add table

Author: DeCohen

ATPDocs/okta-defender-for-identity-overview.md

@@ -17,52 +17,15 @@ When you connect Okta to Microsoft Defender for Identity, you can extend your id
 
 With Okta connected, Defender for Identity provides the following capabilities:
 
-### View Okta accounts in the Identity Inventory
 
-Defender for Identity adds Okta users to the identity inventory in the Microsoft Defender portal. These accounts correlate with matching identities from Active Directory or Microsoft Entra ID, which allows unified tracking across platforms.
+|Capability  |Description  |
+|---------|---------|
+|View Okta accounts in the Identity Inventory    |  Defender for Identity adds Okta users to the identity inventory in the Microsoft Defender portal. These accounts correlate with matching identities from Active Directory or Microsoft Entra ID, which allows unified tracking across platforms.       |
+|Improve Okta security posture    |   Defender for Identity evaluates identity configuration in Okta and surfaces posture recommendations in Microsoft Secure Score. Example recommendations include: <br> - [Assign multifactor authentication to Okta privileged user accounts](assign-multi-factor-authentication-okta-privileged-user-accounts.md)  <br> - [Change password for Okta privileged user accounts](change-okta-password-privileged-user-accounts.md)  <br> - [High number of Okta accounts with privileged role assigned](high-number-of-okta-accounts-with-privileged-role-assigned.md)  <br> - [Highly privileged Okta API token](highly-privileged-okta-api-token.md)  <br> - [Limit the number of Okta Super Admin accounts](limit-number-okta-super-admin-accounts.md)  <br> - [Remove dormant Okta privileged accounts](remove-dormant-okta-privileged-accounts.md)      |
+|Get alerts on suspicious Okta activity   |  Defender for Identity alerts you when it detects high-risk behavior in Okta, including anonymous sign-ins, privileged role assignments, and token abuse. These alerts are available in Microsoft Defender XDR. When connected, Defender for Identity raises the following alerts based on Okta activity:  <br> - Okta anonymous user access  <br> - Privileged API token created  <br> - Privileged API token updated  <br> - Privileged Role assignment to Application  <br> - Suspicious privileged role assignment  <br> For a full list of supported alerts, see: [Defender for Identity XDR alerts](/defender-for-identity/alerts-xdr#initial-access-alerts)       |
+|Use advanced hunting to investigate Okta activity    |  Advanced hunting lets you investigate identity activity across different services including Okta, Active Directory, and Microsoft Entra ID. <br> The **IdentityInfo** table includes account metadata such as privilege level, group membership, and identity source. The **IdentityEvents** table includes events related to those identities, such as sign-ins, authentication attempts, and identity-related alerts across supported identity providers.  <br> To explore the full schema and build your own queries, see:  <br> -  [IdentityInfo ](/defender-xdr/advanced-hunting-identityinfo-table)  <br> -  [IdentityEvents(Preview)](/defender-xdr/advanced-hunting-identityevents-table).       |
+|Take remediation actions      |  When Microsoft Defender for Identity identifies an identity as at risk, you can take the following remediation actions directly from the Defender portal to update the user's status in Okta.  <br> - Revoke all user's sessions  <br> - Deactivate user in Okta  <br> - Set user risk in Okta  <br> For more information, see: [Remediation actions in Microsoft Defender for Identity](remediation-actions.md#roles-and-permissions)       |
 
-### Improve Okta security posture
-
-Defender for Identity evaluates identity configuration in Okta and surfaces posture recommendations in Microsoft Secure Score. Example recommendations include:
-
-- [Assign multifactor authentication to Okta privileged user accounts](assign-multi-factor-authentication-okta-privileged-user-accounts.md)
-- [Change password for Okta privileged user accounts](change-okta-password-privileged-user-accounts.md)
-- [High number of Okta accounts with privileged role assigned](high-number-of-okta-accounts-with-privileged-role-assigned.md)
-- [Highly privileged Okta API token](highly-privileged-okta-api-token.md)
-- [Limit the number of Okta Super Admin accounts](limit-number-okta-super-admin-accounts.md)
-- [Remove dormant Okta privileged accounts](remove-dormant-okta-privileged-accounts.md)
-
-### Get alerts on suspicious Okta activity
-
-Defender for Identity alerts you when it detects high-risk behavior in Okta, including anonymous sign-ins, privileged role assignments, and token abuse. These alerts are available in Microsoft Defender XDR. When connected, Defender for Identity raises the following alerts based on Okta activity:
-
-- Okta anonymous user access
-- Privileged API token created
-- Privileged API token updated
-- Privileged Role assignment to Application
-- Suspicious privileged role assignment
-
-For a full list of supported alerts, see: [Defender for Identity XDR alerts](/defender-for-identity/alerts-xdr#initial-access-alerts)
-
-### Use advanced hunting to investigate Okta activity
-
-Advanced hunting lets you investigate identity activity across different services including Okta, Active Directory, and Microsoft Entra ID. The **IdentityInfo** table includes account metadata such as privilege level, group membership, and identity source. The **IdentityEvents** table includes events related to those identities, such as sign-ins, authentication attempts, and identity-related alerts across supported identity providers.
-
-To explore the full schema and build your own queries, see: 
--  [IdentityInfo ](/defender-xdr/advanced-hunting-identityinfo-table)
--  [IdentityEvents(Preview)](/defender-xdr/advanced-hunting-identityevents-table).
-
-### Take remediation actions 
-
-When Microsoft Defender for Identity identifies an identity as at risk, you can take the following remediation actions directly from the Defender portal to update the user's status in Okta.
-
-- Revoke all user's sessions
-
-- Deactivate user in Okta
-
-- Set user risk in Okta
-
-For more information, see: [Remediation actions in Microsoft Defender for Identity](remediation-actions.md#roles-and-permissions)
 
 ## Next steps