final edits

ktoliver · ktoliver · commit ca70faddfdb1 · 2024-02-13T14:02:14.000-07:00
diff --git a/articles/sentinel/sap/configure-snc.md b/articles/sentinel/sap/configure-snc.md
@@ -96,7 +96,7 @@ To associate the certificate with a user account:
 
     ![Screenshot that shows how to create a new entry in the USERACLEXT table.](./media/configure-snc/usraclext-new-entry.png)
 
-1. For **User**, enter the user's username. For **SNC Name**, enter the user's certificate subject name prefixed with **p:**. Select **Save**.
+1. For **User**, enter the user's username. For **SNC Name**, enter the user's certificate subject name prefixed with **p:**, and then select **Save**.
 
     ![Screenshot that shows how to create a new user in USERACLEXT table.](./media/configure-snc/usraclext-new-user.png)
 
@@ -132,11 +132,11 @@ To map ABAP service provider users to external user IDs:
 
 1. In **Determine Work Area: Entry**, select the **DN** ID type for **Work Area**.
 
-1. Enter these details:
+1. Enter the following values:
 
-    - **External ID**: **CN=Sentinel**, **C=US**
-    - **Seq. No**: **000**
-    - **User**: **SENTINEL**
+    - For **External ID**, enter **CN=Sentinel**, **C=US**.
+    - For **Seq. No**, enter **000**.
+    - For **User**, enter **SENTINEL**.
 
 1. Select **Save**, and then select **Enter**.
 
@@ -149,17 +149,17 @@ To map ABAP service provider users to external user IDs:
 
 To set up the container:
 
-1. Transfer the *libsapcrypto.so* and *sapgenpse* files to the target system where the container will be created.
+1. Transfer the *libsapcrypto.so* and *sapgenpse* files to the system where the container will be created.
 
-1. Transfer the client certificate (both private and public keys) to the target system where the container will be created.
+1. Transfer the client certificate (both private and public keys) to the system where the container will be created.
 
     The client certificate and key can be in *.p12*, *.pfx*, or Base64 *.crt* and *.key* format.
 
-1. Transfer the server certificate (public key only) to the target system where the container will be created.
+1. Transfer the server certificate (public key only) to the system where the container will be created.
 
     The server certificate must be in Base64 *.crt* format.
 
-1. If the client certificate was issued by an enterprise certification authority, transfer the issuing CA and root CA certificates to the target system where the container will be created.
+1. If the client certificate was issued by an enterprise certification authority, transfer the issuing CA and root CA certificates to the system where the container will be created.
 
 1. Get the kickstart script from the Microsoft Sentinel GitHub repository:
 
@@ -190,7 +190,7 @@ To set up the container:
     --client-key <path to client certificate private key> \
     ```
 
-    If the client certificate is in *.pfx* or *.p12* format:
+    If the client certificate is in *.pfx* or *.p12* format, use these switches:
 
     ```bash
     --client-pfx <pfx filename>
diff --git a/articles/sentinel/sap/cross-workspace.md b/articles/sentinel/sap/cross-workspace.md
@@ -35,18 +35,19 @@ Your organization's SAP team has technical knowledge that's critical to successf
 
 There are two possible scenarios for SOC and SAP team collaboration, depending on your organization's needs:
 
-Scenario 1: **SAP data and SOC data reside in separate workspaces**. Both teams can see the SAP data by using [cross-workspace queries](#scenario-1-sap-data-and-soc-data-is-in-separate-workspaces).
-Scenario 2: **SAP data is kept in the SOC workspace**. The SAP team can query the data by using [resource context queries](#scenario-2-sap-data-is-kept-in-the-soc-workspace).
+- Scenario 1: **SAP data and SOC data maintained in separate workspaces**. Both teams can see the SAP data by using [cross-workspace queries](#scenario-1-sap-data-and-soc-data-maintained-in-separate-workspaces).
 
-## Scenario 1: SAP data and SOC data is in separate workspaces
+- Scenario 2: **SAP data kept only in the SOC workspace**. The SAP team can query the data by using [resource context queries](#scenario-2-sap-data-kept-only-in-the-soc-workspace).
 
-In this scenario, the SAP team and the SOC team have separate Microsoft Sentinel workspaces.
+## Scenario 1: SAP data and SOC data maintained in separate workspaces
+
+In this scenario, the SAP team and the SOC team have separate Microsoft Sentinel workspaces where team data is kept.
 
 :::image type="content" source="media/cross-workspace/sap-cross-workspace-separate.png" alt-text="Diagram that shows working with the Microsoft Sentinel solution for SAP applications in separate workspaces for SAP and SOC data." border="false":::
 
 When your organization [deploys the Microsoft Sentinel solution for SAP applications](deploy-sap-security-content.md#deploy-the-microsoft-sentinel-solution-for-sap-applications-from-the-content-hub), each team specifies its SAP workspace.
 
