adding new ui steps

Author: batamig

articles/sentinel/sap/deploy-data-connector-agent-container.md

@@ -34,7 +34,7 @@ Content in this article is relevant for your **security**, **infrastructure**, a
 
 :::image type="content" source="media/deployment-steps/deploy-data-connector-agentless.png" alt-text="Diagram of the SAP solution deployment flow, highlighting the Connect your SAP system step." border="false":::
 
-Content in this article is relevant for your **security** team, using information provided by your **SAP BASIS** teams.
+Content in this article is relevant for your **security** team.
 
 :::zone-end
 
@@ -60,11 +60,11 @@ Before you connect your SAP system to Microsoft Sentinel:
 
 :::zone pivot="connection-agentless"
 
-- Make sure that you have the Microsoft Sentinel **SAP Agentless** solution [installed in your Microsoft Sentinel workspace](deploy-sap-security-content.md)
+- Make sure that you have the Microsoft Sentinel **SAP Agentless** solution [installed in your Microsoft Sentinel workspace](deploy-sap-security-content.md) <!--what is this solution's new name?-->
 
 - Make sure that your SAP system is fully [prepared for the deployment](preparing-sap.md).
 
-- Make sure your DCR is configured as described in [Install the solution from the content hub](deploy-sap-security-content.md#install-the-solution-from-the-content-hub).
+<!--removed- Make sure your DCR is configured as described in [Install the solution from the content hub](deploy-sap-security-content.md#install-the-solution-from-the-content-hub).-->
 
 :::zone-end
 
@@ -235,7 +235,7 @@ While deployment is also supported from the command line, we recommend that you
 
 1. In Microsoft Sentinel, select **Configuration > Data connectors**.
 
-1. In the search bar, enter *SAP*. Select **Microsoft Sentinel for SAP** from the search results and then **Open connector page**.
+1. In the search bar, enter *SAP*. Select **Microsoft Sentinel for SAP - agent-based** from the search results and then **Open connector page**.
 
 1. In the **Configuration** area, select **Add new agent (Preview)**.
 
@@ -348,11 +348,11 @@ At this stage, the system's **Health** status is **Pending**. If the agent is up
 
 ## Connect your agentless data connector
 
-1. In Microsoft Sentinel, go to the **Configuration > Data connectors** page and locate the **SAP ABAP and S/4 via cloud connector (Preview)** data connector.
+1. In Microsoft Sentinel, go to the **Configuration > Data connectors** page and locate the **Microsoft Sentinel for SAP - agent-less (Preview) (Preview)** data connector.
 
-1. In the **Configuration** area, under **Connect an SAP integration suite to Microsoft Sentinel**, select **Add connection**.
+1. In the **Configuration** area, scroll down and select **Add SAP client**.
 
-1. In the **Agentless connection** side pane, enter the following details:
+1. In the **Connect to an SAP Client** side pane, enter the following details:
 
     | Field        | Description                      |
     |-------------------------------|---------------------------------------|
@@ -362,11 +362,13 @@ At this stage, the system's **Health** status is **Pending**. If the agent is up
     | **Authorization server URL**  | The *tokenurlurl* value taken from the Process Integration Runtime service key JSON file. For example: `https://your-tenant.authentication.region.hana.ondemand.com/oauth/token` |
     | **Integration Suite Endpoint** | The *url* value taken from the Process Integration Runtime service key JSON file. For example: `https://your-tenant.it-account-rt.cfapps.region.hana.ondemand.com` |
 
+1. Select **Connect**.
+
 ## Customize data connector behavior (optional)
 
 If the agentless data connector's default functionality doesn't fit your organization's needs, customize it using SAP Integration Suite value mapping.
 
-Also, due to database performance issues, ingesting Change Docs logs Sybase isn't supported. We recommend that customers using Sybase turn off ingestion for Change Docs logs in the iflow by configuring the **collect-changedocs-logs** parameter.
+Also, due to database performance issues, ingesting Change Docs logs running on Sybase isn't supported. We recommend that customers using Sybase turn off ingestion for Change Docs logs in the iflow by configuring the **collect-changedocs-logs** parameter.
 
 For more information, see [Customize your SAP agentless data connector for Microsoft Sentinel](configure-agentless.md).
 

articles/sentinel/sap/preparing-sap.md

@@ -19,18 +19,32 @@ zone_pivot_groups: sentinel-sap-connection
 
 This article describes how to prepare your SAP environment for connecting to the SAP data connector. Preparation differs, depending on whether you're using the containerized data connector agent. Select the option at the top of the page that matches your environment.
 
