MicrosoftDocs
diff --git a/‎articles/azure-monitor/essentials/diagnostics-settings-policies-deployifnotexists.md
Lines changed: 11 additions & 13 deletions b/‎articles/azure-monitor/essentials/diagnostics-settings-policies-deployifnotexists.md
Lines changed: 11 additions & 13 deletions
diff --git a/‎articles/azure-monitor/essentials/media/diagnostics-settings-policies-deployifnotexists/policy-definitions.png
-21.7 KB b/‎articles/azure-monitor/essentials/media/diagnostics-settings-policies-deployifnotexists/policy-definitions.png
-21.7 KB
@@ -13,9 +13,9 @@ ms.reviewer: lualderm
 Policies and policy initiatives provide a simple method to enable logging at-scale via diagnostics settings for Azure Monitor. Using a policy initiative, you can turn on audit logging for all [supported resources](#supported-resources) in your Azure environment.  
 
 Enable resource logs to track activities and events that take place on your resources and give you visibility and insights into any changes that occur.
-Assign policies to enable resource logs and to send them to destinations according to your needs. Send logs to Event Hubs for third-party SIEM systems, enabling continuous security operations. Send logs to storage accounts for longer term storage or the fulfillment of regulatory compliance. 
+Assign policies to enable resource logs and to send them to destinations according to your needs. Send logs to event hubs for third-party SIEM systems, enabling continuous security operations. Send logs to storage accounts for longer term storage or the fulfillment of regulatory compliance. 
 
-A set of built-in policies and initiatives exists to direct resource logs to Log Analytics Workspaces, Event Hubs, and Storage Accounts. The policies enable audit logging, sending logs belonging to the **audit** log category group to an Event Hub, Log Analytics workspace or Storage Account. The policies' `effect` is `DeployIfNotExists`, which deploys the policy as a default if there aren't other settings defined.
+A set of built-in policies and initiatives exists to direct resource logs to Log Analytics Workspaces, Event Hubs, and Storage Accounts. The policies enable audit logging, sending logs belonging to the **audit** log category group to an event hub, Log Analytics workspace or Storage Account. The policies' `effect` is `DeployIfNotExists`, which deploys the policy as a default if there aren't other settings defined.
 
 
 ## Deploy policies.
@@ -31,7 +31,7 @@ The following steps show how to apply the policy to send audit logs to for key v
 1. Select **Monitoring** from the Category dropdown
 1. Enter *keyvault* in the **Search** field.
 1. Select the **Enable logging by category group for Key vaults (microsoft.keyvault/vaults) to Log Analytics** policy,
-    :::image type="content" source="./media/diagnostics-settings-policies-deployifnotexists/policy-definitions.png" alt-text="A screenshot of the policy definitions page.":::
+    :::image type="content" source="./media/diagnostics-settings-policies-deployifnotexists/policy-definitions.png" lightbox="./media/diagnostics-settings-policies-deployifnotexists/policy-definitions.png" alt-text="A screenshot of the policy definitions page.":::
 1. From the policy definition page, select **Assign**
 1. Select the **Parameters** tab.
 1. Select the Log Analytics Workspace that you want to send the audit logs to.
@@ -78,7 +78,7 @@ Find the role in the policy definition by searching for *roleDefinitionIds*
     az policy assignment identity assign --system-assigned --resource-group rg-001  --role 92aaf0da-9dab-42b6-94a3-d43ce8d16293 --identity-scope /subscriptions/12345678-aaaa-bbbb-cccc-1234567890ab/resourceGroups/rg001 --name policy-assignment-1
     ```
 
-    When assigning policies that send logs to Event Hubs, you must manually add the *Azure Event Hubs Data Owner* permissions for the event hub to your policy assigned identity.  
+    When assigning policies that send logs to event hubs, you must manually add the *Azure Event Hubs Data Owner* role for the event hub to your policy assigned identity.  
 
     ```azurecli
         az role assignment create --assignee <Principal ID> --role "Azure Event Hubs Data Owner" --scope /subscriptions/<subscription ID>/resourceGroups/<event hub's resource group>
@@ -137,7 +137,7 @@ To apply a policy using the PowerShell, use the following commands:
             New-AzRoleAssignment -Scope $rg.ResourceId -ObjectId $policyAssignment.Identity.PrincipalId -RoleDefinitionId $roleDefId
         }
     ```
-1. When assigning policies that send logs to Event Hubs, you must manually add the *Azure Event Hubs Data Owner* permissions for the event hub to your system assigned Managed Identity.  
+    When assigning policies that send logs to event hubs, you must manually add the *Azure Event Hubs Data Owner* role for the event hub to your system assigned Managed Identity.  
     ```azurepowershell
         New-AzRoleAssignment -Scope /subscriptions/<subscription ID>/resourceGroups/<event hub's resource group> -ObjectId $policyAssignment.Identity.PrincipalId -RoleDefinitionId "Azure Event Hubs Data Owner"
     ```
@@ -154,8 +154,8 @@ To apply a policy using the PowerShell, use the following commands:
     ```
 ---
 
-> [!Important]
-> When assigning policies that send logs to Event Hubs, you must manually add the *Azure Event Hubs Data Owner* permissions for the event hub to your policy assigned identity.  
+> [!Note]
+> When assigning policies that send logs to event hubs, you must manually add the *Azure Event Hubs Data Owner* role for the event hub to your policy assigned identity.  
 > Use the `az role assignment create` Azure CLI command.
 > ```azurecli
 >   az role assignment create --assignee <Principal ID> --role "Azure Event Hubs Data Owner" --scope /subscriptions/<subscription ID>/resourceGroups/<event hub's resource group>
@@ -166,11 +166,9 @@ To apply a policy using the PowerShell, use the following commands:
 >```
 >
 > Find your principal ID on the **Policy Assignment** page, **Managed Identity** tab.
-> :::image type="content" source="./media/diagnostics-settings-policies-deployifnotexists/find-principal.png" alt-text="{alt-text}":::
+> :::image type="content" source="./media/diagnostics-settings-policies-deployifnotexists/find-principal.png" alt-text="A screenshot showing the policy assignment page, managed identity tab.":::
  
 
-
-
 ## Remediation tasks
 
 Policies are applied to new resources when they're created. To apply a policy to existing resources, create a remediation task. Remediation tasks bring resources into compliance with a policy.
@@ -387,13 +385,13 @@ The following table describes the common parameters for each set of policies.
 
 ### Event Hubs policy parameters
 
-This policy deploys a diagnostic setting using a category group to route logs to an Event Hub.
+This policy deploys a diagnostic setting using a category group to route logs to an event hub.
 
 |Parameter| Description| Valid Values|Default|
 |---|---|---|---|
 |resourceLocation|Resource Location must be the same location as the event hub Namespace|Supported locations||
-|eventHubAuthorizationRuleId|Event Hub Authorization Rule ID. The authorization rule is at event hub namespace level. For example, /subscriptions/{subscription ID}/resourceGroups/{resource group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization rule}|||
-|eventHubName|Event Hub Name||Monitoring|
+|eventHubAuthorizationRuleId|Event hub Authorization Rule ID. The authorization rule is at event hub namespace level. For example, /subscriptions/{subscription ID}/resourceGroups/{resource group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization rule}|||
+|eventHubName|Event hub name||Monitoring|
 
 
 ### Storage Accounts policy parameters