Added screenshot

HeidiSteen · HeidiSteen · commit df5d7f89ecfb · 2022-12-20T18:14:04.000-08:00
diff --git a/articles/search/media/search-security-overview/support-request.png b/articles/search/media/search-security-overview/support-request.png
diff --git a/articles/search/search-manage.md b/articles/search/search-manage.md
@@ -78,33 +78,22 @@ You can also use the management client libraries in the Azure SDKs for .NET, Pyt
 
 ## Data collection and retention
 
-Cognitive Search collects service data for monitoring and troubleshooting purposes.
+Because Azure Cognitive Search is a [monitored resource](/azure/azure-monitor/monitor-reference), you can review the built-in [**activity logs**](/azure/azure-monitor/essentials/activity-log) and [**platform metrics**](/azure/azure-monitor/essentials/data-platform-metrics#types-of-metrics) for insights into service operations. Activity logs and the data used to report on platform metrics are retained for the periods described in the following table.
 
-Platform metrics are found on the portal pages of your service. It includes query latency, queries per second, and queries throttled during indexing. This data is stored on a rolling 93-day cycle, but portal visualization is limited to a 30 day window. Data collection and reporting of these metrics occurs automatically as part of the portal experience and is non-configurable.
+If you opt in for [**resource logging**](/azure/azure-monitor/essentials/resource-logs), you'll specify durable storage over which you'll have full control over data retention and data access through Kusto queries. For more information on how to set up resource logging in Cognitive Search, see [Collect and analyze log data](monitor-azure-cognitive-search.md).
 
-Durable monitoring data is collected when you opt-in for diagnostic logging. When monitoring and diagnostic requirements exceed what the portal provides automatically, you can add [Azure Monitor](../azure-monitor/index.yml) and adopt a supported approach for retaining log data. For more information, see [Collect and analyze log data](monitor-azure-cognitive-search.md).
+Internally, Microsoft collects telemetry data about your service and the platform. It's stored internally in Microsoft data centers and made globally available to Microsoft support engineers when you open a support ticket.
 
-Internally, Microsoft Support collects telemetry data to support your service and the platform. Telemetry data is retained for one and one half years. It's stored internally in Microsoft data centers and made globally available to Microsoft support engineers when you open a support ticket.
+| Monitoring data | Retention |
+|-----------------|-----------|
+| Activity logs | 90 days on a rolling schedule |
+| Platform metrics | 93 days on a rolling schedule, except that portal visualization is limited to a 30 day window |
+| Resource logs | User-managed |
+| Telemetry | One and a half years |
 
-Frequently, customers need specific details about data collection, residency, and retention. Documentation about data privacy and retention can be found in the ["Data residency"](search-security-overview.md#data-residency) section of the security overview.
+> [!NOTE]
+> This section is about monitoring data. For questions about customer data and privacy, see the ["Data residency"](search-security-overview.md#data-residency) section of the security overview article.
 
-<!-- Cognitive Search uses other Azure services for deeper monitoring and management. On the search service itself, the only saved customer data are the structures that support indexing, enrichment, and queries. These data structures include indexes, indexers, data sources, skillsets, and synonym maps. All other saved customer data, including debug session state and caching, is stored in Azure Storage.
-
-Usage metrics (such as query latency and queries per second) are reported out to portal pages. These metrics are pulled from internal logs on a rolling 30-day cycle. Data collection and reporting of these metrics on the portal pages occurs automatically as part of the portal experience. 
-
-If your monitoring and diagnostic requirements exceed what the portal provides, you can add [Azure Monitor](../azure-monitor/index.yml) and adopt a supported approach for retaining log data. For more information about setting up resource logging for a search service, see [Collect and analyze log data](monitor-azure-cognitive-search.md).
-
-Internally, Azure Cognitive Search retains telemetry for a longer period (more than 30 days) so that support engineers can troubleshoot problems on your service. Data retention for telemetry is one and a half years. During that period, support engineers might access and reference this data under these conditions:
-
-* Diagnose an issue, improve a feature, or fix a bug.
-* Proactively suggest to the original customer a workaround or alternative to a problem detected by Microsoft Support.
-
-You can [file a support ticket](/azure/azure-portal/supportability/how-to-create-azure-support-request) to remove object names from the telemetry logs or to shorten the retention period. You should specify the following categories when filing this request:
-
-+ **Issue type**: Technical
-+ **Problem type**: Setup and configuration
-+ **Problem subtype**: Issue with security configuration of the service
- -->
 ## Administrator permissions
 
