Fixing USX language across Defender docs

Author: batamig

defender-xdr/automatic-attack-disruption.md

@@ -79,18 +79,18 @@ For more information, see [remediation actions](m365d-remediation-actions.md) in
 
 ### Automated response actions for SAP with Microsoft Sentinel
 
-If you're using the [unified security operations platform](microsoft-sentinel-onboard.md) and you deployed the Microsoft Sentinel solution for SAP applications, you can also deploy automatic attack disruption for SAP.
+If you [onboarded Microsoft Sentinel to the Defender portal](microsoft-sentinel-onboard.md) and deployed the Microsoft Sentinel solution for SAP applications, you can also deploy automatic attack disruption for SAP.
 
-For example, deploy attack disruption for SAP to contain compromised assets by locking suspicious SAP users in case of a financial process manipulation attack. 
+For example, deploy attack disruption for SAP to contain compromised assets by locking suspicious SAP users in case of a financial process manipulation attack.
 
-After the risk is mitigated, Microsoft Defender admins can manually unlock the users that had been automatically locked by the attack disruption response. The ability to manually unlock users is available from the Microsoft Defender action center, and only for users that were locked by attack disruption. 
+After the risk is mitigated, Microsoft Defender admins can manually unlock the users that had been automatically locked by the attack disruption response. The ability to manually unlock users is available from the Microsoft Defender action center, and only for users that were locked by attack disruption.
 
 To use attack disruption for SAP, deploy a new data connector agent, or make sure that your agent is using version 90847355 or higher, and then assign and apply the required Azure and SAP roles. For more information, see:
 
 - [Deploy and configure the container hosting the SAP data connector agent](/azure/sentinel/sap/deploy-data-connector-agent-container)
 - [Update Microsoft Sentinel's SAP data connector agent](/azure/sentinel/sap/update-sap-data-connector), especially [Update your system for automatic attack disruption](/azure/sentinel/sap/update-sap-data-connector#update-your-data-connector-agent-for-attack-disruption).
 
-While you configure attack disruption in the Azure portal and your SAP system, automatic attack disruption itself surfaces only in the unified security operations platform in the Microsoft Defender portal.
+While you configure attack disruption in the Azure portal and your SAP system, automatic attack disruption itself surfaces only in the Microsoft Defender portal.
 
 ## Identify when an attack disruption happens in your environment
 

defender-xdr/data-privacy.md

@@ -56,7 +56,7 @@ Customer data stored by integrated services might also be stored in the followin
 
 Microsoft Defender XDR data is retained for 180 days, and is visible across the Microsoft Defender portal during that time, except for in **Advanced hunting** queries. 
 
-In the Microsoft Defender portal's **Advanced hunting** page, data is accessible via queries for only 30 days, unless it's streamed through [Microsoft's unified security operations platform with Microsoft Sentinel](/azure/sentinel/microsoft-365-defender-sentinel-integration?toc=%2Fdefender-xdr%2Ftoc.json&bc=%2Fdefender-xdr%2Fbreadcrumb%2Ftoc.json&tabs=defender-portal), where retention periods may be longer.
+In the Microsoft Defender portal's **Advanced hunting** page, data is accessible via queries for only 30 days, unless it's streamed through [Microsoft Sentinel with Microsoft's unified security operations platform](/azure/sentinel/microsoft-365-defender-sentinel-integration?toc=%2Fdefender-xdr%2Ftoc.json&bc=%2Fdefender-xdr%2Fbreadcrumb%2Ftoc.json&tabs=defender-portal), where retention periods may be longer.
 
 Data continues to be retained and visible, even when a license is under a grace period or in suspended mode. At the end of any grace period or suspension, and no later than 180 days from a contract termination or expiration, data is deleted from Microsoft's systems and is unrecoverable.
 

defender-xdr/incident-queue.md

@@ -1,6 +1,6 @@
 ---
 title: Prioritize incidents in the Microsoft Defender portal
-description: Learn how to filter incidents from the incident queue in the unified security operations platform in the Microsoft Defender portal.
+description: Learn how to filter incidents from the incident queue in the Microsoft Defender portal.
 ms.service: defender-xdr
 f1.keywords: 
   - NOCSH
@@ -26,7 +26,7 @@ appliesto:
 
 # Prioritize incidents in the Microsoft Defender portal
 
-The unified security operations platform in the Microsoft Defender portal applies correlation analytics and aggregates related alerts and automated investigations from different products into an incident. Microsoft Sentinel and Defender XDR also trigger unique alerts on activities that can only be identified as malicious given the end-to-end visibility in the unified platform across the entire suite of products. This view gives your security analysts the broader attack story, which helps them better understand and deal with complex threats across your organization.
+The Microsoft Defender portal applies correlation analytics and aggregates related alerts and automated investigations from different products into an incident. Microsoft Sentinel and Defender XDR also trigger unique alerts on activities that can only be identified as malicious given the end-to-end visibility in the unified platform across the entire suite of products. This view gives your security analysts the broader attack story, which helps them better understand and deal with complex threats across your organization.
 
