workbook01

Markus Vilcinskas · Markus Vilcinskas · commit c3d6fe4e4c6c · 2021-11-05T18:26:14.000+01:00
diff --git a/articles/active-directory/reports-monitoring/workbook-conditional-access-gap-analyzer.md b/articles/active-directory/reports-monitoring/workbook-conditional-access-gap-analyzer.md
@@ -58,7 +58,7 @@ The workbook has four sections:
 
 ![Conditional access coverage by location](./media/workbook-conditional-access-gap-analyzer/conditianal-access-by-location.png)
 
-Each of these trends offers a breakdown of sign ins to the user level, so that you can see which users per scenario are bypassing conditional access. 
+Each of these trends offers a breakdown of sign-ins to the user level, so that you can see which users per scenario are bypassing conditional access. 
 
 ## Filters
 
@@ -70,7 +70,7 @@ This workbook supports setting a time range filter.
 
 ## Best practice
 
-You should use this workbook to ensure that your tenant is configured to the following Conditional Access best practices:  
+Use this workbook to ensure that your tenant is configured to the following Conditional Access best practices:  
 
 - Block all legacy authentication sign-ins 
 
diff --git a/articles/active-directory/reports-monitoring/workbook-sensitive-operations-report.md b/articles/active-directory/reports-monitoring/workbook-sensitive-operations-report.md
@@ -61,7 +61,7 @@ This workbook is split into four sections:
 
 ### Modified application and service principal credentials/authentication methods
 
-One of the most common ways for attackers to gain persistence in the environment is by adding new credentials to existing applications and service principals. This allows the attacker to authenticate as the target application or service principal, granting them access to all resources to which it has permissions.
+One of the most common ways for attackers to gain persistence in the environment is by adding new credentials to existing applications and service principals. The credentials allow the attacker to authenticate as the target application or service principal, granting them access to all resources to which it has permissions.
 
 This section includes the following data to help you detect:
 
@@ -90,7 +90,7 @@ This section includes an overview of all changes made to service principal membe
 
 ### Modified federation settings
 
-Another common approach to gaining a long-term foothold in the environment is modifying the tenant’s federated domain trusts and effectively adding an additional, attacker controlled, SAML IDP as a trusted authentication source.
+Another common approach to gain a long-term foothold in the environment is to modify the tenant’s federated domain trusts, and to add an additional, attacker controlled, SAML IDP as a trusted authentication source.
 
 This section includes the following data:
 
