Merge pull request #197478 from yelevin/yelevin/sap-edits

Cleanup connector and content docs

Author: PRMerger17

articles/sentinel/sap/deploy-data-connector-agent-container.md

@@ -37,27 +37,27 @@ Deployment of the SAP continuous threat monitoring solution is divided into the
 
 ## Data connector agent deployment overview
 
-For the Continuous Threat Monitoring solution for SAP to operate correctly, data must first be ingested from SAP system into Microsoft Sentinel. To accomplish this, you need to deploy the Continuous Threat Monitoring solution for SAP data connector agent.
+For the Continuous Threat Monitoring solution for SAP to operate correctly, you must first get your SAP data into Microsoft Sentinel. To accomplish this, you need to deploy the solution's SAP data connector agent.
 
-The data connector agent runs as a container on a Linux virtual machine (VM). This VM can be hosted either in Azure, in a third-party cloud, or on-premises. The recommended way for you to install and configure this container is by using a *kickstart* script, however you can choose to deploy the container [manually](?tabs=deploy-manually)
+The data connector agent runs as a container on a Linux virtual machine (VM). This VM can be hosted either in Azure, in a third-party cloud, or on-premises. We recommend that you install and configure this container using a *kickstart* script; however, you can choose to [deploy the container manually](?tabs=deploy-manually#deploy-the-data-connector-agent-container).
 
-The agent connects to your SAP system to pull logs and other data from it, then sends those logs to your Microsoft Sentinel. To do this, the agent has to authenticate to your SAP system - that's why you created a user and a role for the agent in your SAP system in the previous step. 
+The agent connects to your SAP system to pull logs and other data from it, then sends those logs to your Microsoft Sentinel workspace. To do this, the agent has to authenticate to your SAP system - that's why you created a user and a role for the agent in your SAP system in the previous step. 
 
 Your SAP authentication infrastructure, and where you deploy your VM, will determine how and where your agent configuration information, including your SAP authentication secrets, is stored. These are the options, in descending order of preference:
 
 - An Azure Key Vault, accessed through an Azure **system-assigned managed identity**
 - An Azure Key Vault, accessed through an Azure AD **registered-application service principal**
 - A plaintext **configuration file**
 
-If your **SAP authentication** infrastructure is based on **SNC**, using **X.509 certificates**, your only option is to use a configuration file. Select the **Configuration file** tab below for the instructions to deploy your agent container.
+If your **SAP authentication** infrastructure is based on **SNC**, using **X.509 certificates**, your only option is to use a configuration file. Select the [**Configuration file** tab below](?tabs=config-file#deploy-the-data-connector-agent-container) for the instructions to deploy your agent container.
 
-If not, then your SAP configuration and authentication secrets can and should be stored in an [**Azure Key Vault**](../../key-vault/general/authentication.md). How you access your key vault depends on where your VM is deployed:
+If you're not using SNC, then your SAP configuration and authentication secrets can and should be stored in an [**Azure Key Vault**](../../key-vault/general/authentication.md). How you access your key vault depends on where your VM is deployed:
 
-- **A container on an Azure VM** can use an Azure [system-assigned managed identity](../../active-directory/managed-identities-azure-resources/overview.md) to seamlessly access Azure Key Vault. Select the **Managed identity** tab below for the instructions to deploy your agent container using managed identity.
+- **A container on an Azure VM** can use an Azure [system-assigned managed identity](../../active-directory/managed-identities-azure-resources/overview.md) to seamlessly access Azure Key Vault. Select the [**Managed identity** tab below](?tabs=managed-identity#deploy-the-data-connector-agent-container) for the instructions to deploy your agent container using managed identity.
 
     In the event that a system-assigned managed identity can't be used, the container can also authenticate to Azure Key Vault using an [Azure AD registered-application service principal](../../active-directory/develop/app-objects-and-service-principals.md), or, as a last resort, a configuration file.
 
-- **A container on an on-premises VM**, or **a VM in a third-party cloud environment**, can't use Azure managed identity, but can authenticate to Azure Key Vault using an [Azure AD registered-application service principal](../../active-directory/develop/app-objects-and-service-principals.md). Select the **Registered application** tab below for the instructions to deploy your agent container.
+- **A container on an on-premises VM**, or **a VM in a third-party cloud environment**, can't use Azure managed identity, but can authenticate to Azure Key Vault using an [Azure AD registered-application service principal](../../active-directory/develop/app-objects-and-service-principals.md). Select the [**Registered application** tab below](?tabs=registered-application#deploy-the-data-connector-agent-container) for the instructions to deploy your agent container.
 
     If for some reason a registered-application service principal can't be used, you can use a configuration file, though this is not preferred.
 
