Update articles/sentinel/sap/prerequisites-for-deploying-sap-continuous-threat-monitoring.md

Author: batamig

articles/sentinel/sap/prerequisites-for-deploying-sap-continuous-threat-monitoring.md

@@ -49,7 +49,7 @@ Typically, Azure prerequisites are managed by your **security** teams.
 | Prerequisite | Description |Required/optional |
 | ---- | ----------- |----------- |
 | **Access to Microsoft Sentinel** | Make a note of your *workspace ID and *primary key* for your Log Analytics workspace enabled for Microsoft Sentinel.<br>You can find these details in Microsoft Sentinel: from the navigation menu, select **Settings** > **Workspace settings** > **Agents management**. Copy the *Workspace ID* and *Primary key* and paste them aside for use during the deployment process. |Required |
-| **Permissions to create Azure resources** | You must have the necessary permissions to deploy solutions from the Microsoft Sentinel content hub. For more information, see [Prerequisites for deploying Microsoft Sentinel solutions](../sentinel-solutions-deploy.md#prerequisites) and [Microsoft Entra built-in roles](/entra/identity/role-based-access-control/permissions-reference#application-administrator). <br><br>You must also have an **Owner** role on the Microsoft Sentinel resource group, which is required for:<br><br>- Creating the data collection rule and data collection endpoint.<br>- Assigning the **Monitoring Metrics Publisher** role on the data collection rule. |Required |
+| **Permissions to create Azure resources** | You must have the necessary permissions to deploy solutions from the Microsoft Sentinel content hub. <br><br>You must also have an **Owner** role on the Microsoft Sentinel resource group, which is required for:<br>- Creating the data collection rule and data collection endpoint.<br>- Assigning the **Monitoring Metrics Publisher** role on the data collection rule. <br><br>For more information, see [Prerequisites for deploying Microsoft Sentinel solutions](../sentinel-solutions-deploy.md#prerequisites) and [Microsoft Entra built-in roles](/entra/identity/role-based-access-control/permissions-reference#application-administrator). |Required |
 | **Permissions to create an Azure key vault or access an existing one** | Use Azure Key Vault to store secrets required to connect to your SAP system. For more information, see [Assign key vault access permissions](deploy-data-connector-agent-container.md#assign-key-vault-access-permissions). |Required if you plan to store the SAP system credentials in Azure Key Vault. <br><br>Optional if you plan to store them in a configuration file. For more information, see [Create a virtual machine and configure access to your credentials](deploy-data-connector-agent-container.md#create-a-virtual-machine-and-configure-access-to-your-credentials).|
 | **Permissions to assign a privileged role to the SAP data connector agent** | Deploying the SAP data connector agent requires that you grant your agent's VM identity with specific permissions to the Microsoft Sentinel workspace, using the **Microsoft Sentinel Business Applications Agent Operator** role. To grant this role, you need **Owner** permissions on the resource group where your Microsoft Sentinel workspace resides. <br><br>For more information, see [Connect your SAP system by deploying your data connector agent container](deploy-data-connector-agent-container.md). | Required. <br> If you don't have **Owner** permissions on the resource group, the relevant step can also be performed by another user who does have the relevant permissions, separately after the agent is fully deployed.|