 When you open the search service overview page, the Azure role assigned to your account determines what portal content is available to you. The overview page at the beginning of the article shows the portal content available to an Owner or Contributor.
diff --git a/articles/search/search-security-overview.md b/articles/search/search-security-overview.md
@@ -160,29 +160,36 @@ In Azure Cognitive Search, Resource Manager is used to create or delete the serv
 
 ## Data residency
 
-When you set up a search service, you choose a location or region that determines where data is stored and processed. Azure Cognitive Search won't store data outside of your specified region unless you configure a feature that has a dependency on another Azure resource, and that resource is provisioned in a different region.
+When you set up a search service, you choose a location or region that determines where customer data is stored and processed. Azure Cognitive Search won't store customer data outside of your specified region unless you configure a feature that has a dependency on another Azure resource, and that resource is provisioned in a different region.
 
-Currently, the only external resource that a search service writes to is Azure Storage. The storage account is one that you provide, and it could be in any region. A search service will write to Azure Storage if you use any of the following features: [enrichment cache](cognitive-search-incremental-indexing-conceptual.md), [debug session](cognitive-search-debug-session.md), [knowledge store](knowledge-store-concept-intro.md). 
+Currently, the only external resource that a search service writes customer data to is Azure Storage. The storage account is one that you provide, and it could be in any region. A search service will write to Azure Storage if you use any of the following features: [enrichment cache](cognitive-search-incremental-indexing-conceptual.md), [debug session](cognitive-search-debug-session.md), [knowledge store](knowledge-store-concept-intro.md). 
 
 ### Exceptions to data residency commitments
 
-Although data isn't stored outside of your region, some elements of customer data are collected during routine service monitoring and retained in telemetry logs for global access by Microsoft support engineers. For a search service, this customer data consists of the *names* of indexes, indexers, data sources, skillsets, containers, and key vault store.
+Although customer data isn't stored outside of your region, the names of user-defined objects are collected during routine service monitoring and retained in telemetry logs for global access by Microsoft support engineers. For a search service, this customer data consists of the names of indexes, indexers, data sources, skillsets, containers, and key vault store.
 
-These names aren't obfuscated in the telemetry logs. If possible, when naming objects, avoid names that convey sensitive information.
+Object names aren't obfuscated in the telemetry logs. If possible, avoid using names that convey sensitive information.
 
 Telemetry logs are retained for one and a half years. During that period, support engineers might access and reference object names under these conditions:
 
 + Diagnose an issue, improve a feature, or fix a bug. In this scenario, data access is internal only, with no third-party access.
 
-+ Proactively suggest to the original customer a workaround or alternative to a problem detected by Microsoft Support. For example, "Based on your usage of the product, consider using `<feature name>` since it would perform better." In this scenario, Microsoft might expose an object name through dashboards visible to the customer.
++ Proactively suggest to the original customer a workaround or alternative. For example, "Based on your usage of the product, consider using `<feature name>` since it would perform better." In this scenario, Microsoft might expose an object name through dashboards visible to the customer.
 
 Upon request, Microsoft can shorten the retention interval or remove references to specific objects in the telemetry logs. Remember that if you request data removal, the trade off is reduced ability to troubleshoot any issues related to the object in question.
 
-To remove references to specific objects, or to change the data retention period, [file a support ticket](/azure/azure-portal/supportability/how-to-create-azure-support-request) for your search service, categorized as follows:
+To remove references to specific objects, or to change the data retention period, [file a support ticket](/azure/azure-portal/supportability/how-to-create-azure-support-request) for your search service.
+
+1. In **Problem details**, tag your request using the following selections:
+
+   + **Issue type**: Technical
+   + **Problem type**: Setup and configuration
+   + **Problem subtype**: Issue with security configuration of the service
+
+1. In **Additional details**, describe the object names you would like removed, or specify the retention period that you require.
+
+   :::image type="content" source="media/search-security-overview/support-request.png" alt-text="First page of the support ticket with issue and problem types selected." border="true":::
 
-+ **Issue type**: Technical
-+ **Problem type**: Setup and configuration
-+ **Problem subtype**: Issue with security configuration of the service
 
 <a name="encryption"></a>
 