-This article is part of the second step in deploying the Microsoft Sentinel solution for SAP applications.
+:::zone pivot="connection-agent"
+This article is part of the second step in deploying the Microsoft Sentinel solution for SAP applications. 
+
+:::image type="content" source="media/deployment-steps/prepare-sap-environment.png" alt-text="Diagram of the deployment flow for the Microsoft Sentinel solution for SAP applications, with the preparing SAP step highlighted." border="false":::
+
+The procedures in this article are typically performed by your **SAP BASIS** team.
+:::zone-end
+
+:::zone pivot="connection-agentless"
+This article is part of the second step in deploying the Microsoft Sentinel solution for SAP applications. While steps that are performed in Microsoft Sentinel require that the solution be installed first, other preparations in the SAP environment can happen in parallel. <!--need new images across-->
 
 :::image type="content" source="media/deployment-steps/prepare-sap-environment.png" alt-text="Diagram of the deployment flow for the Microsoft Sentinel solution for SAP applications, with the preparing SAP step highlighted." border="false":::
 
-The procedures in this article are typically performed by your **SAP BASIS** team. If you're using the agentless solution, you might also need to involve your **security** team.
+Many of the procedures in this article are typically performed by your **SAP BASIS** team. Some steps include your **security** team too.
+:::zone-end
 
 > [!IMPORTANT]
 > Microsoft Sentinel's agentless data connector for SAP is currently in PREVIEW. The [Azure Preview Supplemental Terms](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
 
 ## Prerequisites
 
 - Before you start, make sure to review the [prerequisites for deploying the Microsoft Sentinel solution for SAP applications](prerequisites-for-deploying-sap-continuous-threat-monitoring.md).
+:::zone pivot="connection-agentless"
+- If you're working with the agentless solution, some steps are performed in Microsoft Sentinel and require that the [solution be installed first](deploy-sap-security-content.md).
+
+:::zone-end
 
 ## Configure the Microsoft Sentinel role
 
@@ -85,11 +99,14 @@ Some installations of SAP systems might not have audit logging enabled by defaul
 
 We recommend that you configure auditing for *all* messages from the audit log, instead of only specific logs. Ingestion cost differences are generally minimal and the data is useful for Microsoft Sentinel detections and in post-compromise investigations and hunting.
 
+:::zone pivot="connection-agentless"
+For full monitoring coverage with the agentless solution, we recommend that you enable monitoring on all client IDs of your monitored SAP systems, including clients 000 and 066.
+:::zone-end
+
 For more information, see the [SAP community](https://community.sap.com/t5/application-development-blog-posts/analysis-and-recommended-settings-of-the-security-audit-log-sm19-rsau/ba-p/13297094) and [Collect SAP HANA audit logs in Microsoft Sentinel](collect-sap-hana-audit-logs.md).
 
 ## Configure your system to use SNC for secure connections
 
-
 By default, the SAP data connector agent connects to an SAP server using a remote function call (RFC) connection and a username and password for authentication.
 
 However, you might need to make the connection on an encrypted channel or use client certificates for authentication. In these cases, use Smart Network Communications (SNC) from SAP to secure your data connections, as described in this section.
@@ -172,6 +189,16 @@ For more information, see [Database Collector in Background Processing](https://
 
 For more information, see the [SAP documentation](https://help.sap.com/docs/integration-suite/sap-integration-suite/initial-setup).
 
+## Perform initial connector configuration
+
+1. In Microsoft Sentinel, go to the **Configuration > Data connectors** page and locate the **Microsoft Sentinel for SAP - agent-less (Preview) (Preview)** data connector.
+
+1. In the **Configuration** area, expand and follow the instructions in the **Initial connector configuration - Run the steps below once:** area. These steps will require a mixture of your Security and SAP BASIS teams.
+
+    If, after you deploy the Azure resources step 1, the values in the steps 2 and 3 aren't automatically populated, close and re-expand step 1 to refresh the values in steps 2 and 3.
+
+1. Scroll further down in the **Configuration** area, and expand and follow the instructions in the **Add monitored SAP Systems - Run the steps below for each monitored SAP system:** area for each SAP system you want to monitor.
+
 ## Configure SAP Cloud Connector settings
 
 1. Install the SAP Cloud Connector. For more information, see the [SAP documentation](https://help.sap.com/docs/connectivity/sap-btp-connectivity-cf/installation).
@@ -216,36 +243,6 @@ For more information, see the [SAP documentation](https://help.sap.com/docs/inte
 
    - **Location**: Only required when you connect multiple Cloud Connectors to the same BTP subaccount.  For more information, see the [SAP Documentation](https://help.sap.com/docs/connectivity/sap-btp-connectivity-cf/parameters-influencing-communication-behavior).
 
-## Configure SAP Integration Suite settings
-
-Create a new OAuth2 client credential to store the connection details for the Microsoft Entra ID app registration that you'd created [earlier](deploy-sap-security-content.md#deployment).
-
-When creating the credential, enter the following details:
-
-- **Name:** `LogIngestionAPI`
-
-- **Token Service URL:** `https://login.microsoftonline.com/<your Microsoft Entra ID tenant ID>/oauth2/v2.0/token`
-
-- **Client ID**: `<your app registration client ID>`
-
-- **Client Authentication**: Send as body parameter
-
-- **Scope**: `https://monitor.azure.com//.default`
-
-- **Content Type**: `application/x-www-form-urlencoded`
-
-## Import and deploy the Microsoft Sentinel solution for SAP package
-
-1. Download the Microsoft Sentinel solution for SAP package from [https://aka.ms/SAPAgentlessPackage](https://aka.ms/SAPAgentlessPackage).
-1. Import the downloaded package to SAP Integration Suite.
-1. Open the Microsoft Sentinel solution for SAP package and browse to the artifacts.
-1. Select **Send security logs to Microsoft - application layer** artifact.
-1. Select **Configure** and then enter your DCR details:
-
-   - **LogsIngestionURL** the Ingestion URL from the DCR's DCE, as saved [earlier](deploy-sap-security-content.md#install-the-solution-from-the-content-hub).
-   - **DCRImmutableId**: The DCR's immutable ID, as saved [earlier](deploy-sap-security-content.md#install-the-solution-from-the-content-hub).
-      
-1. Select **Deploy** to deploy the i-flow using SAP Cloud Integration as the runtime service.
 
