edit pass: five-memo-22-09-articles

Author: ShawnJackson

articles/active-directory/standards/memo-22-09-authorization.md

@@ -17,7 +17,7 @@ ms.collection: M365-identity-device-management
 
 # Meet authorization requirements of Memorandum 22-09
 
-This series of articles offers guidance for employing Azure Active Directory (Azure AD) as a centralized identity management system for implementing Zero Trust principles, as described by the US Federal Government's Office of Management and Budget (OMB) [Memorandum M-22-09](https://www.whitehouse.gov/wp-content/uploads/2022/01/M-22-09.pdf).
+This series of articles offers guidance for employing Azure Active Directory (Azure AD) as a centralized identity management system for implementing Zero Trust principles, as described in the US federal government's Office of Management and Budget (OMB) [Memorandum M-22-09](https://www.whitehouse.gov/wp-content/uploads/2022/01/M-22-09.pdf).
 
 The memo requires specific types of enforcement within your multifactor authentication (MFA) policies. Specifically, you must account for device-based controls, role-based controls, attribute-based controls, and privileged access management.
 

articles/active-directory/standards/memo-22-09-meet-identity-requirements.md

@@ -17,9 +17,9 @@ ms.collection: M365-identity-device-management
 
 # Meet identity requirements of Memorandum 22-09 with Azure Active Directory
 
-Executive order [14028, Improving the Nation's Cyber Security](https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity), directs federal agencies on advancing security measures that dramatically reduce the risk of successful cyberattacks against the federal government's digital infrastructure. On January 26, 2022, the [Office of Management and Budget (OMB)](https://www.whitehouse.gov/omb/) released the Federal Zero Trust Strategy [Memorandum M-22-09](https://www.whitehouse.gov/wp-content/uploads/2022/01/M-22-09.pdf) in support of EO 14028. 
+US executive order [14028, Improving the Nation's Cyber Security](https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity), directs federal agencies on advancing security measures that dramatically reduce the risk of successful cyberattacks against the federal government's digital infrastructure. On January 26, 2022, the [Office of Management and Budget (OMB)](https://www.whitehouse.gov/omb/) released the federal Zero Trust strategy in [Memorandum M-22-09](https://www.whitehouse.gov/wp-content/uploads/2022/01/M-22-09.pdf), in support of EO 14028. 
 
-This series of articles offers guidance for employing Azure Active Directory (Azure AD) as a centralized identity management system for implementing Zero Trust principles as described by Memorandum M-22-09. 
+This series of articles offers guidance for employing Azure Active Directory (Azure AD) as a centralized identity management system for implementing Zero Trust principles, as described in Memorandum M-22-09. 
 
 The release of Memorandum 22-09 is designed to support Zero Trust initiatives within federal agencies. It also provides regulatory guidance in supporting federal cybersecurity and data privacy paws. The memo cites the [Department of Defense (DoD) Zero Trust Reference Architecture](https://dodcio.defense.gov/Portals/0/Documents/Library/(U)ZT_RA_v1.1(U)_Mar21.pdf), 
 

articles/active-directory/standards/memo-22-09-multi-factor-authentication.md

@@ -17,7 +17,7 @@ ms.collection: M365-identity-device-management
 
 # Meet multifactor authentication requirements of Memorandum 22-09
 
-This series of articles offers guidance for using Azure Active Directory (Azure AD) as a centralized identity management system for implementing Zero Trust principles, as described by the US Federal Government's Office of Management and Budget (OMB) [Memorandum M-22-09](https://www.whitehouse.gov/wp-content/uploads/2022/01/M-22-09.pdf). 
+This series of articles offers guidance for using Azure Active Directory (Azure AD) as a centralized identity management system for implementing Zero Trust principles, as described in the US federal government's Office of Management and Budget (OMB) [Memorandum M-22-09](https://www.whitehouse.gov/wp-content/uploads/2022/01/M-22-09.pdf). 
 
 The memo requires that all employees use enterprise-managed identities to access applications, and that phishing-resistant multifactor authentication (MFA) protect those personnel from sophisticated online attacks. Phishing is the attempt to obtain and compromise credentials, such as by sending a spoofed email that leads to an inauthentic site.
 

articles/active-directory/standards/memo-22-09-other-areas-zero-trust.md

@@ -17,7 +17,7 @@ ms.collection: M365-identity-device-management
 
 # Other areas of Zero Trust addressed in Memorandum 22-09
 
-This article addresses the identity pillar of Zero Trust principles, as described by the US Federal Government's Office of Management and Budget (OMB) [Memorandum M-22-09](https://www.whitehouse.gov/wp-content/uploads/2022/01/M-22-09.pdf). Some areas of the Zero Trust maturity model cover topics beyond the identity pillar. 
+This article addresses the identity pillar of Zero Trust principles, as described in the US federal government's Office of Management and Budget (OMB) [Memorandum M-22-09](https://www.whitehouse.gov/wp-content/uploads/2022/01/M-22-09.pdf). Some areas of the Zero Trust maturity model cover topics beyond the identity pillar. 
 
