Learn Editor: Update microsoft-xdr-auditing.md

Author: diannegali

defender-xdr/microsoft-xdr-auditing.md

@@ -40,7 +40,7 @@ For a complete list of Microsoft Defender XDR activities that are audited, see [
 
 To access the audit log, you need to have the **View-Only Audit Logs** or **Audit Logs** role in Exchange Online. By default, those roles are assigned to the Compliance Management and Organization Management role groups.
 
->[!Note]
+> [!NOTE]
 > Global administrators in Office 365 and Microsoft 365 are automatically added as members of the Organization Management role group in Exchange Online.
 
 ## Turn on auditing in Microsoft Defender XDR
@@ -57,6 +57,9 @@ Microsoft Defender XDR uses the [Microsoft Purview auditing solution](/purview/a
    :::image type="content" source="/defender/media/defender/unified-audit-log.png" alt-text="Screenshot of the unified audit log toggle in Microsoft Defender XDR advanced settings" lightbox="/defender/media/defender/unified-audit-log.png":::
     4. Select **Save preferences**.
 
+> [!IMPORTANT]
+> Global Administrator is a highly privileged role that should be limited to scenarios when you can't use an existing role. Microsoft recommends that you use roles with the fewest permissions. Using lower permissioned accounts helps improve security for your organization.
+
 ## Using the audit search in Microsoft Defender XDR
 
 1. To retrieve audit logs for Microsoft Defender XDR activities, navigate to the [Microsoft Defender XDR Audit page](https://security.microsoft.com/auditlogsearch) or go to the [Purview compliance portal](https://compliance.microsoft.com) and select **Audit**.
@@ -102,7 +105,7 @@ Import-PSSession $s
 Search-UnifiedAuditLog -StartDate 2023/03/12 -EndDate 2023/03/20 -RecordType <ID>
 ```
 
->[!Note]
+>[!NOTE]
 > See the API column in Audit activities included for the record type values.
 
 ## Additional resources