@@ -66,12 +66,13 @@ If not, then your SAP configuration and authentication secrets can and should be
 # [Managed identity](#tab/managed-identity)
 
 1. Transfer the [SAP NetWeaver SDK](https://aka.ms/sap-sdk-download) to the machine on which you want to install the agent.
-1. 
+
 1. Run the following command to **Create a VM** in Azure (substitute actual names for the `<placeholders>`):
 
     ```azurecli
     az vm create --resource-group <resource group name> --name <VM Name> --image Canonical:0001-com-ubuntu-server-focal:20_04-lts-gen2:latest --admin-username <azureuser> --public-ip-address "" --size  Standard_D2as_v5 --generate-ssh-keys --assign-identity
     ```
+
     For more information, see [Quickstart: Create a Linux virtual machine with the Azure CLI](../../virtual-machines/linux/quick-create-cli.md).
 
     > [!IMPORTANT]
@@ -128,7 +129,7 @@ If not, then your SAP configuration and authentication secrets can and should be
     wget -O sapcon-sentinel-kickstart.sh https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/SAP/sapcon-sentinel-kickstart.sh && bash ./sapcon-sentinel-kickstart.sh
     ```
 
-    The script updates the OS components, installs the Azure CLI and Docker software and other required utilities (jq, netcat, curl), and prompts you for configuration parameter values. You can supply additional parameters to the script to minimize the amount of prompts, or to customize the container deployment. For more information on available command line options, see [Kickstart script reference](reference-kickstart.md)
+    The script updates the OS components, installs the Azure CLI and Docker software and other required utilities (jq, netcat, curl), and prompts you for configuration parameter values. You can supply additional parameters to the script to minimize the amount of prompts or to customize the container deployment. For more information on available command line options, see [Kickstart script reference](reference-kickstart.md).
 
 1. **Follow the on-screen instructions** to enter your SAP and key vault details and complete the deployment. When the deployment is complete, a confirmation message is displayed:
 
@@ -149,7 +150,7 @@ If not, then your SAP configuration and authentication secrets can and should be
 # [Registered application](#tab/registered-application)
 
 1. Transfer the [SAP NetWeaver SDK](https://aka.ms/sap-sdk-download) to the machine on which you want to install the agent.
-1. 
+
 1. Run the following command to **create and register an application**:
 
     ```azurecli
@@ -175,7 +176,8 @@ If not, then your SAP configuration and authentication secrets can and should be
     az keyvault create \
       --name <KeyVaultName> \
       --resource-group <KeyVaultResourceGroupName>
-    ```    
+    ```
+
 1. Copy the name of the (newly created or existing) key vault and the name of its resource group. You'll need these for assigning the key vault access policy and running the deployment script in the coming steps.
 
 1. Run the following command to **assign a key vault access policy** to the registered application ID that you copied above (substitute actual names or values for the `<placeholders>`):
@@ -205,7 +207,7 @@ If not, then your SAP configuration and authentication secrets can and should be
     ./sapcon-sentinel-kickstart.sh --keymode kvsi --appid aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa --appsecret ssssssssssssssssssssssssssssssssss -tenantid bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb -kvaultname <key vault name>
     ```
 
-    The script updates the OS components, installs the Azure CLI and Docker software and other required utilities (jq, netcat, curl), and prompts you for configuration parameter values. You can supply additional parameters to the script to minimize the amount of prompts, or to customize the container deployment. For more information on available command line options, see [Kickstart script reference](reference-kickstart.md)
+    The script updates the OS components, installs the Azure CLI and Docker software and other required utilities (jq, netcat, curl), and prompts you for configuration parameter values. You can supply additional parameters to the script to minimize the amount of prompts or to customize the container deployment. For more information on available command line options, see [Kickstart script reference](reference-kickstart.md).
 
 1. **Follow the on-screen instructions** to enter the requested details and complete the deployment. When the deployment is complete, a confirmation message is displayed:
 
@@ -226,7 +228,7 @@ If not, then your SAP configuration and authentication secrets can and should be
 # [Configuration file](#tab/config-file)
 
 1. Transfer the [SAP NetWeaver SDK](https://aka.ms/sap-sdk-download) to the machine on which you want to install the agent.
-1. 
+
 1. Run the following commands to **download the deployment Kickstart script** from the Microsoft Sentinel GitHub repository and **mark it executable**:
 
     ```bash
@@ -240,7 +242,7 @@ If not, then your SAP configuration and authentication secrets can and should be
     ./sapcon-sentinel-kickstart.sh --keymode cfgf
     ```
 
-    The script updates the OS components, installs the Azure CLI and Docker software and other required utilities (jq, netcat, curl), and prompts you for configuration parameter values. You can supply additional parameters to the script to minimize the amount of prompts, or to customize the container deployment. For more information on available command line options, see [Kickstart script reference](reference-kickstart.md)
+    The script updates the OS components, installs the Azure CLI and Docker software and other required utilities (jq, netcat, curl), and prompts you for configuration parameter values. You can supply additional parameters to the script to minimize the amount of prompts or to customize the container deployment. For more information on available command line options, see [Kickstart script reference](reference-kickstart.md).
 
