small changes

Author: JnHs

articles/lighthouse/how-to/monitor-delegation-changes.md

@@ -65,7 +65,7 @@ After you've assigned the Monitoring Reader role at root scope to the desired ac
 
 ## View delegation changes in the Azure portal
 
-Users who has been assigned the Monitoring Reader role at root scope can view delegation changes directly in the Azure portal.
+Users who have been assigned the Monitoring Reader role at root scope can view delegation changes directly in the Azure portal.
 
 1. Navigate to the **My customers** page, then select **Activity log** from the left-hand navigation menu.
 1. Ensure that **Directory Activity** is selected in the filter near the top of the screen.

articles/lighthouse/how-to/partner-earned-credit.md

@@ -15,7 +15,7 @@ To earn recognition for Azure Lighthouse activities, you'll need to [link your M
 
 Use the following process to link your partner ID (and enable partner earned credit, if applicable). You'll need to know your [MPN partner ID](/partner-center/partner-center-account-setup#locate-your-mpn-id) to complete these steps. Be sure to use the **Associated MPN ID** shown on your partner profile.
 
-For simplicity, we recommend creating a service principal account in your tenant, linking it to your **Associated MPN ID**, then granting it an [Azure built-in role that is eligible for PEC](/partner-center/azure-roles-perms-pec) to every customer that you onboard .
+For simplicity, we recommend creating a service principal account in your tenant, linking it to your **Associated MPN ID**, then granting it an [Azure built-in role that is eligible for PEC](/partner-center/azure-roles-perms-pec) to every customer that you onboard.
 
 1. [Create a service principal user account](../../active-directory/develop/howto-authenticate-service-principal-powershell.md) in your managing tenant. For this example, we'll use the name *Provider Automation Account* for this service principal account.
 1. Using that service principal account, [link to your Associated MPN ID](../../cost-management-billing/manage/link-partner-id.md#link-to-a-partner-id) in your managing tenant. You only need to do this one time.

articles/lighthouse/how-to/publish-managed-services-offers.md

@@ -48,7 +48,7 @@ Once a customer adds your offer, they will be able to delegate one or more subsc
 
 Once you've completed all of the sections, your next step is to publish the offer. After you initiate the publishing process, your offer will go through several validation and publishing steps. For more information, see [Review and publish an offer to the commercial marketplace](../../marketplace/review-publish-offer.md)
 
-You can [publish an updated version of your offer](../../marketplace/update-existing-offer.md) at any time. For example, you may want to add a new role definition to a previously-published offer. When you do so, customers who have already added the offer will see an icon in the **Service providers** page in the Azure portal that lets them know an update is available. Each customer will be able to [review the changes and update to the new version](view-manage-service-providers.md#update-service-provider-offers).
+You can [publish an updated version of your offer](../../marketplace/update-existing-offer.md) at any time. For example, you may want to add a new role definition to a previously published offer. When you do so, customers who have already added the offer will see an icon in the **Service providers** page in the Azure portal that lets them know an update is available. Each customer will be able to [review the changes and update to the new version](view-manage-service-providers.md#update-service-provider-offers).
 
 ## The customer onboarding process
 

articles/lighthouse/how-to/remove-delegation.md

@@ -1,7 +1,7 @@
 ---
 title: Remove access to a delegation
 description: Learn how to remove access to resources that had been delegated to a service provider for Azure Lighthouse.
-ms.date: 09/08/2021
+ms.date: 06/22/2022
 ms.topic: how-to 
 ms.custom: devx-track-azurepowershell
 ---

articles/lighthouse/how-to/update-delegation.md

@@ -1,7 +1,7 @@
 ---
 title: Update a delegation
 description: Learn how to update a delegation for a customer previously onboarded to Azure Lighthouse.
-ms.date: 09/08/2021
+ms.date: 06/22/2022
 ms.topic: how-to
 ---
 
@@ -14,18 +14,18 @@ After you have onboarded a subscription (or resource group) to Azure Lighthouse,
 
 If you [onboarded your customer through Azure Resource Manager templates (ARM templates)](onboard-customer.md), a new deployment must be performed for that customer. Depending on what you are changing, you may want to update the original offer, or remove the original offer and create a new one.
 
-- **If you are changing authorizations only**: You can update your delegation by changing only the **authorizations** section of the ARM template.
+- **If you are changing authorizations only**: You can update your delegation by changing the **authorizations** section of the ARM template.
 - **If you are changing the managing tenant**: You must create a new ARM template using with a different **mspOfferName** than your previous offer.
 
