Merge pull request #313858 from poliveria/patch-3

Update sentinel-mcp-billing.md with entity analyzer results

Author: prmerger-automator[bot]

articles/sentinel/datalake/sentinel-mcp-billing.md

@@ -27,8 +27,8 @@ This article provides information on pricing, limits, and availability when sett
 Microsoft Sentinel pricing is based on the tier that you ingest data into. The **data lake tier** is a cost-effective option for ingesting secondary security data and querying security data over the long term. In this tier, Microsoft Sentinel's unified MCP server interface is offered **at no extra cost**. You pay for invoking tools that search and retrieve data by using Kusto Query Language (KQL) queries from Microsoft Sentinel data lake. With Microsoft Sentinel data lake's billing model, you pay as you go for queries that retrieve data. [Read more about Microsoft Sentinel data lake’s pricing here](../billing.md#data-lake-tier).
 
 ### Microsoft Sentinel entity analyzer tool
-You pay for the KQL queries the [entity analyzer](sentinel-mcp-data-exploration-tool.md#entity-analyzer-preview)
-performs over the Microsoft Sentinel data lake. AI compute used by the analyzer to reason over this data doesn't incur any cost while this tool is in preview. When the entity analyzer becomes generally available, you get charged for the Security Compute Units (SCUs) required to deliver the reasoned entity risk analysis based on prevalence, threat intelligence, and relationships. 
+You pay for the KQL queries the [entity analyzer](sentinel-mcp-data-exploration-tool.md#entity-analyzer)
+performs over the Microsoft Sentinel data lake. You're charged for the Security Compute Units (SCUs) required to deliver the reasoned entity risk analysis based on prevalence, threat intelligence, and relationships.  
 
 ### Triage tool
 
@@ -48,11 +48,13 @@ The following limits are specific to Microsoft Sentinel data lake MCP tools:
 | Query window for tools | 800 characters |
 
 ### Microsoft Sentinel entity analyzer tool
-Each tenant can use the entity analyzer MCP tool up to the following limits while this feature is in preview:
+Each tenant can use the entity analyzer MCP tool up to the following limits:
 - 250 total runs an hour
 - 500 total runs a day 
 - 10 concurrent runs at a time (based on available service capacity)
 
+Results generated by the entity analyzer are available for one hour. You need to run a new query after the tool's analysis expires.
+
 ### Triage tool
 Regular API throttling applies to the tools in the triage tool collection. In addition, tools that call the advanced hunting API are bound by the existing advanced hunting quotas and service limits. [Learn more about advanced hunting quotas and usage parameters](/defender-xdr/advanced-hunting-limits#understand-advanced-hunting-quotas-and-usage-parameters)
 

articles/sentinel/datalake/sentinel-mcp-data-exploration-tool.md

@@ -64,7 +64,7 @@ This tool runs a single KQL query against a specified Microsoft Sentinel data la
 This tool lists all Microsoft Sentinel data lake workspace name and ID pairs available to you. Including the workspace name provides you with helpful context to understand which workspace is being used. Run this tool before using any other Microsoft Sentinel tools because those tools need a workspace ID argument to function properly.
 
 
-### Entity analyzer (preview)
+### Entity analyzer
 
 These tools use AI to analyze your organization's data in the Microsoft Sentinel data lake. They provide a verdict and detailed insights on URLs, domains, and user entities. They help eliminate the need for manual data collection and complex integrations typically required for enriching and investigating entities.
 

articles/sentinel/datalake/sentinel-mcp-logic-apps.md

@@ -17,7 +17,7 @@ ms.subservice: sentinel-platform
 > [!IMPORTANT]
 > This information relates to a prerelease product that may be substantially modified before it's released. Microsoft makes no warranties, expressed or implied, with respect to the information provided here.
 
-You can access the value of Microsoft Sentinel's collection of Model Context Protocol (MCP) tools in [Azure Logic Apps](../../logic-apps/logic-apps-overview.md), starting with the [entity analyzer tool](sentinel-mcp-data-exploration-tool.md#entity-analyzer-preview). Security analysts and automation engineers often spend significant time creating complex Security Orchestration, Automation, and Response (SOAR) templates to enrich entities and reach verdicts.
+You can access the value of Microsoft Sentinel's collection of Model Context Protocol (MCP) tools in [Azure Logic Apps](../../logic-apps/logic-apps-overview.md), starting with the [entity analyzer tool](sentinel-mcp-data-exploration-tool.md#entity-analyzer). Security analysts and automation engineers often spend significant time creating complex Security Orchestration, Automation, and Response (SOAR) templates to enrich entities and reach verdicts.
 
 The entity analyzer tool, built on Microsoft Sentinel data lake data, offers a single action that combines multiple data points to deliver a verdict for the entity. It supports user and URL entities, and you can easily access it through templates or integrate it into preexisting playbooks.
 
@@ -113,4 +113,4 @@ For more information about loops, see [Add loops to repeat actions in workflows
  
 ## Related content
 - [Get started with Microsoft Sentinel MCP server](sentinel-mcp-get-started.md)
-- [Tool collection in Microsoft Sentinel MCP server](sentinel-mcp-tools-overview.md)
+- [Tool collection in Microsoft Sentinel MCP server](sentinel-mcp-tools-overview.md)

articles/sentinel/datalake/sentinel-mcp-overview.md

@@ -56,7 +56,7 @@ When you connect a [compatible client](sentinel-mcp-get-started.md#add-microsoft
 
 -	**Analyze entities across your security data:** Security Operations Center (SOC) engineers, analysts, and even agents need an easy way to analyze and triage entities, such as URLs and users, using all of an organizations security data. However, today’s fragmented data sources make this process complex and time-consuming to automate. As one of the most common incident triage tasks, entity enrichment therefore often becomes a manual context-gathering effort, slowing down response times. With the entity analyzer tools in the data exploration collection, analysts and SOC engineers have a one-click action that can retrieve, reason over, and clearly present comprehensive verdicts and analyses on entities using the security data in the data lake, making it easy to automate entity enrichment for you and the agents you build.
 
-    [Get started with analyzing entities automatically during investigations](sentinel-mcp-data-exploration-tool.md#entity-analyzer-preview)
+    [Get started with analyzing entities automatically during investigations](sentinel-mcp-data-exploration-tool.md#entity-analyzer)
 
 - **Build Security Copilot agents through natural language:** SOC engineers often spend weeks manually automating playbooks due to fragmented data sources and rigid schema requirements. With our agent creation tools, engineers can describe their intent in natural language to quickly build agents with the right AI model instructions and tools that reason over their security data, creating automations that are customized to their organization's workflows and processes.  
 
@@ -70,4 +70,4 @@ When you connect a [compatible client](sentinel-mcp-get-started.md#add-microsoft
 
 ## Related content
 - [Get started with Microsoft Sentinel MCP server](sentinel-mcp-get-started.md)
-- [Tool collection in Microsoft Sentinel MCP server](sentinel-mcp-tools-overview.md)
+- [Tool collection in Microsoft Sentinel MCP server](sentinel-mcp-tools-overview.md)