Merge pull request #191951 from zeinab-mk/patch-18

fix typos and links

Author: v-regandowner

articles/purview/tutorial-azure-purview-checklist.md

@@ -14,44 +14,44 @@ ms.date: 03/15/2022
 
 This article lists prerequisites that help you get started quickly on Azure Purview planning and deployment.
 
-|No.  |Prerequisite / Action  |Required Permission  |Additional guidance and recommendations  |
+|No.  |Prerequisite / Action  |Required permission  |Additional guidance and recommendations  |
 |:---------|:---------|:---------|:---------|
 |1    | Azure Active Directory Tenant        |N/A         |An [Azure Active Directory tenant](../active-directory/fundamentals/active-directory-access-create-new-tenant.md) should be associated with your subscription. <ul><li>*Global Administrator* or *Information Protection Administrator* role is required, if you plan to [extend Microsoft 365 Sensitivity Labels to Azure Purview for files and db columns](create-sensitivity-label.md)</li><li> *Global Administrator* or *Power BI Administrator* role is required, if you're planning to [scan Power BI tenants](register-scan-power-bi-tenant.md).</li></ul>         |
 |2     |An active Azure Subscription          |*Subscription Owner*         |An Azure subscription is needed to deploy Azure Purview and its managed resources. If you don't have an Azure subscription, create a [free subscription](https://azure.microsoft.com/free/) before you begin.          |
-|3     |Define whether you plan to deploy an Azure Purview with managed Event Hub      |  N/A |A managed Event Hub is created as part of Azure Purview account creation, see Azure Purview account creation. You can publish messages to the Event Hub kafka topic ATLAS_HOOK and Azure Purview will consume and process it. Azure Purview will notify entity changes to Event Hub kafka topic ATLAS_ENTITIES and user can consume and process it.This quickstart uses the new Azure.Messaging.EventHubs library.      |  
+|3     |Define whether you plan to deploy an Azure Purview with managed Event Hub      |  N/A |A managed Event Hub is created as part of Azure Purview account creation, see Azure Purview account creation. You can publish messages to the Event Hub kafka topic ATLAS_HOOK and Azure Purview will consume and process it. Azure Purview will notify entity changes to Event Hub kafka topic ATLAS_ENTITIES and user can consume and process it.      |  
 |4     |Register the following resource providers: <ul><li>Microsoft.Storage</li><li>Microsoft.EventHub (optional)</li><li>Microsoft.Purview</li></ul>       |*Subscription Owner* or custom role to register Azure resource providers (_/register/action_)         | [Register required Azure Resource Providers](/azure-resource-manager/management/resource-providers-and-types.md) in the Azure Subscription that is designated for Azure Purview Account. Review [Azure resource provider operations](../role-based-access-control/resource-provider-operations.md).          |
 |5     |Update Azure Policy to allow deployment of the following resources in your Azure subscription: <ul><li>Azure Purview</li><li>Azure Storage</li><li>Azure Event Hub (optional)</li></ul>            |*Subscription Owner*          |Use this step if an existing Azure Policy prevents deploying such Azure resources. If a blocking policy exists and needs to remain in place, please follow our [Azure Purview exception tag guide](create-azure-purview-portal-faq.md) and follow the steps to create an exception for Azure Purview accounts.          |
 |6     | Define your network security requirements.     | Network and Security architects.         |<ul><li> Review [Azure Purview network architecture and best practices](concept-best-practices-network.md) to define what scenario is more relevant to your network requirements. </li><li>If private network is needed, use [Azure Purview Managed IR](catalog-managed-vnet.md) to scan Azure data sources when possible to reduce complexity and administrative overhead. </li></ul>  |
-|7     |An Azure Virtual Network and Subnet(s) for Azure Purview private endpoints.         | *Network Contributor* to create or update Azure VNet.         |Use this step if you're planning to set up[private endpoint connectivity with Azure Purview](catalog-private-link.md):  <ul><li>Private endpoints for **ingestion**.</li><li>Private endpoint for Azure Purview **Account**.</li><li>Private endpoint for Azure Purview **Portal**.</li></ul> <br> Deploy [Azure Virtual Network](../virtual-network/quick-create-portal.md) if you need to.      |
-|8     |Deploy private endpoint for Azure data sources.      |*Network Contributor* to set up Private endpoints for each data source.         |perform this step if you're planning to use [Private Endpoint for Ingestion](catalog-private-link-end-to-end.md).          |
