Merge pull request #4034 from MicrosoftDocs/main

[AutoPublish] main to live - 05/29 15:32 PDT | 05/30 04:02 IST

Author: Ruchika-mittal01

defender-office-365/alert-policies-defender-portal.md

@@ -17,7 +17,7 @@ ms.custom:
 description: Admins can use the Alert policy page in the Microsoft Defender portal to view and create alert policies to trigger alerts when the specified actions occur.
 ms.service: defender-office-365
 search.appverid: met150
-ms.date: 10/9/2023
+ms.date: 05/29/2025
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 1 and Plan 2</a>
   - ✅ <a href="https://learn.microsoft.com/defender-xdr/microsoft-365-defender" target="_blank">Microsoft Defender XDR</a>
@@ -29,9 +29,6 @@ appliesto:
 
 In Microsoft 365 organizations with mailboxes in Exchange Online, alert policies generate alerts in the alert dashboard when users take actions that match the conditions of the policy. There are many default alert policies that help you monitor activities. For example, assigning admin privileges in Exchange Online, malware attacks, phishing campaigns, and unusual levels of file deletions and external sharing.
 
-> [!TIP]
-> Alert policies in the Microsoft Defender portal are identical to alert policies in the Microsoft Purview portal at <https://purview.microsoft.com/alertpolicies>.
-
 ## What do you need to know before you begin?
 
 - You need to be assigned permissions before you can do the procedures in this article. You have the following options:

defender-xdr/advanced-hunting-schema-changes.md

@@ -17,8 +17,11 @@ ms.collection:
 ms.custom:
 - cx-ti
 - cx-ah
+appliesto:
+    - Microsoft Defender XDR
+    - Microsoft Sentinel in the Microsoft Defender portal
 ms.topic: reference
-ms.date: 02/16/2024
+ms.date: 05/28/2025
 ---
 
 # Advanced hunting schema - Naming changes
@@ -37,6 +40,12 @@ Naming changes are automatically applied to queries that are saved in Microsoft
 - Queries that are run using the API
 - Queries that are saved elsewhere outside Microsoft Defender XDR
 
+
+
+## May 2025
+In the [`IdentityInfo`](advanced-hunting-identityinfo-table.md) table, the `SourceProvider` column was replaced by the `IdentityEnvironment` column. This change was made to streamline the unified `IdentityInfo` table with a similar table in Microsoft Sentinel log analytics. Note that a new column, `SourceProviders` (with an *s*) was added in the unified table. This column refers to the source providers of the accounts for the identity.
+
+
 ## December 2020
 
 | Table name | Original column name | New column name | Reason for change
@@ -70,7 +79,7 @@ Naming changes are automatically applied to queries that are saved in Microsoft
 
 ## February 2021
 
-1. In the [EmailAttachmentInfo](advanced-hunting-emailattachmentinfo-table.md) and [EmailEvents](advanced-hunting-emailevents-table.md) tables, the `MalwareFilterVerdict`and `PhishFilterVerdict` columns have been replaced by the `ThreatTypes` column. The `MalwareDetectionMethod` and `PhishDetectionMethod` columns were also replaced by the `DetectionMethods` column. This streamlining allows us to provide more information under the new columns. The mapping is provided below.
+1. In the [EmailAttachmentInfo](advanced-hunting-emailattachmentinfo-table.md) and [EmailEvents](advanced-hunting-emailevents-table.md) tables, the `MalwareFilterVerdict` and `PhishFilterVerdict` columns have been replaced by the `ThreatTypes` column. The `MalwareDetectionMethod` and `PhishDetectionMethod` columns were also replaced by the `DetectionMethods` column. This streamlining allows us to provide more information under the new columns. The mapping is provided below.
 
     | Table name | Original column name | New column name | Reason for change
     |--|--|--|--|