rearranging

shlipsey3 · shlipsey3 · commit 257c2a83678b · 2023-03-03T16:41:54.000-07:00
diff --git a/articles/active-directory/reports-monitoring/howto-use-recommendations.md b/articles/active-directory/reports-monitoring/howto-use-recommendations.md
@@ -23,18 +23,51 @@ The Azure Active Directory (Azure AD) recommendations feature provides you with
 
 This article covers how to work with Azure AD recommendations. Each Azure AD recommendation contains similar details such as a description, the value of addressing the recommendation, and the steps to address the recommendation. Microsoft Graph API guidance is also provided in this article.
 
-## Access and view the details of a recommendation
+## Role requirements
 
-To update the status of a recommendation or a related resource, sign in to Azure using a least privilege role for *update and read-only* access.
+There are different role requirements for viewing or updating a recommendation. Use the least-privileged role for the type of access needed.
 
-- Security Administrator
-- Security Operator
-- Cloud apps Administrator
-- Apps Administrator
+| Azure AD role | Access type |
+|---- |---- |
+| Reports Reader | Read-only | 
+| Security Reader | Read-only |
+| Global Reader | Read-only |
+| Cloud apps Administrator | Update and read |
+| Apps Administrator | Update and read |
+| Security Operator | Update and read |
+| Security Administrator | Update and read |
+
+Some recommendations may require a P2 or other license. Refer to the [Recommendation availability and license requirements](overview-recommendations.md#recommendation-availability-and-license-requirements).
+
+## How to read a recommendation
+
+Each recommendation provides the same set of details that explain what the recommendation is, why it's important, and how to fix it.
+
+The **Status** of a recommendation can be updated manually or automatically by the system. If all resources are addressed according to the action plan, the status automatically changes to *Completed* the next time the recommendations service runs. The recommendation service runs every 24-48 hours, depending on the recommendation. 
+
+The **Priority** of a recommendation could be low, medium, or high. These values are determined by several factors, such as security implications, health concerns, or potential breaking changes.
+
+- **High**: Must do. Not acting will result in severe security implications or potential downtime.
+- **Medium**: Should do. No severe risk if action isn't taken.
+- **Low**: Might do. No security risks or health concerns if action isn't taken.
+
+The **Impacted resources** for a recommendation could be things like applications or users. This detail gives you an idea of what type of resources you need to address. The impacted resource could also be at the tenant level, so you may need to make a global change. 
+
+![Screenshot of a recommendation's status, priority, and impacted resource type.](./media/overview-recommendations/recommendation-status-risk.png)
+
+The **Status description** tells you the date the recommendation status changed and if it was changed by the system or a user.
+
+The recommendation's **Value** is an explanation of why completing the recommendation will benefit you, and the value of the associated feature. 
+
+The **Action plan** provides step-by-step instructions to implement a recommendation. May include links to relevant documentation or direct you to other pages in the Azure AD portal.
+
+## How to update a recommendation
+
+To update the status of a recommendation or a related resource, sign in to Azure using a least-privileged role for updating a recommendation.
 
 1. Go to **Azure AD** > **Recommendations**.
 
-1. Select a recommendation from the list to view the details, status, and action plan. 
+1. Select a recommendation from the list to view the details, status, and action plan.
 
     ![Screenshot of the list of recommendations.](./media/howto-use-recommendations/recommendations-list.png)
 
diff --git a/articles/active-directory/reports-monitoring/overview-recommendations.md b/articles/active-directory/reports-monitoring/overview-recommendations.md
@@ -35,60 +35,18 @@ This article gives you an overview of how you can use Azure AD recommendations.
 The Azure AD recommendations feature is the Azure AD specific implementation of [Azure Advisor](../../advisor/advisor-overview.md), which is a personalized cloud consultant that helps you follow best practices to optimize your Azure deployments. Azure Advisor analyzes your resource configuration and usage data to recommend solutions that can help you improve the cost effectiveness, performance, reliability, and security of your Azure resources.
 
