Merge pull request #209544 from paulth1/three-agents-articles

edit pass: Three agents articles

Author: ShawnJackson

articles/active-directory/managed-identities-azure-resources/how-to-assign-managed-identity-via-azure-policy.md

@@ -106,4 +106,4 @@ For example, if the policy in this document is updating the managed identities o
 
 ## Next steps
 
-- [Deploy Azure Monitor Agent](../../azure-monitor/agents/azure-monitor-agent-manage.md#using-azure-policy)
+- [Deploy Azure Monitor Agent](../../azure-monitor/agents/azure-monitor-agent-manage.md#use-azure-policy)

articles/automation/troubleshoot/change-tracking.md

@@ -141,7 +141,7 @@ If you don't see your machine in query results, it hasn't recently checked in. T
 
 If your machine shows up in the query results, verify the scope configuration. See [Targeting monitoring solutions in Azure Monitor](../../azure-monitor/insights/solution-targeting.md).
 
-For more troubleshooting of this issue, see [Issue: You are not seeing any Linux data](../../azure-monitor/agents/agent-linux-troubleshoot.md#issue-you-are-not-seeing-any-linux-data).
+For more troubleshooting of this issue, see [Issue: You are not seeing any Linux data](../../azure-monitor/agents/agent-linux-troubleshoot.md#issue-you-arent-seeing-any-linux-data).
 
 ##### Log Analytics agent for Linux not configured correctly
 

articles/azure-monitor/agents/agent-linux-troubleshoot.md

@@ -127,4 +127,4 @@ If the query returns results, then you need to determine if a particular data ty
     |---------|-------|------------|
     |8000 |HealthService |This event will specify if a workflow related to  performance, event, or other data type collected is unable to forward to the service for ingestion to the workspace. | Event ID 2136 from source HealthService is written together with this event and can indicate the agent is unable to communicate with the service, possibly due to misconfiguration of the proxy and authentication settings, network outage, or the network firewall/proxy does not allow TCP traffic from the computer to the service.| 
     |10102 and 10103 |Health Service Modules |Workflow could not resolve data source. |This can occur if the specified performance counter or instance does not exist on the computer or is incorrectly defined in the workspace data settings. If this is a user-specified [performance counter](data-sources-performance-counters.md#configuring-performance-counters), verify the information specified is following the correct format and exists on the target computers. |
-    |26002 |Health Service Modules |Workflow could not resolve data source. |This can occur if the specified Windows event log does not exist on the computer. This error can be safely ignored if the computer is not expected to have this event log registered, otherwise if this is a user-specified [event log](data-sources-windows-events.md#configuring-windows-event-logs), verify the information specified is correct. |
+    |26002 |Health Service Modules |Workflow could not resolve data source. |This can occur if the specified Windows event log does not exist on the computer. This error can be safely ignored if the computer is not expected to have this event log registered, otherwise if this is a user-specified [event log](data-sources-windows-events.md#configure-windows-event-logs), verify the information specified is correct. |

articles/azure-monitor/agents/agent-windows-troubleshoot.md

@@ -1,44 +1,46 @@
 ---
 title: Collect Windows event log data sources with Log Analytics agent in Azure Monitor
-description: Describes how to configure the collection of Windows Event logs by Azure Monitor and details of the records they create.
+description: The article describes how to configure the collection of Windows event logs by Azure Monitor and details of the records they create.
 ms.topic: conceptual
 ms.date: 04/06/2022
 ms.reviewer: luki
 
 ---
 
 # Collect Windows event log data sources with Log Analytics agent
-Windows Event logs are one of the most common [data sources](../agents/agent-data-sources.md) for Log Analytics agents on Windows virtual machines since many applications write to the Windows event log.  You can collect events from standard logs, such as System and Application, and any custom logs created by applications you need to monitor.
 
-![Diagram that shows the Log Analytics agent sending Windows events to the Event table in Azure Monitor.](media/data-sources-windows-events/overview.png)     
+Windows event logs are one of the most common [data sources](../agents/agent-data-sources.md) for Log Analytics agents on Windows virtual machines because many applications write to the Windows event log. You can collect events from standard logs, such as System and Application, and any custom logs created by applications you need to monitor.
+
+![Diagram that shows the Log Analytics agent sending Windows events to the Event table in Azure Monitor.](media/data-sources-windows-events/overview.png)
 
 [!INCLUDE [Log Analytics agent deprecation](../../../includes/log-analytics-agent-deprecation.md)]
 
-## Configuring Windows Event logs
-Configure Windows Event logs from the [Agents configuration menu](../agents/agent-data-sources.md#configuring-data-sources) for the Log Analytics workspace.
+## Configure Windows event logs
 
-Azure Monitor only collects events from the Windows event logs that are specified in the settings.  You can add an event log by typing in the name of the log and clicking **+**.  For each log, only the events with the selected severities are collected.  Check the severities for the particular log that you want to collect.  You can't provide any additional criteria to filter events.
+Configure Windows event logs from the [Agents configuration menu](../agents/agent-data-sources.md#configuring-data-sources) for the Log Analytics workspace.
 
