fixing workspace references

Author: batamig

articles/sentinel/sap/cross-workspace.md

@@ -18,7 +18,7 @@ ms.collection: usx-security
 
 When you set up your Log Analytics workspace enabled for Microsoft Sentinel, you have [multiple architecture options](/azure/azure-monitor/logs/workspace-design?toc=/azure/sentinel/TOC.json&bc=/azure/sentinel/breadcrumb/toc.json) and factors to consider. Taking into account geography, regulation, access control, and other factors, you might choose to have multiple workspaces in your organization.
 
-When working with SAP, your SAP and SOC teams might need to work in spearate workspaces to maintain security boundaries. You might not want the SAP team to have visibility into all other security logs across your organization. However, the SAP BASIS team plays a critical role in successfully implementing and maintaining the Microsoft Sentinel solution for SAP applications. Their technical knowledge is essential for effectively monitoring SAP systems, configuring security settings, and ensuring that proper incident response procedures are in place. For this reason, the SAP BASIS team must have access to the Microsoft Sentinel workspace, allowing them to collaborate with the SOC team while focusing specifically on SAP-related security monitoring.
+When working with SAP, your SAP and SOC teams might need to work in spearate workspaces to maintain security boundaries. You might not want the SAP team to have visibility into all other security logs across your organization. However, the SAP BASIS team plays a critical role in successfully implementing and maintaining the Microsoft Sentinel solution for SAP applications. Their technical knowledge is essential for effectively monitoring SAP systems, configuring security settings, and ensuring that proper incident response procedures are in place. For this reason, the SAP BASIS team must have access to the Log Analytics workspace enabled for Microsoft Sentinel, allowing them to collaborate with the SOC team while focusing specifically on SAP-related security monitoring.
 
 This article discusses how to work with the Microsoft Sentinel solution for SAP applications in multiple workspaces, with improved flexibility for:
 

articles/sentinel/sap/deploy-command-line.md

@@ -109,9 +109,9 @@ This procedure describes how to create a new agent and connect it to your SAP sy
 
     You'll use the name of the docker container in the next step.
 
-1. Deploying the SAP data connector agent requires that you grant your agent's VM identity with specific permissions to the Microsoft Sentinel workspace, using the **Microsoft Sentinel Business Applications Agent Operator** and **Reader** roles.
+1. Deploying the SAP data connector agent requires that you grant your agent's VM identity with specific permissions to the Log Analytics workspace enabled for Microsoft Sentinel, using the **Microsoft Sentinel Business Applications Agent Operator** and **Reader** roles.
 
-    To run the command in this step, you must be a resource group owner on your Microsoft Sentinel workspace. If you aren't a resource group owner on your workspace, this procedure can also be performed later on.
+    To run the command in this step, you must be a resource group owner on the Log Analytics workspace enabled for Microsoft Sentinel. If you aren't a resource group owner on your workspace, this procedure can also be performed later on.
 
     Assign the **Microsoft Sentinel Business Applications Agent Operator** and **Reader** roles to the VM's identity:
 
@@ -136,9 +136,9 @@ This procedure describes how to create a new agent and connect it to your SAP sy
     |Placeholder  |Value  |
     |---------|---------|
     |`<OBJ_ID>`     | Your VM identity object ID. <br><br>    To find your VM identity object ID in Azure: <br>- **For a managed identity**, the object ID is listed on the VM's **Identity** page. <br>- **For a service principal**, go to **Enterprise application** in Azure. Select **All applications** and then select your VM. The object ID is displayed on the **Overview** page.  |
-    |`<SUB_ID>`     |    Your Microsoft Sentinel workspace subscription ID     |
-    |`<RESOURCE_GROUP_NAME>`     |  Your Microsoft Sentinel workspace resource group name       |
-    |`<WS_NAME>`     |    Your Microsoft Sentinel workspace name     |
+    |`<SUB_ID>`     |    The subscription ID for you Log Analytics workspace enabled for Microsoft Sentinel    |
+    |`<RESOURCE_GROUP_NAME>`     |  The resource group name for your Log Analytics workspace enabled for Microsoft Sentinel      |
+    |`<WS_NAME>`     |    The name of your Log Analytics workspace enabled for Microsoft Sentinel     |
     |`<AGENT_IDENTIFIER>`     |   The agent ID displayed after running the command in the [previous step](#agent-id-managed).      |
 
 1. To configure the Docker container to start automatically, run the following command, replacing the `<container-name>` placeholder with the name of your container:
@@ -192,9 +192,9 @@ Azure Key Vault is the recommended method to store your authentication credentia
 
     You'll use the name of the docker container in the next step.
 
