Rephrasing and fixing errors

Author: limwainstein

articles/sentinel/connect-microsoft-purview.md

@@ -10,32 +10,37 @@ ms.author: lwainstein
 
 # Stream data from Microsoft Purview Information Protection to Microsoft Sentinel
 
-This article describes how to stream data from Microsoft Purview Information Protection (formerly Microsoft Information Protection) to Microsoft Sentinel. You can use the data ingested from the Microsoft Purview labeling clients and scanners to track, analyze, report on the data, and use it for compliance purposes. 
+This article describes how to stream data from Microsoft Purview Information Protection (formerly Microsoft Information Protection or MIP) to Microsoft Sentinel. You can use the data ingested from the Microsoft Purview labeling clients and scanners to track, analyze, report on the data, and use it for compliance purposes. 
 
 > [!IMPORTANT]
 > The Microsoft Purview Information Protection connector is currently in PREVIEW. The [Azure Preview Supplemental Terms](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.   
 
 ## Overview 
 
-Auditing and reporting are an important part of the security and compliance strategy for many organizations. With the continued expansion of the technology landscape that has an ever-increasing number of systems, endpoints, operations, and regulations, it becomes even more important to have a comprehensive logging and reporting solution in place.
+Auditing and reporting are an important part of organizations' security and compliance strategy. With the continued expansion of the technology landscape that has an ever-increasing number of systems, endpoints, operations, and regulations, it becomes even more important to have a comprehensive logging and reporting solution in place.
 
 With the Microsoft Purview Information Protection connector, you stream auditing events generated from unified labeling clients and scanners. The data is then emitted to the Microsoft 365 audit log for central reporting in Microsoft Sentinel.
 
 With the connector, you can:
 
-- Track adoption of labels, explore, query and detects events.
-- Monitor labeled and protected documents and emails 
+- Track adoption of labels, explore, query, and detect events.
+- Monitor labeled and protected documents and emails. 
 - Monitor user access to labeled documents and emails, while tracking classification changes. 
-- Gain visibility into activities performed on labels, policies, configurations, files and documents. This helps security teams to identify security breaches, and risk and compliance violations.
+- Gain visibility into activities performed on labels, policies, configurations, files and documents. This helps security teams identify security breaches, and risk and compliance violations.
 - Use the connector data during an audit, to prove that the organization is compliant.
 
-### Schema and API
+### Azure Information Protection connector vs. Microsoft Purview Information Protection connector
 
-If you're currently using the Azure Information Protection connector, note that the Azure Information Protection (AIP) service is undergoing sunsetting. 
+This connector replaces the Azure Information Protection (AIP) data connector. Learn how to [disconnect the AIP connector](#disconnect-the-azure-information-protection-connector).
+
+> [!NOTE]
+> The Azure Information Protection (AIP) data connector uses the AIP audit logs (public preview) feature. As of **March 18, 2022**, we are sunsetting the AIP analytics and audit logs public preview, and moving forward will be using the [Microsoft 365 auditing solution](/microsoft-365/compliance/auditing-solutions-overview). Full retirement is scheduled for **September 30, 2022**.
+>
+> For more information, see [Removed and retired services](/azure/information-protection/removed-sunset-services#azure-information-protection-analytics).
+>
 
 When you enable the Microsoft Purview Information Protection connector, audit logs stream into the standardized 
-`MicrosoftPurviewInformationProtection` table. Data is gathered through the [Office Management API](/office/office-365-management-api/office-365-management-activity-api-schema), which uses a structured schema. The new standardized schema is adjusted to enhance the deprecated schema used by AIP, with more fields and easier access to 
-parameters.
+`MicrosoftPurviewInformationProtection` table. Data is gathered through the [Office Management API](/office/office/office-365-management-api/office-365-management-activity-api-schema), which uses a structured schema. The new standardized schema is adjusted to enhance the deprecated schema used by AIP, with more fields and easier access to parameters.
 
 Review the list of supported [audit log record types and activities](microsoft-purview-record-types-activities.md).
 
@@ -46,7 +51,7 @@ Before you begin, verify that you have:
 - The Microsoft Sentinel solution enabled. 
 - A defined Microsoft Sentinel workspace.
 - A valid license to [Microsoft Purview Information Protection](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance).
-- [Enabled Sensitivity labels for Office](/microsoft-365/compliance/sensitivity-labels-sharepoint-onedrive-files?view=o365-worldwide#use-the-microsoft-purview-compliance-portal-to-enable-support-for-sensitivity-labels) and [enabled auditing](/microsoft-365/compliance/turn-audit-log-search-on-or-off?view=o365-worldwide#use-the-compliance-center-to-turn-on-auditing).
+- [Enabled Sensitivity labels for Office](/microsoft-365/compliance/sensitivity-labels-sharepoint-onedrive-files?view=o365-worldwide#use-the-microsoft-purview-compliance-portal-to-enable-support-for-sensitivity-labels&preserve-view=true) and [enabled auditing](/microsoft-365/compliance/turn-audit-log-search-on-or-off?view=o365-worldwide#use-the-compliance-center-to-turn-on-auditing&preserve-view=true).
 - The Global Administrator or Security Administrator role on the workspace.
 
 ## Set up the connector
@@ -57,7 +62,9 @@ Before you begin, verify that you have:
 1. Below the connector description, select **Open connector page**.
 1. Under **Configuration**, select **Connect**.
 
-    When a connection is established, the **Connect** button changes to **Disconnect**. You are now connected to the Microsoft Purview Information Protection.     
+    When a connection is established, the **Connect** button changes to **Disconnect**. You are now connected to the Microsoft Purview Information Protection. 
+
+Review the list of supported [audit log record types and activities](microsoft-purview-record-types-activities.md). 
 
 ## Disconnect the Azure Information Protection connector
 
@@ -74,9 +81,7 @@ To disconnect the Azure Information Protection connector:
 
 ## Known Issues And Limitations
 
-### Office Management API doesn't obtain a Downgrade Label
-
-- The Office Management API doesn't obtain a Downgrade Label with the names of the labels before and after the downgrade. To retrieve this information, extracting the `labelId` of each label and enrich the results. 
+- The Office Management API doesn't obtain a Downgrade Label with the names of the labels before and after the downgrade. To retrieve this information, extract the `labelId` of each label and enrich the results. 
 
     Here's an example KQL query:
 

articles/sentinel/microsoft-purview-record-types-activities.md

@@ -13,7 +13,7 @@ This article lists supported audit log record types and activities when using th
 
 When you use the [Microsoft Purview Information Protection connector](connect-microsoft-purview.md), you stream audit logs into the  
 `MicrosoftPurviewInformationProtection` standardized table. Data is 
-gathered through the [Office Management API](/office-365-management-api/office-365-management-activity-api-schema), which uses a structured schema. 
+gathered through the [Office Management API](/office/office-365-management-api/office-365-management-activity-api-schema), which uses a structured schema. 
 
 ## Supported audit log record types