-As you type the name of an event log, Azure Monitor provides suggestions of common event log names. If the log you want to add doesn't appear in the list, you can still add it by typing in the full name of the log. You can find the full name of the log by using event viewer. In event viewer, open the *Properties* page for the log and copy the string from the *Full Name* field.
+Azure Monitor only collects events from Windows event logs that are specified in the settings. You can add an event log by entering the name of the log and selecting **+**. For each log, only the events with the selected severities are collected. Check the severities for the particular log that you want to collect. You can't provide any other criteria to filter events.
 
-[![Screenshot showing the Windows event logs tab on the Agents configuration screen.](media/data-sources-windows-events/configure.png)](media/data-sources-windows-events/configure.png#lightbox)
+As you enter the name of an event log, Azure Monitor provides suggestions of common event log names. If the log you want to add doesn't appear in the list, you can still add it by entering the full name of the log. You can find the full name of the log by using event viewer. In event viewer, open the **Properties** page for the log and copy the string from the **Full Name** field.
 
-> [!IMPORTANT]
-> You can't configure collection of security events from the workspace using Log Analytics agent. You must use [Microsoft Defender for Cloud](../../security-center/security-center-enable-data-collection.md) or [Microsoft Sentinel](../../sentinel/connect-windows-security-events.md) to collect security events. [Azure Monitor agent](azure-monitor-agent-overview.md) can also be used to collect security events.
+[![Screenshot that shows the Windows event logs tab on the Agents configuration screen.](media/data-sources-windows-events/configure.png)](media/data-sources-windows-events/configure.png#lightbox)
 
+> [!IMPORTANT]
+> You can't configure collection of security events from the workspace by using the Log Analytics agent. You must use [Microsoft Defender for Cloud](../../security-center/security-center-enable-data-collection.md) or [Microsoft Sentinel](../../sentinel/connect-windows-security-events.md) to collect security events. The [Azure Monitor agent](azure-monitor-agent-overview.md) can also be used to collect security events.
 
-> [!NOTE]
-> Critical events from the Windows event log will have a severity of "Error" in Azure Monitor Logs.
+Critical events from the Windows event log will have a severity of "Error" in Azure Monitor Logs.
 
 ## Data collection
-Azure Monitor collects each event that matches a selected severity from a monitored event log as the event is created.  The agent records its place in each event log that it collects from.  If the agent goes offline for a while, it collects events from where it last left off, even if those events were created while the agent was offline.  There's a potential for these events to not be collected if the event log wraps with uncollected events being overwritten while the agent is offline.
+
+Azure Monitor collects each event that matches a selected severity from a monitored event log as the event is created. The agent records its place in each event log that it collects from. If the agent goes offline for a while, it collects events from where it last left off, even if those events were created while the agent was offline. There's a potential for these events to not be collected if the event log wraps with uncollected events being overwritten while the agent is offline.
 
 >[!NOTE]
->Azure Monitor does not collect audit events created by SQL Server from source *MSSQLSERVER* with event ID 18453 that contains keywords - *Classic* or *Audit Success* and keyword *0xa0000000000000*.
+>Azure Monitor doesn't collect audit events created by SQL Server from source *MSSQLSERVER* with event ID 18453 that contains keywords *Classic* or *Audit Success* and keyword *0xa0000000000000*.
 >
 
 ## Windows event records properties
-Windows event records have a type of **Event** and have the properties in the following table:
+
+Windows event records have a type of event and have the properties in the following table:
 
 | Property | Description |
 |:--- |:--- |
@@ -50,15 +52,16 @@ Windows event records have a type of **Event** and have the properties in the fo
 | EventLevelName |Severity of the event in text form. |
 | EventLog |Name of the event log that the event was collected from. |
 | ParameterXml |Event parameter values in XML format. |
-| ManagementGroupName |Name of the management group for System Center Operations Manager agents.  For other agents, this value is `AOI-<workspace ID>` |
-| RenderedDescription |Event description with parameter values |
+| ManagementGroupName |Name of the management group for System Center Operations Manager agents. For other agents, this value is `AOI-<workspace ID>`. |
+| RenderedDescription |Event description with parameter values. |
 | Source |Source of the event. |
-| SourceSystem |Type of agent the event was collected from. <br> OpsManager – Windows agent, either direct connect or Operations Manager managed <br> Linux – All Linux agents  <br> AzureStorage – Azure Diagnostics |
+| SourceSystem |Type of agent the event was collected from. <br> OpsManager – Windows agent, either direct connect or Operations Manager managed. <br> Linux – All Linux agents.  <br> AzureStorage – Azure Diagnostics. |
 | TimeGenerated |Date and time the event was created in Windows. |
 | UserName |User name of the account that logged the event. |
 
-## Log queries with Windows Events
-The following table provides different examples of log queries that retrieve Windows Event records.
+## Log queries with Windows events
+
+The following table provides different examples of log queries that retrieve Windows event records.
 
 | Query | Description |
 |:---|:---|
@@ -67,8 +70,8 @@ The following table provides different examples of log queries that retrieve Win
 | Event &#124; summarize count() by Source |Count of Windows events by source. |
 | Event &#124; where EventLevelName == "error" &#124; summarize count() by Source |Count of Windows error events by source. |
 
