Merge pull request #51239 from KenMAG/KenMOD

Revised per rebranding to remove Unified Security Operations Platform

Author: JamesJBarnett

learn-pr/wwl-sci/integrate-microsoft-defender-xdr-with-microsoft-sentinel/1-introduction.yml

@@ -4,8 +4,8 @@ title: Introduction
 metadata:
   title: Introduction
   description: "Introduction to the Unified Security Operations Platform and integrating Microsoft Sentinel with Defender XDR."
-  ms.date: 10/2/2024
-  author: wwlpublish
+  ms.date: 07/03/2025
+  author: KenMAG
   ms.author: kelawson
   ms.topic: unit
 durationInMinutes: 3

learn-pr/wwl-sci/integrate-microsoft-defender-xdr-with-microsoft-sentinel/3-capability-differences-between-portals.yml

@@ -4,8 +4,8 @@ title: Explore the capability differences between Microsoft Defender XDR and Mic
 metadata:
   title: Explore the capability differences between Microsoft Defender XDR and Microsoft Sentinel portals
   description: "Explore the capability differences between Microsoft Defender XDR and Microsoft Sentinel portals."
-  ms.date: 10/2/2024
-  author: wwlpublish
+  ms.date: 07/03/2025
+  author: KenMAG
   ms.author: kelawson
   ms.topic: unit
 durationInMinutes: 15

learn-pr/wwl-sci/integrate-microsoft-defender-xdr-with-microsoft-sentinel/includes/1-introduction.md

@@ -1,6 +1,6 @@
-This module covers the topic of Microsoft Sentinel's integration into the Microsoft Defender portal, creating a unified security operations platform. This integration simplifies operations by reducing the need for managing multiple tools and enhances hunting capabilities by allowing queries across different data sets from a single portal.
+This module covers the topic of Microsoft Sentinel's integration into the Microsoft Defender portal. This integration simplifies operations by reducing the need for managing multiple tools and enhances hunting capabilities by allowing queries across different data sets from a single portal.
 
-Imagine you're a security operations manager in a large multinational corporation. You're tasked with streamlining your team's operations and enhancing their hunting capabilities. Your team currently uses multiple tools for different tasks, which often lead to complexity and errors. You also want to enable automatic attack disruption for your SAP applications and provide unified entity pages for devices, users, IP addresses, and Azure resources. The solution lies in integrating Microsoft Sentinel into the Microsoft Defender portal.
+Imagine you're a security Operations Manager in a large multinational corporation. You're tasked with streamlining your team's operations and enhancing their hunting capabilities. Your team currently uses multiple tools for different tasks, which often lead to complexity and errors. You also want to enable automatic attack disruption for your SAP applications and provide unified entity pages for devices, users, IP addresses, and Azure resources. The solution lies in integrating Microsoft Sentinel into the Microsoft Defender portal.
 
 The topics covered in this module include:
 

learn-pr/wwl-sci/integrate-microsoft-defender-xdr-with-microsoft-sentinel/includes/2-benefits-of-integration.md

@@ -1,20 +1,20 @@
-Microsoft Sentinel is now generally available within the Microsoft unified security operations platform in the Microsoft Defender portal. The following benefits and new or improved capabilities are available in the Defender portal with the integration of Microsoft Sentinel and Defender XDR.
+Microsoft Sentinel is now generally available in the Microsoft Defender portal. The following benefits and new or improved capabilities are available in the Defender portal with the integration of Microsoft Sentinel and Defender XDR.
 
 ## Microsoft Sentinel integration with Microsoft Defender XDR
 
 Use one of the following methods to integrate Microsoft Sentinel with Microsoft Defender XDR services:
 
 - Ingest Microsoft Defender XDR service data into Microsoft Sentinel and view Microsoft Sentinel data in the Azure portal. Enabled by installing the Defender XDR connector in Microsoft Sentinel.
 