 :::zone-end
 

articles/sentinel/sap/prerequisites-for-deploying-sap-continuous-threat-monitoring.md

@@ -91,15 +91,16 @@ Typically, Azure prerequisites are managed by your **security** teams.
 | Prerequisite | Description |Required/optional |
 | ---- | ----------- |----------- |
 | **Permissions to create Azure resources** | You must have: <br><br>- The necessary permissions to deploy solutions from the Microsoft Sentinel content hub. For more information, see [Prerequisites for deploying Microsoft Sentinel solutions](../sentinel-solutions-deploy.md#prerequisites) and [Microsoft Entra built-in roles](/entra/identity/role-based-access-control/permissions-reference#application-administrator). <br>Owner on the Microsoft Sentinel resource group , required for:<br><br>- Creation of data collection rule and data collection endpoint.<br><br>- Monitoring Metrics Publisher role assignment on data collection rule. |Required |
-| **Permissions in** **Microsoft Entra**|You must have permissions in Microsoft Entra ID required to create app registrations. This permission can be obtained through membership of built-in Microsoft Entra ID role:<br><br>- Application Developer.|Required |
+| **Read permissions to shared keys for the workspace** | TBD DESCRIPTION OF THIS. The linked bookmark doesn't go anywhere. For more information, see [Install Log Analytics agent on Windows computers](/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key). | Required |
+| **Permissions in Microsoft Entra**|You must have permissions in Microsoft Entra ID required to create app registrations. This permission can be obtained through membership of built-in Microsoft Entra ID role:<br><br>- Application Developer.|Required |
 
 ## SAP prerequisites for the agentless data connector
 
 We recommend that your **SAP BASIS** team verify and ensure SAP system prerequisites. We strongly recommend that any management of your SAP system is carried out by an experienced SAP system administrator.
 
 | Prerequisite | Description |
 | ---- | ----------- |
-| **Supported SAP versions** | The **Agentless** solution supports SAP NetWeaver systems with [SAP_BASIS versions 750](https://userapps.support.sap.com/sap(bD1kZSZjPTAwMQ==)/support/pam/pam.html?smpsrv=https%3a%2f%2fwebsmp201.sap-ag.de#ts=60&s=netweaver%207.5&o=most_viewed%7Cdesc&st=l&rpp=20&page=1&pvnr=73554900100900000414&pt=g%7Cd) and above. |
+| **Supported SAP versions** | The **Agentless** solution supports SAP NetWeaver systems with [SAP_BASIS versions 750](https://userapps.support.sap.com/sap(bD1kZSZjPTAwMQ==)/support/pam/pam.html?smpsrv=https%3a%2f%2fwebsmp201.sap-ag.de#ts=60&s=netweaver%207.5&o=most_viewed%7Cdesc&st=l&rpp=20&page=1&pvnr=73554900100900000414&pt=g%7Cd) and above. <br><br>Change Docs logs running on Sybase aren't supported. If you're using Sybase, we recommend that you customize your system to turn off ingestion for Change Docs logs. For more information, see [Customize your SAP agentless data connector for Microsoft Sentinel (Preview)](configure-agentless.md).|
 | **SAP environment** | Your SAP environment must have: <br><br> The **RSAU_API_GET_LOG_DATA** function module, remote enabled on your SAP System. For more information, see the [SAP documentation](https://me.sap.com/notes/3054326/E). <br>An SAP BTP Subaccount with following services enabled:  <br>    - SAP Integration Suite <br>- SAP Process Integration Runtime <br>- Cloud Foundry Runtime<br>    For more information, see the [SAP documentation](https://help.sap.com/docs/sap-hana-spatial-services/onboarding/creating-subaccount-on-sap-business-technology-platform-sap-btp ). [Trial accounts](https://developers.sap.com/tutorials/hcp-create-trial-account.html) are supported.<br><br>The [SAP Cloud Connector](https://help.sap.com/docs/connectivity/sap-btp-connectivity-cf/installation?locale=en-US) deployed <br><br>SAP NetWeaver version 7.5 or higher|
 | **SAP roles and permissions** | You must have the following roles in your SAP systems: <br><br>**In SAP NetWeaver 7.5+**: SAP Netweaver Administrator <br><br>**In SAP BTP, all of the following roles**:<br>- Subaccount administrator <br>- Integration Provisioner <br>- PI_Administrator <br>- PI_Integration_Developer <br>- PI_Business_Expert|