-
 ## Next steps
+
 * Configure Log Analytics to collect other [data sources](../agents/agent-data-sources.md) for analysis.
-* Learn about [log queries](../logs/log-query-overview.md) to analyze the data collected from data sources and solutions.  
+* Learn about [log queries](../logs/log-query-overview.md) to analyze the data collected from data sources and solutions.
 * Configure [collection of performance counters](data-sources-performance-counters.md) from your Windows agents.

articles/azure-monitor/agents/azure-monitor-agent-manage.md

@@ -25,7 +25,7 @@ The following resources describe different scenarios for creating data collectio
 | Scenario | Resources | Description |
 |:---|:---|:---|
 | Azure Monitor agent | [Configure data collection for the Azure Monitor agent](../agents/data-collection-rule-azure-monitor-agent.md) | Use the Azure portal to create a data collection rule that specifies events and performance counters to collect from a machine with the Azure Monitor agent and then apply that rule to one or more virtual machines. The Azure Monitor agent will be installed on any machines that don't currently have it.  |
-| | [Use Azure Policy to install Azure Monitor agent and associate with DCR](../agents/azure-monitor-agent-manage.md#using-azure-policy) | Use Azure Policy to install the Azure Monitor agent and associate one or more data collection rules with any virtual machines or virtual machine scale sets as they're created in your subscription.
+| | [Use Azure Policy to install Azure Monitor agent and associate with DCR](../agents/azure-monitor-agent-manage.md#use-azure-policy) | Use Azure Policy to install the Azure Monitor agent and associate one or more data collection rules with any virtual machines or virtual machine scale sets as they're created in your subscription.
 | Custom logs | [Configure custom logs using the Azure portal](../logs/tutorial-logs-ingestion-portal.md)<br>[Configure custom logs using Resource Manager templates and REST API](../logs/tutorial-logs-ingestion-api.md) | Send custom data using a REST API. The API call connects to a DCE and specifies a DCR to use. The DCR specifies the target table and potentially includes a transformation that filters and modifies the data before it's stored in a Log Analytics workspace.  |
 | Workspace transformation | [Configure ingestion-time transformations using the Azure portal](../logs/tutorial-workspace-transformations-portal.md)<br>[Configure ingestion-time transformations using Resource Manager templates and REST API](../logs/tutorial-workspace-transformations-api.md) | Create a transformation for any supported table in a Log Analytics workspace. The transformation is defined in a DCR that's then associated with the workspace and applied to any data sent to that table from a legacy workload that doesn't use a DCR. |
 

articles/azure-monitor/agents/data-sources-windows-events.md

@@ -207,7 +207,7 @@ You can also reduce costs by removing performance counters. To learn how to remo
 
 ### Manage Windows Event Logs
 
-Windows Events are unlikely to cause a spike in data ingestion when all hosts are healthy. An unhealthy host can increase the number of events sent to the log, but the information can be critical to fixing the host's issues. We recommend keeping them. To learn more about how to manage Windows Event Logs, see [Configuring Windows Event logs](../azure-monitor/agents/data-sources-windows-events.md#configuring-windows-event-logs).
+Windows Events are unlikely to cause a spike in data ingestion when all hosts are healthy. An unhealthy host can increase the number of events sent to the log, but the information can be critical to fixing the host's issues. We recommend keeping them. To learn more about how to manage Windows Event Logs, see [Configuring Windows Event logs](../azure-monitor/agents/data-sources-windows-events.md#configure-windows-event-logs).
 
 ### Manage diagnostics
 

articles/azure-monitor/essentials/data-collection-rule-overview.md

@@ -224,7 +224,7 @@ The following table lists the required Windows Event Logs for Azure Monitor for
 | Microsoft-FSLogix-Apps/Operational|Error, Warning, and Information|
 |Microsoft-FSLogix-Apps/Admin|Error, Warning, and Information|
 
-To learn more about Windows Event Logs, see [Windows Event records properties](../azure-monitor/agents/data-sources-windows-events.md#configuring-windows-event-logs).
+To learn more about Windows Event Logs, see [Windows Event records properties](../azure-monitor/agents/data-sources-windows-events.md#configure-windows-event-logs).
 
 ## Next steps
 

articles/virtual-desktop/azure-monitor-costs.md

@@ -154,7 +154,7 @@ To set up performance counters using the configuration workbook:
 
 You'll also need to enable specific Windows Event Logs to collect errors, warnings, and information from the session hosts and send them to the Log Analytics workspace.
 
-If you've already enabled Windows Event Logs and want to remove them, follow the instructions in [Configuring Windows Event Logs](../azure-monitor/agents/data-sources-windows-events.md#configuring-windows-event-logs).  You can add and remove Windows Event Logs in the same location.
+If you've already enabled Windows Event Logs and want to remove them, follow the instructions in [Configuring Windows Event Logs](../azure-monitor/agents/data-sources-windows-events.md#configure-windows-event-logs).  You can add and remove Windows Event Logs in the same location.
 
 To set up Windows Event Logs using the configuration workbook: