Merge pull request #291092 from batamig/sap-agentless-ii

SAP agentless

Author: v-dirichards

articles/sentinel/TOC.yml

@@ -154,13 +154,13 @@
           - name: Connect your SAP system
             displayName: disable, stop ingestion, stop 
             href: sap/deploy-data-connector-agent-container.md
-          - name: Troubleshoot SAP solution deployment
+          - name: Troubleshoot SAP data connector agent
             href: sap/sap-deploy-troubleshoot.md    
           - name: Extra deployment steps
             items:
             - name: Collect SAP HANA audit logs
               href: sap/collect-sap-hana-audit-logs.md
-            - name: Update the connector
+            - name: Update the data connector agent
               href: sap/update-sap-data-connector.md      
             - name: Deploy from the command line
               href: sap/deploy-command-line.md
@@ -170,13 +170,13 @@
             items:
             - name: Required ABAP permissions
               href: sap/required-abap-authorizations.md
-            - name: Kickstart script reference
+            - name: Data connector agent kickstart script reference
               href: sap/reference-kickstart.md
-            - name: Container update script reference 
+            - name: Data connector agent update script reference 
               href: sap/reference-update.md
-            - name: Systemconfig.json file reference
+            - name: Data connector agent systemconfig.json file reference
               href: sap/reference-systemconfig-json.md
-            - name: Systemconfig.ini file reference (legacy)
+            - name: Data connector agent systemconfig.ini file reference (legacy)
               href: sap/reference-systemconfig.md
         - name: Enable SAP detections and threat protection
           href: sap/deployment-solution-configuration.md

articles/sentinel/feature-availability.md

@@ -6,7 +6,7 @@ ms.author: bagol
 ms.topic: feature-availability
 ms.custom: references_regions
 ms.service: microsoft-sentinel
-ms.date: 11/07/2024
+ms.date: 11/26/2024
 
 
 #Customer intent: As a security operations manager, I want to understand the Microsoft Sentinel's feature availability across different Azure environments so that I can effectively plan and manage our security operations.
@@ -160,6 +160,7 @@ For more information, see [Microsoft Defender XDR for US Government customers](/
 |Feature  |Feature stage |Azure commercial  |Azure Government |Azure China 21Vianet  |
 |---------|---------|---------|---------|---------|
 |[Threat protection for SAP](sap/deployment-overview.md)</sup> |GA |&#x2705;|&#x2705; |&#x2705; |
+|[Agentless data connector](sap/deployment-overview.md#data-connector) | Limited preview | &#x2705; |&#10060; | &#10060;|
 
 ## Threat intelligence support		
 

articles/sentinel/monitor-sap-system-health.md

@@ -4,32 +4,48 @@ description: Use the SAP connector page and a dedicated alert rule template to k
 author: batamig
 ms.author: bagol
 ms.topic: how-to
-ms.date: 09/16/2024
+ms.date: 12/10/2024
 ms.service: microsoft-sentinel
+zone_pivot_groups: sentinel-sap-connection
+#customerIntent: As a security engineer, I want to learn how to monitor the health and connectivity of our SAP system connection to Microsoft Sentinel.
+
 ---
 
 # Monitor the health and role of your SAP systems
 
 After you [deploy the SAP solution](sap/deployment-overview.md), you want to ensure proper functioning and performance of your SAP systems, and keep track of your system health, connectivity, and performance. This article describes how you can check the connectivity health manually on the data connector page and use a dedicated alert rule template to monitor the health of your SAP systems.
 
+:::zone pivot="connection-agent"
 > [!IMPORTANT]
 > Monitoring the health of your SAP systems is currently in PREVIEW. The [Azure Preview Supplemental Terms](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
 
 For a video demonstration of the procedures in this article, watch the following video:
 <br><br>
 > [!VIDEO https://www.youtube.com/embed/FasuyBSIaQM?si=apdesRR29Lvq6aQM]
 
