images and zone pivots

Author: batamig

articles/sentinel/monitor-sap-system-health.md

@@ -15,22 +15,21 @@ zone_pivot_groups: sentinel-sap-connection
 
 After you [deploy the SAP solution](sap/deployment-overview.md), you want to ensure proper functioning and performance of your SAP systems, and keep track of your system health, connectivity, and performance. This article describes how you can check the connectivity health manually on the data connector page and use a dedicated alert rule template to monitor the health of your SAP systems.
 
+:::zone pivot="connection-agent"
 > [!IMPORTANT]
+> Monitoring the health of your SAP systems is currently in PREVIEW. The [Azure Preview Supplemental Terms](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
+
+For a video demonstration of the procedures in this article, watch the following video:
+<br><br>
+> [!VIDEO https://www.youtube.com/embed/FasuyBSIaQM?si=apdesRR29Lvq6aQM]
 
-:::zone pivot="connection-agentless"
+:::zone-end
 
+>:::zone pivot="connection-agentless"
 > [!IMPORTANT]
 > Monitoring the health of your SAP systems is currently in PREVIEW. The [Azure Preview Supplemental Terms](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
 >
->:::zone pivot="connection-agentless"
 > Microsoft Sentinel's **Agentless solution** is in limited preview as a prereleased product, which may be substantially modified before it’s commercially released. Microsoft makes no warranties expressed or implied, with respect to the information provided here. Access to the **Agentless solution** also [requires registration](https://aka.ms/SentinelSAPAgentlessSignUp) and is only available to approved customers and partners during the preview period. For more information, see [Microsoft Sentinel for SAP goes agentless ](https://community.sap.com/t5/enterprise-resource-planning-blogs-by-members/microsoft-sentinel-for-sap-goes-agentless/ba-p/13960238).
-> :::zone-end
-
-:::zone pivot="connection-agent"
-
-For a video demonstration of the procedures in this article, watch the following video:
-<br><br>
-> [!VIDEO https://www.youtube.com/embed/FasuyBSIaQM?si=apdesRR29Lvq6aQM]
 
 :::zone-end
 

articles/sentinel/sap/deploy-data-connector-agent-container.md

@@ -20,11 +20,24 @@ zone_pivot_groups: sentinel-sap-connection
 
 For the Microsoft Sentinel solution for SAP applications to operate correctly, you must first get your SAP data into Microsoft Sentinel. Do this by either deploying the Microsoft Sentinel SAP data connector agent, or by connecting the Microsoft Sentinel agentless data connector for SAP. Select the option at the top of the page that matches your environment.
 
-This article describes the third step in deploying the Microsoft Sentinel solution for SAP applications. Make sure to perform the steps in this article in the order that they're presented.
+This article describes the third step in deploying one of the Microsoft Sentinel solutions for SAP applications.
+
+:::zone pivot="connection-agent"
 
 :::image type="content" source="media/deployment-steps/deploy-data-connector.png" alt-text="Diagram of the SAP solution deployment flow, highlighting the Connect your SAP system step." border="false" :::
 
-Content in this article is relevant for your **security**, **infrastructure**, and  **SAP BASIS** teams.
+Content in this article is relevant for your **security**, **infrastructure**, and  **SAP BASIS** teams. Make sure to perform the steps in this article in the order that they're presented.
+
+:::zone-end
+
+:::zone pivot="connection-agentless"
+
+:::image type="content" source="media/deployment-steps/deploy-data-connector-agentless.png" alt-text="Diagram of the SAP solution deployment flow, highlighting the Connect your SAP system step." border="false" :::
+
+Content in this article is relevant for your **security** team, using information provided by your **SAP BASIS** teams.
+
+:::zone-end
+
 
 > [!IMPORTANT]
 > Microsoft Sentinel's **Agentless solution** is in limited preview as a prereleased product, which may be substantially modified before it’s commercially released. Microsoft makes no warranties expressed or implied, with respect to the information provided here. Access to the **Agentless solution** also [requires registration](https://aka.ms/SentinelSAPAgentlessSignUp) and is only available to approved customers and partners during the preview period. For more information, see [Microsoft Sentinel for SAP goes agentless ](https://community.sap.com/t5/enterprise-resource-planning-blogs-by-members/microsoft-sentinel-for-sap-goes-agentless/ba-p/13960238).
@@ -35,22 +48,27 @@ Before you connect your SAP system to Microsoft Sentinel:
 
 - Make sure that all of the deployment prerequisites are in place. For more information, see [Prerequisites for deploying Microsoft Sentinel solution for SAP applications](prerequisites-for-deploying-sap-continuous-threat-monitoring.md).
 
