Merge pull request #2238 from MicrosoftDocs/dex-scoped-updates

Dex scoped updates

Author: vpattnai

defender-xdr/defender-experts-scoped-coverage.md

@@ -17,7 +17,7 @@ ms.custom:
 - cx-ti
 - cx-dex
 search.appverid: met150
-ms.date: 12/19/2024
+ms.date: 12/20/2024
 ---
 
 # Scoped coverage in Microsoft Defender Experts for XDR
@@ -34,23 +34,27 @@ Devices and users that are out of scope won't be supported by Defender Experts.
 
 ## Using Defender Experts scoped coverage
 
-Defender Experts create a predefined Microsoft Defender for Endpoint device group or a Microsoft Entra ID user group in the Microsoft Defender portal to which you can add devices and users, respectively. The default name assigned to the created device or user group begins with **Defender_Experts_Scoped_Coverage_**. 
+You can create a predefined Microsoft Defender for Endpoint device group or a Microsoft Entra ID user group in the Microsoft Defender portal to which you can add devices and users, respectively. The default name assigned to the created device or user group is:
 
-:::image type="content" source="media/defender_scoped_devices.png" alt-text="Screenshot of Defender Experts Scoped devices." lightbox="media/defender_scoped_devices.png":::
+- **Defender_Experts_Scoped_Coverage_Devices**
+- **Defender_Experts_Scoped_Coverage_Users**
 
 The devices and users you add to these groups are then considered as the set of assets that are in scope for this service.
 
-> [!IMPORTANT]
-> Defender Experts need **System administrator** permissions to create the device and user groups. [Learn more about granting permissions to our experts](get-started-xdr.md#grant-permissions-to-our-experts)
->
-> The device group must also be in the highest order of priority for the devices under it to be considered in scope. This is a known product limitation.
+:::image type="content" source="media/defender_scoped_devices.png" alt-text="Screenshot of Defender Experts Scoped devices." lightbox="media/defender_scoped_devices.png":::
+
+> [!NOTE]
+> Defender Experts need **Security admin** permissions to create the device and user groups. [Learn more about granting permissions to our experts](get-started-xdr.md#grant-permissions-to-our-experts)
+
+> [!TIP]
+> The device group should be in the highest order of priority for the devices under it, to be considered in scope. This is a known product limitation.
 
 Currently, the service doesn't offer support to rename these predefined groups, so we recommend that you don't rename the created device or user group. It also doesn't support nested groups. The devices and users would have to be added individually to the groups created.
 
 The following section lists down questions that you or your SOC team might have regarding scoped coverage:
 
 1. **What aspects of the XDR service remain consistent with Defender Experts scoped coverage?**
-   - This service doesn't change our pricing structure. You still pay for Defender Experts service based on E5 (and servers, Microsoft Defender for Cloud, and Open XDR) for your desired user base.
+   - This service doesn't change our pricing structure. You still pay for Defender Experts service based on E5 (Microsoft Defender for Servers) for your desired user base.
    - This service doesn't scope according to individual Microsoft Defender products and services (such as Defender for Endpoint, Microsoft Defender for Office 365, or Microsoft Defender for Cloud). That is, the minimum baseline for scoped coverage is still the E5 license.
    - There's no change in permissions for analysts in Defender Experts for XDR. Defender Experts analysts will still have access to your entire tenant and not just the scoped assets.