Add access roles for Standard and fix formatting

ecfan · ecfan · commit 49de0ea30ab2 · 2024-08-15T11:47:45.000-07:00
diff --git a/articles/sentinel/automation/create-playbooks.md b/articles/sentinel/automation/create-playbooks.md
@@ -27,8 +27,8 @@ This article describes how to create and manage Microsoft Sentinel playbooks. Yo
 
 To create and manage playbooks, you need access to Microsoft Sentinel with one of the following Azure roles:
 
-| Logic app workflow | Azure roles | Description |
-|--------------------|-------------|-------------|
+| Logic app | Azure roles | Description |
+|-----------|-------------|-------------|
 | Consumption | **Logic App Contributor** | Edit and manage logic apps. |
 | Consumption | **Logic App Operator** | Read, enable, and disable logic apps. |
 | Standard | **Logic Apps Standard Operator** | Enable, resubmit, and disable workflows. |
diff --git a/articles/sentinel/automation/logic-apps-playbooks.md b/articles/sentinel/automation/logic-apps-playbooks.md
@@ -36,19 +36,19 @@ Azure Logic Apps also supports other types of connectors, such as managed connec
 
 ## Supported logic app types
 
-Microsoft Sentinel supports both *consumption* and *standard* Azure Logic Apps resource types:
+Microsoft Sentinel supports both Consumption and Standard logic apps:
 
-- **Consumption** resources run in multitenant Azure Logic Apps and use the classic, original Azure Logic Apps engine.
+- **Consumption**: Runs in multitenant Azure Logic Apps, and uses the classic, original Azure Logic Apps engine.
 
-- **Standard** resources run in single-tenant Azure Logic Apps and use a more recently designed Azure Logic Apps engine.
+- **Standard**: Runs in single-tenant Azure Logic Apps, and uses a more recently designed Azure Logic Apps engine.
 
-    Standard resources offer higher performance, fixed pricing, multiple workflow capability, easier API connections management, built-in network capabilities and CI/CD features, and more. However, the following playbook functionality differs for Standard resources in Microsoft Sentinel:
+   Standard resources offer higher performance, fixed pricing, multiple workflow capability, easier API connections management, built-in network capabilities and CI/CD features, and more. However, the following playbook functionality differs for Standard logic apps in Microsoft Sentinel:
 
-    |Feature  |Description  |
-    |---------|---------|
-    |**Creating playbooks**  | Playbook templates aren't currently supported for Standard workflows, which means that you can't use a template to create your playbook directly in Microsoft Sentinel. <br><br>Instead, create your workflow manually in Azure Logic Apps to use it as a playbook in Microsoft Sentinel.       |
-    |**Private endpoints**    |   If you're using Standard workflows with private endpoints, Microsoft Sentinel requires you to [define an access restriction policy in Logic apps](../define-playbook-access-restrictions.md) to support those private endpoints in any playbooks based on Standard workflows. <br><br> Without an access restriction policy, workflows with private endpoints might still be visible and selectable in Microsoft Sentinel, but running them will fail. |
-    |**Stateless workflows**    | While Standard workflows support both *stateful* and *stateless* in Azure Logic Apps, Microsoft Sentinel doesn't support stateless workflows. <br><br>For more information, see [Stateful and stateless workflows](/azure/logic-apps/single-tenant-overview-compare#stateful-and-stateless-workflows).
+  | Feature | Description |
+  |---------|-------------|
+  | **Creating playbooks** | Playbook templates aren't currently supported for Standard workflows, which means that you can't use a template to create your playbook directly in Microsoft Sentinel. <br><br>Instead, create your workflow manually in Azure Logic Apps to use it as a playbook in Microsoft Sentinel. |
+  | **Private endpoints** | If you're using Standard workflows with private endpoints, Microsoft Sentinel requires you to [define an access restriction policy in Logic apps](../define-playbook-access-restrictions.md) to support those private endpoints in any playbooks based on Standard workflows. <br><br>Without an access restriction policy, workflows with private endpoints might still be visible and selectable in Microsoft Sentinel, but running them will fail. |
+  | **Stateless workflows** | While Standard workflows support both *stateful* and *stateless* in Azure Logic Apps, Microsoft Sentinel doesn't support stateless workflows. <br><br>For more information, see [Stateful and stateless workflows](/azure/logic-apps/single-tenant-overview-compare#stateful-and-stateless-workflows). |
 
 ## Playbook authentications to Microsoft Sentinel
 
diff --git a/articles/sentinel/includes/playbooks-roles.md b/articles/sentinel/includes/playbooks-roles.md
@@ -1,19 +1,27 @@
 ---
 title: include
-ms.date: 04/17/2024
+ms.date: 08/15/2024
 ms.topic: include
 ---
 
 <!-- docutune:disable -->
 
-|Role  |Description  |
-|---------|---------|
+| Role | Description  |
+|------|--------------|
 | **Owner** | Lets you grant access to playbooks in the resource group. |
-| **Logic App Contributor**        |   Lets you manage logic apps and run playbooks. Doesn't allow you to grant access to playbooks. |
-| **Logic App Operator**     |    Lets you read, enable, and disable logic apps. Doesn't allow you to edit or update logic apps.
-|    **Microsoft Sentinel Contributor**     |  Lets you attach a playbook to an analytics or automation rule.      |
-|   **Microsoft Sentinel Responder**      |    Lets you access an incident in order to run a playbook manually, but doesn't allow you to run the playbook.   |
-|**Microsoft Sentinel Playbook Operator** | Lets you run a playbook manually.|
-| **Microsoft Sentinel Automation Contributor**| Allows automation rules to run playbooks. This role isn't used for any other purpose.|
+| **Microsoft Sentinel Contributor** |Lets you attach a playbook to an analytics or automation rule.      |
+| **Microsoft Sentinel Responder** | Lets you access an incident in order to run a playbook manually, but doesn't allow you to run the playbook. |
+| **Microsoft Sentinel Playbook Operator** | Lets you run a playbook manually. |
+| **Microsoft Sentinel Automation Contributor** | Allows automation rules to run playbooks. This role isn't used for any other purpose. |
 
-The **Active playbooks** tab on the **Automation** page displays all active playbooks available across any selected subscriptions. By default, a playbook can be used only within the subscription to which it belongs, unless you specifically grant Microsoft Sentinel permissions to the playbook's resource group.
+The following table describes required roles based on whether you select a *Consumption* or *Standard* logic app to create your playbook:
+
+| Logic app | Azure roles | Description |
+|-----------|-------------|-------------|
+| Consumption | **Logic App Contributor** | Edit and manage logic apps. Run playbooks. Doesn't allow you to grant access to playbooks. |
+| Consumption | **Logic App Operator** | Read, enable, and disable logic apps. Doesn't allow you to edit or update logic apps. |
+| Standard | **Logic Apps Standard Operator** | Enable, resubmit, and disable workflows in a logic app. |
+| Standard | **Logic Apps Standard Developer** | Create and edit logic apps. |
+| Standard | **Logic Apps Standard Contributor** | Manage all aspects of a logic app. |
+
+The **Active playbooks** tab on the **Automation** page displays all active playbooks available across any selected subscriptions. By default, a playbook can be used only within the subscription to which it belongs, unless you specifically grant Microsoft Sentinel permissions to the playbook's resource group.
