable, it also provides links to view related Defender Experts Notifications.
 
 :::image type="content" source="media/hunting-report-hunt-summary.png" alt-text="Screenshot of a hunting summary in the Defender Experts for Hunting report." lightbox="media/hunting-report-hunt-summary.png":::
 
@@ -104,7 +106,7 @@ The **Top trending suspicious activities** section of the report identifies up t
 
 :::image type="content" source="/defender/media/defender-experts/top-trending-suspicious-activities.png" alt-text="Screenshot of the Top trending suspicious activities section of the report." lightbox="/defender/media/defender-experts/top-trending-suspicious-activities.png":::
 
-By showing the most critical and frequently observed activities, you can assess and evaluate their impact and develop strategies to prevent or mitigate potential threats to your environment
+By showing the most critical and frequently observed activities, you can assess and evaluate their impact and develop strategies to prevent or mitigate potential threats to your environment.
 
 Select **View details** in each card to open a flyout panel that details the impacted devices and users. If applicable, the page also provides links to view related Defender Expert Notifications.
 

defender-xdr/whats-new.md

@@ -32,6 +32,10 @@ For more information on what's new with other Microsoft Defender security produc
 
 You can also get product updates and important notifications through the [message center](https://admin.microsoft.com/Adminportal/Home#/MessageCenter).
 
+## October 2025
+- [Microsoft Defender Experts for XDR reports](reports-xdr.md) now include a **Trends** tab provides you with the monthly volume of investigated and resolved incidents for the last six months, visualized according to the incidents' severity, MITRE tactic, and threat type. This section gives you insight into how Defender Experts are tangibly improving your security operations by showing important operational metrics on a month-over-month basis.
+- [Microsoft Defender Experts for Hunting reports](defender-experts-report.md) now include an **Emerging threats** section that details the proactive, hypothesis-based hunts we conducted in your environment. Each report also now includes investigation summaries for nearly every hunt that Defender Experts conduct in your environment, regardless of whether they identified a confirmed threat.
+
 ## September 2025
 
 - (Preview) You can now use tasks in the Microsoft Defender portal to break down incident investigations into actionable steps and assign them across your operations teams. Tasks are displayed alongside Security Copilot insights, guided responses, and reports - giving your team a unified view of progress and next steps. When you onboard Microsoft Sentinel to the Defender portal, tasks you create in Microsoft Sentinel through the Azure portal are automatically synchronized to the Defender portal. For more information, see [Streamline incident response using tasks in the Microsoft Defender portal (Preview)](./split-incidents-into-tasks.md)
@@ -86,7 +90,7 @@ You can also get product updates and important notifications through the [messag
 
 - (Preview) You can now create data security investigations in the Microsoft Defender portal with the integration of Microsoft Purview Data Security Investigations (preview) and Microsoft Defender XDR. This integration allows security operations center (SOC) teams to enhance their investigation and response to potential data security incidents like data breaches or data leaks. For more information, see [Create data security investigations in the Microsoft Defender portal](create-dsi-in-defender.md).
 
-- (Preview) **Contain IP addresses of undiscovered devices**: Containing IP addresses associated with devices that are undiscovered or are not onboarded to Defender for Endpoint is now in preview. Containing an IP address prevents attackers from spreading attacks to other non-compromised devices. See [Contain IP addresses of undiscovered devices](automatic-attack-disruption.md#automated-response-actions) for more information.
+- (Preview) **Contain IP addresses of undiscovered devices**: Containing IP addresses associated with devices that are undiscovered or aren't onboarded to Defender for Endpoint is now in preview. Containing an IP address prevents attackers from spreading attacks to other non-compromised devices. See [Contain IP addresses of undiscovered devices](automatic-attack-disruption.md#automated-response-actions) for more information.
 
 - (Preview) The [OAuthAppInfo](advanced-hunting-oauthappinfo-table.md) table is now available for preview in advanced hunting. The table contains information about Microsoft 365-connected OAuth applications registered with Microsoft Entra ID and available in the Defender for Cloud Apps app governance capability.