+:::zone-end
+
+:::zone pivot="connection-agentless"
+
+> [!IMPORTANT]
+> Monitoring the health of your SAP systems is currently in PREVIEW. The [Azure Preview Supplemental Terms](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
+>
+> Microsoft Sentinel's **Agentless solution** is in limited preview as a prereleased product, which may be substantially modified before it’s commercially released. Microsoft makes no warranties expressed or implied, with respect to the information provided here. Access to the **Agentless solution** also [requires registration](https://aka.ms/SentinelSAPAgentlessSignUp) and is only available to approved customers and partners during the preview period. For more information, see [Microsoft Sentinel for SAP goes agentless ](https://community.sap.com/t5/enterprise-resource-planning-blogs-by-members/microsoft-sentinel-for-sap-goes-agentless/ba-p/13960238).
+
+:::zone-end
+
 ## Prerequisites
 
-- Before you can perform the procedures in this article, you need to have a SAP data connector agent deployed and connected to your SAP system. SAP logs aren't displayed in the Microsoft Sentinel **Logs** page until your SAP system is connected and data starts streaming into Microsoft Sentinel.
+- Before you can perform the procedures in this article, you need to have an SAP data connector connected to your SAP system. SAP logs aren't displayed in the Microsoft Sentinel **Logs** page until your SAP system is connected and data starts streaming into Microsoft Sentinel.
+
+For more information, see [Connect your SAP system to Microsoft Sentinel](sap/deploy-data-connector-agent-container.md).
 
-For more information, see [Deploy and configure the container hosting the SAP data connector agent](sap/deploy-data-connector-agent-container.md).
+:::zone pivot="connection-agent"
 
 ## Check your data connector's health and connectivity
 
 This procedure describes how to check your data connector's connection status from the **Microsoft Sentinel for SAP** data connector page.
 
-
 1. In Microsoft Sentinel, select **Data connectors** and search for *Microsoft Sentinel for SAP*.
 
 1. Select the **Microsoft Sentinel for SAP** connector and select **Open connector page**.
@@ -42,7 +58,7 @@ This procedure describes how to check your data connector's connection status fr
 
     The fields in the **Configure an SAP system and assign it to a collector agent** area are described as follows:
 
-    - **System display name**. The SAP system ID (SID) and its client number. Together, this value qualifies the connection to the SAP system and defines for SAP BASIS which system you're connecting to. 
+    - **System display name**. The SAP system ID (SID) and its client number. Together, this value qualifies the connection to the SAP system and defines for SAP BASIS which system you're connecting to.
 
     - **System role**. Indicates whether the system is production state or not, which also affects billing. For more information, see [Solution pricing](sap/solution-overview.md#solution-pricing). Values include:
 
@@ -64,6 +80,8 @@ This procedure describes how to check your data connector's connection status fr
         | **System not connected** | Microsoft Sentinel was unable to connect to the SAP system, and cannot fetch the system role. In this case, Microsoft Sentinel doesn't have the details of whether the system is or isn't a production system.        |
         | Other statuses that reflect more details about connectivity issues | For example, **System unreachable for over 1 day**. |
 
+:::zone-end
+
 ## View SAP logs streaming into Microsoft Sentinel
 
 In Microsoft Sentinel, select **General** > **Logs > Custom logs** to view the logs streaming in from the SAP system. For example:
@@ -72,6 +90,17 @@ In Microsoft Sentinel, select **General** > **Logs > Custom logs** to view the l
 
 For more information, see [Microsoft Sentinel solution for SAP applications solution logs reference](sap-solution-log-reference.md).
 
+## Check the SentinelHealth table for health indicators
+
+The **SentinelHealth** table in Microsoft Sentinel contains health indicators for the SAP data connector, among others. You can query this table to get a summary of the health of your SAP systems.
+
+For more information, see:
+
+- [Auditing and health monitoring in Microsoft Sentinel](health-audit.md)
+- [Turn on auditing and health monitoring for Microsoft Sentinel (preview)](enable-monitoring.md)
+- [Monitor the health of your data connectors](monitor-data-connector-health.md)
+- [Microsoft Sentinel health tables reference](health-table-reference.md)
+
 ## Use an alert rule template to monitor the health of your SAP systems
 
 The Microsoft Sentinel for SAP solution includes an alert rule template designed to give you insight into the health of your SAP agent's data collection.
@@ -93,7 +122,8 @@ The following screenshot shows an example of an alert generated by the *SAP - Da
 
 :::image type="content" source="media/monitor-sap-system-health/alert-rule-example.png" alt-text="Screenshot of an alert triggered by the SAP - Data collection health check alert rule.":::
 
