diff --git a/Playbooks/Get-MDEFileActivityWithin30Mins/readme.md b/Playbooks/Get-MDEFileActivityWithin30Mins/readme.md
index 1bf08a6a88..684116b7af 100644
--- a/Playbooks/Get-MDEFileActivityWithin30Mins/readme.md
+++ b/Playbooks/Get-MDEFileActivityWithin30Mins/readme.md
@@ -5,16 +5,21 @@ author: Dennis Pike
 This Playbook queries Microsoft Defender for Endpoint telemetry data via the Microsoft 365 Defender Advanced Hunting API for all File Events (Read, Write, Modify, Delete) that occur within 30 minutes of the incident and adds a comment to the incident specifying the number of File Events and KQL query that will list all of the events.
 
 ## Required Paramaters
--Region
--Playbook Name
--User Name - this is used to pre-populate the username used in the various Azure connections 
+-Region<br />
+-Playbook Name<br />
+-User Name - this is used to pre-populate the username used in the various Azure connections <br />
 
-an Azure AD App registration with required API permissions and secret will needed to provide the following parameters
-https://docs.microsoft.com/en-us/microsoft-365/security/mtp/api-advanced-hunting?view=o365-worldwide
+An Azure AD App registration with required API permissions and secret will needed to provide the following parameters
+https://docs.microsoft.com/en-us/microsoft-365/security/mtp/api-advanced-hunting?view=o365-worldwide<br />
 
--Tenant ID
--Client ID
--Secret
+-Tenant ID<br />
+-Client ID<br />
+-Secret<br />
+
+The File Events are stored in a Log Analytics Workspace (preferable the one you have Sentinel enabled on) so you will need the Workspace ID and Workspace Key which can be found under Sentinel > Settings > Workspace Settings > Agents Management
+
+- Workspace ID<br />
+- Workspace Key<br />
 
 ### Necessary configuration steps