-- Integrate Microsoft Sentinel and Defender XDR into a single, unified security operations platform in the Microsoft Defender portal. In this case, view Microsoft Sentinel data directly in the Microsoft Defender portal with the rest of your Defender incidents, alerts, vulnerabilities, and other security data. Enabled by installing the Defender XDR connector in Microsoft Sentinel and then onboarding Microsoft Sentinel to the unified operations platform in the Defender portal.
+- Integrate Microsoft Sentinel and Defender XDR into a single portal. In this case, view Microsoft Sentinel data directly in the Microsoft Defender portal with the rest of your Defender incidents, alerts, vulnerabilities, and other security data. Enabled by installing the Defender XDR connector in Microsoft Sentinel and then onboarding Microsoft Sentinel to the unified operations platform in the Defender portal.
 
 Select the appropriate tab to see what the Microsoft Sentinel integration with Defender XDR looks like depending on which integration method you use.
 
 ## [Azure portal](#tab/azure-portal)
 
 The following illustration shows how Microsoft's XDR solution seamlessly integrates with Microsoft Sentinel.
 
-:::image type="content" source="../media/sentinel-xdr.png" alt-text="Diagram of the unified security operations platform for Microsoft Sentinel in Azure and in Microsoft Defender XDR." lightbox="../media/sentinel-xdr.png" border="false":::
+:::image type="content" source="../media/sentinel-xdr.png" alt-text="Diagram of Microsoft Sentinel in Azure and in Microsoft Defender XDR." lightbox="../media/sentinel-xdr.png" border="false":::
 
 In this diagram:
 
@@ -25,9 +25,9 @@ In this diagram:
 
 ## [Defender portal](#tab/defender-portal)
 
-The following illustration shows how Microsoft's XDR solution seamlessly integrates with Microsoft Sentinel with the unified security operations platform.
+The following illustration shows how Microsoft's XDR solution seamlessly integrates with Microsoft Sentinel with Microsoft Defender.
 
-:::image type="content" source="../media/sentinel-unified-siem-xdr.png" alt-text="Diagram of the unified security operations platform for Microsoft Sentinel in Azure and in Microsoft Defender XDR." lightbox="../media/sentinel-unified-siem-xdr.png" border="false":::
+:::image type="content" source="../media/sentinel-unified-siem-xdr.png" alt-text="Diagram of Microsoft Defender with Microsoft Sentinel in Azure and in Microsoft Defender XDR." lightbox="../media/sentinel-unified-siem-xdr.png" border="false":::
 
 In this diagram:
 
@@ -46,7 +46,7 @@ Query from a single portal across different data sets to make hunting more effic
 
 ## Attack disruption
 
-Deploy automatic attack disruption for SAP with both the unified security operations platform and the Microsoft Sentinel solution for SAP applications. For example, contain compromised assets by locking suspicious SAP users in a financial process manipulation attack.
+Deploy automatic attack disruption for SAP with both Microsoft Defender and the Microsoft Sentinel solution for SAP applications. For example, contain compromised assets by locking suspicious SAP users in a financial process manipulation attack.
 
 ## Unified entities
 

learn-pr/wwl-sci/integrate-microsoft-defender-xdr-with-microsoft-sentinel/includes/3-capability-differences-between-portals.md

@@ -1,22 +1,22 @@
 Most Microsoft Sentinel capabilities are available in both the Azure and Defender portals. In the Defender portal, some Microsoft Sentinel experiences open out to the Azure portal for you to complete a task.
 
-This section covers the Microsoft Sentinel capabilities or integrations in the unified security operations platform that are only available in either the Azure portal or Defender portal or other significant differences between the portals. It excludes the Microsoft Sentinel experiences that open the Azure portal from the Defender portal.
+This section covers the Microsoft Sentinel capabilities or integrations in Microsoft Defender that are only available in either the Azure portal or Defender portal or other significant differences between the portals. It excludes the Microsoft Sentinel experiences that open the Azure portal from the Defender portal.
 
