Clarify Boolean value changes in hunting results

Added examples to illustrate the transition from numeric (1/0) to textual (true/false) Boolean values in advanced hunting results, and clarified the impact on automation parsing these values.

Author: poliveria

defender-xdr/advanced-hunting-schema-changes.md

@@ -38,7 +38,23 @@ Naming changes are automatically applied to queries that are saved in Microsoft
 - Queries that are saved elsewhere outside Microsoft Defender XDR
 
 ## November 2025
-- The Boolean field values in advanced hunting results will change from numeric (`1` and `0`) to textual (`True` and `False`) on January 25, 2026. While your queries and custom detection rules won't be affected by this change, you might want to update your automated processes (for example, scripts, playbooks, or integrations) parsing these values. 
+- The Boolean field values in advanced hunting results will change from numeric (`1` and `0`) to textual (`True` and `False`) on January 25, 2026. While your queries and custom detection rules won't be affected by this change, you might want to update your automated processes (for example, scripts, playbooks, or integrations) parsing these values.
+
+    For example:
+
+    **Current behavior**
+    ```kusto
+    DeviceEvents 
+    | where IsAdmin == 1 
+    ```
+
+    **Future behavior**
+    ```kusto
+    DeviceEvents 
+    | where IsAdmin == true 
+    ```
+
+    Both queries will remain valid. However, if your automation expects `IsAdmin=1` in the output, update it to accept `true` instead. 
 
 - The [`AADSignInEventsBeta`](advanced-hunting-aadsignineventsbeta-table.md) and  [`AADSpnSignInEventsBeta`](advanced-hunting-aadspnsignineventsbeta-table.md) tables are being replaced by [`EntraIdSignInEvents`](advanced-hunting-entraidsigninevents-table.md) and [`EntraIdSpnSignInEvents`](advanced-hunting-entraidspnsigninevents-table.md), respectively. These changes are being made to remove the former tables' preview status and to align them with the existing product branding.