To see Sentinel Alerts and Incidents onboard to Defender Portal (#9875)

EdB-MSFT · FaithOmbongi · web-flow · commit 2967a0fe37c9 · 2026-04-27T08:21:40.000Z
* To see Sentinel Alerts and Incidents onboard to Defender Portal * Apply suggestion from @FaithOmbongi * Update security-api-overview.md --------- Co-authored-by: Faith Moraa Ombongi <ombongi.moraa.fe@gmail.com>
diff --git a/api-reference/beta/resources/security-api-overview.md b/api-reference/beta/resources/security-api-overview.md
@@ -105,6 +105,9 @@ The beta version of the security API offers two types of alerts that aggregate o
 - [Alerts and incidents](#alerts-and-incidents) - the latest generation of alerts in the Microsoft Graph security API. They're represented by the [alert](security-alert.md) resource and its collection, [incident](security-incident.md) resource, defined in the `microsoft.graph.security` namespace.
 - [Legacy alerts](#legacy-alerts) - the first generation of alerts in the Microsoft Graph security API. They're represented by the [alert](alert.md) resource defined in the `microsoft.graph` namespace.
 
+> [!IMPORTANT]
+> To see Sentinel alerts and incidents you must onboard Sentinel to the Defender Portal. For more information see [Connect Microsoft Sentinel to the Microsoft Defender portal](/unified-secops/microsoft-sentinel-onboard).
+
 ### Alerts and incidents
 
 These [alert](security-alert.md) resources first pull alert data from security provider services, that are either part of or integrated with [Microsoft 365 Defender](/microsoft-365/security/defender/microsoft-365-defender?view=o365-worldwide&preserve-view=true). Then they consume the data to return rich, valuable clues about a completed or ongoing attack, the impacted assets, and associated [evidence](security-alertevidence.md). In addition, they automatically correlate other alerts with the same attack techniques or the same attacker into an [incident](security-incident.md) to provide a broader context of an attack. They recommend response and remediation actions, offering consistent actionability across all the different providers. The rich content makes it easier for analysts to investigate and respond to threats collectively.
diff --git a/api-reference/v1.0/resources/security-api-overview.md b/api-reference/v1.0/resources/security-api-overview.md
@@ -69,7 +69,10 @@ Alerts are detailed warnings about suspicious activities in a customer's tenant
 
 The security API offers two types of alerts that aggregate other alerts from security providers and make analyzing attacks and determining responses easier: 
 - [Alerts and incidents](#alerts-and-incidents) - these are the latest generation of alerts in the Microsoft Graph security API. They're represented by the [alert](security-alert.md) resource and its collection, [incident](security-incident.md) resource, defined in the `microsoft.graph.security` namespace.
-- [Legacy alerts](#legacy-alerts) - these are the first generation of alerts in the Microsoft Graph security API. They're represented by the [alert](alert.md) resource defined in the `microsoft.graph` namespace.
+- [Legacy alerts](#legacy-alerts) - these are the first generation of alerts in the Microsoft Graph security AI. They're represented by the [alert](alert.md) resource defined in the `microsoft.graph` namespace.
+
+> [!IMPORTANT]
+> To see Sentinel alerts and incidents you must onboard Sentinel to the Defender Portal. For more information see [Connect Microsoft Sentinel to the Microsoft Defender portal](/unified-secops/microsoft-sentinel-onboard).
 
 ### Alerts and incidents
 