-1. Deploying the SAP data connector agent requires that you grant your agent's VM identity with specific permissions to the Microsoft Sentinel workspace, using the **Microsoft Sentinel Business Applications Agent Operator** and **Reader** roles.
+1. Deploying the SAP data connector agent requires that you grant your agent's VM identity with specific permissions to the Log Analytics workspace enabled for Microsoft Sentinel, using the **Microsoft Sentinel Business Applications Agent Operator** and **Reader** roles.
 
-    To run the commands in this step, you must be a resource group owner on your Microsoft Sentinel workspace. If you aren't a resource group owner on your workspace, this step can also be performed later on.
+    To run the commands in this step, you must be a resource group owner on your workspace. If you aren't a resource group owner on your workspace, this step can also be performed later on.
 
     Assign the **Microsoft Sentinel Business Applications Agent Operator** and **Reader** roles to the VM's identity:
 
@@ -219,9 +219,9 @@ Azure Key Vault is the recommended method to store your authentication credentia
         |Placeholder  |Value  |
         |---------|---------|
         |`<OBJ_ID>`     | Your VM identity object ID. <br><br>    To find your VM identity object ID in Azure: For a managed identity, the object ID is listed on the VM's **Identity** page. For a service principal, go to **Enterprise application** in Azure. Select **All applications** and then select your VM. The object ID is displayed on the **Overview** page.  |
-        |`<SUB_ID>`     |    Your Microsoft Sentinel workspace subscription ID     |
-        |`<RESOURCE_GROUP_NAME>`     |  Your Microsoft Sentinel workspace resource group name       |
-        |`<WS_NAME>`     |    Your Microsoft Sentinel workspace name     |
+        |`<SUB_ID>`     |   The subscription ID for your Log Analytics workspace enabled for Microsoft Sentinel    |
+        |`<RESOURCE_GROUP_NAME>`     |  The resource group name for your Log Analytics workspace enabled for Microsoft Sentinel       |
+        |`<WS_NAME>`     |    The name of your Log Analytics workspace enabled for Microsoft Sentinel   |
         |`<AGENT_IDENTIFIER>`     |   The agent ID displayed after running the command in the [previous step](#agent-id-file).      |
 
 1. Run the following command to configure the Docker container to start automatically.

articles/sentinel/sap/deploy-data-connector-agent-container.md

@@ -296,7 +296,7 @@ While deployment is also supported from the command line, we recommend that you
 
     :::image type="content" source="media/deploy-data-connector-agent-container/finish-agent-deployment-role.png" alt-text="Screenshot of the Copy icon for the command from step 1.":::
 
-    To find your VM identity object ID in Azure: <!--confirm this with Dvir-->
+    To find your VM identity object ID in Azure:
 
     - For a managed identity, the object ID is listed on the VM's **Identity** page.
 
@@ -348,7 +348,7 @@ While deployment is also supported from the command line, we recommend that you
 
     When you're done, select  **Next: Authentication**.
 
-    For example: <!--can we get a screenshot with an example?-->
+    For example:
 
     :::image type="content" source="media/deploy-data-connector-agent-container/create-system.png" alt-text="Screenshot of the Add new system area's System settings tab.":::
 

articles/sentinel/sap/deploy-sap-security-content.md

@@ -1,6 +1,6 @@
 ---
 title: Install the Microsoft Sentinel solution for SAP applications
-description: Learn how to install the Microsoft Sentinel solution for SAP applications from the content hub to your Microsoft Sentinel workspace.
+description: Learn how to install the Microsoft Sentinel solution for SAP applications from the content hub to your Log Analytics workspace enabled for Microsoft Sentinel.
 author: batamig
 ms.author: bagol
 ms.topic: how-to
@@ -16,7 +16,7 @@ ms.collection: usx-security
 
 # Install the Microsoft Sentinel solution for SAP applications
 
-The Microsoft Sentinel solution for SAP applications includes the SAP data connector, which collects logs from your SAP systems and sends them to your Microsoft Sentinel workspace, and out-of-the-box security content, which helps you gain insight into your organization's SAP environment and detect and respond to security threats. Installing your solution is a required step before you can configure your data connector agent container.
+The Microsoft Sentinel solution for SAP applications includes the SAP data connector, which collects logs from your SAP systems and sends them to your Log Analytics workspace enabled for Microsoft Sentinel, and out-of-the-box security content, which helps you gain insight into your organization's SAP environment and detect and respond to security threats. Installing your solution is a required step before you can configure your data connector agent container.
 
