diff --git a/api-reference/beta/api/security-incident-update.md b/api-reference/beta/api/security-incident-update.md
index aa7688660b1..4b98ac042fd 100644
--- a/api-reference/beta/api/security-incident-update.md
+++ b/api-reference/beta/api/security-incident-update.md
@@ -53,6 +53,7 @@ PATCH /security/incidents/{incidentId}
 |determination|microsoft.graph.security.alertDetermination|Specifies the determination of the incident. Possible values are: `unknown`, `apt`, `malware`, `securityPersonnel`, `securityTesting`, `unwantedSoftware`, `other`, `multiStagedAttack`, `compromisedAccount`, `phishing`, `maliciousUserActivity`, `notMalicious`, `notEnoughDataToValidate`, `confirmedUserActivity`, `lineOfBusinessApplication`, `unknownFutureValue`.|
 |displayName|String|The incident name.|
 |severity|microsoft.graph.security.alertSeverity|Indicates the possible impact on assets. The higher the severity, the bigger the impact. Typically, higher severity items require the most immediate attention. Possible values are: `unknown`, `informational`, `low`, `medium`, `high`, `unknownFutureValue`.|
+|resolvingComment|string|User input that explains the resolution of the incident and the classification choice. It contains free editable text.|
 |status|microsoft.graph.security.incidentStatus|The status of the incident. Possible values are: `active`, `resolved`, `redirected`, `unknownFutureValue`.|
 |summary|String|The overview of an attack. When applicable, the summary contains details of what occurred, impacted assets, and the type of attack.|
 
diff --git a/api-reference/beta/resources/devicemanagement-alertrule.md b/api-reference/beta/resources/devicemanagement-alertrule.md
index 8be50d0b9c7..6ff94d9efee 100644
--- a/api-reference/beta/resources/devicemanagement-alertrule.md
+++ b/api-reference/beta/resources/devicemanagement-alertrule.md
@@ -33,7 +33,7 @@ For more information, see the [monitoring](devicemanagement-monitoring.md) resou
 
 |Property|Type|Description|
 |:---|:---|:---|
-|alertRuleTemplate|[microsoft.graph.deviceManagement.alertRuleTemplate](#alertruletemplate-values)|The rule template of the alert event. The possible values are: `cloudPcProvisionScenario`, `cloudPcImageUploadScenario`, `cloudPcOnPremiseNetworkConnectionCheckScenario`, `cloudPcInGracePeriodScenario`, `cloudPcFrontlineInsufficientLicensesScenario`, `cloudPcInaccessibleScenario`. Note that you must use the `Prefer: include-unknown-enum-members` request header to get the following values from this [evolvable enum](/graph/best-practices-concept#handling-future-members-in-evolvable-enumerations): `cloudPcInGracePeriodScenario`.|
+|alertRuleTemplate|[microsoft.graph.deviceManagement.alertRuleTemplate](#alertruletemplate-values)|The rule template of the alert event. The possible values are: `cloudPcProvisionScenario`, `cloudPcImageUploadScenario`, `cloudPcOnPremiseNetworkConnectionCheckScenario`, `unknownFutureValue`, `cloudPcInGracePeriodScenario`, `cloudPcFrontlineInsufficientLicensesScenario`, `cloudPcInaccessibleScenario`, and `cloudPcFrontlineConcurrencyScenario`.  Note that you must use the `Prefer: include-unknown-enum-members` request header to get the following values from this [evolvable enum](/graph/best-practices-concept#handling-future-members-in-evolvable-enumerations): `cloudPcInGracePeriodScenario`, `cloudPcFrontlineInsufficientLicensesScenario`, `cloudPcInaccessibleScenario`, and `cloudPcFrontlineConcurrencyScenario`.|
 |description|String|The rule description.|
 |displayName|String|The display name of the rule.|
 |enabled|Boolean|The status of the rule that indicates whether the rule is enabled or disabled. If `true`, the rule is enabled; otherwise, the rule is disabled.|
@@ -55,6 +55,7 @@ For more information, see the [monitoring](devicemanagement-monitoring.md) resou
 |cloudPcInGracePeriodScenario |The alert rule was triggered when the Cloud PC entered the grace period.|
 |cloudPcFrontlineInsufficientLicensesScenario| The alert rule was triggered for the Frontline Cloud PCs where more concurrent Cloud PC connections were active than the concurrency limit allows.|
 |cloudPcInaccessibleScenario| The alert rule was triggered when Cloud PCs couldn't connect due to host health failure, connection errors, or a zone outage. Alternatively, because they were under provisioning or restoring device status.|
+|cloudPcFrontlineConcurrencyScenario| Indicates that the alert rule was triggered for all conditions of the Frontline Cloud PCs concurrency usage. It includes buffer usage conditions for now.|
 
