addressed comments

Author: diannegali

defender-endpoint/view-incidents-queue.md

@@ -15,14 +15,15 @@ ms.collection:
 ms.topic: conceptual
 ms.subservice: edr
 search.appverid: met150
-ms.date: 07/01/2024
+ms.date: 01/06/2025
 ---
 
 # View and organize the Microsoft Defender for Endpoint Incidents queue
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
 **Applies to:**
+
 - [Microsoft Defender for Endpoint Plan 1](microsoft-defender-endpoint.md)
 - [Microsoft Defender for Endpoint Plan 2](microsoft-defender-endpoint.md)
 - [Microsoft Defender XDR](/defender-xdr)
@@ -31,12 +32,13 @@ ms.date: 07/01/2024
 
 The **Incidents queue** shows a collection of incidents that were flagged from devices in your network. It helps you sort through incidents to prioritize and create an informed cybersecurity response decision.
 
-By default, the queue displays incidents seen in the last 6 months, with the most recent incident showing at the top of the list, helping you see the most recent incidents first.
+By default, the queue displays incidents seen in the last six months, with the most recent incident showing at the top of the list, helping you see the most recent incidents first.
 
 There are several options you can choose from to customize the Incidents queue view. 
 
 On the top navigation you can:
-- Customize columns to add or remove columns 
+
+- Customize columns to add or remove columns
 - Modify the number of items to view per page
 - Select the items to show per page
 - Batch-select the incidents to assign 
@@ -47,9 +49,10 @@ On the top navigation you can:
 :::image type="content" source="media/atp-incident-queue.png" alt-text="The Incidents queue" lightbox="media/atp-incident-queue.png":::
 
 > [!TIP]
-> **Defender Boxed** appears for a limited time during January and July of each year. It's a series of cards showcasing your organization's security successes, improvements, and response actions in the past six months/year. Learn how you can share your [Defender Boxed](/defender-xdr/incident-queue#defender-boxed) highlights.
+> **Defender Boxed**, a series of cards showcasing your organization's security successes, improvements, and response actions in the past six months/year, appears for a limited time during January and July of each year. Learn how you can share your [Defender Boxed](incident-queue.md#defender-boxed) highlights.
 
 ## Sort and filter the incidents queue
+
 You can apply the following filters to limit the list of incidents and get a more focused view.
 
 ### Severity
@@ -58,31 +61,36 @@ Incident severity | Description
 :---|:---
 High </br>(Red) | Threats often associated with advanced persistent threats (APT). These incidents indicate a high risk due to the severity of damage they can inflict on devices.
 Medium </br>(Orange) | Threats rarely observed in the organization, such as anomalous registry change, execution of suspicious files, and observed behaviors typical of attack stages.
-Low </br>(Yellow) | Threats associated with prevalent malware and hack-tools that do not necessarily indicate an advanced threat targeting the organization.
+Low </br>(Yellow) | Threats associated with prevalent malware and hack-tools that don't necessarily indicate an advanced threat targeting the organization.
 Informational </br>(Grey) | Informational incidents might not be considered harmful to the network but might be good to keep track of.
 
 ## Assigned to
+
 You can choose to filter the list by selecting assigned to anyone or ones that are assigned to you.
 
 ### Category
+
 Incidents are categorized based on the description of the stage by which the cybersecurity kill chain is in. This view helps the threat analyst to determine priority, urgency, and corresponding response strategy to deploy based on context.
 
 ### Status
+
 You can choose to limit the list of incidents shown based on their status to see which ones are active or resolved.
 
 ### Data sensitivity
+
 Use this filter to show incidents that contain sensitivity labels.
 
 ## Incident naming
 
-To understand the incident's scope at a glance, incident names are automatically generated based on alert attributes such as the number of endpoints affected, users affected, detection sources or categories.
+To understand the incident's scope at a glance, incident names are automatically generated based on alert attributes such as the number of endpoints affected, users affected, detection sources, or categories.
 
 For example: *Multi-stage incident on multiple endpoints reported by multiple sources.*
 
 > [!NOTE]
-> Incidents that existed prior the rollout of automatic incident naming will retain their name.
+> Incidents that existed prior to the rollout of automatic incident naming retains their original name.
 