-A common practice is to provide some or all SOC team members with the Sentinel Reader role on the SAP workspace.
+A common practice is to provide some or all SOC team members with the Sentinel Reader role for the SAP workspace.
 
 Creating separate workspaces for the SAP and SOC data has these benefits:
 
@@ -60,7 +61,7 @@ Creating separate workspaces for the SAP and SOC data has these benefits:
 - There's no additional charge for ingestion fees, because data is ingested only once into Microsoft Sentinel. However, each workspace has its own [pricing tier](../design-your-workspace-architecture.md#step-5-collecting-any-non-soc-data).
 - The SOC can see and investigate SAP incidents. If the SAP team faces an event that it can't explain by using existing data, the team can assign the incident to the SOC.
 
-This table maps the access of data and features for the SAP and SOC teams in this scenario.
+The following table maps the access of data and features for the SAP and SOC teams in this scenario:
 
 |Function  |SOC team  |SAP team  |
 |---------|---------|---------|
@@ -70,11 +71,11 @@ This table maps the access of data and features for the SAP and SOC teams in thi
 
 <sup>1</sup> The SOC team can see these functions in both workspaces. The SAP team can see these functions only in the SAP workspace.
 
-## Scenario 2: SAP data is kept in the SOC workspace
+## Scenario 2: SAP data kept only in the SOC workspace
 
 In this scenario, you want to keep all the data in one workspace and to apply access controls. You can do this by using Log Analytics in Azure Monitor to [manage access to data by resource](../resource-context-rbac.md). You can also associate SAP resources with an Azure resource ID by specifying the required `azure_resource_id` field in the [connector configuration section](reference-systemconfig.md#connector-configuration-section) on the data collector that you use to ingest data from the SAP system into Microsoft Sentinel.
 
-:::image type="content" source="media/cross-workspace/sap-cross-workspace-combined.png" alt-text="Diagram that shows working with the Microsoft Sentinel solution for SAP applications by using the same workspace for the SAP and SOC data." border="false":::
+:::image type="content" source="media/cross-workspace/sap-cross-workspace-combined.png" alt-text="Diagram that shows how to work with the Microsoft Sentinel solution for SAP applications by using the same workspace for SAP and SOC data." border="false":::
 
 After the data collector agent is configured with the correct resource ID, the SAP team can access the specific SAP data in the SOC workspace by using a resource-scoped query. The SAP team can't read any of the other, non-SAP data types.
 
diff --git a/articles/sentinel/sap/deploy-sap-btp-solution.md b/articles/sentinel/sap/deploy-sap-btp-solution.md
@@ -1,5 +1,5 @@
 ---
-title: Deploy Microsoft Sentinel Solution for SAP BTP
+title: Deploy Microsoft Sentinel solution for SAP BTP
 description: Learn how to deploy the Microsoft Sentinel solution for SAP Business Technology Platform (BTP) system.
 author: batamig
 ms.author: bagol
@@ -9,12 +9,12 @@ ms.date: 03/30/2023
 # customer intent: As an SAP admin, I want to know how to deploy the Microsoft Sentinel solution for SAP BTP so that I can plan a deployment.
 ---
 
-# Deploy the Microsoft Sentinel solution forSAP BTP
+# Deploy the Microsoft Sentinel solution for SAP BTP
 
-This article describes how to deploy the Microsoft Sentinel solution forSAP Business Technology Platform (BTP) system. The Microsoft Sentinel solution forSAP BTP monitors and protects your SAP BTP system. It collects audit logs and activity logs from the BTP infrastructure and BTP-based apps, and then detects threats, suspicious activities, illegitimate activities, and more. [Read more about the solution](sap-btp-solution-overview.md).
+This article describes how to deploy the Microsoft Sentinel solution for SAP Business Technology Platform (BTP) system. The Microsoft Sentinel solution for SAP BTP monitors and protects your SAP BTP system. It collects audit logs and activity logs from the BTP infrastructure and BTP-based apps, and then detects threats, suspicious activities, illegitimate activities, and more. [Read more about the solution](sap-btp-solution-overview.md).
 
