MicrosoftDocs
diff --git a/‎ATADocs/suspicious-activity-guide.md‎
Lines changed: 2 additions & 2 deletions b/‎ATADocs/suspicious-activity-guide.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎defender-endpoint/data-storage-privacy.md‎
Lines changed: 1 addition & 1 deletion b/‎defender-endpoint/data-storage-privacy.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎defender-endpoint/gov.md‎
Lines changed: 49 additions & 48 deletions b/‎defender-endpoint/gov.md‎
Lines changed: 49 additions & 48 deletions
diff --git a/‎defender-endpoint/mac-install-with-intune.md‎
Lines changed: 3 additions & 5 deletions b/‎defender-endpoint/mac-install-with-intune.md‎
Lines changed: 3 additions & 5 deletions
diff --git a/‎defender-xdr/advanced-hunting-microsoft-defender.md‎
Lines changed: 4 additions & 1 deletion b/‎defender-xdr/advanced-hunting-microsoft-defender.md‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎defender-xdr/communicate-defender-experts-xdr.md‎
Lines changed: 2 additions & 1 deletion b/‎defender-xdr/communicate-defender-experts-xdr.md‎
Lines changed: 2 additions & 1 deletion
@@ -536,9 +536,9 @@ Apply the latest patches to all of your machines, and check all security updates
 
 1. [Remove WannaCry](https://support.microsoft.com/help/890830/remove-specific-prevalent-malware-with-windows-malicious-software-remo)
 
-1. Data in the control of some ransom software can sometimes be decrypted. Decryption is only possible if the user hasn't restarted or turned off the computer. For more information, see [Wanna Cry Ransomware](https://answers.microsoft.com/en-us/windows/forum/windows_10-security/wanna-cry-ransomware/5afdb045-8f36-4f55-a992-53398d21ed07?auth=1)
+1. Data in the control of some ransom software can sometimes be decrypted. Decryption is only possible if the user hasn't restarted or turned off the computer. For more information, see [WannaCrypt ransomware worm targets out-of-date systems](https://www.microsoft.com/security/blog/2017/05/12/wannacrypt-ransomware-worm-targets-out-of-date-systems/)
 
->[!NOTE]
+> [!NOTE]
 > To disable a suspicious activity alert, contact support.
 
 ## See also
 
@@ -34,7 +34,7 @@ ms.date: 05/12/2025
 This section covers some of the most frequently asked questions regarding privacy and data handling for Defender for Endpoint.
 
 > [!NOTE]
-> This article explains the data storage and privacy details related to Defender for Endpoint and Defender for Business. For more information related to Defender for Endpoint and other products and services like Microsoft Defender Antivirus and Windows, see [Microsoft Privacy Statement](https://go.microsoft.com/fwlink/?linkid=827576), and also [Windows privacy FAQ](https://go.microsoft.com/fwlink/?linkid=827577).
+> This article explains the data storage and privacy details related to Defender for Endpoint and Defender for Business. For more information related to Defender for Endpoint and other products and services like Microsoft Defender Antivirus and Windows, see [Microsoft Privacy Statement](https://go.microsoft.com/fwlink/?linkid=827576).
 
 ## What are we collecting?
 
 
@@ -484,11 +484,9 @@ To download the onboarding package from the Microsoft Defender portal:
 
 1. On the **Deployment method** drop-down, select **Mobile Device Management / Microsoft Intune**.
 
-   ![macos-download-onboarding-package](media/mac-install-with-intune/macos-download-onboarding-package.png)
-   
-   
-   
-3. Select **Download onboarding package**. Save it as _GatewayWindowsDefenderATPOnboardingPackage.zip_ to the same directory.
+   ![Screenshot of the Onboarding page with Deployment method Mobile Device Management / Microsoft Intune highlighted.](media/mac-install-with-intune/macos-download-onboarding-package.png)
+
+1. Select **Download onboarding package**. Save it as _GatewayWindowsDefenderATPOnboardingPackage.zip_ to the same directory.
 
 1. Extract the contents of the .zip file:
 
 
@@ -23,7 +23,7 @@ ms.topic: concept-article
 appliesto:
     - Microsoft Defender XDR
     - Microsoft Sentinel in the Microsoft Defender portal
-ms.date: 02/10/2025
+ms.date: 07/22/2025
 ---
 
 # Advanced hunting with Microsoft Sentinel data in Microsoft Defender portal
@@ -34,6 +34,9 @@ Querying from a single portal across different data sets makes hunting more effi
 
 [!INCLUDE [unified-soc-preview](../includes/unified-soc-preview.md)]
 
+> [!NOTE]
+> After onboarding to the Microsoft Sentinel data lake, auxiliary log tables are no longer available in Microsoft Defender advanced hunting. Instead, you can access them through data lake exploration KQL queries in the Defender portal. For more information, see [KQL queries in the Microsoft Sentinel data lake](/azure/sentinel/datalake/kql-queries).
+
 ## How to access
 
 ### Required roles and permissions
 
@@ -51,7 +51,8 @@ Once you turn on chat on Teams, a new team named **Defender Experts team** is cr
 
 **Important reminders when using the Teams chat:**
 
-- Our experts have access to messages in **Defender Experts team** through the Defender Experts Teams app so you don't have to explicitly them to this team. 
+- Our experts have access to messages in **Defender Experts team** through the Defender Experts Teams app so you don't have to explicitly add them to this team. 
+
 - Our experts only see replies to existing posts created by Defender Experts regarding a managed response. If you create a new post, our experts won't be able to see it.
 - While Defender Experts might have access to all messages in any channel in **Defender Experts team**, tag or mention our experts by typing *@Defender Experts* in your replies, so they're notified to join the chat conversation.
 - Don't attach any attachments (for example, files for analysis) in the chat. For security reasons, Defender Experts won't be able to view the attachments. Instead, send them to appropriate submissions channels or provide links where they can be found in Microsoft Defender XDR portal.