reports-bulk-updates-082223

Author: shlipsey3

articles/active-directory/includes/diagnostic-settings-include.md

@@ -13,7 +13,7 @@ ms.custom: include file
 
 1. Sign in to the [Azure portal](https://portal.azure.com) as a **Security Administrator**.
 
-1. Go to **Azure Active Directory** > **Diagnostic settings**. You can also select **Export Settings** from either the **Audit Logs** or **Sign-ins** page.
+1. Browse to **Azure Active Directory** > **Monitoring** > **Diagnostic settings**. You can also select **Export Settings** from either the **Audit Logs** or **Sign-ins** page.
 
 1. Select **+ Add diagnostic setting** to create a new integration or select **Edit setting** for an existing integration.
 

articles/active-directory/reports-monitoring/concept-audit-logs.md

@@ -1,7 +1,7 @@
 ---
 
-title: Audit logs in Azure Active Directory
-description: Overview of the audit logs in Azure Active Directory.
+title: Learn about the audit logs in Azure Active Directory
+description: Overview of the audit logs available in Azure Active Directory.
 services: active-directory
 author: shlipsey3
 manager: amycolannino
@@ -12,8 +12,9 @@ ms.subservice: report-monitor
 ms.date: 11/04/2022
 ms.author: sarahlipsey
 ms.reviewer: besiler
-ms.collection: M365-identity-device-management
+
 ---
+
 # Audit logs in Azure Active Directory 
 
 Azure Active Directory (Azure AD) activity logs include audit logs, which is a comprehensive report on every logged event in Azure AD. Changes to applications, groups, users, and licenses are all captured in the Azure AD audit logs.
@@ -25,59 +26,28 @@ Two other activity logs are also available to help monitor the health of your te
 
 This article gives you an overview of the audit logs.
 
-## What is it?
-
-Audit logs in Azure AD provide access to system activity records, often needed for compliance. This log is categorized by user, group, and application management.
+## What can you do with audit logs?
 
-With a user-centric view, you can get answers to questions such as:
+Audit logs in Azure AD provide access to system activity records, often needed for compliance. You can get answers to questions related to users, groups, and applications.
 
-- What types of updates have been applied to users?
+**Users:**
 
+- What types of changes were recently applied to users?
 - How many users were changed?
-
 - How many passwords were changed?
 
-- What has an administrator done in a directory?
-
-
-With a group-centric view, you can get answers to questions such as:
-
-- What are the groups that have been added?
-
-- Are there groups with membership changes?
+**Groups:**
 
+- What groups were recently added?
 - Have the owners of group been changed?
-
 - What licenses have been assigned to a group or a user?
 
+**Applications:**
 
-With an application-centric view, you can get answers to questions such as:
-
-- What applications have been added or updated?
-
-- What applications have been removed?
-
+- What applications have been added, updated, or removed?
 - Has a service principal for an application changed?
-
 - Have the names of applications been changed?
-
-- Who gave consent to an application?
-
 
-## How do I access it?
-
-To access the audit log for a tenant, you must have one of the following roles: 
-
-- Reports Reader
-- Security Reader
-- Security Administrator
-- Global Reader
-- Global Administrator
-
-Sign in to the [Azure portal](https://portal.azure.com) and go to **Azure AD** and select **Audit log** from the **Monitoring** section.
-
-The audit activity report is available in [all editions of Azure AD](reference-reports-data-retention.md#how-long-does-azure-ad-store-the-data). If you have an Azure Active Directory P1 or P2 license, you can access the audit log through the [Microsoft Graph API](/graph/api/resources/azure-ad-auditlog-overview). See [Getting started with Azure Active Directory Premium](../fundamentals/get-started-premium.md) to upgrade your Azure Active Directory edition. It will take a couple of days for the data to show up in Graph after you upgrade to a premium license with no data activities before the upgrade.
-
 ## What do the logs show?
 
 Audit logs have a default list view that shows:
@@ -87,12 +57,10 @@ Audit logs have a default list view that shows:
 - Category and name of the activity (*what*) 
 - Status of the activity (success or failure)
 - Target
-- Initiator / actor of an activity (who)
+- Initiator / actor of an activity (*who*)
 
 You can customize and filter the list view by clicking the **Columns** button in the toolbar. Editing the columns enables you to add or remove fields from your view.
 