 ### Capability differences between portals
 
 | Capability |Availability |Description |
 | ------------ | ----------- |----------- |
 | Advanced hunting using bookmarks | Azure portal only |Bookmarks aren't supported in the advanced hunting experience in the Microsoft Defender portal. In the Defender portal, they're supported in the **Microsoft Sentinel > Threat management > Hunting**. |
 | Attack disruption for SAP | Defender portal only| This functionality is unavailable in the Azure portal. |
-| Automation |Some automation procedures are available only in the Azure portal. And Other automation procedures are the same in the Defender and Azure portals. | The differences in the Azure portal are between workspaces that are onboarded to the unified security operations platform and workspaces that aren't.
-| Data connectors: visibility of connectors used by the unified security operations platform | Azure portal only|In the Defender portal, after you onboard Microsoft Sentinel, the following data connectors that are part of the unified security operations platform aren't shown in the **Data connectors** page:<li>Microsoft Defender for Cloud Apps<li>Microsoft Defender for Endpoint<li>Microsoft Defender for Identity<li>Microsoft Defender for Office 365 (Preview)<li>Microsoft Defender XDR<li>Subscription-based Microsoft Defender for Cloud (Legacy)<li>Tenant-based Microsoft Defender for Cloud (Preview)<br><br>In the Azure portal, these data connectors are still listed with the installed data connectors in Microsoft Sentinel. |
-| Entities: Add entities to threat intelligence from incidents |Azure portal only |This functionality is unavailable in the unified security operations platform. <Br><br> |
-| Fusion: Advanced multistage attack detection |Azure portal only  |The Fusion analytics rule, which creates incidents based on alert correlations made by the Fusion correlation engine, is disabled when you onboard Microsoft Sentinel to the unified security operations platform. <br><br>The unified security operations platform uses Microsoft Defender XDR's incident-creation and correlation functionalities to replace those of the Fusion engine. <br><br> |
-| Incidents: Adding alerts to incidents /<br>Removing alerts from incidents | Defender portal only|After onboarding Microsoft Sentinel to the unified security operations platform, you can no longer add alerts to, or remove alerts from, incidents in the Azure portal. <br><br>You can remove an alert from an incident in the Defender portal, but only by linking the alert to another incident (existing or new). |
-| Incidents: editing comments |Azure portal only| After onboarding Microsoft Sentinel to the unified security operations platform, you can add comments to incidents in either portal, but you can't edit existing comments. <br><br>Edits made to comments in the Azure portal don't synchronize to the unified security operations platform. |
-| Incidents: Programmatic and manual creation of incidents | Azure portal only  |Incidents created in Microsoft Sentinel through the API, by a Logic App playbook, or manually from the Azure portal, aren't synchronized to the unified security operations platform. These incidents are still supported in the Azure portal and the API. |
-| Incidents: Reopening closed incidents |Azure portal only  |In the unified security operations platform, you can't set alert grouping in Microsoft Sentinel analytics rules to reopen closed incidents if new alerts are added. <br>Closed incidents aren't reopened in this case, and new alerts trigger new incidents. |
-| Incidents: Tasks |Azure portal only | Tasks are unavailable in the unified security operations platform. <br><br> |
-|Multiple workspace management for Microsoft Sentinel|Defender portal: Limited to one Microsoft Sentinel workspace per tenant <br><br>Azure portal: Centrally manage multiple Microsoft Sentinel workspaces for tenants  |Only one Microsoft Sentinel workspace per tenant is currently supported in the unified security operations platform. So, Microsoft Defender multitenant management supports one Microsoft Sentinel workspace per tenant.<br><br> |
+| Automation |Some automation procedures are available only in the Azure portal. And Other automation procedures are the same in the Defender and Azure portals. | The differences in the Azure portal are between workspaces that are onboarded to the Microsoft Defender portal and workspaces that aren't.
+| Data connectors: visibility of connectors used by Microsoft Defender | Azure portal only|In the Defender portal, after you onboard Microsoft Sentinel, the following data connectors that are part of Microsoft Defender aren't shown in the **Data connectors** page:<li>Microsoft Defender for Cloud Apps<li>Microsoft Defender for Endpoint<li>Microsoft Defender for Identity<li>Microsoft Defender for Office 365 (Preview)<li>Microsoft Defender XDR<li>Subscription-based Microsoft Defender for Cloud (Legacy)<li>Tenant-based Microsoft Defender for Cloud (Preview)<br><br>In the Azure portal, these data connectors are still listed with the installed data connectors in Microsoft Sentinel. |
+| Entities: Add entities to threat intelligence from incidents |Azure portal only |This functionality is unavailable in the Microsoft Defender portal. <Br><br> |
+| Fusion: Advanced multistage attack detection |Azure portal only  |The Fusion analytics rule, which creates incidents based on alert correlations made by the Fusion correlation engine, is disabled when you onboard Microsoft Sentinel to Microsoft Defender. <br><br>Microsoft Defender uses Microsoft Defender XDR's incident-creation and correlation functionalities to replace those of the Fusion engine. <br><br> |
+| Incidents: Adding alerts to incidents /<br>Removing alerts from incidents | Defender portal only|After onboarding Microsoft Sentinel to the Microsoft Defender portal, you can no longer add alerts to, or remove alerts from, incidents in the Azure portal. <br><br>You can remove an alert from an incident in the Defender portal, but only by linking the alert to another incident (existing or new). |
+| Incidents: editing comments |Azure portal only| After onboarding Microsoft Sentinel to the Microsoft Defender portal, you can add comments to incidents in either portal, but you can't edit existing comments. <br><br>Edits made to comments in the Azure portal don't synchronize to the Microsoft Defender portal. |
+| Incidents: Programmatic and manual creation of incidents | Azure portal only  |Incidents created in Microsoft Sentinel through the API, by a Logic App playbook, or manually from the Azure portal, aren't synchronized to the Microsoft Defender portal. These incidents are still supported in the Azure portal and the API. |
+| Incidents: Reopening closed incidents |Azure portal only  |In the Microsoft Defender portal, you can't set alert grouping in Microsoft Sentinel analytics rules to reopen closed incidents if new alerts are added. <br>Closed incidents aren't reopened in this case, and new alerts trigger new incidents. |
+| Incidents: Tasks |Azure portal only | Tasks are unavailable in the Microsoft Defender portal. <br><br> |
+|Multiple workspace management for Microsoft Sentinel|Defender portal: Limited to one primary Microsoft Sentinel workspace <br><br>Azure portal: Centrally manage multiple Microsoft Sentinel workspaces for tenants |Only one primary Microsoft Sentinel workspace can be connected in the Microsoft Defender portal. So, Microsoft Defender multitenant management supports one primary Microsoft Sentinel workspace per tenant.<br><br> |
 