 1. **Follow the on-screen instructions** to enter the requested details and complete the deployment. When the deployment is complete, a confirmation message is displayed:
 
@@ -258,45 +260,46 @@ If not, then your SAP configuration and authentication secrets can and should be
 
     To view a list of the available containers use the command: `docker ps -a`.
 
-# [Manual Deployment](#tab/deploy-manually)
+# [Manual deployment](#tab/deploy-manually)
 
 1. Transfer the [SAP NetWeaver SDK](https://aka.ms/sap-sdk-download) to the machine on which you want to install the agent.
 
-1. Install [Docker](https://www.docker.com/) on the VM, following [recommended deployment steps](https://docs.docker.com/engine/install/) for the chosen operating system
+1. Install [Docker](https://www.docker.com/) on the VM, following the [recommended deployment steps](https://docs.docker.com/engine/install/) for the chosen operating system.
 
-1. Use the following commands (replacing <*SID*> with the name of the SAP instance) to create a folder to store the container configuration and metadata, and to download a sample systemconfig.ini file into that folder.
+1. Use the following commands (replacing `<SID>` with the name of the SAP instance) to create a folder to store the container configuration and metadata, and to download a sample systemconfig.ini file into that folder.
 
-   ````bash
+   ```bash
    sid=<SID>
    mkdir -p /opt/sapcon/$sid
    cd /opt/sapcon/$sid
    wget https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/SAP/template/systemconfig.ini 
 
-   ````
+   ```
 
 1. Edit the systemconfig.ini file to [configure the relevant settings](reference-systemconfig.md).
 
-1. Run the following commands (replacing <*SID*> with the name of the SAP instance) to retrieve the latest container image, create a new container, and configure it to start automatically.
+1. Run the following commands (replacing `<SID>` with the name of the SAP instance) to retrieve the latest container image, create a new container, and configure it to start automatically.
 
-   ````bash
+   ```bash
    sid=<SID>
    docker pull mcr.microsoft.com/azure-sentinel/solutions/sapcon:latest
    docker create -d --restart unless-stopped -v /opt/sapcon/$sid/:/sapcon-app/sapcon/config/system --name sapcon-$sid sapcon   
-   ````
+   ```
 
-1. Run the following command (replacing <*SID*> with the name of the SAP instance and <*sdkfilename*> with full filename of the SAP NetWeaver SDK) to copy the SDK into the container.
+1. Run the following command to copy the SDK into the container. Replace `<SID>` with the name of the SAP instance and `<sdkfilename>` with full filename of the SAP NetWeaver SDK.
 
-   ````bash
+   ```bash
    sdkfile=<sdkfilename> 
    sid=<SID>
    docker cp $sdkfile sapcon-$sid:/sapcon-app/inst/
-   ````
+   ```
+
+1. Run the following command (replacing `<SID>` with the name of the SAP instance) to start the container.
 
-1. Run the following command (replacing <*SID*> with the name of the SAP instance) to start the container.
-   ````bash
+   ```bash
    sid=<SID>
    docker start sapcon-$sid
-   ````
+   ```
 
 ---
 

articles/sentinel/sap/deploy-sap-security-content.md

@@ -39,7 +39,7 @@ Track your SAP solution deployment journey through this series of articles:
 
 Deploy the [SAP security content](sap-solution-security-content.md) from the Microsoft Sentinel **Content hub** and **Watchlists** areas.
 
-The **Microsoft Sentinel - Continuous Threat Monitoring for SAP** solution enables the SAP data connector to be displayed in the Microsoft Sentinel **Data connectors** area. The solution also deploys the **SAP - System Applications and Products** workbook and SAP-related analytics rules.
+Deploying the **Microsoft Sentinel - Continuous Threat Monitoring for SAP** solution causes the SAP data connector to be displayed in the Microsoft Sentinel **Data connectors** area. The solution also deploys the **SAP - System Applications and Products** workbook and SAP-related analytics rules.
 
 To deploy SAP solution security content, do the following:
 
@@ -51,7 +51,7 @@ To deploy SAP solution security content, do the following:
 
     :::image type="content" source="./media/deploy-sap-security-content/sap-solution.png" alt-text="Screenshot of the 'Microsoft Sentinel - Continuous Threat Monitoring for SAP' solution pane." lightbox="media/deploy-sap-security-content/sap-solution.png":::
 
-1. To launch the solution deployment wizard, select **Create**, and then enter the details of the Azure subscription, resource group, and Log Analytics workspace (the one which is used by Microsoft Sentinel) where you want to deploy the solution.
+1. To launch the solution deployment wizard, select **Create**, and then enter the details of the Azure subscription, resource group, and Log Analytics workspace (the one used by Microsoft Sentinel) where you want to deploy the solution.
 
 1. Select **Next** to cycle through the **Data Connectors**, **Analytics**, and **Workbooks** tabs, where you can learn about the components that will be deployed with this solution.