diff --git a/Instructions/Labs/Lab_27_MicrosoftSentinelKustoQueries.md b/Instructions/Labs/Lab_27_MicrosoftSentinelKustoQueries.md
index 01bbb3a1..5136489b 100644
--- a/Instructions/Labs/Lab_27_MicrosoftSentinelKustoQueries.md
+++ b/Instructions/Labs/Lab_27_MicrosoftSentinelKustoQueries.md
@@ -77,11 +77,3 @@ Microsoft Sentinel is Microsoft's cloud-native SIEM and SOAR solution.  Through
 1. Select **Run**. 
 
 1. This will provide a list of User IDs on Microsoft Entra ID.  Since we have just created the workspace, you may not see results.  Note the format of the query.
-
-1. Under **Threat management** in the menu, select **Hunting**. 
-
-1. Scroll down to find the query **Anomalous sign-in location by user account and authenticating application**.  This query over Microsoft Entra sign-in considers all user sign-ins for each Microsoft Entra application and picks out the most anomalous change in location profile for a user within an individual application. The intent is to hunt for user account compromise, possibly via a specific application vector. 
-
-1. Select **View query results** to run the query.
-
-1. This may not provide results with the new workspace, but you now have seen how queries can be run to gather information or for hunting potential threats.