-For more information, see [Capability differences between portals](/azure/sentinel/microsoft-sentinel-defender-portal?toc=%2Fdefender-xdr%2Ftoc.json&bc=%2Fdefender-xdr%2Fbreadcrumb%2Ftoc.json)
+For more information, see [Capability differences between portals](/azure/sentinel/microsoft-sentinel-defender-portal?toc=%2Fdefender-xdr%2Ftoc.json&bc=%2Fdefender-xdr%2Fbreadcrumb%2Ftoc.json)

learn-pr/wwl-sci/integrate-microsoft-defender-xdr-with-microsoft-sentinel/includes/5-exploring-sentinel-features-in-defender-xdr.md

@@ -33,7 +33,7 @@ Find Microsoft Sentinel settings in the Defender portal under **System** > **Set
 
 ## Quick reference
 
-Some Microsoft Sentinel capabilities, like the unified incident queue, are integrated with Microsoft Defender XDR in the unified security operations platform. Many other Microsoft Sentinel capabilities are available in the **Microsoft Sentinel** section of the Defender portal.
+Some Microsoft Sentinel capabilities, like the unified incident queue, are integrated with Microsoft Defender XDR in the Microsoft Defender portal. Many other Microsoft Sentinel capabilities are available in the **Microsoft Sentinel** section of the Defender portal.
 