 ### ruleSeverityType values
 
diff --git a/api-reference/beta/resources/devicemanagement-rulecondition.md b/api-reference/beta/resources/devicemanagement-rulecondition.md
index fe37d865839..bf49dde2f75 100644
--- a/api-reference/beta/resources/devicemanagement-rulecondition.md
+++ b/api-reference/beta/resources/devicemanagement-rulecondition.md
@@ -47,7 +47,9 @@ Represents the rule conditions for an [alert rule](devicemanagement-alertrule.md
 |cloudPcConnectionErrors| The rule condition targets Cloud PC connection errors.|
 |cloudPcHostHealthCheckFailures| The rule condition targets Cloud PC host health check failures.|
 |cloudPcZoneOutage| The rule condition targets Cloud PC zone outage.|
-|unknownFutureValue| Evolvable enumeration sentinel value. Do not use.|
+|unknownFutureValue| Evolvable enumeration sentinel value. Don't use.|
+|frontlineBufferUsageDuration| The alert rule condition targets Frontline buffer usage exceeds time duration.|
+|frontlineBufferUsageThreshold| The alert rule condition targets Frontline buffer usage exceeds limiting frequency.|
 
 ### aggregationType values
 
@@ -57,7 +59,8 @@ Represents the rule conditions for an [alert rule](devicemanagement-alertrule.md
 |percentage|The percentage of the items that match the rule conditions.|
 |affectedCloudPcCount|The total number of Cloud PCs that meet the rule conditions.|
 |affectedCloudPcPercentage|The percentage of Cloud PCs that meet the rule conditions.|
-|unknownFutureValue|Evolvable enumeration sentinel value. Do not use.|
+|unknownFutureValue|Evolvable enumeration sentinel value. Don't use.|
+|durationInMinutes| The time range during which Cloud PCs that meet the alert rule conditions are affected.|
 
 ### operatorType values
 
@@ -69,7 +72,7 @@ Represents the rule conditions for an [alert rule](devicemanagement-alertrule.md
 |less|The operator is less than the threshold target.|
 |lessOrEqual|The operator is less than or equal to the threshold target.|
 |notEqual|The operator isn't equal to the threshold target.|
-|unknownFutureValue|Evolvable enumeration sentinel value. Do not use.|
+|unknownFutureValue|Evolvable enumeration sentinel value. Don't use.|
 
 ## Relationships
 
diff --git a/api-reference/v1.0/api/security-incident-update.md b/api-reference/v1.0/api/security-incident-update.md
index c3584b52903..b3c29340359 100644
--- a/api-reference/v1.0/api/security-incident-update.md
+++ b/api-reference/v1.0/api/security-incident-update.md
@@ -51,6 +51,7 @@ PATCH /security/incidents/{incidentId}
 |determination|microsoft.graph.security.alertDetermination|Specifies the determination of the incident. Possible values are: `unknown`, `apt`, `malware`, `securityPersonnel`, `securityTesting`, `unwantedSoftware`, `other`, `multiStagedAttack`, `compromisedAccount`, `phishing`, `maliciousUserActivity`, `notMalicious`, `notEnoughDataToValidate`, `confirmedUserActivity`, `lineOfBusinessApplication`, `unknownFutureValue`.|
 |displayName|String|The incident name.|
 |severity|microsoft.graph.security.alertSeverity|Indicates the possible impact on assets. The higher the severity, the bigger the impact. Typically, higher severity items require the most immediate attention. Possible values are: `unknown`, `informational`, `low`, `medium`, `high`, `unknownFutureValue`.|
+|resolvingComment|string|User input that explains the resolution of the incident and the classification choice. It contains free editable text.|
 |status|microsoft.graph.security.incidentStatus|The status of the incident. Possible values are: `active`, `resolved`, `redirected`, `unknownFutureValue`.|
 |summary|String|The overview of an attack. When applicable, the summary contains details of what occurred, impacted assets, and the type of attack.|
 