 > [!IMPORTANT]
-> The Microsoft Sentinel solution forSAP BTP solution is currently in preview. The [Azure Preview Supplemental Terms](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
+> The Microsoft Sentinel solution for SAP BTP solution is currently in preview. The [Azure Preview Supplemental Terms](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
 
 ## Prerequisites
 
@@ -64,12 +64,12 @@ To set up the BTP account and the solution:
 
 1. Select **Create**.
 
-    :::image type="content" source="./media/deploy-sap-btp-solution/sap-btp-create-solution.png" alt-text="Screenshot that shows how to create the Microsoft Sentinel Solution  for SAP BTP." lightbox="./media/deploy-sap-btp-solution/sap-btp-create-solution.png":::
+    :::image type="content" source="./media/deploy-sap-btp-solution/sap-btp-create-solution.png" alt-text="Screenshot that shows how to create the Microsoft Sentinel solution  for SAP BTP." lightbox="./media/deploy-sap-btp-solution/sap-btp-create-solution.png":::
 
 1. Select the resource group and the Microsoft Sentinel workspace in which to deploy the solution.
 1. Select **Next** until you pass validation, and then select **Create**.
 1. When the solution deployment is finished, return to your Microsoft Sentinel workspace and select **Data connectors**.
-1. In the search bar, type *BTP*, and then select **SAP BTP (using Azure Function)**.
+1. In the search bar, enter **BTP**, and then select **SAP BTP (using Azure Function)**.
 1. Select **Open connector page**.
 1. On the connector page, make sure that you meet the required prerequisites and complete the configuration steps. In step 2 of the data connector configuration, specify the parameters that you defined in step 4 in this section.
 
@@ -87,11 +87,11 @@ To set up the BTP account and the solution:
 
 ## Consider your account auditing configurations
 
-Consider your global account and subaccount auditing configurations.
+The final step in the deployment process is to consider your global account and subaccount auditing configurations.
 
 ### Global account auditing configuration
 
-When you enable audit log retrieval in the BTP cockpit for the global account: If the subaccount for which you want to entitle the Audit Log Management Service is under a directory, you must entitle the service at the directory level first. Only then can you can entitle the service at the subaccount level.
+When you enable audit log retrieval in the BTP cockpit for the global account: If the subaccount for which you want to entitle the Audit Log Management Service is under a directory, you must entitle the service at the directory level first. Only then can you entitle the service at the subaccount level.
 
 ### Subaccount auditing configuration
 
@@ -101,7 +101,7 @@ The API documentation describes how to enable the audit log retrieval by using t
 
 You also can retrieve the logs via the UI:
 
-1. In your subaccount in Service Marketplace, create an instance of **Audit Log Management Service**.
+1. In your subaccount in SAP Service Marketplace, create an instance of **Audit Log Management Service**.
 1. In the new instance, create a service key.
 1. View the service key and retrieve the required parameters from step 4 of the configuration instructions in the data connector UI (**url**, **uaa.url**, **uaa.clientid**, and **uaa.clientsecret**).
 
diff --git a/articles/sentinel/sap/deploy-sap-security-content.md b/articles/sentinel/sap/deploy-sap-security-content.md
@@ -67,34 +67,35 @@ To deploy SAP solution security content:
 
 1. To start the solution deployment wizard, select **Create**, and then enter the details of the Azure subscription and resource group.
 
-1. For the **Deployment target workspace**, select the Log Analytics workspace (the one that Microsoft Sentinel uses) where you want to deploy the solution.
+1. For the **Deployment target workspace**, select the Log Analytics workspace (the one that Microsoft Sentinel uses) where you want to deploy the solution.<a id="multi-workspace"></a>
 
-<a id="multi-workspace"></a>
+1. If you want to [work with the Microsoft Sentinel solution for SAP applications in multiple workspaces](cross-workspace.md) (preview), select **Some of the data is on a different workspace**, and then do the following steps:
 
-1. If you want to [work with the Microsoft Sentinel solution for SAP applications across multiple workspaces](cross-workspace.md) (preview), select **Some of the data is on a different workspace**, and then do the following steps:
-    1. Under **Configure the workspace where the SOC data resides in**, select the SOC subscription and workspace.
-    1. Under **Configure the workspace where the SAP data resides in**, select the SAP subscription and workspace.
+   1. Under **Configure the workspace where the SOC data resides in**, select the SOC subscription and workspace.
 
-    For example:
+   1. Under **Configure the workspace where the SAP data resides in**, select the SAP subscription and workspace.
 