 *Azure AD recommendations* use similar data to support you with the roll-out and management of Microsoft's best practices for Azure AD tenants to keep your tenant in a secure and healthy state. The Azure AD recommendations feature provides a holistic view into your tenant's security, health, and usage. 
- 
-## How it works
-
-On a daily basis, Azure AD analyzes the configuration of your tenant. During this analysis, Azure AD compares the data of a recommendation with the actual configuration of your tenant. If a recommendation is flagged as applicable to your tenant, the recommendation appears in the **Recommendations** section of the Azure AD Overview area. The recommendations are listed in order of priority so you can quickly determine where to focus first. 
-
-Each recommendation contains a description, a summary of the value of addressing the recommendation, and a step-by-step action plan. If applicable, impacted resources associated with the recommendation are listed, so you can resolve each affected area. If a recommendation doesn't have any associated resources, the impacted resource type is *Tenant level*, so your step-by-step action plan impacts the entire tenant and not just a specific resource.
-
-![Screenshot of the Overview page of the tenant with the Recommendations option highlighted.](./media/overview-recommendations/recommendations-preview-option-tenant-overview.png)
-
->[!TIP]
->Looking for how to view and manage recommendations using Microsoft Graph? Check out the Microsoft Graph section of the **[How to use Azure AD recommendations](howto-use-recommendations.md#use-microsoft-graph-with-azure-active-directory-recommendations)** article.
->
-
-## Recommendation details
-
-Each recommendation provides the same set of details that explain what the recommendation is, why it's important, and how to fix it.
-
-The **Status** of a recommendation can be updated manually or automatically by the system. If all resources are addressed according to the action plan, the status automatically changes to *Completed* the next time the recommendations service runs. The recommendation service runs every 24-48 hours, depending on the recommendation. 
-
-The **Priority** of a recommendation could be low, medium, or high. These values are determined by several factors, such as security implications, health concerns, or potential breaking changes.
-
-- **High**: Must do. Not acting will result in severe security implications or potential downtime.
-- **Medium**: Should do. No severe risk if action isn't taken.
-- **Low**: Might do. No security risks or health concerns if action isn't taken.
 
-The **Impacted resources** for a recommendation could be things like applications or users. This detail gives you an idea of what type of resources you need to address. The impacted resource could also be at the tenant level, so you may need to make a global change. 
-
-![Screenshot of a recommendation's status, priority, and impacted resource type.](./media/overview-recommendations/recommendation-status-risk.png)
-
-The **Status description** tells you the date the recommendation status changed and if it was changed by the system or a user.
-
-The recommendation's **Value** is an explanation of why completing the recommendation will benefit you, and the value of the associated feature. 
-
-The **Action plan** provides step-by-step instructions to implement a recommendation. May include links to relevant documentation or direct you to other pages in the Azure AD portal.
-
-## Roles and licenses
+## How it works
 
-| Azure AD role | Access type |
-|---- |---- |
-| Reports Reader | Read-only | 
-| Security Reader | Read-only |
-| Global Reader | Read-only |
-| Cloud apps Administrator | Update and read |
-| Apps Administrator | Update and read |
-| Security Operator | Update and read |
-| Security Administrator | Update and read |
+On a daily basis, Azure AD analyzes the configuration of your tenant. During this analysis, Azure AD compares the data of a recommendation with the actual configuration of your tenant. If a recommendation is flagged as applicable to your tenant, the recommendation appears in the **Recommendations** section of the Azure AD Overview area. The recommendations are listed in order of priority so you can quickly determine where to focus first.
 
-The Azure AD recommendations feature is automatically enabled. If you'd like to disable this feature, go to **Azure AD** > **Preview features**. Locate the **Recommendations** feature, and change the **State**.
+![Screenshot of the Overview page of the tenant with the Recommendations option highlighted.](./media/overview-recommendations/recommendations-preview-option-tenant-overview.png) 
 
-Azure AD only displays the recommendations that apply to your tenant, so you may not see all supported recommendations listed. Currently, all recommendations are available in all tenants, regardless of the license type.
+Each recommendation contains a description, a summary of the value of addressing the recommendation, and a step-by-step action plan. If applicable, impacted resources associated with the recommendation are listed, so you can resolve each affected area. If a recommendation doesn't have any associated resources, the impacted resource type is *Tenant level*, so your step-by-step action plan impacts the entire tenant and not just a specific resource.
 
-### Recommendation availability and license requirements
+## Recommendation availability and license requirements
 
-The recommendations listed in the following table are currently available as a public preview or general availability. The license requirements for recommendations in public preview are subject to change. The table provides the impacted resources and links to available documentation.
+The recommendations listed in the following table are currently available in public preview or general availability. The license requirements for recommendations in public preview are subject to change. The table provides the impacted resources and links to available documentation.
 
 | Recommendation  | Impacted resources | Required license | Availability |
 |---- |---- |---- |---- |
@@ -101,11 +59,9 @@ The recommendations listed in the following table are currently available as a p
 | [Renew expiring application credentials](recommendation-renew-expiring-application-credential.md) | Applications | P2 | Preview |
 | [Renew expiring service principal credentials](recommendation-renew-expiring-service-principal-credential.md) | Applications | P2 | Preview |
 
+Azure AD only displays the recommendations that apply to your tenant, so you may not see all supported recommendations listed.
+
 ## Next steps
 
 * [Learn how to use Azure AD recommendations](howto-use-recommendations.md)
-* [Explore the details of the "Turn off per-user MFA" recommendation](recommendation-turn-off-per-user-mfa.md)
-
-
-
-The recommendations listed in the following table are currently available to Azure AD tenants with a P2 license (subject to change).
+* [Explore the details of the "Turn off per-user MFA" recommendation](recommendation-turn-off-per-user-mfa.md)