diff --git a/changelog/Microsoft.DeviceManagement.Monitoring.json b/changelog/Microsoft.DeviceManagement.Monitoring.json
index 2e68d499890..4ed2d42664f 100644
--- a/changelog/Microsoft.DeviceManagement.Monitoring.json
+++ b/changelog/Microsoft.DeviceManagement.Monitoring.json
@@ -1,5 +1,47 @@
 {
   "changelog": [
+    {
+        "ChangeList": [
+          {
+            "Id": "2785679c-6f41-4aae-87cf-41ac2a5ca5ea",
+            "ApiChange": "Member",
+            "ChangedApiName": "durationInMinutes",
+            "ChangeType": "Addition",
+            "Description": "Added the `durationInMinutes` member to the **aggregationType** enumeration.",
+            "Target": "aggregationType"
+          },
+          {
+            "Id": "2785679c-6f41-4aae-87cf-41ac2a5ca5ea",
+            "ApiChange": "Member",
+            "ChangedApiName": "cloudPcFrontlineConcurrencyScenario",
+            "ChangeType": "Addition",
+            "Description": "Added the `cloudPcFrontlineConcurrencyScenario` member to the **alertRuleTemplate** enumeration.",
+            "Target": "alertRuleTemplate"
+          },
+          {
+            "Id": "2785679c-6f41-4aae-87cf-41ac2a5ca5ea",
+            "ApiChange": "Member",
+            "ChangedApiName": "frontlineBufferUsageDuration",
+            "ChangeType": "Addition",
+            "Description": "Added the `frontlineBufferUsageDuration` member to the **conditionCategory** enumeration.",
+            "Target": "conditionCategory"
+          },
+          {
+            "Id": "2785679c-6f41-4aae-87cf-41ac2a5ca5ea",
+            "ApiChange": "Member",
+            "ChangedApiName": "frontlineBufferUsageThreshold",
+            "ChangeType": "Addition",
+            "Description": "Added the `frontlineBufferUsageThreshold` member to the **conditionCategory** enumeration.",
+            "Target": "conditionCategory"
+          }
+      ],
+        "Id": "2785679c-6f41-4aae-87cf-41ac2a5ca5ea",
+        "Cloud": "Prod",
+        "Version": "beta",
+        "CreatedDateTime": "2024-11-12T10:40:03.4590295Z",
+        "WorkloadArea": "Device and app management",
+        "SubArea": "Cloud PC"
+    },
     {
       "ChangeList": [
         {
diff --git a/changelog/Microsoft.DirectoryServices.json b/changelog/Microsoft.DirectoryServices.json
index 197d628c60a..876ea1123ef 100644
--- a/changelog/Microsoft.DirectoryServices.json
+++ b/changelog/Microsoft.DirectoryServices.json
@@ -1,6 +1,5 @@
 {
   "changelog": [
-    ,
     {
       "ChangeList": [
         {
diff --git a/concepts/whats-new-overview.md b/concepts/whats-new-overview.md
index c51390a5676..07df27ac442 100644
--- a/concepts/whats-new-overview.md
+++ b/concepts/whats-new-overview.md
@@ -25,7 +25,7 @@ For details about previous updates to Microsoft Graph, see [Microsoft Graph what
 
 ### Security | Alerts and incidents
 
-Enabled the **description**, **displayName**, and **severity** properties as supported properties in an [Update incident](/graph/api/resources/security-incident) request.
+Enabled the **description**, **displayName**, **resolvingComment**, and **severity** properties as supported properties in an [Update incident](/graph/api/resources/security-incident) request.
 
 ### Teamwork and communications | Shift management