 :::image type="content" source="media/deployment-steps/install-solution.png" alt-text="Diagram of the SAP solution deployment flow, highlighting the Install solution content step." border="false":::
 
@@ -27,23 +27,23 @@ Content in this article is relevant for your **security** team.
 To deploy the Microsoft Sentinel solution for SAP applications from the content hub, you need:
 
 - A Log Analytics workspace enabled for Microsoft Sentinel.
-- Read and write permissions to the workspace. For more information, see [Roles and permissions in Microsoft Sentinel](../roles.md). <!--make them all like this-->
+- Read and write permissions to the workspace. For more information, see [Roles and permissions in Microsoft Sentinel](../roles.md).
 
 Make sure that you also review the [prerequisites for deploying Microsoft Sentinel solution for SAP applications](prerequisites-for-deploying-sap-continuous-threat-monitoring.md), especially [Azure prerequisites](prerequisites-for-deploying-sap-continuous-threat-monitoring.md#azure-prerequisites).
 
 ## Install the solution from the content hub
 
 Installing the Microsoft Sentinel solution for SAP applications makes the Microsoft Sentinel for SAP data connector available for you in as a Microsoft Sentinel data connector. The solution also deploys security content, such as the **SAP - System Applications and Products** workbook and SAP-related analytics rules.
 
-1. In the Microsoft Sentinel **Content hub**, search for the **SAP applications** solution and install it on your Microsoft Sentinel workspace. 
+1. In the Microsoft Sentinel **Content hub**, search for the **SAP applications** solution and install it on your Log Analytics workspace enabled for Microsoft Sentinel. 
 
 1. On the **Microsoft Sentinel solution for SAP applications** page, select **Create** to define deployment settings. For example:
 
     :::image type="content" source="./media/deploy-sap-security-content/sap-solution.png" alt-text="Screenshot that shows the Microsoft Sentinel solution for SAP applications solution pane." lightbox="./media/deploy-sap-security-content/sap-solution.png":::
 
 1. On the **Basics** tab, under **Project details**, select the **Subscription** and **Resource group** where you want to install the solution.
 
-1. Under **Instance details**, select the **Microsoft Sentinel workspace** where you want to install the solution.
+1. Under **Instance details**, select the Log Analytics workspace enabled for Microsoft Sentinel where you want to install the solution.
 
     If you're working with [the Microsoft Sentinel solution for SAP applications in multiple workspaces](cross-workspace.md), select **Some of the data is on a different workspace**, and then define your target workspace, your SOC workspace, and SAP workspace. For example:
 
@@ -53,7 +53,7 @@ Installing the Microsoft Sentinel solution for SAP applications makes the Micros
 
 1. Select **Review + create** or **Next** to browse through the solution components. When you're ready, select **Create**
 
-    The deployment process can take a few minutes. After the deployment is finished, you can view the deployed content in your Microsoft Sentinel workspace.
+    The deployment process can take a few minutes. After the deployment is finished, you can view the deployed content in Microsoft Sentinel.
 
 > [!TIP]
 > If you want the SAP and SOC data to be kept on the same workspace with no additional access controls, do not select **Some of the data is on a different workspace**. In such cases, for more information, see [SAP and SOC data maintained in the same workspace](cross-workspace.md#sap-and-soc-data-maintained-in-the-same-workspace).

articles/sentinel/sap/prerequisites-for-deploying-sap-continuous-threat-monitoring.md

@@ -27,7 +27,7 @@ Typically, Azure prerequisites are managed by your **security** teams.
 
 | Prerequisite | Description |Required/optional |
 | ---- | ----------- |----------- |
-| **Access to Microsoft Sentinel** | Make a note of your Microsoft Sentinel *workspace ID* and *primary key*.<br>You can find these details in Microsoft Sentinel: from the navigation menu, select **Settings** > **Workspace settings** > **Agents management**. Copy the *Workspace ID* and *Primary key* and paste them aside for use during the deployment process. |Required |
+| **Access to Microsoft Sentinel** | Make a note of your *workspace ID and *primary key* for your Log Analytics workspace enabled for Microsoft Sentinel.<br>You can find these details in Microsoft Sentinel: from the navigation menu, select **Settings** > **Workspace settings** > **Agents management**. Copy the *Workspace ID* and *Primary key* and paste them aside for use during the deployment process. |Required |
 | **Permissions to create Azure resources** | At a minimum, you must have the necessary permissions to deploy solutions from the Microsoft Sentinel content hub. For more information, see [Prerequisites for deploying Microsoft Sentinel solutions](../sentinel-solutions-deploy.md#prerequisites). |Required |
 | **Permissions to create an Azure key vault or access an existing one** | Use Azure Key Vault to store secrets required to connect to your SAP system. For more information, see [Assign key vault access permissions](deploy-data-connector-agent-container.md#assign-key-vault-access-permissions). |Required if you plan to store the SAP system credentials in Azure Key Vault. <br><br>Optional if you plan to store them in a configuration file. For more information, see [Create a virtual machine and configure access to your credentials](deploy-data-connector-agent-container.md#create-a-virtual-machine-and-configure-access-to-your-credentials).|
 | **Permissions to assign a privileged role to the SAP data connector agent** | Deploying the SAP data connector agent requires that you grant your agent's VM identity with specific permissions to the Microsoft Sentinel workspace, using the **Microsoft Sentinel Business Applications Agent Operator** role. To grant this role, you need **Owner** permissions on the resource group where your Microsoft Sentinel workspace resides. <br><br>For more information, see [Connect your SAP system by deploying your data connector agent container](deploy-data-connector-agent-container.md). | Required. <br> If you don't have **Owner** permissions on the resource group, the relevant step can also be performed by another user who does have the relevant permissions, separately after the agent is fully deployed.|

