Merge pull request #212815 from yelevin/patch-5

prmerger-automator[bot] · web-flow · commit 06190ef40929 · 2022-09-28T15:01:37.000Z
Private endpoints support disclaimer v2
diff --git a/articles/sentinel/automate-responses-with-playbooks.md b/articles/sentinel/automate-responses-with-playbooks.md
@@ -10,8 +10,6 @@ ms.custom: ignite-fall-2021
 
 # Automate threat response with playbooks in Microsoft Sentinel
 
-[!INCLUDE [Banner for top of topics](./includes/banner.md)]
-
 This article explains what Microsoft Sentinel playbooks are, and how to use them to implement your Security Orchestration, Automation and Response (SOAR) operations, achieving better results while saving time and resources.
 
 ## What is a playbook?
@@ -75,36 +73,38 @@ Azure Logic Apps communicates with other systems and services using connectors.
 
 Microsoft Sentinel now supports the following logic app resource types:
 
-- **Consumption**, which runs in multi-tenant Azure Logic Apps and uses classic, original Azure Logic Apps engine
-
-- **Standard**, which runs in single-tenant Azure Logic Apps and uses a redesigned Azure Logic Apps engine
+- **Consumption**, which runs in multi-tenant Azure Logic Apps and uses the classic, original Azure Logic Apps engine.
+- **Standard**, which runs in single-tenant Azure Logic Apps and uses a redesigned Azure Logic Apps engine.
 
-  This logic app type offers higher performance, fixed pricing, multiple workflow capability, easier API connections management, native network capabilities such as support for virtual networks and private endpoints, built-in CI/CD features, better Visual Studio Code integration, an updated workflow designer, and more.
+The **Standard** logic app type offers higher performance, fixed pricing, multiple workflow capability, easier API connections management, native network capabilities such as support for virtual networks and private endpoints (see note below), built-in CI/CD features, better Visual Studio Code integration, an updated workflow designer, and more.
 
-  To use this logic app version, create new Standard playbooks in Microsoft Sentinel. You can use these playbooks in the same ways that you use Consumption playbooks:
+To use this logic app version, create new Standard playbooks in Microsoft Sentinel (see note below). You can use these playbooks in the same ways that you use Consumption playbooks:
 
-  - Attach them to automation rules and/or analytics rules.
-  - Run them on demand, from both incidents and alerts.
-  - Manage them in the Active Playbooks tab.
+- Attach them to automation rules and/or analytics rules.
+- Run them on demand, from both incidents and alerts.
+- Manage them in the Active Playbooks tab.
 
-  > [!NOTE]
-  >
-  > - Standard workflows currently don't support Playbook templates, which means you can't create a Standard workflow from within Microsoft Sentinel. Instead, you must create the workflow in Azure Logic Apps. After creation, the workflow appears in Microsoft Sentinel.
-  >
-  > - An indicator identifies Standard workflows as either *stateful* or *stateless*. Microsoft Sentinel doesn't support stateless workflows at this time. Learn about the differences between [**stateful and stateless workflows**](../logic-apps/single-tenant-overview-compare.md#stateful-and-stateless-workflows).
+> [!NOTE]
+>
+> - Standard workflows currently don't support Playbook templates, which means you can't create a Standard workflow-based playbook directly in Microsoft Sentinel. Instead, you must create the workflow in Azure Logic Apps. After you've created the workflow, it appears as a playbook in Microsoft Sentinel.
+>
+> - Although Standard workflows support private endpoints as mentioned above, Microsoft Sentinel doesn't currently support the use of private endpoints in playbooks, even those based on Standard workflows.  
+>   Workflows with private endpoints might still be visible and selectable when you're choosing a playbook from a list in Microsoft Sentinel (whether to run manually, to add to an automation rule, or in the playbooks gallery), and you'll be able to select them, but their execution will fail.
+>   
+> - An indicator identifies Standard workflows as either *stateful* or *stateless*. Microsoft Sentinel doesn't support stateless workflows at this time. Learn about the differences between [**stateful and stateless workflows**](../logic-apps/single-tenant-overview-compare.md#stateful-and-stateless-workflows).
 
 There are many differences between these two resource types, some of which affect some of the ways they can be used in playbooks in Microsoft Sentinel. In such cases, the documentation will point out what you need to know. For more information, see [Resource type and host environment differences](../logic-apps/logic-apps-overview.md#resource-environment-differences) in the Azure Logic Apps documentation.
 
 ### Permissions required
 
  To give your SecOps team the ability to use Azure Logic Apps to create and run playbooks in Microsoft Sentinel, assign Azure roles to your security operations team or to specific users on the team. The following describes the different available roles, and the tasks for which they should be assigned:
 
-#### Roles for Azure Logic Apps
+#### Azure roles for Azure Logic Apps
 
 - **Logic App Contributor** lets you manage logic apps and run playbooks, but you can't change access to them (for that you need the **Owner** role).
-- **Logic App Operator**  lets you read, enable, and disable logic apps, but you can't edit or update them.
+- **Logic App Operator** lets you read, enable, and disable logic apps, but you can't edit or update them.
 
-#### Azure roles for Sentinel
+#### Azure roles for Microsoft Sentinel
 
 - **Microsoft Sentinel Contributor** role lets you attach a playbook to an analytics rule.
 - **Microsoft Sentinel Responder** role lets you run a playbook manually.