 This article addresses the following cross-cutting themes:
 
@@ -30,9 +30,9 @@ This article addresses the following cross-cutting themes:
 ## Visibility
 It's important to monitor your Azure Active Directory (Azure AD) tenant. You must adopt an "assume breach" mindset and meet compliance standards in Memorandum M-22-09 and [Memorandum M-21-31](https://www.whitehouse.gov/wp-content/uploads/2021/M-21-31). Three primary log types are used for security analysis and ingestion:
 
-* [Azure audit logs](../reports-monitoring/concept-audit-logs.md). Used to monitor operational activities of the directory itself, such as creating, deleting, updating objects like users or groups. Also used for making changes to configurations of Azure AD, like modifications to a conditional access policy.
+* [Azure audit logs](../reports-monitoring/concept-audit-logs.md). Used for monitoring operational activities of the directory itself, such as creating, deleting, updating objects like users or groups. Also used for making changes to configurations of Azure AD, like modifications to a conditional access policy.
 
-* [Azure AD sign-in logs](../reports-monitoring/concept-all-sign-ins.md). Used to monitor all sign-in activities associated with users, applications, and service principals. The sign-in logs contain specific categories of sign-ins for easy differentiation:
+* [Azure AD sign-in logs](../reports-monitoring/concept-all-sign-ins.md). Used for monitoring all sign-in activities associated with users, applications, and service principals. The sign-in logs contain specific categories of sign-ins for easy differentiation:
 
    * Interactive sign-ins: Shows user successful and failed sign-ins for failures, the policies that might have been applied, and other relevant metadata.
 
@@ -46,10 +46,11 @@ It's important to monitor your Azure Active Directory (Azure AD) tenant. You mus
 
 Log entries are stored for 7 days in Azure AD free tenants. Tenants with an Azure AD premium license retain log entries for 30 days. 
 
-It's important to ensure that your logs are ingested by a security information and event management (SIEM) tool. Using a SIEM tool allows sign-in and audit events to be correlated with application, infrastructure, data, device, and network logs for a holistic view of your systems. We recommend that you integrate your Azure AD logs with [Microsoft Sentinel](../../sentinel/overview.md) by configuring a connector to ingest your Azure AD tenant logs. 
+It's important to ensure that your logs are ingested by a security information and event management (SIEM) tool. Using a SIEM tool allows sign-in and audit events to be correlated with application, infrastructure, data, device, and network logs for a holistic view of your systems. 
 
-For more information, see [Connect Azure Active Directory to Microsoft Sentinel](../../sentinel/connect-azure-active-directory.md). 
-You can also configure the [diagnostic settings](../reports-monitoring/overview-monitoring.md) on your Azure AD tenant to send the data to either an Azure Storage account, Azure Event Hubs, or a Log Analytics workspace. These storage options allow you to integrate other SIEM tools to collect the data. For more information, see [Plan an Azure Active Directory reporting and monitoring deployment](../reports-monitoring/plan-monitoring-and-reporting.md).
+We recommend that you integrate your Azure AD logs with [Microsoft Sentinel](../../sentinel/overview.md) by configuring a connector to ingest your Azure AD tenant logs. For more information, see [Connect Azure Active Directory to Microsoft Sentinel](../../sentinel/connect-azure-active-directory.md).
+
+You can also configure the [diagnostic settings](../reports-monitoring/overview-monitoring.md) on your Azure AD tenant to send the data to an Azure Storage account, Azure Event Hubs, or a Log Analytics workspace. These storage options allow you to integrate other SIEM tools to collect the data. For more information, see [Plan an Azure Active Directory reporting and monitoring deployment](../reports-monitoring/plan-monitoring-and-reporting.md).
 
 ## Analytics
 
@@ -61,33 +62,30 @@ You can use analytics in the following tools to aggregate information from Azure
 
    * Microsoft Sentinel has [User and Entity Behavior Analytics (UEBA)](../../sentinel/identify-threats-with-entity-behavior-analytics.md). UEBA delivers high-fidelity, actionable intelligence on potential threats that involve user, host, IP address, and application entities. This intelligence enhances events across the enterprise to help detect anomalous behavior in users and systems. 
 