articles/sentinel/sap/sap-audit-controls-workbook.md

@@ -35,9 +35,9 @@ Before you can start using the **SAP - Security Audit log and Initial Access** w
 
 - The Microsoft Sentinel solution for SAP applications solution installed and a data connector agent deployed. For more information, see [Deploy Microsoft Sentinel solution for SAP applications](deployment-overview.md).
 
-- The **SAP Audit Controls** workbook installed in your Microsoft Sentinel workspace. For more information, see and [Visualize and monitor your data by using workbooks in Microsoft Sentinel](../monitor-your-data.md).
+- The **SAP Audit Controls** workbook installed in your Log Analytics workspace enabled for Microsoft Sentinel. For more information, see and [Visualize and monitor your data by using workbooks in Microsoft Sentinel](../monitor-your-data.md).
 
-- At least one incident in your Microsoft Sentinel workspace, with at least one entry available in the `SecurityIncident` table. This doesn't need to be an SAP incident, and you can generate a demo incident using a basic analytics rule if you don't have another one.
+- At least one incident in your workspace, with at least one entry available in the `SecurityIncident` table. This doesn't need to be an SAP incident, and you can generate a demo incident using a basic analytics rule if you don't have another one.
 
 ## View a demo
 

articles/sentinel/sap/sap-audit-log-workbook.md

@@ -32,7 +32,7 @@ Before you can start using the **SAP - Security Audit log and Initial Access** w
 
 - The Microsoft Sentinel solution for SAP applications solution installed and a data connector agent deployed. For more information, see [Deploy Microsoft Sentinel solution for SAP applications](deployment-overview.md).
 
-- The **SAP - Security Audit log and Initial Access** workbook installed in your Microsoft Sentinel workspace. For more information, see [Visualize and monitor your data by using workbooks in Microsoft Sentinel](../monitor-your-data.md).
+- The **SAP - Security Audit log and Initial Access** workbook installed in your Log Analytics workspace enabled for Microsoft Sentinel. For more information, see [Visualize and monitor your data by using workbooks in Microsoft Sentinel](../monitor-your-data.md).
 
     > [!IMPORTANT]
     > The **SAP - Security Audit log and Initial Access** workbook is hosted by the workspace where the Microsoft Sentinel solution for SAP applications were installed. By default, both the SAP and the SOC data is assumed to be on the workspace that hosts the workbook.

articles/sentinel/sap/sap-deploy-troubleshoot.md

@@ -152,7 +152,7 @@ The change takes effect approximately two minutes after you save the file. You d
 1. Verify whether messages arrive and exist in the SAP **SM20** or **RSAU_READ_LOG**, without any special errors appearing on the connector log.
 
 
-### Incorrect Microsoft Sentinel workspace ID or key in key vault
+### Incorrect workspace ID or key in key vault
 
 If you realize that you've entered an incorrect workspace ID or key in your deployment script, update the credentials stored in Azure key vault.
 

articles/sentinel/sap/sap-solution-deploy-alternate.md

@@ -141,8 +141,8 @@ This procedure describes how to deploy the Microsoft Sentinel for SAP data conne
     # env.list template for Credentials
     SAPADMUSER=<SET_SAPCONTROL_USER>
     SAPADMPASSWORD=<SET_SAPCONTROL_PASS>
-    LOGWSID=<SET SENTINEL WORKSPACE id>
-    LOGWSPUBLICKEY=<SET SENTINEL WORKSPACE KEY>
+    LOGWSID=<SET MICROSOFT SENTINEL WORKSPACE ID>
+    LOGWSPUBLICKEY=<SET MICROSOFT SENTINEL WORKSPACE KEY>
     ABAPUSER=SET_ABAP_USER>
     ABAPPASS=<SET_ABAP_PASS>
     JAVAUSER=<SET_JAVA_OS_USER>