 ## See also
+
 - [Incidents queue](view-incidents-queue.md)
 - [Manage incidents](manage-incidents.md)
 - [Investigate incidents](investigate-incidents.md)

defender-xdr/incidents-overview.md

@@ -75,7 +75,7 @@ The Microsoft Defender portal includes tools and methods to automate or otherwis
 | **[Harness AI with Microsoft Copilot for Security](/defender-xdr/security-copilot-in-microsoft-365-defender)** | Add AI to support analysts with complex and time-consuming daily workflows. For example, Microsoft Copilot for Security can help with end-to-end incident investigation and response by providing clearly described attack stories, step-by-step actionable remediation guidance and incident activity summarized reports, natural language KQL hunting, and expert code analysis&mdash;optimizing on SOC efficiency across data from all sources. <br><br>This capability is in addition to the other AI-based functionality that Microsoft Sentinel brings to the unified platform, in the areas of user and entity behavior analytics, anomaly detection, multi-stage threat detection, and more. |
 
 > [!TIP]
-> **Defender Boxed** appears for a limited time during January and July of each year. It's a series of cards showcasing your organization's security successes, improvements, and response actions in the past six months/year. Learn how you can share your [Defender Boxed](incident-queue.md#defender-boxed) highlights.
+> **Defender Boxed**, a series of cards showcasing your organization's security successes, improvements, and response actions in the past six months/year, appears for a limited time during January and July of each year. Learn how you can share your [Defender Boxed](incident-queue.md#defender-boxed) highlights.
 
 ## Related items
 

defender-xdr/investigate-incidents.md

@@ -255,7 +255,7 @@ Some incidents might have similar incidents listed on the **Similar incidents**
 :::image type="content" source="/defender/media/investigate-incidents/incident-similartab-small.png" alt-text="Screenshot that shows the Similar incidents tab for an incident in the Microsoft Defender portal." lightbox="/defender/media/investigate-incidents/incident-similartab.png":::
 
 > [!TIP]
-> **Defender Boxed** appears for a limited time during January and July of each year. It's a series of cards showcasing your organization's security successes, improvements, and response actions in the past six months/year. Learn how you can share your [Defender Boxed](incident-queue.md#defender-boxed) highlights.
+> **Defender Boxed**, a series of cards showcasing your organization's security successes, improvements, and response actions in the past six months/year, appears for a limited time during January and July of each year. Learn how you can share your [Defender Boxed](incident-queue.md#defender-boxed) highlights.
 
 ## Next steps
 

defender-xdr/manage-incidents.md

@@ -50,17 +50,15 @@ This article shows you how to perform various incident management tasks associat
 - [Specify an incident's classification](#specify-the-incidents-classification).
 - [Add comments to an incident](#add-comments-to-an-incident).
 
-> [!TIP]
-> **Defender Boxed** appears for a limited time during January and July of each year. It's a series of cards showcasing your organization's security successes, improvements, and response actions in the past six months/year. Learn how you can share your [Defender Boxed](incident-queue.md#defender-boxed) highlights.
-
-Here are the ways you can manage your incidents:
-=======
 **[Incident logging and reporting:](#incident-logging-and-reporting)**
 
 - [Edit the incident name](#edit-the-incident-name).
 - Assess the activity audit and add comments in the [Activity log](#view-the-activity-log-of-an-incident).
 - [Export incident data to PDF](#export-incident-data-to-pdf).
 
+> [!TIP]
+> **Defender Boxed**, a series of cards showcasing your organization's security successes, improvements, and response actions in the past six months/year, appears for a limited time during January and July of each year. Learn how you can share your [Defender Boxed](incident-queue.md#defender-boxed) highlights.
+
 ## Access the *Manage incident* pane
 
 Most of these tasks are accessible from the **Manage incident** pane for an incident. You can reach this pane from any of several locations.

defender-xdr/respond-first-incident-365-defender.md

@@ -89,7 +89,7 @@ Learn how to classify incidents and alerts through this video:
 > [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4LHJq]
 
 > [!TIP]
-> **Defender Boxed** appears for a limited time during January and July of each year. It's a series of cards showcasing your organization's security successes, improvements, and response actions in the past six months/year. Learn how you can share your [Defender Boxed](incident-queue.md#defender-boxed) highlights.
+> **Defender Boxed**, a series of cards showcasing your organization's security successes, improvements, and response actions in the past six months/year, appears for a limited time during January and July of each year. Learn how you can share your [Defender Boxed](incident-queue.md#defender-boxed) highlights.
 
 ## Next steps