-![Screenshot of available fields.](./media/concept-audit-logs/columnselect.png "Remove fields")
-
 ### Filtering audit logs
 
 You can filter the audit data using the options visible in your list such as date range, service, category, and activity. 

articles/active-directory/reports-monitoring/concept-provisioning-logs.md

@@ -1,17 +1,16 @@
 ---
 title: Provisioning logs in Azure Active Directory
-description: Overview of the provisioning logs in Azure Active Directory.
+description: Learn about the information included in the provisioning logs in Azure Active Directory.
 services: active-directory
 author: shlipsey3
 manager: amycolannino
 ms.service: active-directory
 ms.topic: conceptual
 ms.workload: identity
 ms.subservice: report-monitor
-ms.date: 06/16/2023
+ms.date: 08/22/2023
 ms.author: sarahlipsey
 ms.reviewer: arvinh
-ms.collection: M365-identity-device-management
 ---
 # Provisioning logs in Azure Active Directory
 
@@ -50,15 +49,18 @@ Application owners can view logs for their own applications. The following roles
 - Global Administrator
 - Users in a custom role with the [provisioningLogs permission](../roles/custom-enterprise-app-permissions.md#full-list-of-permissions)
 
-To access the provisioning log data, you have the following options:
+There are several ways to view or analyze the Provisioning logs:
 
-- Select **Provisioning logs** from the **Monitoring** section of Azure AD.
+- View in the Azure portal.
+- Stream logs to [Azure Monitor](../app-provisioning/application-provisioning-log-analytics.md) through Diagnostic settings.
+- Analyze logs through [Workbook](howto-use-workbooks.md) templates.
+- Access logs programmatically through the [Microsoft Graph API](/graph/api/resources/provisioningobjectsummary).
+- [Download the logs](howto-download-logs.md) as a CSV or JSON file.
 
-- Stream the provisioning logs into [Azure Monitor](../app-provisioning/application-provisioning-log-analytics.md). This method allows for extended data retention and building custom dashboards, alerts, and queries.
+To access the logs in the Azure portal:
 
-- Query the [Microsoft Graph API](/graph/api/resources/provisioningobjectsummary) for the provisioning logs.
-
-- Download the provisioning logs as a CSV or JSON file.
+1. Sign in to the [Azure portal](https://portal.azure.com) using the Reports Reader role.
+1. Browse to **Azure Active Directory** > **Monitoring** > **Provisioning logs**.
 
 ## View the provisioning logs
 

articles/active-directory/reports-monitoring/concept-usage-insights-report.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.topic: conceptual
 ms.workload: identity
 ms.subservice: report-monitor
-ms.date: 05/30/2023
+ms.date: 08/22/2023
 ms.author: sarahlipsey
 ms.reviewer: madansr7
 ---
@@ -37,7 +37,7 @@ You can access the Usage and insights reports from the Azure portal and using Mi
 ### To access Usage & insights in the portal:
 
 1. Sign in to the [Azure portal](https://portal.azure.com) using the appropriate least privileged role.
-1. Go to **Azure Active Directory** > **Usage & insights**.
+1. Browse to **Azure Active Directory** > **Monitoring** > **Usage & insights**.
 
 The **Usage & insights** reports are also available from the **Enterprise applications** area of Azure AD. All users can access their own sign-ins at the [My Sign-Ins portal](https://mysignins.microsoft.com/security-info).
 

articles/active-directory/reports-monitoring/how-to-view-applied-conditional-access-policies.md

@@ -9,11 +9,10 @@ ms.service: active-directory
 ms.topic: how-to
 ms.workload: identity
 ms.subservice: report-monitor
-ms.date: 02/03/2023
+ms.date: 08/22/2023
 ms.author: sarahlipsey
 ms.reviewer: besiler 
 
-ms.collection: M365-identity-device-management
 ---
 
 # View applied Conditional Access policies in Azure AD sign-in logs
@@ -92,8 +91,8 @@ The Azure AD Graph PowerShell module doesn't support viewing applied Conditional
 The activity details of sign-in logs contain several tabs. The **Conditional Access** tab lists the Conditional Access policies applied to that sign-in event. 
 
