add screenshots

Author: austinmccollum

articles/sentinel/TOC.yml

@@ -89,6 +89,8 @@
       href: sentinel-solutions-catalog.md
     - name: Manage custom content with repositories
       href: ci-cd-custom-content.md
+    - name: OOTB content centralization changes
+      href: sentinel-content-centralize.md
   - name: Collect data
     items:
     - name: Data collection methods

articles/sentinel/media/sentinel-content-centralize/after-tool-analytic-rule-template.png

@@ -19,24 +19,26 @@ Microsoft Sentinel Content hub enables discovery and on-demand installation of o
 - **Playbook templates**
 - **Workbook templates**
 
-In order to centralize all out-of-the-box content we're planning to retire the gallery-only content templates. The legacy gallery content templates are no longer being updated, and the content hub is where OOTB content is kept up to date. Content hub provides update workflows for solutions and automatic updates for standalone content. We're also introducing a central tool to reinstate the corresponding "in use" retired templates as content hub items. 
+## Content hub changes
+In order to centralize all out-of-the-box content, we're planning to retire the gallery-only content templates. The legacy gallery content templates are no longer being updated, and the content hub is where OOTB content is kept up to date. Content hub also provides update workflows for solutions and automatic updates for standalone content. To facilitate this transition, we're going to publish a central tool to reinstate corresponding `IN USE` retired templates from the Content hub. 
 
-Microsoft Sentinel has an official GitHub repository for community contributions vetted by the community and Microsoft. It is the source for many of the content items in Content hub. In order to enable discovery of all OOTB content in Content hub, the OOTB content centralization changes have already been extended to the Microsoft Sentinel GitHub repo. With this change: 
+## Sentinel GitHub changes
+Microsoft Sentinel has an official [GitHub repository](https://github.com/Azure/Azure-Sentinel) for community contributions vetted by Microsoft and the community. It is the source for most of the content items in Content hub. In order to enable consistent discovery of all this content, the OOTB content centralization changes have already been extended to the Microsoft Sentinel GitHub repo. With this change: 
 
- - All OOTB content packaged in solutions in content hub now show up under the Solutions folder in the GitHub repository. 
- - All standalone OOTB content will continue to remain in their respective locations as before. 
+ - All OOTB content packaged in solutions in content hub now show up under the [Solutions folder](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions) in the GitHub repository. 
+ - All standalone OOTB content will continue to remain in their respective locations. 
 
-These changes will complete the journey towards centralizing Microsoft Sentinel content.
+Together, these changes will complete the journey towards centralizing Microsoft Sentinel content.
 
 ## When is this change coming?
 > [!NOTE]
-> These planned timelines are tentative and subject to change.
+> The following timeline is tentative and subject to change.
 >
 
-The centralization change in the Sentinel portal is expected to go live in all Sentinel workspaces Q2 2023. The Microsoft Sentinel GitHub changes have already been done. Standalone content is available in existing GitHub folders and solutions content moved to the solutions folder.  
+The centralization change in the Sentinel portal is expected to go live in all Sentinel workspaces Q2 2023. The Microsoft Sentinel GitHub changes have already been done. Standalone content is available in existing GitHub folders and solutions content has been moved to the solutions folder.  
 
 ## Scope of change
-This change is only scoped to gallery content type templates. All these same templates and more OOTB content are available in content hub as solutions or standalone content. 
+This change is only scoped to *gallery content* type templates. All these same templates and more OOTB content are available in *Content hub* as solutions or standalone content. 
 
 For Microsoft Sentinel GitHub, OOTB content packaged in solutions in content hub now shows up under the GitHub [Solutions folder](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions). The other existing content in GitHub is scoped to the following folders and only contains standalone content items. Content in the remaining GitHub folders not called out in this list do not have any changes.
 
@@ -60,7 +62,7 @@ The active or custom items created in any manner (from templates or otherwise) a
 Any OOTB content templates installed from content hub (identifiable as *Content source = Content hub*) are NOT affected by this change.
 
 ### What's changing?
-All template galleries will display an in-product warning banner. This banner will contain a link to a tool that will run within the Microsoft Sentinel portal. Activating the tool will initiate a guided experience to reinstate the content templates for the `IN USE` active items originally based on gallery templates. This tool only runs once per workspace so be sure to plan with your organization. Once the tool runs successfully, the warning banner will resolve and no longer be visible from the template galleries of that workspace. 
+All template galleries will display an in-product warning banner. This banner will contain a link to a tool that will run within the Microsoft Sentinel portal. Activating the tool will initiate a guided experience to reinstate the content templates for the `IN USE` retired templates from the Content hub. This tool only needs to be run once per workspace, so be sure to plan with your organization. Once the tool runs successfully, the warning banner will resolve and no longer be visible from the template galleries of that workspace. 
 
 Specific impact to the gallery content templates for each of these galleries are detailed in the following table. Expect these changes when the OOTB content centralization goes live. 
 