-    :::image type="content" source="./media/deploy-sap-security-content/sap-multi-workspace.png" alt-text="Screenshot that shows how to configure the Microsoft Sentinel solution for SAP applications to work across multiple workspaces.":::
+   For example:
 
-    > [!Note]
-    > If you want the SAP and SOC data to be kept on the same workspace with no additional access controls, do not select **Some of the data is on a different workspace**. If you want the SOC and SAP data to be kept on the same workspace, but to apply additional access controls, review [this scenario](cross-workspace.md#scenario-2-sap-data-is-kept-in-the-soc-workspace).
+   :::image type="content" source="./media/deploy-sap-security-content/sap-multi-workspace.png" alt-text="Screenshot that shows how to configure the Microsoft Sentinel solution for SAP applications to work across multiple workspaces.":::
+
+   > [!NOTE]
+   > If you want the SAP and SOC data to be kept on the same workspace with no additional access controls, do not select **Some of the data is on a different workspace**. If you want the SOC and SAP data to be kept on the same workspace, but to apply additional access controls, review [this scenario](cross-workspace.md#scenario-2-sap-data-is-kept-in-the-soc-workspace).
 
 1. Select **Next** to cycle through the **Data Connectors**, **Analytics**, and **Workbooks** tabs, where you can learn about the components that are deployed with this solution.
 
-    For more information, see [Microsoft Sentinel solution for SAP applications: security content reference](sap-solution-security-content.md).
+   For more information, see [Microsoft Sentinel solution for SAP applications: security content reference](sap-solution-security-content.md).
 
 1. On the **Review + create tab** pane, wait for the **Validation Passed** message, and then select **Create** to deploy the solution.
 
-    > [!TIP]
-    > You can also select **Download a template** for a link to deploy the solution as code.
+   > [!TIP]
+   > You can also select **Download a template** for a link to deploy the solution as code.
+
+1. When deployment is finished, to display the newly deployed content:
 
-1. When deployment is finished, to display the newly deployed content, go to:
+    - For the [built-in SAP workbooks](sap-solution-security-content.md#built-in-workbooks), go to **Threat Management** > **Workbooks** > **My workbooks**.
 
-    - **Threat Management** > **Workbooks** > **My workbooks**, to find the [built-in SAP workbooks](sap-solution-security-content.md#built-in-workbooks).
-    - **Configuration** > **Analytics** to find a series of [SAP-related analytics rules](sap-solution-security-content.md#built-in-analytics-rules).
+    - For a series of [SAP-related analytics rules](sap-solution-security-content.md#built-in-analytics-rules), go to **Configuration** > **Analytics**.
 
 1. In Microsoft Sentinel, go to the **Microsoft Sentinel for SAP** data connector to confirm the connection:
 
@@ -104,7 +105,7 @@ To deploy SAP solution security content:
 
     :::image type="content" source="./media/deploy-sap-security-content/sap-logs-in-sentinel.png" alt-text="Screenshot that shows the SAP ABAP logs in the Custom Logs area in Microsoft Sentinel." lightbox="media/deploy-sap-security-content/sap-logs-in-sentinel.png":::
 
-    For more information, see [Microsoft Sentinel solution for SAP® applications solution logs reference](sap-solution-log-reference.md).
+    For more information, see [Microsoft Sentinel solution for SAP applications solution logs reference](sap-solution-log-reference.md).
 
 ## Troubleshoot
 
diff --git a/articles/sentinel/sap/deployment-overview.md b/articles/sentinel/sap/deployment-overview.md
@@ -6,12 +6,12 @@ ms.author: bagol
 ms.topic: conceptual
 ms.date: 06/19/2023
 
-# customer intent: As a business user or decision maker, I want to get an overview of how to deploy the Microsoft Sentinel solution for SAP applications so that I know the extent of what information I need and how to access it.
+# customer intent: As a business user or decision maker, I want to get an overview of how to deploy the Microsoft Sentinel solution for SAP applications so that I know the scope of the information I need and how to access it.
 ---
 
 # Deploy Microsoft Sentinel solution for SAP applications
 
-This article introduces you to the process of deploying the Microsoft Sentinel solution for SAP® applications. The full process is detailed in a set of articles linked under [Deployment milestones](#deployment-milestones).
+This article introduces you to the process of deploying the Microsoft Sentinel solution for SAP applications. The full process is detailed in a set of articles linked under [Deployment milestones](#deployment-milestones).
 
 > [!TIP]
 > Learn how to [monitor the health and role of your SAP systems](../monitor-sap-system-health.md).
@@ -55,7 +55,7 @@ Follow your deployment journey through this series of articles, in which you lea
 
 | Milestone | Article |
 | --------- | ------- |
-| **1. Deployment overview** | **YOU ARE HERE** |
+| **1. Deployment overview** | *YOU ARE HERE* |
 | **2. Plan your architecture** | Learn how to [work with the solution in multiple workspaces](cross-workspace.md) (preview) |
 | **3. Deployment prerequisites** | [Prerequisites for deploying the Microsoft Sentinel solution for SAP](prerequisites-for-deploying-sap-continuous-threat-monitoring.md) |
 | **4. Prepare your SAP environment** | [Deploy SAP change requests and configure authorization](preparing-sap.md) |
