itsm action groups ui changes

Author: AbbyMSFT

articles/azure-monitor/alerts/itsmc-definition.md

@@ -96,28 +96,30 @@ To create an action group:
     > [!NOTE]
     > As of September 2022, we are starting the 3-year process of deprecating support of using ITSM actions to send alerts and events to ServiceNow.
 
-1. In the last section of the interface for creating an ITSM action group, if the alert is a log alert, you can define how many work items will be created for each alert. For all other alert types, create one work item per alert.
+1. In the last section of the interface for creating an ITSM action group, if the alert is a log alert, you can define how many work items will be created for each alert. For all other alert types, one work item is created per alert.
 
-    - If the work item type is **Incident** or **Alert**:
-    
-       If you select the **Create individual work items for each Configuration Item** checkbox, every configuration item in every alert creates a new work item. Because several alerts will occur for the same affected configuration items, there will be more than one work item for each configuration item. For example, an alert that has three configuration items creates three work items. An alert that has one configuration item creates one work item.
-    
-       If you do not select the **Create individual work items for each Configuration Item** checkbox, ITSMC will create a single work item for each alert rule and append to it all affected configuration items. A new work item will be created if the previous one is closed. Some of the fired alerts won't generate new work items in the ITSM tool. For example, an alert that has three configuration items will create one work item. If an alert for the same alert rule as the previous example has one configuration item, that configuration item will be attached to the list of affected configuration items in the created work item. An alert for a different alert rule that has one configuration item will create one work item.
-    
-       ![Screenshot that shows the ITSM ticket section with an incident selected as a work item.](media/itsmc-overview/itsm-action-configuration.png)
+    - If the work item type is **Incident**:
+
+      :::image type="content" source="media/itsmc-definition/itsm-action-incident.png" alt-text="Screenshot that shows the ITSM Ticket area with an incident work item type.":::
 
     - If the work item type is **Event**:
 
-        If you select the **Create individual work items for each Log Entry** button, a work item is created for each row in the search results of the log search alert query. The description property in the payload of the work item contains the row from the search results.
+        If you select **Create a work item for each row in the search results**, a work item is created for each row in the search results of the log search alert query. The description property in the payload of the work item contains the row from the search results.
+
+        If you select the **Create a work item for configuration item in the search results** button, every configuration item in every alert creates a new work item. Each configuration item can have more than one work item in the ITSM system. This option is the same as selecting the checkbox that appears after you select `Incident` as the work item type.
+
+        :::image type="content" source="media/itsmc-definition/itsm-action-event.png" alt-text="Screenshot that shoes the ITSM Ticket section with an even work item type.":::
+
+    - If the work item type is **Alert**:
 
-        If you select the **Create individual work items for each Configuration Item** button, every configuration item in every alert creates a new work item. Each configuration item can have more than one work item in the ITSM system. This option is the same as selecting the checkbox that appears after you select `Incident` as the work item type.
+        If you select  **Create a work item for each configuration item in the search results**, every configuration item in every alert creates a new work item. Each configuration item can have more than one work item in the ITSM system. 
 
-        ![Screenshot that shows the I T S M Ticket area with Event selected as a work item.](media/itsmc-overview/itsm-action-configuration-event.png)
+        :::image type="content" source="media/itsmc-definition/itsm-action-alert.png" alt-text="Screenshot that shows the ITSM Ticket area with an alert work item type.":::
 
-1. As a part of the action definition, you can define predefined fields that will contain constant values as a part of the payload. According to the work item type, three options can be used as a part of the payload:
+1. You can configure predefined fields to contain constant values as a part of the payload. Based on the work item type, three options can be used as a part of the payload:
     * **None**: Use a regular payload to ServiceNow without any extra predefined fields and values.
     * **Use default fields**: Use a set of fields and values that will be sent automatically as a part of the payload to ServiceNow. Those fields aren't flexible, and the values are defined in ServiceNow lists.
-    * **Use saved templates from ServiceNow**: Use a predefined set of fields and values that were defined as a part of a template definition in ServiceNow. If you already defined the template in ServiceNow, you can use it from the **Template** list. Otherwise, you can define it in ServiceNow. For more information, see the preceding section, [Define a template](#define-a-template).
+    * **Use saved templates from ServiceNow**: Use a predefined set of fields and values that were defined as a part of a template definition in ServiceNow. If you already defined the template in ServiceNow, you can use it from the **Template** list. Otherwise, you can define it in ServiceNow. For more information, see [define a template](#define-a-template).
 
 1. Select **OK**.
 
@@ -126,9 +128,9 @@ When you create or edit an Azure alert rule, use an action group, which has an I
 > [!NOTE]
 > * For information about the pricing of the ITSM action, see the [pricing page](https://azure.microsoft.com/pricing/details/monitor/) for action groups.
 >
-> * The short description field in the alert rule definition is limited to 40 characters when you send it by using the ITSM action.
+> * The short description field in the alert rule definition is limited to 40 characters when you send it using the ITSM action.
 >
-> * In case you have policies for inbound traffic for your ServiceNow instances, add ActionGroup service tag to allowList.
+> * If you have policies for inbound traffic for your ServiceNow instances, add ActionGroup service tag to allowList.
 > 
 > * Notice that when you are defining a query in Log Search alerts you need to have in the query result the Configuration items names with one of the label names "Computer",  "Resource", "_ResourceId" or "ResourceId”. This mapping will enable to map the configuration items to the ITSM payload