 ## Update your ARM template
 
 To update your delegation, you will need to deploy an ARM template that includes the changes you'd like to make.
 
-If you are only updating authorizations (such as adding a new user group with a role you hadn't previously included, or changing the role for an existing user), you can use the same **mspOfferName** as in the [ARM template](onboard-customer.md#create-an-azure-resource-manager-template) that you used for the previous delegation. You can use your previous template as a starting point. Then, make the changes you need, such as replacing one Azure built-in role with another, or adding a completely new authorization to the template.
+If you are only updating authorizations (such as adding a new user group with a role you hadn't previously included, or changing the role for an existing user), you can use the same **mspOfferName** as in the [ARM template](onboard-customer.md#create-an-azure-resource-manager-template) that you used for the previous delegation. Use your previous template as a starting point. Then, make the changes you need, such as replacing one Azure built-in role with another, or adding a completely new authorization to the template.
 
 If you change the **mspOfferName**, this will be considered a new, separate offer. This is required if you are changing the managing tenant.
 
-It's not necessary to change the **mspOfferName** if the managing tenant remains the same. In most cases, we recommend having only one **mspOfferName** in use by the same customer and managing tenant. If you choose to change it anyway, be sure that the customer's previous delegation is removed before deploying the new one.
+You don't need to change the **mspOfferName** if the managing tenant remains the same. In most cases, we recommend having only one **mspOfferName** in use by the same customer and managing tenant. If you do choose to create a new **mspOfferName** for your template, be sure that the customer's previous delegation is removed before deploying the new one.
 
 ## Remove the previous delegation
 
@@ -43,7 +43,7 @@ If you are updating the offer to adjust authorizations only, and keeping the sam
 Removing access to the delegation can be done by any user in the managing tenant who was granted the [Managed Services Registration Assignment Delete Role](../../role-based-access-control/built-in-roles.md#managed-services-registration-assignment-delete-role) in the original delegation. If no user in your managing tenant has this role, you can ask the customer to [remove access to the offer in the Azure portal](view-manage-service-providers.md#remove-service-provider-offers).
 
 > [!TIP]
-> If you have removed the previous delegation following the steps above, and are still unable to deploy the new ARM template, you may need to [remove the registration definition completely](/powershell/module/az.managedservices/remove-azmanagedservicesdefinition). This can be done by any user with a role that has the `Microsoft.Authorization/roleAssignments/write` permission, such as [Owner](../../role-based-access-control/built-in-roles.md#owner), in the customer tenant.  
+> If you have removed the previous delegation but are unable to deploy the new ARM template, you may need to [remove the registration definition completely](/powershell/module/az.managedservices/remove-azmanagedservicesdefinition). This can be done by any user with a role that has the `Microsoft.Authorization/roleAssignments/write` permission, such as [Owner](../../role-based-access-control/built-in-roles.md#owner), in the customer tenant.  
 
 ## Deploy the ARM template
 
@@ -53,12 +53,12 @@ After the deployment has been completed, [confirm that it was successful](onboar
 
 ## Updating Managed Service offers
 
-If you onboarded your customer through a Managed Service offer published to Azure Marketplace, and you want to update authorizations, you can do so by [publishing a new version of your offer](../../marketplace/update-existing-offer.md) with the [authorizations](../../marketplace/create-managed-service-offer-plans.md#authorizations) that you want to use updated in the plan for that customer. The customer will then be able to [review the changes in the Azure portal and accept the new version](view-manage-service-providers.md#update-service-provider-offers).
+If you onboarded your customer through a Managed Service offer published to Azure Marketplace, and you want to update authorizations, you can do so by [publishing a new version of your offer](../../marketplace/update-existing-offer.md) with updates to the [authorizations](../../marketplace/create-managed-service-offer-plans.md#authorizations) in the plan for that customer. The customer will then be able to [review the changes in the Azure portal and accept the new version](view-manage-service-providers.md#update-service-provider-offers).
 
 If you want to change the managing tenant, you will need to [create and publish a new Managed Service offer](publish-managed-services-offers.md) for the customer to accept.
 
 > [!IMPORTANT]
-> As mentioned earlier, we recommend that you avoid using multiple offers for the same customer and managing tenant. If you do publish a new offer for the same customer which uses the same managing tenant, be sure that the earlier offer is removed before the customer accepts the newer offer.
+> We recommend that you avoid using multiple offers between the same customer and managing tenant. If you publish a new offer for a current customer that uses the same managing tenant, be sure that the earlier offer is removed before the customer accepts the newer offer.
 