+|7     |An Azure Virtual Network and Subnet(s) for Azure Purview private endpoints.         | *Network Contributor* to create or update Azure VNet.         |Use this step if you're planning to deploy [private endpoint connectivity with Azure Purview](catalog-private-link.md):  <ul><li>Private endpoints for **Ingestion**.</li><li>Private endpoint for Azure Purview **Account**.</li><li>Private endpoint for Azure Purview **Portal**.</li></ul> <br> Deploy [Azure Virtual Network](../virtual-network/quick-create-portal.md) if you need one.      |
+|8     |Deploy private endpoint for Azure data sources.      |*Network Contributor* to set up private endpoints for each data source.         |Perform this step, if you're planning to use [Private Endpoint for Ingestion](catalog-private-link-end-to-end.md).          |
 |9     |Define whether to deploy new or use existing Azure Private DNS Zones.         |Required [Azure Private DNS Zones](catalog-private-link-name-resolution.md) can be created automatically during Purview Account deployment using Subscription Owner / Contributor role         |Use this step if you're planning to use Private Endpoint connectivity with Azure Purview. Required DNS Zones for Private Endpoint: <ul><li>privatelink.purview.azure.com</li><li>privatelink.purviewstudio.azure.com</li><li>privatelink.blob.core.windows.net</li><li>privatelink.queue.core.windows.net</li><li>privatelink.servicebus.windows.net</li></ul>        |
-|10     |A management machine in your CorpNet or inside Azure VNet to launch Azure Purview Studio.         |N/A         |Use this step if you're planning to set **Allow Public Network** to **deny** on you Azure Purview Account.         |
+|10     |A management machine in your CorpNet or inside Azure VNet to launch Azure Purview Studio.         |N/A         |Use this step if you're planning to set **Allow Public Network** to **deny** on your Azure Purview Account.         |
 |11     |Deploy an Azure Purview Account         |Subscription Owner / Contributor         |Purview account is deployed with 1 Capacity Unit and will scale up based [on demand](concept-elastic-data-map.md).          |
 |12     |Deploy a Managed Integration Runtime and Managed private endpoints for Azure data sources.      |*Data source admin* to setup Managed VNet inside Azure Purview. <br> *Network Contributor* to approve managed private endpoint for each Azure data source.         |Perform this step if you're planning to use [Managed VNet](catalog-managed-vnet.md). within your Azure Purview account for scanning purposes.          |
-|13     |Deploy Self-hosted integration runtime VMs inside your network.         |Azure: *Virtual Machine Contributor* <br> On-prem: Application owner         |Use this step if you're planning to perform any scans using Self-hosted Integration Runtime.          |
+|13     |Deploy Self-hosted integration runtime VMs inside your network.         |Azure: *Virtual Machine Contributor* <br> On-prem: Application owner         |Use this step if you're planning to perform any scans using [Self-hosted Integration Runtime](manage-integration-runtimes.md).          |
 |14     |Create a Self-hosted integration runtime inside Azure Purview.          |Data curator <br> VM Administrator or application owner        |Use this step if you're planning to use Self-hosted Integration Runtime instead of Managed Integration Runtime or Azure Integration Runtime. <br><br> <br> [download](https://www.microsoft.com/en-us/download/details.aspx?id=39717)         |
 |15     |Register your Self-hosted integration runtime          | Virtual machine administrator       |Use this step if you have **on-premises** or **VM-based data sources** (e.g. SQL Server). <br> Use this step are using **Private Endpoint** to scan to **any** data sources.         |
-|16     |Grant Azure RBAC **Reader** role to **Azure Purview MSI** at data sources' Subscriptions         |*Subscription owner* or *User Access Administrator*         |Use this step if you're planning to register **multiple** or **any** of the following data sources: <ul><li>Azure Blob Storage</li><li>Azure Data Lake Storage Gen1</li><li>Azure Data Lake Storage Gen2</li><li>Azure SQL Database</li><li>Azure SQL Database Managed Instance</li><li>Azure Synapse Analytics</li></ul>         |
-|17     |Grant Azure RBAC **Storage Blob Data Reader** role to **Azure Purview MSI** at data sources Subscriptions.         |*Subscription owner* or *User Access Administrator*         | **Skip** this step if you are using Private Endpoint to connect to data sources. Use this step if you have these data sources:<ul><li>Azure Blob Storage</li><li>Azure Data Lake Storage Gen1</li></ul>        |
