Finalizing

windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md

@@ -18,21 +18,14 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-
 # Create custom detection rules
 **Applies to:**
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
-> [Learn about this feature in Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/custom-detections-overview)
-
-
 Custom detection rules built from [advanced hunting](advanced-hunting-overview.md) queries let you proactively monitor various events and system states, including suspected breach activity and misconfigured devices. You can set them to run at regular intervals, generating alerts and taking response actions whenever there are matches.
 
 Read this article to learn how to create new custom detection rules. Or [see viewing and managing existing rules](custom-detections-manage.md). 
 
->[!NOTE] This article applies to Microsoft Defender ATP. [Read about this capability in Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/custom-detections-overview)
-
-
 ## 1. Check required permissions
 
 To create or manage custom detections, [your role](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) needs to have the **manage security settings** permission.
@@ -69,7 +62,7 @@ With the query in the query editor, select **Create detection rule** and specify
 - **Alert title**—title displayed with alerts triggered by the rule
 - **Severity**—potential risk of the component or activity identified by the rule. [Read about alert severities](alerts-queue.md#severity)
 - **Category**—type of threat component or activity, if any. [Read about alert categories](alerts-queue.md#understanding-alert-categories)
-- **MITRE ATT&CK techniques**—one or more attack techniques identified by the rule as documented in the MITRE ATT&CK framework. This section is not available with alert categories, such as malware, ransomware, suspicious activity, and unwanted software
+- **MITRE ATT&CK techniques**—one or more attack techniques identified by the rule as documented in the MITRE ATT&CK framework. This section is not available with certain alert categories, such as malware, ransomware, suspicious activity, and unwanted software
 - **Description**—more information about the component or activity identified by the rule 
 - **Recommended actions**—additional actions that responders might take in response to an alert 
 

windows/security/threat-protection/microsoft-defender-atp/custom-detections-manage.md

@@ -23,8 +23,6 @@ ms.topic: article
 **Applies to:**
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
->[!NOTE] This article applies to Microsoft Defender ATP. [Read about this capability in Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/custom-detections-overview)
-
 Manage your existing [custom detection rules](custom-detection-rules.md) to ensure they are effectively finding threats and taking actions. Explore how to view the list of rules, check their previous runs, and review the alerts they have triggered. You can also run a rule on demand and modify it.
 
 ## Required permissions

windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md

@@ -22,8 +22,6 @@ ms.topic: conceptual
 **Applies to:**
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
->[!NOTE] This article applies to Microsoft Defender ATP. [Read about this capability in Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/custom-detections-overview)
-
 With custom detections, you can proactively monitor for and respond to various events and system states, including suspected breach activity and misconfigured devices. You can do this with customizable detection rules that automatically trigger alerts and response actions.
 
 Custom detections work with [advanced hunting](advanced-hunting-overview.md), which provides a powerful, flexible query language that covers a broad set of event and system information from your network. You can set them to run at regular intervals, generating alerts and taking response actions whenever there are matches.