Merge pull request #310861 from MicrosoftDocs/main

learn-build-service-prod[bot] · web-flow · commit 4feb72c0c6bc · 2026-01-25T12:08:42.000Z
Auto Publish – main to live - 2026-01-25 12:00 UTC
diff --git a/articles/sentinel/microsoft-365-defender-sentinel-integration.md b/articles/sentinel/microsoft-365-defender-sentinel-integration.md
@@ -1,8 +1,8 @@
 ---
 title: Microsoft Defender XDR integration with Microsoft Sentinel
 description: Learn how using Microsoft Defender XDR together with Microsoft Sentinel lets you use Microsoft Sentinel as your universal incidents queue.
-author: batamig
-ms.author: bagol
+author: guywi-ms
+ms.author: guywild
 ms.topic: conceptual
 ms.date: 10/25/2025
 appliesto:
@@ -120,7 +120,7 @@ If you want to sync Defender XDR data to Microsoft Sentinel in the Azure portal,
 
 - First, install the **Microsoft Defender XDR** solution for Microsoft Sentinel from the **Content hub**. Then, enable the **Microsoft Defender XDR** data connector to collect incidents and alerts. For more information, see [Connect data from Microsoft Defender XDR to Microsoft Sentinel](connect-microsoft-365-defender.md).
 
-- After you enable alert and incident collection in the Defender XDR data connector, Defender XDR incidents appear in the Microsoft Sentinel incidents queue shortly after they're generated in Defender XDR. It can take up to five minutes from the time an incident is generated in Defender XDR to the time it appears in Microsoft Sentinel. In these incidents, the **Alert product name** field contains **Microsoft Defender XDR** or one of the component Defender services' names.
+- After you enable alert and incident collection in the Defender XDR data connector, Defender XDR incidents appear in the Microsoft Sentinel incidents queue shortly after they're generated in Defender XDR. Under normal operating conditions, incidents generated in Defender XDR typically appear in the Microsoft Sentinel UI and API within five minutes. Ingestion into the `securityIncident` table might take a few more minutes. In these incidents, the **Alert product name** field contains **Microsoft Defender XDR** or one of the component Defender services' names.
 
 ### Ingestion costs
  
diff --git a/articles/sentinel/whats-new.md b/articles/sentinel/whats-new.md
@@ -47,9 +47,7 @@ You can now enable UEBA for supported data sources directly from the data connec
 
 This integration allows you to see which data sources feed into UEBA and enable that feed directly from the connector configuration.
 
-For more information, see:
-
-- [Connect data sources to Microsoft Sentinel by using data connectors](configure-data-connector.md#enable-user-and-entity-behavior-analytics-ueba-from-supported-connectors)
+For more information, see [Connect data sources to Microsoft Sentinel by using data connectors](configure-data-connector.md#enable-user-and-entity-behavior-analytics-ueba-from-supported-connectors).
 
 
 ### New detections for Sentinel solution for SAP BTP
