Apply suggestions from code review

batamig · web-flow · commit 71d34acc796a · 2024-08-14T20:00:11.000+03:00
diff --git a/articles/sentinel/connect-azure-active-directory.md b/articles/sentinel/connect-azure-active-directory.md
@@ -37,7 +37,7 @@ You can use Microsoft Sentinel's built-in connector to collect data from [Micros
 
 - Your user must be assigned the [Microsoft Sentinel Contributor](../role-based-access-control/built-in-roles.md#microsoft-sentinel-contributor) role on the workspace.
 
-- Your user must have at least a [Security Administrator](../active-directory/roles/permissions-reference.md#security-administrator) role on the tenant you want to stream the logs from.
+- Your user must have the [Security Administrator](../active-directory/roles/permissions-reference.md#security-administrator) role on the tenant you want to stream the logs from, or the equivalent permissions.
 
 - Your user must have read and write permissions to the Microsoft Entra diagnostic settings in order to be able to see the connection status.
 - Install the solution for **Microsoft Entra ID** from the **Content Hub** in Microsoft Sentinel. For more information, see [Discover and manage Microsoft Sentinel out-of-the-box content](sentinel-solutions-deploy.md).
diff --git a/articles/sentinel/connect-microsoft-365-defender.md b/articles/sentinel/connect-microsoft-365-defender.md
@@ -23,7 +23,7 @@ The Defender XDR connector, especially its incident integration feature, is the
 Before you begin, you must have the appropriate licensing, access, and configured resources described in this section.
 
 - You must have a valid license for Microsoft Defender XDR, as described in [Microsoft Defender XDR prerequisites](/microsoft-365/security/mtp/prerequisites).
-- Your user must have at least a [Security Administrator](../active-directory/roles/permissions-reference.md#security-administrator) role on the tenant you want to stream the logs from.
+- Your user must have the [Security Administrator](../active-directory/roles/permissions-reference.md#security-administrator) role on the tenant you want to stream the logs from, or the equivalent permissions.
 - You must have read and write permissions on your Microsoft Sentinel workspace.
 - To make any changes to the connector settings, your account must be a member of the same Microsoft Entra tenant with which your Microsoft Sentinel workspace is associated.
 - Install the solution for **Microsoft Defender XDR** from the **Content Hub** in Microsoft Sentinel. For more information, see [Discover and manage Microsoft Sentinel out-of-the-box content](sentinel-solutions-deploy.md).
diff --git a/articles/sentinel/connect-microsoft-purview.md b/articles/sentinel/connect-microsoft-purview.md
@@ -54,7 +54,7 @@ Before you begin, verify that you have:
 - A defined Microsoft Sentinel workspace.
 - A valid license to M365 E3, M365 A3, Microsoft Business Basic or any other Audit eligible license. Read more about [auditing solutions in Microsoft Purview](/microsoft-365/compliance/audit-solutions-overview).
 - [Enabled Sensitivity labels for Office](/microsoft-365/compliance/sensitivity-labels-sharepoint-onedrive-files?view=o365-worldwide#use-the-microsoft-purview-compliance-portal-to-enable-support-for-sensitivity-labels&preserve-view=true) and [enabled auditing](/microsoft-365/compliance/turn-audit-log-search-on-or-off?view=o365-worldwide#use-the-compliance-center-to-turn-on-auditing&preserve-view=true).
-- At least the Security Administrator role on the workspace.
+- The Security Administrator role on the tenant, or the equivalent permissions.
 
 ## Set up the connector
 
diff --git a/articles/sentinel/connect-services-api-based.md b/articles/sentinel/connect-services-api-based.md
@@ -18,7 +18,7 @@ This article presents information that is common to the group of API-based data
 ## Prerequisites
 
 - You must have read and write permissions on the Log Analytics workspace.
-- You must have at least a Security administrator role on your Microsoft Sentinel workspace's tenant.
+- You must have a Security administrator role on your Microsoft Sentinel workspace's tenant, or the equivalent permissions.
 - Data connector specific requirements:
   
   |Data connector  |Licensing, costs, and other prerequisites  |
diff --git a/articles/sentinel/connect-threat-intelligence-tip.md b/articles/sentinel/connect-threat-intelligence-tip.md
@@ -34,7 +34,7 @@ Learn more about [Threat Intelligence](understand-threat-intelligence.md) in Mic
 ## Prerequisites  
 
 - In order to install, update and delete standalone content or solutions in content hub, you need the **Microsoft Sentinel Contributor** role at the resource group level.
-- You must have at least the **Security administrator** Microsoft Entra role in order to grant permissions to your TIP product or to any other custom application that uses direct integration with the Microsoft Graph Security tiIndicators API.
+- To grant permissions to your TIP product or any other custom application that uses direct integration with the Microsoft Graph TI Indicators API, you must have the **Security administrator** Microsoft Entra role, or the equivalent permissions.
 - You must have read and write permissions to the Microsoft Sentinel workspace to store your threat indicators.
 
 ## Instructions
@@ -90,7 +90,6 @@ You can get this information from your Microsoft Entra ID through a process call
 
 #### Get consent from your organization to grant these permissions
 
-<!--does this need to be a global admin?-->
 1. To grant consent, a privileged role is required. For more information, see [Grant tenant-wide admin consent to an application](/entra/identity/enterprise-apps/grant-admin-consent?pivots=portal).
 
     :::image type="content" source="media/connect-threat-intelligence-tip/threat-intel-api-permissions-2.png" alt-text="Grant consent":::
diff --git a/articles/sentinel/enable-entity-behavior-analytics.md b/articles/sentinel/enable-entity-behavior-analytics.md
@@ -24,7 +24,7 @@ As Microsoft Sentinel collects logs and alerts from all of its connected data so
 
 To enable or disable this feature (these prerequisites are not required to use the feature):
 
-- Your user must be assigned to at least the Microsoft Entra ID **Security Administrator** role in your tenant.
+- Your user must be assigned to the Microsoft Entra ID **Security Administrator** role in your tenant or the equivalent permissions.
 
 - Your user must be assigned at least one of the following **Azure roles** ([Learn more about Azure RBAC](roles.md)):
     - **Microsoft Sentinel Contributor** at the workspace or resource group levels.
