updates

Author: schmurky

defender-xdr/advanced-hunting-defender-use-custom-rules.md

@@ -123,7 +123,7 @@ The **Analytics rule wizard** appears. Fill up the required details as described
 
 
 ##### Custom detection rules
-You can create custom detection rules that query data from both Microsoft Sentinel and Defender XDR tables. Select **Manage rules > Create custom detection**. Read [Create and manage custom detection rules](custom-detection-rules.md) for more information. 
+You can create custom detection rules that query data from both Microsoft Sentinel and Defender XDR tables. Select **Manage rules > Create custom detection**. Read [Create custom detection rules](custom-detection-rules.md) for more information. 
 
 
 In both custom detection and analytics rule creation, you can only query data ingested as analytics logs (that is, not as basic logs or auxiliary logs. See [log management plans](/azure/sentinel/log-plans#log-management-plans) to check the different tiers) otherwise the rule creation won't proceed.
@@ -133,3 +133,12 @@ If your Defender XDR data is ingested into Microsoft Sentinel, you have the opti
 
 > [!NOTE]
 > If a Defender XDR table is not set up to stream to log analytics in Microsoft Sentinel but is recognized as a standard table in Microsoft Sentinel, an analytics rule can be created successfully but the rule won't run correctly since no data is actually available in Microsoft Sentinel. For these cases, use the custom detection rule wizard instead. 
+
+## Manage custom analytics and detection rules
+
+You can view all your user-defined rules—both custom detection rules and analytics rules—in the **Detection rules** page. Read [Manage custom detections](custom-detection-manage.md) for more details.
+
+You can migrate any analytics rule that can run in [Continuous (near real-time) frequency](custom-detection-rules.md#continuous-nrt-frequency) by selecting the **Migrate now** button in the banner that appears when you open the detection rules list page.
+
+For multiworkspace organizations that have onboarded multiple workspaces to Microsoft Defender, you can now view the **Workspace ID** column and filter by workspace. 
+   

defender-xdr/custom-detection-manage.md

@@ -61,11 +61,12 @@ To view comprehensive information about a custom detection rule or an analytics
 
 You can also take the following actions on the rule from this page:
 
-- **Run** - Run the rule immediately. This also resets the interval for the next run.
-- **Edit** - Modify the rule without changing the query.
-- **Modify query** - Edit the query in advanced hunting.
-- **Turn on** / **Turn off** - Enable the rule or stop it from running.
-- **Delete** - Turn off the rule and remove it.
+- **Open detection rule page** - opens the detection rule page to view triggered alerts and actions (for custom detection rules only)
+- **Run** - runs the rule immediately; this also resets the interval for the next run (for custom detection rules only)
+- **Edit** - allows you to modify the rule without changing the query
+- **Modify query** - allows you to edit the query in advanced hunting
+- **Turn on** / **Turn off** - allows you to enable the rule or stop it from running
+- **Delete** - allows you to turn off the rule and remove it
 
 ### View and manage triggered alerts
 
@@ -82,8 +83,6 @@ In the rule details screen (**Hunting** \> **Custom detections** \> **[Rule name
 > [!TIP]
 > To quickly view information and take action on an item in a table, use the selection column [✓] at the left of the table.
 
-> [!NOTE]
-> Some columns in this article might not be available in Microsoft Defender for Endpoint. [Turn on Microsoft Defender XDR](m365d-enable.md) to hunt for threats using more data sources. You can move your advanced hunting workflows from Microsoft Defender for Endpoint to Microsoft Defender XDR by following the steps in [Migrate advanced hunting queries from Microsoft Defender for Endpoint](advanced-hunting-migrate-from-mde.md).
 
 ## See also
 

defender-xdr/custom-detection-rules.md

@@ -135,7 +135,6 @@ With the query in the query editor, select **Create detection rule** and specify
 - **Description** - More information about the component or activity identified by the rule. Strings are sanitized for security purposes so HTML, Markdown, and other code won't work.
 - **Recommended actions** - Additional actions that responders might take in response to an alert.
 
-#### Dynamic
 
 #### Rule frequency
 

defender-xdr/whats-new.md

@@ -32,6 +32,15 @@ For more information on what's new with other Microsoft Defender security produc
 
 You can also get product updates and important notifications through the [message center](https://admin.microsoft.com/Adminportal/Home#/MessageCenter).
 
+## May 2025
+- (Preview) In advanced hunting, you can now [view all your user-defined rules](custom-detection-manage.md)—both custom detection rules and analytics rules—in the **Detection rules** page. This feature also brings the following improvements:
+    - You can now migrate any analytics rule that can run in Continuous (near real-time) frequency by selecting the **Migrate now** button in the banner that appears when you open the detection rules list page.
+    - You can now filter for *every* column (in addition to **Frequency** and **Organizational scope**).
+    - For multiworkspace organizations that have onboarded multiple workspaces to Microsoft Defender, you can now view the **Workspace ID** column and filter by workspace. 
+    - You can now view the details pane even for analytics rules.
+    - You can now perform the following actions on analytics rules: Turn on/off, Delete, Edit.
+
+
 ## April 2025
 
 - (Preview) You can now create data security investigations in the Microsoft Defender portal with the integration of Microsoft Purview Data Security Investigations (preview) and Microsoft Defender XDR. This integration allows security operations center (SOC) teams to enhance their investigation and response to potential data security incidents like data breaches or data leaks. For more information, see [Create data security investigations in the Microsoft Defender portal](create-dsi-in-defender.md).