-- Make sure that you have the Microsoft Sentinel solution for **SAP applications** or the **SAP Agentless** solution [installed in your Microsoft Sentinel workspace](deploy-sap-security-content.md).
+:::zone pivot="connection-agent"
 
-- Make sure that your SAP system is fully [prepared for the deployment](preparing-sap.md). 
+- Make sure that you have the Microsoft Sentinel solution for **SAP applications** [installed in your Microsoft Sentinel workspace](deploy-sap-security-content.md)
 
-    :::zone pivot="connection-agent"
-    If you're deploying the data connector agent to communicate with Microsoft Sentinel over SNC, make sure that you completed [Configure your system to use SNC for secure connections](preparing-sap.md#configure-your-system-to-use-snc-for-secure-connections).
+- Make sure that your SAP system is fully [prepared for the deployment](preparing-sap.md).
 
-    :::zone-end
+- If you're deploying the data connector agent to communicate with Microsoft Sentinel over SNC, make sure that you completed [Configure your system to use SNC for secure connections](preparing-sap.md#configure-your-system-to-use-snc-for-secure-connections).
 
-    :::zone pivot="connection-agentless"
-    If you're deploying the agentless data connector, make sure your DCR is configured as described in [Install the solution from the content hub](deploy-sap-security-content.md#install-the-solution-from-the-content-hub).
+:::zone-end
 
-    :::zone-end
+:::zone pivot="connection-agentless"
 
-:::zone pivot="connection-agent"
+- Make sure that you have the Microsoft Sentinel **SAP Agentless** solution [installed in your Microsoft Sentinel workspace](deploy-sap-security-content.md)
+
+- Make sure that your SAP system is fully [prepared for the deployment](preparing-sap.md).
 
+- Make sure your DCR is configured as described in [Install the solution from the content hub](deploy-sap-security-content.md#install-the-solution-from-the-content-hub).
+
+:::zone-end
+
+:::zone pivot="connection-agent"
 
 ## Watch a demo video
 
@@ -324,8 +342,6 @@ The system configuration you defined is deployed into the Azure key vault you de
 
 At this stage, the system's **Health** status is **Pending**. If the agent is updated successfully, it pulls the configuration from Azure Key vault, and the status changes to **System healthy**. This update can take up to 10 minutes.
 
-The deployment procedure generates a **systemconfig.json** file that contains the configuration details for the SAP data connector agent. For more information, see [SAP data connector agent configuration file](deployment-overview.md#sap-data-connector-agent-configuration-file).
-
 :::zone-end
 
 :::zone pivot="connection-agentless"

articles/sentinel/sap/deployment-overview.md

@@ -48,20 +48,11 @@ Microsoft Sentinel supports a few options for storing your agent configuration i
 
 You can also authenticate using SAP's Secure Network Communication (SNC) and X.509 certificates. While using SNC provides a higher level of authentication security, it might not be practical for all scenarios.
 
-### SAP data connector agent configuration file
-
-When using the data connector agent, the deployment procedure generates a **systemconfig.json** file that contains the configuration details for the SAP data connector agent. The file is located in the `/sapcon-app/sapcon/config/system` directory on your VM. You can use this file to update the configuration of your SAP data connector agent.
-
-Earlier versions of the deployment script, released before June 2023, generated a **systemconfig.ini** file instead. For more information, see:
-
-- [Systemconfig.json file reference](reference-systemconfig-json.md)
-- [Systemconfig.ini file reference](reference-systemconfig.md) (legacy)
-
 ### [Agentless data connector (limited preview)](#tab/agentless)
 
 The Microsoft Sentinel agentless data connector for SAP uses the SAP Cloud Connector and SAP Integration Suite to connect to your SAP system and pull logs from it, as shown in the following image:
 
-:::image type="content" source="media/deployment-overview/agentless-connector.png" alt-text="Diagram that shows the Microsoft Sentinel agentless data connector in a SAP environment.":::
+:::image type="content" source="media/deployment-overview/agentless-connector.png" alt-text="Diagram that shows the Microsoft Sentinel agentless data connector in a SAP environment." border="false":::
 
 By using the SAP Cloud Connector, the **Agentless solution** profits from already existing setups and established integration processes. This means you don't have to tackle network challenges again, as the people running your SAP Cloud Connector have already gone through that process.
 