 1. Sign in to the [Azure portal](https://portal.azure.com) using the Security Reader role.
-1. In the **Monitoring** section, select **Sign-in logs**. 
-1. Select  a sign-in item from the table to open the **Activity Details: Sign-ins context** pane.  
+1. Browse to **Azure Active Directory** > **Monitoring** > **Sign-in logs**. 
+1. Select a sign-in item from the table to view the sign-in details pane.  
 1. Select the **Conditional Access** tab.
 
 If you don't see the Conditional Access policies, confirm you're using a role that provides access to both the sign-in logs and the Conditional Access policies.

articles/active-directory/reports-monitoring/howto-access-activity-logs.md

@@ -61,7 +61,7 @@ The SIEM tools you can integrate with your event hub can provide analysis and mo
 
 1. Sign in to the [Azure portal](https://portal.azure.com) using one of the required roles.
 1. Create an Event Hubs namespace and event hub.
-1. Go to **Azure AD** > **Diagnostic settings**.
+1. Browse to **Azure AD** > **Monitoring** > **Diagnostic settings**.
 1. Choose the logs you want to stream, select the **Stream to an event hub** option, and complete the fields.
     - [Set up an Event Hubs namespace and an event hub](../../event-hubs/event-hubs-create.md)
     - [Learn more about streaming activity logs to an event hub](tutorial-azure-monitor-stream-logs-to-event-hub.md)
@@ -105,7 +105,7 @@ Integrating Azure AD logs with Azure Monitor logs provides a centralized locatio
 
 1. Sign in to the [Azure portal](https://portal.azure.com) using one of the required roles.
 1. [Create a Log Analytics workspace](../../azure-monitor/logs/quick-create-workspace.md).
-1. Go to **Azure AD** > **Diagnostic settings**.
+1. Browse to **Azure AD** > **Monitoring** > **Diagnostic settings**.
 1. Choose the logs you want to stream, select the **Send to Log Analytics workspace** option, and complete the fields.
 1. Go to **Azure AD** > **Log Analytics** and begin querying the data.
     - [Integrate Azure AD logs with Azure Monitor logs](howto-integrate-activity-logs-with-log-analytics.md)
@@ -154,22 +154,22 @@ The reports available in the Azure portal provide a wide range of capabilities t
 Use the following basic steps to access the reports in the Azure portal. 
 #### Azure AD activity logs
 
-1. Go to **Azure AD** and select **Audit logs**, **Sign-in logs**, or **Provisioning logs** from the **Monitoring** menu.
+1. Browse to **Azure AD** > **Monitoring** > **Audit logs**/**Sign-in logs**/**Provisioning logs**.
 1. Adjust the filter according to your needs.
     - [Learn how to filter activity logs](quickstart-filter-audit-log.md)
     - [Explore the Azure AD audit log categories and activities](reference-audit-activities.md) 
     - [Learn about basic info in the Azure AD sign-in logs](reference-basic-info-sign-in-logs.md)
 
 #### Azure AD Identity Protection reports
 
-1. Go to **Azure AD** > **Security** > **Identity Protection**.
+1. Browse to **Azure AD** > **Security** > **Identity Protection**.
 1. Explore the available reports.
     - [Learn more about Identity Protection](../identity-protection/overview-identity-protection.md)
     - [Learn how to investigate risk](../identity-protection/howto-identity-protection-investigate-risk.md)
 
 #### Usage and insights reports
 
-1. Go to **Azure AD** and select **Usage and insights** from the **Monitoring** menu.
+1. Browse to **Azure AD** > **Monitoring** > **Usage and insights**.
 1. Explore the available reports.
     - [Learn more about the Usage and insights report](concept-usage-insights-report.md)
 
@@ -203,14 +203,14 @@ Use the following basic steps to archive or download your activity logs.
 
 1. Sign in to the [Azure portal](https://portal.azure.com) using one of the required roles.
 1. Create a storage account.
-1. Go to **Azure AD** > **Diagnostic settings**.
+1. Browse to **Azure AD** > **Monitoring** > **Diagnostic settings**.
 1. Choose the logs you want to stream, select the **Archive to a storage account** option, and complete the fields.
     - [Review the data retention policies](reference-reports-data-retention.md)
 
 #### Manually download activity logs
 
 1. Sign in to the [Azure portal](https://portal.azure.com) using one of the required roles.
-1. Go to **Azure AD** and select **Audit logs**, **Sign-in logs**, or **Provisioning logs** from the **Monitoring** menu.
+1. Browse to **Azure AD** > **Monitoring** > **Audit logs**/**Sign-in logs**/**Provisioning logs** from the **Monitoring** menu.
 1. Select **Download**.
     - [Learn more about how to download logs](howto-download-logs.md).
 