 ## Next steps
 

articles/lighthouse/how-to/view-service-provider-activity.md

@@ -1,39 +1,39 @@
 ---
 title: Monitor service provider activity
 description: Customers can monitor logged activity to see actions performed by service providers through Azure Lighthouse.
-ms.date: 12/16/2021
+ms.date: 06/22/2022
 ms.topic: how-to
 ---
 
 # Monitor service provider activity
 
-Customers who have delegated subscriptions for [Azure Lighthouse](../overview.md) can [view Azure Activity log](../../azure-monitor/essentials/platform-logs-overview.md) data to see all actions taken. This gives customers full visibility into operations that service providers are performing, along with operations done by users within the customer's own Azure Active Directory (Azure AD) tenant.
+Customers who have delegated subscriptions for [Azure Lighthouse](../overview.md) can [view Azure Activity log](../../azure-monitor/essentials/activity-log.md) data to see all actions taken. This gives customers full visibility into operations that service providers are performing, along with operations done by users within the customer's own Azure Active Directory (Azure AD) tenant.
 
 ## View activity log data
 
-You can [view the activity log](../../azure-monitor/essentials/activity-log.md#view-the-activity-log) from the **Monitor** menu in the Azure portal. To limit results to a specific subscription, use the filters to select a specific subscription. You can also [view and retrieve activity log events](../../azure-monitor/essentials/activity-log.md#view-the-activity-log) programmatically.
+You can [view the activity log](../../azure-monitor/essentials/activity-log.md#view-the-activity-log) from the **Monitor** menu in the Azure portal. To limit results to a specific subscription, use the filters to select a specific subscription. You can also [view and retrieve activity log events](../../azure-monitor/essentials/activity-log.md#other-methods-to-retrieve-activity-log-events) programmatically.
 
 > [!NOTE]
 > Users in a service provider's tenant can view activity log results for a delegated subscription in a customer tenant if they were granted the [Reader](../../role-based-access-control/built-in-roles.md#reader) role (or another built-in role which includes Reader access) when that subscription was onboarded to Azure Lighthouse.
 
 In the activity log, you'll see the name of the operation and its status, along with the date and time it was performed. The **Event initiated by** column shows which user performed the operation, whether it was a user in a service provider's tenant acting through Azure Lighthouse, or a user in the customer's own tenant. Note that the name of the user is shown, rather than the tenant or the role that the user has been assigned for that subscription.
 
-Logged activity is available in the Azure portal for the past 90 days. To learn how to store this data for longer than 90 days, see [Collect and analyze Azure activity logs in Log Analytics workspace](../../azure-monitor/essentials/activity-log.md).
-
 > [!NOTE]
 > Users from the service provider appear in the activity log, but these users and their role assignments aren't shown in **Access Control (IAM)** or when retrieving role assignment info via APIs.
 
+Logged activity is available in the Azure portal for the past 90 days. You can also [store this data for a longer period](../../azure-monitor/essentials/activity-log.md#retention-period) if needed.
+
 ## Set alerts for critical operations
 
-To stay aware of critical operations that service providers (or users in your own tenant) are performing, we recommend creating [activity log alerts](../../azure-monitor/alerts/activity-log-alerts.md). For example, you may want to track all administrative actions for a subscription, or be notified when any virtual machine in a particular resource group is deleted. When you create alerts, they will include actions performed by users in the customer's own tenant as well as in any managing tenants.
+To stay aware of critical operations that service providers (or users in your own tenant) are performing, we recommend creating [activity log alerts](../../azure-monitor/alerts/alerts-types.md#activity-log-alerts). For example, you may want to track all administrative actions for a subscription, or be notified when any virtual machine in a particular resource group is deleted. When you create alerts, they'll include actions performed by users in the customer's own tenant as well as in any managing tenants.
 
-For more information, see [Create and manage activity log alerts](../../azure-monitor/alerts/alerts-activity-log.md).
+For more information, see [Create, view, and manage activity log alerts](../../azure-monitor/alerts/alerts-activity-log.md).
 
 ## Create log queries
 
 Log queries can help you analyze your logged activity or focus on specific items. For example, perhaps an audit requires you to report on all administrative-level actions performed on a subscription. You can create a query to filter on only these actions and sort the results by user, date, or another value.
 
-For more information, see [Overview of log queries in Azure Monitor](../../azure-monitor/logs/log-query-overview.md).
+For more information, see [Log queries in Azure Monitor](../../azure-monitor/logs/log-query-overview.md).
 
 ## View user activity across domains