@@ -88,6 +79,10 @@ For more information, see [Microsoft Sentinel solution for SAP applications: sec
 
 ## Deployment flow and personas
 
+Deploying the Microsoft Sentinel solutions for SAP applications involves several steps and requires collaboration across multiple teams, differing depending on whether you're using a data connector agent or the agentless solution. Select one of the following tabs to learn more:
+
+### [Containerized data connector agent](#tab/agent)
+
 Deploying the Microsoft Sentinel solutions for SAP applications involves several steps and requires collaboration across multiple teams, including the **security**, **infrastructure**, and **SAP BASIS** teams. The following image shows the steps in deploying the Microsoft Sentinel solutions for SAP applications, with relevant teams indicated:
 
 :::image type="content" source="media/deployment-steps/full-flow.png" alt-text="Diagram showing the full steps in the Microsoft Sentinel solution for SAP applications deployment flow." border="false":::
@@ -96,20 +91,15 @@ We recommend that you involve all relevant teams when planning your deployment t
 
 **Deployment steps include**:
 
-1. [Review the prerequisites for deploying Microsoft Sentinel solution for SAP applications](prerequisites-for-deploying-sap-continuous-threat-monitoring.md). Some prerequisites require coordination with your infrastructure or SAP BASIS teams.
+1. [Review the prerequisites for deploying the Microsoft Sentinel solution for SAP applications](prerequisites-for-deploying-sap-continuous-threat-monitoring.md). Some prerequisites require coordination with your infrastructure or SAP BASIS teams.
 
 1. The following steps can happen in parallel as they involve separate teams, and aren't dependent on each other:
 
     1. [Deploy the Microsoft Sentinel solution for SAP applications from the content hub](deploy-sap-security-content.md). Make sure that you install the correct solution for your environment. This step is handled by the security team on the Azure portal.
 
     1. [Configure your SAP system for the Microsoft Sentinel solution](preparing-sap.md), including configuring SAP authorizations, configuring SAP auditing, and more. We recommend that these steps be done by your SAP BASIS team, and our documentation includes references to SAP documentation.
 
-1. [Connect your SAP system](deploy-data-connector-agent-container.md) using one of the following methods, depending on the Microsoft Sentinel solution you deployed:
-
-    - Deploy a containerized data connector agent
-    - Use an agentless data connector with the SAP Cloud Connetor (limited preview)
-
-    This step requires coordination between your security, infrastructure, and SAP BASIS teams.
+1. [Connect your SAP system](deploy-data-connector-agent-container.md) by deploying a containerized data connector agent.     This step requires coordination between your security, infrastructure, and SAP BASIS teams.
 
 1. [Enable SAP detections and threat protection](deployment-solution-configuration.md). This step is handled by the security team on the Azure portal.
 
@@ -124,6 +114,30 @@ If you're using the data connector agent and need to stop Microsoft Sentinel fro
 
 For more information, see [Stop SAP data collection](stop-collection.md).
 
+### [Agentless data connector (limited preview)](#tab/agentless)
+
+Deploying the Microsoft Sentinel solutions for SAP applications involves several steps and requires collaboration across your **security** and **SAP BASIS** teams. The following image shows the steps in deploying the Microsoft Sentinel solutions for SAP applications, with relevant teams indicated:
+
+:::image type="content" source="media/deployment-steps/full-flow-agentless.png" alt-text="Diagram showing the full steps in the Microsoft Sentinel agentless solution for SAP applications deployment flow." border="false":::
+
+We recommend that you involve both teams when planning your deployment to ensure that effort is allocated and the deployment can move smoothly.
+
+**Deployment steps include**:
+
+1. [Review the prerequisites for deploying the SAP agentless solution](prerequisites-for-deploying-sap-continuous-threat-monitoring.md).
+
+1. The following steps can happen in parallel as they involve separate teams, and aren't dependent on each other:
+
+    1. [Deploy the SAP agentless solution from the content hub](deploy-sap-security-content.md). This step is handled by the security team on the Azure portal.
+
+    1. [Configure your SAP system for the Microsoft Sentinel solution](preparing-sap.md), including configuring SAP authorizations, configuring SAP auditing, and more. We recommend that these steps be done by your SAP BASIS team, and our documentation includes references to SAP documentation.
+
+1. [Connect your SAP system](deploy-data-connector-agent-container.md) using an agentless data connector with the SAP Cloud Connector. This step is handled by your security team on the Azure portal, using information provided by your SAP BASIS team.
+
+1. [Enable SAP detections and threat protection](deployment-solution-configuration.md). This step is handled by the security team on the Azure portal.
+
+---
+
 ## Related content
 
 For more information, see: