permissions scope for DCR/DCE in TA

Author: halkazwini

articles/network-watcher/required-rbac-permissions.md

@@ -25,7 +25,7 @@ To use Azure Network Watcher capabilities, the account you log into Azure with,
 
 To learn how to check roles assigned to a user for a subscription, see [List Azure role assignments using the Azure portal](../role-based-access-control/role-assignments-list-portal.yml?toc=/azure/network-watcher/toc.json). If you can't see the role assignments, contact the respective subscription admin.
 
-The following sections list the minimum required permissions to use Network Watcher and its capabilities. For a full list of related Azure permissions, see [Microsoft.Network permissions](/azure/role-based-access-control/permissions/networking#microsoftnetwork), [Microsoft.Compute permissions](/azure/role-based-access-control/permissions/compute#microsoftcompute), [Microsoft.Storage permissions](/azure/role-based-access-control/permissions/storage#microsoftstorage), [Microsoft.Insights permissions](/azure/role-based-access-control/permissions/monitor#microsoftinsights), and [Microsoft.OperationalInsights permissions](/azure/role-based-access-control/permissions/monitor#microsoftoperationalinsights).
+The following sections list the minimum required permissions to use Network Watcher and its capabilities. For a full list of related Azure permissions, see [Microsoft.Network permissions](/azure/role-based-access-control/permissions/networking?toc=/azure/network-watcher/toc.json#microsoftnetwork), [Microsoft.Compute permissions](/azure/role-based-access-control/permissions/compute?toc=/azure/network-watcher/toc.json#microsoftcompute), [Microsoft.Storage permissions](/azure/role-based-access-control/permissions/storage?toc=/azure/network-watcher/toc.json#microsoftstorage), [Microsoft.Insights permissions](/azure/role-based-access-control/permissions/monitor?toc=/azure/network-watcher/toc.json#microsoftinsights), and [Microsoft.OperationalInsights permissions](/azure/role-based-access-control/permissions/monitor?toc=/azure/network-watcher/toc.json#microsoftoperationalinsights).
 
 ## Network Watcher
 
@@ -90,7 +90,7 @@ Since traffic analytics is enabled as part of the flow log resource, the followi
 > | Microsoft.Insights/dataCollectionEndpoints/write <sup>1</sup> | Create or update a data collection endpoint |
 > | Microsoft.Insights/dataCollectionEndpoints/delete <sup>1</sup> | Delete a data collection endpoint |
 
-<sup>1</sup> Only required when using traffic analytics to analyze virtual network flow logs. For more information, see [Data collection rules in Azure Monitor](/azure/azure-monitor/essentials/data-collection-rule-overview?toc=/azure/network-watcher/toc.json) and [Data collection endpoints in Azure Monitor](/azure/azure-monitor/essentials/data-collection-endpoint-overview?toc=/azure/network-watcher/toc.json).
+<sup>1</sup> Required on the Log Analytics workspace subscription when using traffic analytics with virtual network flow logs. For more information, see [Data collection rules in Azure Monitor](/azure/azure-monitor/essentials/data-collection-rule-overview?toc=/azure/network-watcher/toc.json) and [Data collection endpoints in Azure Monitor](/azure/azure-monitor/essentials/data-collection-endpoint-overview?toc=/azure/network-watcher/toc.json).
 
 [!INCLUDE [Traffic analytics resources](../../includes/network-watcher-traffic-analytics-resources.md)]