Update advanced hunting tables to Preview status

Marked CampaignInfo and FileMaliciousContentInfo tables as (Preview) in documentation, added important notice about prereleased product, and updated the schema reference and what's new page to reflect their preview availability.

Author: poliveria

defender-xdr/advanced-hunting-campaigninfo-table.md

@@ -24,11 +24,12 @@ ms.topic: reference
 ms.date: 12/01/2025
 ---
 
-# CampaignInfo
+# CampaignInfo (Preview)
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
-
+> [!IMPORTANT]
+> Some information relates to prereleased product which might be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 
 The `CampaignInfo` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about email campaigns identified by Microsoft Defender for Office 365. Use this reference to construct queries that return information from this table.
@@ -37,8 +38,7 @@ This advanced hunting table is populated by records from Defender for Office 365
 
 For information on other tables in the advanced hunting schema, [see the advanced hunting reference](advanced-hunting-schema-tables.md).
 
-> [!IMPORTANT]
-> Some information relates to prereleased product which might be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 | Column name | Data type | Description |
 |-------------|-----------|-------------|

defender-xdr/advanced-hunting-filemaliciouscontentinfo-table.md

@@ -24,10 +24,13 @@ ms.topic: reference
 ms.date: 12/01/2025
 ---
 
-# FileMaliciousContentInfo
+# FileMaliciousContentInfo (Preview)
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
+> [!IMPORTANT]
+> Some information relates to prereleased product which might be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 The `FileMaliciousContentInfo` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about files that were identified as malicious by Microsoft Defender for Office 365 in SharePoint Online, OneDrive, and Microsoft Teams. Use this reference to construct queries that return information from this table.
 
 > [!TIP]
@@ -37,8 +40,7 @@ This advanced hunting table is populated by records from Defender for Office 365
 
 For information on other tables in the advanced hunting schema, [see the advanced hunting reference](advanced-hunting-schema-tables.md).
 
-> [!IMPORTANT]
-> Some information relates to prereleased product which might be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 | Column name | Data type | Description |
 |-------------|-----------|-------------|

defender-xdr/advanced-hunting-schema-tables.md

@@ -102,7 +102,7 @@ The following reference lists all the tables in the schema. Each table name link
 | **[EntraIdSpnSignInEvents](advanced-hunting-entraidspnsigninevents-table.md)** (Preview)| Microsoft Entra service principal and managed identity sign-ins |
 | **[ExposureGraphEdges](advanced-hunting-exposuregraphedges-table.md)** | Microsoft Security Exposure Management exposure graph edge information provides visibility into relationships between entities and assets in the graph |
 | **[ExposureGraphNodes](advanced-hunting-exposuregraphnodes-table.md)** | Microsoft Security Exposure Management exposure graph node information, about organizational entities and their properties |
-| **[FileMaliciousContentInfo](advanced-hunting-emailurlinfo-table.md)** | Files that were identified as malicious by Microsoft Defender for Office 365 in SharePoint Online, OneDrive, and Microsoft Teams |
+| **[FileMaliciousContentInfo](advanced-hunting-emailurlinfo-table.md)** (Preview) | Files that were identified as malicious by Microsoft Defender for Office 365 in SharePoint Online, OneDrive, and Microsoft Teams |
 | **[GraphApiAuditEvents](advanced-hunting-graphapiauditevents-table.md)**  (Preview) | Microsoft Entra ID API requests made to Microsoft Graph API for resources in the tenant |
 | **[IdentityAccountInfo](advanced-hunting-identityaccountinfo-table.md)** (Preview) | Account information from various sources, including Microsoft Entra ID. This table also includes information and link to the identity that owns the account. |
 | **[IdentityDirectoryEvents](advanced-hunting-identitydirectoryevents-table.md)** | Events involving an on-premises domain controller running Active Directory (AD). This table covers a range of identity-related events and system events on the domain controller. |

defender-xdr/whats-new.md

@@ -33,10 +33,11 @@ For more information on what's new with other Microsoft Defender security produc
 You can also get product updates and important notifications through the [message center](https://admin.microsoft.com/Adminportal/Home#/MessageCenter).
 
 ## December 2025
+- (Preview) The following advanced hunting schema tables are now available for preview:
+    - The [`CampaignInfo`](advanced-hunting-campaigninfo-table.md) table contains contains information about email campaigns identified by Microsoft Defender for Office 365
+    - The [`FileMaliciousContentInfo`](advanced-hunting-filemaliciouscontentinfo-table.md) table contains information about files that were identified as malicious by Microsoft Defender for Office 365 in SharePoint Online, OneDrive, and Microsoft Teams
 - (GA) The [hunting graph](advanced-hunting-graph.md) in advanced hunting is now generally available. It also now has two new predefined threat scenarios that you can use to render your hunts as interactive graphs.
-- (GA) Advanced hunting now supports custom functions that use tabular parameters. With tabular parameters, you can pass entire tables as inputs. This approach lets you build more modular, reusable, and expressive logic across your hunting queries. [Learn more](advanced-hunting-custom-functions.md#create-custom-functions-with-tabular-parameters)
-- (GA) The [`CampaignInfo`](advanced-hunting-campaigninfo-table.md) table is now available in advanced hunting. Use it to hunt through information about email campaigns identified by Microsoft Defender for Office 365.
-- (GA) The [`FileMaliciousContentInfo](advanced-hunting-filemaliciouscontentinfo-table.md) table is now available in advanced hunting. Use it to hunt through information about files that were identified as malicious by Microsoft Defender for Office 365 in SharePoint Online, OneDrive, and Microsoft Teams. 
+- (GA) Advanced hunting now supports custom functions that use tabular parameters. With tabular parameters, you can pass entire tables as inputs. This approach lets you build more modular, reusable, and expressive logic across your hunting queries. [Learn more](advanced-hunting-custom-functions.md#create-custom-functions-with-tabular-parameters) 
 
 ## November 2025
 - Microsoft Sentinel customers using the Defender portal, or the Azure portal with the Microsoft Sentinel Defender XDR data connector, now also benefit from Microsoft Threat Intelligence alerts that highlight activity from nation-state actors, major ransomware campaigns, and fraudulent operations. To view these alert types, you must have the **Security Administrator** or **Global Administrator** role. The **Service Source**, **Detection Source**, and **Product Name** values for these alerts are listed as *Microsoft Threat Intelligence*.   For more information, see [Incidents and alerts in the Microsoft Defender portal](incidents-overview.md).