+|16     |Grant Azure RBAC **Reader** role to **Azure Purview MSI** at data sources' Subscriptions         |*Subscription owner* or *User Access Administrator*         |Use this step if you're planning to register [multiple](register-scan-azure-multiple-sources.md) or **any** of the following data sources: <ul><li>[Azure Blob Storage](register-scan-azure-blob-storage-source.md)</li><li>[Azure Data Lake Storage Gen1](register-scan-adls-gen1.md)</li><li>[Azure Data Lake Storage Gen2](register-scan-adls-gen2.md)</li><li>[Azure SQL Database](register-scan-azure-sql-database.md)</li><li>[Azure SQL Database Managed Instance](register-scan-azure-sql-database-managed-instance.md)</li><li>[Azure Synapse Analytics](register-scan-synapse-workspace.md)</li></ul>         |
+|17     |Grant Azure RBAC **Storage Blob Data Reader** role to **Azure Purview MSI** at data sources Subscriptions.         |*Subscription owner* or *User Access Administrator*         | **Skip** this step if you are using Private Endpoint to connect to data sources. Use this step if you have these data sources:<ul><li>[Azure Blob Storage](register-scan-azure-blob-storage-source.md#using-a-system-or-user-assigned-managed-identity-for-scanning)</li><li>[Azure Data Lake Storage Gen2](register-scan-adls-gen2.md#using-a-system-or-user-assigned-managed-identity-for-scanning)</li></ul>        |
 |18     |Enable network connectivity to allow AzureServices to access data sources: <br> e.g. Enable "**Allow trusted Microsoft services to access this storage account**".         |*Owner* or *Contributor* at Data source         |Use this step if **Service Endpoint** is used in your data sources. (Don't use this step if Private Endpoint is used)         |
 |19     |Enable **Azure Active Directory Authentication** on **Azure SQL Servers**, **Azure SQL Database Managed Instance** and **Azure Synapse Analytics**          |Azure SQL Server Contributor         |Use this step if you have **Azure SQL DB** or **Azure SQL Database Managed Instance** or **Azure Synapse Analytics** as data source. **Skip** this step if you are using **Private Endpoint** to connect to data sources.         |
 |20     |Grant **Azure Purview MSI** account with **db_datareader** role to Azure SQL databases and Azure SQL Database Managed Instance databases          |Azure SQL Administrator         |Use this step if you have **Azure SQL DB** or **Azure SQL Database Managed Instance** as data source. **Skip** this step if you are using **Private Endpoint** to connect to data sources.         |
 |21     |Grant Azure RBAC **Storage Blob Data Reader** to **Synapse SQL Server** for staging Storage Accounts         |Owner or User Access Administrator at data source         |Use this step if you have **Azure Synapse Analytics** as data sources. **Skip** this step if you are using Private Endpoint to connect to data sources.        |
 |22     |Grant Azure RBAC **Reader** role to **Azure Purview MSI** at **Synapse workspace** resources         |Owner or User Access Administrator at data source        |Use this step if you have **Azure Synapse Analytics** as data sources. **Skip** this step if you are using Private Endpoint to connect to data sources.         |
 |23     |Grant Azure **Purview MSI account** with **db_datareader** role         |Azure SQL Administrator         |Use this step if you have **Azure Synapse Analytics (Dedicated SQL databases)**. <br> **Skip** this step if you are using **Private Endpoint** to connect to data sources.         |
 |24     |Grant **Azure Purview MSI** account with **sysadmin** role         |Azure SQL Administrator         |Use this step if you have Azure Synapse Analytics (Serverless SQL databases). **Skip** this step if you are using **Private Endpoint** to connect to data sources.         |
-|25    |Create an app registration or service principal inside your Azure Active Directory tenant | Azure Active Directory *Global Administrator* or *Application Administrator* | Use this step if you're planning to perform an scan on a data source using Delegated Auth or [Service Principal](create-service-principal-azure.md).|
+|25    |Create an app registration or service principal inside your Azure Active Directory tenant | Azure Active Directory *Global Administrator* or *Application Administrator* | Use this step if you're planning to perform a scan on a data source using Delegated Auth or [Service Principal](create-service-principal-azure.md).|
 |26     |Create an **Azure Key Vault** and a **Secret** to save data source credentials or service principal secret.         |*Contributor* or *Key Vault Administrator*          |Use this step if you have **on-premises** or **VM-based data sources** (e.g. SQL Server). <br> Use this step are using **ingestion private endpoints** to scan a data source.         |
 |27     |Grant Key **Vault Access Policy** to Azure Purview MSI: **Secret: get/list**         |*Key Vault Administrator*         |Use this step if you have **on-premises** / **VM-based data sources** (e.g. SQL Server) <br> Use this step if **Key Vault Permission Model** is set to [Vault Access Policy](../key-vault/general/assign-access-policy.md).         |