 The following image shows the **Microsoft Sentinel** menu in the Defender portal:
 

learn-pr/wwl-sci/integrate-microsoft-defender-xdr-with-microsoft-sentinel/includes/simulation-exercise-deploy-sentinel-to-defender.md

@@ -1,4 +1,4 @@
-You're a Security Operations Analyst working at a company that deployed both Microsoft Defender XDR and Microsoft Sentinel. You need to prepare for the Unified Security Operations Platform connecting Microsoft Sentinel to Defender XDR.
+You're a Security Operations Analyst working at a company that deployed both Microsoft Defender XDR and Microsoft Sentinel. You need to prepare for Microsoft Sentinel in the Microsoft Defender portal by connecting Microsoft Sentinel to Defender XDR.
 
 In this exercise, you perform the following tasks:
 

learn-pr/wwl-sci/integrate-microsoft-defender-xdr-with-microsoft-sentinel/includes/summary.md

@@ -1,4 +1,4 @@
-In this module, you learned about the integration of Microsoft Sentinel into the Microsoft Defender portal, creating a unified security operations platform. This integration simplifies operations by reducing the complexity of managing multiple tools, enhancing hunting capabilities, enabling automatic attack disruption for SAP applications, and providing unified entity pages. You also learned about the differences in managing multiple Microsoft Sentinel workspaces between the Azure and Defender portals. Additionally, the module covered the prerequisites for integrating Microsoft Defender XDR with Microsoft Sentinel, including having a Log Analytics workspace with Microsoft Sentinel enabled and access to Microsoft Defender XDR in the Defender portal.
+In this module, you learned about the integration of Microsoft Sentinel into the Microsoft Defender portal. This integration simplifies operations by reducing the complexity of managing multiple tools, enhancing hunting capabilities, enabling automatic attack disruption for SAP applications, and providing unified entity pages. You also learned about the differences in managing multiple Microsoft Sentinel workspaces between the Azure and Defender portals. Additionally, the module covered the prerequisites for integrating Microsoft Defender XDR with Microsoft Sentinel, including having a Log Analytics workspace with Microsoft Sentinel enabled and access to Microsoft Defender XDR in the Defender portal.
 
 The main takeaways from this module include understanding the benefits of integrating Microsoft Sentinel into the Microsoft Defender portal, such as streamlined operations and enhanced hunting capabilities. You also learned about the unique features available in each portal and the steps to integrate Microsoft Defender XDR with Microsoft Sentinel. Furthermore, the module introduced the concept of a storage account using the example of a chocolate manufacturer, explaining how to create a storage account suitable for holding mission-critical business data.
 

learn-pr/wwl-sci/integrate-microsoft-defender-xdr-with-microsoft-sentinel/index.yml

@@ -3,15 +3,15 @@ uid: learn.wwl.integrate-microsoft-defender-xdr-with-microsoft-sentinel
 metadata:
   title: Integrate Microsoft Defender XDR with Microsoft Sentinel
   description: "In this module, you learn how to integrate Microsoft Defender XDR with Microsoft Sentinel."
-  ms.date: 06/25/2025
+  ms.date: 07/03/2025
   author: KenMAG
   ms.author: kelawson
   ms.topic: module
   ms.collection: security-operations
   ai-usage: ai-assisted
   ms.service: defender-xdr
 title: Integrate Microsoft Defender XDR with Microsoft Sentinel
-summary: "In this module, you learn about the Unified Security Operations Platform that integrates Microsoft Defender XDR with Microsoft Sentinel."
+summary: "In this module, you learn how the Microsoft Defender portal integrates Microsoft Defender XDR with Microsoft Sentinel."
 abstract: |
   By the end of this module, you're able to:
     - Understand the differences between Microsoft Sentinel capabilities in Azure and Defender portals