articles/active-directory/reports-monitoring/howto-analyze-activity-logs-log-analytics.md

@@ -8,11 +8,9 @@ ms.service: active-directory
 ms.topic: how-to
 ms.workload: identity
 ms.subservice: report-monitor
-ms.date: 06/26/2023
+ms.date: 08/22/2023
 ms.author: sarahlipsey
 ms.reviewer: besiler
-
-ms.collection: M365-identity-device-management
 ---
 
 # Analyze Azure AD activity logs with Log Analytics
@@ -45,9 +43,9 @@ To view the Azure AD Log Analytics, you must already be sending your activity lo
 
 [!INCLUDE [portal updates](~/articles/active-directory/includes/portal-update.md)]
 
-1. Sign in to the [Azure portal](https://portal.azure.com). 
+1. Sign in to the [Azure portal](https://portal.azure.com) using the appropriate least privilege role. 
 
-1. Go to **Azure Active Directory** > **Log Analytics**. A default search query runs.
+1. Browse to **Azure Active Directory** > **Monitoring** > **Log Analytics**. A default search query runs.
 
     ![Default query](./media/howto-analyze-activity-logs-log-analytics/defaultquery.png)
 

articles/active-directory/reports-monitoring/howto-archive-logs-to-storage-account.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.topic: how-to
 ms.workload: identity
 ms.subservice: report-monitor
-ms.date: 08/09/2023
+ms.date: 08/22/2023
 ms.author: sarahlipsey
 ms.reviewer: besiler
 

articles/active-directory/reports-monitoring/howto-configure-prerequisites-for-reporting-api.md

@@ -43,9 +43,9 @@ To enable your application to access Microsoft Graph without user intervention,
 
 [!INCLUDE [portal updates](~/articles/active-directory/includes/portal-update.md)]
 
-1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Sign in to the [Azure portal](https://portal.azure.com) using the appropriate least privilege role.
 
-1. Go to **Azure Active Directory** > **App registrations**.
+1. Browse to **Azure Active Directory** > **App registrations**.
 
 1. Select **New registration**.
 
@@ -63,7 +63,7 @@ To enable your application to access Microsoft Graph without user intervention,
 
 To access the Azure AD reporting API, you must grant your app *Read directory data* and *Read all audit log data* permissions for the Microsoft Graph API.
 
-1. **Azure Active Directory** > **App Registrations**> **API permissions** and select **Add a permission**.
+1. Browse to **Azure Active Directory** > **App Registrations**> **API permissions** and select **Add a permission**.
 
     ![Screenshot of the API permissions menu option and Add permissions button.](./media/howto-configure-prerequisites-for-reporting-api/api-permissions-new-permission.png)
 
@@ -100,7 +100,7 @@ To use PowerShell to access the Azure AD reporting API, you'll need to gather a
 
 You need these values when configuring calls to the reporting API. We recommend using a certificate because it's more secure.
 
-1. Go to **Azure Active Directory** > **App Registrations**.
+1. Browse to **Azure Active Directory** > **App Registrations**.
 1. Copy the **Directory (tenant) ID**.
 1. Copy the **Application (client) ID**.
 1. Go to **App Registration** > Select your application > **Certificates & secrets** > **Certificates** > **Upload certificate** and upload your certificate's public key file.

articles/active-directory/reports-monitoring/howto-customize-filter-logs.md

@@ -8,7 +8,7 @@ ms.service: active-directory
 ms.topic: conceptual
 ms.workload: identity
 ms.subservice: report-monitor
-ms.date: 08/18/2023
+ms.date: 08/22/2023
 ms.author: sarahlipsey
 ms.reviewer: besiler
 ---
@@ -38,8 +38,7 @@ You can always access your own sign-in history at [https://mysignins.microsoft.c
 
 
 1. Sign in to the [Azure portal](https://portal.azure.com) using the appropriate least privileged role.
-1. Go to **Azure Active Directory** > **Monitoring and health**.
-1. Select the logs from the side menu.
+1. Browse to **Azure Active Directory** > **Monitoring** > **Audit logs**/**Sign-in logs**/**Provisioning logs**.
 
 ## Audit logs