 [!INCLUDE [unified-soc-preview](../includes/unified-soc-preview.md)]
 
@@ -68,7 +68,7 @@ For more visibility at a glance, Microsoft Defender XDR generates incident names
 
 For example: *Multi-stage incident on multiple endpoints reported by multiple sources.*
 
-If you onboarded Microsoft Sentinel to the unified security operations platform, then any alerts and incidents coming from Microsoft Sentinel are likely to have their names changed (regardless of whether they were created before or since the onboarding).
+If you onboarded Microsoft Sentinel to the Defender portal, then any alerts and incidents coming from Microsoft Sentinel are likely to have their names changed (regardless of whether they were created before or since the onboarding).
 
 We recommend that you avoid using the incident name as a condition for triggering [automation rules](/azure/sentinel/automate-incident-handling-with-automation-rules). If the incident name is a condition, and the incident name changes, the rule will not be triggered.
 

defender-xdr/incidents-overview.md

@@ -1,6 +1,6 @@
 ---
 title: Incidents and alerts in the Microsoft Defender portal
-description: An introduction to incidents and alerts, and the differences between them, in the unified security operations platform in the Microsoft Defender portal.
+description: An introduction to incidents and alerts, and the differences between them, in the Microsoft Defender portal.
 ms.service: defender-xdr
 f1.keywords:
   - NOCSH
@@ -27,7 +27,7 @@ appliesto:
 
 # Incidents and alerts in the Microsoft Defender portal
 
-The Microsoft Defender portal brings together a unified set of security services to reduce your exposure to security threats, improve your organizational security posture, detect security threats, and investigate and respond to breaches. These services collect and produce signals that are displayed in the portal. The two main kinds of signals are:
+Microsoft's unified SecOps platform in the Microsoft Defender portal brings together a unified set of security services to reduce your exposure to security threats, improve your organizational security posture, detect security threats, and investigate and respond to breaches. These services collect and produce signals that are displayed in the portal. The two main kinds of signals are:
 
 **Alerts**: Signals that result from various threat detection activities. These signals indicate the occurrence of malicious or suspicious events in your environment.
 

defender-xdr/investigate-incidents.md

@@ -117,7 +117,7 @@ Selecting an attack path from the list displays the attack path graph, which sho
 
 > [!NOTE]
 > To view the details of an attack path, you must have read access permissions in the Microsoft Defender portal and the license for [Microsoft Security Exposure Management](/security-exposure-management/microsoft-security-exposure-management). </br></br>
-> To view attack path details in the unified security operations platform, a *Sentinel Reader* role is required. To create new attack paths, the Security Administrator role is required.
+> To view attack path details with Microsoft Sentinel for a unified security operations platform, a *Sentinel Reader* role is required. To create new attack paths, the *Security Administrator* role is required.
 
 ## Alerts
 

defender-xdr/investigate-respond-container-threats.md

@@ -19,7 +19,8 @@ search.appverid:
 ms.date: 01/07/2025
 appliesto:
 - ✅ <a href="https://learn.microsoft.com/defender-xdr/microsoft-365-defender" target="_blank">Microsoft Defender XDR</a>
-- <a href="https://learn.microsoft.com/unified-secops-platform/" target="_blank">Microsoft's unified security operations platform</a>
+- <a href="https://learn.microsoft.com/unified-secops-platform/" target="_blank">Microsoft Sentinel in the Microsoft Defender portal
+</a>
 ---
 # Investigate and respond to container threats in the Microsoft Defender portal
 

defender-xdr/irm-investigate-alerts-defender.md

@@ -19,7 +19,7 @@ search.appverid:
 ms.date: 01/17/2025
 appliesto:
 - ✅ <a href="https://learn.microsoft.com/defender-xdr/microsoft-365-defender" target="_blank">Microsoft Defender XDR</a>
-- <a href="https://learn.microsoft.com/unified-secops-platform/" target="_blank">Microsoft's unified security operations platform</a>
+- <a href="https://learn.microsoft.com/unified-secops-platform/" target="_blank">Microsoft Sentinel in the Microsoft Defender portal</a>
 ---
 # Investigate insider risk threats in the Microsoft Defender portal
 

defender-xdr/mto-advanced-hunting.md

@@ -22,7 +22,7 @@ appliesto:
 
 # Advanced hunting in Microsoft Defender multitenant management
 
-Advanced hunting in Microsoft Defender multitenant management allows you to proactively hunt for intrusion attempts and breach activity in email, data, devices, and accounts across multiple tenants at the same time. If you have tenants with a Microsoft Sentinel workspace onboarded to the Microsoft unified security operations platform, search for security information and event management (SIEM) data together with extended detection and response (XDR) data across multiple tenants. 
+Advanced hunting in Microsoft Defender multitenant management allows you to proactively hunt for intrusion attempts and breach activity in email, data, devices, and accounts across multiple tenants at the same time. If you have tenants with a Microsoft Sentinel workspace onboarded to the Microsoft Defender portal, search for security information and event management (SIEM) data together with extended detection and response (XDR) data across multiple tenants.
 