 |28     |Grant **Key Vault RBAC role** Key Vault Secrets User to Azure Purview MSI.        | *Owner* or *User Access Administrator*      |Use this step if you have **on-premises** or **VM-based data sources** (e.g. SQL Server) <br> Use this step if **Key Vault Permission Model** is set to [Azure role-based access control](../key-vault/general/rbac-guide.md).         |
-|29     | Create a new connection to Azure Key Vault from Azure Purview Studio | *Data source admin*    | Use this step if you are planing to use any of the following authentication options to scan a data source in Azure Purview: <ul><li>Account key</li><li>Basic Authentication</li><li>Delegated Auth</li><li>SQL Authentication</li><li>Service Principal</li><li>Consumer Key</li></ul> 
-|30     |Deploy a private endpoint for Power BI tenant         |*Power BI Administrator* <br> *Network contributor*          |Use this step if you're planning to register a Power BI tenant as data source and your Azure Purview Purview account is set to **deny public access**. <br> For more information, see [How to configure private endpoints for accessing Power BI](/power-bi/enterprise/service-security-private-links).        |
+|29     | Create a new connection to Azure Key Vault from Azure Purview Studio | *Data source admin*    | Use this step if you are planing to use any of the following [authentication options](manage-credentials.md#create-a-new-credential) to scan a data source in Azure Purview: <ul><li>Account key</li><li>Basic Authentication</li><li>Delegated Auth</li><li>SQL Authentication</li><li>Service Principal</li><li>Consumer Key</li></ul> 
+|30     |Deploy a private endpoint for Power BI tenant         |*Power BI Administrator* <br> *Network contributor*          |Use this step if you're planning to register a Power BI tenant as data source and your Azure Purview account is set to **deny public access**. <br> For more information, see [How to configure private endpoints for accessing Power BI](/power-bi/enterprise/service-security-private-links).        |
 |31     |Connect Azure Data Factory to Azure Purview from Azure Data Factory Portal.  **Manage** -> **Azure Purview**. Select **Connect to a Purview account**. <br> Validate if Azure resource tag **catalogUri** exists in ADF Azure resource.         |Azure Data Factory Contributor / Data curator          |Use this step if you have **Azure Data Factory**.         |
-|32     |Verify if you have at least one **Microsoft 365 required license** in your Azure Active Directory tenant to use sensitivity labels in Azure Purview.         |Azure Active Directory *Global Reader*         |Perform this step if you're planning  in extending **Sensitivity Labels from Microsoft 365 to Azure Purview** <br>         |
+|32     |Verify if you have at least one **Microsoft 365 required license** in your Azure Active Directory tenant to use sensitivity labels in Azure Purview.         |Azure Active Directory *Global Reader*         |Perform this step if you're planning in extending **Sensitivity Labels from Microsoft 365 to Azure Purview** <br>  For more information, see [licensing requirements to use sensitivity labels on files and database columns in Azure Purview](sensitivity-labels-frequently-asked-questions.yml)       |
 |33     |Consent "**Extend labeling to assets in Azure Purview**"         |Compliance Administrator <br> Azure Information Protection Administrator          |Use this step if you are interested in extending Sensitivity Labels from Microsoft 365 to Azure Purview. <br> Use this step if you are interested in extending **Sensitivity Labels** from Microsoft 365 to Azure Purview.         |
 |34     |Create new collections and assign roles in Azure Purview         |*Collection admin*         | [Create a collection and assign permissions in Azure Purview](/quickstart-create-collection.md).       |
 |36     |Register and scan Data Sources in Azure Purview          |*Data Source admin* <br> *Data Reader* or *Data Curator*         | For more information, see [supported data sources and file types](azure-purview-connector-overview.md)        |
 |35     |Grant access to data roles in the organization          |*Collection admin*          |Provide access to other teams to use Azure Purview: <ul><li> Data curator</li><li>Data reader</li><li>Collection admin</li><li>Data source admin</li><li>Policy Author</li><li>Workflow admin</li></ul> <br> For more information, see [Access control in Azure Purview](catalog-permissions.md).      |
 
 ## Next steps
--  [Review Azure Purview deployment best practices](./deployment-best-practices.md)
+-  [Review Azure Purview deployment best practices](./deployment-best-practices.md)