Edit to applies to

schmurky · schmurky · commit 3f111b021e3f · 2025-03-21T17:20:21.000Z
diff --git a/defender-xdr/advanced-hunting-aadsignineventsbeta-table.md b/defender-xdr/advanced-hunting-aadsignineventsbeta-table.md
@@ -17,15 +17,16 @@ ms.collection:
 ms.custom:
 - cx-ti
 - cx-ah
+appliesto:
+    - Microsoft Defender XDR
+    - Microsoft Sentinel in the Microsoft Defender portal
 ms.topic: reference
 ms.date: 04/03/2024
 ---
 
 # AADSignInEventsBeta
 
-**Applies to:**
 
-- Microsoft Defender XDR
 
 > [!IMPORTANT]
 > The `AADSignInEventsBeta` table is currently in beta and is being offered on a short-term basis to allow you to hunt through Microsoft Entra sign-in events. Customers need to have a Microsoft Entra ID P2 license to collect and view activities for this table. All sign-in schema information will eventually move to the `IdentityLogonEvents` table.
diff --git a/defender-xdr/advanced-hunting-aadspnsignineventsbeta-table.md b/defender-xdr/advanced-hunting-aadspnsignineventsbeta-table.md
@@ -17,14 +17,15 @@ ms.collection:
 ms.custom:
 - cx-ti
 - cx-ah
+appliesto:
+    - Microsoft Defender XDR
+    - Microsoft Sentinel in the Microsoft Defender portal
 ms.topic: reference
 ms.date: 04/03/2024
 ---
 
 # AADSpnSignInEventsBeta
 
-**Applies to:**
-- Microsoft Defender XDR
 
 > [!IMPORTANT]
 > The `AADSpnSignInEventsBeta` table is currently in beta and is being offered on a short-term basis to allow you to hunt through Microsoft Entra sign-in events. Customers need to have a Microsoft Entra ID P2 license to collect and view activities for this table. Microsoft will eventually move all sign-in schema information to the `IdentityLogonEvents` table.
diff --git a/defender-xdr/advanced-hunting-alertevidence-table.md b/defender-xdr/advanced-hunting-alertevidence-table.md
@@ -17,6 +17,9 @@ ms.collection:
 ms.custom: 
 - cx-ti
 - cx-ah
+appliesto:
+    - Microsoft Defender XDR
+    - Microsoft Sentinel in the Microsoft Defender portal
 ms.topic: reference
 ms.date: 04/03/2024
 ---
@@ -26,8 +29,6 @@ ms.date: 04/03/2024
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
 
-**Applies to:**
-- Microsoft Defender XDR
 
 The `AlertEvidence` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about various entities—files, IP addresses, URLs, users, or devices—associated with alerts from Microsoft  Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Defender for Cloud Apps, and Microsoft Defender for Identity. Use this reference to construct queries that return information from this table.
 
diff --git a/defender-xdr/advanced-hunting-alertinfo-table.md b/defender-xdr/advanced-hunting-alertinfo-table.md
@@ -17,6 +17,9 @@ ms.collection:
 ms.custom: 
 - cx-ti
 - cx-ah
+appliesto:
+    - Microsoft Defender XDR
+    - Microsoft Sentinel in the Microsoft Defender portal
 ms.topic: reference
 ms.date: 04/03/2024
 ---
@@ -26,8 +29,6 @@ ms.date: 04/03/2024
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
 
-**Applies to:**
-- Microsoft Defender XDR
 
 
 ## Get access
diff --git a/defender-xdr/advanced-hunting-assignedipaddresses-function.md b/defender-xdr/advanced-hunting-assignedipaddresses-function.md
@@ -17,6 +17,9 @@ ms.collection:
 ms.custom: 
 - cx-ti
 - cx-ah
+appliesto:
+    - Microsoft Defender XDR
+    - Microsoft Sentinel in the Microsoft Defender portal
 ms.topic: reference
 ms.date: 04/03/2024
 ---
@@ -26,8 +29,7 @@ ms.date: 04/03/2024
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
 