-## Next steps
-- Learn about the [Microsoft Sentinel Solution for SAP](sap/solution-overview.md).
+## Related content
+
+- Learn about the [Microsoft Sentinel Solution for SAP](sap/solution-overview.md)
 - Learn how to [deploy the Microsoft Sentinel Solution for SAP](sap/deployment-overview.md)
-- Learn about [auditing and health monitoring](health-audit.md) in other areas of Microsoft Sentinel.
+- Learn about [auditing and health monitoring](health-audit.md) in other areas of Microsoft Sentinel

articles/sentinel/sap/collect-sap-hana-audit-logs.md

@@ -22,6 +22,10 @@ Content in this article is intended for your **security**, **infrastructure**, a
 > [!IMPORTANT]
 > Microsoft Sentinel SAP HANA support is currently in PREVIEW. The [Azure Preview Supplemental Terms](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
 
+> [!NOTE]
+> This article is relevant only for the data connector agent, and isn't relevant for the [SAP agentless solution](deployment-overview.md#data-connector) (limited preview).
+>
+
 ## Prerequisites
 
 SAP HANA logs are sent over Syslog. Make sure that your Azure Monitor Agent is configured to collect Syslog files. For more information, see [Ingest syslog and CEF messages to Microsoft Sentinel with the Azure Monitor Agent](../connect-cef-syslog-ama.md).

articles/sentinel/sap/cross-workspace.md

@@ -16,6 +16,7 @@ ms.collection: usx-security
 
 # Integrate SAP across multiple workspaces
 
+
 When you set up your Log Analytics workspace enabled for Microsoft Sentinel, you have [multiple architecture options](/azure/azure-monitor/logs/workspace-design?toc=/azure/sentinel/TOC.json&bc=/azure/sentinel/breadcrumb/toc.json) and factors to consider. Taking into account geography, regulation, access control, and other factors, you might choose to have multiple workspaces in your organization.
 
 When working with SAP, your SAP and SOC teams might need to work in separate workspaces to maintain security boundaries. You might not want the SAP team to have visibility into all other security logs across your organization. However, the SAP BASIS team plays a critical role in successfully implementing and maintaining the Microsoft Sentinel solution for SAP applications. Their technical knowledge is essential for effectively monitoring SAP systems, configuring security settings, and ensuring that proper incident response procedures are in place. For this reason, the SAP BASIS team must have access to the Log Analytics workspace enabled for Microsoft Sentinel, allowing them to collaborate with the SOC team while focusing specifically on SAP-related security monitoring.
@@ -30,6 +31,9 @@ This article discusses how to work with the Microsoft Sentinel solution for SAP
 > [!IMPORTANT]
 > Working with multiple workspaces is currently in preview. This feature is provided without a service-level agreement. For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
 
+> [!NOTE]
+> Multi-workspace support is available only with the data connector agent, and isn't supported with the [SAP agentless solution](deployment-overview.md#data-connector) (limited preview).
+
 ## SAP and SOC data maintained in separate workspaces
 
 If your SAP and SOC teams have separate Log Analytics workspaces enabled for Microsoft Sentinel where team data is kept, we recommend that you provide some or all SOC team members with the **Sentinel Reader** role for the SAP BASIS team's workspace. This enables both teams to see SAP data by using cross-workspace queries.

articles/sentinel/sap/deploy-command-line.md

@@ -18,7 +18,11 @@ This article provides command line options for deploying an SAP data connector a
 
 However, if you're using a configuration file to store your credentials instead of Azure Key Vault, or if you're an advanced user who wants to deploy the data connector manually, such as in a Kubernetes cluster, use the procedures in this article instead.
 
-While you can run multiple data connector agents on a single machine, we recommend that you start with one only, monitor the performance, and then increase the number of connectors slowly. We also recommend that your **security** team perform this procedure with help from the **SAP BASIS** team.
+While you can run multiple data connector agents on a single machine, we recommend that you start with one only, monitor the performance, and then increase the number of connectors slowly. We also recommend that your **security** team perform this procedure with help from the **SAP BASIS** team. 
+
+> [!NOTE]
+> This article is relevant only for the data connector agent, and isn't relevant for the [SAP agentless solution](deployment-overview.md#data-connector) (limited preview).
+>
 
 ## Prerequisites