Commit

schmurky · schmurky · commit 57abf704df00 · 2024-12-03T16:41:17.000Z
diff --git a/defender-xdr/advanced-hunting-defender-use-custom-rules.md b/defender-xdr/advanced-hunting-defender-use-custom-rules.md
@@ -43,8 +43,18 @@ For editable functions, more options are available when you select the vertical
 - **Edit details** – opens the function side pane to allow you to edit details about the function (except folder names for Sentinel functions)
 - **Delete** – deletes the function
 
-### Use adx() operator for Azure Data Explorer queries
-The *adx()* operator can be used to query 
+### Use adx() operator for Azure Data Explorer queries (Preview)
+Use the `adx()` operator to query tables stored in Azure Data Explorer. Read [What is Azure Data Explorer?](/azure/data-explorer/data-explorer-overview) for more details.
+
+This feature was previously only available in log analytics in Microsoft Sentinel. Users can now use the operator in advanced hunting without needing to manually open a Microsoft Sentinel window. 
+
+In the query editor, enter the query in the following format:
+```Kusto
+adx('<Cluster URI>/<Database Name>').<Table Name>
+```
+In the query editor, enter 
+
+:::image type="content" source="/defender-xdr/media/adx-sample.png" alt-text="Screenshot of adx operator in advanced hunting." lightbox="/defender-xdr/media/adx-sample.png":::
 
 
 ### Use arg() operator for Azure Resource Graph queries
diff --git a/defender-xdr/media/adx-sample.png b/defender-xdr/media/adx-sample.png
diff --git a/defender-xdr/whats-new.md b/defender-xdr/whats-new.md
@@ -29,6 +29,9 @@ For more information on what's new with other Microsoft Defender security produc
 
 You can also get product updates and important notifications through the [message center](https://admin.microsoft.com/Adminportal/Home#/MessageCenter).
 
+## December 2024
+- (Preview) In [advanced hunting](advanced-hunting-defender-use-custom-rules.md#use-adx-operator-for-azure-data-explorer-queries), Microsoft Defender portal users can now use the *adx()* operator for Azure Data Explorer queries to         . You no longer need to go to Log Analytics in Microsoft Sentinel to use this operator if you are already in Microsoft Defender.
+
 ## November 2024
 
 - (Preview) **Attack paths** in the incident graph are now available in the Microsoft Defender portal. The attack story now includes potential attack paths that show the paths that attackers can potentially take after compromising a device. This feature helps you prioritize your response efforts. For more information, see [attack paths in the attack story](investigate-incidents.md#attack-paths).