-   * You can use specific analytics rule templates that hunt for threats and alerts found in information in your Azure AD logs. Your security or operation analyst can then triage and remediate threats.
+   * You can use specific analytics rule templates that hunt for threats and alerts found in your Azure AD logs. Your security or operation analyst can then triage and remediate threats.
 
    * Microsoft Sentinel has [workbooks](../../sentinel/top-workbooks.md) that help you visualize multiple Azure AD data sources. These sources include workbooks that show aggregate sign-ins by country, or applications that have the most sign-ins. You can also create or modify existing workbooks to view information or threats in a dashboard to gain insights. 
 
-* [Azure AD usage and insights reports](../reports-monitoring/concept-usage-insights-report.md). These reports show information similar to sentinel workbooks, including which applications have the highest usage or logon trends over a time period. The reports are useful for understanding aggregate trends in your enterprise that might indicate an attack or other events. 
+* [Azure AD usage and insights reports](../reports-monitoring/concept-usage-insights-report.md) show information similar to Azure Sentinel workbooks, including which applications have the highest usage or sign-in trends over a time period. The reports are useful for understanding aggregate trends in your enterprise that might indicate an attack or other events. 
 
 ## Automation and orchestration
 
 Automation is an important aspect of Zero Trust, particularly in remediation of alerts that occur because of threats or security changes in your environment. In Azure AD, automation integrations are possible to help remediate alerts or perform actions that can improve your security posture. Automations are based on information received from monitoring and analytics. 
 
-[Microsoft Graph API](../develop/microsoft-graph-intro.md) REST calls are the most common way to programmatically access Azure AD. This API-based access requires an Azure AD identity with the necessary authorizations and scope. 
-
-With the Graph API, you can integrate Microsoft's and other tools. We recommend that you set up an Azure function or an Azure logic app to use a [system-assigned managed identity](../managed-identities-azure-resources/overview.md). Your logic app or function contains the steps or code necessary to automate the desired actions. 
+[Microsoft Graph API](../develop/microsoft-graph-intro.md) REST calls are the most common way to programmatically access Azure AD. This API-based access requires an Azure AD identity with the necessary authorizations and scope. With the Graph API, you can integrate Microsoft's and other tools. Follow the principles outlined in this article when you're performing the integration. 
 
-You assign permissions to the managed identity to grant the service principal the necessary directory permissions to perform the required actions. Grant managed identities only the minimum rights necessary. 
-
-With the Graph API, you can integrate partner tools. Follow the principles outlined in this article when you're performing the integration. 
+We recommend that you set up an Azure function or an Azure logic app to use a [system-assigned managed identity](../managed-identities-azure-resources/overview.md). Your logic app or function contains the steps or code necessary to automate the desired actions. You assign permissions to the managed identity to grant the service principal the necessary directory permissions to perform the required actions. Grant managed identities only the minimum rights necessary. 
 
 Another automation integration point is [Azure AD PowerShell](/powershell/azure/active-directory/overview?view=azureadps-2.0) modules. PowerShell is a useful automation tool for administrators and IT integrators who are performing common tasks or configurations in Azure AD. PowerShell can also be incorporated into Azure functions or Azure Automation runbooks. 
 
 ## Governance
 
-It's important that you understand and document clear processes for how you intend to operate your Azure AD environment. Azure AD has several features that allow for governance-like functionality to be applied to scopes within Azure AD. Consider the following guidance to help with governance via Azure AD:
+It's important that you understand and document clear processes for how you intend to operate your Azure AD environment. Azure AD has features that allow for governance-like functionality to be applied to scopes within Azure AD. Consider the following guidance to help with governance via Azure AD:
 
 * [Azure Active Directory governance operations reference guide](../fundamentals/active-directory-ops-guide-govern.md). 
-* [Azure Active Directory security operations guide](../fundamentals/security-operations-introduction.md) can help you secure your operations and understand how security and governance overlap.
-* After you understand operational governance, you can use [governance features](../governance/identity-governance-overview.md) to implement portions of your governance controls. These include features mentioned in [Meet authorization requirements of Memo 22-09](memo-22-09-authorization.md). 
+* [Azure Active Directory security operations guide](../fundamentals/security-operations-introduction.md). It can help you secure your operations and understand how security and governance overlap.
+
+After you understand operational governance, you can use [governance features](../governance/identity-governance-overview.md) to implement portions of your governance controls. These include features mentioned in [Meet authorization requirements of Memo 22-09](memo-22-09-authorization.md). 
 
 
 ## Next steps