updates based on review comments

Author: guywi-ms

articles/sentinel/identify-threats-with-entity-behavior-analytics.md

@@ -29,7 +29,7 @@ As Microsoft Sentinel ingests data from connected sources, UEBA applies:
 - **Behavioral modeling** to detect deviations
 - **Peer group analysis** and **blast radius evaluation** to assess the impact of anomalous activity
 
-:::image type="content" source="media/identify-threats-with-entity-behavior-analytics/context.png" alt-text="Entity context":::
+:::image type="content" source="media/identify-threats-with-entity-behavior-analytics/context.png" alt-text="Diagram of concentric circles labeled User, Peers, and Organization, illustrating entity context in UEBA analysis.":::
 
 UEBA assigns [risk scores](#ueba-scoring) to anomalous behaviors, taking into account the associated entities, severity of the anomaly, and context, including:
 
@@ -80,7 +80,7 @@ This table provides an overview of the data in each of the UEBA tables:
 
 This screenshot shows an example of data in the `UserPeerAnalytics` table with the eight highest-ranked peers for the user Kendall Collins. Sentinel uses the TF-IDF algorithm to normalize weights when calculating peer ranks. Smaller groups carry higher weight.
 
-:::image type="content" source="./media/identify-threats-with-entity-behavior-analytics/user-peers-metadata.png" alt-text="Screen shot of user peers metadata table" lightbox="./media/identify-threats-with-entity-behavior-analytics/user-peers-metadata.png":::
+:::image type="content" source="./media/identify-threats-with-entity-behavior-analytics/user-peers-metadata.png" alt-text="Screenshot of user peers metadata table." lightbox="./media/identify-threats-with-entity-behavior-analytics/user-peers-metadata.png":::
 
 For more detailed information about UEBA data and how to use it, see:
 - [UEBA reference](ueba-reference.md) for a detailed reference of all UEBA-related tables and fields.

articles/sentinel/includes/unified-soc-preview-without-alert.md

@@ -11,7 +11,7 @@ ms.custom: "include file"
 
 After **March 31, 2027**, Microsoft Sentinel will no longer be supported in the Azure portal and will be available only in the Microsoft Defender portal. All customers using Microsoft Sentinel in the Azure portal will be [redirected to the Defender portal and will use Microsoft Sentinel in the Defender portal only](../overview.md#microsoft-sentinel-in-the-azure-portal-retirement-timeline). Starting in **July 2025**, many new customers are [automatically onboarded and redirected to the Defender portal](../overview.md#changes-for-new-customers-starting-july-2025).
 
-If you're still using Microsoft Sentinel in the Azure portal, we recommend that you start planning your [transition to the Defender portal](../move-to-defender.md) to ensure a smooth transition and take full advantage of the [unified security operations experience offered by Microsoft Defender](/unified-secops-platform/overview-unified-security). For more information, see [It’s Time to Move: Retiring Microsoft Sentinel’s Azure portal for greater security](https://techcommunity.microsoft.com/blog/microsoft-security-blog/planning-your-move-to-microsoft-defender-portal-for-all-microsoft-sentinel-custo/4428613).
+If you're still using Microsoft Sentinel in the Azure portal, we recommend that you start planning your [transition to the Defender portal](../move-to-defender.md) to ensure a smooth transition and take full advantage of the [unified security operations experience offered by Microsoft Defender](/unified-secops/overview-unified-security). For more information, see [It’s Time to Move: Retiring Microsoft Sentinel’s Azure portal for greater security](https://techcommunity.microsoft.com/blog/microsoft-security-blog/planning-your-move-to-microsoft-defender-portal-for-all-microsoft-sentinel-custo/4428613).
 
 
 

articles/sentinel/includes/unified-soc-preview.md

@@ -12,5 +12,5 @@ ms.custom: "include file"
 > [!IMPORTANT]
 > After **March 31, 2027**, Microsoft Sentinel will no longer be supported in the Azure portal and will be available only in the Microsoft Defender portal. All customers using Microsoft Sentinel in the Azure portal will be [redirected to the Defender portal and will use Microsoft Sentinel in the Defender portal only](../overview.md#microsoft-sentinel-in-the-azure-portal-retirement-timeline). 
 >
-> If you're still using Microsoft Sentinel in the Azure portal, we recommend that you start planning your [transition to the Defender portal](../move-to-defender.md) to ensure a smooth transition and take full advantage of the [unified security operations experience offered by Microsoft Defender](/unified-secops-platform/overview-unified-security). 
+> If you're still using Microsoft Sentinel in the Azure portal, we recommend that you start planning your [transition to the Defender portal](../move-to-defender.md) to ensure a smooth transition and take full advantage of the [unified security operations experience offered by Microsoft Defender](/unified-secops/overview-unified-security). 
 

articles/sentinel/whats-new.md

@@ -28,7 +28,7 @@ Watch the [UEBA behaviors webinar](https://www.youtube.com/watch?v=SqbxmGdMP7c)
 
 **New UEBA behaviors workbook**
 
-To help SOC teams get value from behaviors from day one, Microsoft Sentinel now provides the **behaviors workbook** as part of the UEBA essentials solution. The workbook offers guided views and pre‑built, customizable analytics that turn rich behavioral data into actionable insights across three core SOC workflows:
+To help SOC teams get value from behaviors from day one, Microsoft Sentinel now provides the **behaviors workbook** as part of the UEBA essentials solution. The workbook offers guided views and prebuilt, customizable analytics that turn rich behavioral data into actionable insights across three core SOC workflows:
 
 - **Overview**: High‑level metrics and trends that give SOC managers and leadership quick situational awareness  
 - **Investigation**: Deep‑dive, entity‑centric timelines that help analysts accelerate incident response