@@ -72,16 +74,26 @@ Specific impact to the gallery content templates for each of these galleries are
 | [Workbooks templates](get-visibility.md#use-built-in-workbooks) | The templates with `Content source = "Gallery content"` will no longer appear in the Workbooks template gallery. |
 | [Playbooks templates](use-playbook-templates.md#explore-playbook-templates) | The templates identifiable as `source name = "Gallery content"` will no longer appear in the Automation Playbook templates gallery. |
 
+Here's an example of an Analytics rule before and after the centralization changes and the tool has run.
+- The active Analytics rule won't change at all. We can see it's based on an Analytics rule template that will be retired.
+    :::image type="content" source="media/sentinel-content-centralize/before-tool-analytic-rule-active.png" alt-text="This screenshot shows an active Analytics rule before centralization changes.":::
+
+- This is the Analytics rule template before the change that will be retired.
+    :::image type="content" source="media/sentinel-content-centralize/before-tool-analytic-rule-template.png" alt-text="This screenshot shows the Analytics rule template that will be retired.":::
+
+- This is the Analytics rule template after the tool has been run to reinstate it.
+    :::image type="content" source="media/sentinel-content-centralize/after-tool-analytic-rule-template.png" alt-text="This screenshot shows the Analytics rule template after being reinstated.":::
+
 ## Action needed
 - Starting now, install new OOTB content from Content hub and update solutions as needed to have the latest version of the templates. 
 - For existing gallery content templates you are using, get future updates by installing the respective solutions or standalone content items from Content hub. The gallery content in the feature galleries may be out-of-date.
 - If you have applications or processes that directly get OOTB content from the Microsoft Sentinel GitHub repository, update the locations to include getting OOTB content from the solutions folder in addition to existing content folders.  
-- Plan with your organization who and when will run the tool when you see the warning banner and the change goes live in Q2 2023.
+- Plan with your organization who and when will run the tool when you see the warning banner and the change goes live in Q2 2023. The tool needs to be run once in a workspace to reinstate all `IN USE` retired templates from the Content hub. 
 - Review the FAQs section to learn more details that may be applicable to your environment. 
 
 ## Content centralization FAQs
-#### Will my SOC alert generation and incidents generation and management get impacted with this change? 
-No, there’s no impact to active alert rules or detections or active playbooks, or cloned hunting queries or saved workbooks. The OOTB content centralization change should not have an impact on your current incident generation and management processes.  
+#### Will my SOC alert generation or incidents generation and management be impacted with this change? 
+No, there's no impact to active alert rules or detections, or active playbooks, or cloned hunting queries, or saved workbooks. The OOTB content centralization change won't impact your current incident generation and management processes.  
 
 #### Are there exceptions on impacts to some of the gallery content templates as part of this centralization? 
 Analytic rule templates of the following types will be un-impacted with this change: 
@@ -95,22 +107,22 @@ Analytic rule templates of the following types will be un-impacted with this cha
 #### Will any of the APIs be impacted with this change? 
 Currently only alert rule template Get and List APIs exists for content template management. These APIs will continue to surface gallery-content templates.   
 
-New content hub APIs will be available soon to enable OOTB content management scenarios for OOTB content types (data connectors, playbook templates, workbook templates, analytic rule templates, hunting queries) and this includes mechanism to get up-to-date analytics rule templates installed on the workspace. 
+New content hub APIs will be available soon to enable OOTB content management scenarios for OOTB content types (data connectors, playbook templates, workbook templates, analytic rule templates, hunting queries) and this includes a mechanism to get up-to-date analytics rule templates installed on the workspace. 
 
-Action needed: Plan to update your applications and processes to leverage the new content hub OOTB content management APIs when those are available in Q2 2023.  
+**Action needed:** Plan to update your applications and processes to leverage the new content hub OOTB content management APIs when those are available in Q2 2023.  
 
 #### How will the central tool identify my in-use OOTB content templates? 
-The tool will look for data connectors with “status = connected” to build a list of solutions and standalone content that you can review and install to get content hub OOTB content templates in all the impacted feature galleries. For playbook templates, in addition there is a specific check for ‘in-use’ playbook templates. Since this process installs solutions, you might get more OOTB content items that match the connected data source than you might be actually using.  
+The tool will look for data connectors with "status = connected" to build a list of solutions and standalone content that you can review and install to get the content hub OOTB content templates in all the impacted feature galleries. There is a specific check for `IN USE` playbook templates. Since this process installs solutions, you might get more OOTB content items that match the connected data source than you might be actually using.  
 
-Please note that this central tool is a best-case effort to get your in-use OOTB content templates. You can get additional OOTB content or content might be missing that you can get directly by installing from content hub.   
+Please note that this central tool is a best-effort to get your `IN USE` OOTB content templates reinstated from content hub. You can get additional OOTB content or content might be missing that you can get directly by installing from content hub.   
 
 #### What if I am using APIs to connect data sources in my Microsoft Sentinel workspace?  
-Currently all the data connectors exist in the data connectors gallery so you can see the specific data connector show up as “status = Connected” if the specific data type matches with that referenced in the data connector. After the centralization experiences go live, the specific data connector needs to be installed from the respective solution to get the same behavior.  
+Currently all the data connectors exist in the data connectors gallery so you can see the specific data connector show up as "status = Connected" if the specific data type matches with that referenced in the data connector. After the centralization experiences go live, the specific data connector needs to be installed from the respective solution to get the same behavior.  
 
-Action needed: Plan to update the process/any custom tooling for deploying data connectors in this scenario to start installing the specific solution(s) before the connecting to data ingest APIs step. The API for installing a solution will be coming in Q2 2023 with the content hub OOTB content management APIs.    
+**Action needed:** Plan to update the process/any custom tooling for deploying data connectors in this scenario to start installing the specific solution(s) before the connecting to data ingest APIs step. The API for installing a solution will be coming in Q2 2023 with the content hub OOTB content management APIs.    
 
 #### What if I am working with content using Repositories feature in Microsoft Sentinel? 
-Repositories enable working with custom or active content in Microsoft Sentinel. This won't be impacted by the OOTB content centralization changes. 
+Repositories specifically deploy custom or active content in Microsoft Sentinel. Content deployed through the Repositories feature won't be impacted by the OOTB content centralization changes. 
 
 ## Next steps
 Take a look at these other resources for OOTB content and Content hub.