-**Applies to:**
-- Microsoft Defender XDR
+
 
 Use the `AssignedIPAddresses()` function in your [advanced hunting](advanced-hunting-overview.md) queries to quickly obtain the latest IP addresses that have been assigned to a device. If you specify a timestamp argument, this function obtains the most recent IP addresses at the specified time. 
 
diff --git a/defender-xdr/advanced-hunting-behaviorentities-table.md b/defender-xdr/advanced-hunting-behaviorentities-table.md
@@ -17,6 +17,9 @@ ms.collection:
 ms.custom: 
 - cx-ti
 - cx-ah
+appliesto:
+    - Microsoft Defender XDR
+    - Microsoft Sentinel in the Microsoft Defender portal
 ms.topic: reference
 ms.date: 12/29/2023
 ---
@@ -25,8 +28,7 @@ ms.date: 12/29/2023
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
-**Applies to:**
-- Microsoft Defender XDR
+
 
 The `BehaviorEntities` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about behaviors in Microsoft Defender for Cloud Apps. Use this reference to construct queries that return information from this table.
 
diff --git a/defender-xdr/advanced-hunting-behaviorinfo-table.md b/defender-xdr/advanced-hunting-behaviorinfo-table.md
@@ -17,6 +17,9 @@ ms.collection:
 ms.custom: 
 - cx-ti
 - cx-ah
+appliesto:
+    - Microsoft Defender XDR
+    - Microsoft Sentinel in the Microsoft Defender portal
 ms.topic: reference
 ms.date: 12/29/2023
 ---
@@ -26,9 +29,6 @@ ms.date: 12/29/2023
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
 
-**Applies to:**
-- Microsoft Defender XDR
-
 
 
 
diff --git a/defender-xdr/advanced-hunting-cloudappevents-table.md b/defender-xdr/advanced-hunting-cloudappevents-table.md
@@ -17,6 +17,9 @@ ms.collection:
 ms.custom: 
 - cx-ti
 - cx-ah
+appliesto:
+    - Microsoft Defender XDR
+    - Microsoft Sentinel in the Microsoft Defender portal
 ms.topic: reference
 ms.date: 06/09/2024
 ---
@@ -25,8 +28,7 @@ ms.date: 06/09/2024
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
-**Applies to:**
-- Microsoft Defender XDR
+
 
 The `CloudAppEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about events involving accounts and objects in Office 365 and other [cloud apps and services](#apps-and-services-covered). Use this reference to construct queries that return information from this table.
 
diff --git a/defender-xdr/advanced-hunting-cloudauditevents-table.md b/defender-xdr/advanced-hunting-cloudauditevents-table.md
@@ -17,6 +17,9 @@ ms.collection:
 ms.custom: 
 - cx-ti
 - cx-ah
+appliesto:
+    - Microsoft Defender XDR
+    - Microsoft Sentinel in the Microsoft Defender portal
 ms.topic: reference
 ms.date: 12/29/2023
 ---
@@ -25,8 +28,6 @@ ms.date: 12/29/2023
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
-**Applies to:**
-- Microsoft Defender XDR
 
 
 
diff --git a/defender-xdr/advanced-hunting-cloudprocessevents-table.md b/defender-xdr/advanced-hunting-cloudprocessevents-table.md
@@ -17,6 +17,9 @@ ms.collection:
 ms.custom: 
 - cx-ti
 - cx-ah
+appliesto:
+    - Microsoft Defender XDR
+    - Microsoft Sentinel in the Microsoft Defender portal
 ms.topic: reference
 ms.date: 11/11/2024
 ---
@@ -25,8 +28,7 @@ ms.date: 11/11/2024
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
-**Applies to:**
-- Microsoft Defender XDR
+
 
 The `CloudProcessEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about process events in multicloud hosted environments such as Azure Kubernetes Service, Amazon Elastic Kubernetes Service, and Google Kubernetes Engine as protected by the organization's [Microsoft Defender for Cloud](/azure/defender-for-cloud/concept-integration-365#advanced-hunting-in-xdr). Use this reference to construct queries that return information from this table.
 