 ## Run cross-tenant queries
 

defender-xdr/mto-incidents-alerts.md

@@ -22,7 +22,7 @@ appliesto:
 
 # View and manage incidents and alerts in Microsoft Defender multitenant management
 
-Multitenant management for Microsoft Defender XDR and the Microsoft unified security operations platform enables security operation center (SOC) analysts to access and analyze data from multiple tenants in one place, allowing them to quickly identify and respond to threats. Triage incidents and alerts across security information and event management (SIEM) and extended detection and response (XDR) data for tenants that onboarded a Microsoft Sentinel workspace to the unified security operations platform.
+Multitenant management for Microsoft Defender XDR and Microsoft Sentinel in the Defender portal enables security operation center (SOC) analysts to access and analyze data from multiple tenants in one place, allowing them to quickly identify and respond to threats. Triage incidents and alerts across security information and event management (SIEM) and extended detection and response (XDR) data for tenants that onboarded a Microsoft Sentinel workspace to the Defender platform.
 
 Manage incidents & alerts originating from multiple tenants under **Incidents & alerts**.
 

defender-xdr/mto-overview.md

@@ -1,6 +1,6 @@
 ---
 title: Microsoft Defender multitenant management
-description: Learn about multitenant management for Microsoft Defender XDR and Microsoft Sentinel in the Microsoft unified security operations platform.
+description: Learn about multitenant management for Microsoft Defender XDR and Microsoft Sentinel in the Microsoft Defender portal.
 ms.service: defender-xdr
 ms.author: deniseb
 author: denisebmsft
@@ -23,14 +23,14 @@ appliesto:
 
 # Microsoft Defender multitenant management
 
-Multitenant management for Microsoft Defender XDR and the Microsoft unified security operations platform provides your security operation teams with a single, unified view of all the tenants you manage. This view enables your teams to quickly investigate incidents and perform advanced hunting across data from multiple tenants, improving your security operations.
+Multitenant management for Microsoft Defender XDR and Microsoft Sentinel in the Defender portal provides your security operation teams with a single, unified view of all the tenants you manage. This view enables your teams to quickly investigate incidents and perform advanced hunting across data from multiple tenants, improving your security operations.
 
-If you have tenants with a Microsoft Sentinel workspace onboarded to the unified security operations platform, you're able to:
+If you have tenants with a Microsoft Sentinel workspace onboarded to the Defender portal, you're able to:
 
 - Triage incidents and alerts across security information and event management (SIEM) and extended detection and response (XDR) data.
 - Proactively search for SIEM and XDR data across multiple tenants.
 
-Only one Microsoft Sentinel workspace per tenant is currently supported in the unified security operations platform. So in Microsoft Defender multitenant management, you have SIEM data from one Microsoft Sentinel workspace per tenant.
+Only one Microsoft Sentinel workspace per tenant is currently supported in the Defender portal. So in Microsoft Defender multitenant management, you have SIEM data from one Microsoft Sentinel workspace per tenant.
 
 For more information, see:
 
@@ -46,7 +46,7 @@ Multitenant management is also available to US government customers. Refer to th
 
 ## Benefits of multitenant management
 
-Some of the key benefits you get with multitenant management for Defender XDR and the Microsoft unified security operations platform include:
+Some of the key benefits you get with multitenant management for Defender XDR and the Microsoft Sentinel in the Defender portal include:
 
 - **A centralized place to manage incidents across tenants**: A unified view provides SOC analysts with all the information they need to investigate incidents across multiple tenants, eliminating the need to sign in and out of each one.
 
@@ -58,7 +58,7 @@ Some of the key benefits you get with multitenant management for Defender XDR an
 
 ## What's included in multitenant management
 
-The following key capabilities are available for each tenant you have access to in multitenant management for Microsoft Defender XDR and the Microsoft unified security operations platform:
+The following key capabilities are available for each tenant you have access to in multitenant management for Microsoft Defender XDR and Microsoft Sentinel in the Defender portal:
 
 | Capability | Description |
 | ------ | ------ |